ID: 284663 Cookbook: browseurl.jbs Time: 21:18:59 Date: 11/09/2020 Version: 29.0.0 Ocean Jasper Table of Contents

Table of Contents 2 Analysis Report https://webexfix.cabanova.com/index.html 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Phishing: 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 9 General Information 9 Simulations 10 Behavior and APIs 10 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 JA3 Fingerprints 11 Dropped Files 11 Created / dropped Files 11 Static File Info 21 No static file info 21 Network Behavior 21 Network Port Distribution 21 TCP Packets 21 UDP Packets 23 DNS Queries 24 DNS Answers 24 HTTPS Packets 24 Code Manipulations 26 Statistics 26 Behavior 26 System Behavior 27 Analysis Process: iexplore.exe PID: 3228 Parent PID: 808 27 General 27 File Activities 27 Registry Activities 27

Copyright null 2020 Page 2 of 28 Analysis Process: iexplore.exe PID: 6032 Parent PID: 3228 27 General 27 File Activities 28 Registry Activities 28 Disassembly 28

Copyright null 2020 Page 3 of 28 Analysis Report https://webexfix.cabanova.com/index.h…tml

Overview

General Information Detection Signatures Classification

Sample URL: https://webexfix.caba nova.com/index.html PPhhiiisshhiiinngg ssiiitttee ddeettteeccttteedd (((bbaasseedd oonn llloogg…

Analysis ID: 284663 HPHThTiMshLLi n bbgoo dsdyiyt e cc odonentttaeaiciinntses d llloo (wwb a nnsuuemdb boeenrrr loofffg … Most interesting Screenshot: HHTTMLL ttbtiiittotllleed ydd ocoeoesns t nanoionttt s m loaawtttcc hhn uUUmRRbLLer of

Ransomware HTML title does not match URL HTML title does not match URL Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 21 Range: 0 - 100 Whitelisted: false Confidence: 80%

Startup

System is w10x64 iexplore.exe (PID: 3228 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 6032 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3228 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright null 2020 Page 4 of 28 • Phishing • Networking • System Summary

Click to jump to signature section

Phishing:

Phishing site detected (based on logo template match)

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Copyright null 2020 Page 5 of 28 Hide Legend Behavior Graph Legend: ID: 284663 Process URL: https://webexfix.cabanova.c... Signature Startdate: 11/09/2020 Architecture: WINDOWS Created File Score: 21 DNS/IP Info Is Dropped

Is Windows Process webexfix.cabanova.com Number of created Registry Values

Number of created Files started Visual Basic Phishing site detected (based on logo template Delphi match) Java

.Net C# or VB.NET

C, C++ or other language iexplore.exe Is malicious

Internet 12 85

started

iexplore.exe

1 52

webexfix.cabanova.com sitebuilder.cabanova.com

94.130.246.164, 443, 49731, 49732 35.186.205.126, 443, 49740, 49741 HETZNER-ASDE GOOGLEUS Germany United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright null 2020 Page 6 of 28 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://webexfix.cabanova.com/index.html 0% Virustotal Browse https://webexfix.cabanova.com/index.html 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link www.asual.com/swfaddress/ 1% Virustotal Browse www.asual.com/swfaddress/ 0% Avira URL Cloud safe delicious.com/save?v=5&noui&jump=close&url=__URL__ 0% Avira URL Cloud safe

Copyright null 2020 Page 7 of 28 Source Detection Scanner Label Link https://delicious.com/save?v=5&noui&jump=close&url=__URL__ 0% Avira URL Cloud safe www.formspring.me/share?url=__URL__ 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.formspring.me/share?url=__URL__ 0% Avira URL Cloud safe www.wikipedia.com/ 0% Virustotal Browse www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation webexfix.cabanova.com 94.130.246.164 true false high sitebuilder.cabanova.com 35.186.205.126 true false high

