Analysis Report https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

ID:	432951
Product:	CloudBasic
Start time:	00:46:33
Start date:	11.06.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\secure.campaigner[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE8904AD-CA3D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	1261697CB81E8E59168637734DB7B4EF	3CD12E492FB685D3AEF448449AEC81E799375857	B226D93525ED47DD1BD9702E438C2C970B9D50C4221CB6D1BB9378883AD8328C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	98AE08176D592C059E9A7F379177C244	CC9CFE1CACB12765E815F62DC70FC356542C62B2	86D2250BC9CF151E1F929F363B717E81E078C7C3702FF869BADFBCB33435DCDD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4CFBD2D-CA3D-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	5A88B7D51A9D99040B685FE92671E50E	E60FF8565A069BD7DAF1353DE1FC2A970EAEA27D	5BC78EF7D076EAB23296AB8DCA2E5B8D66747928BD9E9C0D9F5DC9ECB59F21DF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B3194A5846FAEC07ADC0500D0685A73F	9E3633ACEA92BDF86557047E9ED9712EE79A7B43	696636EEB5B6F3D910B7962D939B89CEF4ED833CB40E4246C19A83CF11A11A6A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4BC2E6B694E04F223D68366A0AF87A0E	8B9858C5DB07BFE5947D4631DF9FCC86C5341E3B	E039EC36DC7DBADBE5224F4E32BB4FE377CD8E9C0F9DAEC68295A9714CFD47D9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	3D106F8D81E47526A08176C6F8C18329	C19236889322C83BFC552D5D595E53EABFB7BD07	2AE8EEC012CD70F409CB644201D21A08E7582FD056B7DAE53E909F48C654EC83
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B2CA1CCF78CC4070DA091A9419E0AA6D	CA01D34ACCA8B78046A1525C4E305AC052475DE4	06CA37C7BD04FC44D92B891CDFF1DBD34BDE9E47BFD4A3C711369F434EADC467
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	54F5C11E01B717B776EF8E40C8D816B9	028B9A9621D77932588276BA9ED264A14B96DD88	5E96E9205730781126B33C258FDF7FFFB98095B607103CC20D67057DE9DD4012
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	94EA4CD46A4E9B785A858F2BEE8E5DB9	E59FA466AF5A88FEB23B01F301CF6EC76B17615D	34463B48149E279965A3F0A2749DCDA583D5A6098842606C41CFE76D245F5C5E
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	959B702705C62A20CF5D707A282EA563	ED9A6EDBA6529F1D0C6B56C527A0265FA51E72F5	A1225EC1858BB3D0FAB442304E61AFA99495751CF368AAA0DF75F77CA26447EA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	30F454BD3A1D60564B4DC63451B4A807	5BC3EC1513B8657A8441D6342930AFBB05AE6543	FF2843D5F659615F6EA5D12405EBE15EF428814C13088782319CC66FC242C51D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	D993C4E7ECCCA2F37CC7F999CDC5966F	10D39BB722D1BB6735877A25BEE637F029E79B49	8C2AD531D541C2B00083F42E6F1DAF98591159553CD069932E078C2E79654B80
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	7A83F24FFD49646B39A7CB1F487FD92A	95612901408E4D438F6B917636B7002F64215352	BEDC36DB63F4EDA7E3126C8A267E6F82521F11AFF54D999B34C72EE54817F455
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\585b051251[1].js	ASCII text, with very long lines	D8CA71772D1E86D5FB9D5E2F6CC1AE70	9B043E60997FE552D652E4474E16AFF923D7AA76	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff	Web Open Font Format, TrueType, length 22080, version 1.1	FA8878D8872A2AC4BEB377CDAE15566A	34EE72B0E553C3EFA41A7E0DF4EB710596469A10	8411023A027610AEB3DC333438E12A17222163AE78817C5395DA04548ED30150
