ID: 441415 Cookbook: browseurl.jbs Time: 22:03:40 Date: 28/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Windows Analysis Report https://grenddottreliefss.cabanova.com/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 AV Detection: 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 6 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 18 No static file info 18 Network Behavior 18 Network Port Distribution 19 TCP Packets 19 UDP Packets 19 DNS Queries 19 DNS Answers 19 HTTPS Packets 19 Code Manipulations 21 Statistics 21 Behavior 21 System Behavior 21 Analysis Process: iexplore.exe PID: 4548 Parent PID: 792 21 General 21 File Activities 22 Registry Activities 22 Analysis Process: iexplore.exe PID: 5516 Parent PID: 4548 22 General 22 File Activities 22 Registry Activities 22 Disassembly 22

Copyright Joe Security LLC 2021 Page 2 of 22 Windows Analysis Report https://grenddottreliefss.caba…nova.com/

Overview

General Information Detection Signatures Classification

Sample URL: https://grenddottrelief ss.cabanova.com/ AAnntttiiivviiirrruuss /// SSccaannnneerrr ddeettteecctttiiioonn fffoorrr ssuubb…

Analysis ID: 441415 HAHTnTtMivLiLr u bbsoo d/d ySy ccaoonnntttaaeiiinrn sds e lllootewwc tnniouunm fbboeer rrrs ouoffbf … Infos: HHTTMLL ttbtiiittotllleed ydd ocoeoesns t nanoionttt s m loaawtttcc hhn uUUmRRbLLer of

Most interesting Screenshot: Ransomware HTML title does not match URL Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 48 Range: 0 - 100 Whitelisted: false Confidence: 100%

Process Tree

System is w10x64 iexplore.exe (PID: 4548 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 5516 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4548 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

AV Detection:

Copyright Joe Security LLC 2021 Page 3 of 22 AV Detection:

Antivirus / Scanner detection for submitted sample

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 441415 Process URL: https://grenddottreliefss.c... Signature Startdate: 28/06/2021 Architecture: WINDOWS Created File Score: 48 DNS/IP Info Is Dropped

Is Windows Process grenddottreliefss.cabanova.com Number of created Registry Values

Number of created Files started Visual Basic Antivirus / Scanner detection for submitted Delphi sample Java

.Net C# or VB.NET

C, C++ or other language iexplore.exe Is malicious

Internet 2 61

started

iexplore.exe

2 64

grenddottreliefss.cabanova.com sitebuilder.cabanova.com

94.130.246.164, 443, 49721, 49722 35.186.205.126, 443, 49734, 49735 code.jquery.com HETZNER-ASDE GOOGLEUS Germany United States

Screenshots

Thumbnails Copyright Joe Security LLC 2021 Page 4 of 22 This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://grenddottreliefss.cabanova.com/ 2% Virustotal Browse https://grenddottreliefss.cabanova.com/ 100% Avira URL Cloud phishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

Copyright Joe Security LLC 2021 Page 5 of 22 URLs

Source Detection Scanner Label Link www.asual.com/swfaddress/ 1% Virustotal Browse www.asual.com/swfaddress/ 0% Avira URL Cloud safe delicious.com/save?v=5&noui&jump=close&url=__URL__ 0% Avira URL Cloud safe https://delicious.com/save?v=5&noui&jump=close&url=__URL__ 0% Avira URL Cloud safe www.formspring.me/share?url=__URL__ 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.formspring.me/share?url=__URL__ 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation grenddottreliefss.cabanova.com 94.130.246.164 true false high sitebuilder.cabanova.com 35.186.205.126 true false high code.jquery.com unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://grenddottreliefss.cabanova.com/ false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 35.186.205.126 sitebuilder.cabanova.com United States 15169 GOOGLEUS false 94.130.246.164 grenddottreliefss.cabanova Germany 24940 HETZNER-ASDE false .com

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 441415 Start date: 28.06.2021 Start time: 22:03:40 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 2m 39s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://grenddottreliefss.cabanova.com/ Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes 6 analysed: Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0

Copyright Joe Security LLC 2021 Page 6 of 22 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: MAL Classification: mal48.win@3/35@4/2 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A1E0376-D897-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8502238635052335 Encrypted: false SSDEEP: 192:rHZMTZU2/WFtZkfcBBRMjJ3OLlLafUBKhX:r5M1DOPZKeB6jJ3OLlL4WKp MD5: 76DDCB8E8EF46CB7037ACFCA5976FAC8 SHA1: A61DF97DB2DC14F17CE0AA04952FF8A156A27DCF SHA-256: 8491F2FA2EF9EC55081B7CA2E6A41901193DA5DE8EA13BED745AF3F331348DCB SHA-512: 1E5360D5FB91197A01F50FD2A562AB5ACA0C1A3B45E73F9F0AFE3C415ED4939A0F6B07C165766A245A20A4C59CB3CE053103BC846F2D6B1BAF3839A01F5CD4D 6 Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 7 of 22 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A1E0376-D897-11EB-90E4-ECF4BB862DED}.dat

Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A1E0378-D897-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 28490 Entropy (8bit): 1.8712926467100992 Encrypted: false SSDEEP: 96:r3ZoTQo6uBSDjdn29W1M5AWTwwCwDdiHBR2rAD6+aJuD4TAdr:r3ZoTQo6ukDjV29W1M5AWTwFdr MD5: 4398F19BA9FF25E526C3C337813FCF27 SHA1: CC757CC6A692EEC9CC617CEEBB81D703D8BCCAE5 SHA-256: BC07400FBEC11B765E5CFC2FBA10AF7CDC55E66F5B0D30AFDAB2D86484C406FF SHA-512: E103089860930B605E17C760182DBF88C9949086DE5E165065084C5A9C039C40D352A378B717BBA8D9C90A6E27C38BAE832B5D0B3E288EB915D3166AFD38D85F Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A1E0379-D897-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5654760669468377 Encrypted: false SSDEEP: 48:IwGGcpr5ZGwpaeG4pQKGrapbSHGQpKWG7HpRBTGIpG:raZ5TQe68BSxABTXA MD5: A12CFEE5EB174E812EB7FFB40C435C90 SHA1: 5BA184E49DEDC2BE2D1579E733D349954AC3EE71 SHA-256: 7CB418E42152525C6ED650F7897E3E4253A3D4F6EE9894323EBF29352724F596 SHA-512: C99797DF7C6B56C7355A8724F2AED0F33FC7FA81BF5EFB4C8C074AD7D6BD207C08DC18A0872907896F6296A1F1589F9B24754E3B3C35CB1A3B6F3768AA030EF9 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\calendar[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 3594 Entropy (8bit): 7.905823813974178 Encrypted: false SSDEEP: 96:YSDZ/I09Da01l+gmkyTt6Hk8nTqqnVTrU3KGwVt:YSDS0tKg9E05TqarU6lVt MD5: 2E1717BFC7BF46725894C1A94688164D SHA1: 02C71DBCE02CBDEEE3786A7A60972727E2001F77 SHA-256: DE63E218BB4AC6BF84797BEEEC169084043C3EAB3E58DCC2ADCF1857BB1965C6 SHA-512: 58D3355574C78EFFDF1FCE299828645A6308AE98804B3DC2B5B27AEF5A7A3D428D7FFF2F8EB7C7415EF38546FCE55A1ED96017D843037E260C24A34E9D44D94B Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/calendar/calendar.png Preview: .PNG...... IHDR...... V.W....pHYs...... OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E.X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q. WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR #.,..4H.#...dk..9.,