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation www.asual.com/swfaddress/ swfaddress[1].js.3.dr false 1%, Virustotal, Browse unknown Avira URL Cloud: safe delicious.com/save? topbanner[1].js.3.dr false Avira URL Cloud: safe unknown v=5&noui&jump=close&url=__URL__ www.apache.org/licenses/LICENSE-2.0 webfont[1].js.3.dr false high twitter.com/share?original_referer=__URL__ topbanner[1].js.3.dr false high www.nytimes.com/ msapplication.xml4.2.dr false high https://use.typekit.net webfont[1].js.3.dr false high https://digg.com/submit?url=__URL__ render[1].js.3.dr false high https://webexfix.cabanova.com/index.htmlr ~DF6D521EADF3FB3866.TMP.2.dr false high https://webexfix.cabanova.com/index.htmlRoot {32304745-F4AF-11EA-90E2-ECF4B false high B862DED}.dat.2.dr https://delicious.com/save? render[1].js.3.dr false Avira URL Cloud: safe unknown v=5&noui&jump=close&url=__URL__ https://www.myspace.com/Modules/PostTo/Pages/? render[1].js.3.dr false high u=__URL__ https://www.blogger.com/blog_this.pyra? render[1].js.3.dr false high t=&u=__URL__?sms_ss=blogger&n=__URL__ www.amazon.com/ msapplication.xml.2.dr false high sitebuilder.cabanova.com/action/fallback?d= util[1].js.3.dr false high index[1].htm.3.dr false high https://sitebuilder.cabanova.com/action/form/html5/e157f5159 46ee6dd161a62e808261c82 www.formspring.me/share?url=__URL__ topbanner[1].js.3.dr false Avira URL Cloud: safe unknown www.twitter.com/ msapplication.xml6.2.dr false high digg.com/submit?url=__URL__ topbanner[1].js.3.dr false high www.blogger.com/blog_this.pyra?t=&u=__URL__? topbanner[1].js.3.dr false high sms_ss=blogger&n=__URL__ https://www.google.%/ads/ga-audiences? ga[1].js.3.dr false URL Reputation: safe low URL Reputation: safe URL Reputation: safe www.opensource.org/licenses/mit-license.php swfaddress[1].js.3.dr, swfobject2[1].js. false high 3.dr, common[1].js.3.dr https://www.formspring.me/share?url=__URL__ render[1].js.3.dr false Avira URL Cloud: safe unknown https://twitter.com/share?original_referer=__URL__ render[1].js.3.dr false high https://sitebuilder.cabanova.com/ index[1].htm.3.dr false high https://stats.g.doubleclick.net/j/collect? ga[1].js.3.dr false high www.linkedin.com/shareArticle?mini=true&url=__URL__ topbanner[1].js.3.dr false high www.stumbleupon.com/submit?url=__URL__ topbanner[1].js.3.dr false high www.youtube.com/ msapplication.xml8.2.dr false high https://www.linkedin.com/shareArticle? render[1].js.3.dr false high mini=true&url=__URL__ https://www.stumbleupon.com/submit?url=__URL__ render[1].js.3.dr false high

Copyright null 2020 Page 8 of 28 Name Source Malicious Antivirus Detection Reputation www.wikipedia.com/ msapplication.xml7.2.dr false 0%, Virustotal, Browse unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe sitebuilder.cabanova.com/action/topbanner/ topbanner[1].js.3.dr false high www.live.com/ msapplication.xml3.2.dr false high www.myspace.com/Modules/PostTo/Pages/? topbanner[1].js.3.dr false high u=__URL__ www.reddit.com/ msapplication.xml5.2.dr false high https://webexfix.cabanova.com/index.html ~DF6D521EADF3FB3866.TMP.2.dr false high

Contacted IPs

No. of IPs < 25% 25% < No. of IPs < 50%

50% < No. of IPs < 75% 75% < No. of IPs

Public

IP Country Flag ASN ASN Name Malicious 35.186.205.126 United States 15169 GOOGLEUS false 94.130.246.164 Germany 24940 HETZNER-ASDE false

General Information

Joe Sandbox Version: 29.0.0 Ocean Jasper Analysis ID: 284663 Start date: 11.09.2020 Start time: 21:18:59 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 19s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://webexfix.cabanova.com/index.html Analysis system description: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

Copyright null 2020 Page 9 of 28 Number of analysed new started processes analysed: 21 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: SUS Classification: sus21.phis.win@3/33@3/2 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, UsoClient.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.184.221.185, 52.158.208.111, 104.83.120.32, 172.217.168.74, 172.217.168.72, 51.104.139.180, 23.10.249.43, 23.10.249.26, 152.199.19.161, 8.250.137.254, 8.247.205.126, 8.238.85.254, 8.248.135.254, 8.241.126.121, 40.67.254.36, 52.229.171.202, 20.190.3.175, 51.104.144.132, 52.164.221.179, 40.90.22.184, 40.90.22.185, 40.90.22.183, 40.90.22.188, 40.90.22.187, 40.90.22.186, 40.90.22.190, 40.90.22.192, 52.155.217.156, 23.54.113.104 Excluded domains from analysis (whitelisted): umwatson.trafficmanager.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadn s.net, go.microsoft.com, db5p.wns.notify.windows.com.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, sls.update.microsoft.com, ssl-google- analytics.l.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt- microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.n et, prod.fs.microsoft.com.akadns.net, au-bg- shim.trafficmanager.net, displaycatalog- europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, sls.update.microsoft.com.akadns.net, ris- prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, emea2.notify.windows.com.akadns.net, login.msa.msidentity.com, ssl.google-analytics.com, ris.api.iris.microsoft.com, sls.emea.update.microsoft.com.akadns.net, umwatsonrouting.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Copyright null 2020 Page 10 of 28 Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{32304743-F4AF-11EA-90E2-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.8494224655769973 Encrypted: false MD5: EE436397F5EE4E5E094EEC7E5608BC5A SHA1: 9B3A965B1306F8E244731A2E51E36D280218F812 SHA-256: 371DD671FF52BCDC4E3424B8E07B8F657044FC0704CE1E41481A108E6D177F87 SHA-512: 8BFA3B0519CF64D522435D6FF2764B81E015C9D02CA5D1B686E880238F9EAAD9C97210C033CF284AC078EF58FFD158A5EDD937127ABA9D2457FA06E49C6377BF Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32304745-F4AF-11EA-90E2-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 27798 Entropy (8bit): 1.8169481508773966 Encrypted: false MD5: C164178291AEF45A8A99DBEAD633CBB7 SHA1: BA1A8CC7BE9F9D64F2BE5D5DC5B19AE804C24338 SHA-256: 7598C2539B6477E0AC3D76BAF67815DA295579F01C01A4B5E601F182102CA981 SHA-512: 46AECC4EC93AA235B24A395016DCFAC916F92A541CD91CDEF88018178BFAB9F9B10CB1219A09C06FA3DC33F7BD489E038FA3158219269B4AACE8887153DFC7 A7 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

