Analysis Report https://app.box.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wc

ID:	384773
Product:	CloudBasic
Start time:	19:39:24
Start date:	09.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\app.box[1].xml	ASCII text, with very long lines, with no line terminators	58517F94C4DA332C486A46BE8ADDEE0B	E5A2F296EBB3C4A67C21C4242CE5AB2EB8FC5692	295DC7E17902EE5AFF584636231D32758683ADADD32BE5BECB90EADD954FC0C5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9EFB6EF9-995A-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	EA674F05C43B1C85E9A90DA8FD7E04C6	43831F441E8576C80C756AAE6660599EB4BEF401	52443DCF8C58F53A3327EEA477A4FE75774535B6F6C993ABD68D00A7310A6265
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	0FBCA5878EF2BD3F750B59C5FCBE0921	8F1877A29DA2B14027900BE7793416FB78FB424A	2095CD2C96C173428440A9291F0D22D9CC808CA7F26454073500B62ED130F0D0
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A571EC6F-995A-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	5221ED91E9CA58A080AA08486690CCEB	1897B8FB0C3EAA155E60A6C2F2FBF32DC8F3274B	4B5AA2CD56129F4103DFD624DD071D3069385908A2BD3BF9D7D9350EC73A91DC
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	30F92B7A5163DC9B2852AB530841C198	7A38B89AE253A4185642829F4F89A9D459F08F7F	5A421F6416B5A80BF8735345882897DB539A96F04FC78188DCB058E6797A47B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lato-Bold[1].woff	Web Open Font Format, TrueType, length 118272, version 1.0	AEBA3FDF0CDB79BC1D33688D3E39B592	E3A34C01880116194309B7225A9CBF8001D23407	2D198961EFB291734102AC4281C4E004628960C80B7C378DD8E034D4B7425AD2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lato-Regular[1].woff	Web Open Font Format, TrueType, length 119132, version 1.0	3E4A4FC6317C4C2CF35D7C77EC1789C3	40EA0D8678B92988824193587F707E3AEDC4591F	607EC0A4A29F6A4607F6E0A3CF486E50322DDF66F1F1870150CB69A7061E978D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Lato-woff[1].css	ASCII text, with very long lines	E1E5023A4D0B29824C8A6937ED303B03	93159BA90E4ACA126C45282D047E4E1D544AD100	80745E4A131F2F16302232F53845BFA223915A3465369A40A9AA777D2C0A30BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Servpro[1].pdf	PDF document, version 1.5	3670EB343ABF0EC0350A8150ABBC48AF	7DDB6C11DDF5753C8CCC4684ABAD11918F0C622B	8223A0C225CF74A1D1D539A973683AE2652F3FE1911B023BB466A297DF8A33F6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\app.62d2420f86[1].css	ASCII text, with very long lines, with no line terminators	46301A03C019930B0FDEACFB8578A805	ED904D489426AE81C9C67261F21739788531C50C	3BB86F3AEFA77288466913EB064D4A9639A2086654F825F2C6E54CA5525134DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm	HTML document, ASCII text, with very long lines	EA1C7286FFABC4AA0102EE557ACFD5F4	9F60D315F427C66D4AE13D4C61E1DAEEB7D419B8	DDC5E68004CA989F977EA29FA05EC07E639A05E0F806CF0AF3283EEE5F095B0C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo_strip[1].png	PNG image data, 624 x 96, 8-bit/color RGBA, non-interlaced	1228BD64AD39DAFE43AC5B6A865B639B	209C7B6DDF2A470E28541FD920F6CF3F3634A11B	