sign in sign up
<<
Home , Chromium (web browser)

ID: 284890 Cookbook: urldownload.jbs Time: 04:59:35 Date: 14/09/2020 Version: 29.0.0 Ocean Jasper Table of Contents

Table of Contents 2 Analysis Report ://www.ariscommunity.com/aris-express/download# 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Networking: 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped 7 Unpacked PE Files 7 Domains 7 7 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 8 Contacted IPs 11 Public 11 General Information 11 Simulations 13 Behavior and APIs 13 Joe Sandbox View / Context 13 IPs 13 Domains 13 ASN 14 JA3 Fingerprints 14 Dropped Files 14 Created / dropped Files 14 Static File Info 25 No static file info 25 Network Behavior 25 Snort IDS Alerts 25 Network Port Distribution 25 TCP Packets 25 UDP Packets 27 DNS Queries 28 DNS Answers 29 HTTPS Packets 29 Code Manipulations 30 Statistics 30 Behavior 30 System Behavior 31 Analysis Process: cmd.exe PID: 7024 Parent PID: 1840 31 General 31 File Activities 31 Copyright null 2020 Page 2 of 34 File Created 31 Analysis Process: conhost.exe PID: 7032 Parent PID: 7024 31 General 31 Analysis Process: wget.exe PID: 7076 Parent PID: 7024 32 General 32 File Activities 32 File Created 32 File Written 32 Analysis Process: iexplore.exe PID: 6348 Parent PID: 6104 33 General 33 File Activities 33 Registry Activities 33 Analysis Process: iexplore.exe PID: 504 Parent PID: 6348 33 General 33 File Activities 33 Registry Activities 34 Disassembly 34 Code Analysis 34

Copyright null 2020 Page 3 of 34 Analysis Report https://www.ariscommunity.com/aris-ex…press/download#

Overview

General Information Detection Signatures Classification

Sample URL: https://www.ariscom munity.com/aris-express/d SSnnoorrrttt IIIDDSS aallleerrrttt fffoorrr nneetttwwoorrrkk tttrrraaffffffiiicc (((ee...… ownload# DSDenetotteerctc ttIteDeddS p paooltetteerntn ttftiioiaarlll cncrerryytpwptttoor fkffuu tnnrcactfttifiioiocnn (e. Analysis ID: 284890 QDueueteerrrciiieetess d ttth hpeeo vtveoonlllutuimale ec riiinynfpffootrorrm fuaantttiiiocotnnio (((nnnaam… Most interesting Screenshot: Ransomware Queries the volume information (nam Queries the volume information (nam Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 48 Range: 0 - 100 Whitelisted: false Confidence: 100%

Startup

System is w10x64 cmd.exe (PID: 7024 cmdline: :\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\\Desktop\download' --no-check-certificate --content-disposition --user-ag ent='Mozilla/5.0 (Windows NT 6.1; WOW64; /7.0; AS; rv:11.0) like ' 'https://www.ariscommunity.com/aris-express/download#' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) wget.exe (PID: 7076 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://www.ariscommunity.com/aris-express/download#' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60) iexplore.exe (PID: 6348 cmdline: 'C:\Program Files\\iexplore.exe' C:\Users\user\Desktop\download\download.svg MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 504 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6348 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright null 2020 Page 4 of 34 • Networking • System Summary • Malware Analysis System Evasion • Language, Device and Detection

Click to jump to signature section

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Mitre Att&ck Matrix

Remote Initial Privilege Defense Credential Lateral Command Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Valid Windows Path Process Masquerading 1 OS Security Remote Archive Exfiltration Encrypted Eavesdrop on Remotely Accounts Management Interception Injection 1 Credential Software Services Collected Over Other Channel 1 2 Insecure Track Device Instrumentation Dumping Discovery 1 Data 1 Network Network Without Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS File and Remote Data from Exfiltration Non- Exploit SS7 to Remotely Accounts Task/Job Logon Logon Injection 1 Memory Directory Desktop Removable Over Application Redirect Phone Wipe Data Initialization Initialization Discovery 1 Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At () Logon Script Logon Obfuscated Files Security System SMB/Windows Data from Automated Application Exploit SS7 to Obtain Accounts (Windows) Script or Information Account Information Admin Shares Network Exfiltration Layer Track Device Device (Windows) Manager Discovery 1 2 Shared Protocol 2 Location Cloud Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS Remote System Distributed Input Scheduled Protocol SIM Card Accounts (Mac) Script Discovery 1 Component Capture Transfer Impersonation Swap (Mac) Object Model

Behavior Graph

Copyright null 2020 Page 5 of 34 Hide Legend Behavior Graph Legend: ID: 284890 Process URL: https://www.ariscommunity.c... Signature Startdate: 14/09/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 48 Is Dropped

Is Windows Process

Number of created Registry Values Snort IDS alert for network traffic (e.g. started started based on Emerging Threat Number of created Files rules) Visual Basic

Delphi

Java cmd.exe iexplore.exe .Net C# or VB.NET

C, C++ or other language

2 11 Is m8a8licious Internet

started started started

wget.exe conhost.exe iexplore.exe

2 56

www.ariscommunity.com

87.230.41.19, 443, 49731, 49733 GD-EMEA-DC-CGN3DE Germany

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright null 2020 Page 6 of 34 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://www.ariscommunity.com/aris-express/download# 0% Virustotal Browse https://www.ariscommunity.com/aris-express/download# 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link rdfs.org/sioc/ns# 0% Virustotal Browse rdfs.org/sioc/ns# 0% Avira URL Cloud safe kenwheeler.github.io/slick 0% Virustotal Browse

Copyright null 2020 Page 7 of 34 Source Detection Scanner Label Link kenwheeler.github.io/slick 0% Avira URL Cloud safe kenwheeler.github.io 0% Virustotal Browse kenwheeler.github.io 0% Avira URL Cloud safe rdfs.org/sioc/types# 0% Virustotal Browse rdfs.org/sioc/types# 0% Avira URL Cloud safe https://grack.com/blog/2009/11/17/absolutizing-url-in- 0% Virustotal Browse https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript 0% Avira URL Cloud safe www.wikipedia.com/ 0% Virustotal Browse www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe xmlns.com/foaf/0.1/ 0% Virustotal Browse xmlns.com/foaf/0.1/ 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation www.ariscommunity.com 87.230.41.19 true false high

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/cure53/DOMPurify/blob/2.0.11/dist/purify.js# DE_ZSTjWdduGXLHU[1].js.9.dr L128 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/jquery/jquery/blob/3.0.0/dist/jquery.js#L4584 DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/js/js_Tik8PIa z_eQ5I4FMzmjkWoPEs9jKBgTSauo1jgsNa6g. plugins.jquery.com/project/once js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr https://developer.mozilla.org/en- js_62nUot7S2hkRV25kn2vWUBYsSmR false high US/docs/Web/Security/Same-origin_policy RxWlqMbciU2RC4MI[1].js.9.dr https://github.com/jquery/jquery/issues/2432 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr certificates.starfieldtech.com/repository/0 wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp crl.starfieldtech.com/sfig2s1-176.crl wget.exe, 00000003.00000003.35 false high 8873256.0000000001268000.00000 004.00000001.sdmp ogp.me/ns/video# download.3.dr false high https://github.com/jquery/jquery/pull/4333 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/css/css_nQ wtytNsztHNRD8oGYQyyja_LgjxLi44qLISIPyImu https://www.drupal.org/project/drupal/issues/3143016 js_62nUot7S2hkRV25kn2vWUBYsSmR false high RxWlqMbciU2RC4MI[1].js.9.dr stackoverflow.com/questions/699941/handle-ajax-error- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high when-a-user-clicks-refresh. DE_ZSTjWdduGXLHU[1].js.9.dr https://ariscommunity.com/sites/all/themes/aoc/img/logo- download.3.dr false high social-media.png www.amazon.com/ msapplication.xml.8.dr false high ocsp.starfieldtech.com/0; wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp https://www.drupal.org/project/jquery_update. js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr github.com/kenwheeler/slick js_vnlNdWmERwlKDWtDJghLX1XgPHL false high eSYhLzdaZvtLYhPQ[1].js.9.dr www.twitter.com/ msapplication.xml6.8.dr false high https://github.com/jquery/jquery/blob/1.5/jquery.js#L5147 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr

Copyright null 2020 Page 8 of 34 Name Source Malicious Antivirus Detection Reputation download.3.dr false high https://softwareag.zoom.us/webinar/register/WN_G1xhL2yxSE -viTGLtP_TzQ certificates.starfieldtech.com/repository/sfig2.crt wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp crl.starfieldtech.com/sfroot-g2.crl wget.exe, 00000003.00000003.35 false high 8873256.0000000001268000.00000 004.00000001.sdmp drupal.org/node/736066. js_62nUot7S2hkRV25kn2vWUBYsSmR false high RxWlqMbciU2RC4MI[1].js.9.dr ocsp.starfieldtech.com/0F wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp www.opensource.org/licenses/mit-license.php js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/css/css_i_4f 9vjrPSX4reF43xVGA7m-HnYIPP9PQZfa5YB5n4 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/jquery/jquery/blob/3.4.0/dist/jquery.js#L4712 DE_ZSTjWdduGXLHU[1].js.9.dr crl.starfieldtech.com/sfig2s1-176.crl0c wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp jquery.malsup.com/form/#file-upload. js_62nUot7S2hkRV25kn2vWUBYsSmR false high RxWlqMbciU2RC4MI[1].js.9.dr js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L5032 DE_ZSTjWdduGXLHU[1].js.9.dr bugs.jquery.com/ticket/9521 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr www.softwareag.com wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp, download.3.dr js_62nUot7S2hkRV25kn2vWUBYsSmR false high https://html.spec.whatwg.org/multipage/browsers.html#creatin RxWlqMbciU2RC4MI[1].js.9.dr g-browsing-contexts github.com/kenwheeler/slick/issues js_vnlNdWmERwlKDWtDJghLX1XgPHL false high eSYhLzdaZvtLYhPQ[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/js/js_C0tNQ ApqlegVqiGYgXz6HY3in7YDE_ZSTjWdduGXLHU. ogp.me/ns/article# download.3.dr false high rdfs.org/sioc/ns# download.3.dr false 0%, Virustotal, Browse unknown Avira URL Cloud: safe download.3.dr false high https://www.ariscommunity.com/sites/default/files/js/js_62nUot 7S2hkRV25kn2vWUBYsSmRRxWlqMbciU2RC4MI. www.reddit.com/ msapplication.xml5.8.dr false high https://github.com/jquery/jquery/blob/1.5/jquery.js#L4960 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr www.twitter.com/ariscommunity wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp, download.3.dr js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils DE_ZSTjWdduGXLHU[1].js.9.dr .js www.nytimes.com/ msapplication.xml4.8.dr false high kenwheeler.github.io/slick js_vnlNdWmERwlKDWtDJghLX1XgPHL false 0%, Virustotal, Browse unknown eSYhLzdaZvtLYhPQ[1].js.9.dr Avira URL Cloud: safe ogp.me/ns/product# download.3.dr false high https://github.com/jquery/jquery/blob/1.5/jquery.js#L5493 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr kenwheeler.github.io js_vnlNdWmERwlKDWtDJghLX1XgPHL false 0%, Virustotal, Browse unknown eSYhLzdaZvtLYhPQ[1].js.9.dr Avira URL Cloud: safe certs.starfieldtech.com/repository/1402 wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp crl.starfieldtech.com/sfroot-g2.crl0L wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp rdfs.org/sioc/types# download.3.dr false 0%, Virustotal, Browse unknown Avira URL Cloud: safe https://bugs.chromium.org/p/chromium/issues/detail? js_62nUot7S2hkRV25kn2vWUBYsSmR false high id=1084874 RxWlqMbciU2RC4MI[1].js.9.dr

Copyright null 2020 Page 9 of 34 Name Source Malicious Antivirus Detection Reputation download.3.dr false high https://www.ariscommunity.com/sites/default/files/css/css_xE- rWrJf-fncB6ztZfd2huxqgxu4WO-qwma6Xer30m www.ariscommunity.com/feed wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp, download.3.dr https://github.com/jquery/jquery/blob/1.5/jquery.js#L4958 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/js/js_PbOjC 8ciLHkUrlx2YCpc3m2JkWWoCi39e4KD6Kq8oFs. https://github.com/jquery/jquery/blob/1.5/jquery.js#L4957 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://softwareag.zoom.us/webinar/register/WN_1nnf9DQlQq 2ZRZovp3rEsA https://github.com/jquery- js_62nUot7S2hkRV25kn2vWUBYsSmR false high form/form/blob/df9cb101b9c9c085c8d75ad980c7ff1cf62063a1/ RxWlqMbciU2RC4MI[1].js.9.dr jquery.form.js#L68 https://statistics.ariscommunity.com/ wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp, download.3.dr https://github.com/jquery/jquery/blob/1.5/jquery.js#L5521 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/jquery/jquery/blob/3.5.1/dist/jquery.js#L4939 DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/css/css_fW_ rWxk7QAPJXG6tPD8id5ZtQd39mT2-2Y7zDTq0rk www.jacklmoore.com/colorbox js_PbOjC8ciLHkUrlx2YCpc3m2JkWW false high oCi39e4KD6Kq8oFs[1].js.9.dr https://certs.starfieldtech.com/repository/ wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp https://grack.com/blog/2009/11/17/absolutizing-url-in- js_C0tNQApqlegVqiGYgXz6HY3in7Y false 0%, Virustotal, Browse unknown javascript DE_ZSTjWdduGXLHU[1].js.9.dr Avira URL Cloud: safe https://developer.mozilla.org/en- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high US/docs/Web/HTML/Element DE_ZSTjWdduGXLHU[1].js.9.dr js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://html.spec.whatwg.org/multipage/syntax.html#elements- DE_ZSTjWdduGXLHU[1].js.9.dr 2 https://www.ariscommunity.com/node/14 download.3.dr false high https://github.com/jquery/jquery- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high ui/blob/1.11.4/ui/tabs.js#L53 DE_ZSTjWdduGXLHU[1].js.9.dr https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high 2020-11022 DE_ZSTjWdduGXLHU[1].js.9.dr https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high 2020-11023 DE_ZSTjWdduGXLHU[1].js.9.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/css/css_SX wIV_NQ7mwk8UaCIavDzpG2JqH3i00hv6DI8L8nWM www..com/ msapplication.xml8.8.dr false high https://github.com/jquery/jquery- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high ui/blob/1.11.4/ui/tabs.js#L58 DE_ZSTjWdduGXLHU[1].js.9.dr certs.starfieldtech.com/repository/ wget.exe, 00000003.00000003.35 false high 8873256.0000000001268000.00000 004.00000001.sdmp, wget.exe, 0 0000003.00000002.359231352.000 00000013A5000.00000004.0000004 0.sdmp, cmdline.out.3.dr ogp.me/ns# download.3.dr false high download.3.dr false high https://softwareag.zoom.us/webinar/register/WN_hzoEw1zXT NGK31--SbP0Lg?utm_source=partner&utm_med www.gnu.org/licenses/gpl.html js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr https://github.com/jquery/jquery/blob/1.5/jquery.js#L5518 js_C0tNQApqlegVqiGYgXz6HY3in7Y false high DE_ZSTjWdduGXLHU[1].js.9.dr www.wikipedia.com/ msapplication.xml7.8.dr false 0%, Virustotal, Browse unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://github.com/jquery/jquery- js_C0tNQApqlegVqiGYgXz6HY3in7Y false high migrate/blob/3.3.0/src/jquery/manipulation.js#L5 DE_ZSTjWdduGXLHU[1].js.9.dr ogp.me/ns/book# download.3.dr false high ogp.me/ns/profile# download.3.dr false high

Copyright null 2020 Page 10 of 34 Name Source Malicious Antivirus Detection Reputation www.live.com/ msapplication.xml3.8.dr false high certificates.starfieldtech.com/repository/sfig2.crt0 wget.exe, 00000003.00000003.35 false high 8814050.00000000012A7000.00000 004.00000001.sdmp www.youtube.com/user/ariscommunity? wget.exe, 00000003.00000003.35 false high sub_confirmation=1 8814050.00000000012A7000.00000 004.00000001.sdmp, download.3.dr download.3.dr false high https://www.ariscommunity.com/sites/default/files/js/js_vnlNd WmERwlKDWtDJghLX1XgPHLeSYhLzdaZvtLYhPQ. ocsp.starfieldtech.com/ wget.exe, 00000003.00000003.35 false high 8873256.0000000001268000.00000 004.00000001.sdmp https://shop.ariscloud.com/order/checkout.php? download.3.dr false high PRODS=4630715&QTY=1&CART=1&ORDERSTYLE=nLWo5 ZXfkHY=&COU crl.starfieldtech.com/sfig2s1-176.crl?)dm wget.exe, 00000003.00000003.35 false high 8873256.0000000001268000.00000 004.00000001.sdmp js_C0tNQApqlegVqiGYgXz6HY3in7Y false high https://github.com/jquery/jquery/blob/1.9.0/jquery.js#L6419 DE_ZSTjWdduGXLHU[1].js.9.dr xmlns.com/foaf/0.1/ download.3.dr false 0%, Virustotal, Browse unknown Avira URL Cloud: safe

Contacted IPs

No. of IPs < 25% 25% < No. of IPs < 50%

50% < No. of IPs < 75% 75% < No. of IPs

Public

IP Country Flag ASN ASN Name Malicious 87.230.41.19 Germany 35329 GD-EMEA-DC-CGN3DE false

General Information

Joe Sandbox Version: 29.0.0 Ocean Jasper Analysis ID: 284890 Start date: 14.09.2020 Start time: 04:59:35 Copyright null 2020 Page 11 of 34 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 37s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: urldownload.jbs Sample URL: https://www.ariscommunity.com/aris-express/dow nload# Analysis system description: w10x64 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, 8 Update 211 Number of analysed new started processes analysed: 28 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: MAL Classification: mal48.win@7/38@2/1 EGA Information: Failed HDC Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI

Copyright null 2020 Page 12 of 34 Warnings: Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.158.208.111, 52.184.221.185, 20.49.150.241, 104.83.120.32, 172.217.21.234, 51.104.139.180, 92.122.214.152, 92.122.214.147, 152.199.19.161, 93.184.221.240, 51.105.249.223, 13.68.93.109, 51.11.168.160, 52.164.221.179, 52.155.217.156, 2.20.84.85 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, am3p.wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadn s.net, go.microsoft.com, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2- 0.edgecastdns.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt- microsoft-com.akamaized.net, wu.wpc.apr- 52dd2.edgecastdns.net, prod.fs.microsoft.com.akadns.net, au-bg- shim.trafficmanager.net, displaycatalog- europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, sls.update.microsoft.com.akadns.net, ris- prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, settingsfd- geo.trafficmanager.net, ris.api.iris.microsoft.com, sls.emea.update.microsoft.com.akadns.net, umwatsonrouting.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Execution Graph export aborted for target wget.exe, PID 7076 because there are no executed function Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

Copyright null 2020 Page 13 of 34 No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDFF7972-F681-11EA-90E2-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 24152 Entropy (8bit): 1.750378551476871 Encrypted: false MD5: E382A16FF728D4A9ECF0CABFAEC5E4DB SHA1: A019C0C25A4BCD469391C52FC87B79428A4FBACC SHA-256: 22F8B1A1D0BA9985D3A1E04E049A5AC7FB01D116BFB0B36293D35D2560FAB43E SHA-512: 0CF8333A1DBEC33809C842B07713586605C67437A0A8C2DE9AEDA930C518C520F0B340CE001E9825B09C0732F1605D6C4D32D43DDCFF062EF514380D902F26E1 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDFF7974-F681-11EA-90E2-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 23640 Entropy (8bit): 1.7330007819682807 Encrypted: false MD5: BDC375B78ABADC6EFAE3BB0859DEFF25 SHA1: C79A22D82EF7C0447F5D4867FA1BF1AEC0FCAE83 SHA-256: E9D5C1E613BCCE64F3A602FD50BF84A6887FC8AEF518D2C0BBFC497D1729E5BC SHA-512: FEDBBF28B66FEA03290B272931CFC4188F1627CFC1EA795119DE9F78621ED17C42D71C1890B6781CE5CA9EF151E40383D0325B27FCBFA5ACAC8ADA696723A0A F Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication. Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.022050628787613 Encrypted: false MD5: 04D2673410E2888FE943D1607764A468 SHA1: BFAB210D607C7D4B897977A7E4F1ED6F27521A42 SHA-256: 9BF77956F0E2E50933788490A386DFE9106C6CA19FF37F418C26C131635B603A SHA-512: C60B4F12F7F0D2E5C25DF0CC83931DBED11CEEAE0A54CB6983D5FA75F3AB194DB605CB076572DA32CD3719250121132C3C66F1BE7B5EB1988D27B53B503AA0 F6 Malicious: false Reputation: low

Copyright null 2020 Page 14 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Preview: ..0xc118d1ae,0x01d68a8e< accdate>0xc118d1ae,0x01d68a8e....0xc118d1ae,0x01d68a8e0 xc118d1ae,0x01d68a8e..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.040819540864144 Encrypted: false MD5: 6788AEA7AF77D9EA8DAF5564D1D3AEF8 SHA1: 13F093656A5942B6F021B9B24371D7E1BE1DD9AE SHA-256: 6FC3DEC10BA02F73E64CCF04083C700862D2FA81BD0FCEF6FF565A64EF1DE8E8 SHA-512: 69C4DA16643BC62001CEAB96A91BC1FAB696800FBBE3C94D364326F5C6CF18E16AA3ED890224FAF31ADA6FEB7EC8637A78511FB298E37F5D8A2BE0E410DE86 1D Malicious: false Reputation: low Preview: ..0xc111aaa6,0x01d68a8e0xc111aaa6,0x01d68a8e....0xc111aaa6,0x01d68a8e0xc111aaa6,0x01d68a8e..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.11018270915959 Encrypted: false MD5: 57E4FBDE1EE08333F500202B8F698FB9 SHA1: 6D143417428C6C4E95D9FB0F961BC10DD0FF3D82 SHA-256: E78E2B56A2C29E1826A90D46DA53C169F89B2DA7282F612CEFB1534056222430 SHA-512: ED52924B0FB7E9140430224CD95D6F695765B03CEFB3FB9B8AC45BED6F256E428036073494A5C19F7D6CBB2CDEB63A92D3DCF95DBDFB2AE2F01A455AA17020 7C Malicious: false Reputation: low Preview: ..0xc11b3409,0x01d68a8e 0xc11b3409,0x01d68a8e.. ..0xc11b3409,0x01d68a8e0xc11b3409,0x01d68a8e..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 410 Entropy (8bit): 5.149061000155958 Encrypted: false MD5: 0DD2A8E36F21E80CFCED50A542803520 SHA1: 1311C0766B1D872B7FC7DAD7140E30451E3A070F SHA-256: 4CBF72E9B161C60983F78A6FD567C41898C1618AFF77ABB1F2E6819E641A2C82 SHA-512: 6B11EA9B2A671ED82CA3D8309E306B9CC7E76971E1B5D48A0FB3CCEA565F67CF21BAC263BD4B3143FF5975C314BB332AE10061485AD7626B0AA556B58C420B6 5 Malicious: false Reputation: low Preview: ..0xff4550b5,0x01 d52d0c0xc1140d01,0x01d68a8e\lowres.png..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.084373965749665

Copyright null 2020 Page 15 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Encrypted: false MD5: B2BBC21C93A13AF26007821E57A046A6 SHA1: E9D204392A16B10489DD3673214A1CBFD8CBFFD2 SHA-256: F292254DB0AE52066CDBEFE912DDE306A5D4381F6EA4B75FF367A1AAAFFEF7DC SHA-512: 7866BD0116818AFBAD3E98994E1BA994B46DC6D3A6EE3DA5CEFD911F35C8DE968397B1BF361C9AD6C9B5E294F24D3098FF03DAFABA31049B7C5FFE160B8E4D 75 Malicious: false Reputation: low Preview: ..0xc1166f58,0x01d68a8e0xc1166f58,0x01d68a8e....0xc1166f58,0x01d68a8e0xc1166 f58,0x01d68a8e ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.122107740645141 Encrypted: false MD5: 27FECCEBAF5AEFD6448AE2462454C286 SHA1: 974970BAFD3EA8F51D215A46977CB035F5ECAD2B SHA-256: 4E0696C75B71CA62095D6F13AFAD5442EE4F305020DEA1BB2AA8BA79691E5C06 SHA-512: 8F55DE7D4A467AA9F6540EE9A2AD952AE6E93BBEDE58AB099EB299AEDF5D25B1097A9987EF63ED24278E4BEDEB820713F85FC9137D73C8A6FD0E8A6A49B700 CD Malicious: false Reputation: low Preview: ..0xc11b3409,0x01d68a8e< accdate>0xc11b3409,0x01d68a8e....0xc11b3409,0x01d68a8e0 xc11b3409,0x01d68a8e ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.022457102176598 Encrypted: false MD5: 06D297D8853B7A1D0A5C7AE6795C35F3 SHA1: 0CAC6CDB36B0E9DBB0643BE1551A7A6296DB471C SHA-256: 701A05D1079F34998F35D9EEEC765D1A1A98F4C44681F6DDC0C1521660321749 SHA-512: 3F37EAA1F52C169C94724213CC4321678A1044B3BBA2E0DC23B68A2533A71FD28F937F0F1EC4C4965E3E80CE60586F136D277A4CC152D9C51FC1378613827475 Malicious: false Reputation: low Preview: ..0xc118d1ae,0x01d68a8e0xc118d1ae,0x01d68a8e....0xc118d1ae,0x01d68a8e0xc 118d1ae,0x01d68a8e ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.109391562853401 Encrypted: false MD5: 010E34C9D6A9B3780D199697FD4F2B1A SHA1: 63FAB1512C03C07738CED0D072651C5600E76936 SHA-256: 8BA8BF5639B91FD90E0AFDF29966A941928418224A53A96F38071849ABAFFC2B SHA-512: CFB6DAA4CBDE88F5F26114680F0A081A3B44C6C6389AC59D0B87AA91BBFA4097CA512173E61EEE92C991B38EFE01A067E0E1AC536D90E5343EFC2F01549AA9 86 Malicious: false Reputation: low

Copyright null 2020 Page 16 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Preview: ..0xc1166f58,0x01d68a8e< accdate>0xc1166f58,0x01d68a8e....0xc1166f58,0x01d68a8e0 xc1166f58,0x01d68a8e ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.064014812229994 Encrypted: false MD5: 24EE8B56BF1CA63F6B214C804928870E SHA1: 6625DBF8D5888E361F1781E82F323C832CE1A57A SHA-256: E70C46702548A890C9AF2B013D686F51220E72504BE94CAF96E953C1DB86C1AF SHA-512: B927DAEF3CCC2EC634C7F84D3BF44D6F0E27CCD242CA03938397C9264CEDF09BFD2ECA2C1B971E818DF3AAD811725FB4502210B9E321679BC6DA21F11733F3 A3 Malicious: false Reputation: low Preview: ..0xc1140d01,0x01d68a8e 0xc1140d01,0x01d68a8e....0xc1140d01,0x01d68a8e0xc1140d01,0x01d68a8e..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.057440492457346 Encrypted: false MD5: E5F85F07BA052673A745FAAFEBA547C7 SHA1: 448A2F2A4BB9B72C5FB50394107AED4BF6BE9726 SHA-256: 86F5E0078A603FEF2F7F2ADA48B386B133A93FA3D10DF14ED1B456FACD938FD1 SHA-512: 3EA5922BC4DC0581E6754365734B694807A89AB3C2B08385BC6AC5E044D6888A1330903385D170E32B2BF5B6C3170A1CFF784C6C8927D0DF8B100355278E4065 Malicious: false Reputation: low Preview: ..0xc1140d01,0x01d68a8e0xc1140d01,0x01d68a8e....0xc1140d01,0x01d68a8e0xc1166f58,0x01d68a8e..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\-MediumItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoMediumItalic family Size (bytes): 27581 Entropy (8bit): 7.9714511289271215 Encrypted: false MD5: 7A49CE79B6089D4D37BF47225C7E5E32 SHA1: 6BC0BB45CC9A3734BE1AA9070280ECB09B600F95 SHA-256: 1D8ED1B7999B6547039FB13BCC22667D938CCB0F503C0B5E13A8951DB4BBEC85 SHA-512: DC0A0B82D13FBAEE1968D75AD7AF5CF2926920F28862A5E4B2D45FAB080F11A299999659BF2CAB0470D9AF5D954E138E39DB0AA25CDEA16B4A62DD5D013F04 63 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-MediumItalic.eot? Preview: .k...j...... LP.....!.P!...... g{...... $.R.o.b.o.t.o.M.e.d.i.u.m.I.t.a.l.i.c.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.2.;. .2.0.1.4...2.R.o.b.o.t.o.M.e.d.i.u.m.I.t.a.l. i.c. .I.t.a.l.i.c.....BSGP...... @[email protected][qJ.x"c.r,g,E.&..C.....E{z~J%....X...Z.G..`n.56)....qq...o.|P...3..[....ZLL...... fp..D...M...*...j_|...... C.....%..; '.*.`..(.0.D9"...... D<...a..".....A...X.A?J..!$..z-.E...v.1Z..lL....i.$...... a..D.....()4....S.f...... m.wbK..F.....~...R..E...o..M(Q...C...... p..s"...... C.C..!.F.l.X.E ..S~.d".d$..B.CH...... et*[email protected].... Ds..A.5.8\.f..f.B.D.-...S\k.[.PS....t.k....I..}.....Q!...c...A..n..Q|...D:.q.%.`&.O.Z.Oz.."r.%.X5...... 'Y.....z..-....2..p...p3..(..n..F{v.&.P....-..Jze."....-..Cm.s.duq...=X...S..HDV...z7. &,*H...Z...Q.z.1.^.-...... j...xP.'e.5{.5:O.....Z...... 6....b.R..F..>d../>...... y..Iz.'.ncLKMDM.....L8..]..1.....L...... #L...... w.kD..8 . ....:.N..Lh.z.o..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Roboto-Medium[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoMedium family Size (bytes): 22488 Copyright null 2020 Page 17 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Roboto-Medium[1].eot Entropy (8bit): 7.971329753302963 Encrypted: false MD5: 76CAD5BA6B8A38A77FE037807D2BC8E5 SHA1: F7D4B8E0E2E7A8181D2624F001530E7F8CC505AF SHA-256: F1A7BFE3A4987802FD0519A16B4B0A3D85845E325B5B46C59DCD2B52A6AFE028 SHA-512: 42CE915FD0F1721CBE28B7DCBD06A4E46BF2FC1011E5C5C7C63C180F7FB1FFE09C20DC50ECD134532307DA4372BBBDB639ACE07DA9EF881C58C94FBAC0440 EE8 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-Medium.eot? Preview: .W...V...... LP.....!.P!...... >...... R.o.b.o.t.o.M.e.d.i.u.m.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.2.;. .2.0.1.4...(.R.o.b.o.t.o.M.e.d.i.u.m. .R.e.g.u .l.a.r.....BSGP...... z .5..5../.....xZW.h[qJ.x"c.r,g,E.&..C.....E{z~J%....X...Z.G..`n.56)....qq...o.|P...3..[...$ZLL...... fp.4..f&..].t...... d.....=giZ\.Jy...v..(.e.lS...IQ.....k.Q....l. &.n.%.. .L.Uq.'...U..|.*.....\.).T;1[TJ..5...4..?..cN.....O.T...K....a...... m....m.."O...70....j.....E..C....](I.J...4=..X..k"...... F.4....@F>a...... C.>B...-TT.JW<...5...g.....N.\...b.F..."..i ..R..!-Y.Hl5.P.i+.M...P..(....t.m.O..V....`.)...... H.h...D.a9.[..Z....&Fa~./H...... AG.fn.D...C."6...... /...-7|..'. "l"....[..%=....I....D...... 9...7amEj..7...;\K,.R..J...jx.K...... m....|. [email protected]=.....j$.E.q..ubU.q....R./.M....0qB..Px.>..W...8.'.2DGlE+.&..-..O.D...... +w....~..!I...... }R.J...~6g...Pe...t:.SD.5.j...... ;.w..A.P

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Roboto-Regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoRegular family Size (bytes): 22093 Entropy (8bit): 7.968010693780494 Encrypted: false MD5: 6A561D68369FD1FB9768CBC8641E5D95 SHA1: B38CDB3FD4806DDC02FDAE85564A0C3ECCC6D237 SHA-256: 231AE5AAA069B8CEC8F49D089E293F94438E692A9323FFB2498D882E128B5AD0 SHA-512: A0E281574A223EC618D9480487144398488EC1B397B4064EDDBEBB2D011D85670EC429752EB3E3E4451DC732BEFDA3C37797784CE4532C6E763385E137DE1EE1 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-Regular.eot? Preview: MV..WU...... LP.....!.P!...... R.o.b.o.t.o.R.e.g.u.l.a.r.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .2...0.0.1.1.0.1.;. .2.0.1.4...*.R.o.b.o.t.o.R.e.g.u.l.a.r. .R.e .g.u.l.a.r.....BSGP...... [email protected][qJ.x"c.r,g,E.&..C....v...... @."....V.&q.%3.{R..a...n.:b2m.f;5....3..5.G.0....*...... ft...._v9V\.fa...a..T..c...'.c...m5...EMX...L.- *....x.srwNoZ..M....>`.(..+.*m.5..C.&<~...6R.!.B..s...... kK.c.z..D...yr@y/.V...hW.g...XS{..[email protected]...... v.\....7.4.U.M9m\.6|z../...... fj1?b ...&.-*$..h]..#...... L..8.. .W...B...... N3...... Y....~...WCZ.&....,{XY...q...... C.}a%.P<...&.h.0o.2.j#H<..`.n.W..T....)...... +A...... Y....7..SZu.GY..u...W....Yx..F...... ,..@.,\!_..T.i./..+...y.E./.R2^.{...%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js_62nUot7S2hkRV25kn2vWUBYsSmRRxWlqMbciU2RC4MI[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF, LF line terminators Size (bytes): 29845 Entropy (8bit): 4.878288694006299 Encrypted: false MD5: 2F68B90ECD00CC4CDABA919FD6948FBE SHA1: 99AE1D5A603E861766AD5AE0C027FCAA6265E349 SHA-256: EB69D4A2DED2DA1911576E649F6BD650162C4A6451C5696A31B722536442E0C2 SHA-512: 3E3A351F5964703906D341807B5FACF9B31AEF04FE4F4068141A83780DFE4996F6C17917275C690B38D4934DAFD0636CCC136EFBD4D0A14FC9CA217C28066E0C Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/js/js_62nUot7S2hkRV25kn2vWUBYsSmRRxWlqMbciU2RC4MI.js Preview: (function ($) {..../**.. * Retrieves the summary for the first element... */..$.fn.drupalGetSummary = function () {.. var callback = this.data('summaryCallback');.. return (this[ 0] && callback) ? $.trim(callback(this[0])) : '';..};..../**.. * Sets the summary for all matched elements... *.. * @param callback.. * Either a function that will be called each time the summary is.. * retrieved or a string (which is returned each time)... */..$.fn.drupalSetSummary = function (callback) {.. var self = this;.... // To facilitate things, the callback should always be a function. If it's.. // not, we wrap it into an anonymous function which just returns the value... if (typeof callback != 'function') {.. var val = call back;.. callback = function () { return val; };.. }.... return this.. .data('summaryCallback', callback).. // To prevent duplicate events, the handlers are first removed and then.. // (re-)added... .unbind('formUpdated.summary').. .bind('formUpdated.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js_Tik8PIaz_eQ5I4FMzmjkWoPEs9jKBgTSauo1jgsNa6g[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Size (bytes): 7582 Entropy (8bit): 4.779653955369093 Encrypted: false MD5: 5F462163DC4619AB0167459EE4A643F1 SHA1: 4C51EC55C06367D11FC5EAB9647C2B91D122F6C8 SHA-256: 4E293C3C86B3FDE43923814CCE68E45A83C4B3D8CA0604D26AEA358E0B0D6BA8 SHA-512: 3785E1CFAF54BA75E3AA7CC0513735D4A374BA0052F51053B11C63D75615AE65D1D165C52B5BA818338F941CDC3D95C5E0B653676EC21A611A4DA7C3D634FB41 Malicious: false

Copyright null 2020 Page 18 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js_Tik8PIaz_eQ5I4FMzmjkWoPEs9jKBgTSauo1jgsNa6g[1].js Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/js/js_Tik8PIaz_eQ5I4FMzmjkWoPEs9jKBgTSauo1jgsNa6g.js Preview: /**. * @file. */..(function ($) {.. 'use strict';.. Drupal.extlink = Drupal.extlink || {};.. Drupal.extlink.attach = function (context, settings) {. if (!settings.hasOwnProperty('extli nk')) {. return;. }.. // Strip the host name down, removing ports, subdomains, or www.. var pattern = /^(([^\/:]+?\.)*)([^\.:]{1,})((\.[a-z0-9]{1,253})*)(:[0-9]{1,5})?$/;. var host = window.location.host.replace(pattern, '$2$3');. var subdomain = window.location.host.replace(host, '');.. // Determine what subdomains are considered inte rnal.. var subdomains;. if (settings.extlink.extSubdomains) {. subdomains = '([^/]*\\.)?';. }. else if (subdomain === 'www.' || subdomain === '') {. subdomains = '(www\\.)?';. }. else {. subdomains = subdomain.replace('.', '\\.');. }.. // Build regular expressions that define an internal link.. var internal_link = new RegExp(' ^https?://([^@]*@)?' + subdomains + host, 'i');.. // Extra internal link matc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Roboto-LightItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoLightItalic family Size (bytes): 27816 Entropy (8bit): 7.969286549322506 Encrypted: false MD5: CDD1C486770034A6122E28A1AA165373 SHA1: 005C229D098F5E86A4D0A3473B9EEA16B7F76FF3 SHA-256: 6453FE717A057BDCAED15F57E7BA23AC918FAC6C39D1B9DC049986BC077AB4C0 SHA-512: 1EB0BB7DC154A8275F53B8EB5AF118397430CFE18B19A327C4EAB38D970AEA4BC48C1C179AB0D79C6569155C8EC91E89F713BC430ABC7D28951A5AF16506873 9 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-LightItalic.eot? Preview: .l...k...... ,.....LP.....!.P!...... ".R.o.b.o.t.o.L.i.g.h.t.I.t.a.l.i.c.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.1.;. .2.0.1.4...0.R.o.b.o.t.o.L.i.g.h.t.I.t.a.l.i.c. .I.t.a.l.i.c.....BSGP...... A;.AA.6n....xZW.h[qJ.x"c.r,g,E.&..C.....E{z~J%[email protected].\t.d..e..aVj..{.-.b.2-&&wM&..0<4.. .;...n.:..A$c/.MQ.fT.g)..Y(h.Sn PoI...iR+...ZA...(@....p...<..r.i...FA..0J...Tr$.....1.$<....!.D..z...lM~(...... R.7.x....W.PE...._b.`[email protected]...... 5..AE...E.&...e..S....Z.&...Q.Q..!.D...)..Q..#-.C2< !..T,.:....eD...... "g&..A.!,n...... PN.o.}R..LM.6..G...... J...8..D...D.2...v ..| `....e...=..#....k.v<`.f.Db.HO4....ON...$[@.Na..$.y.rg. .0P.A..](.~a.X.f..eWt.j.q.UN*..>.Vo.C;b.3...... Y.' No.N.oA|.l.a..!..xG../4...l.h6u.. ...f.%....Gf..=.\.c.g'.Zd...... s.....&...... N2\..dp.s.G...R.Y.5z;s..Rp..I..m"&.^.H.'N!P]b... @[email protected].(.[.bl...... 9!..Y..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Roboto-Light[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoLight family Size (bytes): 21893 Entropy (8bit): 7.9699385040035855 Encrypted: false MD5: 183079184D96A491F16E3CC70414975D SHA1: F53B82EBB0BEEAD7F64693A17F672DD5AD96FE27 SHA-256: A942C0EEC490FA0FC9D41E373D6E22D004801E2C2E906B3D27D9ECA6FC440F7A SHA-512: C7F97F0F78F1B639A47F646FE51FDD200975F6AC58319D2471523248C805F8F35BBBE7FDAD025D7D5D239094370DB36BF4483B14871A6D70E1E79B49F20F23ED Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-Light.eot? Preview: .U...T...... ,.....LP.....!.P!...... v,...... R.o.b.o.t.o.L.i.g.h.t.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.1.;. .2.0.1.4...&.R.o.b.o.t.o.L.i.g.h.t. .R.e.g.u.l. a.r.....BSGP...... {\.5..5../.....xZW.h[qJ.x"c.r,g,E.&..C.....E{z~J%[email protected].\t.d..e..aVj..{.-.b.dZLL.=.....ft.4.3.M...W...n.9.e..e.....x..*7.....P...ZA..C. (9.8.B..- P..>...x+.D..%M.B...~Z..7.Y.....?.CQ.j.J`..n...... '.?.-@.+.d.T}.....~....dM.F..8l...... '.'...a.h..^.<.|.....t.R..A..r.D....fG...... ].9...Q.Q.~#;M.%...>.y...... ,q.....T..d...-....h...&.Z.%#. ....q...Sll.Z..3OT....-....a....6...... (....)3LV.I...|[email protected]...^\b.f.f].;Go..:...... D.M"...U=7r..h ....D..a.Z.v...... 5.P2#*...i|(..OD_.a._..dQ.nE.~.oM...... /..#.Q.O..,....l.6W.L`...f....cA..:n.....<:|uL}.9.^ .A.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Roboto-RegularItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoItalic family Size (bytes): 26885 Entropy (8bit): 7.968503977644956 Encrypted: false MD5: F3660F493EA5E520648477D2B273DB32 SHA1: FE479C85E6A8C251279CC4DA01186408EF7522C7 SHA-256: A94F435C631FCA1A598B2C2E63F87D6B8DC298852D448CFBF4CE55BBB86369DF SHA-512: C9C3BC69867BE5E75E11760796AC76199A406758A5A70B496D62D89294BC12D75B64E3ADDE6A03A166EC3F5ED87DD4984CC08E39FB1D29CC06BC2AAC1A5ADA A2 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-RegularItalic.eot? Preview: .i...h...... LP.....!.P!...... R.o.b.o.t.o.I.t.a.l.i.c.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.0.1.;. .2.0.1.4...&.R.o.b.o.t.o.I.t.a.l.i.c. .I.t.a.l.i.c.....BS GP...... ?..?..4P....xZW.h[qJ.x"c.r,g,E.&..C....v...... @."....V.&q.%3.{R..a...n.:b2m.f;5....3..5.G..-.&g...@;3.. .o.'...... 5.i...I.g...x.;..MvCn..e.[X....aJ..56.n....).:...... p% U.>...... %g.$....!.F)....d.....=.H...:S.H...%..s-*u=.,...... 2...@.;[email protected]..&.`..k....vR...

Copyright null 2020 Page 19 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Roboto-ThinItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoThinItalic family Size (bytes): 27851 Entropy (8bit): 7.972511108604048 Encrypted: false MD5: 64CA718F48DB91B27E8C134AD25D0066 SHA1: 701ECAFC95E80124AA3EAB1973281C7E7C320FBB SHA-256: B5C87D0707F20491CD73E970839F0FC3452210631AD594ACC822E9BB89BA7F91 SHA-512: FD98E0110532C3F623373C6D4878045B9DE5618EADAF2A325013C9CA3BFE1B8E0C7DD18FA5F28487714D4AA06DD555ACB34C0E2BEA9B048FEDC97F847251382 5 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-ThinItalic.eot? Preview: .l...k...... LP.....!.P!...... llJ...... R.o.b.o.t.o.T.h.i.n.I.t.a.l.i.c.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.3.;. .2.0.1.4.....R.o.b.o.t.o.T.h.i.n.I.t.a.l.i.c. .I. t.a.l.i.c.....BSGP...... =..=..4.....xZW.h[qJ.x"c.r,g,E.&..C.....E{z~J%[email protected].\t.d..e..aVj..{.-.b..-&&wM%..`zh3:A.u...&.u+.f&..sTvX.u...x5.C..r.z..2....Hk...Z TIr...... *..x...... ;b`[email protected]...... +z.v.h>-.)d..\;.Yi.L..N{..*.v.."l....K...y.z7...... >..`.diB.Q..."[email protected].[..0...... ][email protected]..!..xN....D0.49H{U...|...T.T,.:.L.O)[email protected]... hz...&...K...B\.q.z...LN....G....Y.k.....zmR.2.D..`..1..D...F.V.Q.p.5M.G....QR.y....0q.{.y.?y....vg.....Jm..h....=)....~...h....*..h.;Vu.V.G....j...c..3.*.?X.}..._CMm...(k..{..c..!...G...P.q .l.6zLD [email protected]}V..tWS"B.C.i...7...-...NB.. ..S.&|.`...... :`.....Z5..L..n..X.%......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Roboto-Thin[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoThin family Size (bytes): 21239 Entropy (8bit): 7.97053169462951 Encrypted: false MD5: C25FD8D00FD9F570545D6240F6EC459A SHA1: B6A5307C4E013F5E3BDB66F176D4FBB23AF3C6C4 SHA-256: 15C2106590263A64ECA962C54E0FD00BB9A0FC50E0A2235F6773ECBB8B87AFAF SHA-512: A9F14E40BB88466C010F2005AF128BAD642007FBA185342C6455724FF49D02822F8E581CFC90DEEBD31126719071E42FAEFA933B742214D8E3F2AB60D4BD8714 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-Thin.eot? Preview: .R...R...... LP.....!.P!...... R.o.b.o.t.o.T.h.i.n.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.3.;. .2.0.1.4...$.R.o.b.o.t.o.T.h.i.n. .R.e.g.u.l.a.r. ....BSGP...... z..4R.4X./~....xZW.h[qJ.x"c.r,g,E.&..C.....E{z~J%[email protected].\t.d..e..aVj..{.-.b.$ZLL.F.....ft.4.3.M...W}...n.9.e...... qS.ToA..."....b...J.,@Ps-...j.. .9f.....X"6&.Sf.D...... tA+q...j1OcY.._..".b^Ujn+m6..)l..Qy&Z..K..=..KM.6q..h..D....:....w.hNK...>..h.lu...... I"[email protected].[..0..L..`.....Z.*Qx...... D.7.!C.X....b.kO...... c.P.aj.g..}w..Y0...7;..d .+c....4..8\Lb.!I!.}A.i.Zm....+..W.P..-.Ami.i...(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css_SXwIV_NQ7mwk8UaCIavDzpG2JqH3i00hv6DI8L8nWMU[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 214715 Entropy (8bit): 5.03646251680683 Encrypted: false MD5: 83B1143AC98132F94CB8DBECFEC1E226 SHA1: D4DED48E6FF407B49E1036A3A96D065327994DAE SHA-256: 497C0857F350EE6C24F1468221ABC3CE91B626A1F78B4D21BFA0C8F0BF2758C5 SHA-512: 018F07374E8744E7F8E1A57B846BEFFD57986631D3FD1711653390D099DA9AEDB235AAE5089C593B7500A50AA82311B9AA62D1C036D9B377E0593F118B8513CC Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/css/css_SXwIV_NQ7mwk8UaCIavDzpG2JqH3i00hv6DI8L8nWMU.css Preview: @-ms-viewport{width:device-width;}@viewport{width:device-width;}*,*::before,*::after{box-sizing:border-box;}.clearfix,.row,hr,.page-content,.page-entry,.page-main,.page-m ain-section,.site-sidebar,.modul,.site-nav .menu,.page-nav-list,.advanced-site-search,.post-teaser,.blog-post-teaser,.forum-teaser,.subscription-teaser,.my-post-teaser,.p ost-teaser-details,.blog-post-teaser-details,.forum-teaser-details,.subscription-teaser-details,.my-post-teaser-details,.single-post,.single-post-details,.single-post-met a,.comment,.comment-footer,.comment .notify-moderator-container,.comment-call-to-action-container,.user-profile{*zoom:1;}.clearfix::before,.row::before,hr::before,.page-c ontent::before,.page-entry::before,.page-main::before,.page-main-section::before,.site-sidebar::before,.modul::before,.site-nav .menu::before,.page-nav-list::before,.adva nced-site-search::before,.post-teaser::before,.blog-post-teaser::before,.forum-teaser::before,.subscription-teaser::before,.my-post-teaser::before,.po

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Roboto-BlackItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoBlackItalic family Size (bytes): 26585 Entropy (8bit): 7.970019860158604 Encrypted: false MD5: 4B7407C6740B8294D97A7BF88995C44D SHA1: 79CD2D93B320080C86EDD481B6D21F5EAB878CC2

Copyright null 2020 Page 20 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Roboto-BlackItalic[1].eot SHA-256: 03643565EF6E22FA14B003F47A129011C3DC7B3FD0BCBC00D24BA9B612DF2442 SHA-512: 1B6505EAA888A7AB4ED532DE8FF4F82A24A2C1A1140105D8A8D39170699B7D423ACEFEB009C94913632FC103D74A073466B9C5BF1646DB8DDC16C605E30D2082 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-BlackItalic.eot? Preview: .g...f...... LP.....!.P!...... B...... ".R.o.b.o.t.o.B.l.a.c.k.I.t.a.l.i.c.....I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.7.1.;. .2.0.1.4...0.R.o.b.o.t.o.B.l.a.c.k.I.t.a.l.i.c. .I.t.a.l.i.c.....BSGP...... l.@[email protected][qJ.x"c.r,g,E.&..C.....E{z~J%....X...Z.G..`n.56)....qq...o.|P...3..[...$ZLL...... fp..S.f&....f7...O5.*z...v..s.{.].od6..oj.T.I"$....gU...[. .~6...z.b...... R..,.j.7..b...$?.F.....Y.mP.6&R...i.`.`&..._..D.-...^@4...... g...@%...qo.q..../n...@x".1...F...... J^P.It..]* ...Xz((....G..J3h. .(}b"[email protected] ...... o.pM...%..JD .cx.-*5b......TL..mB...M6..8p..|`..w..h.p.+.~&Y).(.6...|..[...... Z...... I._.=!c$..%.../K."W...h.#8..E._|...`F...... A.%.U....n..'..#.s..*. ,.e-....2...$X1.Hu..nu.....=...... 1c.d."..6.Q..U5^..G5.....N...!....[.Ws.\.oz.a..9H.xx...... M|\..+.&.i....m.F}.m....K?.$.>...1+.%@...\...j..s..f.s.D.f+s..D~...N.|.e...*ae.....N1.2V.H.U)Bi]._..).6..h...... $.P