Copyright null 2020 Page 11 of 28 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32304746-F4AF-11EA-90E2-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 16984 Entropy (8bit): 1.5652826738146155 Encrypted: false MD5: 3D8E49637DAFDE93107A604AD94A08CF SHA1: 9BCFE4916921726D4A41263CAD26F6B952428097 SHA-256: C2CDD3FBD64E100660E2C9270D97BD6056BAA422BDCBFE22C4B8A70B7E4B0CC1 SHA-512: DF91EAF7E61BB83092A48A77B19855CB4020F73E85BD990B4ED71992CFEC81F7219670E6E9F08614210DFEB116B5C8AD1C2607B9901CD4CE4D7D1D0F4FD9CD0 B Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.10034706471647 Encrypted: false MD5: 4464237E50A6546EE980BCE562DDAFD0 SHA1: 7BC7378EF6598F080A029030C3CB0D1A0809128C SHA-256: FFF53E1642A7F7D904400017FCD495EDF548ADA884E1B22847472A53BD3EB698 SHA-512: 3A4FAD148CDDF06484BA9E6ED1ACFB2CF176EB20D44BCF8C4D2016B11F9F65086809CC496AE3A2F2697CDEF4374B93848506F65205D6BB575D0C3326B9AEBA9 0 Malicious: false Reputation: low Preview: ..0x07ba45f1,0x01d688bc< accdate>0x07ba45f1,0x01d688bc....0x07ba45f1,0x01d688bc0 x07ba45f1,0x01d688bc..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.115120703035419 Encrypted: false MD5: 191431A1DD28463A5A4F9EFFC53B8EA0 SHA1: 5D5A5626359CA6F2311BA337DAC699CA4B4E0360 SHA-256: 9AA4FEA8913860E8BF7CE22FCFCEAD100399FA0B0C3CCDBDF3DC560149D565C4 SHA-512: E4EF627D0A9BF9529E4D28158844BC4423B8022B97B5E59E140DB9619B2238683945CE482D861FB579DE747235FF8B379DD5D16AD676643A127F538A83FF5BFB Malicious: false Reputation: low Preview: ..0x07b58161,0x01d688bc0x07b58161,0x01d688bc....0x07b58161,0x01d688bc0x07b58161,0x01d688bc..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.10549076596591 Encrypted: false MD5: C65D8B59B8AB78E2BFDCCD5DC7AC6295 SHA1: DE753F2ADAABFCC5EEF241E8A4403DD28F417A45 SHA-256: 631D0835A332B6ADDE298FE1E12A13B8CB6207DA7EC855AEBDFF847654644372 SHA-512: 362DDE6CDBAC4B6AC27F3A45785AAD9C435D5797360600470227ABDA2472BB097B3B11F2D5C8615DA21BEE4317F1AEB5C4FE34E309A2F14FD7A8DA9634063F4 E Malicious: false