D1F126B54D456B3D15BE32E56FA230CB8A9D4B5B3CFA8E0E2B0386431C869FBA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\messagecenter~preview-components~uploads-manager-enduser.46e89c9bf1[1].js	ASCII text, with very long lines	94CCEEBDAF9136761D3D1854870FD329	C499201C7AA531E597622C05280BD07A6BCC321F	C3852D620222BF6E3C556AC62FAEFB957CD406654345E15480F0B860095D4B3F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\messagecenter~preview-components~uploads-manager-enduser.de71b9769a[1].css	ASCII text, with very long lines, with no line terminators	F2129188D79DCC9425F90ABCCC0B59A7	7E59C068211D195C19C91FE2581BB359FEA828B8	CBB9726F5F3DCA04530F69D2B6C0B60B22E79BA8A0800167EA6AB365B19C95A0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pdf.worker.min[1].js	ASCII text, with very long lines	8F43F3A32DF23400F995137BD39B3E96	9F368C68F4788C9565EDEA054541683CB6791E3F	1DFAD8C9B4B4981418A528C29A316683E17C222C0D27348264627C57580D2F37
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pdf[1].png	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	F1E3F187F7C23FA8D1555004F3800356	E71E52A142E754399AE39EF38584789B66E9EA00	DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pdf_viewer.min[1].css	assembler source, ASCII text, with very long lines, with no line terminators	8CE5E0CD4EE723D76683E50A1A3A6C6B	43D9D8CEECAA52C55735CBBF46DA3AE27146018D	5179C456D56674CA0C710DBC43C90DDF2710C716779D53B94BF2A018F31154DA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\uploads-manager-enduser.1447e4d8b7[1].css	ASCII text, with very long lines, with no line terminators	2736E5D199EFCFE06501B7F72B3F5DD2	B9B553FBB2DFE567111B7D51CF682EB72D9EB9C6	6557DF16669DDFB8E5BF239CC8004991B1483568090013310857002CD051B85A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\app.80bc6631ed[1].js	ASCII text, with very long lines, with no line terminators	BE30D5FD0FD48603B5A75F17740C2F23	81C251A61C7C8F1C297B6481AE7FAFA754D89068	28A27EA2F23226CBA224A1C6F059C98FBB9DC7020ECD5A7C3CE5268A00C0C026
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\content-sidebar.aadc94c993[1].css	ASCII text, with very long lines, with no line terminators	159F5E7E94AF878664C6490270CD2998	EFB4B60AF7A7BB6E543339B4016A60BDC78C7D41	6E5D870B3EE59E9DAD6A378F1E264C193830BD895FAF1145383E709714A82D76
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css	ASCII text	4CFC4658F748E1FC67D2EA27F9B3692F	82C520D112F48E337E99DF00067BFAA75D0F9CA2	ABC5A61E85F95E54C925FE9589099AD680912480E7C97052AF0496CBC6D111B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\exif.min[1].js	ASCII text, with very long lines	0DB669C9033252050E919900AD0BEFA0	23EDB95E1E737E0F23EE6C7CEF07D634236A52E3	ADD547634768E8CE49D67775D02F958597EFD5E6DF2D1077EF4DFC8C0878B688
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lang-en-AU~lang-en-CA~lang-en-GB~lang-en-US~lang-en-x-pseudo.57dba5f597[1].js	ASCII text, with very long lines, with no line terminators	9BCCCA5979199B48DD2DCD6BAC31CDCA	380DBAED126862294356918B0AC8031C00BD492A	860E3603A72F16B016D971C6FA67386D8C1398A44A896F896082B6F7CDF2CC78