Copyright Joe Security LLC 2021 Page 8 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\common[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 43280 Entropy (8bit): 5.300447131447455 Encrypted: false SSDEEP: 768:gVc/4ZlIdB35BLQbBd+TS04pYuIx2+gC1q+xx75eNTuaeKHO63ewJRP+:gumIffQbGMMx2+pjx7R63ZJRP+ MD5: 6346569BAE4A97B2B656A19B8761C271 SHA1: 289FE0DAB72CCE5953EECCBAB768AEFA9DCE7FF6 SHA-256: 11A480D7FAE4C434D1E97903EEE2C127AA212679FF7A28F4819338FB538189E9 SHA-512: 2D3E427C81A2D1B161A119AF441B484FB977438A2DEE09E07333F52592E1B2881A2ADA1E170D820B8FD05DD4824AD5293E2BF7B18131771782A3206A8E2B0E10 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/common.js Preview: /*. * jQuery scrollintoview() plugin and :scrollable selector filter. *. * Version 1.8 (14 Jul 2011). * Requires jQuery 1.4 or newer. *. * Copyright (c) 2011 Robert Koritnik. * Lic ensed under the terms of the MIT license. * http://www.opensource.org/licenses/mit-license.php. */.(function(f){var c={vertical:{x:false,y:true},horizontal:{x:true,y:false},both: {x:true,y:true},x:{x:true,y:false},y:{x:false,y:true}};var b={duration:"fast",direction:"both"};var e=/^(?:html)$/i;var g=function(k,j){j=j||(document.defaultView&&document .defaultView.getComputedStyle?document.defaultView.getComputedStyle(k,null):k.currentStyle);var i=document.defaultView&&document.defaultView.getComputedStyle? true:false;var h={top:(parseFloat(i?j.borderTopWidth:f.css(k,"borderTopWidth"))||0),left:(parseFloat(i?j.borderLeftWidth:f.css(k,"borderLeftWidth"))||0),bottom:(parseFloat(i? j.borderBottomWidth:f.css(k,"borderBottomWidth"))||0),right:(parseFloat(i?j.borderRightWidth:f.css(k,"borderRightWidth"))||0)};return{top:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-ui[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 32830 Entropy (8bit): 5.025632603678241 Encrypted: false SSDEEP: 384:dUvvdcT4Z2cT3zwCnNIuZ1aQpSBu40nSrpRkI5tunCzS25r4JC759:OdHXjRezS25 MD5: 51E9FEDB664BFAAC70D9DDD5F6AFAE14 SHA1: 9A484DA0D3861E51044AF6CAEF4D1271A1545EC4 SHA-256: 692B43CE7FC2DD1612D37633DA785030C2D6013B41E5FE42A8954FEC06A8E451 SHA-512: 54793D2B117CA1EDFC40BE6739C60B651D8F99A496F880581D0575085CDBEF37698FE1D2CF9C276B569C4C373AB51259C9585B7BA222169018DA4E6F1A2345DC Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/jquery-ui.css Preview: /*! jQuery UI - v1.9.1 - 2012-10-25.* http://jqueryui.com.* Includes: jquery.ui.core.css, jquery.ui.accordion.css, jquery.ui.autocomplete.css, jquery.ui.button.css, jquer y.ui.datepicker.css, jquery.ui.dialog.css, jquery.ui.menu.css, jquery.ui.progressbar.css, jquery.ui.resizable.css, jquery.ui.selectable.css, jquery.ui.slider.css, jquery. ui.spinner.css, jquery.ui.tabs.css, jquery.ui.tooltip.css, jquery.ui.theme.css.* Copyright 2012 jQuery Foundation and other contributors; Licensed MIT */../* Layout helpers.------*/..ui-helper-hidden { display: none; }..ui-helper-hidden-accessible { position: absolute !important; clip: rect(1px 1px 1px 1px); clip: rect(1px,1px,1px ,1px); }..ui-helper-reset { margin: 0; padding: 0; border: 0; outline: 0; line-height: 1.3; text-decoration: none; font-size: 100%; list-style: none; }..ui-helper-clearfix:before, .ui- helper-clearfix:after { content: ""; display: table; }..ui-helper-clearfix:after { clear: both; }..ui-helper-clearfi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 85589 Entropy (8bit): 5.366541542900301 Encrypted: false SSDEEP: 1536:kYE1JVoiB9JqZdXXe2pD3PgoIK6alrUnzZ6a4msO7R6xfWBP4TCddWHs3ghna98o:P4KZ+sOsOV6x6pwhna98HrU MD5: 6FC159D00DC3CEA4153C038739683F93 SHA1: 5D7E5BBFA540F0E53BD599E4305E1A4E815B5DD1 SHA-256: 8A102873A33F24F7EB22221E6B23C4F718E29F85168ECC769A35BFAED9B12CCE SHA-512: A574742476D89BDF841A26FAC51FF0FAE62CFEED95F38A1F3EB0699202D8C8ABE165826D514BCA4B2D69822F2D25901A72C3F081FD646E1238CF082EF0E28EA8 Malicious: false Reputation: low IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js Preview: /*! jQuery v2.2.0 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document? b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b) {var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.0",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uF EFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:func tion(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Copyright Joe Security LLC 2021 Page 9 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\render[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Category: downloaded Size (bytes): 91713 Entropy (8bit): 5.2187519382581575 Encrypted: false SSDEEP: 1536:Z6TwPz+pb3x0iDdnenCEoc0Bq0erR8O6bstodHhip1pEUbzR4HObsEnaiHVB14xK:UwDWeaFHhu1lCHLit MD5: 36869F4ECD61327A927444D317B46D1E SHA1: 94F1705285DB273075C627C2EDA6B8E893910789 SHA-256: D03D6B88182934227F2E07AE5B4698D2F36667F6ADB66FC8C6F4A3094FBA161B SHA-512: E450997424A8F9869704AE127C175FB62030B4B810E0868E64F14C0018FC11BF65FE3FAB1AAC5A5F1B414B541B308C3D9D6042281D4D27752000DF551FB1D9A3 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/render.js Preview: (function () {...var debug = self.console ? console[console.debug ? 'debug' : 'log'].bind(console) : $.noop;...var DrawingLib = CB5.util.Drawing;..var Color = CB5.util.Co lor;..var render = CB5.render = {uniq:{}};...function mkDiv() { return $('

'); }..function mkLoading() { return $(''); }..function mkImage(src) { var img = new Image; img.src=src; return $(img); }..function mkA(label) { return $('').text(label);}...function gradient(el, c1, c2) {...el.css({backgroundImage:'-webkit-gradient(linear, left top, left bottom, from('+c1+'), to('+c2+'))'});//chrome 10+...el.css({backgroundImage:'-webkit-lin ear-gradient(top, '+c1+', '+c2+')'});//android...el.css({backgroundImage:'-moz-linear-gradient(top, '+c1+', '+c2+')'});..}...var transform = CB5.transform = function(o, value) {... o.WebkitTransform = o.MozTransform = o.msTransform = o.OTransform = o.transform=value;...return o;..};...// JSONP..funct

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ui-bg_glass_55_fbf9ee_1x400[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1 x 400, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 120 Entropy (8bit): 5.746557697538451 Encrypted: false SSDEEP: 3:yionv//thPlE8SWlaAkxzqW5qkbOC9LuQcb0vPB1p:6v/lhPhSWlaAR2rC+Lu0rp MD5: F8F4558E0B92FF2CD6136781533902EC SHA1: 4966153F5260CC8B5B9EA3AFD5BD6B0DEE5BC7B1 SHA-256: 691597E8A40A891EA94D3589976ECFC33E6145C49422443B00AC2B5A0022964C SHA-512: B0C7CB1F3B612EBC60C409C658CD7D8D5C91F7C57ABB708CFAAB5A66AC3CB701292DC0330D700D0DAF92F867C00BDBC4BABF5958E0F1CA9B074A239E5FD34 848 Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/images/ui-bg_glass_55_fbf9ee_1x400.png Preview: .PNG...... IHDR...... oX.....?IDAT8...1..0.B...l..`.6C.s..<.].:.....[..&.B..A.....e7.l.QJ...... QY.*....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ui-bg_highlight-soft_75_cccccc_1x100[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1 x 100, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 101 Entropy (8bit): 5.22748545913947 Encrypted: false SSDEEP: 3:yionv//thPlEbtqNlJAM3wkvuDhvlEhebq//B1p:6v/lhPGuk4wkW1vlz6bp MD5: 72C593D16E998952CD8D798FEE33C6F3 SHA1: 53B50999C4C9838A2A2A190B54203AB9C6ACBB21 SHA-256: 54270656DF079C4DA5182629A080FC633B6F84B87985EB016D25A560E2C38D4A SHA-512: 5FEF26CC4A2EA289152E06DCAF95AD2176B812251EF5F91C24315B93444B72AB97C826830B1E296D1BF5B799D2238D490E99E4B3CC3488B2BE703C0919DC5D60 Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/images/ui-bg_highlight-soft_75_cccccc_1x100.png Preview: .PNG...... IHDR...... d.....G,Z`...,IDAT..cx....&....!D....J.q...../.....Cc.;....:*C..O....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\md5[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 6269 Entropy (8bit): 5.525834194855405 Encrypted: false SSDEEP: 96:ODWQGrx7n0PpRBfRhf9IBuVHcHIKWIbIfp+aU3C/1o3ft/:iGVsLVRhf9IBLoKXIfp+xpl/