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51TjASc6CsI[1].woff	Web Open Font Format, TrueType, length 22280, version 1.1	6E949B62AF2E8B6F705E35EE4DBC17F4	31BC06C0C932EC0176F42C6864C58D7450BBF97E	917A5159BE44DE9A82072F6A1C52EF645844D6BEDF42F8FD1549CD99D6DB2CC5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff	Web Open Font Format, TrueType, length 21656, version 1.1	147F4E11CE73A22AAC9C6C2822290953	EEFEA89A9C36F8B1A7CA99372A7E0E05C92EADD6	A22585CFD64238EF14B1B383B5B9A8BAD7C89E354C09FC0886067E876687A38C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff	Web Open Font Format, TrueType, length 20404, version 1.1	BF0F407102FAF3A0B521D3B545F547A5	CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB	855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff	Web Open Font Format, TrueType, length 20396, version 1.1	68D6DABFE54E245E7D5D5C16C3C4B1A9	7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19	A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw[1].woff	Web Open Font Format, TrueType, length 18576, version 1.1	57AF64FC644194101C1593ABEA164433	C5E19CDC9C784C0362E7D2B7B5BE26418B07FD89	08CA17DB0A1CEA494B3010B6410696744D5B6DB541EF3218C2C4860905D44868
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\WebResource[1].js	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\adobe[1].jpg	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3	BE5274AF7D8BD25B8148A190FF515399	B8D0850FD92EE935287E17988B89E53607808C8C	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\archive[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	0B8B3D2208EE2C2558ABE89491F2A3BF	BE13D8CDCF1FC66BBF73352380EAF989E2339B0B	BDAA1DFCFCCD172ABB78F26E748030F7BE5DF37C1F0ED564FBF1B2027EF2ACB6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css	ASCII text	04F7435B2672FBE66984EA436E7087C6	44896875E69B297EB979CC0D3E8522D872656BA8	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\fonticons[1].css	ASCII text	D5A77A550E6D041F3C674C6D000D96BC	BD02DFFDCEFBCEDF943518CF6FD62DB63A578842	7298AC333BEC1E6E6CDBCCFB3688F900510770EC58FA83DB582430C624E3B609
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\genericopenwindowfcts[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	CE0D685C7FBC01050B8A48C62CAE7BB7	0DF38F490AF1EA4E50CCCDE9D1814FDF4B41A82E	EA6FD74480EEFD16F265F8E096E25CC95C6359E0944574A0E485D0D92DA1C571
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\office3651[1].png	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced	FE22440D79FFA34950F512EF4A718B2A	0E147E59544EE6580D3095353D4420849FA5EB8A	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\outlook1[1].png	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced	C3FC46C5799C76F9107504028F39190F	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\8[1].jpg	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3	F17B5B1163EFB6D2D47DE6BAE6D3A9CD	6D6964B34BC44C6D2B106ADE1AE675985B96D012	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\all[1].js	ASCII text, with very long lines	887BA64E9621CFD6F183364BB13A4894	CCE2799A302C1B34127F003F8B9AA72CF0793D9C	906D397CA1B2ED9CF757FAF50A5F4FAEEFE883D62A32609D443006FC56CF21AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	20F0110ED5E4E0D5384A496E4880139B	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap-extended.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	4F62EF2F96809A353146173F765C94BA	E1AE433077C32C1ECDF4ACC9A252036457C0A7CE	DE3E5368C90F1FE431FB2DDC40AB83DD46FBE69F837507E7CDC402801A721519
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	F55371AE84173282F8995E205428B76E	39BEE99CE7418470937F106EEA42BB988607CB9C	8AEF10D887509642937ECB6B9319505A4D3BB03F60F4FAC8006CC60BCED5C26D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[1].js	ASCII text, with very long lines	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap.min[2].css	ASCII text, with very long lines	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\brand-icons.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	25D66FC1FE76E57689F3868FAC16C33D	3AC978C8B76E329EED18AA4B5AD7A66A051B38E2	409C806531699A47E585C9C4F18FA04293776D6A3E22F260DADDEDAD5BCD1049