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Roboto-BoldItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoBoldItalic family Size (bytes): 26973 Entropy (8bit): 7.974454494285498 Encrypted: false MD5: 4B2CC52B05E2A960C4F11F15490D8A47 SHA1: 84798D9BD69ACBAC586315DE288C998F997C26E3 SHA-256: F95DFBD8BF8421E39A662526A735204A95D4BCD17B3C1E8D1957B8B9055655EE SHA-512: E4A059396AAB765A46E94C4C9D1F70E7F2FB895A27E956A871F6A5DBA6ED2C8BC920643D63FA1CBCCCDCF8124F119C968B90EB5941F1170A38B19C9C0189D54 9 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-BoldItalic.eot? Preview: ]i..Kh...... LP.....!.P!...... Tn.%...... R.o.b.o.t.o.B.o.l.d.I.t.a.l.i.c.....B.o.l.d. .I.t.a.l.i.c...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.0.;. .2.0.1.4...8.R.o.b.o.t.o.B.o. l.d.I.t.a.l.i.c. .B.o.l.d. .I.t.a.l.i.c.....BSGP...... ?..?..4L....xZW.h[qJ.x"c.r,g,E.&..C....v...... @..,. ...L.m.3.{R..a...7..1.7.....U..~}..h...... fzg.Ed.s...GZ.$..A.PJ.ch.95.q[DX i....k...... J...... t...... S....T/8k.Ni....K...8....ZY.K..?.....Es.....Z..=.L..<)8{[email protected]....~...b..L.."'.]-.1AN|....$..j..-.%....T.M..3..Z.h....8y..._I..x....:m=.....pB...p8..3...W..1B.3 9...... EpdBN..c..2r.0:.0.s....D...... p...\....c..a...... A}...!:...... aE..Ka.1P.H.P..2..W....#..(.B={B.(..2(..D...R.>...... d...8.G2.x.-e....Z.....]..c..g../..E)...8.....Oi..J.4.%m..u.qF.,...\...n. "k.Z~=.pz.c....#.$d..E.m..H~...... U...BTLDTN..3..g^G|.B.JL.... .3.>..'....p.....`|....S.i...... Tw0...Q.G..../..t..].-e.,....s.,...sq...... s..)V.[.N79~..6.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Roboto-Bold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), RobotoBold family Size (bytes): 22302 Entropy (8bit): 7.9713914736723925 Encrypted: false MD5: C8BCB1CB78F9E45E2BCBF626BAE19F0B SHA1: C030D7EB77323BC32B70D2301DD34A7116D98B73 SHA-256: 9EFD1C71E412DC2245DC88E3CCCF406D1683190A0266D2A533C68B17F340640E SHA-512: 208362F6625E529EE8FD4773180C58E3E7D2BB98D892AAE9B5AF3CEED9B5509136D50E5D05A0656E70211E1081425C2CD052FC131FFD870A6313078991DE95AC Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/all/themes/aoc/fonts/Roboto/Roboto-Bold.eot? Preview: .W..@V...... LP.....!.P!...... e...... R.o.b.o.t.o.B.o.l.d.....B.o.l.d...,.V.e.r.s.i.o.n. .2...0.0.1.1.5.0.;. .2.0.1.4.....R.o.b.o.t.o.B.o.l.d. .B.o.l.d.....BSGP...... x`.4..5...0....xZW.h[qJ.x"c.r,g,E.&..C....v...... @..,. ...L.m.3.{R..a...7..1.7.....U..~}..h...... 6...fzg.V`...... 7...L..$...... _mw.L.R...*.Z...... @..kt7^3U.|x..S.8+.[...J.n.\3 .`;..?u..y}!..5.f.3Y.It..V1.t..i..gJ...... G.l#..-aM.7.x...... MO.....o.!.o!6i|..],...W...:@....|.N.<....t.!7.y.n5...|..... /..#0U-A...... `.E..E..+.<.'.;.. ..X.n...... [email protected]."p|....`F..R..8.".. |._q.E..ge...x83.}[email protected].<.*J.d.$.....b...... [..[.m....:....k8..Oz...... !.V.T1W)h{:.9.O:[email protected].%@...... ?\....`.?.i.p..tc...sh.J.t.EC(..HG....\..4;[email protected]. ...c...... y..GmH?....bL...p.'.+.\.=9|V...$..a.6...h.j..N...B....Av..._..LZ.w.!.BSH.". ,.-._.d..Y..C...... r}....C..q.T#9...=...1...... G.8..A5H..gB..(-...Ex

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js_C0tNQApqlegVqiGYgXz6HY3in7YDE_ZSTjWdduGXLHU[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF, LF line terminators Size (bytes): 40301 Entropy (8bit): 4.939427564612146 Encrypted: false MD5: 13718C81FD8D59F9789D33D5B280C774 SHA1: F1E2ABE55DD231A488E509422CBEBCCA93B78BB2 SHA-256: 0B4B4D400A6A95E815AA2198817CFA1D8DE29FB60313F6524E359D76E1972C75 SHA-512: 30D2E540A4C4B6CEB3F851415E167133A362120973C2E500AA80D295D9AFFA569E557972C71DDBFA9CA77BE1B4B03E58E251870CE462B851B53B6FAE0D8AA0C 7 Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/js/js_C0tNQApqlegVqiGYgXz6HY3in7YDE_ZSTjWdduGXLHU.js

Copyright null 2020 Page 21 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js_C0tNQApqlegVqiGYgXz6HY3in7YDE_ZSTjWdduGXLHU[1].js Preview: /**.. * For jQuery versions less than 3.4.0, this replaces the jQuery.extend.. * function with the one from jQuery 3.4.0, slightly modified (documented.. * below) to be c ompatible with older jQuery versions and browsers... *.. * This provides the Object.prototype pollution vulnerability fix to Drupal.. * installations running older jQuery versions, including the versions shipped.. * with Drupal core and https://www.drupal.org/project/jquery_update... *.. * @see https://github.com/jquery/jquery/pull/4333.. */.... (function (jQuery) {....// Do not override jQuery.extend() if the jQuery version is already >=3.4.0...var versionParts = jQuery.fn.jquery.split('.');..var majorVersion = par seInt(versionParts[0]);..var minorVersion = parseInt(versionParts[1]);..var patchVersion = parseInt(versionParts[2]);..var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);..if (.. (majorVersion > 3) ||.. (majorVersion === 3 && minorVersion > 4) ||.. (majorVersion === 3 && minorVersion =

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js_PbOjC8ciLHkUrlx2YCpc3m2JkWWoCi39e4KD6Kq8oFs[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 80915 Entropy (8bit): 5.50209337185292 Encrypted: false MD5: D6B8852E9BD0755D1EA5C1518B90EDEB SHA1: 9C6FD46E33A2B9506457A4AB0F6F2D53D20ECA14 SHA-256: 3DB3A30BC7222C7914AE5C76602A5CDE6D899165A80A2DFD7B8283E8AABCA05B SHA-512: E69DBFE5C53EEAA83380BDA34BFDC556F4A0C2DE94CC8C818A1443F4859FEFCD3017CA2760FA9A2737526762E63F2145714B59BA1E4DF8A5FBA574D960EAAA 0F Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/js/js_PbOjC8ciLHkUrlx2YCpc3m2JkWWoCi39e4KD6Kq8oFs.js Preview: (function ($) {..../**.. * A progressbar object. Initialized with the given id. Must be inserted into.. * the DOM afterwards through progressBar.element... *.. * method is the function which will perform the HTTP request to get the.. * progress bar state. Either "GET" or "POST"... *.. * e.g. pb = new progressBar('myProgressBar');.. * some_element.appendChild(pb.element);.. */..Drupal.progressBar = function (id, updateCallback, method, errorCallback) {.. var pb = this;.. this.id = id;.. this.method = method || 'GET';.. this.updateCallback = updateCallback;.. this.errorCallback = errorCallback;.... // The WAI-ARIA setting aria-live="polite" will announce changes after users.. // have completed their current activity and not interrupt the screen reader... this.element = $('

').attr('id', id);.. this.el ement.html('
' +.. '
' +..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\js_vnlNdWmERwlKDWtDJghLX1XgPHLeSYhLzdaZvtLYhPQ[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF, LF line terminators Size (bytes): 56244 Entropy (8bit): 5.299952897181033 Encrypted: false MD5: B084BF824D9101FC10660834FD281434 SHA1: 88E9360CFFE8B6E9AF4B306BAA2E1795DFA67B35 SHA-256: BE794D75698447094A0D6B4326084B5F55E03C72DE49884BCDD699BED2D884F4 SHA-512: FD44778A4830E585E48D35D93E16C8FF69720224D25405A5A98CBAE37916F34C353E132F493DF277746C88FFE575BD069B205BD4C88638CAA2C7BA68873DEAAC Malicious: false Reputation: low IE Cache URL: https://www.ariscommunity.com/sites/default/files/js/js_vnlNdWmERwlKDWtDJghLX1XgPHLeSYhLzdaZvtLYhPQ.js Preview: (function ($) {..$(document).ready(function() {...// Check for Javascript..$('html').removeClass('no-js');..$('html').addClass('js');...// Check for ..function is_touch _device() {.. return !!('ontouchstart' in window);..}...if(is_touch_device()) { ...$('html').addClass('touch');..}..else {...$('html').addClass('no-touch');..}...// Check for SVG capability..if(!document.createElement('svg').getAttributeNS){.. $('html').addClass('no-svg');.. ..} else {...$('html').addClass('svg');..}.../*------*/../*.Menu buttons../*------*/. if(!Drupal.settings.aoc.logged_in) {. $('.site-header .container').append('