Copyright Joe Security LLC 2021 Page 10 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\md5[1].js MD5: A6B81A1B266EC15DEE03287742C3FD2B SHA1: 292130BCE7267964021F6AED61E114BBBE9CC54E SHA-256: DF61117D7806F863533ACC213C4FDF87A667C109FC708EB4BEDB9D35E30ADB1A SHA-512: E1134313E0ED7A9CEB1BCBC84FE528E0579117DBCF260C34AC44BB43AC218E79D1A086B56C250888F966119E09E2EC2DF4AA8E3A72B34B1B51F8711AE3CC86 1F Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/md5.js Preview: /*.CryptoJS v3.1.2.code.google.com/p/crypto-js.(c) 2009-2013 by Jeff Mott. All rights reserved..code.google.com/p/crypto-js/wiki/License.*/.var CryptoJS=CryptoJS||functio n(s,p){var m={},l=m.lib={},n=function(){},r=l.Base={extend:function(b){n.prototype=this;var h=new n;b&&h.mixIn(b);h.hasOwnProperty("init")||(h.init=function(){h.$super.in it.apply(this,arguments)});h.init.prototype=h;h.$super=this;return h},create:function(){var b=this.extend();b.init.apply(b,arguments);return b},init:function(){},mixIn:function(b){ for(var h in b)b.hasOwnProperty(h)&&(this[h]=b[h]);b.hasOwnProperty("toString")&&(this.toString=b.toString)},clone:function(){return this.init.prototype.extend(this)}},.q =l.WordArray=r.extend({init:function(b,h){b=this.words=b||[];this.sigBytes=h!=p?h:4*b.length},toString:function(b){return(b||t).stringify(this)},concat:function(b){var h= this.words,a=b.words,j=this.sigBytes;b=b.sigBytes;this.clamp();if(j%4)for(var g=0;g>>2]|=(a[g>>>2]>>>24-8*(g%4)&255)<<24-8*((j+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\topbanner-en[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 2040 Entropy (8bit): 5.064759527291549 Encrypted: false SSDEEP: 48:fOl16up9khw4VY7aR+vWLQxP7Tb15Zzj2nR:fOl1qhwfm8uU9b13vGR MD5: E4701C9ABC1F6C9B57E5448A78B02F05 SHA1: 61C26EFFB1D900585DB82CD54B30C5B49BA659F7 SHA-256: 1521EFCA3FF240D62629096B652BA252C9A5B879A74A1B583D3A4D56E29F61A4 SHA-512: BA7D3DC7358931E207088F85F13BF11E7794BD713D59AD632CF409534C497422859A992B7F668C5720A1B34742D4F1D296160F7F7D89318F250FBB83EB235D59 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/topbanner/js/lang/topbanner-en.js Preview: TBDictionary = {../*.. * LANG CODE FOR THIS FILE.. */..lang: 'en',.../*.. * COMMON TEXTS.. */...siteRating: 'Site rating',..votes: 'Votes',..cancel: 'Cancel',..submit: 'S ubmit',..close: 'Close',..yes: 'Yes',..no: 'No',..../*.. * VOTING RESULT.. */..voteTitle: 'Vote Received',..voteMsg: 'Your vote has been received!

Thank you!< /b>',.../*.. * DUPLICATE VOTE.. */..duplicateVoteTitle: 'Vote Error',..duplicateVoteMsg: 'You have already voted!',..../*.. * CONTACT.. */..contactBtn: 'Contact site owne r',..contactTitle: 'Contact site owner',..contactName: 'Your Name:',..contactEmail: 'Your Email Address:',..contactMsg: 'Your Message:',..contactResp: 'Your message has b een sent to the owner of this site.',..../*.. * TELL A FRIEND.. */..tellBtn: 'Tell a friend',..tellTitle: 'Tell a friend',..tellEmail: 'Your email:',..tellFriends: 'Friends Email Addresses:' ,..tellMsg: 'Your Message:',..tellDefaultMsg : 'Hi, take a look at this great site!',..tellResp: 'Your recommendation of this site

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\topbanner[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 7843 Entropy (8bit): 5.417390425261283 Encrypted: false SSDEEP: 192:OcP/A+kLBr4oJhtgHpkEyVyUkOjRHSEBi7LvjxKSRU:OvLypvSZXj5SEErxpO MD5: 62E306D01AB3386C99929FDA532DF26D SHA1: 5A8BE1F76716546EFD388BB0FFD11FBE51E7F3F8 SHA-256: A9449176910BA3862B23A43DAAA1F53089DB82E1B52CBA4C3B2B6B0A5840D537 SHA-512: 6780C6B7CE927A5E0B0C5B2BDB46A4FAD9283A16CF654990C9E183C2D97EB479F4EB5C9116D9A4D264E8EC68E97CFF9D2FD32DE1398E56FFDF9DB34B013BD0 D5 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/topbanner/js/topbanner.js Preview: Topbanner = {..buttonAction: function(action)..{...if (action == 'next')....document.location = Topbanner.getActionUrl() + 'next/0';...else.....getApp().topbarWindow(action);..},.. .../*..getActionUrl: function()..{...return 'http://sitebuilder.cabanova.com/action/topbanner/';..},..*/.....getTranslation: function(key)..{...return TBDictionary[key];..},.....getElem: function(id)..{...return document.getElementById(id);..},....showVoteResult: function(result)..{...if (result == 'ok')...{....getApp().topbarWindow('vote');...}...else if (result == ' error')...{....getApp().topbarWindow('duplicatevote');...}..},...//template object is now available (in main flash app) and we are able to access config..onBuilderReady: function(vars) ..{.....var el = document.getElementById('topBanner');...el.style.display = 'block';...el.innerHTML = TBWidget.render(vars);...... //TBWidget.setAction(Topb anner.getActionUrl() + getApp().getConfig('userid')); ..},....render: function()..{...//document.write('

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ui-bg_flat_75_ffffff_40x100[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 40 x 100, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 178 Entropy (8bit): 5.025257364822932 Encrypted: false

Copyright Joe Security LLC 2021 Page 11 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ui-bg_flat_75_ffffff_40x100[1].png SSDEEP: 3:yionv//thPlVbtr/dyxNk5A6IWXMzLCn1cn1cn1cn1cn1cn1cn1cn1cn1cn1cn1e:6v/lhPyk5IkgLCCCCCCCCCCCCowp MD5: 8692E6EFDDF882ACBFF144C38EA7DFDF SHA1: A9BB131C4ACFF0D07FA7B7F21BEF05179C28D13B SHA-256: 39AB7CCD9F4E82579DA78A9241265DF288D8EB65DBBD7CF48AED2D0129887DF5 SHA-512: 9B895122B4E33060548380E9B5FB866BB3A26E8F1B8F75AD936DAC8A25D7FA0B1AD117F168A50D1F1825FC8F345170DB948C64BFB17B8D5337DF05917B9E62AE Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/images/ui-bg_flat_75_ffffff_40x100.png Preview: .PNG...... IHDR...(...d...... drz...yIDATh...1.. ...R.....7..(...... V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V..`%X.V.j...)2.N....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ui-bg_glass_75_e6e6e6_1x400[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1 x 400, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 110 Entropy (8bit): 5.608857120234495 Encrypted: false SSDEEP: 3:yionv//thPlE8SWlQshqu2k+UbltmDGbSTHUjtljp:6v/lhPhSWlQshVcUb3SG6Hajp MD5: F4254356C2A8C9A383205EF2C4DE22C4 SHA1: C81EA6FBA4DB897DF599670C6BF3B3B5764D4E54 SHA-256: DDF5DD4E0EF2B185E8BB0AF7B6E90EBE74A84384CB4700658E76E754C8BFE550 SHA-512: 74B651FBE06C334128291AAAE37FDB01D28F8C2F910C09054119BBA17385119FEEF641B569BB9E09017B85B30C3088184103DAB59DB0384851B13DBE4BD01E25 Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/images/ui-bg_glass_75_e6e6e6_1x400.png Preview: .PNG...... IHDR...... oX.....5IDAT8...1...... y.U.X...H.a....@..[.{[email protected]...... D.F....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ui-icons_222222_256x240[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 256 x 240, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 4369 Entropy (8bit): 7.755630054389065 Encrypted: false SSDEEP: 96:hEVZPtp81WREhVJ7lOGspuNUb7Chjer4ld/IRPwoUsSkh2k+MXR9g:UltpsWREhj7lOGspuc7Chj3d/IRPfUsq MD5: 9129E086DC488D8BCAF808510BC646BA SHA1: 1F12BAC718A6275823D9805CBE6BF6818838AA8C SHA-256: 57ADB0D65F4E91DACFEE975D9574422BEE7486C8A182D60133728C672F2CDBBC SHA-512: 6CB2F81DF413DB706EB9C27D93060E3081D147E1CD367553289DE1AC047A2FDA30920AFC47CFE6F7B5AE792DB02606BF363869F81B221FA6E49ED1A706F5C5D 1 Malicious: false Reputation: low IE Cache URL: https://code.jquery.com/ui/1.9.1/themes/base/images/ui-icons_222222_256x240.png Preview: .PNG...... IHDR...... IJ.....PLTE""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""]...... NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|...... (..$...... b...l.F>n~.hh.H.....IDATx..].b....H..-{i.ZK:g.lk.n..-.. tI....q...q? E.$..dK>.$.>..;...... P.Z.....s..V..h!...Sy..0...E.0}H.)-.....t.k..o..Kp....\.R...... E.7...... )..*V;~.Pe...Bx..*..,=$z...D...... J...... 9.{ ...... Hp.q.W@.."2'...... B.. [.$.. @T..i.H./..b.9.6.!..X.Hq`DE..*R...... H.V!.%...... ;...... "...... i...]..dddddddd...... 4y....5...... Rb...@(.8....Cd...... ,.@[email protected]!...... p..e.,...=4b.W .{..5....hu~.(...Q. .^@...3..=..."[email protected]...... q_....5...@,r....D.).T..|[email protected]...... [[email protected]...(....F .@.?..=0....puL..;g.$..@6

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\util[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text Category: downloaded Size (bytes): 15602 Entropy (8bit): 5.388706941367787 Encrypted: false SSDEEP: 384:yHTD0E7V1VMZatowcH/nYU8oDIuWvtpwDaiQ3O545j/Gb97Lo3LO7z:yHTD04V1VMZkG/eoDIRvtpwDaiQi45jS MD5: F086D69315489F7E20D087BD20F7B8F2 SHA1: 06395BC1793B0D125B78980FFAB7554750E3BDCD SHA-256: ADB40E61EDDA2CAA2A7145FEA20543F94A332A5F601B67E0FD4ED30DD5B0FC3A SHA-512: 11AF6E0526B1D30FFDA7B26AC8D58E8E77B5864A473B80F39344215601103C66C7ACA8398C1458FF846B94B07970240578A27222FE6B68C67F28BDBCEC984CB0 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/util.js Copyright Joe Security LLC 2021 Page 12 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\util[1].js Preview: var CB = {..tplWidth: 800,..bottomMargin: 20,..$: function(id) {...return document.getElementById(id);..},..createEl: function(tag, id) {...var el = document.createElemen t(tag);...if (id != null) el.id = id;...return el;..},..geom: function(el, left, top, width, height) {...var s = el.style;...s.position = 'absolute';...s.left = left+'px'; s.top = top+'px';...if (!wid th) return;...s.width = width+'px'; s.height = height+'px';..},..isIE: function () {...return navigator.userAgent.indexOf('MSIE') != -1;..},..ieVersion: function () {.. var a = /MSIE ([0-9]+)/.exec(navigator.userAgent);.. if (!a) return -1;.. return parseFloat(a[1]);..},..noHTML5: function () {...return (typeof Object.defineProperty != 'function') || (CB.isIE () && CB.ieVersion() < 9);..},....banner: null,..bannerSrc: null,..bannerLink: null,....doBannerTid:0,..doBanner: function(src, link) {...if (src) CB.bannerSrc = src;...if (link) C B.bannerLink = link;...clearTimeout(CB.doBannerTid);...CB.doBannerTid = setTimeo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\webfont[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 13188 Entropy (8bit): 5.4223896155104025 Encrypted: false SSDEEP: 384:i11kqRm4UjryX2DfatZrT80NCGz5r2zItrX:iEqRm4cy338m7d MD5: 7C96A5F11D9741541D5E3C42FF6380D7 SHA1: D3FA2564C021CF730E58FFDDB138CF6B57ED126E SHA-256: 81016AC6BE850B72DF5D4FAA0C3CEC8E2C1B0BA0045712144A6766ADFAD40BEE SHA-512: 23C162A2E268951729B580E5035AD6CA9969CFCC5CE58A220817B912E76B38BE6C29C3CA7680CB4E8198863D95A72EA65BD06FF7189B5C8475E4C1CE501AEAB 1 Malicious: false Reputation: low IE Cache URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js Preview: /*. * Copyright 2016 Small Batch, Inc.. *. * Licensed under the Apache License, Version 2.0 (the "License"); you may not. * use this file except in compliance with the Li cense. You may obtain a copy of. * the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, softwa re. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the. * License for the specific language governing permissions and limitations under. * the License.. */./* Web Font Loader v1.6.26 - (c) Adobe Systems, Google. License: Apache 2.0 */(function(){function aa(a,b,c){return a.call.apply(a.bind,arguments)}function ba(a,b,c){if(!a)throw Error();if(2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\58b95039c3364697b80b81e261aa0079[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 86 Entropy (8bit): 4.664150802767982 Encrypted: false SSDEEP: 3:RAWvQXscIfUWgcQWGRKOixJ9dJHX8S6M:pq9sBDGKjvJsi MD5: 8FDF688CEAFD773D3DCA1B6772317EB7 SHA1: EB8F72222DE173ECFE234CC878FC4513454A63E4 SHA-256: 4B8839AA6814D6F5142E5528D6082A0DB4A029D3A01E56032420E55813B4D1CD SHA-512: 1846164A93F71B200F88B3829C60254452A2E7E0A023EE8DA5159DDB9ECA8B90AE1EAF1F864D0B013B89ED84A624DF0005F09545D1EA9608B4E3E30EA616DC1 B Malicious: false Reputation: low IE Cache URL: https://sitebuilder.cabanova.com/action/form/html5/58b95039c3364697b80b81e261aa0079? u=1261528&cb_ping_js=1624943070523&cbjp=jQuery22005298977967228187_1624943069693&_=1624943069694 Preview: jQuery22005298977967228187_1624943069693({"token":1445,"attempts":0,"r":"84.17.52.9"})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 193 Entropy (8bit): 5.251893292984337 Encrypted: false SSDEEP: 6:0IFF6dLQ+56ZRWHTizlpdWwQtuWEjN1Nin:jFgd0O6ZRoT6ph1Y MD5: B482C6ACFCD440FC4AEB1DCA9008A67E SHA1: 3D4F2A16CEF6F6CCA1810038E229A588A361414F SHA-256: 4EA1CD190C263A133684355EBEA5BE1BA236A61A6BC57F72EFA51E127FFF9D85 SHA-512: 125D650310C55C809ACF6B9463FAB8C5EA2615C56D9FF149D82A1FCE8F63989642CDEB62E8BB9BE1BC9B7EB1837852C0CCF1C7A4E661B22C444C13E5D9C7288 A Malicious: false Reputation: low Preview: @font-face {. font-family: 'Bitter';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/bitter/v17/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLbOWw.w off) format('woff');.}. Copyright Joe Security LLC 2021 Page 13 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-ui.custom.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 41993 Entropy (8bit): 5.3479560749627755 Encrypted: false SSDEEP: 768:r0CyrSOLuUTm2pCQfMOPzddusI8zk1y9awfu5LYQp6tLC:r0CymOLZTm2pCQfMOPzdduX1y9ahp6tO MD5: 7821937F1FE99880AB2DD24108520F9F SHA1: A12FB45A03B0812F88A3D5FF5141CF5D5AB62280 SHA-256: 2AF8D4F5D448A15684B6B5ECA8E00A3DF5991F4626633320FDAEBE67C6631A95 SHA-512: D72154082410B883D01FE3810FC219A1ABC6CB989E24E0D86E28D2648E86FD9DD37CE330A5DF64DFCF1B1B6C5C97D453DDE383958605334B3E8D489569474D52 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/calendar/jquery-ui.custom.min.js Preview: /*! jQuery UI - v1.9.1 - 2012-11-07.* http://jqueryui.com.* Includes: jquery.ui.core.js, jquery.ui.datepicker.js.* Copyright (c) 2012 jQuery Foundation and other contributors Licensed MIT */..(function(e,t){function i(t,n){var r,i,o,u=t.nodeName.toLowerCase();return"area"===u?(r=t.parentNode,i=r.name,!t.href||!i||r.nodeName.toLowerCase()! =="map"?!1:(o=e("img[usemap=#"+i+"]")[0],!!o&&s(o))):(/input|select|textarea|button|object/.test(u)?!t.disabled:"a"===u?t.href||n:n)&&s(t)}function s(t){return e.expr.fil ters.visible(t)&&!e(t).parents().andSelf().filter(function(){return e.css(this,"visibility")==="hidden"}).length}var n=0,r=/^ui-id-\d+$/;e.ui=e.ui||{};if(e.ui.version)return;e.exte nd(e.ui,{version:"1.9.1",keyCode:{BACKSPACE:8,COMMA:188,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,LEFT:37,NUMPAD_ADD:107 ,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,P ERIOD:190,RIGHT:39,SPACE:32,TAB:9,UP:38}}),e.fn.extend({_foc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\publish[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 21559 Entropy (8bit): 5.210243056790838 Encrypted: false SSDEEP: 384:yqFXaLzWzsf4z+rwmyNOguv9Xq+zXnlVoYEjYfdhjl+UEh:yqFXEzEnmckvNq+zXl2YY3J MD5: B2586F9EACAD843AFB72E99ADAFC3F27 SHA1: B50B7E30E00B411341959F35AAE69A0715690DDB SHA-256: 81A8252A2A4D32B1148C1A4FB2BFC612B7D84FAA0A3655DA7422CE0A5E1831C3 SHA-512: F06B3986DF97C222FD1B35B5A6155C26336288C625AE25EA8FEA5CE6B37B3933F5451EC96B9C009DD7C5C862C59E4DD0281D8474A5373984AA11D5D4B1983F90 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/publish.js Preview: var CB5;.if (typeof CB5 == 'undefined') CB5 = {};..(function() {...//default texts for old sites..$(function () {...if (!CB5.config.texts) CB5.config.texts = {....pwdtext: 'A password is required to view this page!',....password: 'Password',....cancel: 'Cancel'...};....try {....//init localStorage....if (typeof(sessionStorage) != 'undefined').....CB5.session = sessionStorage;....else.....CB5.session = {};.....if (CB5.session.password).....CB5.submittedPassword = CB5.session.password;...} catch (e) {....CB5.session = {};...}..});...//f ix old links..$(function () {...if (!('structureMap' in CB5.config)) return;...$('a').each(function () {....var me = $(this);....var id = me.attr('data-linkref');....if (!id) return;....if (!(id in CB5.config.structureMap)) return;....var url = CB5.config.structureMap[id]+'.html';....if (url == me.attr('href')) return;....me.attr('href', url);...});..});...//form check ping, multipart for file upload..function initForm () {....var frm = $('#cb-form');...if

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\r1eg-6lb9biaekve8-c5nmm[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 225 x 225, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 5261 Entropy (8bit): 7.940589966495902 Encrypted: false SSDEEP: 96:rLq8G+ve6NJaOohMj3uS5219j9o0YBsixL/CXNJRsy2DJ7uuKYX88QiYf4epi:vqh6rzZiZvYBV/CX23DJX/8Dv4ii MD5: 4FFBB0B3E2F67F31389DE146925F9398 SHA1: AF497F2D83E3F5D85A112780758312F9D76B24D5 SHA-256: 9EDDC9D0D6D5901936CAEFDD189F751B174B652288989BC5F24C4A1FAB989CC4 SHA-512: 7D439E42359AA995CB18697FDDE3785060BA6A946D4AB87319525C791522EEE5B4FB20ADE76415F2B635A774F8B79EF6528506BF94F47B0C42A7837D6A0957C8 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/files/r1eg-6lb9biaekve8-c5nmm.jpg Preview: .PNG...... IHDR...... m"H....PLTE!V?...... O;.S=.G7.H7.R=y.k.M:.I..E6.L9...8!.R:....p...D&...N5..HtQ..u..~...... *]Cn.e.F)....R}Vg.a6fHBoN...... 2.1bFV.X...a.^..yx...... ? *b.pKq]f.t...?iU/^I.>"&[?.B,...... Q2.@...... IDATx..y[.:[email protected]...... Ts.df.L&H.....oj5.....V.b.6s.V...s.D.fS.hc._...... \...ww.:,<...... o...pl...g.j_..i.]...... K. +...... _.Ygl..Z...IK. l..n.<..*..,G....-..;n...R0ao...... ;82[.SVr.!24.<...... %.}:ew...%..@)?v.a".\.Z=.l.@...)..J.tg..m...cY.f.#..M.NII.w.Tgc..z.]g!.. .~n._.I{/..T.v.gDn.CLG.'.~L.j]..Q.+h{F...... c.....%.U..h.=_..i].<*<...... YVZ.4.?..k../'.../.\g.&%l.&c..o...LcP.L\..>.Ud.$...... |.#._.|'..XU;7.n.k...1...y/$s.{[email protected]@.ZM....A...... @..N...'| .\..@...... X4O....j...... @..q....{n...... AF.<.....g#..b2...J.t..4R.nN.XK.M...... y...... ;..7r..,..6.."c....t..o....'..&.H80#..x.r.....ZeA8..R.P.!..u...... OF(..=....z

Copyright Joe Security LLC 2021 Page 14 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\swfobject2[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 9759 Entropy (8bit): 5.5701524371723785 Encrypted: false SSDEEP: 192:bjnscERFXly2Zyv+OtgPycVpEhCQP+JZYyDevy6U7DnNhrWhFDhc5gQ5lF04E5ch:bjscwy2ZymOtgPXEhJqayD6y77DnTrWE MD5: EAA5417940C71F441B016B12C534665D SHA1: 66851AB2133E27B97C4F3048416B947AA7ED82C5 SHA-256: CAFD612EBD6BC497A7A05D3DFEF133A0B793F1E04E277B31C424D6D8892A1D48 SHA-512: A2C09B088E529C7305DCF624830ECBE1134DC7831280BF58752743445C8257C8A9D36A995971AD74FBC8B3AC0827C707A408B95E248FBBAE44217D2023493999 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/swfobject2.js Preview: /* SWFObject v2.1 ..Copyright (c) 2007-2008 Geoff Stearns, Michael Williams, and Bobby van der Sluis..This software is released under the MIT License .*/.var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p=" ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=nul l,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.p lugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(typeof T.mimeTypes!=b&&T.mimeTypes[P]&&!T.mimeTypes[P].enabledPlugin)){x=x.replace(/^.*\s+ (\S+\s+\S+$)/,"$1");AC[0]=parseInt(x.replace(/^(.*)\..*$/,"$1"),10);AC[1]=parseInt(x.replace(/^.*\.(.*)\s.*$/,"$1"),10);AC[2]=/r/.test(x)?parseInt(x.replace(/^.*r(.*)$/,"$1"),10):0 }}else{if(typeof j.A

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\R512LVMF.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 32507 Entropy (8bit): 5.460896190684413 Encrypted: false SSDEEP: 768:1U2QvQZQ89KKvJaGcoQDDU9V0E31Q6TmWd:JaGcoQDDU9mE31rTmWd MD5: 598A6D7E28429D897FD06CAB0A5BCB59 SHA1: 3E5FA9BED14C81348EA054A09453B2686FA8E422 SHA-256: 6040E9F405DF6B4DFB4A3A52C4BAB699C8755E60DFB3895FDCAA9B564F2B7B9D SHA-512: E4334AD945C5D290DA3908BEE8C6A325C537D78C63B5D97A030391771FE454E1C0044C8E1C492AECE3E0416DD647D1026A7AA864F2F85E71D62583AAD884C027 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/ Preview: .................... ................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false SSDEEP: 768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false Reputation: low IE Cache URL: https://ssl.google-analytics.com/u/ga.js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d

Copyright Joe Security LLC 2021 Page 15 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\html5[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 11821 Entropy (8bit): 5.236312065228572 Encrypted: false SSDEEP: 192:AcrpjmZuMLJAbuHuhwzvKBvqA6qmYgKh7YlNL2qh0Wh1JFM+yiFaFZW6xF+ZbAhR:AcrpJMLqtBvqzYgKh7YlNL2qh0Wh1JGh MD5: 08E9905CD91D222EA982CB322A7050F0 SHA1: 4838224D4D1880973EF36D73B570DB95EEA9FAAB SHA-256: D1BC2CAAF88F64BD9CEC9DD4137A9A7B62425AF8DA3CD4E84E831163C1D0FDD2 SHA-512: 35959BE0CABB79AF291B447FB6B48851F27DAE9BAF03E4FD9F8024CA2556BFD53A300EDCA2406319C24C5C17E14AC20B6FA090BDA4F2404075AAEDFD4A273A 43 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/html5/html5.css Preview: .html, body {..min-height: 100%;.}..body {width: 100%}..img {..border: 0;.}..#site-loading {..display: none;.}...b { font-weight: bold; }..i { font-style: italic; }..u { text-decoration: underline; }...askFlash {..font-family: sans-serif;..margin-top: 100px;..text-align: center;.}...cbel {..position:absolute;..-moz-box-sizing: border-box; -webkit-box-sizing: border- box; box-sizing: border-box;..transform-origin: 0px 0px;..-ms-transform-origin: 0px 0px;..-moz-transform-origin: 0px 0px;..-o-transform-origin: 0px 0px;..-webkit-transform- origin: 0px 0px;..font-family: Arial, sans-serif;..font-size: 12px;.}...cb-text {..font-size: 14px;.}../* text */..cb-text span {..white-space: pre-wrap;.}..cb-text2 span {..white-space: pre;.}..h1.cb-text2, h2.cb-text2, h3.cb-text2 {..display: block;..font-weight: normal;.}...cb-text ul, .cb-textTable ul {..margin:0;..padding-left:40px;.}...cb-text a, .cb-textButton a { text-decoration: inherit; }...cb-text .justify span {..white-space: normal;.}..cb-text

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\r1eg-6lbn56n3mnzk-hbeiu[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 954 x 954, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 412877 Entropy (8bit): 7.984560269325148 Encrypted: false SSDEEP: 6144:leFH0EtnltVaEVQXvmv4I0F1uuoliXnZ/W93pG5vfdUhvm0TMHkgVIUqlzSul0EH:leFUEmE+vm10/uNmZsQtfdUM37ulMeP MD5: 1A4A5128A7452C6858483530441DCAD8 SHA1: CB369EE69EBE12339C2797B942B00379BC205A6A SHA-256: A6D2B260B60CFB550F0FD66C848D9CAE04808C21B54D43A7E4739E5698A0E82C SHA-512: E6C1AC1FE2377494AB2C1AF64B6E00ADBEDE0780FCCF4E034AA6F26A569EA44FBECB54C45BB90F13E73135A4B6CA44F5FAA7893E4E2D41EE3ACC56F7E69B6 D86 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/files/r1eg-6lbn56n3mnzk-hbeiu.jpg Preview: .PNG...... IHDR...... +m....pHYs...... +.... .IDATx..{.U.?....o?h.nh...... '...A|D..1.I|...... d..de.~.c\.f..,ueM._...M.....&>...... B..~...... <...S...?kA.s.j.]U..?gW..0.....`0.....`0... ..`0.....`0.....`0...... `0...c."...3..Q-..}.Wj.....P...... g...... ".<(Wu...... !...(.C....nO.;8.c...... q.Yg...... T].q...... `..`..`0..C.'.pBf.q*...... /.P....M.....R..oCx."...! .....m...si.CY....\.. nHJ.%..Rv.h....K....=8n....x..>.I..w..P{{..;.c.f...`0.J0.e0...A.k...... E.Z....j..[.`....@.."...... 8..M.i.Sm.s!le&QM.g..dQr]...... ]...mR.6!D..6)e.5k..{..(.c._WGGG.C.=4....`0..0.e0....! ..z.r...../.....z)e.."....rR..E..{&..R..4.j.A.I..&...... C...... z..=....qOWWW..O?...... 3..`0.....]...`.3...... P...... N..`...... ={6.}..R..8.<.....C.K$..r.$|n.8l....Y9.[.n.V.[...`3...{..?...FP.#..-. ..&.u3....Q*..2....d.u.Y.l6[. .:e.._.....L.p,....L.B.f?...Q.xm.mYN..i..|...U7-.j.O.w.et]K..1...%+e?r...w...R...l....l...... ^y.....`

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\r1eg-6lbvng37yui8-h30qp[1].jpg

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 954 x 476, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 443771 Entropy (8bit): 7.996091664237743 Encrypted: true SSDEEP: 12288:zBODOPUuaLnqECdXXjZXhhAzWbKphfN/BZvV1:aOFMaPKphfNN1 MD5: 18F0FC5F76C52DB5F15129AB1E05B624 SHA1: 6CE3737C62BD5302D03DEDC8266A49CE767D074E SHA-256: B58693E806D9C6D20B218D3415C2B741A61499830924D1DBD6D533C363FE096E SHA-512: 766C062532397E70043D478FBF9075FFFF18C341461A1A526AD67D808F92ED6A84FDE452EA26F7D3B612622F5C992F022D9FDE41BCD14A99B05F47F655CDA6B2 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/files/r1eg-6lbvng37yui8-h30qp.jpg Preview: .PNG...... IHDR...... 6...... pHYs...... +.... .IDATx..i.m.u...... 9....zbw..#IQ$MQ..J.%S.%1..!..(r`[email protected].&...Q...Q@..%....b.lQ".M.._..o.....^+?.V.}..Al...... {..v. ..V.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.... .p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.... .p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.....p8.... .p8.....p8.....p8.....p8.....p8.....p8.....p8..W..jw..D...... 1M....N....>03D....W.b..v....K..&.}U*..^..]x.."...... $....~Q....w..[..[^...... ;...K.+.(..3a.}.Bn.%..i.

Copyright Joe Security LLC 2021 Page 16 of 22 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLbOWw[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 32024, version 1.1 Category: downloaded Size (bytes): 32024 Entropy (8bit): 7.986874466351773 Encrypted: false SSDEEP: 768:X79u9MOjTgogLOD+/AnSyt996ojWWQJiL3jiK7vgAWWAJGc:LU6OjTgoYCsASyEoaWQJiLTJ7IAWWAJV MD5: 35E01948B689CA3F115863E430DCB8AE SHA1: 72DFA542ABBBFFEF18C7B77249D27557648EE2A0 SHA-256: E8B8E934C5A8DD3DC9504913E464174D5A320074CFB5DA85E2789ED167661C3B SHA-512: F2A7F5FDCA5298A3F35A6AF277C6D1B5E8EF7CA55BE90D49CB3CB93BCD3346A778E47F378F173FB52EA74330D094C7AF26A8E48D2EAE57F48F68DFC45EF7B3 63 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/bitter/v17/raxhHiqOu8IVPmnRc6SY1KXhnF_Y8fbfOLbOWw.woff Preview: wOFF...... }...... L...... GDEF...l...... 9.8yGPOS...$...w..A.S...GSUB...... ?..OS/2...T...P...`a.>.STAT...... <...H.z.)cmap...... 9...... gasp..!...... glyf..!$..P...... n2head..r....6...6..m.hhea..rT...... $....hmtx..rt...e...h.aktloca..v...... 6X.4.maxp..{...... name..{...... P9.Yupost..|...... 2prep..}...... h...x....R.`.E.{...d.^D.e7..I.i..5.K.._. yd..*2..D1J...l..|Z.z..Z.j.]..5.Z+z..z.....n...... a:..:.I.Oy./y.ox.oy..x..y...... _.._.....?.....U`.p|...!.'.D..*pU..3a..y....?...... W.'...x.d..t$A....`6.Lgf...l.m=.}.g..g.m+Njwn....\ ..(..p.^.~s.v .3.?..w.>[email protected]... !..R..r..\i/...Z..w.....S...... T.J...W^.5D..Z...l.+E.g..RQ..r...... uX.Z..JM..)#.I.<._6[fZ.[.Z.k7...... -.$...... s..D....z..W.D..Xig...w._W..z...... = `v.O.z`RP..A....M...j.;..ZC...... 'w.f....\..z.#n.?=k....{D...K..'...a.k=.....>....e.5{dXy.5J...... P....!...8#...|...... [.....L0.0:.0..!.V.#.5bP.5j.!k4fJ..Z.4.2e..}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\site-settings[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 112 Entropy (8bit): 4.340844293628675 Encrypted: false SSDEEP: 3:ST0wVzWmGffOHfjnR+OrtKjg+DcXPISn:a0mqxeH9rccIS MD5: 431C7BD5F45B117FC88CABBCB6C60DC0 SHA1: AB4634F58D97FC3BF410641BE247A12E3748CB5A SHA-256: 699140ACDFD5B0A524EADEB6FB98C6274ECD314CA6513A683A76F928A0A655FD SHA-512: 92564EFE9FEE4B407E892A877803EBA07950371845C8AD090335D64E83780010058F97D7F4D997F3772FD144034E956A401EE2D620D57242D41D1F2ADE9BCAF6 Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/site-settings.js?t=1624943069693 Preview: CB.siteSettings={"detection":{"desktop":"html5","desktopNoFlash":"html5","tablet":"html5","smartphone":"html5"}}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\swfaddress[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CR line terminators Category: downloaded Size (bytes): 16614 Entropy (8bit): 5.530643367399172 Encrypted: false SSDEEP: 384:ByHYgGklJawDflJwdkxNwI8Q7Xe4huLWayInv7AG7MMM8wASbWi7vJu:BypuMJw+krYxhuLWzInvUG7M/8wASbJu MD5: 87578E3BCF2C5666B58DE0479FEDEF99 SHA1: A3D85C6980F789EEE146D8F86F57DA3D2697E0CE SHA-256: D064C6114FC104846E2DBCC6378A1B7A6D81619A0A4667000318236D3F58C001 SHA-512: E31BB045B130E6720B44167A1B08AF59C95B8A4448C627A5882CC813FB0552C237BB8F3D555ADCF77870C75AF7190841BF02E115057D2123534FA243EB53B2CA Malicious: false Reputation: low IE Cache URL: https://grenddottreliefss.cabanova.com/shared/swfaddress.js Preview: /**. * SWFAddress 2.2: Deep linking for Flash and Ajax . *. * SWFAddress is (c) 2006-2008 Rostislav Hristov and contributors. * This software is released under the MIT License . *. */..//cross domain patch: try-catch.try {..if(typeof asual=="undefined"){ asual={};}if(typeof asual.swfaddress=="undefined"){asual.swfaddress={};}if(typeof asual.util=="undefined"){asual.util={};}asual.util.Browser=new function(){var B=-1,D=nav igator.userAgent,H=false,G=false,F=false,A=false,C=false,I=false;var E=function(K,J){return parseFloat(D.substr(D.indexOf(K)+J));};if(A=/Opera/.test(D)){B=parse Float(navigator.appVersion);}if(H=/MSIE/.test(D)){B=E("MSIE",4);}if(I=/Chrome/.test(D)){B=E("Chrome",7);}if(G=/Camino/.test(D)){B=E("Camino",7);}if(F=(/AppleWeb Kit/.test(D)&&!I)){B=E("Safari",7);}if(C=(/Firefox/.test(D)&&!G)){B=E("Firefox",8);}this.toString=function(){return "[class Browser]";};this.getVersion=function(){return

C:\Users\user\AppData\Local\Temp\~DF8E30E783898853C7.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 36251

Copyright Joe Security LLC 2021 Page 17 of 22 C:\Users\user\AppData\Local\Temp\~DF8E30E783898853C7.TMP Entropy (8bit): 0.5881008539069152 Encrypted: false SSDEEP: 96:kBqoxKAuvScS+w2st2KwwCwDdiHBR2rAD6+aJuD4T:kBqoxKAuqR+w2st2Kw MD5: B29725823DEA27DEA3F2827BE846DF0F SHA1: E257D66E797273335137C10B77E96FB93E9AEC93 SHA-256: 2596D4D15BDCAA0C14C7F59D4D09663BF0D950190DCBF2285139B1A369BDB1AB SHA-512: FC32105439E2DCFEB99748C25CBA52BD4D250739FBAC4B5D7E62A1E440630E3F7374C264F13D1D63C4F0E63D179E6EC98A818D45FE353D20117DEB1738347F3F Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

C:\Users\user\AppData\Local\Temp\~DF9EF9CA015033E235.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 13029 Entropy (8bit): 0.4799053277778267 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9loQtF9loQn9lWQ7Jk0d5WJknRpkknRAp3W3A:kBqoIb9Z0dln3jny MD5: 36B5B1895FD7ABE3975FDD72A40D2BF9 SHA1: B5BD16EE7D4AEF24C7B687ACA09843D8FB6C65FA SHA-256: DB51AE4E7BD3B10361ED7C6D350C63D517C5FBAA6F09C9FBDA145B0689B832FA SHA-512: 42835F85A93A5B3200BE7C4CD9ABB6FC13F2C8990357B1ED8CE53CE9B22422F650C0327A8C17E711AB1FEADD1FBAA4DBD430A4ADD76624E557544AC7F08048 39 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

C:\Users\user\AppData\Local\Temp\~DFB360D9C985062344.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25441 Entropy (8bit): 0.27918767598683664 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab MD5: AB889A32AB9ACD33E816C2422337C69A SHA1: 1190C6B34DED2D295827C2A88310D10A8B90B59B SHA-256: 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA SHA-512: BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

Static File Info

No static file info

Network Behavior

Copyright Joe Security LLC 2021 Page 18 of 22 Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jun 28, 2021 22:04:28.706948996 CEST 192.168.2.3 8.8.8.8 0x5f85 Standard query grenddottr A (IP address) IN (0x0001) (0) eliefss.ca banova.com Jun 28, 2021 22:04:30.022816896 CEST 192.168.2.3 8.8.8.8 0x12db Standard query code.jquery.com A (IP address) IN (0x0001) (0) Jun 28, 2021 22:04:30.309376955 CEST 192.168.2.3 8.8.8.8 0x99c Standard query sitebuilde A (IP address) IN (0x0001) (0) r.cabanova.com Jun 28, 2021 22:04:45.096616030 CEST 192.168.2.3 8.8.8.8 0x1355 Standard query grenddottr A (IP address) IN (0x0001) (0) eliefss.ca banova.com

DNS Answers

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 28, 2021 8.8.8.8 192.168.2.3 0x5f85 No error (0) grenddottr 94.130.246.164 A (IP address) IN (0x0001) 22:04:28.773657084 eliefss.ca CEST banova.com Jun 28, 2021 8.8.8.8 192.168.2.3 0x12db No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME IN (0x0001) 22:04:30.072953939 (Canonical CEST name) Jun 28, 2021 8.8.8.8 192.168.2.3 0x99c No error (0) sitebuilde 35.186.205.126 A (IP address) IN (0x0001) 22:04:30.366599083 r.cabanova.com CEST Jun 28, 2021 8.8.8.8 192.168.2.3 0x1355 No error (0) grenddottr 94.130.246.164 A (IP address) IN (0x0001) 22:04:45.174063921 eliefss.ca CEST banova.com

HTTPS Packets

Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 28, 2021 94.130.246.164 443 192.168.2.3 49722 CN=*.cabanova.com CN=R3, CN=R3, O=Let's Fri May Thu Aug 771,49196-49195- 9e10692f1b7f78228b2d4e 22:04:28.934695959 O=Let's Encrypt, C=US Encrypt, C=US 14 12 49200-49199- 424db3a98c CEST CN=ISRG Root X1, CN=ISRG Root X1, 23:11:49 23:11:49 49188-49187- O=Internet Security Research O=Internet Security CEST CEST 49192-49191- Group, C=US Research Group, 2021 Fri 2021 49162-49161- C=US CN=DST Root Sep 04 Mon 49172-49171-157- CA X3, O=Digital 02:00:00 Sep 15 156-61-60-53-47- Signature Trust Co. CEST 18:00:00 10,0-10-11-13-35- 2020 CEST 16-23-24- Wed 2025 65281,29-23-24,0 Jan 20 Mon 20:14:03 Sep 30 CET 20:14:03 2021 CEST 2024 CN=R3, O=Let's Encrypt, CN=ISRG Root X1, Fri Sep Mon C=US O=Internet Security 04 Sep 15 Research Group, 02:00:00 18:00:00 C=US CEST CEST 2020 2025 CN=ISRG Root X1, CN=DST Root CA Wed Mon O=Internet Security Research X3, O=Digital Jan 20 Sep 30 Group, C=US Signature Trust Co. 20:14:03 20:14:03 CET CEST 2021 2024

Copyright Joe Security LLC 2021 Page 19 of 22 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 28, 2021 94.130.246.164 443 192.168.2.3 49721 CN=*.cabanova.com CN=R3, CN=R3, O=Let's Fri May Thu Aug 771,49196-49195- 9e10692f1b7f78228b2d4e 22:04:28.934804916 O=Let's Encrypt, C=US Encrypt, C=US 14 12 49200-49199- 424db3a98c CEST CN=ISRG Root X1, CN=ISRG Root X1, 23:11:49 23:11:49 49188-49187- O=Internet Security Research O=Internet Security CEST CEST 49192-49191- Group, C=US Research Group, 2021 Fri 2021 49162-49161- C=US CN=DST Root Sep 04 Mon 49172-49171-157- CA X3, O=Digital 02:00:00 Sep 15 156-61-60-53-47- Signature Trust Co. CEST 18:00:00 10,0-10-11-13-35- 2020 CEST 16-23-24- Wed 2025 65281,29-23-24,0 Jan 20 Mon 20:14:03 Sep 30 CET 20:14:03 2021 CEST 2024 CN=R3, O=Let's Encrypt, CN=ISRG Root X1, Fri Sep Mon C=US O=Internet Security 04 Sep 15 Research Group, 02:00:00 18:00:00 C=US CEST CEST 2020 2025 CN=ISRG Root X1, CN=DST Root CA Wed Mon O=Internet Security Research X3, O=Digital Jan 20 Sep 30 Group, C=US Signature Trust Co. 20:14:03 20:14:03 CET CEST 2021 2024 Jun 28, 2021 35.186.205.126 443 192.168.2.3 49734 CN=www.cabanova.com CN=Sectigo RSA Mon Feb Sun Mar 771,49196-49195- 9e10692f1b7f78228b2d4e 22:04:30.562068939 CN=Sectigo RSA Domain Domain Validation 24 13 49200-49199- 424db3a98c CEST Validation Secure Server CA, Secure Server CA, 01:00:00 00:59:59 49188-49187- O=Sectigo Limited, L=Salford, O=Sectigo Limited, CET CET 49192-49191- ST=Greater Manchester, L=Salford, 2020 Fri 2022 49162-49161- C=GB CN=USERTrust RSA ST=Greater Nov 02 Wed 49172-49171-157- Certification Authority, O=The Manchester, C=GB 01:00:00 Jan 01 156-61-60-53-47- USERTRUST Network, CN=USERTrust RSA CET 00:59:59 10,0-10-11-13-35- L=Jersey City, ST=New Certification 2018 CET 16-23-24- Jersey, C=US Authority, O=The Mon Feb 2031 65281,29-23-24,0 USERTRUST 01 Tue Jan Network, L=Jersey 01:00:00 19 City, ST=New CET 00:59:59 Jersey, C=US 2010 CET CN=USERTrust RSA 2038 Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=Sectigo RSA Domain CN=USERTrust RSA Fri Nov Wed Validation Secure Server CA, Certification 02 Jan 01 O=Sectigo Limited, L=Salford, Authority, O=The 01:00:00 00:59:59 ST=Greater Manchester, USERTRUST CET CET C=GB Network, L=Jersey 2018 2031 City, ST=New Jersey, C=US CN=USERTrust RSA CN=USERTrust RSA Mon Feb Tue Jan Certification Authority, O=The Certification 01 19 USERTRUST Network, Authority, O=The 01:00:00 00:59:59 L=Jersey City, ST=New USERTRUST CET CET Jersey, C=US Network, L=Jersey 2010 2038 City, ST=New Jersey, C=US Jun 28, 2021 35.186.205.126 443 192.168.2.3 49735 CN=www.cabanova.com CN=Sectigo RSA Mon Feb Sun Mar 771,49196-49195- 9e10692f1b7f78228b2d4e 22:04:30.563299894 CN=Sectigo RSA Domain Domain Validation 24 13 49200-49199- 424db3a98c CEST Validation Secure Server CA, Secure Server CA, 01:00:00 00:59:59 49188-49187- O=Sectigo Limited, L=Salford, O=Sectigo Limited, CET CET 49192-49191- ST=Greater Manchester, L=Salford, 2020 Fri 2022 49162-49161- C=GB CN=USERTrust RSA ST=Greater Nov 02 Wed 49172-49171-157- Certification Authority, O=The Manchester, C=GB 01:00:00 Jan 01 156-61-60-53-47- USERTRUST Network, CN=USERTrust RSA CET 00:59:59 10,0-10-11-13-35- L=Jersey City, ST=New Certification 2018 CET 16-23-24- Jersey, C=US Authority, O=The Mon Feb 2031 65281,29-23-24,0 USERTRUST 01 Tue Jan Network, L=Jersey 01:00:00 19 City, ST=New CET 00:59:59 Jersey, C=US 2010 CET CN=USERTrust RSA 2038 Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US

Copyright Joe Security LLC 2021 Page 20 of 22 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Sectigo RSA Domain CN=USERTrust RSA Fri Nov Wed Validation Secure Server CA, Certification 02 Jan 01 O=Sectigo Limited, L=Salford, Authority, O=The 01:00:00 00:59:59 ST=Greater Manchester, USERTRUST CET CET C=GB Network, L=Jersey 2018 2031 City, ST=New Jersey, C=US CN=USERTrust RSA CN=USERTrust RSA Mon Feb Tue Jan Certification Authority, O=The Certification 01 19 USERTRUST Network, Authority, O=The 01:00:00 00:59:59 L=Jersey City, ST=New USERTRUST CET CET Jersey, C=US Network, L=Jersey 2010 2038 City, ST=New Jersey, C=US Jun 28, 2021 94.130.246.164 443 192.168.2.3 49748 CN=*.cabanova.com CN=R3, CN=R3, O=Let's Fri May Thu Aug 771,49196-49195- 37f463bf4616ecd445d4a1 22:04:45.363585949 O=Let's Encrypt, C=US Encrypt, C=US 14 12 49200-49199- 937da06e19 CEST CN=ISRG Root X1, CN=ISRG Root X1, 23:11:49 23:11:49 49188-49187- O=Internet Security Research O=Internet Security CEST CEST 49192-49191- Group, C=US Research Group, 2021 Fri 2021 49162-49161- C=US CN=DST Root Sep 04 Mon 49172-49171-157- CA X3, O=Digital 02:00:00 Sep 15 156-61-60-53-47- Signature Trust Co. CEST 18:00:00 10,0-10-11-13-35- 2020 CEST 23-65281,29-23- Wed 2025 24,0 Jan 20 Mon 20:14:03 Sep 30 CET 20:14:03 2021 CEST 2024 CN=R3, O=Let's Encrypt, CN=ISRG Root X1, Fri Sep Mon C=US O=Internet Security 04 Sep 15 Research Group, 02:00:00 18:00:00 C=US CEST CEST 2020 2025 CN=ISRG Root X1, CN=DST Root CA Wed Mon O=Internet Security Research X3, O=Digital Jan 20 Sep 30 Group, C=US Signature Trust Co. 20:14:03 20:14:03 CET CEST 2021 2024

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4548 Parent PID: 792

General

Start time: 22:04:27 Start date: 28/06/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff711c30000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Copyright Joe Security LLC 2021 Page 21 of 22 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities Show Windows behavior

Registry Activities Show Windows behavior

Analysis Process: iexplore.exe PID: 5516 Parent PID: 4548

General

Start time: 22:04:28 Start date: 28/06/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4548 CREDAT:17410 /prefetch:2 Imagebase: 0xcf0000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

File Activities Show Windows behavior

Registry Activities Show Windows behavior

Disassembly

Copyright Joe Security LLC Joe Sandbox Cloud Basic 32.0.0 Black Diamond

Copyright Joe Security LLC 2021 Page 22 of 22