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lang-en-US.d8cbc90473[1].js	ASCII text, with very long lines, with no line terminators	77D050B5D2362E2848A3BC61551844BE	D43F29BB8638CF123B165DFD34F06C996D016792	34B2E3E12C2A49D52E9046590FB28AD68CF78903810698B179565A6E1857C6B5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\messagecenter~uploads-manager-enduser.e83b2dda31[1].js	ASCII text, with very long lines, with no line terminators	0301C1A9C6BFCA3D5F81EF8A64E77C2E	3CD3BB4391C82A29191B5B0C9ABB4EE01AFCE8DA	218F4E999ED4F2B19EEAC806BC5D64C8E71F63E7D3336A6FAECE22FB784214FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\pdf.min[1].js	ASCII text, with very long lines	9A9AC5F2FB76274116C651226A647C95	EEDC500FC742C9762BF5789AE470132B2011AF77	6CF4C965636CFA49500C3A95FDEF2C5F4722FD0367ED26D70A19F1A13DFFE173
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\preview-components.87c76e14ef[1].js	ASCII text, with very long lines, with no line terminators	7614A77F883CDFF0070B898F1A18AF98	811875B8F262DDE141CFA1EB6BCBD6BC1295859E	2BDEF9AB99EBED98E563844EE73BA09F3AF62CE4A3BE4FCEE266BBB89FF9BB9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\uploads-manager-enduser.701384c70f[1].js	ASCII text, with very long lines	96723514F5280594E9AC585346EBF3A7	A07B97A4267B275E79378DA9FA85B0A130A98557	5CB650781C37BE4DDB5710E4FE0B4F2708351FBD501D338BACC0C5E1BF33E39D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\content-sidebar.d5bb78ae93[1].js	ASCII text, with very long lines, with no line terminators	90DCA29899AC24B518E6FA6F10DE24D8	40E82DF85CEBFF3B930374C4CB44D77A02BAC200	911B496D51030A2FFCDDACFBCA99A15AF5FC38B0F9040AA0A465A1FE20882931
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\core.min[1].js	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators	8F402D83489BA25EF87CDFC67BF47932	EFBCAE4F111F6CECF56E1B88857F688EEECABAF1	50DA66E885D183593100789E7376D6171310D22F64E798A1DDA6AD5940CF0967
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\intersection-observer[1].js	ASCII text, with very long lines, with no line terminators	498AAC0CA5A2544927FAF2681402DE59	39F0C1FBF7452CC5568E5E9C499C898272C285CE	542FADAE21CB6CA75B99B8FC0A0FA8E300F18F679FAD27046D23C74C275F59EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\loading[1].gif	GIF image data, version 89a, 30 x 30	2E4AAFDC48FD2295ADE1A275F1BAE547	D35E3EB9261AEF6827067E9D8D0C8C7B796E0AFB	B3A3C601451C06183AF82CBF2270C4D80F3D5D680EA9960ED0816B506FBB8C33
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\logo[1].png	PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced	EF884BDEDEF280DF97A4C5604058D8DB	6F04244B51AD2409659E267D308B97E09CE9062B	825DE044D5AC6442A094FF95099F9F67E9249A8110A2FBD57128285776632ADB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pdf_viewer.min[1].js	ASCII text, with very long lines	C1B5589ABBA40B2ED3D3AE6EB0F45373	D3F971D2C68F79F055E986F687F5F259DAED3226	8FC790E9167754C61FFCD21E2382D2B6F55903C708239A5CDC7A15748F864B1B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\preview-components~shared-file.ad8a132249[1].js	ASCII text, with very long lines, with no line terminators	F35FB7D310F85C009F4B837D2DCC5231	09D5D06C9C102CE7E9817B61BCD59182D8E75DFC	CA4E12743A15E6864CDA722F1876332CE98542FB9FE53076C44865D528B2BAA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\preview[1].css	ASCII text, with very long lines	724192BFC7925D7B33264393D94DB843	29EAC6C7B94690494179FFE9C8CEEB30CA38C2B9	BE95FEA6E8E76B03B2C42821E5EC0E0D5BC64326E54DA731D61AF786AE2A2BDE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\preview[1].js	UTF-8 Unicode text, with very long lines	A3FC1662F91C7B0F7BD1BA50479E5D68	6386DECA083D82061FEC29E476ECDD3F9F5AC96C	E041549E4A937EE01627A0D6F9EB1D50F264E74170EA3FBA40ACD87735E5E1A8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\share-point[1].css	ASCII text, with very long lines, with CRLF line terminators	63DF83784CADD3A339B776520600C21A	69BB829612F3E3CB2F521323945C9284A2B0DCDE	2EE69AEF3AFB10B368BDE9FEA7E97CC75C030C890E3D2B8DC4AD19D498234DBF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\vendors~app.1978418f74[1].js	ASCII text, with very long lines	7C0EAC129EFCA3017C9B49934D95E781	32718812DCB6E0D24F79F1062B78EADC06F1E602	7CE5AD473F7F68D1C2847009FDC3F1468CCF9157E86D386FE5FCCEE3ECF1720F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\as-security~change-current-user-role-modal~collaborators~collection-detail-page~content-explorer-mod~2da256af.a0db8de5f2[1].js	ASCII text, with very long lines, with no line terminators	A0A0AD79772308D2FA9C7FEB0D365E27	B6D6AD65CDE92616D62EB1593ED804FE9671ED48	8F27FA13A51FAF0B5264DCCA894F10471640F4BC6DE092DB4D54137635308312
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\content[1].jpg	[TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=1], baseline, precision 8, 1024x1024, frames 3	12E19BE7F23232BF4851B60FAA4FAB70	216FBE74D066A63FF51C34AF13ED9DCF339CD579	E6315F6A423FA162F2C9C6E8B56EF9A6B4DD1A1AEDA076285A1C120FFBCA4DD3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon-32x32-VwW37b[1].png	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	86AEDF25C0B3AE1224D92E32D80FFEF8	D75B54256BC48B27E6D7DF1C2A6F4635DE2FE5EE	D1A4A65AC84A381199843B9722E6470470C8093885CF2A6481C2FF0DEF618C64
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\li6orbsabcm5o36s3wlba8p8[1].htm	HTML document, UTF-8 Unicode text	86D9014D5BA2388806BA47FD139587E6	77C730A19F1F4FA067F7B390D09FA93A634B9439	0AC4641C1120D7591AF50D7EDFC1687D08E0D8E3FBA0EECC3EA3A12FB1492030
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\preview-components.a5aea5c3e0[1].css	ASCII text, with very long lines, with no line terminators	4CCC39E80CC569305D87B440DEF31D65	2C75DDBA7DDC53EE2F2BB80867ADC8264F054CAC	37B047678243379CF8ECAAE2E6E4EC028AEB21B9F8BD13183F4A5C69945FCD77
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\preview-components~shared-file.4fbef49e0d[1].css	ASCII text, with no line terminators	0628C102A3DA83FE10C4AC340F055329	F290C0DC982CA76807C00EEAE59B3335983BBDC4	B23D25ACC423D13F6DE5278961700C672B481E93EC189A8179BF27AE43824279
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\promise[1].js	ASCII text, with very long lines, with no line terminators	B669DFC7109AB90A425DB6A9349E92F5	0EF23DF3B07C637DB6DDF6766EFC8A2A528C1C0E	977A170836C79F74599A27B28F7A487ABB29EBB5E50EB0CD303FB70617A1CE13
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\runtime.989e647586[1].js	ASCII text, with very long lines, with no line terminators	7BA2B159D69A6BE5E5D6E455B1535C76	99C65A5065EEB4FDFD3323CE057D9D5EE93F1F2C	E7FA097600C81B07A2ECBCD4680E2DA6783733804559C8C491C06E27F00DDAB8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\shared-file.058946a378[1].js	ASCII text, with very long lines, with no line terminators	6CC8350017812880D8515965592F6AFE	4FCAF5D1BEE80FB89920FEE501AC0B89279BC4E4	CCA8DE909FDA557182FA587E7FB924F5C24423D3EFD54A57FDD803B2EC080EE5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\shared-file.f1f6d40967[1].css	ASCII text, with very long lines, with no line terminators	30DBAF1AA2461B67BD0FBA1F018B7A8F	EB99C8D6124599E57C219DA1591D0F90DE9A68B6	7491367269A0C97C9EF859DBB361062FAB032FCF2F2807683A05ACA2A91245A8
C:\Users\user\AppData\Local\Temp\dat8C00.tmp	Web Open Font Format, TrueType, length 119132, version 1.0	3E4A4FC6317C4C2CF35D7C77EC1789C3	40EA0D8678B92988824193587F707E3AEDC4591F	607EC0A4A29F6A4607F6E0A3CF486E50322DDF66F1F1870150CB69A7061E978D
C:\Users\user\AppData\Local\Temp\dat8C8E.tmp	Web Open Font Format (Version 2), TrueType, length 84396, version 2.983	8A54EA1AEB67D07C751BD5F03068317B	CFBEE4F2FD7F359A2A60648BB6797CAC1FD4DA3E	4230A20B841519BDBE4B0C154BAD414E017CF80B3918127D45C4F907EEA07280
C:\Users\user\AppData\Local\Temp\datA806.tmp	OpenType font data	2B87BDC9369E256C61872AA2A2B51C9D	5373C688D8DE2AB2EA0142A58D6DB9D9AE2EAF94	0F989EC9456A15AC03963AA23BD73F1FD7BB9A02C3AD360983AF0EAEF81C329A
C:\Users\user\AppData\Local\Temp\datA874.tmp	OpenType font data	E1C4F2715CC2DC892147D166D44E0C05	E43CEFA29EBE0DA6C6B855AC263B8DD53BE2E98A	D9BC6A022BE33B5502940A81D9235252A8B616779EE6609D696A638388FF9C9E
C:\Users\user\AppData\Local\Temp\datA911.tmp	OpenType font data	54124C1DC7524719CC83DA42A757F67C	96F63F92A648524922204796FF1D5FDCDCDF0EF5	09F15D443AE33D998AE652C7BEF41BAF1108B5BE29B798EFF9A7FAFB3BF54E00
C:\Users\user\AppData\Local\Temp\datA961.tmp	TrueType Font data, 13 tables, 1st "OS/2", 20 names, Macintosh, \251 2018 Microsoft Corporation. All Rights Reserved.	338090212C9A8635572AC20DE9D48C75	8FF5C895B6169F8354CCE22AE34583F76698CD80	22134C4719323D485AE28D5DA9F03E4F6CBE0ABC4EAA4ABBF9847E3AD3091DC1
C:\Users\user\AppData\Local\Temp\datA990.tmp	TrueType Font data, 13 tables, 1st "OS/2", 20 names, Macintosh, \251 2018 Microsoft Corporation. All Rights Reserved.	AD4439CA330A2B3A389ABDC9AE8F3B77	3FF6B45EC83D5E965EFA4AD4BCB7C705379867FA	8A38BD1F0BA3DF1C23A412C60B9C020A6A5769F83062CCAA78ED388F1B2DF828
C:\Users\user\AppData\Local\Temp\datE68B.tmp	Web Open Font Format, TrueType, length 2532, version 2.24904	10600F6B3D9C9BE2D2B2CE58D2C6508B	421CA4369738433E33348785FE776A0C839605D5	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
C:\Users\user\AppData\Local\Temp\~DF1D930BD22B0D5A83.TMP	data	F10A0B07EBEFD964CE6C6E5812CD9448	DC6A28A2D678FAAAB39F21F8959BFBB5CDFC3211	AD5751191C55FA0097928C431680AF036373CB065C138154B305842648675DF9
C:\Users\user\AppData\Local\Temp\~DF4580B808E1CFC63F.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DF999979F56005C7E8.TMP	data	161819C33711A456036264626B40D392	CB5E419D5D2547ED8538E1CE2F6D12506522062D	B85D3C0DE56485273CE5BE82EC379690FDA77C67806C9ED7F6DC7CBB2F19FAE7

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://app.box.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wc

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 715575.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\li6orbsabcm5o36s3wlba8p8[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://erffggf.cf/jd/sharepoint-0/img/logo.png

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Number of links: 0
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Title: Sharing Link Validation does not match URL

Invalid T&C link found

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Invalid link: Privacy & Cookies

Suspicious form URL found

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Form action: verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: Form action: verification.php?sf58gfd1s689sxd2sdf8angf264s9df23sd2f1n495K3L2C151645172991f1477dbd26917ef3822423f62e984a91f1477dbd26917ef3822423f62e984a91f1477dbd

META author tag missing

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: No <meta name="author".. found
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: No <meta name="copyright".. found
Source: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.125.84:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.125.84:443 -> 192.168.2.4:49762 version: TLS 1.2

Networking:

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: app.box.com

URLs found in memory or binary data

Source: preview[1].js.4.dr	String found in binary or memory: http://blog.stevenlevithan.com/archives/parseuri
Source: preview[1].js.4.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: core.min[1].js.4.dr	String found in binary or memory: http://rock.mit-license.org
Source: preview[1].css.4.dr	String found in binary or memory: http://www.box.com)
Source: Servpro[1].pdf.4.dr	String found in binary or memory: https://955b0f04ec1842b79e6727b6d5210de0.svc.dynamics.com/t/r/t1CFDnMTkqEtehk9U1_TVxBOL5s3sA69Juxjkt
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.Root
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.cRoot
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.cbox.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wc
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wc
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wc8Servpro.pdf
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.com/s/ldmpej4bczs3ra2es3qlr0qrqifh99wcRoot
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://app.box.csharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxnbox.com/s/ldmpej4bc
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/android-chrome-192x192-96i97M.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-114x114-busq-D.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-120x120-K-u4U5.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-144x144-va9pYs.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-152x152-r5tWgh.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-180x180-tV001c.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-57x57-fLlEpj.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-60x60-Uv0qzu.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-72x72-7aVqne.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/apple-touch-icon-76x76-ZVGnRV.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/browserconfig-fdBReK.xml
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-16x16-_kQSW4.png
Source: imagestore.dat.4.dr, ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-32x32-VwW37b.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-96x96-XU7UE1.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/favicon-yz-tj-.ico
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/manifest-rw1AEP.json
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/mstile-144x144-pllCM8.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-16x16-Ou5N87.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-32x32-brwW_W.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-96x96-TOQ9Kg.png
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/notification-favicon-EHWWyP.ico
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/_assets/img/favicons/safari-pinned-tab-jyt2W4.svg
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/enduser/app.62d2420f86.css
Source: messagecenter~preview-components~uploads-manager-enduser.de71b9769a[1].css.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.de71b9769a[1].css.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Bold.woff2)
Source: messagecenter~preview-components~uploads-manager-enduser.de71b9769a[1].css.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff)
Source: messagecenter~preview-components~uploads-manager-enduser.de71b9769a[1].css.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-Regular.woff2)
Source: ldmpej4bczs3ra2es3qlr0qrqifh99wc[1].htm.4.dr	String found in binary or memory: https://cdn01.boxcdn.net/fonts/1.0.2/lato/Lato-woff.css
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://erffggf.cf/jd/
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://erffggf.cf/jd/ldmpej4bczs3ra2es3qlr0qrqifh99wc
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn
Source: {9EFB6EFB-995A-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DF1D930BD22B0D5A83.TMP.2.dr	String found in binary or memory: https://erffggf.cf/jd/sharepoint-0/li6orbsabcm5o36s3wlba8p8.php?rand=13InboxLightaspxn.1774256418&fi
Source: preview[1].js.4.dr	String found in binary or memory: https://feross.org
Source: li6orbsabcm5o36s3wlba8p8[1].htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: preview[1].js.4.dr	String found in binary or memory: https://github.com/derek-watson/jsUri
Source: core.min[1].js.4.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: preview[1].js.4.dr	String found in binary or memory: https://support.box.com

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.201:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.197:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.235.236.200:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.125.84:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.125.84:443 -> 192.168.2.4:49762 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: mal72.phis.win@3/60@7/5

Creates files inside the user directory

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9EFB6EF9-995A-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Creates temporary files

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF999979F56005C7E8.TMP

Jump to behavior

Reads ini files

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6644 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6644 CREDAT:17410 /prefetch:2			Jump to behavior

Tries to open an application configuration file (.cfg)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior