Play interactive tour

Edit tour

Analysis Report https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01

Overview

General Information

Sample URL:	https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01
Analysis ID:	339276
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Classification

Startup

System is w10x64

iexplore.exe (PID: 7036 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 7092 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7036 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Brown[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://chimneystudent.com/Dawn/Brown/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 302494.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Brown[1].htm, type: DROPPED

Phishing site detected (based on logo template match)

Show sources

Source: https://chimneystudent.com/Dawn/Brown/

Matcher: Template: microsoft matched

Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Number of links: 0
Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Number of links: 0

Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Title: Sign in to Outlook does not match URL

Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Invalid link: Forgot my password
Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: Invalid link: Forgot my password

Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: No <meta name="author".. found
Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: No <meta name="author".. found

Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: No <meta name="copyright".. found
Source: https://chimneystudent.com/Dawn/Brown/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.205:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.205:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49781 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: app.box.com

Source: preview[1].js.2.dr	String found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
Source: login-1b220e0913[1].css.2.dr	String found in binary or memory: http://cssreset.com
Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: preview[1].js.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: core.min[1].js.2.dr	String found in binary or memory: http://rock.mit-license.org
Source: login-1b220e0913[1].css.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: preview[1].js.2.dr	String found in binary or memory: http://www.box.com)
Source: login-1b220e0913[1].css.2.dr	String found in binary or memory: http://yuilibrary.com/license/
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p
Source: imagestore.dat.2.dr, Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343
Source: Brown[1].htm.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://account.box.co
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://account.box.cof59992hq0o3230yh4ysvn4wry4ishg01
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.c.com/Dawn/Brown/#rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992h
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.c.com/Dawn/Brown/rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992hq
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.cRoot
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.cm/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01Root
Source: {F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://app.box.cpp.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01
Source: launch-54b165b09013.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/6055abd7bbba/292d6a5f4786/launch-54b165b09013.js
Source: AppMeasurement.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.js
Source: AppMeasurement_Module_ActivityMap.min[1].js.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_Acti
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png
Source: login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml
Source: login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png
Source: login[1].htm.2.dr, imagestore.dat.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
Source: login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png
Source: login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/enduser/app.8f4ad58129.css
Source: messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)
Source: messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)
Source: f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/webapp_assets/login/css/login-1b220e0913.css
Source: login[1].htm.2.dr	String found in binary or memory: https://cdn01.boxcdn.net/webapp_assets/login/js/login-bae14bec79.min.js
Source: Brown[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://chimneystudent.com/Dawn/Brown/
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://chimneystudent.com/Dawn/Brown/#rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://chimneystudent.com/Dawn/Brown/$Sign
Source: ES%20ROBBINS[1].pdf.2.dr	String found in binary or memory: https://chimneystudent.com/Dawn/Brown/)
Source: ~DFCD1A8EDAA1551B78.TMP.1.dr	String found in binary or memory: https://chimneystudent.com/Dawn/Brown/rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4i
Source: Brown[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: login[1].htm.2.dr	String found in binary or memory: https://community.box.com
Source: preview[1].js.2.dr	String found in binary or memory: https://feross.org
Source: preview[1].js.2.dr	String found in binary or memory: https://github.com/derek-watson/jsUri
Source: core.min[1].js.2.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: preview[1].js.2.dr	String found in binary or memory: https://support.box.com
Source: login[1].htm.2.dr	String found in binary or memory: https://www.box.com/blog
Source: login[1].htm.2.dr	String found in binary or memory: https://www.box.com/home
Source: login[1].htm.2.dr	String found in binary or memory: https://www.box.com/pricing

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 15.237.76.117:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.205:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.49.228.205:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.4:49781 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@3/80@12/7

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F52BBC2D-55CD-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFA3BE48DC535D6904.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7036 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7036 CREDAT:17410 /prefetch:2

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://chimneystudent.com/Dawn/Brown/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://chimneystudent.com/Dawn/Brown/$Sign	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico	0%	Avira URL Cloud	safe
https://chimneystudent.com/Dawn/Brown/#rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/webapp_assets/login/js/login-bae14bec79.min.js	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/webapp_assets/login/css/login-1b220e0913.css	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/enduser/app.8f4ad58129.css	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png	0%	Avira URL Cloud	safe
http://jedwatson.github.io/classnames	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://account.box.co	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://app.box.cRoot	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)	0%	Avira URL Cloud	safe
https://chimneystudent.com/Dawn/Brown/)	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343	0%	Avira URL Cloud	safe
https://account.box.cof59992hq0o3230yh4ysvn4wry4ishg01	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json	0%	Avira URL Cloud	safe
https://app.box.cm/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png	0%	Avira URL Cloud	safe
https://chimneystudent.com/Dawn/Brown/rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4i	0%	Avira URL Cloud	safe
http://www.box.com)	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p	0%	Avira URL Cloud	safe
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chimneystudent.com	69.49.228.205	true	false	unknown
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	unknown
api.box.com	185.235.236.197	true	false	high
public.boxcloud.com	185.235.236.200	true	false	high
cdnjs.cloudflare.com	104.16.18.94	true	false	high
account.box.com	185.235.236.197	true	false	high
app.box.com	185.235.236.201	true	false	high
boxinc.sc.omtrdc.net	15.237.76.117	true	false	unknown
code.jquery.com	unknown	unknown	false	high
assets.adobedtm.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
cdn01.boxcdn.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01	false		high
https://chimneystudent.com/Dawn/Brown/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	font-awesome[1].css.2.dr	false		high
https://assets.adobedtm.com/6055abd7bbba/292d6a5f4786/launch-54b165b09013.js	launch-54b165b09013.min[1].js.2.dr	false		high
https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01	~DFCD1A8EDAA1551B78.TMP.1.dr	false		high
https://chimneystudent.com/Dawn/Brown/$Sign	~DFCD1A8EDAA1551B78.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://chimneystudent.com/Dawn/Brown/	~DFCD1A8EDAA1551B78.TMP.1.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://chimneystudent.com/Dawn/Brown/#rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4	~DFCD1A8EDAA1551B78.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://community.box.com	login[1].htm.2.dr	false		high
https://www.box.com/pricing	login[1].htm.2.dr	false		high
https://github.com/zloirock/core-js	core.min[1].js.2.dr	false		high
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.js	AppMeasurement.min[1].js.2.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)	messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/webapp_assets/login/js/login-bae14bec79.min.js	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png	login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.box.com/blog	login[1].htm.2.dr	false		high
http://yuilibrary.com/license/	login-1b220e0913[1].css.2.dr	false		high
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)	messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/webapp_assets/login/css/login-1b220e0913.css	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://app.box.c.com/Dawn/Brown/#rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992h	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/enduser/app.8f4ad58129.css	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_96f69d0cefd8a8ba623a182c351ccc64.png	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://jedwatson.github.io/classnames	preview[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	login-1b220e0913[1].css.2.dr	false		high
http://cssreset.com	login-1b220e0913[1].css.2.dr	false		high
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png	login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	Brown[1].htm.2.dr	false		high
https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01Root	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://app.box.cpp.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_Acti	AppMeasurement_Module_ActivityMap.min[1].js.2.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	imagestore.dat.2.dr, Brown[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://account.box.co	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	Brown[1].htm.2.dr	false		high
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://app.box.c.com/Dawn/Brown/rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992hq	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false		high
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png	login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://app.box.cRoot	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)	messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://chimneystudent.com/Dawn/Brown/)	ES%20ROBBINS[1].pdf.2.dr	true	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.s	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.box.com/home	login[1].htm.2.dr	false		high
http://fontawesome.io/license	font-awesome[1].css.2.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://blog.stevenlevithan.com/archives/parseuri	preview[1].js.2.dr	false		high
https://feross.org	preview[1].js.2.dr	false		high
https://github.com/derek-watson/jsUri	preview[1].js.2.dr	false		high
https://account.box.cof59992hq0o3230yh4ysvn4wry4ishg01	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://support.box.com	preview[1].js.2.dr	false		high
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://rock.mit-license.org	core.min[1].js.2.dr	false		high
https://app.box.cm/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3pp.box.com/s/f59992	{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png	f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)	messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png	login[1].htm.2.dr, imagestore.dat.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://chimneystudent.com/Dawn/Brown/rl=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4i	~DFCD1A8EDAA1551B78.TMP.1.dr	true	Avira URL Cloud: safe	unknown
http://www.box.com)	preview[1].js.2.dr	false	Avira URL Cloud: safe	low
https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png	login[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://account.box.com/login?redirect_url=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry	~DFCD1A8EDAA1551B78.TMP.1.dr	false		high
https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_5bc252567ef56db648207d9c36a9d004.p	Brown[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico	login[1].htm.2.dr, f59992hq0o3230yh4ysvn4wry4ishg01[1].htm.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
185.235.236.200	unknown	Germany	33011	BOXNETUS	false
185.235.236.197	unknown	Germany	33011	BOXNETUS	false
69.49.228.205	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
185.235.236.201	unknown	Germany	33011	BOXNETUS	false
152.199.23.37	unknown	United States	15133	EDGECASTUS	false
15.237.76.117	unknown	United States	16509	AMAZON-02US	false
104.16.18.94	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339276
Start date:	13.01.2021
Start time:	19:33:39
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@3/80@12/7
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://chimneystudent.com/Dawn/Brown/
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.147.198.201, 88.221.62.148, 104.42.151.234, 104.16.74.20, 104.18.103.56, 51.104.139.180, 23.210.248.45, 209.197.3.24, 92.122.213.247, 92.122.213.194, 152.199.19.161, 52.155.217.156, 20.54.26.129, 8.248.139.254, 67.27.159.254, 8.253.95.121, 67.26.75.254, 67.26.139.254 Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, cn-assets.adobedtm.com.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, ie9comview.vo.msecnd.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, aadcdnoriginneu.azureedge.net, ctldl.windowsupdate.com, aadcdnoriginneu.ec.azureedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, e7808.dscg.akamaiedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cdn01.boxcdn.net.cdn.cloudflare.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. VT rate limit hit for: https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\app.box[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2599
Entropy (8bit):	5.047089900307125
Encrypted:	false
SSDEEP:	48:+pIEaPMEaPMEaPMEaeMEaeMEaedMMEae1MEae1w9rMEae1MEaemMEaexMEaeZl:8GaazzzdMz1z1oz1zmzxzZl
MD5:	5078C74F8887A7FF8B071A8033277340
SHA1:	EA1F42C0566721D8448B0F2BE3494411A998C063
SHA-256:	D664A5FD0D0E1A14912F58A82B4E156EB091E4D123D0196223F520DD483DF12F
SHA-512:	26D76F7D9C94428BB309B4DED5D87B1595C526C5D6109676F4773A6C6A51B7BDFCA5FB0F464FFBED56BE731BBF15F98DF10797D01945716AAAF1E8D75D9B839A
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root><root></root><root><item name="key" value="value" ltime="3116999344" htime="30861786" /></root><root></root><root></root><root></root><root></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3137119344" htime="30861786" /></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3137119344" htime="30861786" /></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3137119344" htime="30861786" /></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3163159344" htime="30861786" /></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3163159344" htime="30861786" /></root><root><item name="localStore/0/bcu-uploads-reachability-cached-results" value="{}" ltime="3163159344" htime="30861786" /><item name="bp-doc-current-page-map" value="{"76