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\campaigner.min[1].css	ASCII text, with very long lines, with no line terminators	7F81F27865AE5CAAF5157D5C72CAF463	18EB145F7244CC1D4B609E13A859E3FE30E70FD8	68EA12246455E77EE1365F1D49A102F8EE58F89BC76E354A01A7AD6F1117A0FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\font-awesome.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	361D939436923061B1C2189B0FFF7B9E	D4453D342EC083C9C3090B700FC97F1AF45ACB01	9AFC8642689B84EB0306CC3947B009634B5B350A8E3F027FA24776E73ED056AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\forbidframing[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	5CD4CA3D0F819A2F671983A0692C6DDD	BBD2807010E5BA10F26DA2BFA0123944D9521C53	916E48D15E96253E73408F0C85925463F3EE6DA0C5600CB42DBA50545C50133B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.1.1.min[1].js	ASCII text, with very long lines	E071ABDA8FE61194711CFC2AB99FE104	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\waves.min[1].css	ASCII text, with very long lines, with no line terminators	C8300A2DFDEE9FAF2599A19BB0005AD9	F53AB824F686C38070429D9627002CE110E42A8D	125A82B3D393B34F1C57983398E6ECB6A845EC87F4E29FBAB98F65C25674D000
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	6D1D3C4FD92B63CC534BE0EDF3AF18DC	5F5442FEB5BE60239F185E969C45050A7DBADE2A	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	6D1D3C4FD92B63CC534BE0EDF3AF18DC	5F5442FEB5BE60239F185E969C45050A7DBADE2A	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\1px[1].png	PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced	E679FBD466A2D656F194A5DA4FA083CD	2AA795C7607AA6EA41313BE88F1B7A9C1AB516B3	F309B7C03D9CAE63A9BEDBEE6ED655F3DBCDB194132943639344DEAD5F3B9710
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\2UX7WLTfW3W8TclTUvlFyQ[1].woff	Web Open Font Format, TrueType, length 18520, version 1.1	16E1D930CF13FB7A956372044B6D02D0	940B859E4F02BD3E7CF7B6CE245C197B5470302A	97BB9863429AE97FCC0CD6C80D30C3F7454D0B218D4758E24C30BDA441BD39D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	F4FE1CB77E758E1BA56B8A8EC20417C5	F4EDA06901EDB98633A686B11D02F4925F827BF0	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff	Web Open Font Format, TrueType, length 20532, version 1.1	DA2721C68B4BC80DB8D4C404F76B118C	3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804	BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\KFOmCnqEu92Fr1Mu4mxM[1].woff	Web Open Font Format, TrueType, length 20332, version 1.1	DC3E086FC0C5ADDC09702E111D2ADB42	B1138B84FF19EAC5F43C4202297529D389BD09B7	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\combobox.campformcombo[1].css	ASCII text, with CRLF line terminators	344B88C4A8D2591B68DB2448CE632EE9	F56D6F1523398EBD70A98D80CA8C0ADD074BE0A7	3E8F432938BB68E2D2EE6CFB81DAE2885267C58B1ABC04F663266EB0EE028D5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\font-awesome[1].eot	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\free-v4-shims.min[1].css	ASCII text, with very long lines	8A99CE81EC2F89FBCA03F2C8CF1A3679	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-3.2.1.slim.min[1].js	ASCII text, with very long lines	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-latest.min[1].js	ASCII text, with very long lines, with CRLF line terminators	DCE288F95FBF9F1DA7B4A971D6B5D5DB	654CF8125C4929542F1699776A38AC6DD8E153C9	30D6CC2F08F3E3C540ECEF09C5833AFB939CE01AD1E971D693CEFB31F716A54D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\popper.min[1].js	ASCII text, with very long lines	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\red_x[1]	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	5F3C13A459A72438E42B2289C7AF2034	F43551BE102CD1EB0B2E87DC24F980720194A56B	A7A63CA1370CD6FC3470FA81BB1DCB21BCE31B0048A36E5BCE8914EEB88DAAB1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Screen%20Shot%202021-06-09%20at%209.18.46%20PM[1].png	PNG image data, 700 x 739, 8-bit/color RGBA, non-interlaced	90C9E44FEA19EDB80221AADCC7821C04	1098F54649375C0B8E583794D8117D5D364E0A0D	8E150B07BF3C5DFCE8EBBF2906989BB253FD8714F39520BDFBFCA1E5389F056F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Telerik.Web.UI.WebResource[1].css	ASCII text, with very long lines, with CRLF line terminators	94B23F7CCA443A0E9C3E57E86E648DB1	B79ED79A11494DA1ABD911ABFC5AA5C0F3B7547C	E2610CAA52577A2E9C0D5687917B50DB29910F1C87450579825DE9D71ECF9937
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Telerik.Web.UI.WebResource[1].js	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	96E892352A706077CA4F0CC78FD62A3E	8ED1E7EEB60E6FD6D5902F836C05581422816E6D	6536E723603C358246ED61633EEB159CBC6A96C4143ACCE9D40F9AAD281CF2F1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\all[1].js	ASCII text, with very long lines	73AF0ACD01BED1CADD789EF5CC4BF9B3	07BC297F019746D1F910EA6EB48678362D540A79	34631CCA7F1A85380E081A97281EB3E84155BC8EE17A3B31904E3E58A79C102F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	26F971D87CA00E23BD2D064524AEF838	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css	ASCII text	896A43879DA6874AB94B9EF2B8522FAA	2D7CDE20E3D6CEA4C5396A60D1D1D53DC6BE0AF9	0D36AB1F4829402E9E3BFBCD71AA0E967B1E376B0CA9033A97AF876D498CC1D4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[2].css	ASCII text	7D735032BA95B018E621A63B5E90B575	EBA452D17316B6B3D7587373AFB3915E8C48F020	3474E85DA1AA9D40177FC35201F82740832FC311DCCBB1D0B4538F8E74FD054E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel	F896EB105D74F9E9F8F69ED1FDE1F8E3	E7A1DEBC6AD02BD48AAD1C4ED788842FF3F6B209	34662843D486EFDC07BF3D7B6FFA08EE89D187BAB3E99DF2B798766A0E0C701F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\free.min[1].css	ASCII text, with very long lines	390B4210E10C744C3C597500BCF0B31A	2600C7C2F25D7DBCBC668231601E426010DC6489	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\gmail[1].png	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced	DCE2F2B0E50CB1DBB0246D152791CB46	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\hover[1].css	ASCII text	FAC4178C15E5A86139C662DAFC809501	EF1481841399156A880EC31B07DDA9CFAA1ACE39	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js	ASCII text, with very long lines	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\other1[1].png	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced	6843A244E12FAB158AA189680B5E7049	0E1C691F87CC4FA35C88344974F2829C40176B70	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\socialsharinghelper[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	48B7D1E9D67591FFE897002CC9891193	E6AAC6544697B2225BCC5C926DF43B1FF3A6AB26	8953390791A948A028DB2ED333A6AA6057C3D541FCD872B96C41270DD9C8DFA1
C:\Users\user\AppData\Local\Temp\~DF62E9192A01DCB66D.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Local\Temp\~DFE457EFFB1E604CFA.TMP	data	7AEA7741B23955AC8ADA618E2B32BC45	0A9FE1E653151277DB804D5CF4D054495903C7AA	374A5DBC6A370EC67A9D305031CD1912BF1A181183D8B9C11725560B8114F1D0
C:\Users\user\AppData\Local\Temp\~DFF2BC313809C8DF54.TMP	data	C7F7AE1C85E2FD8A20AC9523EADB3E38	F6A69AC92F548962A72D9BDD1D1473D1E4D5002B	5317BD2E95F412540D20597F40D9DF20F5585241BAAF4089E7FFD03795882F8E