Copyright null 2020 Page 12 of 28 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Reputation: low Preview: ..0x07bca827,0x01d688bc 0x07bca827,0x01d688bc....0x07bca827,0x01d688bc0x07bca827,0x01d688bc..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 410 Entropy (8bit): 5.168756743481207 Encrypted: false MD5: 41C6C38201607BE850CCBB801340A86C SHA1: 72D2F2673010B3682F5F71ECCE8E3B6856CF40C9 SHA-256: 1B0BE02A52CAE0C4F06F4067C7BDC3F93AD18903218A2C16FD1AB20B0A55EC74 SHA-512: BFCFBA8CA6F626BE781022B31CC2344E1A2C856E28E5A742245618392B4AA9A1B78F45397AA5CE18F4162B8629C4358F5497A050C91E4219C2414E6B511EDA24 Malicious: false Reputation: low Preview: ..0xff4550b5,0x01 d52d0c0x07b7e42c,0x01d688bc\lowres.png..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.122047178062105 Encrypted: false MD5: 743F36A54194CB3C96DA716CF4739E29 SHA1: F81B2020EE565C79F778AE3A4527A6A67CA42A72 SHA-256: DF3A5268804BB414B4F3F24E84196EC80A11B93F2BACAE8910CE1F7293EA50F4 SHA-512: FB136C7BB4CBE420AF02E534478452DB92CBF6F26F2F49A552073540B14FB49B4ABC8C5C8D92B4870FA0028D2A700DBCA02C2AC77D77256C3C18E2E2FB33B2A 4 Malicious: false Reputation: low Preview: ..0x07b7e42c,0x01d688bc0x07b7e42c,0x01d688bc....0x07b7e42c,0x01d688bc0x07ba4 5f1,0x01d688bc ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.115040473092276 Encrypted: false MD5: 07974DCB4B3C45C6AB0EAA4BEDC2303A SHA1: CA1D4457670B7BDA8D77FF08AE2D3F853032F7AB SHA-256: C755DAC9945026000C6027857ADD1AED2AE27F75DE5F925FF8B828E232B0BEE5 SHA-512: 5816D585B40AA515BB1C3087FAE5F5DC961D61F43C6B62DBEF29C5190C8D3A7B2B83243CF07A3F4DEE80CBF8B124110157916A6F62BA00F43F5B7E89FA60A56 C Malicious: false Reputation: low Preview: ..0x07bca827,0x01d688bc< accdate>0x07bca827,0x01d688bc....0x07bca827,0x01d688bc0 x07bca827,0x01d688bc ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.103545466589053

Copyright null 2020 Page 13 of 28 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Encrypted: false MD5: DFC3BEC32E18BA28265901E8B43F5D87 SHA1: CD3C613FD89D9FFF6EB921712670B682C977CBAD SHA-256: A4537DA4C3DE6398C84126EFBC71F1F2BB0825734DD715EBAFA8DC5AF0D2A8C3 SHA-512: 571316191E8CF61AB6437290ACAF6118B40813D62769332D5D2554F852516FC7F358ADC5BA0C6FE71625F37EB6E348C47FB6DDF7DC7C46A038C7890DCF32D34F Malicious: false Reputation: low Preview: ..0x07ba45f1,0x01d688bc0x07ba45f1,0x01d688bc....0x07ba45f1,0x01d688bc0x0 7ba45f1,0x01d688bc ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.140770765987166 Encrypted: false MD5: EAC664B3789456C600A46E8AFB296DAB SHA1: 890720A0BFAA05B2DB58227DB0A77E4816729E11 SHA-256: 890F36740A3EB5B1BA856419D3C02D8A73F10018D2F302240FBB46365A620B44 SHA-512: 77031253D1AAF9BEDC166E2C66659B86731B9F82CA8F20F3FDEBC57B43BF6868AAC25266FD27A9806061E4D295A97D8922B8671FF02DB5F62BF96080811CC6B0 Malicious: false Reputation: low Preview: ..0x07ba45f1,0x01d688bc< accdate>0x07ba45f1,0x01d688bc....0x07ba45f1,0x01d688bc0 x07ba45f1,0x01d688bc ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.1167847142205085 Encrypted: false MD5: 1FCF025AA6727CA66089A72CD94B16D4 SHA1: 6BD5D7C5D2BE66C0DE07FBEE2CBCF1EA587A1450 SHA-256: C67F60D2785E86A4DEE28F3278B36E961ED73BAFCCF92C8DF613E29AFA3909F9 SHA-512: C884581E5197CD5C5EB1BE2CFB0285D5D4A4517D3FDFBC6184FCAB9B2885740B53387FF422F8D601176549990AA1EF3C91E8E0EA2B8595686D9BE0265F1407D0 Malicious: false Reputation: low Preview: ..0x07b7e42c,0x01d688bc 0x07b7e42c,0x01d688bc....0x07b7e42c,0x01d688bc0x07b7e42c,0x01d688bc..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.104258920799493 Encrypted: false MD5: E823C7D3A3F596DDE5E26751CCE2FFB9 SHA1: 05B399D563F82088E34725267BB008B7818C3E41 SHA-256: 9D2E9AD65022E738BE7FA2F598D1920E1CF89AF421A2A8E858F1A57868CF1380 SHA-512: 329BF41DB03C1DCB2D69D0CB38CA0BB7EF27937E840E83348A4F3C5759004C11C2C473F7D13D2A6C513E9DE551036A691DE0D611D35FB7AE7A37EF481FD2030 6 Malicious: false Reputation: low

Copyright null 2020 Page 14 of 28 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Preview: ..0x07b7e42c,0x01d688bc0x07b7e42c,0x01d688bc....0x07b7e42c,0x01d688bc0x07b7e42c,0x01d688bc..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e157f515946ee6dd161a62e808261c82[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 90 Entropy (8bit): 4.5923896585457715 Encrypted: false MD5: D135E96266B0C410AA2F12CEF5262F4B SHA1: 2AB38E3FAAE61686A9BC8886AACB3D06AD658AA1 SHA-256: 4AC73695743B054EACC315C64C14830128E170AF1A0312F771DA6BF6C07AE966 SHA-512: 0C41F6AAD2120B8A38537E1DFDB9384559C3AB061404E52DB89B5C0B1E6E0CA8CC1121BACAD62C41B45645EE1C57AE46701C9845CAE0DE7FC7C0E6971A2B88 B9 Malicious: false Reputation: low IE Cache URL: https://sitebuilder.cabanova.com/action/form/html5/e157f515946ee6dd161a62e808261c82? u=1174445&cb_ping_js=1599884391690&cbjp=jQuery220034191854981680647_1599884391449&_=1599884391450 Preview: jQuery220034191854981680647_1599884391449({"token":483,"attempts":0,"r":"91.132.136.200"})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 85589 Entropy (8bit): 5.366541542900301 Encrypted: false MD5: 6FC159D00DC3CEA4153C038739683F93 SHA1: 5D7E5BBFA540F0E53BD599E4305E1A4E815B5DD1 SHA-256: 8A102873A33F24F7EB22221E6B23C4F718E29F85168ECC769A35BFAED9B12CCE SHA-512: A574742476D89BDF841A26FAC51FF0FAE62CFEED95F38A1F3EB0699202D8C8ABE165826D514BCA4B2D69822F2D25901A72C3F081FD646E1238CF082EF0E28EA8 Malicious: false Reputation: low IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js Preview: /*! jQuery v2.2.0 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document? b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b) {var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.0",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uF EFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:func tion(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\swfaddress[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CR line terminators Size (bytes): 16614 Entropy (8bit): 5.530643367399172 Encrypted: false MD5: 87578E3BCF2C5666B58DE0479FEDEF99 SHA1: A3D85C6980F789EEE146D8F86F57DA3D2697E0CE SHA-256: D064C6114FC104846E2DBCC6378A1B7A6D81619A0A4667000318236D3F58C001 SHA-512: E31BB045B130E6720B44167A1B08AF59C95B8A4448C627A5882CC813FB0552C237BB8F3D555ADCF77870C75AF7190841BF02E115057D2123534FA243EB53B2CA Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/swfaddress.js Preview: /**. * SWFAddress 2.2: Deep linking for Flash and Ajax . *. * SWFAddress is (c) 2006-2008 Rostislav Hristov and contributors. * This software is released under the MIT License . *. */..//cross domain patch: try-catch.try {..if(typeof asual=="undefined"){ asual={};}if(typeof asual.swfaddress=="undefined"){asual.swfaddress={};}if(typeof asual.util=="undefined"){asual.util={};}asual.util.Browser=new function(){var B=-1,D=nav igator.userAgent,H=false,G=false,F=false,A=false,C=false,I=false;var E=function(K,J){return parseFloat(D.substr(D.indexOf(K)+J));};if(A=/Opera/.test(D)){B=parse Float(navigator.appVersion);}if(H=/MSIE/.test(D)){B=E("MSIE",4);}if(I=/Chrome/.test(D)){B=E("Chrome",7);}if(G=/Camino/.test(D)){B=E("Camino",7);}if(F=(/AppleWeb Kit/.test(D)&&!I)){B=E("Safari",7);}if(C=(/Firefox/.test(D)&&!G)){B=E("Firefox",8);}this.toString=function(){return "[class Browser]";};this.getVersion=function(){return

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\webfont[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines

Copyright null 2020 Page 15 of 28 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\webfont[1].js Size (bytes): 13188 Entropy (8bit): 5.4223896155104025 Encrypted: false MD5: 7C96A5F11D9741541D5E3C42FF6380D7 SHA1: D3FA2564C021CF730E58FFDDB138CF6B57ED126E SHA-256: 81016AC6BE850B72DF5D4FAA0C3CEC8E2C1B0BA0045712144A6766ADFAD40BEE SHA-512: 23C162A2E268951729B580E5035AD6CA9969CFCC5CE58A220817B912E76B38BE6C29C3CA7680CB4E8198863D95A72EA65BD06FF7189B5C8475E4C1CE501AEAB 1 Malicious: false Reputation: low IE Cache URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js Preview: /*. * Copyright 2016 Small Batch, Inc.. *. * Licensed under the Apache License, Version 2.0 (the "License"); you may not. * use this file except in compliance with the Li cense. You may obtain a copy of. * the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, softwa re. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the. * License for the specific language governing permissions and limitations under. * the License.. */./* Web Font Loader v1.6.26 - (c) Adobe Systems, Google. License: Apache 2.0 */(function(){function aa(a,b,c){return a.call.apply(a.bind,arguments)}function ba(a,b,c){if(!a)throw Error();if(2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 43280 Entropy (8bit): 5.300447131447455 Encrypted: false MD5: 6346569BAE4A97B2B656A19B8761C271 SHA1: 289FE0DAB72CCE5953EECCBAB768AEFA9DCE7FF6 SHA-256: 11A480D7FAE4C434D1E97903EEE2C127AA212679FF7A28F4819338FB538189E9 SHA-512: 2D3E427C81A2D1B161A119AF441B484FB977438A2DEE09E07333F52592E1B2881A2ADA1E170D820B8FD05DD4824AD5293E2BF7B18131771782A3206A8E2B0E10 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/html5/common.js Preview: /*. * jQuery scrollintoview() plugin and :scrollable selector filter. *. * Version 1.8 (14 Jul 2011). * Requires jQuery 1.4 or newer. *. * Copyright (c) 2011 Robert Koritnik. * Lic ensed under the terms of the MIT license. * http://www.opensource.org/licenses/mit-license.php. */.(function(f){var c={vertical:{x:false,y:true},horizontal:{x:true,y:false},both: {x:true,y:true},x:{x:true,y:false},y:{x:false,y:true}};var b={duration:"fast",direction:"both"};var e=/^(?:html)$/i;var g=function(k,j){j=j||(document.defaultView&&document .defaultView.getComputedStyle?document.defaultView.getComputedStyle(k,null):k.currentStyle);var i=document.defaultView&&document.defaultView.getComputedStyle? true:false;var h={top:(parseFloat(i?j.borderTopWidth:f.css(k,"borderTopWidth"))||0),left:(parseFloat(i?j.borderLeftWidth:f.css(k,"borderLeftWidth"))||0),bottom:(parseFloat(i? j.borderBottomWidth:f.css(k,"borderBottomWidth"))||0),right:(parseFloat(i?j.borderRightWidth:f.css(k,"borderRightWidth"))||0)};return{top:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\md5[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 6269 Entropy (8bit): 5.525834194855405 Encrypted: false MD5: A6B81A1B266EC15DEE03287742C3FD2B SHA1: 292130BCE7267964021F6AED61E114BBBE9CC54E SHA-256: DF61117D7806F863533ACC213C4FDF87A667C109FC708EB4BEDB9D35E30ADB1A SHA-512: E1134313E0ED7A9CEB1BCBC84FE528E0579117DBCF260C34AC44BB43AC218E79D1A086B56C250888F966119E09E2EC2DF4AA8E3A72B34B1B51F8711AE3CC86 1F Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/html5/md5.js Preview: /*.CryptoJS v3.1.2.code.google.com/p/crypto-js.(c) 2009-2013 by Jeff Mott. All rights reserved..code.google.com/p/crypto-js/wiki/License.*/.var CryptoJS=CryptoJS||functio n(s,p){var m={},l=m.lib={},n=function(){},r=l.Base={extend:function(b){n.prototype=this;var h=new n;b&&h.mixIn(b);h.hasOwnProperty("init")||(h.init=function(){h.$super.in it.apply(this,arguments)});h.init.prototype=h;h.$super=this;return h},create:function(){var b=this.extend();b.init.apply(b,arguments);return b},init:function(){},mixIn:function(b){ for(var h in b)b.hasOwnProperty(h)&&(this[h]=b[h]);b.hasOwnProperty("toString")&&(this.toString=b.toString)},clone:function(){return this.init.prototype.extend(this)}},.q =l.WordArray=r.extend({init:function(b,h){b=this.words=b||[];this.sigBytes=h!=p?h:4*b.length},toString:function(b){return(b||t).stringify(this)},concat:function(b){var h= this.words,a=b.words,j=this.sigBytes;b=b.sigBytes;this.clamp();if(j%4)for(var g=0;g>>2]|=(a[g>>>2]>>>24-8*(g%4)&255)<<24-8*((j+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\render[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 91713 Entropy (8bit): 5.2187519382581575 Encrypted: false MD5: 36869F4ECD61327A927444D317B46D1E SHA1: 94F1705285DB273075C627C2EDA6B8E893910789

Copyright null 2020 Page 16 of 28 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\render[1].js SHA-256: D03D6B88182934227F2E07AE5B4698D2F36667F6ADB66FC8C6F4A3094FBA161B SHA-512: E450997424A8F9869704AE127C175FB62030B4B810E0868E64F14C0018FC11BF65FE3FAB1AAC5A5F1B414B541B308C3D9D6042281D4D27752000DF551FB1D9A3 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/html5/render.js Preview: (function () {...var debug = self.console ? console[console.debug ? 'debug' : 'log'].bind(console) : $.noop;...var DrawingLib = CB5.util.Drawing;..var Color = CB5.util.Co lor;..var render = CB5.render = {uniq:{}};...function mkDiv() { return $('

'); }..function mkLoading() { return $(''); }..function mkImage(src) { var img = new Image; img.src=src; return $(img); }..function mkA(label) { return $('').text(label);}...function gradient(el, c1, c2) {...el.css({backgroundImage:'--gradient(linear, left top, left bottom, from('+c1+'), to('+c2+'))'});//chrome 10+...el.css({backgroundImage:'-webkit-lin ear-gradient(top, '+c1+', '+c2+')'});//android...el.css({backgroundImage:'-moz-linear-gradient(top, '+c1+', '+c2+')'});..}...var transform = CB5.transform = function(o, value) {... o.WebkitTransform = o.MozTransform = o.msTransform = o.OTransform = o.transform=value;...return o;..};...// JSONP..funct

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\swfobject2[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 9759 Entropy (8bit): 5.5701524371723785 Encrypted: false MD5: EAA5417940C71F441B016B12C534665D SHA1: 66851AB2133E27B97C4F3048416B947AA7ED82C5 SHA-256: CAFD612EBD6BC497A7A05D3DFEF133A0B793F1E04E277B31C424D6D8892A1D48 SHA-512: A2C09B088E529C7305DCF624830ECBE1134DC7831280BF58752743445C8257C8A9D36A995971AD74FBC8B3AC0827C707A408B95E248FBBAE44217D2023493999 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/swfobject2.js Preview: /* SWFObject v2.1 ..Copyright (c) 2007-2008 Geoff Stearns, Michael Williams, and Bobby van der Sluis..This software is released under the MIT License .*/.var =function(){var b="undefined",Q="object",n="Shockwave Flash",p=" ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=nul l,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.p lugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(typeof T.mimeTypes!=b&&T.mimeTypes[P]&&!T.mimeTypes[P].enabledPlugin)){x=x.replace(/^.*\s+ (\S+\s+\S+$)/,"$1");AC[0]=parseInt(x.replace(/^(.*)\..*$/,"$1"),10);AC[1]=parseInt(x.replace(/^.*\.(.*)\s.*$/,"$1"),10);AC[2]=/r/.test(x)?parseInt(x.replace(/^.*r(.*)$/,"$1"),10):0 }}else{if(typeof j.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\p67h-22rbr4o2sgso-mhxpy[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=5, orientation=upper-left], baseline, precision 8, 1536x752, frames 3 Size (bytes): 50108 Entropy (8bit): 6.584555262004515 Encrypted: false MD5: 52391DC99CD8E03D330E40BA92B22A01 SHA1: 59DEA4F1AD63FEC450EF8D8AD2CAEEC2AF61ED38 SHA-256: 0571E977566ECDF45812F88DC6CF2CF16DFBB4F190FB0B633DB70A3E472266B4 SHA-512: 8E3DEFFA5145A0A4D3A1082FBE4E8FC89BE0F4680E951BC2BD58AD5D6FDBB1F31B1CFC616A4F2CA22DF502497C9713A3F7770AD6D128A4E9DA0A8F83F8E7C BE6 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/files/p67h-22rbr4o2sgso-mhxpy.jpg Preview: ...... JFIF.....x.x...... Exif..MM.*...... ;...... V.i...... d...... J......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\publish[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 21559 Entropy (8bit): 5.210243056790838 Encrypted: false MD5: B2586F9EACAD843AFB72E99ADAFC3F27 SHA1: B50B7E30E00B411341959F35AAE69A0715690DDB SHA-256: 81A8252A2A4D32B1148C1A4FB2BFC612B7D84FAA0A3655DA7422CE0A5E1831C3 SHA-512: F06B3986DF97C222FD1B35B5A6155C26336288C625AE25EA8FEA5CE6B37B3933F5451EC96B9C009DD7C5C862C59E4DD0281D8474A5373984AA11D5D4B1983F90 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/html5/publish.js

Copyright null 2020 Page 17 of 28 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\publish[1].js Preview: var CB5;.if (typeof CB5 == 'undefined') CB5 = {};..(function() {...//default texts for old sites..$(function () {...if (!CB5.config.texts) CB5.config.texts = {....pwdtext: 'A password is required to view this page!',....password: 'Password',....cancel: 'Cancel'...};....try {....//init localStorage....if (typeof(sessionStorage) != 'undefined').....CB5.session = sessionStorage;....else.....CB5.session = {};.....if (CB5.session.password).....CB5.submittedPassword = CB5.session.password;...} catch (e) {....CB5.session = {};...}..});...//f ix old links..$(function () {...if (!('structureMap' in CB5.config)) return;...$('a').each(function () {....var me = $(this);....var id = me.attr('data-linkref');....if (!id) return;....if (!(id in CB5.config.structureMap)) return;....var url = CB5.config.structureMap[id]+'.html';....if (url == me.attr('href')) return;....me.attr('href', url);...});..});...//form check ping, multipart for file upload..function initForm () {....var frm = $('#cb-form');...if

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\site-settings[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 112 Entropy (8bit): 4.340844293628675 Encrypted: false MD5: 431C7BD5F45B117FC88CABBCB6C60DC0 SHA1: AB4634F58D97FC3BF410641BE247A12E3748CB5A SHA-256: 699140ACDFD5B0A524EADEB6FB98C6274ECD314CA6513A683A76F928A0A655FD SHA-512: 92564EFE9FEE4B407E892A877803EBA07950371845C8AD090335D64E83780010058F97D7F4D997F3772FD144034E956A401EE2D620D57242D41D1F2ADE9BCAF6 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/site-settings.js?t=1599884391461 Preview: CB.siteSettings={"detection":{"desktop":"html5","desktopNoFlash":"html5","tablet":"html5","smartphone":"html5"}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\topbanner-en[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 2040 Entropy (8bit): 5.064759527291549 Encrypted: false MD5: E4701C9ABC1F6C9B57E5448A78B02F05 SHA1: 61C26EFFB1D900585DB82CD54B30C5B49BA659F7 SHA-256: 1521EFCA3FF240D62629096B652BA252C9A5B879A74A1B583D3A4D56E29F61A4 SHA-512: BA7D3DC7358931E207088F85F13BF11E7794BD713D59AD632CF409534C497422859A992B7F668C5720A1B34742D4F1D296160F7F7D89318F250FBB83EB235D59 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/topbanner/js/lang/topbanner-en.js Preview: TBDictionary = {../*.. * LANG CODE FOR THIS FILE.. */..lang: 'en',.../*.. * COMMON TEXTS.. */...siteRating: 'Site rating',..votes: 'Votes',..cancel: 'Cancel',..submit: 'S ubmit',..close: 'Close',..yes: 'Yes',..no: 'No',..../*.. * VOTING RESULT.. */..voteTitle: 'Vote Received',..voteMsg: 'Your vote has been received!

Thank you!< /b>',.../*.. * DUPLICATE VOTE.. */..duplicateVoteTitle: 'Vote Error',..duplicateVoteMsg: 'You have already voted!',..../*.. * CONTACT.. */..contactBtn: 'Contact site owne r',..contactTitle: 'Contact site owner',..contactName: 'Your Name:',..contactEmail: 'Your Email Address:',..contactMsg: 'Your Message:',..contactResp: 'Your message has b een sent to the owner of this site.',..../*.. * TELL A FRIEND.. */..tellBtn: 'Tell a friend',..tellTitle: 'Tell a friend',..tellEmail: 'Your email:',..tellFriends: 'Friends Email Addresses:' ,..tellMsg: 'Your Message:',..tellDefaultMsg : 'Hi, take a look at this great site!',..tellResp: 'Your recommendation of this site

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false Reputation: low IE Cache URL: https://ssl.google-analytics.com/u/ga.js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\html5[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text

Copyright null 2020 Page 18 of 28 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\html5[1].css Size (bytes): 11821 Entropy (8bit): 5.236312065228572 Encrypted: false MD5: 08E9905CD91D222EA982CB322A7050F0 SHA1: 4838224D4D1880973EF36D73B570DB95EEA9FAAB SHA-256: D1BC2CAAF88F64BD9CEC9DD4137A9A7B62425AF8DA3CD4E84E831163C1D0FDD2 SHA-512: 35959BE0CABB79AF291B447FB6B48851F27DAE9BAF03E4FD9F8024CA2556BFD53A300EDCA2406319C24C5C17E14AC20B6FA090BDA4F2404075AAEDFD4A273A 43 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/shared/html5/html5.css Preview: .html, body {..min-height: 100%;.}..body {width: 100%}..img {..border: 0;.}..#site-loading {..display: none;.}...b { font-weight: bold; }..i { font-style: italic; }..u { text-decoration: underline; }...askFlash {..font-family: sans-serif;..margin-top: 100px;..text-align: center;.}...cbel {..position:absolute;..-moz-box-sizing: border-box; -webkit-box-sizing: border- box; box-sizing: border-box;..transform-origin: 0px 0px;..-ms-transform-origin: 0px 0px;..-moz-transform-origin: 0px 0px;..-o-transform-origin: 0px 0px;..-webkit-transform- origin: 0px 0px;..font-family: Arial, sans-serif;..font-size: 12px;.}...cb-text {..font-size: 14px;.}../* text */..cb-text span {..white-space: pre-wrap;.}..cb-text2 span {..white-space: pre;.}..h1.cb-text2, h2.cb-text2, h3.cb-text2 {..display: block;..font-weight: normal;.}...cb-text ul, .cb-textTable ul {..margin:0;..padding-left:40px;.}...cb-text a, .cb-textButton a { text-decoration: inherit; }...cb-text .justify span {..white-space: normal;.}..cb-text

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\index[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 5854 Entropy (8bit): 5.405151108595665 Encrypted: false MD5: AA0DCF25FF60EE3A77B067E85F939D45 SHA1: FED3D3B80F9247189B379020ACFDACBFEBBF4A40 SHA-256: AD0C091D0275EF6DA5F378F02510408262F12EFA6DBD0F69DF46818C5F37ABEB SHA-512: 1CB3B94B9C25E837412A723B7078AE69C9FD31B22826D7EF2BF6DE517C7BA9D92B5FD60EFA80EA1B7A8458FA076D965ECA074A56E12D6C5B53EC793DE46A66 18 Malicious: false Reputation: low IE Cache URL: https://webexfix.cabanova.com/index.html Preview: ......Page.... .......... ................