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\account.box[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	135
Entropy (8bit):	4.695192817640191
Encrypted:	false
SSDEEP:	3:D90aK1ryRtFwsnObemKmlULF0VqHlJR3xUTdeWHRJAqSRf8KaKb:JFK1rUFjgemKm6GVqHlJR3STdJHIFzb
MD5:	E4A692103591E625FD81DF334CBD826A
SHA1:	620B63F2549C9FDB890CCC877DDF274D4FC5B3E1
SHA-256:	3CF19367FF00257DAE269F725C9F524BF1B23AEEE03D07046C6F3D1C9541FC38
SHA-512:	5E75BAEA3AB1A6259E4D438BA38DF57EFEBD996BA5C51DC98E3822C5B38AD97E97A7C28A73927C07C7931DCBE44FDA086BA6318DE0501B11881271EA588C701E
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="com.adobe.reactor.dataElementCookiesMigrated" value="true" ltime="3316889344" htime="30861786" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F52BBC2D-55CD-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8589590959204292
Encrypted:	false
SSDEEP:	192:rYZ7Zc2y9WdtI2if6B2f2zM02X2B/2t2D22sfQB2G2jX:rYtryUnS74V65
MD5:	61EAF9691E332058132A0C6157B93A9B
SHA1:	99118B0557C2D8B51B4220FB76C9C98CF1F1E9AE
SHA-256:	46F39C6ADD58AFF597CCEDBDB7B6F91ED1DD14ACEEAE1536C1F249256E840E3C
SHA-512:	F3861D7804A8669C93275982521F0A3DCDEA562B6F3B2F03922FB169A28AC0D1F5CDF6F9ADA757A8E70EE1FD42E54DD9B7DE4D7ACF8568B51C6F005A400DD34E
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F52BBC2F-55CD-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	71602
Entropy (8bit):	2.379228960930878
Encrypted:	false
SSDEEP:	384:r6+Z5ohA8LlQ1q1k51l8hlYYe3f4Ivqf1paK/je244wtI:4Q46NdE
MD5:	F99B3732F9978A43FD2AE6BC953F0757
SHA1:	5319DA36E75B4DA1CE6A3A2BB51F7A62F66FBF4C
SHA-256:	E94E77E8B276152A015CC477A85ADC1811D6B84909F92DE19BECA2562CEF2535
SHA-512:	DD9B9FD925F93FF48737D592AF8B0F66CE972C2679215D5E101CB438F578DC40C21F7D840E62F164163F3F133E85498681D8725D5551662305B9767E60EFF311
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBBFBA5F-55CD-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5659353976072605
Encrypted:	false
SSDEEP:	48:IwPGcpraGwpagG4pQEGrapbS3rGQpKtG7HpRysTGIpG:rFZCQA6SBS3FAMTy4A
MD5:	6FDFBCB8D817D16C7F0B177E973110B3
SHA1:	126E9936949D7DB59BA80969E05FA52DC24D9B1B
SHA-256:	ABF15586A8DB5745DFB7AD4DAFE1DF416AAE7DEFEE5A1A710749FEC8EE9D2AF6
SHA-512:	E9E6B46F371F084CBA08215C0098FB7A63AA70F4902D65B32E51686B89149FD0C4616C5742D961255A4910D5A2268470DAC0BA9AE77DFC590FD8B1A60D58990A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	19835
Entropy (8bit):	3.6307088997288504
Encrypted:	false
SSDEEP:	48:1mF2C2djvA3bc9ENhkb7J5KJ5XJ5/J5Ygyyyyyyyyyyyyy/J5KSJ5/QQQQQd:kQvA3QENhkbt477Qz9QQQQQd
MD5:	E21CAF09CB6E070C93996ECC80A96F04
SHA1:	E6A1DFAF3CB64440240BFA6F055C1D21DE96D8D2
SHA-256:	D93F7097A5FEE13C2FB850237910D6E6B50549EB5FEE4ECC52AEC7202CAE2558
SHA-512:	36E587FDD0CD150BC6EEFA783060632A5A65BCCB2BAC09A08A2158D3F9E6DFBBB50A920075EA536FAA21950A5CE01D62C5A207116936F4B902DD098FBFA4C85A
Malicious:	false
Reputation:	low
Preview:	F.h.t.t.p.s.:././.c.d.n.0.1...b.o.x.c.d.n...n.e.t./._.a.s.s.e.t.s./.i.m.g./.f.a.v.i.c.o.n.s./.f.a.v.i.c.o.n.-.3.2.x.3.2.-.V.w.W.3.7.b...p.n.g......PNG........IHDR... ... .....D.......gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....PLTE....a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..`.._.H..w...i....../~......2..._.1~..d..n..`..m..f..c..a....................!u..^."u............g...j......q.E....G.......................F......................g.,{.......U.....A...h..r............... u..h.:.....e.............b...]..j.......q.....}.....n.G...........b...d..v..r.. t....+{.i..z..\........z.......h..&x.@.......$w.c.....y........a...n.D.........t........a..p...j..%w.f...E...e..h.V.......=..Q..e../}...?...b..p.Y....tRNS... 78.-.....).....6...&..W.w....IDAT8.c```dbfa..X........\.X.../.##.#;..N .. .!....10..S .. *.O..(.+7>...)...@V^AQ...%e.9..T..5d!f..bW.....#+#....''...T&.o.W`hdlbjfnaiemckg....,....&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\53_8b36337037cff88c3df203bb73d58e41[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5139
Entropy (8bit):	7.865234009830226
Encrypted:	false
SSDEEP:	96:oX2DsRVNYc82nTGTirCPqKO1gDPFjDiwK3aM5yO/bUlVV6JKo5N9jIMw7RLW1ZHb:ofRgc82nTprQsgDNDP7QgVVoH9+kMK9
MD5:	8B36337037CFF88C3DF203BB73D58E41
SHA1:	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
SHA-256:	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
SHA-512:	97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
Preview:	.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Brown[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	116336
Entropy (8bit):	5.3816220537602755
Encrypted:	false
SSDEEP:	1536:Yhuhw+ExmazA/PWrF7qvEAFiQcpmNtuhPyJRp7xvnXE1Esns8lR:Yt4wyJjZnXE1Esns8H
MD5:	3752C84E2D4118729A264E7629A62E88
SHA1:	22C6C7C155B63E6F566BF554406A5F0780C3F800
SHA-256:	94860511EBE34294BA25E9D70248BA9855B1743CF7CB88796605494C130582D5
SHA-512:	BFCBFC34FD403CD7CBE119C697E1D71AF7F83E83C2BAD190852502C2CEC0669D117AAFB824BB0422667DAEC66D819F7FC40205AFB94C09CB4376572972CAEE03
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Brown[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://chimneystudent.com/Dawn/Brown/
Preview:	<html dir="ltr" lang="en">.. <meta charset="utf-8">.. <link href="https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico" rel="shortcut icon">.. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css" integrity="sha256-NuCn4IvuZXdBaFKJOAcsU2Q3ZpwbdFisd5dux4jkQ5w=" crossorigin="anonymous">.. <style>... html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ES%20ROBBINS[1].pdf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PDF document, version 1.6
Category:	downloaded
Size (bytes):	126701
Entropy (8bit):	7.691486652322808
Encrypted:	false
SSDEEP:	3072:ccC/d9Xh/ZlteVefdDAIFLs6P8VL77wfU4V1Kl3Hii8:7GltVXL58VLX0rOCi8
MD5:	753BD1F36337B4085A263DFDDD922E61
SHA1:	E486681A5E87C50DC9B49FBC6604825C0E65E658
SHA-256:	8CCA444F29407041719B41B960E9B040C2FFCF6A425CEC74CE128C231BE9B284
SHA-512:	B22104323EA6A2DA3067379619A3A112EDAEA362DED9B8CF2367F047D6089D7BBF507ECCA815BBF66419538DEB5FDD87D3119488A3B6B7273755F6E8FDC1B9A9
Malicious:	false
Reputation:	low
IE Cache URL:	https://public.boxcloud.com/api/2.0/files/763456168941/content?preview=true&version=814588737541&access_token=1!VKkB9PLYmytchdzAX0fd0Kd4RYzg6flhi-8gRyAf1M0a4RXcHXzT_RkUCFW4m3yvuGWNfBIscqt06Vx1Gpcu594LQGi-FOAyJfAVxAMHLkK02X3MaQNO0hRetcH7RrXFMq3RWrEOdC03HJ2BjRioCjg7MOuHbtHRMzWh12nifHsFL5BPtaGTru-J-JdAwPmjJqre7M63wzHP5x3qUHrP1N53_ja45wgi2M2dxXn8EecpZBWjWu6bgv1btmmBBD_Wv8saoH4jqMjrApKeDk21RCDEl2_2ctKb3yVgMSA5-LZP1QTyMQhdU0tLlGIrY-JqILESfeOx8vTWv4gGLjWGjynbQQNJRz7Yzw37sVG6wJtHNVYOD32Bb3U3n_bbFSkZMvIQxPvstrLzGFnIqRCqtS5T8N9BR3lUeczrXCr4I_1nziOAxN5Q_iThJFYIwlawJ1ZEya1wP1c2MPMpOxQfwg4_c_bvBMkvYkKkFJmsXv6C7t4kea1iQrGb_v90uXO3L-FyiuO7VNx3MLHCR1P5c-ofbyEtidjsJ4p8B67uhFN0uH2RmJWdPGVNfWsFPuI.&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4ishg01&box_client_name=box-content-preview&box_client_version=2.61.0&encoding=gzip
Preview:	%PDF-1.6.%......12 0 obj.<</Linearized 1/L 121596/O 14/E 117045/N 1/T 121294/H [ 519 189]>>.endobj. .33 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<5456EF336601E7B4FD1BC437B7D72182><81F0FB8071BF4658924B5BD5FD426E88>]/Index[12 49]/Info 11 0 R/Length 105/Prev 121295/Root 13 0 R/Size 61/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``.."....\|....DJX.E"A$k...!CA$....."...i......B....f.U.M~.$..n....;10..0.$...t............m.endstream.endobj.startxref.0.%%EOF. .60 0 obj.<</Filter/FlateDecode/I 125/Length 103/S 38/V 103>>stream..h.b``.f``.e```<.........A.IL....B......?a`a.....!#..,F].PF..3FNF)...1....c<Q.5...8....o!..........&.endstream.endobj.13 0 obj.<</AcroForm 34 0 R/Metadata 2 0 R/Pages 10 0 R/Type/Catalog>>.endobj.14 0 obj.<</BleedBox[0 7.8299813 595.5 850.07996]/Contents 15 0 R/CropBox[0 7.8299813 595.5 850.07996]/MediaBox[0 7.8299813 595.5 850.07996]/Parent 10 0 R/Resources<</ExtGState<</GS0 35 0 R/GS1 36 0 R>>/Font<</C0_0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\app.3caae0bb80[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1359024
Entropy (8bit):	5.444597719854545
Encrypted:	false
SSDEEP:	24576:pKccx9Vdggwac+Yf/LVQRL70RcKgmFudvomN82M0arMo/PUObHBshTptG5jJWK9D:phcx9Vdggwac+uTVQRL70RcKgmFudvo7
MD5:	51C67DB8B1D7AB44CC195AF49A7C66A2
SHA1:	CE6F64290EEB0619162D8A8BD635C67C2988E423
SHA-256:	D0C2B02F0D4852810D52265097EAF00D317667621CFC0B432F1E67C271E10F8C
SHA-512:	B844597C37EDCD8E771B76EFC04F388D3E8F815EF0E86FF233E7B1A81B108996DF44A9FBBB91FC6C5696BA22E06F54CEFD11F84634C2726E0993295550CB1FE8
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/app.3caae0bb80.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["app"],{"+4HFvFfEZ0":function(e,t,n){"use strict";var r=n("q1tIBJhxTW"),o=n("1En/ASmD05"),a=n("4Whi4X5bOd");function i(){return(i=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e}).apply(this,arguments)}t.a=function(e){return r.createElement(a.a,i({width:16,height:16,viewBox:"0 0 16 16"},e),r.createElement("path",{fill:o.bdlGray50,fillRule:"evenodd",d:"M14.119 3.176a.5.5 0 01.815.574l-.053.074-5.055 5.95a.502.502 0 01-.597.127l-.083-.05-3.553-2.649-3.703 4.611a.501.501 0 01-.628.127l-.075-.05a.501.501 0 01-.127-.628l.05-.075L5.116 6.2a.5.5 0 01.614-.134l.074.046 3.563 2.656 4.752-5.592z"}))}},"+5Szpi0raq":function(e,t,n){"use strict";var r=n("q1tIBJhxTW"),o=n("1En/ASmD05"),a=n("4Whi4X5bOd");function i(){return(i=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ellipsis_635a63d500a92a0b8497cdc58d0f66b1[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	900
Entropy (8bit):	3.8081778439799248
Encrypted:	false
SSDEEP:	24:t4CvnAVRHf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0UFl:fn+1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	635A63D500A92A0B8497CDC58D0F66B1
SHA1:	A32EBA4B4D139E8DA52C5801A13C1EE222B2B882
SHA-256:	61D7CCC5D2C41BF86BE6CEFB0063405067849BA64E9F219F60596EF09A54A942
SHA-512:	EFFE15E105FC5FA853E76917B533AAE6C75EBA9A256049FB5EAB88BBF319D63A4CE4AE3743A09D6A5F474B01649D6EDC5C8BCCC61B8CA9EA9E5C39E7AE724C16
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\f59992hq0o3230yh4ysvn4wry4ishg01[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	9231
Entropy (8bit):	5.286654374609509
Encrypted:	false
SSDEEP:	192:G8eHxkAYOA7lkZkrjyBuDoPql3+z6GUBfo1eM7cB2cjjvpDB7Ey4fVCvh:G8gxkAVApkZkrjyBuDoP+3+z6GUHBvjt
MD5:	9616A01B8EE908E8418753E701E8144D
SHA1:	02130A4619C66C4495E032608C4B047CAD12CE01
SHA-256:	F78287C393C6F21C358D6A2DFECCCECF1B630B85A81334E2DB6329CF4616B61A
SHA-512:	8D2FB210FCE7CA8B6BD93ECD3219710C1960CB2F3418B27996F54A882B9BB1BE001DF6D5896488013668FB5B5E9D01E12533B82D2DFD7DA6EEE83769C9379206
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html lang="en-US" data-resin-client="web"><head><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="robots" content="noindex, nofollow"><title>Box</title> <link rel="stylesheet" href="https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css"> <link rel="stylesheet" href="https://cdn01.boxcdn.net/enduser/app.8f4ad58129.css"> <link rel="apple-touch-icon" sizes="57x57" href="https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png">.<link rel="apple-touch-icon" sizes="60x60" href="https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png">.<link rel="apple-touch-icon" sizes="72x72" href="https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png">.<link rel="apple-touch-icon" sizes="76x76" href="https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png">.<link rel="apple-touch-icon" sizes="114x114" href=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\font-awesome[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	37414
Entropy (8bit):	4.82325822639402
Encrypted:	false
SSDEEP:	768:mmMtI+A4CSIDqvnI+YTBrFPvVrJjhiRAiiEL:mXtI+A4GDUI+Y9rpVljhiIEL
MD5:	C495654869785BC3DF60216616814AD1
SHA1:	0140952C64E3F2B74EF64E050F2FE86EAB6624C8
SHA-256:	36E0A7E08BEE65774168528938072C536437669C1B7458AC77976EC788E4439C
SHA-512:	E40F27C1D30E5AB4B3DB47C3B2373381489D50147C9623D853E5B299364FD65998F46E8E73B1E566FD79E97AA7B20354CD3C8C79F15372C147FED9C913FFB106
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). /./ FONT PATH. * -------------------------- /.@font-face {. font-family: 'FontAwesome';. src: url('../fonts/fontawesome-webfont.eot?v=4.7.0');. src: url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'), url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'), url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'), url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'), url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');. font-weight: normal;. font-style: normal;.}..fa {. display: inline-block;. font: normal normal normal 14px/1 FontAwesome;. font-size: inherit;. text-rendering: auto;. -webkit-font-smoothing: antialiased;. -moz-osx-font-smoothing: grayscale;.}./ makes the font 33% larger relative to the icon container */..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery-3.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pdf.worker.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	770438
Entropy (8bit):	5.63651891023521
Encrypted:	false
SSDEEP:	12288:/B8HgJ+hAaAZ9KBbYRhv1vxjvkcZjuMl68DXX:/B8AsqaA7KBE31vxwEuMl68Dn
MD5:	8F43F3A32DF23400F995137BD39B3E96
SHA1:	9F368C68F4788C9565EDEA054541683CB6791E3F
SHA-256:	1DFAD8C9B4B4981418A528C29A316683E17C222C0D27348264627C57580D2F37
SHA-512:	6000022D4694690E17324F449F090B49000BC7D043C81D6291DE595D98DB3D1FBA060A673A104DF12F71C05D1576861E39272FA14CF525AF172DF4EF58011AD0
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/third-party/doc/2.16.0/pdf.worker.min.js
Preview:	(function(q,g){"object"===typeof exports&&"object"===typeof module?module.exports=g():"function"===typeof define&&define.amd?define("pdfjs-dist/build/pdf.worker",[],g):"object"===typeof exports?exports["pdfjs-dist/build/pdf.worker"]=g():q["pdfjs-dist/build/pdf.worker"]=q.pdfjsWorker=g()})(this,function(){return function(q){function g(a){if(c[a])return c[a].exports;var w=c[a]={i:a,l:!1,exports:{}};q[a].call(w.exports,w,w.exports,g);w.l=!0;return w.exports}var c={};g.m=q;g.c=c;g.d=function(a,c,b){g.o(a,.c)\|\|Object.defineProperty(a,c,{enumerable:!0,get:b})};g.r=function(a){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(a,Symbol.toStringTag,{value:"Module"});Object.defineProperty(a,"__esModule",{value:!0})};g.t=function(a,c){c&1&&(a=g(a));if(c&8\|\|c&4&&"object"===typeof a&&a&&a.__esModule)return a;var b=Object.create(null);g.r(b);Object.defineProperty(b,"default",{enumerable:!0,value:a});if(c&2&&"string"!=typeof a)for(var l in a)g.d(b,l,function(b){return a[b]}.bind(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\preview-components~shared-file.ff88431f84[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	192
Entropy (8bit):	4.777419992372014
Encrypted:	false
SSDEEP:	3:1t7EqFxF5MWTL3CEmElEWXanQ6LXsEWXanQ6LXnEDTfjKBF4UARpyEQ+EWXanQ6i:zEqFbS/6EzXsEzXzBF7ARI+EzTi
MD5:	0628C102A3DA83FE10C4AC340F055329
SHA1:	F290C0DC982CA76807C00EEAE59B3335983BBDC4
SHA-256:	B23D25ACC423D13F6DE5278961700C672B481E93EC189A8179BF27AE43824279
SHA-512:	C6A43F897F882A6DAC9585E2C66A1F3BF68012BE1E8870F5E9295B17877AC46751D23ADC9DC02828B837EDDFD28E74D46B6CDD3AE916CF25C72BA7D3AAF89E35
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/preview-components~shared-file.ff88431f84.css
Preview:	.MaliciousBanner .icon-alert-circle{margin-right:5px}.EditClassificationButton,.EditClassificationButton:hover{margin-left:6px}@media (max-width:849px){.EditClassificationButton{display:none}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\preview[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	56511
Entropy (8bit):	5.018999718758012
Encrypted:	false
SSDEEP:	768:SSI0/gaIv136bUEci7fZ3Mki45g4vcqK7KOdUyUM:Be36gEZZQ4RK7KOdIM
MD5:	5996ADF4A309F66807EB3CB098B02CF7
SHA1:	086DE88D2106957CE92C7D79B70258C1DA88E159
SHA-256:	C94D9E6F0F8679CE72F9D52CCAB973E75CC7A23AE9C8EAF0F1FA25BF7D86C75A
SHA-512:	E53B0C79531A720971AC210168203E1C71A581D4521A8065ABF65FC1B113EDF0051FC151EC12A9D68B7DC2EC93E2293AABB4F2322A704EF02C45A2A28DDEB85D
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/2.61.0/en-US/preview.css
Preview:	/!. Box Content Preview. * . * Copyright 2019 Box, Inc. All rights reserved.. * . * This product includes software developed by Box, Inc. ("Box"). * (http://www.box.com). * . * ALL BOX SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.. * IN NO EVENT SHALL BOX BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.. * . * See the Box license for the specific language governing permissions. * and limitations under the licen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\preview[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	699644
Entropy (8bit):	5.361811434311016
Encrypted:	false
SSDEEP:	6144:2KMZx0z5hFgHhdVZWjCAiAyO5ysvCMaRPvyc4v8plplMlpMGf9U:2P47wdYievCMaRPvG8plpKA
MD5:	212C1C6F38556CA9AC11E7B948EA455B
SHA1:	88C786BCE6A97557671E37503CE4FC56B5B06758
SHA-256:	DD637D4D06A59E696D64B95EFBA124EBAC48B2FC86F34CB333D436909C76AE80
SHA-512:	58F8580589803FE0D5EAAD3116904607693A82E829245A174662B6952797A64E30E15C7E39AE8CA77F2379819B859CD34BD3B6294A05037C3E2AD2004447D0E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/2.61.0/en-US/preview.js
Preview:	/!. Box Content Preview. * . * Copyright 2019 Box, Inc. All rights reserved.. * . * This product includes software developed by Box, Inc. ("Box"). * (http://www.box.com). * . * ALL BOX SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.. * IN NO EVENT SHALL BOX BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.. * . * See the Box license for the specific language governing permissions. * and limitations under the licen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\runtime.1abde09726[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	46300
Entropy (8bit):	4.916444243499991
Encrypted:	false
SSDEEP:	768:iewMOjRzRUGVKxdta9Cvxt6z/q8n+UORrlAwYsCF20qHGnOjRzRUGVKxdta9CvxH:yROxsz/qjZ5zzCFV9QROxsz/qw+jgFqV
MD5:	60291C6FCEFADC4DF56EFF9D738D49A4
SHA1:	6DFD6824B919109045F9387BCCD51FDDE7E76E20
SHA-256:	84B96A9F444D283601BE884F5F7E1CBCF4817323A12F29FD78EABE4731EE622E
SHA-512:	8605C862EC9A850AF637BF06AF96E30D806A08F2BBAE6F17427B964C973A7AEC9DA1FF2856D1E69BB67C417B789FDDF803CEA3AEB13F43BC1BACDF0E3BB3F9C6
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/runtime.1abde09726.js
Preview:	!function(e){function a(a){for(var t,l,d=a[0],i=a[1],r=a[2],c=0,f=[];c<d.length;c++)l=d[c],Object.prototype.hasOwnProperty.call(n,l)&&n[l]&&f.push(n[l][0]),n[l]=0;for(t in i)Object.prototype.hasOwnProperty.call(i,t)&&(e[t]=i[t]);for(m&&m(a);f.length;)f.shift()();return s.push.apply(s,r\|\|[]),o()}function o(){for(var e,a=0;a<s.length;a++){for(var o=s[a],t=!0,l=1;l<o.length;l++){var i=o[l];0!==n[i]&&(t=!1)}t&&(s.splice(a--,1),e=d(d.s=o[0]))}return e}var t={},l={runtime:0},n={runtime:0},s=[];function d(a){if(t[a])return t[a].exports;var o=t[a]={i:a,l:!1,exports:{}};return e[a].call(o.exports,o,o.exports,d),o.l=!0,o.exports}d.e=function(e){var a=[];l[e]?a.push(l[e]):0!==l[e]&&{"access-stats-export-modal~activity-sidebar~as-account~as-diagnostics~as-integrations~as-notification~5f5ce412":1,"access-stats-export-modal~classification-modal-v2~file-request-and-setting-modal~file-request-builde~0e8c2ec7":1,"access-stats-export-modal~activity-sidebar~edit-tags-modal~keywordless-search~multi-share-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\s65616671852272[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 2 x 2
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0780023067505042
Encrypted:	false
SSDEEP:	3:CnwltxlHlrn:Xn
MD5:	AD480FD0732D0F6F1A8B06359E3A42BB
SHA1:	A544538683A2DFE574EEB2E358AC8FCC78289D50
SHA-256:	A1ECBAED793A1F564C49C671F2DD0CE36F858534EF6D26B55783A06B884CC506
SHA-512:	8717074DDF1198D27B9918132A550CB4BA343794CC3D304A793F9D78C9FF6C4929927B414141D40B6F6AD296725520F4C63EDEB660ED530267766C2AB74EE4A9
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,............Q.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\shared-file.eeb97be84f[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1351
Entropy (8bit):	4.746120327391164
Encrypted:	false
SSDEEP:	24:jDGA057Rq0S0RdG9yZe9W9VJjR855jVXVA03VJjVa5gqVp5gKEfh7AqLZ5XZVAOe:j6A057RF97Gc/f9y5lVXVA0l9VaOWpOM
MD5:	30DBAF1AA2461B67BD0FBA1F018B7A8F
SHA1:	EB99C8D6124599E57C219DA1591D0F90DE9A68B6
SHA-256:	7491367269A0C97C9EF859DBB361062FAB032FCF2F2807683A05ACA2A91245A8
SHA-512:	B6AB176319DF944978E0DE2E7D83EF811E7F526197802C87D77CE9D96DB4456E3461CDCC8255E0F502E34BDE4283BC9F7961552A333C494E8EA033C1C823E6BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/shared-file.eeb97be84f.css
Preview:	.shared-file-recents-link{max-width:300px;color:#909090;font-weight:400}.shared-file-recents-link .shared-file-name{font-weight:400}.shared-file-recents-link:active,.shared-file-recents-link:focus,.shared-file-recents-link:hover{color:#4e4e4e;text-decoration:underline;cursor:pointer}.shared-file-chevron{margin:8px 10px 6px 6px;transition:all .3s}.shared-file-page .header-logo{flex:0 1 auto}.shared-file-info{display:flex;align-items:center;min-width:0}.shared-file-icon{flex:none}.shared-file-name{overflow:hidden;font-weight:700;white-space:nowrap;text-overflow:ellipsis}.shared-file-menu-container{display:none}.shared-file-menu-container .shared-file-menu-toggle{display:flex;align-items:center;min-width:0}.shared-file-menu-container .toggle-arrow{flex:none;width:7px;height:4px;margin-left:5px}.shared-file-hideable-actions{display:flex;align-items:center}.shared-file-hideable-actions .download-icon{padding:8px 10px}.shared-file-overflow-btn{width:34px;height:32px;padding:0}@media (max-wid

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\uploads-manager-enduser.47cb9896f5[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	96149
Entropy (8bit):	5.321706811661044
Encrypted:	false
SSDEEP:	1536:rQgaSb0h7ChdEF6QgNWCONl6CGKduS2z3Vh8MXBJ6P:eh7C4YQgNWCqoCpduSwVhvXBJ6P
MD5:	D305D69628296EB43A77FB0C8A6BD476
SHA1:	7EDF40E42CB0067CBC9A35716B6B1BE182C8BF41
SHA-256:	51E79C882120DA0B28E9FE45A485BD73F49828C2AE61A237732D012CB8372805
SHA-512:	C95D2A441E984FC10AA51B0C1E989E6D2D4041FA7DC0EDF4797C92987A3A7A69B0FB3D2EEA37D84AD709FB2DE6394CA1174CE225E2184429EF6E65B566D69AF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/uploads-manager-enduser.47cb9896f5.js
Preview:	/! For license information please see uploads-manager-enduser.47cb9896f5.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["uploads-manager-enduser"],{"/5QKqsbcTJ":function(e,t,n){"use strict";var r=n("q1tIBJhxTW"),o=n("DJuBjJIVWu");t.a=function(e){var t=e.className,n=void 0===t?"":t,a=e.color,i=void 0===a?"#000000":a,l=e.height,s=void 0===l?24:l,u=e.title,c=e.width,d=void 0===c?24:c;return r.createElement(o.default,{className:"icon-check ".concat(n),height:s,title:u,viewBox:"0 0 24 24",width:d},r.createElement("path",{d:"M0 0h24v24H0z",fill:"none"}),r.createElement("path",{className:"fill-color",d:"M9 16.17L4.83 12l-1.42 1.41L9 19 21 7l-1.41-1.41z",fill:i}))}},"2W6zXrfv2o":function(e,t,n){"use strict";var r=function(){};e.exports=r},"2rMqT+dBMw":function(e,t,n){var r;!function(){"use strict";var o=!("undefined"===typeof window\|\|!window.document\|\|!window.document.createElement),a={canUseDOM:o,canUseWorkers:"undefined"!==typeof Worker,canUseEventListeners:o&&!(!win

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\vendors~app.ad1b5c324e[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	747750
Entropy (8bit):	5.45219030923825
Encrypted:	false
SSDEEP:	6144:q8A8sZzoh+GzlUKvBUZ2Zkm9z5JpgvdjnVUi40E9Pg38hLdp5xnXcIbdS+ydTzST:ZTsZalUeZkm9Malj9hLdPZvup2dF
MD5:	482A2EAB5A48A63B469D4C4FB1D2313E
SHA1:	B1D1253F8497F642E3477D0EEBCDE25B40F81529
SHA-256:	5BFEBE33BD3194DFCBCC63ADC0E4CDC5D2B5A9B2A70AFFE9322DBDE24F1EED1D
SHA-512:	F7B433D5671DE6418BACBCA18E1DB2755F6A00C2845149FB0B3BEFFEFBB6EF3D2C6DAEA24BE5646FBD8391E2C7515D3B033BD4F431D505D67D67E2005F4D0F2B
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/vendors~app.ad1b5c324e.js
Preview:	/! For license information please see vendors~app.ad1b5c324e.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["vendors~app"],{"+5jU5LlWGD":function(e,t,n){var r=n("HMbdZSjBQ4");e.exports=function(e,t){var n=Number(t);return r(e,-n)}},"+6+2nNgl5l":function(e,t,n){var r=n("yNUOxrtTnd");e.exports=function(e){var t=r(e);return t.setMinutes(0,0,0),t}},"+6XX5+lld6":function(e,t,n){var r=n("y1pIOgaOIe");e.exports=function(e){return r(this.__data__,e)>-1}},"+K+bU4dw7B":function(e,t,n){var r=n("JHRd0Wtpo2");e.exports=function(e){var t=new e.constructor(e.byteLength);return new r(t).set(new r(e)),t}},"+QkaJiEUcy":function(e,t,n){var r=n("fmRcAGUJsu"),o=n("t2Dn8I5vat"),i=n("cq/+ZHEllX"),a=n("T1AVtgJeLR"),u=n("GoyQGQ25b1"),s=n("mTTRHTH0TC"),c=n("itsjJeh/nX");e.exports=function e(t,n,l,f,p){t!==n&&i(n,(function(i,s){if(p\|\|(p=new r),u(i))a(t,n,s,l,e,f,p);else{var d=f?f(c(t,s),i,s+"",t,n,p):void 0;void 0===d&&(d=i),o(t,s,d)}}),s)}},"+c4WVrHK/K":function(e,t,n){var r=n("711d4qXG

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_bc3d32a696895f78c19df6c717586a5d[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Lato-Bold[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 118272, version 1.0
Category:	downloaded
Size (bytes):	118272
Entropy (8bit):	7.99139950884202
Encrypted:	true
SSDEEP:	3072:EweDun1n2Uub4GgrWSPqJWREerzJmXVVoYckqW0:jb9ubaiSiJ4zYVmYv0
MD5:	AEBA3FDF0CDB79BC1D33688D3E39B592
SHA1:	E3A34C01880116194309B7225A9CBF8001D23407
SHA-256:	2D198961EFB291734102AC4281C4E004628960C80B7C378DD8E034D4B7425AD2
SHA-512:	E9024FABDEEE3BCC345FE51E461E80A1F898EEB17B9561D7DC0BBA4D85F28AD485BCB9C140276534C30047A1D8D8C36AA3989D2C29276D00AA3186219EA2C291
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff
Preview:	wOFF..............m.........................FFTM............p.\MGDEF.......7...8.}..GPOS...........>...GSUB.......,...FA..sOS/2...<...`...`kQ..cmap...........x.!>cvt ...x...o....B...fpgm................gasp...............glyf.........K...<.head...(...2...6..qihhea...\...!...$....hmtx...........$KqKAloca...........(....maxp...x... ... .Q..name............&.Bpost..........(.[rK.prep...T........o.i:webf............`.V..........=........y.......x.c`d``..b...`b`e`dj..f.6.f.v.o.F..._.&.?.I...,`U..j%.H.x...\|L....9.M...UQ..U.U..UQTmmT{]mUUQ.U\WUU-....%B..XJ.1FBD.dD"&R%.!T}~.93m........x...3.........B.Bx.ab.p.......{....N...h3n...p...R.......#n.x...Q..!..'....o.&<Dc.Rx..l#:.n...$..1b..$..9.x.x.!..zOQ{.C.78......K.{.C>\.!.t...~....99.!...\....Y...N~...6..E;t."z.~h7L..c.o".v.M.....:K........b...;Z.r..h.'....a}...=.........m.A5....:G.g/.....{;...[G...A......vo....{O.~....v..>.}......s.../v_..}..f..........3..s.....W.W...p............G.G{.N..<zy....1.....=....1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Lato-Regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 119132, version 1.0
Category:	downloaded
Size (bytes):	119132
Entropy (8bit):	7.991532245734968
Encrypted:	true
SSDEEP:	3072:pECjkMzGFzkgGdoAiZzixFwotRAE9urcBQbtF0roFS:pECjVzIGYZ4Fpx9urUQbtFeoFS
MD5:	3E4A4FC6317C4C2CF35D7C77EC1789C3
SHA1:	40EA0D8678B92988824193587F707E3AEDC4591F
SHA-256:	607EC0A4A29F6A4607F6E0A3CF486E50322DDF66F1F1870150CB69A7061E978D
SHA-512:	F7D639520F4C3A3539AD7506EC1CEBED8107C2A264316FE0E98A15132ACCFE6212A22391F4A7203B6D8304B3222B603F0137BA9ACAC7478F217363EEF4556DED
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff
Preview:	wOFF.......\................................FFTM............p.\MGDEF.......7...8.x..GPOS.......z...b...GSUB...x...,...FA..sOS/2......_...`i...cmap............x.!>cvt .......r....?9..fpgm...T............gasp................glyf..........a..?.head.......1...6..qfhhea.......!...$....hmtx.............C.2loca..............-&maxp....... ... .L..name..............hpost..........'....)prep...........o.i:webf...T........`.V..........=........y.......x.c`d``..b...`b`e`dj..f.6.f.v.o.F..._.&.?.^.F...*..i..C.x...\|M......!.<.fEI.USS\TcVUTT.E.UUu.RUUWCM5W.U5....Ap".H"b.I.'!..j..g........o_..Yg...z.z...Jv\..!<. .p..{_....cG.......h1..q.E'.B.!..!...I.s.....W.).T......a.7QO4...x.-D[.Y....`1B....1M...1v...;E.D;..c.......b...........;........v^..^...M..&.F.f...u.]Eo..$....7.Vi...&W9]..au}F].T....[>.t.....+..Fj.X.^U...jzu}.._W...OS......M.;.].k.fQ..../.K.h.f..\.vr...... ..#]G..s..:.u.k..\.E..]W..s...u..!.c..\3]s\.\.....r..........-.-..[...n....w.........n...p.....nS..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Lato-woff[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	271824
Entropy (8bit):	6.004035154725513
Encrypted:	false
SSDEEP:	6144:7iSn14Pe5e8PMyBdu/gFU7Eu2bzHB1v1e/OHjl0Cl:eS18e5eqMy7RbT/v1QODl0Cl
MD5:	E1E5023A4D0B29824C8A6937ED303B03
SHA1:	93159BA90E4ACA126C45282D047E4E1D544AD100
SHA-256:	80745E4A131F2F16302232F53845BFA223915A3465369A40A9AA777D2C0A30BD
SHA-512:	09A87AA0383D5E78FAF21CD63E4EE6EB875AC39F52AAF0805224DDFE39B56E91ECEEA743B811C2C8473A0113BDA678C472EAD4FECA207004A37699D051EA68B6
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
Preview:	@font-face {. font-family: 'Lato';. /* This is Base64 encoded from Lato-Regular.woff */. src: url('data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAdFcABMAAAADhOgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAccNlcTUdERUYAAAHEAAAANwAAADgSeA2uR1BPUwAAAfwAANZ6AAGuYg7b1pNHU1VCAADYeAAAAywAAAtGQYaNc09TLzIAANukAAAAXwAAAGBp8+XGY21hcAAA3AQAAATZAAAGoHgSIT5jdnQgAADg4AAAAHIAAADqPzmz1GZwZ20AAOFUAAAFqAAAC5fkFNvwZ2FzcAAA5vwAAAAIAAAACAAAABBnbHlmAADnBAAAwI4AAWHYuL0/gWhlYWQAAaeUAAAAMQAAADYO+nFmaGhlYQABp8gAAAAhAAAAJBEGCeFobXR4AAGn7AAACQ4AABIS60ObMmxvY2EAAbD8AAAI5AAACR6IDi0mbWF4cAABueAAAAAgAAAAIAZMAeluYW1lAAG6AAAABQQAAA/ywsuuaHBvc3QAAb8EAAARqgAAJ+ABEAopcHJlcAAB0LAAAACiAAAAuW8KaTp3ZWJmAAHRVAAAAAYAAAAGYIZWjQAAAAEAAAAAzD2izwAAAADR6Kh5AAAAANKzEQR42mNgZGBg4ANiAwYQYGJgZWBkagLiZqY2BmamdhZvBkYWHxZfBiYWP5ZeBkYGFrAqBgBp7gRDAHjapL0JfE3X+v+/9t4h8zwPZkVJEVVTU1xUY1ZVVFTVRbVVVXXbolJVVVdDTTVXFVU1z5XEHMFBcCKVSCJizEkaJyGhqmr932ed0+a06t77/f1vX5/9WWedtdd69nrW86zPSnZcoQkhPMQg8YFw6dS5e18R8c/xY0eJBq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\app.8f4ad58129[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	155223
Entropy (8bit):	5.017204621947009
Encrypted:	false
SSDEEP:	3072:4dyg6zSqfO6QAQlkkBh39AiDQyUyoTwTrhmvdhU4pSs/MY:4dyg6zSqfO6QAQlkkBh39AiDQyUyoTwA
MD5:	45FE981ECE793E20C3AF7AE4E8B36FDD
SHA1:	416B54B82BF359DA73F4A13FA809C49776689D14
SHA-256:	81AA096AE4F9AD6DEB38A8151DD22A118B5D5175926233B85F297EAE83217938
SHA-512:	F64ACE5A4E7943718D15506C5C123276D59788699E9B2F9494ABD3740694DAE6289487F547980C223C130C279E42C85CD463E41003FC3F82E58C7C2A835066DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/app.8f4ad58129.css
Preview:	.flyout-overlay{font-family:Lato,Helvetica Neue,Helvetica,Arial,sans-serif;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;text-rendering:optimizeLegibility;font-weight:400;font-size:13px;color:#222;line-height:20px;letter-spacing:.3px;z-index:190;box-sizing:border-box}.flyout-overlay>div:not(.should-outline-focus):focus{outline:none}.flyout-overlay .overlay{padding:15px;border-radius:4px}.flyout-overlay.dropdown-menu-element-attached-center .overlay,.flyout-overlay.flyout-overlay-target-attached-left .overlay,.flyout-overlay.flyout-overlay-target-attached-right .overlay{animation:fade-in .15s cubic-bezier(0,0,.6,1)}.scroll-container{position:relative;display:flex;flex-grow:1;height:100%;overflow:hidden}.scroll-container .scroll-wrap-container{flex-grow:1;overflow-y:auto}.scroll-container .scroll-wrap-container:after,.scroll-container .scroll-wrap-container:before{position:absolute;display:block;width:100%;height:30px;border-radius:inherit;opacity:0;transition:opac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lang-en-US.e38312dc59[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	514623
Entropy (8bit):	4.8633386077970435
Encrypted:	false
SSDEEP:	12288:2yV20X7edTsKge2YSYgoST7bF4TjdFjsjejQjecDuScSai:2yV20X7ed/cD1cSai
MD5:	06B461355C5F9FC1BA6AB27AF0AAC102
SHA1:	F6FFFBF4F0E19A7B455D7D8ABA6E5B495F98D1FC
SHA-256:	79330BEAB86C8B84AD9C6559A89C9D51C0F03E0D8A983CCBD82F338B0F37D538
SHA-512:	9294AFE9929A2AA6EE97CCC28127F571549939CB14D05D64DBC64ED5D5642CA7D9DDB7842B91BA63813EB4475B43F9A5CB3DD66FF0047AC85388433FED65ECCB
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/lang-en-US.e38312dc59.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["lang-en-US"],{RGqkULYfOR:function(e,o,a){"use strict";a.r(o);var t=a("PTt16PTTsL"),r=a.n(t),n=a("pBVgBhjduU");function i(e,o){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var t=Object.getOwnPropertySymbols(e);o&&(t=t.filter((function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable}))),a.push.apply(a,t)}return a}function s(e,o,a){return o in e?Object.defineProperty(e,o,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[o]=a,e}a.d(o,"language",(function(){return l})),a.d(o,"locale",(function(){return d})),a.d(o,"messages",(function(){return u})),a.d(o,"reactIntlLocaleData",(function(){return r.a})),a.d(o,"boxCldrData",(function(){return n.a}));var l="en-US",d="en",u=function(e){for(var o=1;o<arguments.length;o++){var a=null!=arguments[o]?arguments[o]:{};o%2?i(Object(a),!0).forEach((function(o){s(e,o,a[o])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(a)):i(Object(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\launch-54b165b09013.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47505
Entropy (8bit):	5.309632868726356
Encrypted:	false
SSDEEP:	768:Yvu00GBP2viWjdJHL34SaDdoC1h69LKoXf2OC54h7AZW+Xrw1upg6X5hhstcs:Yvu006gHD4SgcKoXf2pyhc1Xrw1VqhgF
MD5:	5F66CB6BB5E9899218B3AEF321B2FDCF
SHA1:	18F5AA4C4558D06929A1DF42E2501253F95D2501
SHA-256:	60C18326DAE3B6B38D2C5DE14D29A99717C4EE865344552A1755E0CACD17943A
SHA-512:	53186903005646C35524C772968A8650427ED1B3EB28D96C57BE45347A83FB1BD3127E3C8CBF78D933370230500F3F2291124B2048D06F4C10DA3164D779CD8A
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/6055abd7bbba/292d6a5f4786/launch-54b165b09013.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/6055abd7bbba/292d6a5f4786/launch-54b165b09013.js`..window._satellite=window._satellite\|\|{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2020-10-16T00:35:42Z",environment:"production",turbineBuildDate:"2020-08-10T20:14:17Z",turbineVersion:"27.0.0"},dataElements:{rsid:{modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){var e="boxincnoreport",t=window.location.hostname,n=/\.mktg\.box\.com$/i;return"undefined"!=typeof _satellite.buildInfo&&("staging"==_satellite.buildInfo.environment\|\|"development"==_satellite.buildInfo.environment)\|\|n.test(t)?e="boxincmarketingstaging":"www.box.com"!==t&&"developer.box.com"!==t&&"developers.box.com"!==t&&"www.box.net"!==t&&"www.boxcn.net"!==t&&"www.boxenterprise.net"!==t&&"eegeventsite.secure.force.com"!==t&&"content.box.com"!==t&&"info.box.com"!==t&&"go.box.com"!==t&&"translate.googleusercontent.com"!==t&&"boxer.mktg.box.com"!==t&&"blog.box.com"!=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\messagecenter~uploads-manager-enduser.e83b2dda31[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	46540
Entropy (8bit):	5.2638289199792485
Encrypted:	false
SSDEEP:	768:vj13k4lZZZsGcXaKxdk2S/4N2S/J67EKB3ipef8QScD8gtEwQThwdOwaleOFDX2g:4xdk2S/4N2S/J67EKB3ipef8QScD8g1o
MD5:	0301C1A9C6BFCA3D5F81EF8A64E77C2E
SHA1:	3CD3BB4391C82A29191B5B0C9ABB4EE01AFCE8DA
SHA-256:	218F4E999ED4F2B19EEAC806BC5D64C8E71F63E7D3336A6FAECE22FB784214FD
SHA-512:	E15B0AB4A5E0A254726DD07335E525FFCA73573AB19177E4446CF5041681C9B097FCC12FAF653C8C6360270CABAFB15514310CDE5DA50D7D84ABE1EC32FBC99B
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/messagecenter~uploads-manager-enduser.e83b2dda31.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["messagecenter~uploads-manager-enduser"],{"7G9T0A7Q2t":function(e,t,o){"use strict";var n=o("QbLZJtXF68"),r=o.n(n),i=o("Yz+Y0CAZeS"),l=o.n(i),a=o("iCc5sPGOWs"),s=o.n(a),c=o("V7oCdLSCTo"),d=o.n(c),u=o("FYw3c9QbSe"),h=o.n(u),f=o("mRg0wtBNeT"),S=o.n(f),p=o("q1tIBJhxTW"),m=o("m0AvLASv6a"),_=(o("17x9q+7QrQ"),function(e){function t(){var e,o,n,r;s()(this,t);for(var i=arguments.length,a=Array(i),c=0;c<i;c++)a[c]=arguments[c];return o=n=h()(this,(e=t.__proto__\|\|l()(t)).call.apply(e,[this].concat(a))),n.state={height:n.props.defaultHeight\|\|0,width:n.props.defaultWidth\|\|0},n._onResize=function(){var e=n.props,t=e.disableHeight,o=e.disableWidth,r=e.onResize;if(n._parentNode){var i=n._parentNode.offsetHeight\|\|0,l=n._parentNode.offsetWidth\|\|0,a=window.getComputedStyle(n._parentNode)\|\|{},s=parseInt(a.paddingLeft,10)\|\|0,c=parseInt(a.paddingRight,10)\|\|0,d=parseInt(a.paddingTop,10)\|\|0,u=parseInt(a.paddingBottom,10)\|\|0,h=i-d-u,f=l-s-c;(!t&&n.state.hei

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\pdf.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	330993
Entropy (8bit):	5.424757612418792
Encrypted:	false
SSDEEP:	3072:nFgCairre0QtIRq+VUCTBE3cxB9Bptk4RLpNKXOz:nFgKrXQMVUCtEaB9BptRRLpNKXq
MD5:	9A9AC5F2FB76274116C651226A647C95
SHA1:	EEDC500FC742C9762BF5789AE470132B2011AF77
SHA-256:	6CF4C965636CFA49500C3A95FDEF2C5F4722FD0367ED26D70A19F1A13DFFE173
SHA-512:	13132DAB411AEB5C8204171B3B350FE9B372B3ABA057F6BC3EABCE2BB5218212DDDA1A2020D9B00A986162AE5D85B88F7B3E1AAA4E7F8F7C4F63329DE48C760A
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/third-party/doc/2.16.0/pdf.min.js
Preview:	(function(c,d){"object"===typeof exports&&"object"===typeof module?module.exports=d():"function"===typeof define&&define.amd?define("pdfjs-dist/build/pdf",[],d):"object"===typeof exports?exports["pdfjs-dist/build/pdf"]=d():c["pdfjs-dist/build/pdf"]=c.pdfjsLib=d()})(this,function(){return function(c){function d(l){if(a[l])return a[l].exports;var n=a[l]={i:l,l:!1,exports:{}};c[l].call(n.exports,n,n.exports,d);n.l=!0;return n.exports}var a={};d.m=c;d.c=a;d.d=function(a,c,h){d.o(a,c)\|\|Object.defineProperty(a,.c,{enumerable:!0,get:h})};d.r=function(a){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(a,Symbol.toStringTag,{value:"Module"});Object.defineProperty(a,"__esModule",{value:!0})};d.t=function(a,c){c&1&&(a=d(a));if(c&8\|\|c&4&&"object"===typeof a&&a&&a.__esModule)return a;var h=Object.create(null);d.r(h);Object.defineProperty(h,"default",{enumerable:!0,value:a});if(c&2&&"string"!=typeof a)for(var n in a)d.d(h,n,function(h){return a[h]}.bind(null,n));return h};d.n=f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\pdf_viewer.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7106
Entropy (8bit):	4.86865545119897
Encrypted:	false
SSDEEP:	48:HBSkOWlpuR/cRez1Zw+jkRgHGZooZeRWLxZEzpuDdZfcd7Zq0w5FFw6VFM6oFKoB:hFjp+5jwLzjmQp4LgXzQuWZqzIoSF5
MD5:	8CE5E0CD4EE723D76683E50A1A3A6C6B
SHA1:	43D9D8CEECAA52C55735CBBF46DA3AE27146018D
SHA-256:	5179C456D56674CA0C710DBC43C90DDF2710C716779D53B94BF2A018F31154DA
SHA-512:	C364D2829CE09DD139D3906BE765AD5692EFCB06570CF774A19B8B66370B2FA1B0085FAC889594CF822A67F542BDC13F11514F9BE40F0910684C395C2142963C
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/third-party/doc/2.16.0/pdf_viewer.min.css
Preview:	.textLayer{position:absolute;left:0;top:0;right:0;bottom:0;overflow:hidden;opacity:.2;line-height:1}.textLayer>span{color:transparent;position:absolute;white-space:pre;cursor:text;transform-origin:0 0}.textLayer .highlight{margin:-1px;padding:1px;background-color:#b400aa;border-radius:4px}.textLayer .highlight.begin{border-radius:4px 0 0 4px}.textLayer .highlight.end{border-radius:0 4px 4px 0}.textLayer .highlight.middle{border-radius:0}.textLayer .highlight.selected{background-color:#006400}.textLayer ::-moz-selection{background:#00f}.textLayer ::selection{background:#00f}.textLayer .endOfContent{display:block;position:absolute;left:0;top:100%;right:0;bottom:0;z-index:-1;cursor:default;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.textLayer .endOfContent.active{top:0}.annotationLayer section{position:absolute}.annotationLayer .buttonWidgetAnnotation.pushButton>a,.annotationLayer .linkAnnotation>a{position:absolute;font-size:1em;top:0;left:0;widt

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	756
Entropy (8bit):	4.879179443781471
Encrypted:	false
SSDEEP:	12:t4pb8WsQKvkBWSfYcW3ffBfYfomQO1a7aajR2F1hgWSnuCNSganii7v/NPujARqj:t4pb8WvKMTfY3ffBfYfomQO1eXjR2oug
MD5:	9DE70D1C5191D1852A0D5AAC28B44A6C
SHA1:	F4F64F5CBDBE6D1115C10A7F9CCB8828E6B67CAE
SHA-256:	5D3357BD875B7335ACE42E8EE3A64578E4253BED1A4E279109DE403EEDAE3A69
SHA-512:	CAC13FC2FE30E10772008F2AFF70FCA031EA9918E1F8C5C8B91CB9E79463383183406EFAADF89360DE3A08573FCDF2716C14DA6411E24B7E260B96AF84F00762
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_aad_9de70d1c5191d1852a0d5aac28b44a6c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M34,35V14a2.938,2.938,0,0,0-3-3H27V8l2-1L27.948,5.638,24,8,20.07,5.648,19,7l2,1v3H17a2.938,2.938,0,0,0-3,3V35a2.938,2.938,0,0,0,3,3H31A2.938,2.938,0,0,0,34,35Zm-3,1H17a.979.979,0,0,1-1-1V14a.979.979,0,0,1,1-1h6V10h2v3h6a.979.979,0,0,1,1,1V35A.979.979,0,0,1,31,36Z" fill="#404040"/><path d="M26.766,25.42a4.432,4.432,0,1,0-5.533,0A6.237,6.237,0,0,0,17.765,31h1.653a4.582,4.582,0,1,1,9.165,0h1.653A6.237,6.237,0,0,0,26.766,25.42Zm-5.546-3.435A2.779,2.779,0,1,1,24,24.765,2.783,2.783,0,0,1,21.221,21.985Z" fill="#404040"/><rect x="21" y="14" width="6" height="2" rx="1" ry="1" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\uploads-manager-enduser.41330e25db[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	9240
Entropy (8bit):	4.950505849395374
Encrypted:	false
SSDEEP:	192:zhU05Wfn+YW3DZ87/8v8UT8S81/b80d8Fuflf0FfGI0bIUX0fXmvHpY6bXeGX9CZ:z6nauXA
MD5:	2736E5D199EFCFE06501B7F72B3F5DD2
SHA1:	B9B553FBB2DFE567111B7D51CF682EB72D9EB9C6
SHA-256:	6557DF16669DDFB8E5BF239CC8004991B1483568090013310857002CD051B85A
SHA-512:	7F175FB31672C46A14A8C666E835D85D8CD06C7AD41B07B833DB8FD56C8F6C7AFB02B47979C5E007E6BE189FC7C411D85C2C66E4911369F901CF4CF73850A2FB
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/uploads-manager-enduser.41330e25db.css
Preview:	.bcu-item-label{max-width:300px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.bcu-item-icon-name{display:flex;width:100%;height:50px;cursor:default}.bcu-item-icon{flex:0 0 50px;align-items:center}.bcu-item-icon,.bcu-item-name{display:flex;justify-content:center}.bcu-item-name{flex:1;flex-direction:column;align-items:flex-start;overflow:hidden;line-height:15px;text-align:left}.bcu-icon-badge .badges .bottom-right-badge{bottom:-4px;left:calc(100% - 16px)}.bcu-progress-container{z-index:201;width:100%;height:2px;margin-right:40px;background:#e8e8e8;transition:opacity .4s}.bcu-progress-container .bcu-progress{top:0;left:0;max-width:100%;height:2px;background:#0061d5;box-shadow:0 1px 5px 0 #e4f4ff;transition:width .1s}.bcu-item-progress{display:flex;align-items:center}.bcu-progress-label{min-width:35px}.bcu-item-action{width:24px;height:24px}.bcu-item-action .crawler{display:flex;align-items:center;justify-content:center;height:100%}.bcu-item-action button{display:flex}.bcu-ite

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AppMeasurement.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	33462
Entropy (8bit):	5.357057188294372
Encrypted:	false
SSDEEP:	768:oLXw5OhrPiX7fVXt9KQ2vYlcOe9kBEemysr0:oLXw5OhraX7f58Yxq/0
MD5:	F259EE6445C19C2CE3C64A1B117A4F35
SHA1:	A4C64554F653AB4E5BD5D2D03CE5685BB0A9DDB8
SHA-256:	D6B423C91328EEC9C218DD8B21AE1E676987D574E5432411A32806E5DD2BDE32
SHA-512:	8050C59A188BF36A920EE6BD90BA52F14967AD2085A32A37D9211C265803C962276146F8FD5F8487D42763CE9A68D3DC6CCD053322B57DE52FAF3A03962DBB99
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.js`..function AppMeasurement(f){var g=this;g.version="2.22.0";var p=window;p.s_c_in\|\|(p.s_c_il=[],p.s_c_in=0),g._il=p.s_c_il,g._in=p.s_c_in,g._il[g._in]=g,p.s_c_in++,g._c="s_c";var d=p.AppMeasurement.ic;d\|\|(d=null);var l,b,k,m=p;try{for(l=m.parent,b=m.location;l&&l.location&&b&&""+l.location!=""+b&&m.location&&""+l.location!=""+m.location&&l.location.host===b.host;)l=(m=l).parent}catch(e){}g.C=function(e){try{console.log(e)}catch(t){}},g.Ra=function(e){return""+parseInt(e)==""+e},g.replace=function(e,t,a){return!e\|\|e.indexOf(t)<0?e:e.split(t).join(a)},g.escape=function(e){var t,a;if(!e)return e;for(e=encodeURIComponent(e),t=0;t<7;t++)a="+~!*()'".substring(t,t+1),0<=e.indexOf(a)&&(e=g.replace(e,a,"%"+a.charCodeAt(0).toString(16).toUpperCase()));return e},g.unescape=function(e){if(!e)return e;e=0<=e.indexOf("+")?g.replace(e,"+"," "):e;try{return decodeURIComponent(e)}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AppMeasurement_Module_ActivityMap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3303
Entropy (8bit):	5.452973373664524
Encrypted:	false
SSDEEP:	48:m5Y978Fy8XpF6Ybu+iLRm/PAeNeGdgOIDcgQQ1rQN5ePJcmktcp98AKDBW1:m527Z2pF6YurK508Lx7ePJY9LFW1
MD5:	5DEDCDA2C8A6C3A51FD419D306427010
SHA1:	B5B77880EA73F4370C8B478FBF527D050CA1B650
SHA-256:	0486530F1E98818865754A08E1B5442AC5A6A36A6BF6042E3B3338A532E998D2
SHA-512:	20BE4D54AAD68CFD360A760D09CE7E22EFACBD793D91EFBB9F5871FDE686D7095C10502D11274A44A5999A50AF0D5C17780C178A408F4E3CF73B6D45360D1682
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js
Preview:	// For license information, see `https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.js`..function AppMeasurement_Module_ActivityMap(o){function e(){var e=t.pageYOffset+(t.innerHeight\|\|0);e&&+g<e&&(g=e)}function n(){if(f.scrollReachSelector){var t=o.d.querySelector&&o.d.querySelector(f.scrollReachSelector);t?(g=t.scrollTop\|\|0,t.addEventListener("scroll",function(){var e;(e=t&&t.scrollTop+t.clientHeight\|\|0)>g&&(g=e)})):0<i--&&setTimeout(n,1e3)}}function a(e,t){var n,r,i;if(e&&t&&(n=f.c[t]\|\|(f.c[t]=t.split(","))))for(i=0;i<n.length&&(r=n[i++]);)if(-1<e.indexOf(r))return null;return e}function c(e,t,n,r,i){var a,c;if(e.dataset&&(c=e.dataset[t])?a=c:e.getAttribute&&((c=e.getAttribute("data-"+n))?a=c:(c=e.getAttribute(n))&&(a=c)),!a&&o.useForcedLinkTracking&&i){var l;if(e=e.onclick?""+e.onclick:"",varValue="",r&&e&&0<=(t=e.indexOf(r))){for(t+=r.length;t<e.length;)if(n=e.charAt(t++),0<="'\"".indexOf(n)){l=n;break}for(c=!1;t<e.length&&l&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\content-sidebar.d7d089246d[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	49949
Entropy (8bit):	5.38788940473956
Encrypted:	false
SSDEEP:	768:fs/VCjHEsHlmIG67fBf/37FDvuMtvvzeKQ2rsr5HusUGp:7VJ/37FzumvwlHl
MD5:	EFB99E97F0787C9BEAA050A8547E3457
SHA1:	3527F4862B6FAE2A6B8F3D282A5C3F958C899995
SHA-256:	18300F5956B71A7612403F8C3F3B8F2B39D23793BCC6EED9A0E44DC287643F62
SHA-512:	D29F493B73F6685797F5FE0910BCD35757CFE1D0FA5924254EE9AB940103C6FE6C7D29205C9CC876913E2DC64A21C25415C88AF29C993A8171AA4AA360EB5E78
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/content-sidebar.d7d089246d.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["content-sidebar"],{"+HTToFDsKF":function(e,t,n){"use strict";n.r(t);n("ls82xohDAq");var r=n("q1tIBJhxTW"),a=n.n(r),i=n("vN+2IcUykn"),o=n.n(i),c=n("56YHLNIoDA"),s=n.n(c),l=n("Jdck50bD+l"),u=n("9v9/QOdyjq"),d=n("NR/qkXUXgp"),f=n("TSYQbtd+U2"),p=n.n(f),b=n("mwIZSSbMl2"),h=n.n(b),y=n("mNz5hShaC3"),m=n.n(y),v=n("Ty5D64ufpF"),g=n("UroeuGWH9k"),S=n("03vecjQMf5"),O=n("JRPeW/Ew/U"),E=n("Amu/syeQX8"),I=n("mxNUbu5+54"),w=n("DJuBjJIVWu"),A=function(e){var t=e.className,n=void 0===t?"":t,a=e.color,i=void 0===a?"#999":a,o=e.height,c=void 0===o?24:o,s=e.title,l=e.width,u=void 0===l?24:l;return r.createElement(w.default,{className:"icon-doc-info ".concat(n),height:c,title:s,viewBox:"0 0 24 24",width:u},r.createElement("path",{className:"fill-color",d:"M19.41 7.41l-4.82-4.82A2 2 0 0 0 13.17 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8.83a2 2 0 0 0-.59-1.42zM13 16a1 1 0 0 1-2 0v-4a1 1 0 0 1 2 0zm-1-6a1 1 0 1 1 1-1 1 1 0 0 1-1 1z",fill:i}))},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon-32x32-VwW37b[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1157
Entropy (8bit):	7.424718197664869
Encrypted:	false
SSDEEP:	24:hMkjvNSTHDyCbibxDx4fZ9qMfhkbOTKBN:hdjvA3bc9ENhkbb
MD5:	86AEDF25C0B3AE1224D92E32D80FFEF8
SHA1:	D75B54256BC48B27E6D7DF1C2A6F4635DE2FE5EE
SHA-256:	D1A4A65AC84A381199843B9722E6470470C8093885CF2A6481C2FF0DEF618C64
SHA-512:	13C4E0AF14577A4858D6E85D93E399186FD5F4AD4A836FA014D89C79673FF7E53EE9B06DE271374C70B3B15F72250075CB8F20E690AAAEE93C6698ABF7D68988
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
Preview:	.PNG........IHDR... ... .....D.......gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....PLTE....a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..a..`.._.H..w...i....../~......2..._.1~..d..n..`..m..f..c..a....................!u..^."u............g...j......q.E....G.......................F......................g.,{.......U.....A...h..r............... u..h.:.....e.............b...]..j.......q.....}.....n.G...........b...d..v..r.. t....+{.i..z..\........z.......h..&x.@.......$w.c.....y........a...n.D.........t........a..p...j..%w.f...E...e..h.V.......=..Q..e../}...?...b..p.Y....tRNS... 78.-.....).....6...&..W.w....IDAT8.c```dbfa..X........\.X.../.##.#;..N .. .!....10..S .. *.O..(.+7>...)...@V^AQ...%e.9..T..5d!f..bW.....#+#....''...T&.o.W`hdlbjfnaiemckg....,....&.w..........{@`Pp..{hXxDd..BAtLl\\|BbRrJjZ.QFfVv.{.....y..r...E..2.Q%..e.....Y..22:N.Z22..U.5...u.p_h.7X.Y6F.75.....v..N....].=.}...#.b&N..<e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\intersection-observer[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7260
Entropy (8bit):	5.079928008915343
Encrypted:	false
SSDEEP:	192:siG99SlhMUrFC6Y/g7LNqkMAhDGgXdyDLK22FrRbO2+t6vFmtteS4c5q:USP1Y/g7RxpVhXdyX2FrRZ+GeteS5I
MD5:	498AAC0CA5A2544927FAF2681402DE59
SHA1:	39F0C1FBF7452CC5568E5E9C499C898272C285CE
SHA-256:	542FADAE21CB6CA75B99B8FC0A0FA8E300F18F679FAD27046D23C74C275F59EE
SHA-512:	FC6EB201EFCC38E3BD26926B264D867656A6471D43EA14F2D662E630728AAD6F190DDE8E510CDDEB52E6F97C4D785D63416F5976C80907BAA6DD1B25262D9145
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/polyfills/intersection-observer/0.5.0/intersection-observer.js
Preview:	!function(t){function e(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,e),o.l=!0,o.exports}var n={};e.m=t,e.c=n,e.d=function(t,n,r){e.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:r})},e.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},e.p="",e(e.s=318)}({318:function(t,e){!function(t,e){"use strict";function n(t){this.time=t.time,this.target=t.target,this.rootBounds=t.rootBounds,this.boundingClientRect=t.boundingClientRect,this.intersectionRect=t.intersectionRect\|\|a(),this.isIntersecting=!!t.intersectionRect;var e=this.boundingClientRect,n=e.widthe.height,r=this.intersectionRect,o=r.widthr.height;this.intersectionRatio=n?o/n:this.isIntersecting?1:0}function r(t,e){var n=e\|\|{};if("function"!=typeof t)throw new Error("callback must be a function");if(n.root&&1!=n.root.nodeType)thro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\loading[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 30 x 30
Category:	downloaded
Size (bytes):	851
Entropy (8bit):	5.9990571488582125
Encrypted:	false
SSDEEP:	12:3yV3DYBupPHJa3DUDYsHEDKBDfEDYOecS3Y4DuBDzEDYSecS3Y4DyBDYs/ln:3yGiPETNIL9XYv9bYgAln
MD5:	2E4AAFDC48FD2295ADE1A275F1BAE547
SHA1:	D35E3EB9261AEF6827067E9D8D0C8C7B796E0AFB
SHA-256:	B3A3C601451C06183AF82CBF2270C4D80F3D5D680EA9960ED0816B506FBB8C33
SHA-512:	8D0A2A583E165AD727F172F2FAD7C3879B5E214D2248628DF464184D1C51C694705D6BA2FD5E92478A1BDEC88E8AE26711213946B2D20470A15C54821AFBB17B
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/2.61.0/en-US/loading.gif
Preview:	GIF89a........<..a.......!..NETSCAPE2.0.....!..ImageMagick.gamma=0.45455.!.......,..........V.........Zeo.\..u\..be............~c}......M.2..../.L..D..:..p;....>..o9..:......#..!..ImageMagick.gamma=0.45455.!.......,.......................!..ImageMagick.gamma=0.45455.!.......,.....................V..!..ImageMagick.gamma=0.45455.!.......,.......................!..ImageMagick.gamma=0.45455.!.......,..........F......X...Ek. O{y.....X..,.m..q.......?3..:.iJ.p..5s..J\6.....(..!..ImageMagick.gamma=0.45455.!.......,.....................V..!..ImageMagick.gamma=0.45455.!.......,.......................!..ImageMagick.gamma=0.45455.!.......,..........F......X...Ek. O{y.....X..,.m..q.......?3..:.iJ.p..5s..J\6.....(..!..ImageMagick.gamma=0.45455.!.......,.....................V..!..ImageMagick.gamma=0.45455.!.......,.......................;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\messagecenter~preview-components~uploads-manager-enduser.4c14b7f15f[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	258193
Entropy (8bit):	5.3294936427684565
Encrypted:	false
SSDEEP:	3072:ze3JHdzVr1YHZvk8H2RDyUlBgxIhVfwYgONQqwQfbk03rzRGtwMNBw6iJGU0QIMA:zeugSiGrgXwS8q2
MD5:	B162BA9687FA94BF290F0F5F14A0ADC9
SHA1:	DBEECDD021104BFEDA7F96F9623961184EB2AAEE
SHA-256:	B39D4AC30BEE183D42B704ED262F19E8EA2F9A375CA17F37D0EF8ADCC2E70CB3
SHA-512:	5BD681A2FBB3CAA119A86062D7967BE0D96320BDE9EB94E46E2DA6F8948A29F1F1194295C0E30267B9453E10FD3A105333E217F79F3E448C47DB496CEFC04F9D
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/messagecenter~preview-components~uploads-manager-enduser.4c14b7f15f.js
Preview:	/! For license information please see messagecenter~preview-components~uploads-manager-enduser.4c14b7f15f.js.LICENSE.txt /.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["messagecenter~preview-components~uploads-manager-enduser"],{"03vecjQMf5":function(e,t,r){"use strict";var n=r("BSXSWhc9DH");function o(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable\|\|!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}var i=function(){function e(){!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e),this.memoryStore=new n.a;try{this.localStorage=window.localStorage,this.isLocalStorageAvailable=this.canUseLocalStorage()}catch(e){this.isLocalStorageAvailable=!1}}var t,r,i;return t=e,(r=[{key:"buildKey",value:function(e){return"".concat("localStore","/").concat("0","/").concat(e)}},{key:"canUseLocalStorage",value:function(){if(!this.localStorage)return!1;try{return this.localStorage.setItem(thi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pdf_viewer.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	102404
Entropy (8bit):	5.401114766957238
Encrypted:	false
SSDEEP:	1536:jvbatbmMCjHJYfcgL5VMCaPx0g6T/xiZVBkAi0VV:qV6jWfzL5VMzPx0g6LMtpi07
MD5:	C1B5589ABBA40B2ED3D3AE6EB0F45373
SHA1:	D3F971D2C68F79F055E986F687F5F259DAED3226
SHA-256:	8FC790E9167754C61FFCD21E2382D2B6F55903C708239A5CDC7A15748F864B1B
SHA-512:	A10AD32428C2BF3A815C5F594C390812CA8FF9B7FAE49591CB9D2DBC7BDBEF70199808B69687A259F785DA80C9D49EE8E2FB300BE63B837ACBBA133D4DFD251B
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/third-party/doc/2.16.0/pdf_viewer.min.js
Preview:	(function(q,f){"object"===typeof exports&&"object"===typeof module?module.exports=f():"function"===typeof define&&define.amd?define("pdfjs-dist/web/pdf_viewer",[],f):"object"===typeof exports?exports["pdfjs-dist/web/pdf_viewer"]=f():q["pdfjs-dist/web/pdf_viewer"]=q.pdfjsViewer=f()})(this,function(){return function(q){function f(h){if(m[h])return m[h].exports;var k=m[h]={i:h,l:!1,exports:{}};q[h].call(k.exports,k,k.exports,f);k.l=!0;return k.exports}var m={};f.m=q;f.c=m;f.d=function(h,k,m){f.o(h,k)\|\|.Object.defineProperty(h,k,{enumerable:!0,get:m})};f.r=function(f){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(f,Symbol.toStringTag,{value:"Module"});Object.defineProperty(f,"__esModule",{value:!0})};f.t=function(h,k){k&1&&(h=f(h));if(k&8\|\|k&4&&"object"===typeof h&&h&&h.__esModule)return h;var m=Object.create(null);f.r(m);Object.defineProperty(m,"default",{enumerable:!0,value:h});if(k&2&&"string"!=typeof h)for(var n in h)f.d(m,n,function(f){return h[f]}.bind(null,n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\picker_account_add_56e73414003cdb676008ff7857343074[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	222
Entropy (8bit):	5.004415423297573
Encrypted:	false
SSDEEP:	3:tIsqDmJS4RKb5zMc7XpCN+bJMacvRxyJAgR/QvfqhcDQKG2TcVER+HLZqWTboZUq:tI9mc4slztdbC/yXADQKDTcVEqLwDZsc
MD5:	56E73414003CDB676008FF7857343074
SHA1:	9ED7A58CD0E81E9689AC8C6D548A47D0185E0FDC
SHA-256:	749F85621D92A5B31B2A377A8C385A36D48A83327DAD9A8A8DA93CD831B8C9A2
SHA-512:	FAD0071AC2DFA23989BFBC7D3850415F3C340A74A54D3D8D797AFCCD6A301513BBC769DF4E5148605BE1E23A8750973EB80726F3CC959A2A457B0EC09AE14F27
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_account_add_56e73414003cdb676008ff7857343074.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><circle cx="24" cy="24" r="24" fill="#e6e6e6"/><path d="M25,23H36v2H25V36H23V25H12V23H23V12h2Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\preview-components.b6077e4fab[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	20090
Entropy (8bit):	4.989082656749395
Encrypted:	false
SSDEEP:	384:jvVY2bm2cD2cI252TTc//T4/fnsWsgeWegnWngwWwhsQsGeQeGnQnGwQwrE07Sg8:jvTorMh6qMD2RhO6tFZU
MD5:	9AF8E1B956E70CCEBD85A9D3160A6DDA
SHA1:	30D31CFBA084F6A1F1DA1C8842730B22FF2CBD2E
SHA-256:	040E778FE44D8F018644A17C4DE15DDDB65ABC85F2C81DE51DC10165F8911FC9
SHA-512:	A012F3C0838F18BEF267E8D48CD65E3EF4A994E51B36FE99134C9723888E6D7F365E229534233945DD43B1A57792CDA529BD9931A37975E6CE456B969A7C60A8
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/preview-components.b6077e4fab.css
Preview:	.error-mask{display:flex;flex-direction:column;align-items:center;padding:40px;overflow:hidden;border:1px dashed #909090;border-radius:3px}.error-mask .error-mask-sad-cloud{margin-bottom:20px}.error-mask h4{margin-top:-10px}.error-mask h4,.error-mask h5{width:100%;margin-bottom:0;color:#767676;text-align:center}.be .be-default-error{margin:8px}.bcpr .bcpr-notification{position:absolute;width:100%}.bcpr .bcpr-notification .notification>svg{display:none}.bcpr-FileInfo{display:flex;align-items:center}.bcpr-FileInfo-name{padding-left:5px;font-weight:700}.be-logo{padding-left:20px}.be-logo .be-logo-custom{max-width:80px;max-height:32px}.be-is-small .be-logo .be-logo-custom{max-width:75px}.be-logo .be-logo-placeholder{display:flex;align-items:center;justify-content:center;width:75px;height:32px;background-color:#e8e8e8;border:1px dashed}.be-is-small .be-logo .be-logo-placeholder{width:60px}.be-logo .be-logo-placeholder span{font-size:10px;text-transform:uppercase}.be-logo svg{display:block}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\promise[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	17766
Entropy (8bit):	5.2198826239136595
Encrypted:	false
SSDEEP:	384:SIwhnclwyn6OjSJ78IWrwOJ/ugy+GxMfF/jXBsvfKzyducywYMC9XD0APEi:4cuyU8JwJ3mtjXBMfPlE0AMi
MD5:	B669DFC7109AB90A425DB6A9349E92F5
SHA1:	0EF23DF3B07C637DB6DDF6766EFC8A2A528C1C0E
SHA-256:	977A170836C79F74599A27B28F7A487ABB29EBB5E50EB0CD303FB70617A1CE13
SHA-512:	8E924EA1878D4DAF827B9D1B2DC901AE9E4EF8C2FC4301FA732F2EBA1DD4E4E668EE76FA43B490A43917BFB7529C71D0BB6B9EAC5C569FBBCB08C6178CC6ECF8
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/polyfills/core-js/2.5.3/es6/promise.js
Preview:	!function(t){function n(e){if(r[e])return r[e].exports;var o=r[e]={i:e,l:!1,exports:{}};return t[e].call(o.exports,o,o.exports,n),o.l=!0,o.exports}var r={};n.m=t,n.c=r,n.d=function(t,r,e){n.o(t,r)\|\|Object.defineProperty(t,r,{configurable:!1,enumerable:!0,get:e})},n.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(r,"a",r),r},n.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},n.p="",n(n.s=326)}({0:function(t,n,r){var e=r(1),o=r(8),i=r(10),c=r(12),u=r(13),s=function(t,n,r){var f,a,p,l,v=t&s.F,h=t&s.G,d=t&s.S,y=t&s.P,m=t&s.B,x=h?e:d?e[n]\|\|(e[n]={}):(e[n]\|\|{}).prototype,_=h?o:o[n]\|\|(o[n]={}),g=_.prototype\|\|(_.prototype={});h&&(r=n);for(f in r)a=!v&&x&&void 0!==x[f],p=(a?x:r)[f],l=m&&a?u(p,e):y&&"function"==typeof p?u(Function.call,p):p,x&&c(x,f,p,t&s.U),_[f]!=p&&i(_,f,l),y&&g[f]!=p&&(g[f]=p)};e.core=o,s.F=1,s.G=2,s.S=4,s.P=8,s.B=16,s.W=32,s.U=64,s.R=128,t.exports=s},1:function(t,n){var r=t.exports="undefined"!=typeof window&&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\shared-file.9493eefcb7[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	13621
Entropy (8bit):	5.2740190584271796
Encrypted:	false
SSDEEP:	192:QQnwXvKIoruPBcZJymwC49/4TfiFSr5fkro0O9QwyY5F7rftc7FocuVy6:Qks8ueZJ0FtAiFYIpO9Qwvtc7Fej
MD5:	491D7AE9477AE2C9DD45C64E0C5A2B24
SHA1:	44D9D151D9ED85C7D851BB8134B8E147E5576D8C
SHA-256:	B36869FDBB9DE2E6265C817512B9AF78ACA20BC17BDB078D36931BD47C2F40FA
SHA-512:	D2FBAC0830509A286CD41F46063CC4AA4E975C58631424BC4ED063CE7A5F536DD14ECFF802D5F225958E48EB6A9A04AF4E9C0DE5F8D4EF460DD4F3EA60DF1057
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/shared-file.9493eefcb7.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["shared-file"],{"8bPKGyOoiP":function(e,t,n){},"9Nyd+vSxbR":function(e,t,n){},eNYSbZFTnr:function(e,t,n){"use strict";var r=n("mv074FmJXE");n.d(t,"a",(function(){return r.a}))},ge6f43AXgi:function(e,t,n){"use strict";n.r(t);var r,a=n("e7SQulcBac"),o=n("8Uoiwx9NYF"),i=n("ctmAoT7YrD"),l=n("jyz5Lsk3MC"),s=n("Iqkazkw3SQ"),c=Object(s.b)("sharedFilePage/GET",(function(e){return Object(l.c)("/app-api/enduserapp/item/".concat(e),{format:"sharedFilePreview"},{exclusiveGroup:i.g})}),{navigation:!0});function u(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function d(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?u(Object(n),!0).forEach((function(t){f(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDes

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\as-security~change-current-user-role-modal~collaborators~collection-detail-page~content-explorer-mod~244fdb54.62c4dbb45d[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	41476
Entropy (8bit):	5.4953420117379155
Encrypted:	false
SSDEEP:	384:D/CXDeUxEk4s4xb268LYhyqYvfGTW8QWoK7aHFIXZhq4f/RW94sPRugXhkUF5no7:DK6ls4xi6CcQ5SPq2iCBS3HTC
MD5:	2C4E0E745D87E29FA3168DCD5F24C8F0
SHA1:	64BA2ADC0283238AC85AAD12ACAB1178D72161D8
SHA-256:	64211F7C333CF4953DA868F56097DA1EEE6690F8C825C90D88852DDC89FBAAB2
SHA-512:	8062C78BA09A28C03BA98E8591F32F9716519B1D61197C2BC6708E4BC20264C4189ACECCC4B6DF96E867F6D65F856A889D7FCFEEE064AB5A1799FEA0374C4757
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/as-security~change-current-user-role-modal~collaborators~collection-detail-page~content-explorer-mod~244fdb54.62c4dbb45d.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["as-security~change-current-user-role-modal~collaborators~collection-detail-page~content-explorer-mod~244fdb54","redux-form"],{"+2+ffwlNqK":function(t,e,n){"use strict";var r=n("0HdwK5vH5Z");e.__esModule=!0,e.default=function(t){if((!o&&0!==o\|\|t)&&i.default){var e=document.createElement("div");e.style.position="absolute",e.style.top="-9999px",e.style.width="50px",e.style.height="50px",e.style.overflow="scroll",document.body.appendChild(e),o=e.offsetWidth-e.clientWidth,document.body.removeChild(e)}return o};var o,i=r(n("75K7zeGrYS"));t.exports=e.default},"+JPL/cuRJc":function(t,e,n){t.exports={default:n("+SFKZfGj63"),__esModule:!0}},"+SFKZfGj63":function(t,e,n){n("AUvmEmPtAX"),n("wgeUepA6S/"),n("adOz4zfAgb"),n("dl0quHMrQ4"),t.exports=n("WEpklf3dyC").Symbol},"+plKfkdWim":function(t,e,n){n("ApPDsGgrfM"),t.exports=n("WEpklf3dyC").Object.getPrototypeOf},"0HdwK5vH5Z":function(t,e){t.exports=function(t){return t&&t.__esModule?t:{default:t}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\content-sidebar.a7013a9589[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	5630
Entropy (8bit):	5.020963614043702
Encrypted:	false
SSDEEP:	96:jcbFo3CeCC+i8DpMKfi5KCZe+jox8hm8wTy8E5fuG:IhDejSpMKfi0ClSUbL
MD5:	159F5E7E94AF878664C6490270CD2998
SHA1:	EFB4B60AF7A7BB6E543339B4016A60BDC78C7D41
SHA-256:	6E5D870B3EE59E9DAD6A378F1E264C193830BD895FAF1145383E709714A82D76
SHA-512:	C746CF7D3F795CEFAB5EBA4CAC86633563D9C8FF78BE867EB52721D8B55AC927662C5DB71EE80A82D3CB2DE0710329261BEBF1871BFC8EFFA82F462AC8DE5AC3
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/content-sidebar.a7013a9589.css
Preview:	.bdl-BackButton,.bdl-BackButton:focus,.bdl-BackButton:hover{display:flex}.bcs .bcs-NavButton{position:relative;display:flex;align-items:center;justify-content:center;width:59px;height:60px;background-color:transparent}.bcs .bcs-NavButton:before{position:absolute;top:0;bottom:0;left:-1px;display:block;width:3px;content:"";pointer-events:none}.bcs .bcs-NavButton.bcs-is-selected:before{background-color:#0061d5}.bcs .bcs-NavButton.bcs-is-selected svg .fill-color{fill:#0061d5}.bcs .bcs-NavButton:hover{background-color:#f4f4f4}.bcs .bcs-NavButton:hover:not(.bcs-is-selected) svg .fill-color{fill:#4e4e4e}.bdl-SidebarToggleButton{margin:0 3px;padding:4px;border-radius:4px}.bdl-SidebarToggleButton path{fill:#909090}.bdl-SidebarToggleButton:not(.bdl-is-disabled):hover,.bdl-SidebarToggleButton:not(.is-disabled):hover{background-color:#f4f4f4}.bdl-SidebarToggleButton:not(.bdl-is-disabled):focus,.bdl-SidebarToggleButton:not(.is-disabled):focus{border-color:#96a0a6;box-shadow:0 1px 2px rgba(0,0,0,.1)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\content[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=1], baseline, precision 8, 724x1024, frames 3
Category:	downloaded
Size (bytes):	44045
Entropy (8bit):	6.958392407286714
Encrypted:	false
SSDEEP:	768:FjMboP9vDCG6FUGPnxIz4or7hfkYnnFzgp1HD:twPxAJscpgvHD
MD5:	191EF718C1E0C9C4D83B1C63D86E533F
SHA1:	B7993FC73A311FBC6C2D7405B7B0F7F54AB31F68
SHA-256:	12B82FD59B2F9853993948FD876A646C9C9207C8E8EB851C69D8EA3D2883AA43
SHA-512:	65A3D5FD2C05F40B6DDED98CE3AD30C07FF1F7F35D0B52FFBC925489FC78301E21A152FB33560171BBC91FA54B2F23ACC158E2819D930B5B0279EFFDF0252473
Malicious:	false
Reputation:	low
IE Cache URL:	https://public.boxcloud.com/api/2.0/internal_files/763456168941/versions/814588737541/representations/jpg_1024x1024/content/?access_token=1!VKkB9PLYmytchdzAX0fd0Kd4RYzg6flhi-8gRyAf1M0a4RXcHXzT_RkUCFW4m3yvuGWNfBIscqt06Vx1Gpcu594LQGi-FOAyJfAVxAMHLkK02X3MaQNO0hRetcH7RrXFMq3RWrEOdC03HJ2BjRioCjg7MOuHbtHRMzWh12nifHsFL5BPtaGTru-J-JdAwPmjJqre7M63wzHP5x3qUHrP1N53_ja45wgi2M2dxXn8EecpZBWjWu6bgv1btmmBBD_Wv8saoH4jqMjrApKeDk21RCDEl2_2ctKb3yVgMSA5-LZP1QTyMQhdU0tLlGIrY-JqILESfeOx8vTWv4gGLjWGjynbQQNJRz7Yzw37sVG6wJtHNVYOD32Bb3U3n_bbFSkZMvIQxPvstrLzGFnIqRCqtS5T8N9BR3lUeczrXCr4I_1nziOAxN5Q_iThJFYIwlawJ1ZEya1wP1c2MPMpOxQfwg4_c_bvBMkvYkKkFJmsXv6C7t4kea1iQrGb_v90uXO3L-FyiuO7VNx3MLHCR1P5c-ofbyEtidjsJ4p8B67uhFN0uH2RmJWdPGVNfWsFPuI.&shared_link=https%3A%2F%2Fapp.box.com%2Fs%2Ff59992hq0o3230yh4ysvn4wry4ishg01&box_client_name=box-content-preview&box_client_version=2.61.0
Preview:	......JFIF..............Exif..MM.*.................J...........R.(.......................i.........Z..............................0232...................9............0100................ASCII...pdfWidth:595.50pts,pdfHeight:842.25pts,numPages:1....C....................................................................C.......................................................................................................................f............................!.1Q..."AW.a.....#28Vq......367BTUtuv..Rbr.....$5Csw..%4S..&'(DEF.........................................H..........................!1...AST..5Qqr......"4a...26s..3R..BCb.....&............?........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\core.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	87635
Entropy (8bit):	5.293336083461073
Encrypted:	false
SSDEEP:	1536:k9NbTl2MRt0zxgAHAPHxC+OMH8obwNaWpbDlct:k99Tl2MjJ8cPW9lct
MD5:	8F402D83489BA25EF87CDFC67BF47932
SHA1:	EFBCAE4F111F6CECF56E1B88857F688EEECABAF1
SHA-256:	50DA66E885D183593100789E7376D6171310D22F64E798A1DDA6AD5940CF0967
SHA-512:	E650576C845A326539EA79A87E8D5421B19349E5F5F7FB3F6BA8AE7F0F1A4F909BE87C9AD94022C043F5109B4A85C6DEA54ECEE8075786CCFE2F761696A965DF
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/polyfills/core-js/2.5.3/core.min.js
Preview:	/*. core-js 2.5.3. * https://github.com/zloirock/core-js. * License: http://rock.mit-license.org. * . 2017 Denis Pushkarev. */.!function(t,n,r){"use strict";!function(t){function __webpack_require__(r){if(n[r])return n[r].exports;var e=n[r]={i:r,l:!1,exports:{}};return t[r].call(e.exports,e,e.exports,__webpack_require__),e.l=!0,e.exports}var n={};__webpack_require__.m=t,__webpack_require__.c=n,__webpack_require__.d=function(t,n,r){__webpack_require__.o(t,n)\|\|Object.defineProperty(t,n,{configurable:!1,enumerable:!0,get:r})},__webpack_require__.n=function(t){var n=t&&t.__esModule?function getDefault(){return t["default"]}:function getModuleExports(){return t};return __webpack_require__.d(n,"a",n),n},__webpack_require__.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},__webpack_require__.p="",__webpack_require__(__webpack_require__.s=129)}([function(t,n,e){var i=e(2),o=e(18),u=e(13),c=e(14),f=e(19),a="prototype",s=function(t,n,e){var l,h,p,v,g=t&s.F,y=t&s.G,d=t&s.P,_=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\exif.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10914
Entropy (8bit):	5.5397855270447085
Encrypted:	false
SSDEEP:	192:5p8x/dTa2Cuzp6HWcTz1AVrEgrzMer6Z6L57kpJq/RQ:+/c2Cuzp6HWwhA1xb5eJqJQ
MD5:	0DB669C9033252050E919900AD0BEFA0
SHA1:	23EDB95E1E737E0F23EE6C7CEF07D634236A52E3
SHA-256:	ADD547634768E8CE49D67775D02F958597EFD5E6DF2D1077EF4DFC8C0878B688
SHA-512:	C1BF384AEBA143964831F2F3A7A28566C635C253BC2A4A12C56C56EFC01847F6D39E774B136B8A9062652F9F7929673023C5B3AE13799E40F6754DE7860B294D
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/platform/preview/third-party/doc/2.16.0/exif.min.js
Preview:	(function(){function v(a,c){c\|\|a.match(/^data\:([^\;]+)\;base64,/mi);a=a.replace(/^data\:([^\;]+)\;base64,/gmi,"");for(var b=atob(a),g=b.length,d=new ArrayBuffer(g),e=new Uint8Array(d),h=0;h<g;h++)e[h]=b.charCodeAt(h);return d}function w(a,c){var b=new XMLHttpRequest;b.open("GET",a,!0);b.responseType="blob";b.onload=function(a){200!=this.status&&0!==this.status\|\|c(this.response)};b.send()}function x(a,c){function b(b){var e=t(b);a:{var d=new DataView(b);if(255!=d.getUint8(0)\|\|216!=d.getUint8(1))b=.!1;else{for(var g=2,h=b.byteLength;g<h;){var k=d,f=g;if(56===k.getUint8(f)&&66===k.getUint8(f+1)&&73===k.getUint8(f+2)&&77===k.getUint8(f+3)&&4===k.getUint8(f+4)&&4===k.getUint8(f+5)){k=d.getUint8(g+7);0!==k%2&&(k+=1);0===k&&(k=4);var h=g+8+k,g=d.getUint16(g+6+k),l,d=h;b=new DataView(b);h={};for(k=d;k<d+g;)28===b.getUint8(k)&&2===b.getUint8(k+1)&&(l=b.getUint8(k+2),l in u&&(f=b.getInt16(k+3),l=u[l],f=q(b,k+5,f),h.hasOwnProperty(l)?h[l]instanceof Array?h[l].push(f):h[l]=[h[l],f]:h[l]=f)),k++;b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lang-en-AU~lang-en-CA~lang-en-GB~lang-en-US~lang-en-x-pseudo.57dba5f597[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	18553
Entropy (8bit):	4.767569802615062
Encrypted:	false
SSDEEP:	96:4a/eFtQk31IQk31PGHEU5ZQk31IQk31Pa9rEHqQk31IQk31PDkdolQk31IQk31Pw:J/egEH7uEt6EtXElPiMs8sVAyfEtbim
MD5:	9BCCCA5979199B48DD2DCD6BAC31CDCA
SHA1:	380DBAED126862294356918B0AC8031C00BD492A
SHA-256:	860E3603A72F16B016D971C6FA67386D8C1398A44A896F896082B6F7CDF2CC78
SHA-512:	B352761E7A479C34F53E6694208EF5CA92DA2F43E3199305B3E383B4C42A1FFF3B6AA5084E9233879E17F7BD85FD329CA46642F1BBB0DEDB750E83BDBDC83B27
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/lang-en-AU~lang-en-CA~lang-en-GB~lang-en-US~lang-en-x-pseudo.57dba5f597.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["lang-en-AU~lang-en-CA~lang-en-GB~lang-en-US~lang-en-x-pseudo"],{PTt16PTTsL:function(e,a,t){e.exports=function(){"use strict";return[{locale:"en",pluralRuleFunction:function(e,a){var t=String(e).split("."),o=!t[1],n=Number(t[0])==e,r=n&&t[0].slice(-1),i=n&&t[0].slice(-2);return a?1==r&&11!=i?"one":2==r&&12!=i?"two":3==r&&13!=i?"few":"other":1==e&&o?"one":"other"},fields:{year:{displayName:"year",relative:{0:"this year",1:"next year","-1":"last year"},relativeTime:{future:{one:"in {0} year",other:"in {0} years"},past:{one:"{0} year ago",other:"{0} years ago"}}},"year-short":{displayName:"yr.",relative:{0:"this yr.",1:"next yr.","-1":"last yr."},relativeTime:{future:{one:"in {0} yr.",other:"in {0} yr."},past:{one:"{0} yr. ago",other:"{0} yr. ago"}}},month:{displayName:"month",relative:{0:"this month",1:"next month","-1":"last month"},relativeTime:{future:{one:"in {0} month",other:"in {0} months"},past:{one:"{0} month ago",other:"{0} mo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\login-1b220e0913[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	109334
Entropy (8bit):	5.658693221130977
Encrypted:	false
SSDEEP:	3072:evoxG039fpWJTybnvDtgGcbIc95cd+QC4HgqM/n5fK4MKyTSHtIX:evoxG039fpWJTybnvDtgGcbIc95cd+QB
MD5:	51C729E81B13F1AE87758693FF2F4806
SHA1:	19EAA34FD95A18D3C28369474BF28D8E2600F50A
SHA-256:	DEF4382E320A30565507368543380D1A2377B661780A0EA060E5CD67DFD85DB9
SHA-512:	C612EAE3DD8333B35823219A51E139AC52E19C3F0767E80628B3458D2F09F9E1C559906D961A22882FB0DF8076AF99236E4975403D33F2591B5A0DA1EE9A7E52
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/webapp_assets/login/css/login-1b220e0913.css
Preview:	/!.Copyright 2015 Box, Inc. All rights reserved...Licensed under the Apache License, Version 2.0 (the "License");.you may not use this file except in compliance with the License..You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software.distributed under the License is distributed on an "AS IS" BASIS,.WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied..See the License for the specific language governing permissions and.limitations under the License..//!.YUI 3.18.0.http://cssreset.com.Copyright 2014 Yahoo! Inc. All rights reserved..http://yuilibrary.com/license/./html{color:#000;background:#FFF}blockquote,body,code,dd,div,dl,dt,fieldset,form,h1,h2,h3,h4,h5,h6,input,legend,li,ol,p,pre,td,textarea,th,ul{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img{border:0}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\login-bae14bec79.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with escape sequences
Category:	downloaded
Size (bytes):	257518
Entropy (8bit):	5.286196474664116
Encrypted:	false
SSDEEP:	6144:zgRr2XpoN8zYqn83H5Tl+ylZKya/OK9lzI46HOHWTLwrJRb:cRrKEqiHflc
MD5:	BAE14BEC79A34A4235417E120083DCD3
SHA1:	B3943FE4BA82A950FD2B63B6971D579B592CD264
SHA-256:	5414C294D8E5B3034347BEEDD78FB8A34DC599A88A2EBCD04EA6150CE75D41A8
SHA-512:	04B6BE02CB785A7A518657B451B81E588088B2829EC2F37360336A9D9B9338D1DD249EFF7F2367B84F6A2764E56780945D917280D594BF524AAFD92789626D88
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/webapp_assets/login/js/login-bae14bec79.min.js
Preview:	!function(e,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){function n(e){var t=!!e&&"length"in e&&e.length,n=pe.type(e);return"function"!==n&&!pe.isWindow(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function r(e,t,n){if(pe.isFunction(t))return pe.grep(e,function(e,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return pe.grep(e,function(e){return e===t!==n});if("string"==typeof t){if(Ee.test(t))return pe.filter(t,e,n);t=pe.filter(t,e)}return pe.grep(e,function(e){return pe.inArray(e,t)>-1!==n})}function i(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}function o(e){var t={};return pe.each(e.match(je)\|\|[],function(e,n){t[n]=!0}),t}function a(){re.addEventListener?(re.removeEventListener("DOMContentLoaded",s),e.removeEventListener("load",s)):(re.detachEvent("onreadystate

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	17248
Entropy (8bit):	5.120617193764424
Encrypted:	false
SSDEEP:	384:g3h6WEskAVApkZkraBDoM3+vG349Ce2bbdWVPXi7XB9zDO:g3QWEskAVApkZkraBD73+vGiPbCBlDO
MD5:	7AB6E6C8C5BFC826F33821EDB1910B21
SHA1:	280EDB7958FDDA13AB1C2D5D5E4FD1B9A932DD25
SHA-256:	2D524A8237695E85631AF2FE627DF1ED3C506BF7E1C710EC55411631EE3FE859
SHA-512:	EBF4F84472DB1BFAE8AB88CCDD989FFA94F10952470F09766DBBE39A834D1A52E2931713AACDE6ECA8E58F476B22DC661B0A4EAA2AC1E73A1A878EFA0CC60A0A
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html lang="en-US" data-resin-client="web"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Box \| Login</title> <link rel="stylesheet" href="https://cdn01.boxcdn.net/webapp_assets/login/css/login-1b220e0913.css"> <style id="head-custom-branding">...main-header { background-color: #0061D5; border-bottom-color: #0050b1;.}...main-header span,..main-header .header-marketing-link,..main-header .lnk,..main-header .lnk:hover,..main-header .btn,..main-header .btn:hover,..main-header .btn:active { border-color: #FFFFFF !important; color: #FFFFFF !important;.}...main-header svg path { fill: #FFFFFF;.}../* Common Elements / ../ Button styles for overriding box-ui - overwrites styles in amsterdam/overrides/buttons.css /...btn:focus { border: 1px solid #0061D5;.}...btn-primary { background: -ms-linear-gradient(top, #0061D5 0%, #005cca 100%); / IE10+ */ ba

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\messagecenter~preview-components~uploads-manager-enduser.23ae1c6583[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	532
Entropy (8bit):	4.880037129828671
Encrypted:	false
SSDEEP:	12:sUNV0yu7JGW7QtiXMGiJyhXMGiJMQdUEu3WrmXMGMhXMGO:sQCQACJyhCJrdl1mshu
MD5:	F2129188D79DCC9425F90ABCCC0B59A7
SHA1:	7E59C068211D195C19C91FE2581BB359FEA828B8
SHA-256:	CBB9726F5F3DCA04530F69D2B6C0B60B22E79BA8A0800167EA6AB365B19C95A0
SHA-512:	EE40B6383A6394FB528C77C90366412A8BC2BF3FD6AE688FDA33521185680EDFA2232C3EFBC4074DC555976A5DADACC44C6B411A0AFF767B5C67CBAD6E5B0FB8
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/messagecenter~preview-components~uploads-manager-enduser.23ae1c6583.css
Preview:	@font-face{font-weight:400;font-family:Lato;font-style:normal;src:local("Lato Regular"),local("Lato-Regular"),url(https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2) format("woff2"),url(https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff) format("woff")}@font-face{font-weight:700;font-family:Lato;font-style:normal;src:local("Lato Bold"),local("Lato-Bold"),url(https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2) format("woff2"),url(https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff) format("woff")}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\picker_more_7568a43cf440757c55d2e7f51557ae1f[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	899
Entropy (8bit):	3.8260330857236338
Encrypted:	false
SSDEEP:	24:t4CvnAVROLgCWbVHTVSRUyL3Fe09gCWbVHTVeUVh10UsSgCWbVHTVeUVh10Usb7:fncCWRH0JL3FECWRHQA10rCWRHQA10F
MD5:	7568A43CF440757C55D2E7F51557AE1F
SHA1:	55C22CA98B5CDCED134F6E24205C288845312A2D
SHA-256:	B7FCD37EAAFE3F08647ED072D5289EADFFF6C660A26CDEF31532B3FCFB4A0BB2
SHA-512:	F01DA2804594C3C78C0694FD6CC49B667663DA95AE7367EE3F0F5112B9957A3220389AAE4A5B750BCB3BC4F1092EA614266A4BFFD7E0FE16232E1CB57606E901
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msftauth.net/ests/2.1/content/images/picker_more_7568a43cf440757c55d2e7f51557ae1f.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path d="M9.143,1.143a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.107,1.107,0,0,1-.089-.446A1.107,1.107,0,0,1,6.946.7,1.164,1.164,0,0,1,7.554.089a1.161,1.161,0,0,1,.893,0A1.164,1.164,0,0,1,9.054.7a1.107,1.107,0,0,1,.089.446M9.143,8a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,8m0,6.857a1.107,1.107,0,0,1-.089.446,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607,1.161,1.161,0,0,1,.893,0,1.164,1.164,0,0,1,.607.607A1.107,1.107,0,0,1,9.143,14.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\preview-components.04034d91d5[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	355729
Entropy (8bit):	5.492745127857912
Encrypted:	false
SSDEEP:	6144:/+SLOmw28TMELb78ipOv0HCIWcbFP5zWdWPOCh//S:/zxSYELRMXm5tDh//S
MD5:	EE0D104467B92AF33F74DFCD3B6BBC74
SHA1:	E7CFE1B099D6C66AC6FE87A83C2C0726AD3CEED1
SHA-256:	4887550D4631CD25C442D8064A66B3255F7879BC84D57E5FE5A8DFD8AF2FD70F
SHA-512:	7B8FCAECFA3F654B800239E495F88D592B727CF2DE2C0383917BDDCA90280F07F43F8EB795F252B2291E29896552BD31B5FB110ECC992B098BEC3E3762FB43E4
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/preview-components.04034d91d5.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["preview-components"],{"+BZej3U4u/":function(e,t,n){"use strict";var r=n("q1tIBJhxTW"),o=n("vN+2IcUykn"),a=n.n(o),i=n("8Wpvjplx0g"),c=n("dtRsU6L1/l");function l(e){return(l="function"===typeof Symbol&&"symbol"===typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"===typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function s(e,t){if(null==e)return{};var n,r,o=function(e,t){if(null==e)return{};var n,r,o={},a=Object.keys(e);for(r=0;r<a.length;r++)n=a[r],t.indexOf(n)>=0\|\|(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(r=0;r<a.length;r++)n=a[r],t.indexOf(n)>=0\|\|Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}function u(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\preview-components~shared-file.036fa94865[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	31106
Entropy (8bit):	5.404444723561215
Encrypted:	false
SSDEEP:	768:1j6foykcFKC/uRMQK9QZWTx7mA44c2d5YdVywTI:xgHiC/cu95To+c2dMTI
MD5:	81A4E9BF376814968ADA78905E39D8DB
SHA1:	7A30C05118B8723C66EF6E7F8F5A2A5116E0D374
SHA-256:	D9912016553DA753EE9624D8CDD0D689100550CF27A821E3508129EA54B28339
SHA-512:	5B06652F9569031D54060406C84D28D148FBC65F1B8C2468D27FCB48429C84BEC8D09F92CC39C0B832115F6F24B7D70D142A63C8A5F94DEEFA052065BDE258A8
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn01.boxcdn.net/enduser/preview-components~shared-file.036fa94865.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([["preview-components~shared-file"],{"0pk5DGk/OM":function(e,t,n){"use strict";var o=n("/MKjzBatqn"),r=n("q9wI8Vu9Ou"),i=n("zXsyuZZv6G"),a=n("q1tIBJhxTW"),s=n("JRPeW/Ew/U"),l=(n("JPcvh7FMFD"),n("VzvVVBGVbW")),d=n("ZEDLez+ZlJ"),u=n("DtrrBg37C6"),c=n("BBtKKuFpIS"),p=n("1En/ASmD05"),f=n("0sbS2nMEFU"),w=n("wnhEk9N3Ty");function b(){return(b=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)Object.prototype.hasOwnProperty.call(n,o)&&(e[o]=n[o])}return e}).apply(this,arguments)}function v(e,t){if(null==e)return{};var n,o,r=function(e,t){if(null==e)return{};var n,o,r={},i=Object.keys(e);for(o=0;o<i.length;o++)n=i[o],t.indexOf(n)>=0\|\|(r[n]=e[n]);return r}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(o=0;o<i.length;o++)n=i[o],t.indexOf(n)>=0\|\|Object.prototype.propertyIsEnumerable.call(e,n)&&(r[n]=e[n])}return r}var h=function(e){var t=e.anonymousDownload,n=e.canDo

C:\Users\user\AppData\Local\Temp\dat991F.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 119132, version 1.0
Category:	dropped
Size (bytes):	119132
Entropy (8bit):	7.991532245734968
Encrypted:	true
SSDEEP:	3072:pECjkMzGFzkgGdoAiZzixFwotRAE9urcBQbtF0roFS:pECjVzIGYZ4Fpx9urUQbtFeoFS
MD5:	3E4A4FC6317C4C2CF35D7C77EC1789C3
SHA1:	40EA0D8678B92988824193587F707E3AEDC4591F
SHA-256:	607EC0A4A29F6A4607F6E0A3CF486E50322DDF66F1F1870150CB69A7061E978D
SHA-512:	F7D639520F4C3A3539AD7506EC1CEBED8107C2A264316FE0E98A15132ACCFE6212A22391F4A7203B6D8304B3222B603F0137BA9ACAC7478F217363EEF4556DED
Malicious:	false
Reputation:	low
Preview:	wOFF.......\................................FFTM............p.\MGDEF.......7...8.x..GPOS.......z...b...GSUB...x...,...FA..sOS/2......_...`i...cmap............x.!>cvt .......r....?9..fpgm...T............gasp................glyf..........a..?.head.......1...6..qfhhea.......!...$....hmtx.............C.2loca..............-&maxp....... ... .L..name..............hpost..........'....)prep...........o.i:webf...T........`.V..........=........y.......x.c`d``..b...`b`e`dj..f.6.f.v.o.F..._.&.?.^.F...*..i..C.x...\|M......!.<.fEI.USS\TcVUTT.E.UUu.RUUWCM5W.U5....Ap".H"b.I.'!..j..g........o_..Yg...z.z...Jv\..!<. .p..{_....cG.......h1..q.E'.B.!..!...I.s.....W.).T......a.7QO4...x.-D[.Y....`1B....1M...1v...;E.D;..c.......b...........;........v^..^...M..&.F.f...u.]Eo..$....7.Vi...&W9]..au}F].T....[>.t.....+..Fj.X.^U...jzu}.._W...OS......M.;.].k.fQ..../.K.h.f..\.vr...... ..#]G..s..:.u.k..\.E..]W..s...u..!.c..\3]s\.\.....r..........-.-..[...n....w.........n...p.....nS..

C:\Users\user\AppData\Local\Temp\dat996E.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 84396, version 2.983
Category:	dropped
Size (bytes):	84396
Entropy (8bit):	7.996116383259223
Encrypted:	true
SSDEEP:	1536:lhWk7aeOTww2X4owbcnRqvjFkw8cyW/fTJnh2r667bZ3fTyG/q+TBpMLB:lHdOk9ojj2a//rFoeutTyG/ZBC
MD5:	8A54EA1AEB67D07C751BD5F03068317B
SHA1:	CFBEE4F2FD7F359A2A60648BB6797CAC1FD4DA3E
SHA-256:	4230A20B841519BDBE4B0C154BAD414E017CF80B3918127D45C4F907EEA07280
SHA-512:	A3CA9E052DBB81A20C71DDD24962CE57E842134A8B30842328410DF3FCF76EED4367C3A5A1148DD11092CF0CF3E29B57040CF79D40AC6450D8234F27204D47E1
Malicious:	false
Reputation:	low
Preview:	wOF2......I.......m...I;........................?FFTM..8...>..F.`.. ..j...........\|.6.$..$..(.. ..Z.....9?webf.[/0..B%.^..m.m..[..F...&...v....!.......i.V]\.l....b.a..96....H.............J...../....3.H...X.g.*.j.....v.!p4.-.I....P..i..1vTS..}..&A.Z..FT}?([..j..[.....c..@...LmwV...B.A.9$!.....z..'..C.1.....$!...uu....>......4....R&..}9.h-.T../..Iz.....W>......7..u...z~...V...~2....b.>....{~e[..HP:qT.L.o..P.hF..B...U.w.+E..o..dV>.......,.U^L....... .............Y.pN......{1T...V.....\|.&.?/Q...\|4.I.k.... .v..T...;....7B..]..\|..R_.].\|..D.:b............%.....D../.!.@......;p.%.g...w..(\|...[.9......T...y.,... .N.i..L..AVe.>..B.e.H.O!?.@/..ku.f.......w...Xg..YR.gD....i=...\.$Y.iG.......F...CN.(\|.A.{\..K5x....>i!....."....N..0.R.y...G.A..jt.Lg.ML.`......3Y{=.m$..x....%..\|f.wvU..\...R.x......_...tl.NH._.Y......2....r.).J.....R..DLo.zG.U.xj.4..~..7G=!.......X&.(.a.-........$..;._qL.,.d..i..XJ5.P.-{......J.$o@b...l.h....r..5..i..Jx@..T..I.Nt/."7.z.K>2...\

C:\Users\user\AppData\Local\Temp\datB554.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	1120
Entropy (8bit):	3.2471718077102847
Encrypted:	false
SSDEEP:	12:+5/llK921oNY0p9b1IfSly/VAAc5EK/HU1qsG1bhCEo8+R5+ddmq0/gNV11Mp1VW:+1i9fuUx1IfSljAP3G6M3B8PyWAo/K
MD5:	6C786D7FECD5E6C56720DE64B90498EB
SHA1:	6D2C1DA30F7B4C13C9C871731577F9D1A4A3D6DD
SHA-256:	2DF637D73E2C0068427DBBE880E7D5709789EABC35F3CA782ECEF62A429E060E
SHA-512:	2C6312BE2996CB01CFBFB02E09183D73FC88A58C8813500C92CBF9C6CE45BC77FA404AF1903EAFC286D983549FD126EF7383FCA37872C68BCAF4094153878DD9
Malicious:	false
Reputation:	low
Preview:	OTTO.......0CFF ..~........FFTMe.6p........GDEF.......8....OS/2V.c.... ...`cmap.......4...Bhead..E........6hhea.d.........$hmtx.......X....maxp..P.........nameX.t~........post...3...x... .........Q.._.<....................<.......!.................!...Z............................P................................1..............................PfEd....... .8.Z.!............... . ................................................................................................................................................................................X.X......................<........... ...............................................................................................................................................................................................................................................................................................................2.............................X....!....................\|................!XXXlt16105628743180XXXXXXXX

C:\Users\user\AppData\Local\Temp\datB565.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	1120
Entropy (8bit):	3.2500692295833526
Encrypted:	false
SSDEEP:	12:+5Y921oNY0p9b1IfSly/VAAc5EK/HU1qsG1bhCEo8+R5+ddmq0/gNV11Mp1VyUe1:+69fuUx1IfSljAP3G6M3B8PyUAo/K
MD5:	1209552627BF7CF1AF143F914C9A6EBD
SHA1:	372AA95A9F84E6BC96F5AF421B8725130ECF8977
SHA-256:	E4F1329CE9B13CBCC7EA9D5A7E07FF6FDE736A00A7E334DCEBB173A0867142F8
SHA-512:	3454DD7529C7190244CEFFB3C16831A0B101EB9D36CD7602302D964DC38DACEEDB0F4E46A6A410E371D936053845814D3AF92E081201457C99C0448CF95F2B09
Malicious:	false
Reputation:	low
Preview:	OTTO.......0CFF ...........FFTMe.6p........GDEF.......8....OS/2V.c.... ...`cmap.......4...Bhead..E........6hhea.d.........$hmtx.......X....maxp..P.........nameX.t~........post...3...x... .........Q.._.<....................<.......!.................!...Z............................P................................1..............................PfEd....... .8.Z.!............... . ................................................................................................................................................................................X.X......................<........... ...............................................................................................................................................................................................................................................................................................................2.............................X....!....................\|................!XXXlt16105628743371XXXXXXXX

C:\Users\user\AppData\Local\Temp\datB585.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	1120
Entropy (8bit):	3.2471718077102847
Encrypted:	false
SSDEEP:	12:+5K921oNY0p9b1IfSly/VAAc5EK/HU1qsG1bhCEo8+R5+ddmq0/gNV11Mp1VyJF5:+k9fuUx1IfSljAP3G6M3B8PyJFaAo/K
MD5:	750AF126804FBA43E1948C8E0150ADCB
SHA1:	5AC168E8209064920FF4B46B26E1E67E2FF735B9
SHA-256:	CC6450B27EBE6A1869F217ABB0003E421DFEA4AC2E39443FB86B1C60FC3ACFDC
SHA-512:	16E7A84FBEEAB017990E09384A1121D10B7A8DEA61EFB9446B520484B266EADDE895D916BF6223EF841EE15ADC31F20FB6148E97D2EC2E4E47EFE7CD1A3D2B00
Malicious:	false
Reputation:	low
Preview:	OTTO.......0CFF ..........FFTMe.6p........GDEF.......8....OS/2V.c.... ...`cmap.......4...Bhead..E........6hhea.d.........$hmtx.......X....maxp..P.........nameX.t~........post...3...x... .........Q.._.<....................<.......!.................!...Z............................P................................1..............................PfEd....... .8.Z.!............... . ................................................................................................................................................................................X.X......................<........... ...............................................................................................................................................................................................................................................................................................................2.............................X....!....................\|................!XXXlt16105628743562XXXXXXXX

C:\Users\user\AppData\Local\Temp\datB596.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	1120
Entropy (8bit):	3.249046687594311
Encrypted:	false
SSDEEP:	12:+5yR921oNY0p9b1IfSly/VAAc5EK/HU1qsG1bhCEo8+R5+ddmq0/gNV11Mp1VyVL:+8R9fuUx1IfSljAP3G6M3B8PyV9CAo/K
MD5:	880250C875BC4224CC9D05C87B88EB52
SHA1:	3E353AC55F968919E0494CC925B2FCA244E3BE34
SHA-256:	2905A916798341C36E029BA1C77F85248D0E83FA8BB8853DD6496E5F63A3B52E
SHA-512:	076D4A7C1DE07D4D0629555EAA0A7F14F05713423DDAB0B8BD3C41EB64211CC0D010984ECF09F5E9F61E38E6C46E6FCC75D468DC137AFAF79570258F56716619
Malicious:	false
Reputation:	low
Preview:	OTTO.......0CFF ..........FFTMe.6p........GDEF.......8....OS/2V.c.... ...`cmap.......4...Bhead..E........6hhea.d.........$hmtx.......X....maxp..P.........nameX.t~........post...3...x... .........Q.._.<....................<.......!.................!...Z............................P................................1..............................PfEd....... .8.Z.!............... . ................................................................................................................................................................................X.X......................<........... ...............................................................................................................................................................................................................................................................................................................2.............................X....!....................\|................!XXXlt16105628743773XXXXXXXX

C:\Users\user\AppData\Local\Temp\datB875.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	1120
Entropy (8bit):	3.2489575219959987
Encrypted:	false
SSDEEP:	12:+5q921oNY0p9b1IfSly/VAAc5EK/HU1qsG1bhCEo8+R5+ddmq0/gNV11Mp1Vyme1:+s9fuUx1IfSljAP3G6M3B8PymAo/K
MD5:	25189A5DAAE5BF04BA190BEBCA1759EB
SHA1:	5F876B4C3E48CC25A8CEAC9F9C5E1AABEEB3161D
SHA-256:	1703081B6F5DB6E631149B12B672E9710F432CF583CE4FEEB7A49D18502E760F
SHA-512:	46F2B720543B047B51389E5869003FA860D525061BAF33AB47F002755464E04C98031C6CE7B65BE0407E4385CD18CEDE81D98C21CF96CC602D94652BAD7BDD60
Malicious:	false
Reputation:	low
Preview:	OTTO.......0CFF ..........FFTMe.6p........GDEF.......8....OS/2V.c.... ...`cmap.......4...Bhead..E........6hhea.d.........$hmtx.......X....maxp..P.........nameX.t~........post...3...x... .........Q.._.<....................<.......!.................!...Z............................P................................1..............................PfEd....... .8.Z.!............... . ................................................................................................................................................................................X.X......................<........... ...............................................................................................................................................................................................................................................................................................................2.............................X....!....................\|................!XXXlt16105628751244XXXXXXXX

C:\Users\user\AppData\Local\Temp\datB8A5.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 13 tables, 1st "OS/2", 20 names, Macintosh, Original licenceOpenSans-RegularUnknownuniqueIDOpenSans-RegularVersion 0.11UnknownUnknownUnknow
Category:	dropped
Size (bytes):	11776
Entropy (8bit):	4.775123392084225
Encrypted:	false
SSDEEP:	192:IdMfvHMIC6+gACms4hUalhsEM8CSURjXkru3YEL:7HHMIzmSwh5BotXkru3Yg
MD5:	46BB280807C177145F9B587B18566B4F
SHA1:	A709A7DE17FA84B0ADCDB5172B4492F4DB03B84E
SHA-256:	FB7B842A0CDD459E6995360F779433347D160CB57B2730FD3FF2CBFC4EC3BFCC
SHA-512:	BEA516675EBE168CE22E52C253865182BF597C3BDCFABFF39F084A67B5390A9A98930D76012457B4F5E2D4A3A98E46E38A9F6358E094F650C08FB15B06D0745F
Malicious:	false
Reputation:	low
Preview:	...........POS/2}.~........`cmap.......<...Tcvt .M..........fpgm~a.....4....glyf1W\|........<head..cp...$...6hhea...g...\...$hmtx\T.o.......^locaBk@..."....2maxp.1........ name..&W..4....post......,.... prepC.....,..................3.......3.....f..............................1ASC.@.............X ........H..... .................H.....................................%.).0.8.D.G.H.I.L.P.Q.R.S.U.W.......N.....u...................H....................................................................................................................................@G[ZYXUTSRQPONMLKJIHGFEDCBA@?>=<;:9876510/.-,('&%$#"!...................., ..`E..% .Fa#E#aH-, E.hD-,E#F`. a .F`..&#HH-,E#F#a. ` .&a. a..&#HH-,E#F`.@a .f`..&#HH-,E#F#a.@` .&a.@a..&#HH-,.. <.<-, E# ..D# ..ZQX# ..D#Y ..QX# .MD#Y ..&QX# ..D#Y!!-, E.hD ..` E.Fvh.E`D-,....C#Ce.-,....C#C.-,..(#p..(>..(#p..(E:.....-, E..%Ead.PQXED.!!Y-,I..#D-, E..C`D-,...C..Ce.-, i.@a... .,......b`+.d#da\X..aY-,..E.....+.)#D.)z..-,Ee.,#DE.+#D-,KRXED.!!Y-,K

C:\Users\user\AppData\Local\Temp\datB8B5.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	2540
Entropy (8bit):	6.355983758940647
Encrypted:	false
SSDEEP:	48:BfFYZSodw1uhejzYIZv26IpkPF1xeYUFWILFGF4D:BfFWSo2zzpZv26IpSJWjGF4
MD5:	388B84DEA06E9FC7346A6AAE1B65F220
SHA1:	FC9B9BAF029B9B9243292726AA8F128F167B490B
SHA-256:	84EEE84E0B9180522FFF998CB529A29B470F8798A5BEA3F1CFC00F534F7B01F8
SHA-512:	580BAD02669D009BC0E1704A5E466CB4E39248223AF4D82B36E40C230F7786E82678227F6F169D87D8F5B76F78036DB5BD7081C01B28B825375BB5EEAC84A320
Malicious:	false
Reputation:	low
Preview:	OTTO........CFF n...........OS/2.:+....l...`cmap...;.......,head.'O........6hhea...,...0...$hmtx.......T...(maxp..P....\|....name..b........Fpost........... .........GBIBOK+MinionPro-Regular....A.....................q..................................%......$...............AdobeIdentityCopyright 1990, 1991, 1992, 1994, 1997, 1998, 2000, 2002, 2004 Adobe Systems Incorporated. All rights reserved. Minion is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States and/or other countries./FSType 8 defMinionPro-Regular..............Q.R...S...^................$......P...P..8....>...>.........>...>.........>...>.........>...>...............o......_.R...............w.g...l_.@......o....8..'.7..5..o.q..............=.(...4...X................OG7]_...\j........^$#Ba9..Kx......................n....5..%.6..5..p................h.Z...M-......$................n...\.2$..45. .OBj....d.........+...E.......}...zy....N....h...um.m.R.Jdow.x}~.\|.t.w..........

C:\Users\user\AppData\Local\Temp\datB8B6.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 13 tables, 1st "OS/2", 20 names, Macintosh, Original licenceOpenSans-LightUnknownuniqueIDOpenSans-LightVersion 0.11UnknownUnknownUnknown
Category:	dropped
Size (bytes):	6544
Entropy (8bit):	6.21147302373066
Encrypted:	false
SSDEEP:	192:5+XWvHMIC6+gACms4hUalH72Q5s14Ew7Idr+RS:oAHMIzmSwve+Ebrp
MD5:	7C04F6E1105B1E608EDAC9D6E07C3069
SHA1:	3CE867A0E94539E438CD8743433A26385E9AF16C
SHA-256:	8C478590761204B281EA8871AC003CCBB4152130955F8E424C19D22F1CD778BD
SHA-512:	E2B84830789751466469E1293EE3D0A33854D2555C5EAC31E8C4418FD64A97A29BBC91C2F3087B30C54B024465655055B6625CD89B8E5E874818F9439E6D3E07
Malicious:	false
Reputation:	low
Preview:	...........POS/2}9{........`cmap.......<...Rcvt ............fpgm~a.....<....glyf0.).........head..F........6hhea...........$hmtxF..l...@...vloca1./.........maxp.......x... name.6.a........post.......4... prep..]...T...:.....,.......3.......3.....f..............................1ASC.@.............X ........?..... .................F.............................]...).-.D.F.G.H.I.K.L.O.Q.R.U.V.W.X.\.......N.....u...................?............................................._...............................................................Z.^.W.R.^.a.[.Y.`.R.V...R.R.p..@G[ZYXUTSRQPONMLKJIHGFEDCBA@?>=<;:9876510/.-,('&%$#"!...................., ..`E..% .Fa#E#aH-, E.hD-,E#F`. a .F`..&#HH-,E#F#a. ` .&a. a..&#HH-,E#F`.@a .f`..&#HH-,E#F#a.@` .&a.@a..&#HH-,.. <.<-, E# ..D# ..ZQX# ..D#Y ..QX# .MD#Y ..&QX# ..D#Y!!-, E.hD ..` E.Fvh.E`D-,....C#Ce.-,....C#C.-,..(#p..(>..(#p..(E:.....-, E..%Ead.PQXED.!!Y-,I..#D-, E..C`D-,...C..Ce.-, i.@a... .,......b`+.d#da\X..aY-,..E.....+.)#D.)z..-,Ee.,#DE.+#D-,KRXE

C:\Users\user\AppData\Local\Temp\datB8B7.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 13 tables, 1st "OS/2", 20 names, Macintosh, Original licenceOpenSans-BoldUnknownuniqueIDOpenSans-BoldVersion 0.11UnknownUnknownUnknown
Category:	dropped
Size (bytes):	5476
Entropy (8bit):	6.009557126893462
Encrypted:	false
SSDEEP:	96:MxE/oIaTLuA0MMICqQy+gCnpCZyrs4hU6xla9D/AdfHbPXU3crD1K:McUTvHMIC6+gACkrs4hUalieMiDc
MD5:	3FBB4D3BF2AF971A8A15B891EB81318F
SHA1:	384D8045D9848AD949609C476BFE1A72B297E32D
SHA-256:	A797B01B0EFAF43867B227E8CA83E5C7D28C26D854341A630EDF19ABFC6B941A
SHA-512:	0CEDB0AD5AC0B081CC227DDA66772C42BD3D17402ED8EA8BB5A08C39CE10B0BE225F29ECA1789F03A5BF9034F6CE16BFCD2D8753DEAE975D8151190631E161EB
Malicious:	false
Reputation:	low
Preview:	...........POS/2~.........`cmap.x....<...@cvt .-.....\|....fpgm.s.u...(....glyf_..I........head.EI.... ...6hhea.).....X...$hmtx4].K...\|...nloca!. c........maxp........... name..$.........post.......L... prep...k...l.................3.......3.....f..............................1ASC. .............X ........^..... .................4.............................[.'.).3.D.G.O.Q.R.Z...........u...................^...{...........................................V...................................................................+.....................T..@G[ZYXUTSRQPONMLKJIHGFEDCBA@?>=<;:9876510/.-,('&%$#"!...................., ..`E..% .Fa#E#aH-, E.hD-,E#F`. a .F`..&#HH-,E#F#a. ` .&a. a..&#HH-,E#F`.@a .f`..&#HH-,E#F#a.@` .&a.@a..&#HH-,.. <.<-, E# ..D# ..ZQX# ..D#Y ..QX# .MD#Y ..&QX# ..D#Y!!-, E.hD ..` E.Fvh.E`D-,....C#Ce.-,....C#C.-,..(#p..(>..(#p..(E:.....-, E..%Ead.PQXED.!!Y-,I..#D-, E..C`D-,...C..Ce.-, i.@a... .,......b`+.d#da\X..aY-,..E.....+.)#D.)z..-,Ee.,#DE.+#D-,KRXED.!!Y-,KQXED.!!Y-,..

C:\Users\user\AppData\Local\Temp\datBA3F.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	OpenType font data
Category:	dropped
Size (bytes):	2788
Entropy (8bit):	6.449246201849548
Encrypted:	false
SSDEEP:	48:hTq8dw1uhejy/hZl/cnSXuHhhPIDSoXRfFvzYUVTf0ZP8:hT72zAzl/bXuH6SoXRtsGTfYP
MD5:	D333B8FC85AF3AB08E1846862741ACD2
SHA1:	688B820855E351AD4A52C753C49CA5AB8D60A51C
SHA-256:	B21C99A03970D93470BBD041CDEAE2F19A7DFA2EF9E948CED5BDE4AF87EF4419
SHA-512:	1136DD928D3F03B1C6F6FFCD5E6D1D3E19449FF43D0B9C1AB16895783043652F4F88247815F2189C2B7C8266D87BC3F5D9AD91135777D91C0DC333C1C5C87E1E
Malicious:	false
Reputation:	low
Preview:	OTTO........CFF ^.,.........OS/2.],....l...`cmap...>.......,head.'O........6hhea.../...0...$hmtx.v.....T...4maxp..P.........name...........4post........... .........GBIBOK+MinionPro-Bold....A......................................................u.%....}.$...............AdobeIdentityCopyright 1990, 1991, 1992, 1994, 1997, 1998, 2000, 2002, 2004 Adobe Systems Incorporated. All rights reserved. Minion is either a registered trademark or a trademark of Adobe Systems Incorporated in the United States and/or other countries./FSType 8 defMinionPro-Bold..............P.S...../...S.....]...u.........$......P...P..8....>...>.........>...>.........>...>.........>...>.....k..........>.........9R.D.(.$..G.<.<..F.&.%V.F.<..b.....!..z.&IIv.+......%.......w..R....-...;........3sAyI..n........W....D.\|<..i......H........L.C.Jf..O..7.............8.(LYrfe.K-.s........YF?c@E8.ZQQTVW.q.%........X........h.......6."...)...%..........u.f...eY.>......h....6....6..>..h................>......(...R....

C:\Users\user\AppData\Local\Temp\datEC1E.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 21184, version 1.0
Category:	dropped
Size (bytes):	21184
Entropy (8bit):	7.9747838594646865
Encrypted:	false
SSDEEP:	384:cHzB5rr7ROGtSNdE8PnTnaZrOFOSjkuWj/gU+Q33re2wGuj39X81YZ/6BGud:SzBx5OGwRnTerOBri+k3DwGuD9NWrd
MD5:	D3E528D9CA58D216B29710F06B339F9D
SHA1:	AE38D096283F2E5BEF815CE0D8DD267B0833CA4F
SHA-256:	0C743A880DC0CFD9028F74D7B23DB7131FF230F0927129418DE147BE4F556031
SHA-512:	B2DFC10C000A074D75CB604249C9977B7FA55C4A47641252E0F36801EB692AA80EE6D411E09FF748C8A97369FD628B81B342374BFD47C0EED4E3A610E9D1DAF0
Malicious:	false
Reputation:	low
Preview:	wOFF......R.................................FFTM..R.........n.R.GDEF..L....(.......GPOS..L............GSUB..L8...N...`&. .OS/2... ...V...`.Z.Qcmap.............=.scvt .......E....U.&.fpgm.......o...mE .\|gasp..L.............glyf......7...Y..Dv.head.......5...6...#hhea....... ...$.t..hmtx...x.........2N8loca................maxp....... ... .H..name..Gt.......F&...post..J.........E.W.prep.............{.Owebf..R...........Y.x.c`d``..~o.x~...... p.....w.....T.....\..&.(./..m...x.c`d`......}.......3.EP.'..8.\|.......F...D.....\|.......B......x.c`fQf......:....Q.B3_dHcb``.a.x...>.A!..T........o....i....L.........X.X7..1.....T..x.m.[H.A....ff..J.NJ..`[Ae...l+B...XV..!O].f`.)u;..BY.Iv.A;BI.E..u.M.X.D7.ID...o...xx...f.o.O........sr..=.d}.Ef..f.R....=4...T="u5...X/=H.dt.4....[d+.B.I..".$...?.$..:...Ith7..;.t.`..C..F.,@.. ./.>.K... >\.....B.%.c.9.....J.L.....KM.ZM8...G]..1[?.6Y.#*..!......t..\..G..G.5S'c....q...y8%...z5......~..s.v.)O...gX.v...h......J....Ep..i2Pm.}..u....]z......

C:\Users\user\AppData\Local\Temp\~DFA1E4E9666BD3905F.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.3373458989727622
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAKq2R9x89Zh:kBqoxxJhHWSVSEabKq2SZ
MD5:	BA5286185994D749579F4C68337CA765
SHA1:	C607B73E7A303FB9B5CE1223B11B7212169FF3CA
SHA-256:	546F0AA92E7B8ECBEF4F2D38D199DF820344586257D85169481A98074D37B19E
SHA-512:	77A803A60ABF8FFED657602C7F521DCD3D97F7F05644A3A7EA0F9C1AC891C215FC88EAF331A9FB12AD47954022D8D06715A3446AEFAE607556296D4E9156A900
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA3BE48DC535D6904.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47939053632980905
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lo59loZ9lWjhfhlDE:kBqoIC8ZE
MD5:	CF74EDA2070949EDD29118045BB44F42
SHA1:	37F2890DEB490CFFC43D219FFFAE27C36C9677FF
SHA-256:	CBED459BF5CB2A4BAE4E2486AE47F10454F0DCC66350CAF65E5B00B82A8E1A66
SHA-512:	2680F0D3F6157C3B25AB1F5CD384984376C6B5B9F6215D397E4782B6FF8DFBE35BF61B7A967A7FB9B9E77FA4D2E3CA0663EFADDAF3A0A1BCEDEFF6B96B901275
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFCD1A8EDAA1551B78.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	69631
Entropy (8bit):	1.4286150064382095
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+V75orK1Eny1u1MYCp3n5sX493fh3S:pV
MD5:	E7E71A1D4AEE31B66C72B6C6EA3E63E7
SHA1:	F1D7F8AF092114F4809B733EDE621EF5DABD8AF8
SHA-256:	45A72BE3510BED034A787D6F92850CF55D0ABE84BE6A556D7AF4E540D4BE7DEF
SHA-512:	6C20C1FA888A1F36DBF07A2C837F9C62303DAA15A8F53D4348D9A9BFE849AFEC3834A149FB0BDB6012C400C77A79D14C881B3D9E1221F7AA52D9136F64F6331F
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:34:25.585076094 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.585408926 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.631062031 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.631082058 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.631382942 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.631664991 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.641783953 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.641813040 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.687381983 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.687422037 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688158035 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688183069 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688256025 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688311100 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.688343048 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688369036 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688385963 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.688415051 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.688431025 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.688491106 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.729346037 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.729379892 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.741883993 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.775229931 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.775255919 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:25.775331020 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.775374889 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:25.820903063 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.057090044 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.057118893 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.057225943 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:26.160922050 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.160944939 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.160986900 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:26.161019087 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:26.214651108 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.214682102 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.214696884 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:26.214741945 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:26.214776039 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:28.179373026 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:28.264792919 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:28.906094074 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:28.906131983 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:28.906227112 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.145373106 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.158699989 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.159436941 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.190924883 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.205224991 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.209254026 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.407756090 CET	443	49736	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.407895088 CET	49736	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.421580076 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.421619892 CET	443	49737	185.235.236.201	192.168.2.4
Jan 13, 2021 19:34:30.421688080 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.421740055 CET	49737	443	192.168.2.4	185.235.236.201
Jan 13, 2021 19:34:30.668884993 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.669106007 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.714591026 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.714643955 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.714739084 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.714780092 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.725097895 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.725399971 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.774173021 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774672031 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774785995 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774830103 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774858952 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774897099 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774912119 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.774934053 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.774936914 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.774940014 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.774972916 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.774976015 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.775006056 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.775034904 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.788552046 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.788606882 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.789377928 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.834970951 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.835124016 CET	443	49747	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.835155964 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.835187912 CET	49747	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.835232973 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.974878073 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:30.974998951 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:30.978081942 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:31.023854971 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:31.403999090 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:31.404045105 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:31.404161930 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:32.746941090 CET	49746	443	192.168.2.4	185.235.236.197
Jan 13, 2021 19:34:32.831798077 CET	443	49746	185.235.236.197	192.168.2.4
Jan 13, 2021 19:34:32.884948015 CET	49748	443	192.168.2.4	185.235.236.200
Jan 13, 2021 19:34:32.885843039 CET	49749	443	192.168.2.4	185.235.236.200
Jan 13, 2021 19:34:32.930660963 CET	443	49748	185.235.236.200	192.168.2.4
Jan 13, 2021 19:34:32.930759907 CET	49748	443	192.168.2.4	185.235.236.200

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 19:34:23.268018961 CET	55854	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:23.315960884 CET	53	55854	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:24.112620115 CET	64549	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:24.169363022 CET	53	64549	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:24.409437895 CET	63153	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:24.467890024 CET	53	63153	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:25.125277042 CET	52991	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:25.173679113 CET	53	52991	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:25.499556065 CET	53700	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:25.566359997 CET	53	53700	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:26.143004894 CET	51726	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:26.199537992 CET	53	51726	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:28.853264093 CET	56794	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:28.901424885 CET	53	56794	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:29.657660007 CET	56534	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:29.714101076 CET	53	56534	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:30.604456902 CET	56627	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:30.665364027 CET	53	56627	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:32.697036028 CET	56621	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:32.760351896 CET	53	56621	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:38.324991941 CET	63116	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:38.381439924 CET	53	63116	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:39.657077074 CET	64078	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:39.707830906 CET	53	64078	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:42.083674908 CET	64801	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:42.140073061 CET	53	64801	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:42.718971014 CET	61721	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:42.777690887 CET	53	61721	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:43.635240078 CET	51255	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:43.686280966 CET	53	51255	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:44.407186031 CET	61522	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:44.458028078 CET	53	61522	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:44.550298929 CET	52337	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:44.598164082 CET	53	52337	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:45.426424980 CET	55046	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:45.482907057 CET	53	55046	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:46.591677904 CET	49612	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:46.643731117 CET	53	49612	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:47.123023033 CET	49285	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:47.188561916 CET	53	49285	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:47.649096012 CET	50601	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:47.709877968 CET	53	50601	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:48.222491026 CET	60875	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:48.291780949 CET	53	60875	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:48.316792011 CET	56448	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:48.435190916 CET	59172	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:48.485862970 CET	53	59172	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:48.678813934 CET	53	56448	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:49.254323006 CET	62420	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:49.302341938 CET	53	62420	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:49.377049923 CET	60579	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:49.424983978 CET	53	60579	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:49.681793928 CET	50183	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:49.691881895 CET	61531	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:49.740895987 CET	53	50183	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:49.751095057 CET	53	61531	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:49.761310101 CET	49228	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:49.821523905 CET	53	49228	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:50.249264002 CET	59794	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:50.297195911 CET	53	59794	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:54.408520937 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:54.464929104 CET	53	55916	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:55.046515942 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:55.097323895 CET	53	52752	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:55.397919893 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:55.454427004 CET	53	55916	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:56.052433968 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:56.412055969 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:57.052686930 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:58.427757978 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:58.475894928 CET	53	55916	8.8.8.8	192.168.2.4
Jan 13, 2021 19:34:59.068336010 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:34:59.127791882 CET	53	52752	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:02.446280003 CET	55916	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:02.494419098 CET	53	55916	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:03.084379911 CET	52752	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:03.135231018 CET	53	52752	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:03.937892914 CET	60542	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:04.042041063 CET	53	60542	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:04.563359976 CET	60689	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:04.623331070 CET	53	60689	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:05.020982027 CET	64206	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:05.091625929 CET	53	64206	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:05.201992989 CET	50904	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:05.258426905 CET	53	50904	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:05.706963062 CET	57525	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:05.763283014 CET	53	57525	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:06.221883059 CET	53814	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:06.278502941 CET	53	53814	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:06.808882952 CET	53418	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:06.865484953 CET	53	53418	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:07.795300007 CET	62833	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:07.851881027 CET	53	62833	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:08.650844097 CET	59260	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:08.710450888 CET	53	59260	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:08.856724977 CET	49944	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:08.913116932 CET	53	49944	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:09.737839937 CET	63300	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:09.799691916 CET	53	63300	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:10.312707901 CET	61449	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:10.368807077 CET	53	61449	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:18.935040951 CET	51275	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:18.983087063 CET	53	51275	8.8.8.8	192.168.2.4
Jan 13, 2021 19:35:19.080029964 CET	63492	53	192.168.2.4	8.8.8.8
Jan 13, 2021 19:35:19.139569998 CET	53	63492	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 19:34:25.499556065 CET	192.168.2.4	8.8.8.8	0x7186	Standard query (0)	app.box.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:26.143004894 CET	192.168.2.4	8.8.8.8	0x103a	Standard query (0)	cdn01.boxcdn.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:30.604456902 CET	192.168.2.4	8.8.8.8	0xe255	Standard query (0)	api.box.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:32.697036028 CET	192.168.2.4	8.8.8.8	0xeb64	Standard query (0)	public.boxcloud.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:42.718971014 CET	192.168.2.4	8.8.8.8	0x61a0	Standard query (0)	cdn01.boxcdn.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:47.123023033 CET	192.168.2.4	8.8.8.8	0x639c	Standard query (0)	account.box.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:47.649096012 CET	192.168.2.4	8.8.8.8	0xe35a	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:48.222491026 CET	192.168.2.4	8.8.8.8	0x7e50	Standard query (0)	boxinc.sc.omtrdc.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:48.316792011 CET	192.168.2.4	8.8.8.8	0xe82b	Standard query (0)	chimneystudent.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.377049923 CET	192.168.2.4	8.8.8.8	0x2919	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.681793928 CET	192.168.2.4	8.8.8.8	0x67eb	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.691881895 CET	192.168.2.4	8.8.8.8	0xd2b0	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 19:34:25.566359997 CET	8.8.8.8	192.168.2.4	0x7186	No error (0)	app.box.com		185.235.236.201	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:26.199537992 CET	8.8.8.8	192.168.2.4	0x103a	No error (0)	cdn01.boxcdn.net	cdn01.boxcdn.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:34:30.665364027 CET	8.8.8.8	192.168.2.4	0xe255	No error (0)	api.box.com		185.235.236.197	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:32.760351896 CET	8.8.8.8	192.168.2.4	0xeb64	No error (0)	public.boxcloud.com		185.235.236.200	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:42.777690887 CET	8.8.8.8	192.168.2.4	0x61a0	No error (0)	cdn01.boxcdn.net	cdn01.boxcdn.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:34:47.188561916 CET	8.8.8.8	192.168.2.4	0x639c	No error (0)	account.box.com		185.235.236.197	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:47.709877968 CET	8.8.8.8	192.168.2.4	0xe35a	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:34:48.291780949 CET	8.8.8.8	192.168.2.4	0x7e50	No error (0)	boxinc.sc.omtrdc.net		15.237.76.117	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:48.291780949 CET	8.8.8.8	192.168.2.4	0x7e50	No error (0)	boxinc.sc.omtrdc.net		15.237.136.106	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:48.291780949 CET	8.8.8.8	192.168.2.4	0x7e50	No error (0)	boxinc.sc.omtrdc.net		35.181.18.61	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:48.678813934 CET	8.8.8.8	192.168.2.4	0xe82b	No error (0)	chimneystudent.com		69.49.228.205	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.424983978 CET	8.8.8.8	192.168.2.4	0x2919	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.424983978 CET	8.8.8.8	192.168.2.4	0x2919	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.740895987 CET	8.8.8.8	192.168.2.4	0x67eb	No error (0)	aadcdn.msftauth.net	aadcdnoriginneu.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 19:34:49.740895987 CET	8.8.8.8	192.168.2.4	0x67eb	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Jan 13, 2021 19:34:49.751095057 CET	8.8.8.8	192.168.2.4	0xd2b0	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 19:34:25.688256025 CET	185.235.236.201	443	192.168.2.4	49737	CN=app.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Jun 23 02:00:00 CEST 2020 Mon Nov 06 13:23:45 CET 2017	Sat Jul 23 14:00:00 CEST 2022 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:25.688256025 CET	185.235.236.201	443	192.168.2.4	49737	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:25.688385963 CET	185.235.236.201	443	192.168.2.4	49736	CN=app.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Jun 23 02:00:00 CEST 2020 Mon Nov 06 13:23:45 CET 2017	Sat Jul 23 14:00:00 CEST 2022 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:25.688385963 CET	185.235.236.201	443	192.168.2.4	49736	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:30.774858952 CET	185.235.236.197	443	192.168.2.4	49746	CN=*.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Nov 18 01:00:00 CET 2020 Mon Nov 06 13:23:45 CET 2017	Thu Nov 18 00:59:59 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:30.774858952 CET	185.235.236.197	443	192.168.2.4	49746	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:30.774976015 CET	185.235.236.197	443	192.168.2.4	49747	CN=*.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Nov 18 01:00:00 CET 2020 Mon Nov 06 13:23:45 CET 2017	Thu Nov 18 00:59:59 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:30.774976015 CET	185.235.236.197	443	192.168.2.4	49747	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:32.979052067 CET	185.235.236.200	443	192.168.2.4	49749	CN=*.boxcloud.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 07 01:00:00 CET 2018 Mon Nov 06 13:23:45 CET 2017	Fri Feb 19 13:00:00 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:32.979052067 CET	185.235.236.200	443	192.168.2.4	49749	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:32.979176044 CET	185.235.236.200	443	192.168.2.4	49748	CN=*.boxcloud.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Feb 07 01:00:00 CET 2018 Mon Nov 06 13:23:45 CET 2017	Fri Feb 19 13:00:00 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:32.979176044 CET	185.235.236.200	443	192.168.2.4	49748	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:47.285166979 CET	185.235.236.197	443	192.168.2.4	49761	CN=*.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Nov 18 01:00:00 CET 2020 Mon Nov 06 13:23:45 CET 2017	Thu Nov 18 00:59:59 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:47.285166979 CET	185.235.236.197	443	192.168.2.4	49761	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:47.285275936 CET	185.235.236.197	443	192.168.2.4	49762	CN=*.box.com, O="Box, Inc.", L=Redwood City, ST=California, C=US CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Nov 18 01:00:00 CET 2020 Mon Nov 06 13:23:45 CET 2017	Thu Nov 18 00:59:59 CET 2021 Sat Nov 06 13:23:45 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:47.285275936 CET	185.235.236.197	443	192.168.2.4	49762	CN=GeoTrust RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:45 CET 2017	Sat Nov 06 13:23:45 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:48.393850088 CET	15.237.76.117	443	192.168.2.4	49765	CN=*.sc.omtrdc.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Oct 29 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013	Tue Nov 30 00:59:59 CET 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:48.393850088 CET	15.237.76.117	443	192.168.2.4	49765	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:48.394664049 CET	15.237.76.117	443	192.168.2.4	49766	CN=*.sc.omtrdc.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Oct 29 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013	Tue Nov 30 00:59:59 CET 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:48.394664049 CET	15.237.76.117	443	192.168.2.4	49766	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:48.998800039 CET	69.49.228.205	443	192.168.2.4	49769	CN=chimneystudent.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Jan 12 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Tue Apr 13 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Jan 13, 2021 19:34:48.999057055 CET	69.49.228.205	443	192.168.2.4	49768	CN=chimneystudent.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Jan 12 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Tue Apr 13 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Jan 13, 2021 19:34:49.509426117 CET	104.16.18.94	443	192.168.2.4	49771	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:49.509426117 CET	104.16.18.94	443	192.168.2.4	49771	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:49.510626078 CET	104.16.18.94	443	192.168.2.4	49772	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:49.510626078 CET	104.16.18.94	443	192.168.2.4	49772	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 19:34:49.925318003 CET	152.199.23.37	443	192.168.2.4	49775	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 13, 2021 19:34:49.925684929 CET	152.199.23.37	443	192.168.2.4	49776	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 13, 2021 19:34:49.925928116 CET	152.199.23.37	443	192.168.2.4	49777	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 13, 2021 19:34:49.938999891 CET	152.199.23.37	443	192.168.2.4	49779	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 13, 2021 19:34:49.939188004 CET	152.199.23.37	443	192.168.2.4	49780	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
Jan 13, 2021 19:34:49.939368963 CET	152.199.23.37	443	192.168.2.4	49781	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006	Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 7036 Parent PID: 800

General

Start time:	19:34:24
Start date:	13/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff78fb90000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 7092 Parent PID: 7036

General

Start time:	19:34:24
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7036 CREDAT:17410 /prefetch:2
Imagebase:	0x160000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://app.box.com/s/f59992hq0o3230yh4ysvn4wry4ishg01

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 7036 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 7092 Parent PID: 7036

General

Disassembly