AV Detection:

Antivirus detection for URL or domain

Source: https://jityerk.ml/000/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on shot template match)

Source: https://jityerk.ml/000/

Matcher: Template: outlook matched

Yara detected HtmlPhish10

Source: Yara match	File source: 226533.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm, type: DROPPED

Yara detected HtmlPhish7

Source: Yara match	File source: 226533.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\000[2].htm, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

Matcher: Template: microsoft matched

Phishing site detected (based on various OCR indicators)

Source: Screenshots

OCR Text: \G")'C9M O secure.campaigner.com - [I X - X|'earh...JO-Grtk@ u L <9 '=>https//secure.campaigner.com/CSB/Pub|ic/archive,aspx?ar! " a CSearch,,, FAX.0909X [I k - [I X JO- GjCUC1 Share this: f g in w ^ sgn m to use your favonte product vity JPPG from any devke 'aai uCjM'ce365jZ You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA" CLICK HERE TO VIEW DOC(jMENT>>> V - [3 X C|Searh...JO-Grtk@ sgn m to use your favonte product vity JPPG from any devke 'aai Gaaike365 You Have Received (2) Pdf online Message ID "5467454678948-546" Reference: MLK355344343434-S5894 22/02/2021 This E-mail was sent from Scanner "RNP583879051AFA' Adobe PDF-Mlcromft Onllne 2021 : Microsoft Office PKxhKK V Rhocxc V Trmpben &ppce Mya<cmnt 0'=>e https//jityerk.ml/000/ e Share Point Onlinex [I C Search... d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1

Source: Screenshots

OCR Text: d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. k Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.

Found iframes

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large

Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5

HTTP Parser: Iframe src: https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large

HTML body contains low number of good links

Source: https://jityerk.ml/000/	HTTP Parser: Number of links: 0
Source: https://jityerk.ml/000/	HTTP Parser: Number of links: 0
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: Number of links: 1
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: Number of links: 1

HTML title does not match URL

Source: https://jityerk.ml/000/	HTTP Parser: Title: Share Point Online does not match URL
Source: https://jityerk.ml/000/	HTTP Parser: Title: Share Point Online does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: Title: FAX. 0909 does not match URL
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: Title: FAX. 0909 does not match URL

META author tag missing

Source: https://jityerk.ml/000/	HTTP Parser: No <meta name="author".. found
Source: https://jityerk.ml/000/	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: No <meta name="author".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://jityerk.ml/000/	HTTP Parser: No <meta name="copyright".. found
Source: https://jityerk.ml/000/	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: No <meta name="copyright".. found
Source: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49782 version: TLS 1.2

Networking:

Found strings which match to known social media urls

Source: socialsharinghelper[1].js.3.dr	String found in binary or memory: window.open("http://www.linkedin.com/shareArticle?mini=true&url=" + url + "&title=" + t, "LinkedIn", "width=700,height=500,title='Share this'"); equals www.linkedin.com (Linkedin)
Source: socialsharinghelper[1].js.3.dr	String found in binary or memory: window.open("https://www.facebook.com/sharer/sharer.php?u=" + url, "facebook", "width=650,height=500,title='Share this'"); equals www.facebook.com (Facebook)
Source: all[1].js0.3.dr	String found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {var i = new Image();i.crossOrigin = 'anonymous';i.dataset.testid = 'fbSDKErrorReport';i.src='https://www.facebook.com/platform/scribe_endpoint.php/?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script||"all.js")+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1003944383","namespace":"FB","message":"'+e.message+'"}}');document.body.appendChild(i);} equals www.facebook.com (Facebook)
Source: all[1].js0.3.dr	String found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: #https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa1f570ce,0x01d75e4a</date><accdate>0xa1f570ce,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa1fc9783,0x01d75e4a</date><accdate>0xa1fc9783,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa1fc9783,0x01d75e4a</date><accdate>0xa1fc9783,0x01d75e4a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: all[1].js0.3.dr	String found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";f.sendEvent=a;var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e===void 0&&(e={});var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement||g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}}),null); equals www.facebook.com (Facebook)
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: res://ieframe.dll/forbidframing.htm#https://www.facebook.com/plugins/like.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfbaf636c8514a1%26domain%3Dsecure.campaigner.com%26origin%3Dhttps%253A%252F%252Fsecure.campaigner.com%252Ff3336d48d974bce%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fsecure.campaigner.com%2FCSB%2FPublic%2Farchive.aspx%3Fargs%3DNTIxMjkwODU%253d%26acc%3DNzY2ODQ5&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&size=large equals www.facebook.com (Facebook)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: secure.campaigner.com

URLs found in memory or binary data

Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://benalman.com/about/license/
Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://benalman.com/projects/jquery-throttle-debounce-plugin/
Source: font-awesome[1].eot.3.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome[1].eot.3.dr	String found in binary or memory: http://fontawesome.io/license/
Source: font-awesome[1].eot.3.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: fonticons[1].css.3.dr	String found in binary or memory: http://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE.eot);
Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: hover[1].css.3.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.3.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.3.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: msapplication.xml.2.dr	String found in binary or memory: http://www.amazon.com/
Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://www.appcropolis.com)
Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: msapplication.xml1.2.dr	String found in binary or memory: http://www.google.com/
Source: socialsharinghelper[1].js.3.dr	String found in binary or memory: http://www.linkedin.com/shareArticle?mini=true&url=
Source: msapplication.xml2.2.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.dr	String found in binary or memory: http://www.nytimes.com/
Source: Telerik.Web.UI.WebResource[1].js.3.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: msapplication.xml4.2.dr	String found in binary or memory: http://www.reddit.com/
Source: genericopenwindowfcts[1].js.3.dr	String found in binary or memory: http://www.telerik.com/help/aspnet-ajax/window-programming-setting-client-events-using-javascript.ht
Source: msapplication.xml5.2.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.2.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.2.dr	String found in binary or memory: http://www.youtube.com/
Source: 000[1].htm.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 000[1].htm.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 000[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: 000[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 000[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: archive[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: archive[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: 000[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: fonticons[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff)
Source: fonticons[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/5YB-ifwqHP20Yn46l_BDhA.eot);
Source: fonticons[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/CWB0XYA8bzo0kSThX0UTuA.woff2)
Source: fonticons[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff)
Source: fonticons[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUVtXRa8TVwTICgirnJhmVJw.woff2)
Source: css[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51S7ACc6CsI.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TjASc6CsI.woff)
Source: css[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: bootstrap.min[2].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.3.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[2].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: all[1].js0.3.dr	String found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://jityerk.ml/000
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://jityerk.ml/000/
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://jityerk.ml/000/$Share
Source: ~DFF2BC313809C8DF54.TMP.2.dr	String found in binary or memory: https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5P
Source: ~DFF2BC313809C8DF54.TMP.2.dr	String found in binary or memory: https://jityerk.ml/000/r.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5nes
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://kit.fontawesome.com
Source: 000[1].htm.3.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: 000[1].htm.3.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: 000[1].htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: 000[1].htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=radScriptManager_T
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nGT9ocicfa2Xof
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZItUc7uOXVQ_JJSF3nqWHTssVf86I
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/combobox.campformcombo.css
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/app_themes/lightning/common/fonticons.css
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/brand-icons/brand-icons.min.css
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/fonts/font-awesome/font-awesome.min.css
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/content/ui-theme/global/vendor/waves/waves.min.css
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap-e
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/bootstrap.m
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/node_modules/campaigner-core/src/style/theme/campaigner/campaigner.
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/custom/socialsharinghelper.js
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/genericopenwindowfcts.js
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/csb/scripts/thirdparty/jquery-latest.min.js
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/editorassets/1px.png
Source: archive[1].htm.3.dr	String found in binary or memory: https://media.campaigner.com/media/76/766849/Screen
Source: all[1].js0.3.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://secure.campaig
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DFF2BC313809C8DF54.TMP.2.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5
Source: {CE8904AF-CA3D-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://secure.campaigner.com/CSB/Public/archive.aspx?args=NTIxMjkwODU%3d&acc=NzY2ODQ5Root
Source: imagestore.dat.3.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://secure.campaigner.com/favicon.ico~
Source: socialsharinghelper[1].js.3.dr	String found in binary or memory: https://twitter.com/share?url=
Source: all[1].js0.3.dr	String found in binary or memory: https://www.internalfb.com/intern/invariant/

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.14:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 31.13.92.36:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 198.54.115.106:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49782 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: mal80.phis.win@3/75@11/7

Creates files inside the user directory

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE8904AD-CA3D-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Creates temporary files

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE457EFFB1E604CFA.TMP

Jump to behavior

Reads ini files

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6740 CREDAT:17410 /prefetch:2			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior