ID: 233454 Cookbook: browseurl.jbs Time: 16:56:13 Date: 27/05/2020 Version: 28.0.0 Lapis Lazuli Table of Contents

Table of Contents 2 Analysis Report https://pixeldrain.com/u/8PVPE3yA 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 8 Domains and IPs 8 Contacted Domains 8 URLs from Memory and Binaries 8 Contacted IPs 11 Public 11 General Information 11 Simulations 12 Behavior and APIs 12 Joe Sandbox View / Context 13 IPs 13 Domains 13 ASN 13 JA3 Fingerprints 13 Dropped Files 13 Created / dropped Files 13 Static File Info 43 No static file info 43 Network Behavior 43 Network Port Distribution 43 TCP Packets 43 UDP Packets 45 DNS Queries 46 DNS Answers 46 HTTPS Packets 47 Code Manipulations 52 Statistics 52 Behavior 52 System Behavior 52 Analysis Process: iexplore.exe PID: 5240 Parent PID: 692 52 General 52 File Activities 53 Registry Activities 53 Analysis Process: iexplore.exe PID: 4900 Parent PID: 5240 53

Copyright Joe Security LLC 2020 Page 2 of 54 General 53 File Activities 53 Registry Activities 53 Disassembly 53

Copyright Joe Security LLC 2020 Page 3 of 54 Analysis Report https://pixeldrain.com/u/8PVPE3yA

Overview

General Information Detection Signatures Classification

Sample URL: https://pixeldrain.com/u/8P FFoouunndd iiifffrrraameess VPE3yA Found iframes Ransomware

Most interesting Screenshot: Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Startup

System is w10x64 iexplore.exe (PID: 5240 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4900 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5240 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright Joe Security LLC 2020 Page 4 of 54 • Phishing • Networking • System Summary

Click to jump to signature section

Mitre Att&ck Matrix

Remote Privilege Defense Credential Lateral Command Network Service Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Drive-by Graphical User Winlogon Process Masquerading 1 Credential File and Application Data from Data Standard Eavesdrop on Remotely Compromise 1 Interface 2 Helper DLL Injection 1 Dumping Directory Deployment Local Compressed Cryptographic Insecure Track Device Discovery 1 Software System Protocol 2 Network Without Communication Authorization Replication Service Port Accessibility Process Network Application Remote Data from Exfiltration Standard Exploit SS7 to Remotely Through Execution Monitors Features Injection 1 Sniffing Window Services Removable Over Other Non- Redirect Phone Wipe Data Removable Discovery Media Network Application Calls/SMS Without Media Medium Layer Authorization Protocol 1 External Windows Accessibility Path Rootkit Input Query Windows Data from Automated Standard Exploit SS7 to Obtain Remote Management Features Interception Capture Registry Remote Network Exfiltration Application Track Device Device Services Instrumentation Management Shared Layer Location Cloud Drive Protocol 2 Backups

Behavior Graph

Copyright Joe Security LLC 2020 Page 5 of 54 Hide Legend Behavior Graph Legend: ID: 233454 Process URL: https://pixeldrain.com/u/8PVPE3yA Signature Startdate: 27/05/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

pixeldrain.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 3 78 Is malicious

Internet started

iexplore.exe

8 210

sgwidget.leaderapps.co p.ssl.fastly.net

104.26.6.105, 443, 49954, 49955 151.101.113.7, 443, 49956, 49957 13 other IPs or domains unknown unknown United States United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2020 Page 6 of 54 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://pixeldrain.com/u/8PVPE3yA 1% Virustotal Browse https://pixeldrain.com/u/8PVPE3yA 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source Detection Scanner Label Link p.ssl.fastly.net 0% Virustotal Browse pixeldrain.com 1% Virustotal Browse www.google.co.uk 0% Virustotal Browse fathom.pixeldrain.com 0% Virustotal Browse sgwidget.leaderapps.co 0% Virustotal Browse adservice.google.co.uk 0% Virustotal Browse

Copyright Joe Security LLC 2020 Page 7 of 54 URLs

Source Detection Scanner Label Link robert-fleischmann.de) 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=270465861657 3;gt https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Virustotal Browse globalnav&form_type=button&utm_source= https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Avira URL Cloud safe globalnav&form_type=button&utm_source= abattis.orgCantarellLight 0% Avira URL Cloud safe https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Virustotal Browse firefoxfooter&form_type=button&utm_sou https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Avira URL Cloud safe firefoxfooter&form_type=button&utm_sou https://pixeldrain.com 1% Virustotal Browse https://pixeldrain.com 0% Avira URL Cloud safe https://about.google/ 0% Virustotal Browse https://about.google/ 0% Avira URL Cloud safe www.sansoxygen.comhttp://www.sansoxygen.comThis 0% Avira URL Cloud safe https://pixeldrain.com/historyain.com/res/img/pixeldrain.png 0% Avira URL Cloud safe https://pixeldrain.com/history6Upload 0% Avira URL Cloud safe https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Avira URL Cloud safe firefoxnav&form_type=button&utm_source https://pixeldrain.com/u/8PVPE3yARoot 0% Avira URL Cloud safe https://sketch.com 0% Virustotal Browse https://sketch.com 0% Avira URL Cloud safe https://pixeldrain.com/u/8PVPE3yAd 0% Avira URL Cloud safe https://pixeldrain.com/login$Login 0% Avira URL Cloud safe daneden.me/animate 0% Virustotal Browse daneden.me/animate 0% Avira URL Cloud safe https://pixeldrain.com/appearanceV 0% Avira URL Cloud safe https://accounts.firefox.com.cn/signup?entrypoint=mozilla.org- 0% Avira URL Cloud safe firefox_home&form_type=button&utm_sour

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation dart.l.doubleclick.net 172.217.18.6 true false high pagead46.l.doubleclick.net 172.217.18.2 true false high p.ssl.fastly.net 151.101.113.7 true false 0%, Virustotal, Browse low stats.l.doubleclick.net 173.194.76.157 true false high pixeldrain.com 178.63.99.70 true false 1%, Virustotal, Browse unknown brave.com 151.101.193.7 true false high www.google.co.uk 216.58.212.131 true false 0%, Virustotal, Browse low fathom.pixeldrain.com 23.175.0.143 true false 0%, Virustotal, Browse unknown mozilla.org 63.245.208.195 true false high sgwidget.leaderapps.co 104.26.6.105 true false 0%, Virustotal, Browse unknown analytics.brave.com unknown unknown false high 2542116.fls.doubleclick.net unknown unknown false high adservice.google.co.uk unknown unknown false 0%, Virustotal, Browse low stats.g.doubleclick.net unknown unknown false high

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation robert-fleischmann.de) custom.min[1].js.2.dr false Avira URL Cloud: safe low https://brave.com/the-brave-community/ H58L24HR.htm.2.dr false high https://laptop-updates.brave.com/download/ H58L24HR.htm.2.dr false high www.tumblr.com/share/link?url= T7Q2381G.htm.2.dr false high daverupert.com custom.min[1].js.2.dr false high https://github.com/rnmp/salvattore custom.min[1].js.2.dr false high Copyright Joe Security LLC 2020 Page 8 of 54 Name Source Malicious Antivirus Detection Reputation https://stats.g.doubleclick.net/r/collect? analytics[1].js.2.dr false high t=dc&aip=1&_r=3& {7B6EA7F3-A02A-11EA-AAE6-9CC1A false Avira URL Cloud: safe low https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chr 2A860C6}.dat.1.dr om322;cat=chrom01g;ord=2704658616573;gt https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/video-speedtest.webp https://analytics.brave.com/piwik.php?idsite=2 H58L24HR.htm.2.dr false high https://blog.google/products/chrome/ chrome[1].htm.2.dr false high https://wiki.gnome.org/Apps/Web/ 8PVPE3yA[1].htm.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/text-takebackcontrol-small-min.webp https://brave.com/download H58L24HR.htm.2.dr false high https://pixeldrain.com/api {7B6EA7F3-A02A-11EA-AAE6-9CC1A false unknown 2A860C6}.dat.1.dr https://accounts.firefox.com.cn/signup? firefox[1].htm.2.dr false 0%, Virustotal, Browse low entrypoint=mozilla.org- Avira URL Cloud: safe globalnav&form_type=button&utm_source= https://www.youtube.com chrome[1].htm.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/blurplebg.svg scrollmagic.io ScrollMagic.min[1].js.2.dr false high https://mozilla.org/set_hsts.gif firefox[1].htm.2.dr false high https://github.com/matomo- piwik[1].js.2.dr false high org/matomo/blob/master/js/piwik.js bit.ly/magnific-popup#build=inline custom.min[1].js.2.dr false high https://brave.com/wp-includes/wlwmanifest.xml H58L24HR.htm.2.dr false high https://brave.com/download-nightly/ H58L24HR.htm.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/text-takebackcontrol-large https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high https://vivaldi.com/ 8PVPE3yA[1].htm.2.dr false high abattis.orgCantarellLight Cantarell-Light[1].otf.2.dr false Avira URL Cloud: safe unknown https://brave.com/wp-json/oembed/1.0/embed? H58L24HR.htm.2.dr false high url=https%3A%2F%2Fbrave.com%2F&format=xml https://accounts.firefox.com.cn/signup? firefox[1].htm.2.dr false 0%, Virustotal, Browse low entrypoint=mozilla.org- Avira URL Cloud: safe firefoxfooter&form_type=button&utm_sou www.reddit.com/ msapplication.xml4.1.dr false high https://twitter.com/bravesampson style[2].css.2.dr false high https://pixeldrain.com {7B6EA7F3-A02A-11EA-AAE6-9CC1A false 1%, Virustotal, Browse unknown 2A860C6}.dat.1.dr Avira URL Cloud: safe https://chromium.googlesource.com/chromium/src/ chrome[1].htm.2.dr false high {7B6EA7F3-A02A-11EA-AAE6-9CC1A false high https://2542116.fls.doubleclick.net/activityi;src=2542116;type= 2A860C6}.dat.1.dr chrom322;cat=chrom01g;ord=27046586165 Poppins-SemiBold[1].ttf.2.dr false high scripts.sil.org/OFLhttp://scripts.sil.org/OFLPoppinsSemiBold https://player.vimeo.com/video/$1?$2&autoplay=1 H58L24HR.htm.2.dr false high https://bugzilla.mozilla.org/show_bug.cgi? firefox[1].htm.2.dr false high id=1122305#c8 https://about.google/ chrome[1].htm.2.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe benalman.com/projects/jquery-hashchange-plugin/ custom.min[1].js.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/graphic-bat.svg custom.min[1].js.2.dr false high https://github.com/imakewebthings/waypoints/blog/master/lice nses.txt https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/blurplebg_light.svg https://schema.org H58L24HR.htm.2.dr false high www.sansoxygen.comhttp://www.sansoxygen.comThis Muli-SemiBold[1].ttf.2.dr false Avira URL Cloud: safe unknown https://brave.com/it/ H58L24HR.htm.2.dr false high scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright Muli-Regular[1].ttf.2.dr, Muli-Bold[1].t false high tf.2.dr, Muli-SemiBold[1].ttf.2.dr ~DF65B6DC7464738FBA.TMP.1.dr false Avira URL Cloud: safe unknown https://pixeldrain.com/historyain.com/res/img/pixeldrain.png https://brave.com/wp-includes/css/dashicons.min.css? H58L24HR.htm.2.dr false high ver=5.4.1 https://brave.com/sv/ H58L24HR.htm.2.dr false high

Copyright Joe Security LLC 2020 Page 9 of 54 Name Source Malicious Antivirus Detection Reputation https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/feature-people-circles https://getpocket.com/ firefox-master.51c7f5fc8afb[1].js.2.dr false high https://brave.com/faq/ H58L24HR.htm.2.dr false high https://pixeldrain.com/history6Upload {7B6EA7F3-A02A-11EA-AAE6-9CC1A false Avira URL Cloud: safe unknown 2A860C6}.dat.1.dr https://pixeldrain.com/u/8PVPE3yA {7B6EA7F3-A02A-11EA-AAE6-9CC1A false unknown 2A860C6}.dat.1.dr https://accounts.firefox.com.cn/signup? firefox[1].htm.2.dr false Avira URL Cloud: safe low entrypoint=mozilla.org- firefoxnav&form_type=button&utm_source https://www.youtube.com/embed/$1$3? H58L24HR.htm.2.dr false high $2$4&autoplay=1 https://brave.com/wp-content/plugins/easy- H58L24HR.htm.2.dr false high fancybox/css/jquery.fancybox.min.css?ver=1.3.24 https://pixeldrain.com/u/8PVPE3yARoot {7B6EA7F3-A02A-11EA-AAE6-9CC1A false Avira URL Cloud: safe unknown 2A860C6}.dat.1.dr scripts.sil.org/OFLhttp://scripts.sil.org/OFLMuliSemiBold Muli-SemiBold[1].ttf.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/video-speedtest.png https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/hero-screenshot-min.webp https://analytics.brave.com/ H58L24HR.htm.2.dr false high https://support.mozilla.org/kb/install-firefox-linux firefox[1].htm.2.dr false high www.elegantthemes.com style[1].css.2.dr, H58L24HR.htm.2.dr false high https://brave.com/advertiser-privacy/ H58L24HR.htm.2.dr false high https://www.wikidata.org/wiki/Q64829394 firefox[1].htm.2.dr false high sam.zoy.org/wtfpl/ custom.min[1].js.2.dr false high https://yoast.com/wordpress/plugins/seo/ H58L24HR.htm.2.dr false high https://brave.com/?ref {7B6EA7F3-A02A-11EA-AAE6-9CC1A false high 2A860C6}.dat.1.dr https://support.mozilla.org/en-US/products/firefox- firefox[1].htm.2.dr false high lockwise https://sketch.com graphic-bat[1].svg.2.dr, icon-download[1 false 0%, Virustotal, Browse unknown ].svg.2.dr Avira URL Cloud: safe https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/logo_wired https://brave.com/publishers-creators-privacy/ H58L24HR.htm.2.dr false high www.amazon.com/ msapplication.xml.1.dr false high https://pixeldrain.com/u/8PVPE3yAd {7B6EA7F3-A02A-11EA-AAE6-9CC1A false Avira URL Cloud: safe unknown 2A860C6}.dat.1.dr www.twitter.com/ msapplication.xml5.1.dr false high https://foundation.mozilla.org firefox[1].htm.2.dr false high https://send.firefox.com firefox[1].htm.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/promovideo-speed https://pixeldrain.com/login$Login {7B6EA7F3-A02A-11EA-AAE6-9CC1A false Avira URL Cloud: safe unknown 2A860C6}.dat.1.dr schema.org chrome[1].htm.2.dr false high daneden.me/animate style[1].css.2.dr false 0%, Virustotal, Browse low Avira URL Cloud: safe https://brave.com/wp- H58L24HR.htm.2.dr false high content/themes/Divi/core/admin/js/common.js?ver=4.0.11 https://brave.com/?ref=pix009 {7B6EA7F3-A02A-11EA-AAE6-9CC1A false high 2A860C6}.dat.1.dr https://medium.com/pixeldrain T7Q2381G.htm.2.dr false high https://pixeldrain.com/appearanceV ~DF65B6DC7464738FBA.TMP.1.dr false Avira URL Cloud: safe unknown https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/text-takebackcontrol-small-min.png https://pixeldrain.com/appearance {7B6EA7F3-A02A-11EA-AAE6-9CC1A false unknown 2A860C6}.dat.1.dr, ~DF65B6DC74 64738FBA.TMP.1.dr https://accounts.firefox.com.cn/signup? firefox[1].htm.2.dr false Avira URL Cloud: safe low entrypoint=mozilla.org- firefox_home&form_type=button&utm_sour https://www.reddit.com/r/brave_browser H58L24HR.htm.2.dr false high https://accounts.firefox.com/signup? firefox[1].htm.2.dr false high entrypoint=mozilla.org- firefoxnav&form_type=button&utm_source=mo https://blog.mozilla.org/press/ firefox[1].htm.2.dr false high https://2542116.fls.doubleclick.net chrome[1].htm.2.dr false high https://twitter.com/brave H58L24HR.htm.2.dr false high Copyright Joe Security LLC 2020 Page 10 of 54 Name Source Malicious Antivirus Detection Reputation https://static.doubleclick.net chrome[1].htm.2.dr false high https://brave.com/de/ H58L24HR.htm.2.dr false high https://brave.com/wp-content/uploads/files_2019-11- H58L24HR.htm.2.dr false high home/images/mobile-screenshot.png https://schema.org/WebPage chrome[1].htm.2.dr false high www.nytimes.com/ msapplication.xml3.1.dr false high

Contacted IPs

No. of IPs < 25%

25% < No. of IPs < 50% 50% < No. of IPs < 75%

75% < No. of IPs

Public

IP Country Flag ASN ASN Name Malicious 151.101.113.7 United States 54113 unknown false 173.194.76.157 United States 15169 unknown false 216.58.212.131 United States 15169 unknown false 172.217.18.6 United States 15169 unknown false 178.63.99.70 Germany 24940 unknown false 172.217.18.2 United States 15169 unknown false 151.101.193.7 United States 54113 unknown false 23.175.0.143 United States 395502 unknown false 104.26.6.105 United States 13335 unknown false 172.217.16.130 United States 15169 unknown false 63.245.208.195 United States 36856 unknown false

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 233454 Start date: 27.05.2020 Start time: 16:56:13 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 23s Hypervisor based Inspection enabled: false

Copyright Joe Security LLC 2020 Page 11 of 54 Report type: light Cookbook file name: browseurl.jbs Sample URL: https://pixeldrain.com/u/8PVPE3yA Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: EGA enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/190@11/11 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://pixeldrain.com/ Browsing link: https://pixeldrain.com/login Browsing link: https://pixeldrain.com/register Browsing link: https://pixeldrain.com/history Browsing link: https://pixeldrain.com/about Browsing link: https://pixeldrain.com/api Browsing link: https://pixeldrain.com/appearance Browsing link: https://pixeldr ain.com/api/file/8PVPE3yA?download Browsing link: https://brave.com/pix009 Browsing link: https://www.mozilla.org/en- US/firefox/ Browsing link: https://www.google.com/chrome/ Warnings: Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.39.70.38, 216.58.205.228, 172.217.18.3, 216.58.208.35, 152.199.19.161, 104.16.143.228, 104.16.142.228, 172.217.18.8, 72.21.81.200, 216.58.212.174, 172.217.18.10, 8.241.121.254, 8.241.121.126, 8.253.204.249, 8.253.95.120, 67.27.159.126, 2.18.68.82 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, www.mozilla.org.cdn.cloudflare.net, adservice.google.com, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, www.google.com, www.gstatic.com, auto.au.download.windowsupdate.com.c.footprint.n et, prod.fs.microsoft.com.akadns.net, www.google- analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google- analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www- googletagmanager.l.google.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, go.microsoft.com.edgekey.net, www.mozilla.org, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Copyright Joe Security LLC 2020 Page 12 of 54 Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\233F11ZL\www.google[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 39 Entropy (8bit): 2.469670487371862 Encrypted: false MD5: B9C5EB570521110110BB7DFF12AF780D SHA1: 27F5BEBC2200FD8D0B51A93D1357EA954BE44079 SHA-256: 90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB SHA-512: BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHYH095B\brave[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 177 Entropy (8bit): 4.72212953411073 Encrypted: false MD5: F0FE6B61500CC5DE5A32F6D98BD14DAD SHA1: C4F53FF5D4142CC886F00DE8FA8B835081758FF3 SHA-256: B422E5C6E4CDD1F56EFC53FF464BA256E1D8B72AFD4FA79A3E705AB84567263E SHA-512: F7D6E184450CEEE10DA2D65FEABA985773DAE9335D4F2419CAD9E0BD24DE71D830A44FBA69BD852FE058D49E53B286B98EEFAE563CA04A07607E71C3E19FD0 CE Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B6EA7F1-A02A-11EA-AAE6-9CC1A2A860C6}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.8492178761726572 Encrypted: false

Copyright Joe Security LLC 2020 Page 13 of 54 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B6EA7F1-A02A-11EA-AAE6-9CC1A2A860C6}.dat MD5: D317D25532D8DDDD4ED65525AF656870 SHA1: 6669C97E7B7CD9EE8DDD972F71A884FAA201F0B0 SHA-256: 11D7852DD8B875A7A6431204D52B94F2EE530FE13CA1A4FC80EDCFB1E8497529 SHA-512: 409347E8379C36983D5124FA4DEF4993842D5AD3992BB5BE69CBCC28E144BE05BB163AD6F2379CBBC2FCF83D62BF7E075E95ADD5FF02EF2889C33459213F1DE 2 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B6EA7F3-A02A-11EA-AAE6-9CC1A2A860C6}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 186252 Entropy (8bit): 2.7692831963980273 Encrypted: false MD5: 4D694A2E51634C76137F5F9257F8F81C SHA1: D9F262F57C991A79B1671A06C1743D97110B4FEA SHA-256: 5116B295D85F6FB2189A4E6769F399620A74C97D3E6315BB16040D982A4DC41B SHA-512: 3651BA7B62037841A0B33975E3810249B19C1DA93C67FE302A0839FC9223750A534E50635685A8060B3A1DBB6AF1C10D2BADA7E8349C4F2E39430468B09713E1 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B6EA7F4-A02A-11EA-AAE6-9CC1A2A860C6}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 16984 Entropy (8bit): 1.5643853307550943 Encrypted: false MD5: 624324D2162078D08E91DA830C563F8D SHA1: D27645CCF696B5C38AD9D3426302D76FBC9D80E0 SHA-256: C4F49714E8CA4FE7972E8E56B0B42D6AA5FB50A0C207E5A396EA34EA562016B5 SHA-512: CBCAE6651234066F4CC47DCC11C8851D80F193E17106E808FAFEA62BA2A6183E9F03FAB48DB2F5D522C543109B1E80A5725744BD4216CAA50D08FF4EF309EAD 5 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.120548284242575 Encrypted: false MD5: 40373F923454E5C3441A719873651230 SHA1: C5D7D6A20C2FF898AC3132A52E690502353F4CA6 SHA-256: 7436F9222E63EEC3D7606E28367739F416E20303257977CC699B832BC40D1AF5 SHA-512: E3F552D662849602F107438AEEDF5986C078875698A339B416316FEFF06FE0A9C6B96DF629E5AB3A87FC337D1D75E2B03C255222F762DE578DB0D9DD8E5078D4 Malicious: false Reputation: low Preview: ..0x5263adc8,0x01d63437< accdate>0x5263adc8,0x01d63437....0x5263adc8,0x01d634370 x52667cf5,0x01d63437..

Copyright Joe Security LLC 2020 Page 14 of 54 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.173315581832538 Encrypted: false MD5: 6253FDF05FFD8349C509BA26D113115E SHA1: AA674D00EB7FCC71C4B1781F4CE6E0D1C222DF68 SHA-256: 233298284538A16343DD1276A6935EE3B38148DA656CE2F2B7AA315F7AD62606 SHA-512: D8BCAFB43B083DD9EB5E4ADEC6C6AADE8AA6B5840621401CCFB0568584569DAE5FAF3D0F811259F7B014E0B2D2D0EBF0D2CD2A817A09AEDBBB576EE7D4F3 FADB Malicious: false Reputation: low Preview: ..0x524842b7,0x01d634370x524842b7,0x01d63437....0x524842b7,0x01d634370x524aa57d,0x01d63437..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.145798898653553 Encrypted: false MD5: CFED408627605921294FB4119ACADBE6 SHA1: 95A6E2CE90CBD1C5A8F91C1BD883B75061AEB16C SHA-256: AF710C45121633371586272EE93E233C5FE91C3DC841C349B8AE2D1EAD03B535 SHA-512: D214B7839F1B3E690A4BEB95EC696BCEE9939B2F846F3D406BCC461C6C65CE5B4344EA4CDFA40BE167DBEF765F7EF9FED36FE36D22EF495ED64CB1D59483B 55A Malicious: false Reputation: low Preview: ..0x52667cf5,0x01d63437 0x52667cf5,0x01d63437....0x52667cf5,0x01d634370x52667cf5,0x01d63437..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.149682909903218 Encrypted: false MD5: C68B8BD4B91BC7A7A9CD74541FEA2242 SHA1: C96826E341CB651958CF06E9895DD0AF0591D0C5 SHA-256: 523158263AD3EC6BD1D70159DD332543E87728FE6A3E192B2E811517D3A69C21 SHA-512: B26DB3F20294A2366DF5AD2D2D26D3419075C20F8DBA229E0CAC05B8478EAD018ABB653210E7A81C619EFA6BCC0043A83FF30492CD81DA3BB11388F63238AD0 F Malicious: false Reputation: low Preview: ..0x52612540,0x01d634370x52612540,0x01d63437....0x52612540,0x01d634370x52612 540,0x01d63437 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.167802704608659 Encrypted: false MD5: D28C47BFD1D6392B4CDC571A19CC7910 SHA1: 66BD18E60F395EA5B8E414028C022C31420DD976 SHA-256: 7B8BBBECE7DA3D961FB7F7E7310FF6961D1E62AAE02C3F334EED4C58A1CD0BF2 SHA-512: CC7EA19BD957FD6E0BD477B90E7895AFA78C1E240CACAE6F17314DFA56A8659AC7DA15F06CD35D799CBDE077320D7C2B1EA2D344855885DE3AAAC3BD13B46 B03 Copyright Joe Security LLC 2020 Page 15 of 54 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Malicious: false Reputation: low Preview: ..0x52667cf5,0x01d63437< accdate>0x52667cf5,0x01d63437....0x52667cf5,0x01d634370 x52693133,0x01d63437 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.116939567829421 Encrypted: false MD5: 3374C6AD815A8FDB03F9867E2FBE280D SHA1: FB76CC4F3592AA51DEAF955E92BA0E9620D1F028 SHA-256: D44A1DBE30F8C29FF4644477E6D2C64C174BB5DF603A04D665D81C75F1A43F2E SHA-512: A18E94B310C152248D2F5FDC1FD460A851D1450FE62D6ACCBE8F0F3A34D09E72E4257D22826986A8B891C90C2C0DCE2CE97B01C8F96A8B7874B43EE14E65A14 A Malicious: false Reputation: low Preview: ..0x5263adc8,0x01d634370x5263adc8,0x01d63437....0x5263adc8,0x01d634370x5 263adc8,0x01d63437 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.172727643284717 Encrypted: false MD5: A66FB434BAD905254ECA54A3D327315F SHA1: 3C49B3CA2DA1A26C5B1D697EA1EE5FCD0A8BDCB2 SHA-256: 6947F0E0C2C13F1ADB4EDBCF6C0DC6E83F0C22FC4C35E1D22196182E1467E4AD SHA-512: 54E1A175A06A9BD604CC629DC228E08AA0EA65F07365729247C3DA0CC996371032AF661768B56F3DCA09E3D55E273407219D137DFBCA4E4C19E15F222882B59C Malicious: false Reputation: low Preview: ..0x52612540,0x01d63437< accdate>0x52612540,0x01d63437....0x52612540,0x01d634370 x5263adc8,0x01d63437 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.1560319053710115 Encrypted: false MD5: 35B9BA14F8CEA2178C8B33F4D07713B4 SHA1: 9994F9CC521930539A9CB8B6E17E2633CC75E749 SHA-256: E7523CC68A5CE0D1080EE9BA6C9AB14C22C51538CD3BAF289D582B4C60F5B45C SHA-512: DABB9142C7F349C24F6EF1154647BC8C945E70C0E1C8C8DD52E1389429D9B8F294728F00FC72E479E1DFE2B9DE0A46D8A0425820EFBBF47C8689C923066E1C26 Malicious: false Reputation: low Preview: ..0x5259b170,0x01d63437 0x5259b170,0x01d63437....0x5259b170,0x01d634370x525c26ee,0x01d63437..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Copyright Joe Security LLC 2020 Page 16 of 54 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Size (bytes): 653 Entropy (8bit): 5.1176784835511695 Encrypted: false MD5: F8500A73D72216092FB3D12FEBB30C2D SHA1: CECEC7030BBCE9AAA413174C89B18F14EFBAA9AB SHA-256: FAB2B1A1BFA460783C3A7DB11001B6DF70A5426F20E8809D3629A6B225F5920E SHA-512: 5C1843742F50C404665449E54A5A4D87C11A0BD138664AA4F65F680D4B184D003462DAE383DF7CED7F63D9D974F27D139B46CDB69D8DB68A2482AF069287D123 Malicious: false Reputation: low Preview: ..0x525eaf85,0x01d634370x525eaf85,0x01d63437....0x525eaf85,0x01d634370x5 25eaf85,0x01d63437 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\v8bxa9r\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 38847 Entropy (8bit): 7.965785541656596 Encrypted: false MD5: B0FBB03EB0FE710BC70D92E2824B06CA SHA1: E1B4BFB04ACDCE9B540D893B6CA89EEFA565F3CB SHA-256: 891A94F6F49C83FF074535AC8CBBDCAEA80389D1499E17BE0AA7D2195F6E007E SHA-512: 0F3EF3366C5E202F04075284BD723A05A3B180195F293392CBB034AF44F13E26F1A557587ADB8B082EBEABF61865F6FC9250ECCB061703115BC90C2E1C32C5E3 Malicious: false Reputation: low Preview: -.h.t.t.p.s.:././.p.i.x.e.l.d.r.a.i.n...c.o.m./.r.e.s./.i.m.g./.p.i.x.e.l.d.r.a.i.n...p.n.g..r...PNG...... IHDR...... =..2...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....& *!..J.!...Q..EE...... Q,...... !...... {.k...... >...... H3Q5...B...... @..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'...... {..[.!...... e.D.h;...V.E .X0..fK.9..-.0IWfH...... 0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..([email protected]...... x.....6..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<.5..j>.{.-.]c..K'.Xt...... o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,...... `6.B$..B.B.d..r`)..B(...*` /[email protected]..=p..a...(....A...a!..b.X#...... !.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1...... r..=.6...h..>C.0....3.l0...B.8,..c."...... V.....c.w...E..6.wB a.AHXLXN. H. .$4...7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\MaterialIcons-Regular[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 57620, version 1.1 Size (bytes): 57620 Entropy (8bit): 7.993800967896546 Encrypted: true MD5: 012CF6A10129E2275D79D6ADAC7F3B02 SHA1: C6C953C2CCB2CA9ABB21DB8DBF473B5A435F0082 SHA-256: C4A1BAEC300D09E03A8380B85918267EE80FAAE8E00C6C56B48E2E74B1D9B38D SHA-512: 0AB5E18EE3972FCD599EAD183D81CD38D8C559A5E87CA86EEBCB6A2CFAE2078A27495E3B5824AAC6EBDDC08F57D594B2CF692813134A1E002B28505EB7C341 72 Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/res/misc/MaterialIcons-Regular.woff Preview: wOFF...... t...... GDEF...D...#...$...SGPOS...h...-...6...GSUB...... '?..iP..QOS/2..(....@...`.s"ccmap..)...... 1.gasp..,4...... glyf..,<...... r...Y.head...... 5...6.. .Nhhea...D...... $....hmtx...\...9....j.iFloca...... j.maxp...... '..name...<...... z..5.post...... 2x.c`d``..b. f.Bf.u...... (...... W.x.c`d``.b.c0a`.I,.c.``a.....2..U.P...p...... x..... %=..;...a....m.m.m.m...l...l.UVwW.L....F...J..*...=]Bq...... B..O...D.8O2...... >.....J.V9}.].x{..7.}.5.....?...=..|..G?{..'.|..=D.$%.R...%[email protected].[~W..R].^W.t..V....?.IN...s.s...3 .wWuwuOuou_v.tGx.k.6.....n.^....y3...... ?...... ~..`A...... Y).[Q2|s.&.._2.B")..0SRA..p...~A.}.f.....Y."<>$)..y...2.Z.".~./;.!i!..s.K..n9.E...K..zF...j...".&8..O...@.. I.T!..H.*)h.E_..NJ..../IH..G....^..._.c..HK..T.G~.h..x.AF%F.k...._&R..\;..ti.i.bk.C...vdy+.Nu.....1..$e.JTE.. ...E..4.%d..Fg.;D.}f.G.QO.Do..}Z.R.K.A.B.Py}...v..x...O:q8*7]._

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Metropolis-Bold.1b5b51bac870[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, CFF, length 17960, version 0.0 Size (bytes): 17960 Entropy (8bit): 7.979393130699797 Encrypted: false MD5: 1B5B51BAC870E5C2645497A16B769BEC SHA1: 5577FE0C5BCAF247994B0BE1B1D5048B327FC848 SHA-256: 3C10B2E736B2ABA4E1E629B259A474C1523B62B798AEE56BC0CEE667463EED52 SHA-512: 06EFAB531B442A7EC4F8F4F1DCC7563946AF01AF1A5CB0BD676EA64FDF9AF81C24E734CC09FC91051E8E07E37E19CC905EFEF090DC1FE7131F99B474C0DF6F 4D Malicious: false

Copyright Joe Security LLC 2020 Page 17 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Metropolis-Bold.1b5b51bac870[1].woff Reputation: low IE Cache URL: https://www.mozilla.org/media/fonts/Metropolis-Bold.1b5b51bac870.woff Preview: wOFFOTTO..F(...... _...... CFF ...... 8:[email protected]...... GPOS..A....]...R...JGSUB..F...... OS/2...h...N...`i..Tcmap...... 0....)...head...$...2...6....hhea...H...... $....hmtx...X...... /.maxp...... 9P.name...... ;....post...... P..9..x.c`d`...... |e`f~...W^.M...5..e..|...... $...... x...... Q...s..m.)/k..nX.m.UX[am.qm....Y.%.r...... 5.Q..y ....B~"YkW g .i..9....'._....=f.!mQ..H2.""..4.zq..J..{y*.....r\[email protected]..).....(9.z....Y..B.....v.rD...B..*..f.n..D..k5..d..y."\.A.E...... A.....<=.L[..}K0...h..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Muli-Bold[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2016 The Muli Project Authors ([email protected])MuliBold2.000; UKWN;Muli-BoldMul Size (bytes): 93816 Entropy (8bit): 6.221569308015333 Encrypted: false MD5: 557F369C1C3C1A1B80B26AB8A91A6979 SHA1: BC94D321E64D9B7BCE62250064A48BEDF72AAA17 SHA-256: 63890D8AA2ABBFA52E5FDB58D07F32865C3E618B367569BD3A756A94058309AD SHA-512: A62D5CF2EDF3F2551BB31A3E4E5977B49937EAE5D97E3DB1449B6E3514972C2884150701124CE9A61DDB9B6D06D08E1AC6A588FD712F8862A02B4ADEAD73BA7 8 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Muli/Muli-Bold.ttf Preview: ...... DSIG...... np....GDEF.. v...,...bGPOS}..v...... 6FGSUB.x.^..7.....OS/2k.....E....`cmap.B...F0....cvt ;.....`.....fpgmvd.z..`.....gasp...... `.....glyf.;.t..PP...head...6..1....6hhea ...... 2 ...$hmtx..7...2D...rlocad.**..=.....maxp.6....C.... namez.....C.....post..l...I0....prep96No..m...... 4...... L...... DFLT..latn...... :..AZE .FCAT .RCRT .^KAZ .jMOL .vNLD ..ROM ..TAT ..TRK ...... !ke rn..kern..kern..kern..kern..kern..kern..kern..kern..kern..kern..mark. mark.&mark.,mark.2mark.8mark.>mark.Dmark.Jmark.Pmark.Vmark.\mkmk.bmkmk.lmkmk.vmk mk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Muli-Medium[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, 18 tables, 1st "GDEF", 18 names, Microsoft, language 0x409, Copyright 2016 The Muli Project Authors (https://github.com/googlefonts/MuliFont)Muli MediumReg Size (bytes): 89296 Entropy (8bit): 6.132550420132731 Encrypted: false MD5: 683362F36187AD8BE18692DF9C1CF81E SHA1: 02F5E45A5D295BE26AEBE8DB255E1F5C07043282 SHA-256: 2C936F8B17B88E6B3FB210BE740B4BF17FA7930102961ECB71F42A11BE812F33 SHA-512: A1192FAEE554197747DC74FB009EEB9A9877C18764BECC4211AB36AF5128FEAD7786DBD4D8D9F93AB10BECB987628D022B5A41803CB746FC8EF5E2A6C30B2A 1D Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Muli/Muli-Medium.ttf Preview: ...... GDEF8.78.."<....GPOS._....#<..0.GSUBitt...S.....OS/2..f...... `STAT...... \....6cmap."\...... cvt .S."...... fpgm.6...... gasp...... "4....glyf...... ,...head..Ym...... 6hhea...z...... $hmtx.O...... loca...Q...... maxp.D...... namei...... post.\F?...... prep'Dn....4...... 2.(...... )@&...... g...... W....._....O...... +W!.!..!.2...p2.,....z.T...... @+...... h...%M....&.N...... +s#.3.#.3.7!.m_.;O.<^....!.t!...8...0LL...... &...... &...... &...... F.....&.....'...... &...... &...... & ...... &...... &...... F.....&.....'...... &...... &...... &...... &...... &...... F.....&...... &...... &...... &...... s.&...... =...... @.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Muli-Regular[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2016 The Muli Project Authors ([email protected])MuliRegular2.0 00;UKWN;Muli-Regu Size (bytes): 94320 Entropy (8bit): 6.21426951969558 Encrypted: false MD5: A401AFC3D1BB36F4DE72835D1257746E SHA1: 28FF8E577C8650F2E1DAFC4A5AA26A879E06927D SHA-256: 6B77C0A3D0A163DD173CCF8D4CBE4D19D63F108B8FBA52A854CC666D9663A4BF SHA-512: 160D42BD776B16D50241FEC3AE143D01DC4A2CA6279C4C5D1562C20A30913B06D9483E269ECC55E1824ACE6A7CF380FAEB15377250A1CF96C901BE29AED4974 5 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Muli/Muli-Regular.ttf

Copyright Joe Security LLC 2020 Page 18 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Muli-Regular[1].ttf Preview: ...... DSIG...... ph....GDEF.. v...,...bGPOSQ..i...... 6FGSUB.x.^..7.....OS/2i....E....`cmap.B...F0....cvt ;..2..b.....fpgmvd.z..b.....gasp...... b.....glyf5.&...PP...jhead...4..3....6hhea ...... 3....$hmtx.BP...4....rloca`3%...?.....maxp.:....EX... name.._..Ex....post..l...K(....prep96No..o...... 4...... L...... D FLT..latn...... :..AZE .FCAT .RCRT .^KAZ .jMOL .vNLD ..ROM ..TAT ..TRK ...... !ker n..kern..kern..kern..kern..kern..kern..kern..kern..kern..kern..mark. mark.&mark.,mark.2mark.8mark.>mark.Dmark.Jmark.Pmark.Vmark.\mkmk.bmkmk.lmkmk.vmkm k..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Muli-SemiBold[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 28 names, Macintosh, Copyright 2016 The Muli Project Authors ([email protected])MuliSemiBold2. 000;UKWN;Muli-Sem Size (bytes): 93672 Entropy (8bit): 6.216251233715527 Encrypted: false MD5: 92860F9D8B244FD8A21EC0FD726D795E SHA1: 6494774559A2A77D61096247DE3190B59CAF9C79 SHA-256: 1FD89D993352D472A95D39A265445BE9994DEFB20B2D6AF8973BCFFF4EC796B7 SHA-512: 56D9E81BBFDB19654436CA777866A122E0CEADB0B3852500D1AC83ACDA6D86A96974EFF823878D97FD98F9DF677C1D15E9B030233DCB7084FD4FBD6A8C8FBD 0B Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Muli/Muli-SemiBold.ttf Preview: ...... DSIG...... m.....GDEF.. v...,...bGPOSM..^...... 6.GSUB.x.^..8 ....OS/2j.....F....`cmap.B...Fx....cvt ;....._.....fpgmvd.z..`$....gasp...... _.....glyf..fc..P....Phead...5..0....6hhe a...... 1 ...$hmtx..Es..1D...rlocai./...<.....maxp.9....B.... name.....B.....post..l...H.....prep96No..m<...... 4...... L...... DFLT..latn...... :..AZE .FCAT .RCRT .^KAZ .jMOL .vNLD ..ROM ..TAT ..TRK ...... !ke rn..kern..kern..kern..kern..kern..kern..kern..kern..kern..kern..mark. mark.&mark.,mark.2mark.8mark.>mark.Dmark.Jmark.Pmark.Vmark.\mkmk.bmkmk.lmkmk.vmk mk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk..mkmk......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Poppins-Medium[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 15 names, Microsoft, language 0x409, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundr y.com)Poppins MediumRegular3.010; Size (bytes): 143516 Entropy (8bit): 6.724432532016008 Encrypted: false MD5: A4E11DDA40531DEBD374E4C8B1DCC7F4 SHA1: 5C96D1545A51C39E05EE0FCC0C3C9021F14D9C31 SHA-256: 45870260A29FA7D3E0EFF8CDD91993FB4A9CE4CCED3D7B72C3EF7D24380BFC2D SHA-512: D544E98CD4F350F9BF223ACA5D8A1326530F9566DE8B0949D0C2786F36899A339B58F2A5013DF9576D897BC44D688E9AC0EBBA14C262A8A66BF7674DD8BEA58 C Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Poppins/Poppins-Medium.ttf Preview: ...... pDSIG...... 0.....GDEF...... @GPOS.s...... GSUB...... l..%(OS/2.Zy....x...`cmap..s...... gasp...... x....glyf..pZ...... head.^.[...... 6hhea.T.....4...$hmtx8...... loc a..#...... maxp...0...X... name...v...... post.{...... _.<...... ?...... 5...... d.....U...... d...... c...... X...K...X...^.2.J...... ITFO...... d.o.s ...... '...... ?.F.f.F.D...D...<...]...... l.F.l.F.....A.F.l.F.-...-...-.5...F...... M...M.../...'...].-.Q...... 3...N...W...1...... <...... c...... H.b.....L...... ,.F.#...... :.S.....6...J...... 2.D.1...... N...<...... 3...#...7...... <...... :...... H.a.....L.....j...... F...... S...... J...... D...... #...... &...... 8.F.F...8...m.o.4.3...7.(.R.-.{.#

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\Poppins-Regular[1].ttf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: TrueType Font data, digitally signed, 15 tables, 1st "DSIG", 13 names, Microsoft, language 0x409, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundr y.com)PoppinsRegular3.010;ITFO;Po Size (bytes): 145312 Entropy (8bit): 6.724148278141315 Encrypted: false MD5: 731A28A413D642522667A2DE8681FF35 SHA1: 440DC8992517A306D66E55CB0AFED0CFE9B971B5 SHA-256: 2425EBBC021BFDD18FE55EDBEEB1539D22A217212C14430A7D4D75266A333BBC SHA-512: 535F778B6E0478DD94210F474F4FF507AAD148518A089F944EB6BC290B086A12983BD4FF8717684D03862F7CD9FA3EDE0C736259A8D9C4FC2EA7617E7853722B Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/fonts/Poppins/Poppins-Regular.ttf Preview: ...... pDSIG...... 7.....GDEF...... <...@GPOS...... |....GSUB..|....p..%&OS/2..w....x...`cmap..s...... gasp...... 4....glyfb...... head...T...... 6hhea.u.....4...$hmtx.]...... loca .v2)...... maxp...=...X... name...... post.{...... n8._.<...... ?...... )...... d.....n...... d...... ]...... X...K...X...^.2.I...... ITFO...... d.o.s ...... %...... <.J.[.J.D...D...?...a...... a.J.a.J.....=.J.a.J.&...&...&.C...R...... X...X...2...-.&.X.&.Q.....&...... 1...H.. .Q...*...... >...... X...... O.a.....R...... L...... Y.....3...J...... !.H.&...... H...>...... 1...!...9...... >...... 4...... O.a.....R.....n...... L ...... Y...... J...... H...... !...... 4...... <[email protected].*.M./.l..

Copyright Joe Security LLC 2020 Page 19 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\abc-auto-redirect-script[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 4708 Entropy (8bit): 4.445356038968785 Encrypted: false MD5: D6D64931D155D24621EFEDFDB8B52FE9 SHA1: DFA0E030AEFF5064D439383760AB6C5C798A5B96 SHA-256: 5702B102F18A9C82A1B744708C51BA6DCB11C66BAE328323FF175458CFA57F6F SHA-512: 55675324D6738260CFBACB45E247BC38BF4E0BA6B65C84180BE71D277C2A94462B38150B28B99797021776AF855E0A8D370026EAFC79AB2E47C371FF4102D790 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/plugins/abc-auto-redirect-polylang/abc-auto-redirect-script.js?ver=4.5 Preview: function abcAutoRedirectPolylang() {. var pll_language = abcGetCookieValue("pll_language");. var cookiesAreEnabled = abcCookiesEnabled();. if (cookiesAreEnabled == 1 && pll_language == "") {. var language =. (navigator.languages && navigator.languages[0]) || // Chrome / Firefox. navigator.language || // All browsers. navigator.userLanguage; // IE <= 10. language = language.substring(0, 2);. var langCodes = [. "af",. "ar",. "as",. "az",. "az",. "be",. "bg",. " bn",. "bo",. "bs",. "ca",. "ku",. "cs",. "cy",. "da",. "de",. "dz",. "el",. "eo",. "es",. "et",. "eu",. "fa",. "fi",. "fr",. "gd",. "gl",. "gu",. "he",. "hi",. "hr",. "hu",. "hy",. "id",. "is",. "it",. "ja",. "jv",. "ka",. "kk",. "km",. "kn",. "ko",. "lo",. "lt",. "lv",. "mk

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\about[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 22909 Entropy (8bit): 5.521378576292115 Encrypted: false MD5: F78B5F63EE6EAD1D5A161C4B58F93B6A SHA1: 1EB92AA67E3CFE89D71D372871D3982FC2F354EC SHA-256: D6D62F2800F9DFF9B4D88806126959525DF6C82487DD6BB0EA4D0A02045908E8 SHA-512: 08D9240A4A131C8BB5E7AD38D15D3EBF9C5F2AF4D03553B9C0B1FA07174716A3C002DDE83FF3500515383F5506BD8DCBE91A1EAE4B317AEC0A12C3C237E513 BE Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/about Preview: ................< meta property="og:type" content="website" />.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\api[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 674 Entropy (8bit): 5.3385147507016 Encrypted: false MD5: 2B80B850A50CAFFC32E5A55E4239D005 SHA1: 2508DBCF1F3A0695B3A74BA19BE064AD4B213E5E SHA-256: 1E72546845A4C8324DE2959C76AE678459E327527A7B8F88E7AE564C4AB34C61 SHA-512: 4F5A35E38CC2EF7B26990285744F5835C3718512E877A55CF0ADFCB132059A312A1D617E493CE3A6B71107DC52E1224C67DBA15D94CEB3870A3E00E3E01E6DE0 Malicious: false Reputation: low IE Cache URL: https://www.google.com/recaptcha/api.js Preview: /* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.r eady=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d. createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/HYx6hBAtwYatsD8qzq7tXNTk/recaptcha__en.js';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.i nsertBefore(po, s);})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\appearance[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 18236 Entropy (8bit): 5.326606607837246 Encrypted: false MD5: 77A850E4271CA636BC3B7985851168C2

Copyright Joe Security LLC 2020 Page 20 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\appearance[1].htm SHA1: 07F104F03C3118EC1A200625207B74A11F9445E6 SHA-256: ACE869FE80EB9BC69DC3D0EFFA743FFEF43A492FB0F7BF2172F6F67D9E44BEE2 SHA-512: 11C28A5FE597C400C101D5519B2D99641BEF7216D9D70A9F3B495429443BB0A47B40CDD755C467471D4F64B493A34DD173305F1D6194B5D520C8187BABBC34B0 Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/appearance Preview: .....................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\autotrack[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 25247 Entropy (8bit): 5.291680583527389 Encrypted: false MD5: 5E6539FD0B1C0778A5254A4ED1305DB8 SHA1: 6DFE476E85112334A53D16C11E319A7422D8396E SHA-256: 449F80795C70E94FA7457BA00A62EEAE62CE7EFE0ABAB9681B379833AAFED838 SHA-512: 003D9E211CCA5C2FF77EB9A2C275796697C931EF1361D7013B010ECD41E304C33BD3F538105241C3A69224853B5AA45021596B3766FA13B9143CA82AAA23FC60 Malicious: false Reputation: low IE Cache URL: https://www.gstatic.com/external_hosted/autotrack/autotrack.js Preview: /**. * @license. * Copyright 2016 Google Inc. All Rights Reserved.. *. * Licensed under the Apache License, Version 2.0 (the "License");. * you may not use this file except in compliance with the License.. * You may obtain a copy of the License at. *. * http://www.apache.org/licenses/LICENSE-2.0. *. * Unless required by applicable law or agreed to in writing, software. * distributed under the License is distributed on an "AS IS" BASIS,. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.. * See the License for the specific language governing permissions and. * limitations under the License.. */.(function(){var f,aa="function"==typeof O bject.defineProperties?Object.defineProperty:function(a,b,c){if(c.get||c.set)throw new TypeError("ES3 does not support getters and setters.");a!=Array.prototype &&a!=Object.prototype&&(a[b]=c.value)},k="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this;function l(){l=function() {};k

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\blurplebg[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 274 Entropy (8bit): 4.698961675123502 Encrypted: false MD5: F404694C9EB0B0E0748D3A8BCDC57B6A SHA1: F3DDD0C0CB9B4C9687BF8B0DBB25CCEBA6191833 SHA-256: 1AE1897CD9F0962E9CF6227C9FA083ECD2035B104B35E979FDA2A177A9C1BCA2 SHA-512: 0185FCD700E4F4D78C99BDD7BC719C025723B9A4E964AB0FA59C5E66CEC9E7D2C12B1DF5D5A84A3E2C5CB5006F42FDCA9A78CA9DC17BB7B8329B93714585A2 3D Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/blurplebg.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\browser.0513d7098d2e[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 498x370, frames 3 Size (bytes): 38991 Entropy (8bit): 7.957259021454401 Encrypted: false MD5: 0513D7098D2E42857EE6477384B333D4 SHA1: 0E6A3FCC24054BB68942A620FF6FF9087F45E7B9 SHA-256: A8BA46EA16D067FA037B0BCA92D005FFC87F7C8F90051FD295F36ABBBF2EF6FB SHA-512: 9EAC9AD928400E23998B7C46814354DDF81674406FE2A0AB06D2294271E91DFFF397A3CEFE87EFEFB720D8565FD80AC61B1C16378703DA7701805369B6DFB909 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/l10n/en-US/firefox/home/browser.0513d7098d2e.jpg

Copyright Joe Security LLC 2020 Page 21 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\browser.0513d7098d2e[1].jpg Preview: ...... JFIF...... C...... C...... r...... L...W }l..\...... u...... J..pr~.....?>.g.jY....W....t{[email protected]/.k..V...... L).?L.Kr..../.....51.V-....P.FM..")}>.N%9 J...... t...... *..U7.\..j ....R./[email protected]...... q*[email protected]^.. ...MH..Y.\...... z..v.....5"2.gqr...... W.=....D...... @...... /.p....z..v.....5"2.gqr....G...qi..8.e.v...... :.oT.*....+.\{...... ;...... K...... >...!. ...;.\{...... &.F^,..P...... t ..Y.....A.sX.[..v....5"2.gqr...... >..YU...... %-..wBJ.h..&.F^,..P...... H..oZ#.C...&...a..5f..3..UP...R#/.w.(.r..%y;*...... Zw*.v....^Q ....L..dt.|.:"..."jDe...... v..z...Q.j..... n...g...UH.z..v.5.....v[..`n.j.&v....K....S....Y..v....m.p[.3;..k..LR.....".-.7?.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\chrome-logo[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 5828 Entropy (8bit): 5.292681906113015 Encrypted: false MD5: C365DFBEBEFF9E8606BDF3E3B3AECBCA SHA1: 4CF31EC373CFE7D1E3A03CF21AC11D38B888F9C3 SHA-256: 610FFD583BAF9476A6AAB758F9C3B76A5C8EBB8A7B2446B7EFCA0B26A97D761D SHA-512: 70FA9071CEFA580844B41CAF796894CB7CC2ABF2B7E8990B62BA3D09C7975503587DE3787C6B864940DD1318BBD583C9ECA6356C497AD97DBF85F22B8A77EB4 1 Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/chrome-logo.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\chrome[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 148666 Entropy (8bit): 5.204224716096956 Encrypted: false MD5: 7BC6B8FD8C2D7C285D9BE8A746E3503C SHA1: 0894E571B0F3BE2D677C72199A34DFF454C04D8B SHA-256: 1837B0DF5FC0C31E7F4455A1D5F687BFFF27E2E03771ADD77D09E53CB5B95C06 SHA-512: 2A88060977F1C98CA8B1C321E7D72302EF24BB0810E5890C07C7C3B58DAEADED1C4CF729908CC5845EFD64015E6E9E1599B3E28363D2E99E22AEDCA7F6935BE 0 Malicious: false Reputation: low Preview: [if IE 9 ]>. [if IE 8 ]>. [if IE 7 ]>. [if IE 6 ]>. [if (gte IE 10)|!(IE)]> >. ... . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\close-icon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 21 x 21, 4-bit colormap, non-interlaced Size (bytes): 169 Entropy (8bit): 5.3861581348131775 Encrypted: false MD5: 8007EED59C463A939B2BE95BBB95DE85 SHA1: CCA765A080A5DAE59309D25CF0F87789DEE421FA SHA-256: 6CA6CD6EFCA94CEA6FE50A12FE08B5BA3CB1BFE4F45A7E611C4D8DB0F6D23283 SHA-512: A7BDEAAB00AC389C6A1EAA50D454FA5FEEDD6F5D195CFDA0E9ED981BF280E142F9685CB70057959DA01FA9A15B559A6B1BA277937E4860EABA23F37CDB7C6 9A4 Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/close-icon.png Preview: .PNG...... IHDR...... [9...... PLTE...... O...... tRNS..n.M...... DIDAT..c .....FG0.Y.H....BF.... &..... a...H.*a..F..j..".D...... O...L...... IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\close.73e5756fc7ce[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Copyright Joe Security LLC 2020 Page 22 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\close.73e5756fc7ce[1].svg Size (bytes): 383 Entropy (8bit): 4.76377104873034 Encrypted: false MD5: 73E5756FC7CE98E0B4794BF6494AC363 SHA1: 48CD53CEFB65E3F25214D1B2C17E63D314574048 SHA-256: 8E7FA1D23C05DE55B93FB1B89D0BBC0E9A1D336E6D7984FB88EC1B040316B2DE SHA-512: A4CA68DA658AFC7A17F7A52A60C5215D1EBA43E9E6BDE8070A12B58D757BF0FE2AA1F076559C0E37F47AE7759CD2EFAF3514A35B5CD2AA3A2448253418A2067 7 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/close.73e5756fc7ce.svg Preview: .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\custom.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 310583 Entropy (8bit): 5.14317534430493 Encrypted: false MD5: 61F16886F0FE3F12D3DBDFA9076FD506 SHA1: A854921A4B0544120BD1216ED9DD34EB0A0535C2 SHA-256: C65D483C4B767D1A6C46142E943E596DE428BB893B79D36FF7F5C3B351B2F9DE SHA-512: F8EC73A9BD53A4ED8B598B8EA29262A6F8EBF62E4BE798FBE4C5B694184AD603D28CDA88ADB51FECB93FF259A671ACC821E4A5829B5C5B019E5C68A315B6F 536 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Divi/js/custom.min.js?ver=4.0.11 Preview: /*! ET et_shortcodes_frontend.js */.!function($){$.fn.et_shortcodes_switcher=function(options){options=$.extend({slides:">div",activeClass:"active",linksNav:"",findParent :!0,lengthElement:"li",useArrows:!1,arrowLeft:"a#prev-arrow",arrowRight:"a#next-arrow",auto:!1,autoSpeed:5e3,slidePadding:"",pauseOnHover:!0,fx:"fade",sliderTyp e:""},options);return this.each(function(){var $activeSlide,$nextSlide,$et_shortcodes_mobile_controls,slidesContainer=jQuery(this).parent().css("position","relative"),$sl ides=jQuery(this).css({overflow:"hidden",position:"relative"}),$slides_wrapper_box=slidesContainer.find(".et-tabs-content-wrapper"),$slides_wrapper=$slides_wrap per_box.parent(),$slide=$slides.find(".et-tabs-content-wrapper"+options.slides),slidesNum=$slide.length,currentPosition=1,slides_wrapper_width=$slides_wrapper.w idth();if("slide"===options.fx&&($slides_wrapper_box.width(200*(slidesNum+2)+"%"),$slide.css({width:slides_wrapper_width,visibility:"visible"}),$slides_wrapper_ box.append($slide.fi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\google-chrome-logo[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 160x24, frames 3 Size (bytes): 2745 Entropy (8bit): 7.741604826071945 Encrypted: false MD5: DABB508820425E63D8138A1F7E94FDE0 SHA1: E16615B860F2C203488E000CA7C489D49B2B5521 SHA-256: 84D5A4525BE1835AE8F3DEA212A449572B0200C0AA1CBD5D0CFB68783B6034F9 SHA-512: 6723552796917C2841DAD928F7912DE2E6F1B9967DF099BC6D49C724B84275AF807E44B503F30B50ADE8F12645394B709EB72B33C51262D8BE795FF5DBD4A49C Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/fallback/google-chrome-logo.jpg Preview: ...... JFIF...... C...... C...... x.N..Z.o 9[..{.`{...MM..Xs..5A"...... 3.B...?D..2.\...... W.C...O./..Ve-...... T/..l"6ftkq..TV.^o.,-..Z...L...*.7 %FTZ..sj.@.....$...... !12"...... G.v.m..[.W...!.7....[.~..h.E..f.^... T#..y|...Y"....#..3.*.U..b...F.X........v*...e)m.]k.....O.9.,M.7...Ek....;..YJe...... R..:...... K.n..;..*QF.0...N.G7./._..O>=#.V#...UF....O^.$~.z#|.^...5.?...... )...1g.N....2.Qc...... A....XL.R.)$....N. ~(X..^sch...u....|.G*.1..2..a.d.Tf.._.'.?.._..+..:.f...+.#....LM-... ..|.lo..Lt|.J.4._....VzH.....g.....J.NH.....8!o.!...... *.&.C.~c+.p....5...GsA.5.%n.:} E...=...g1...}....:.P...... f.b..r.X..;.P..].2.".t3D..h.8.:.....)3.IW...l(l.|..7,fD..5xL...6...h..d.q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\graphic-bat[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 10719 Entropy (8bit): 4.252059766409254 Encrypted: false MD5: 14A5E017A626584405A63966F568F789 SHA1: 53E167E4DC738E97635C8E81515A3E18CE6FC50B SHA-256: 87280E058A6AB0113E06895DE6BA3154B8B1CE60C992CFEF2891CF3380098A94

Copyright Joe Security LLC 2020 Page 23 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\graphic-bat[1].svg SHA-512: F6BB7D6894BBB715C57C30E696B4E30DA80797E982CF5957C593E8C7DE11F1DCC8C8EBFF7827C34FF0DFAA629C75ABB53E431B91FBEC24DD610C33040B344E 77 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/graphic-bat.svg Preview: .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\icon-file-download[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 32x32, frames 3 Size (bytes): 1153 Entropy (8bit): 7.146301844451467 Encrypted: false MD5: F9892E0EC85ED7D57DC891E47FAC9D39 SHA1: 2B6C2A47737A9D4B07DFA7BDFB3BFBE1AB218C92 SHA-256: 0323116BACD78289E4D2E89CF00DC814E306BD2E4A16E30BF9BC6BB737ABBE16 SHA-512: C02FE308647A9771DB7F60922A6AE61597AD9FDED64CF6CEA78439FD84CCEEC016932E0EEC1F997A26872FC5C87C47B1EF803DA0BFCE1C6B18CE3B143C7778 60 Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/fallback/icon-file-download.jpg Preview: ...... JFIF.....H.H.....LExif..MM.*...... i...... 8Photoshop 3.0.8BIM...... 8BIM.%...... B~...... "...... }...... !1A..Qa."q.2....#B...R..$3br...... %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... w...... !1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... C...... C...... ?...... /..}c...... :.K..I..<.....I.B2...?A_=x..N....EE.....o..~...... K.5..$.G.....(..:.f...7...tX...Ja9..8...L...};. ..B...i.y.Z..5..a.=..^...... _.~2...... 7m..X...=3.'...o..).>.wj..2F...>..?...P.E.j.f..5..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\illo_left[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 300 x 300, 8-bit colormap, non-interlaced Size (bytes): 1962 Entropy (8bit): 7.341841377311045 Encrypted: false MD5: 68CA69F096C2B0CC9861881F6C32FC03 SHA1: 3BD259D667291250DBED6D8717F5FE2755FFCB98 SHA-256: 4868F043F52EBEE0DDDD7C5FD6278F050AF87AFE6541E2E39431BBD592B04E05 SHA-512: 7417F0374C301F78E3C5B4BD376F7181E8CCB9EC4AA97388A78CA25DD06B201939CBFE3355EF08842B0698652E75605F11E65AAE0FE5EFCD7FF92F7C0118CDE4 Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/heroes/illo_left.png

Copyright Joe Security LLC 2020 Page 24 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\illo_left[1].png Preview: .PNG...... IHDR...,...,.....N.~G....PLTE...... +(.+)....+(....+)....+(.$$.+(.+&.+(.)&.*(.+).+(.*(.+'.+(.''.*).+(.+(.)).*(.*).''.*(.+(.+%.*(.+).''.*)....*(.((.*(.*(.* (.&&.+(.+(.((.+(....+(.*(.+'.+).((.*).+'.)).)).*).''.+(.*(.)&.+).*%.*(.*(. ....*).*).)!.((.+(.)).)).)'.*(.+).((.&&...... +(...... +.+,.B-.A,.A&.9,.A-.B,.A-.B,.?'.; . @{L...... tRNS.C....%.>..}0.=...... #.6.P.qr.H....^s....0..A...:.....~?...yB....,8...tJ.7...... LfdQ{.} /...... mL,...... O....."6I]v....`..Y....7.3n.....E...o.;....2R..J...M.sF.(u...... P...k..N..p.&- ....r...... m...... Q....8.....IDATx...Gn$1.D.d...w....D....C.8..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\illo_right[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced Size (bytes): 4456 Entropy (8bit): 7.8177558571093275 Encrypted: false MD5: 651948158153DA96B44B47DC792647D6 SHA1: 89F917D4CB8018455E7300B2427BC252EC539887 SHA-256: 625E397F86094DF7CE8B7CD0C1A55B3F0E60B48516078E80D9204DABB23FFD41 SHA-512: 7831CED6F4635BCF0ED5513EBC184E03DFBAE2C69BA744383E62CF24105A368A06846F6366630EC0A3D2D38E14B71180DFC78EB559D235FED598C9D697FAF8D F Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/heroes/illo_right.png Preview: .PNG...... IHDR...,...,.....y}.u.../IDATx...M.P.../=b.z....X.:U.,d..+.`.....^....{....Gz..I..._.N..4...i\..i...Wn.m.1..p~..x.7.....Wn...... |?L...... 8-..a...vWuarSn..57....vW..?Y.7.a.....uu"...... \....V...ioZiQ.z...... U.r{.z.A<.T~).H.<.:..i.&..O~..H...:..i.&..O..U.5.gi...U....".z...... `.z.....`.z...... `.z...... `.z....`.z...... `.z...... [email protected][email protected][email protected]= [email protected]=~...... A._7$....T...z.A.....`P=..z....0..`P=.....T.0...A..=...... 0..`P...... T.0..z.A...... T...z...... `P=...... 0...A...... T...z.A.....`P=..z....0..`P=....{...... `P=...... 0..`P=...... T..{...0 .._z...,..s..u*..B...b.f...... [email protected][email protected][email protected][email protected][email protected]=.{...... `.z...... z...... t:g..0.T.. -...... :..i.&...8-/..a>=W.. -...... v.v[.... -..f.c}.?..jS....i....k?Mw...... [email protected]..>..}N^B_...)g..s..b..?....;..._...... E|....~..t...s.3z...... /{...e....3..{..fiV.."......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\jquery-migrate.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 10056 Entropy (8bit): 5.308628526814024 Encrypted: false MD5: 7121994EEC5320FBE6586463BF9651C2 SHA1: 90532AFF6D4121954254CDF04994D834F7EC169B SHA-256: 48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D SHA-512: B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562CC34FE219F71F951D364FA5C68C039B76776CD Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 Preview: /*! jQuery Migrate v1.4.1 | (c) jQuery Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function( a,b,c){function d(c){var d=b.console;f[c]||(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.tra ce()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a) {d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={}, a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a("",{size:1}).attr("size")&&a.attr Fn,h=a.att

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\jquery.fancybox.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 4058 Entropy (8bit): 5.035896723106695 Encrypted: false MD5: BC588054D45F910494CEBA6455AC77F2 SHA1: 59C47F34F56E8A5FF2434FF6E339A5B4E0BADEBD SHA-256: F34BB7D9C8F2DB0E78E5D7B226BC169182F8C22E7CD1A3E7B5767519B709C1BC SHA-512: AFBD4E146CAB7A3EDF07FF32030368478F7F846B9EF22EDAB098846F7744D5587DE56DB2443E1C9A22743406908A1F51369EC83392F1E751151DD3D1CB0C74C2 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/plugins/easy-fancybox/css/jquery.fancybox.min.css?ver=1.3.24 Preview: #fancybox-loading,#fancybox-loading div,#fancybox-overlay,#fancybox-wrap,.fancybox-bg,#fancybox-outer,#fancybox-content,#fancybox-content>div,#fancybox-content> div>div,#fancybox-frame,#fancybox-close,#fancybox-title,#fancybox-title div,#fancybox-left,#fancybox-right,.fancy-ico{box-sizing:content-box;-moz-box-sizing:content-box}# fancybox-loading{position:fixed;top:50%;left:50%;width:40px;height:40px;margin-top:-20px;margin-left:-20px;cursor:pointer;overflow:hidden;z-index:111104;display :none}#fancybox-loading div{position:absolute;top:0;left:0;width:40px;height:480px;background-image:url('../images/fancybox.png')}#fancybox-overlay{position:abs olute;top:0;left:0;width:100%;z-index:111100;display:none}#fancybox-tmp{padding:0;margin:0;border:0;overflow:auto;display:none}#fancybox-wrap{position:absolute; top:0;left:0;padding:20px;z-index:111101;display:none}#fancybox-outer{position:relative;width:100%;height:100%;background:#fff;box-shadow:0 0 20px #111;-moz-box- shadow:0 0 20px #111;-webkit-

Copyright Joe Security LLC 2020 Page 25 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\jquery[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 96873 Entropy (8bit): 5.372169393547772 Encrypted: false MD5: 49EDCCEA2E7BA985CADC9BA0531CBED1 SHA1: F8747F8EE704D9AF31D0950015E01D3F9635B070 SHA-256: 1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF SHA-512: F766DF685B673657BDF57551354C149BE2024385102854D2CA351E976684BB88361EAE848F11F714E6E5973C061440831EA6F5BE995B89FD5BD2D4559A0DC4A6 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp Preview: /*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports? module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){re turn new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor: n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?a<0?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this .constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,fu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo-md.00d2ad45480b[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced Size (bytes): 8424 Entropy (8bit): 7.955888342603677 Encrypted: false MD5: 00D2AD45480B8A1173C3B7D4947FCF12 SHA1: 548B71748E4486CF2B295BAD322A19B1BA289630 SHA-256: 833BC07B6074CD7E8EE64F5CAF3E013A1ABB1A77455635D46CC145BE57926F2B SHA-512: 8FABC66A173EFB89821DE32FCDC3DE2E1FCBF8E7F0B460B499048383C90E94AAC158467175D02A0F062D1DFDB8E7F4973CC52E2BC756FC76A332235C6D34BE0 6 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/monitor/logo-md.00d2ad45480b.png Preview: .PNG...... IHDR...`...`...... w8....gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....bKGD...... pHYs..X...X...m7.....tIME...... D.#.....IDATx..y.]eu.....9w.....A..P^.VEE..h [email protected].. .EhUJ...Q... ..P...-..T..b..(`.....Hn.p.....>.9..&../....}...... o..s..,/...D[z.c.....@t0.#...... H@{^...<&.....N.R.*7.@..+.{ fd...x..?`*.Zy..b....~"..R.N.R/....E:.1.QJ.B#...~... ~..!..o.....nK.R[.*...<."P..#..gbz...:j.QQ....o.\F..Nb..AB..iK.Z.lU../....`.PH../..!..Z..*[email protected].%[.H..6..>.....V....>(....bgL'#N....|.....e...)...i...t...~...f...... ^..c[..,.....h...... 0NC...J n...\...P.5.'.f.d... .P...`_ .._....TF.&n;...... 9.z...FS....D...t...... (../v.7?....By...!D...... ^.P.L.."....G1u.....w....T0..9..`..L."..q$..A..m.n.o.0'V...d....}x...rB"0.!.!...... 2..zz*. N..A..G.. ...v"..09I.Jc?.i..FLiQ...?F.?L..{..._...@...... k.o...ZmpKb\...~=e...|..V-...... lJ..`...Nm.<*..b...... __..g'.F...*...:/0.9.>?.3._N..c....2#.%&N...?~..L....S....i*.\..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo-md.5b88d5fa8771[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced Size (bytes): 6617 Entropy (8bit): 7.940810886637729 Encrypted: false MD5: 5B88D5FA87717CEB257458988B362E3A SHA1: BD0BDF744CA4957E02B571870A44C979A6A3EDB1 SHA-256: 652E421C75B29F088881B8B5D602A472362E3A23F8A41FDEFBCCD48A78D26971 SHA-512: 0EFD7E5CAC4B2F1545C5FF0114441E70F14904F514DF3C79EAAB94D60D8F13625AD1E447F4B963F986DF31E836717EDAE2958F6A0B7ABBFF58793DEC5DEEA37 6 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/send/logo-md.5b88d5fa8771.png Preview: .PNG...... IHDR...`...`...... w8....gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....bKGD...... pHYs..X...X...m7.....tIME.....#....)....IDATx..{..U..kU...... A3...+:...... $&...x .yD.....u...... 3.8..s...8.2":... ..k...... N?..{.?vU..sNw...N0+....:Uuj.~..^;...... L....}.*6...0..W._.`....e.]..T....-w...$0.-.]C..Nt..d. .~....x. +a3Q"&#LG8...... I.%T.*.}.= /#l..".2.....cBF...9..u. ..#.~..Z"...2....E..2.a....6D.a. ...H?B7...).W ....-..c...`.!.L.u.s..G.U.B.^[email protected](m..2..iv\...#.,.....?...y. .`....I...2hS...... [email protected]$$...... Uj.....5...<...... ~..N. .`....o..w..{.$....>...... &.k?.\..>H?. ..`.".rpM....._"...... #..*...~..QND.2PF.}/.....Y...... "...... -.8p..w/C..".Ht:.....Rj.P..Q.L..=$l...'....c.Uw.q..*n\..N....a'.D....(. 25kp...... G..@g,...... +.l.[....'..o.BK.8_...;Q. (.IE.e..F...>..C.....sk{.F'....3...<.... .o..../...@iC.$....6R.A.....h.e..F..".4.&...... J.-#LF..]4.U.#...... J...=DVk....K.Ux.1.c..4..w.^1.~.R()`[email protected].

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo-word-hor-sm.5875d8d1b185[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 194 x 64, 8-bit colormap, non-interlaced Size (bytes): 3844 Entropy (8bit): 7.856996333984047 Encrypted: false MD5: 5875D8D1B1852019CA76D44560274A09

Copyright Joe Security LLC 2020 Page 26 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo-word-hor-sm.5875d8d1b185[1].png SHA1: 29EB24A5241BE57BFB0416ECF261BC5C4993E22A SHA-256: 30642B988FCDE9EA3EC50CE3626613EBC41C03AD2C79DE2DD49890EE99A6EBE6 SHA-512: 303966A2B20328DFC09B44432F0395EAAC187BA6A51862B7633950246D0657F1F1C6F990357A773A283CA320F90BD9A2CA33F900FF691282837E50CF4D30CB50 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/logo-word-hor-sm.5875d8d1b185.png Preview: .PNG...... IHDR...... @...... GX.....PLTE...+.X .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.p. .: .: .:.B.5. .:.H.KT..'m .: .:..h .: .:SV. .: .:..b..j .:.S.4S..W.N..+_.&S.tF.+Z.^W.-U..f.N\..X....cK...*....tiS....]>'...... W@*.~pojK...... omQOB3...... ~xa<...... ;...... 6...... |...(IDATh..w\SW..o.2.!.B.h)e...Ae.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo.b38718a07101[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 417 Entropy (8bit): 4.66181080784312 Encrypted: false MD5: B38718A071015ECC1CEF21646287F93A SHA1: CBEBCB1AEF5E4B2C3772FE30F5E2085CE7991446 SHA-256: D4FF5295B6E9C09DCAF86BA551DF5D029EEF0C6AA720F24D6583E5F95B3603C1 SHA-512: 23EE679BCAA1DED71A7C77F079B827ED901A1D3986C97B13B6D36F5E6977EA8CF446A72375462277FF096B0191D8398DA4344C9CC4412698FDA675E7570D7C70 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/logos/pocket/logo.b38718a07101.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo.fedb52c912d6[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 9188 Entropy (8bit): 4.709462307578986 Encrypted: false MD5: FEDB52C912D62C050D00F8E10EC8096C SHA1: AB26ED73F07E062CCDAE2D331F994404FB05B38D SHA-256: C3518D1942E53686036B9D01C97FC3A3B433A812B3ADD74C9FD64F4890CBCD1B SHA-512: 03A8A9C161690220BFBEBD51C6C4DC220A0D3F2970D7058DA52B2033858C280A069C6F546AF84009CC9CA0B099733CA7F8A9DD62F9CBC5C2AE095F8CAE6FE3A F Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/logo.fedb52c912d6.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo_48[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced Size (bytes): 2228 Entropy (8bit): 7.82817506159911 Encrypted: false MD5: EF9941290C50CD3866E2BA6B793F010D SHA1: 4736508C795667DCEA21F8D864233031223B7832 SHA-256: 1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A SHA-512: A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9 Malicious: false Reputation: low IE Cache URL: https://www.gstatic.com/recaptcha/api2/logo_48.png

Copyright Joe Security LLC 2020 Page 27 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\logo_48[1].png Preview: .PNG...... IHDR...0...0.....W...... gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....bKGD...... C...... pHYs...... IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!...... 3.po . o.L.i.I..1fl..4..ujL&6$...... w...... ,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._...... B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB...... jG.uD..B....Tm....T. .).A.}D.f..3.V.....O.....t_..].x.{o...... *[email protected]=Ed.XF...... J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}...... I .P.....S....|...)[email protected]. s..s..$`.X9.....E.x.=.u.*iJ...... k...... '...!.a....*+.....(...S..\h....@...... I.$..%.2....l...... a.|.....U....y.....t..8....TF.o.p.+.@<.g...... -.M.....:.@..(...... @...... >..=.ofm.WM{...e..,..D.r...... w....T.L.os..T@Rv..;.....9....56<.x...... 2.k.1....dd.V.....m..y5../4|...G.p.V...... 6...}.....B...... 5...&..v..yTd.6...../m.K...(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\menu.79f1f0c795df[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 436 Entropy (8bit): 4.81285634223051 Encrypted: false MD5: 79F1F0C795DF9775A6E940AA6B794A64 SHA1: 0834AFC9234DC2AEE26026CF61ECD29B4483966E SHA-256: C08840807DBE9DBD399A2F176C5C377BB0F26A6762971DD6B25CA2C1129B5161 SHA-512: 6EE45C5E1DB62CB790D9259C40BB1934082388E2FB23049139877663AA02056401F48086EBE8898B2AFB71F9E920F598E71F76160146E37EABFA570E1EFBE121 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/icons/menu.79f1f0c795df.svg Preview: .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\modernizr[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 18121 Entropy (8bit): 5.487052413899393 Encrypted: false MD5: 22B1D136ACE6916B80EE05FD4889066E SHA1: 03903EC6E52233623AFE851E351E160B72ED2828 SHA-256: 8C2D2E5D88589A1283EC0CDF49BEDC2DD3A8F40FE77C39C3E00ED8CEF1968FF3 SHA-512: 9BBBCBA7803D76C8F8CBD9974733211D8ED703E640B2FC673715DCC091413A2FE3E385CE1886DFCD7C5153EBDC154B1A5D83D0F004369C355EBCEDD841E2E9 F7 Malicious: false Reputation: low IE Cache URL: https://www.gstatic.com/external_hosted/modernizr/modernizr.js Preview: /**. * @license. * MIT License. * Copyright (c) 2009.2011. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. * The above copyright notice and this permission notice shall be included in. * all copies or substantial portions of the Software.. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, T

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\src=2542116;type=chrom322;cat=chrom01g;ord=2704658616573;gtm=2 wg5e1;~oref=https___www.google[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 431 Entropy (8bit): 5.389284389279306 Encrypted: false MD5: 3BD0B46C18912798B0682080A171A051 SHA1: 637296E8F2C4DE10BFECC2DF3FC6EAB1602DA816 SHA-256: 7C2F4FEA8C8F53DD128ECCB5A67D5DE43D868FD223838425C2C84BC2D7257A56 SHA-512: CA5BEAE611AAACE444BB6C1967FEB12B13853C4AF814F5355737F7C9A444DC68792F8BFE70ACEE73E3773C762E8730A9A154E71893D767DCA5D3D6C0B3426B7 2 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\src=2542116;type=chrom322;cat=chrom01g;ord=2704658616573;gtm=2 wg5e1;~oref=https___www.google[2].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with no line terminators Copyright Joe Security LLC 2020 Page 28 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\src=2542116;type=chrom322;cat=chrom01g;ord=2704658616573;gtm=2 wg5e1;~oref=https___www.google[2].htm Size (bytes): 194 Entropy (8bit): 5.144203472842556 Encrypted: false MD5: 5EDEA4CDE2C1A9C8E8150DEAF71CE73D SHA1: 725019DAAF24DED79DCAAC96C897CC4727CC8B35 SHA-256: 05978957C6C8B028F2785DC77271C286BFAC76E30B7BCD7E835C2927FBE897CF SHA-512: E55349AB79FEF70C5DF45009E9EA2E4CA57678305A25B3279CFFAD472192654FE86E30B9471313243FB081D7B2C2958E8F888F87C648AAE5FF00E289C69B615E Malicious: false Reputation: low IE Cache URL: https://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=2704658616573;gtm=2wg5e1;~oref=https%3A%2F%2Fwww.google.com%2Fchr ome%2F Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 754998 Entropy (8bit): 4.890056562725007 Encrypted: false MD5: 0C3ABE6BCF5B618A8B3BCAD5931C5F2B SHA1: DDA85C0F1F1A92830DDA979A5AEE5741480FED3B SHA-256: 75DB986A90BE012D1E1EBC23F4032C7249FDF7CEE259B26F93718E6AAEA60D4A SHA-512: 240149388656C3DE00609D043E83DED7FED935300E568663626C085C40AD72E003813AB58CD91912439B4A360C5A618F899A310F48AD8437D839851A2E4CCB11 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Divi/style.css?ver=4.0.11 Preview: /*!.Theme Name: Divi.Theme URI: http://www.elegantthemes.com/gallery/divi/.Version: 4.0.11.Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection..Author: Elegant Themes.Author URI: http://www.elegantthemes.com.Tags: responsive-layout, one-column, two-columns, three-columns, four-columns, left- sidebar, right-sidebar, custom-background, custom-colors, featured-images, full-width-template, post-formats, rtl-language-support, theme-options, threaded-comments, tra nslation-ready.License: GNU General Public License v2.License URI: http://www.gnu.org/licenses/gpl-2.0.html.*/a,abbr,acronym,address,applet,b,big,blockquote,bod y,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,font,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,stron g,sub,sup,tt,u,ul,var{margin:0;padding:0;border:0;outline:0;background:0 0;font-size:100%;vertical-align:baseline;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\style[2].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 3853 Entropy (8bit): 4.984776322747152 Encrypted: false MD5: 98FB9FBE79F620038FCC9C65DD568A93 SHA1: BD436372A5D6AA2A573544C894DC70D7B78264C5 SHA-256: 5D21D747A3514E9DA7E30FA9395E6F91B7551594362FDEDFBC7CBD4C25374E64 SHA-512: 6DF26BC0FC0E567527E073B606D8780548C2DE1DC654796D4826D45BC42ECA8B4FD659A4E8CBD7E8C346407304F31CF1981C86379E95B3C5CE3B1C6EF829C13 C Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Brave/style.css?ver=1.0.2 Preview: /*. Theme Name: Brave. Theme URI: https://brave.com. Description: Child them to Divi. Author: Sampson. Author URI: https://twitter.com/bravesampson. Template: Divi. Version: 1.0.2. License: GNU General Public License v2 or later. License URI: http://www.gnu.org/licenses/gpl-2.0.html. Tags: Brave, Custo m. Text Domain: Divi-child.*/..@font-face {. font-family: "Muli";. src: url(fonts/Muli/Muli-Regular.ttf) format("truetype");. font-weight: normal;. font-style: normal;.}.@font- face {. font-family: "Muli";. src: url(fonts/Muli/Muli-Medium.ttf) format("truetype");. font-weight: 500;. font-style: normal;.}.@font-face {. font-family: "Muli";. src: url (fonts/Muli/Muli-SemiBold.ttf) format("truetype");. font-weight: 600;. font-style: normal;.}.@font-face {. font-family: "Muli";. src: url(fonts/Muli/Muli-Bold.ttf) format("true type");. font-weight: bold;. font-style: normal;.}..@font-face {. font-family: "Poppins";. src: url(fonts/Poppins/Po

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\tracker[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 2738 Entropy (8bit): 5.278818472262892 Encrypted: false MD5: 36CC89A443B8EFBF1D66637829DB03D4 SHA1: 77C9D488E9999DC6ADCCFEF07CFD5BED7387ABE0 SHA-256: 9E16355D6C1608CC6036169780DEFFE1C118A78E6CD7E5015B112D7540E3ADA6

Copyright Joe Security LLC 2020 Page 29 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\tracker[1].js SHA-512: 5D34425AE800DCCD1956FE73F7A1CA9C8AB147E03EA4C8FABB407BD4F38210F8A1C07F5BBDE42BB1034F591125DD3A5DCD2F0D6A81B746F4FD69E56A3F199E 3F Malicious: false Reputation: low IE Cache URL: https://fathom.pixeldrain.com/tracker.js Preview: "use strict";!function(){var t=this,e=window.fathom.q||[],h={siteId:"",trackerUrl:""},n={set:r,trackPageview:function e(t){t=t||{};if("doNotTrack"in navigator&&"1"===navi gator.doNotTrack)return;if("visibilityState"in document&&"prerender"===document.visibilityState)return;if(null===document.body)return void document.addEventList ener("DOMContentLoaded",function(){e(t)});var n=window.location;if(""===n.host)return;var r=document.querySelector('link[rel="canonical"][href]');if(r){var o=document.cre ateElement("a");o.href=r.href,n=o}var i=t.path||n.pathname+n.search;i||(i="/");var a=t.hostname||n.protocol+"//"+n.hostname;var c=t.referrer||"";document.referrer.indexOf(a) <0&&(c=document.referrer);var s=function(){var e=new Date;e.setMinutes(e.getMinutes()-30);var t=function(e){for(var t=document.cookie?document.cookie.split("; "):[],n= 0;n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\web-store[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 5819 Entropy (8bit): 4.931633972310315 Encrypted: false MD5: 04A9F639A2F82236CA4DB4EE8DF793C5 SHA1: 6045E378AE4E470CC079E8AB3F55F21946142C9B SHA-256: 533CACE2E47D99B658443921FBDC2718C8D2DE9AC1D5D334748424060085AE56 SHA-512: 3E71FD7E53FE3768DF2F44EA8A96E10906AA825CF6E7A7EC97A66F838CBBCFC81B1CB58333C678602448C344C1D2B27EA98C785B685B99DDBDB769B33E2954E 9 Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/web-store.svg Preview: ............. This site is optimized with the Yoast SEO Premium plugin v13.5 - https://yoast.com/wordpress/plugins/seo/ -->......Y? 1:0},y=function(Y,Z,W){if(Z=typeof Y,"object"==Z)if(Y){if(Y instanceof Array)return"array";if(Y instanceof Object)return Z;if("[object Window]"==(W=Object.prototype.toS tring.call(Y),W))return"object";if("[object Array]"==W||"number"==typeof Y.length&&"undefined"!=typeof Y.splice&&"undefined"!=typeof Y.propertyIsEnumerable&&!Y. propertyIsEnumerable("splice"))return"array";if("[object Fun

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\KFOlCnqEu92Fr1MmEU9vAA[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 66456, version 1.1 Size (bytes): 66456 Entropy (8bit): 7.991041370753205 Encrypted: true MD5: 851A2B5A8394EB1B868678BFD31A1A8A SHA1: 0F633AE8F8836076EA5AE369FBBC58D1733156AC SHA-256: 9915A79AFE8C10196DD8FC8A666E89D9E416C738020AE87D1B14051D891C848D SHA-512: 479033FD3B228C974076D077DCE43CC55CB04B0CBA30D2B9B3242F2888884737BCA6E14521A80B8BDE6B8180FB3BD9753391442F053E15E4D4D49DE405ECB754 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff Preview: wOFF...... GDEF...... ,....pjm.GPOS...... '...V...%.GSUB..)...... x..OS/2...... S...`..cmap...... U...FP...cvt ..88...\...\1..Kfpgm..8....2...... $.gasp..9...... glyf..9...... m`|@.qhdmx...\...N...... head...... 6...6...rhhea...... $....hmtx...... hloca...$...r....=T.maxp...... name...... :.post...... m.dprep...... S...)x...... P.. ...;+.6.l..-...<.v.m....g.._..u...... P...;.&8...N,sb...Yo7...u. ..r..g.E'.;q..N.u.>..#..N.....w'~...%.f;.+!EE[H.m)...T.VQ5[C5....H...6US.J.m.u.....R.;@..`..c4.N.D;Y..tM.35...\;_....!....E? .~..(..{.p.^.w.....mJH.i!.E.h..".X\k7..vs.b...vg.c...... Q...;...... j#..^.qLg..?mV.x..C..A....m...c.m..q.z.p...[.6..Y.....;..{.....J..x.i...^8k...5v2.O.9g..'...O|..&..5.|...... n.."...O?..H.:. 3.%J...y....?.....9z.(..>.pN5`...=.0....A...... N...#VP.5...... )&.l.].6-.G.S.*.5....c.>.....LpO.Mh.. .=iCJ..B..23Ey.<..X...... V....*hR...N\,..+...G.,.....b^U.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\KFOmCnqEu92Fr1Me5g[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 66044, version 1.1 Size (bytes): 66044 Entropy (8bit): 7.99257726789333 Encrypted: true MD5: A91AD097D24828AF724D4FEE36A063ED SHA1: 1C76A4CB77FA559AE0B445413FF54E169546BFAD SHA-256: 71AA99E21C708E5DE2FF54F2E6D6BB4E4D462AF3DE5B9ABB071FCD5C6D42FC48 SHA-512: 190B3C893F358ABE055064550B08C72BE47324341D547687D0A327FFEFD069A80373AE93B1419895BA02F4FDEADA6EF2E3E758B84C7DB03686D1325E24F93374 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff Preview: wOFF...... L...... GDEF...... ,....pjm.GPOS...... "...N..sk.GSUB..%P...... x..OS/2..*....R...`....cmap..*h...U...FP...cvt ..3....T...T+...fpgm..4....5....w.`.gasp..5L...... glyf..5X...T..t$Z..Nhdmx...... L...... head...... 6...6.j.zhhea...0...... $....hmtx...P...2....g..aloca...... |.....&.maxp...... name...... t.U9.post...... m.dprep...... I.f ..x...... P.....;+.6.l..-...<.v.m....g.._..u...... P...;.&8...N,sb...Yo7...u. ..r..g.E'.;q..N.u.>..#..N.....w'~...%.f;.+!EE[H.m)...T.VQ5[C5....H...6US.J.m.u.....R.;@..`..c4.N.D;Y..tM.35...\; _....!....E?.~..(..{.p.^.w.....mJH.i!.E.h..".X\k7..vs.b...vg.c...... Q...;...... j#..^.qLg..?mV.x...d.a.....6.2.4.[..4.w.}&.[...... f..ZE...5C...... a. ..8UQp.j`..=...E..O.{.....;d..B.C...... k(..X YEi...u...}...... u...E.>.4..!s.-.f..~....;._rb..]..F....P.._..../C...... =....:.sm.9....J..k.^~N[..R..g..A>..'.._zsy.JP./.j....T2...{.{.gq.xX...... ce..'C.N..h.-z....YW.s...*.jM.O

Copyright Joe Security LLC 2020 Page 31 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\api[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 30074 Entropy (8bit): 5.321186224833451 Encrypted: false MD5: 9AED8158793E82EA3F96600C7E1939C3 SHA1: 31BF78ACA734C98E6BD1B0A6547FFCA6744617A7 SHA-256: 325DB4A21A507594A141BD39186F49689075D5C6FF0B4248B4A84E7AEB6E67CA SHA-512: 1C7B67A7F205F0C0413D3371BE8E3A499B52ADE9FF43F2F2C08997F10F813662857EC53A4E09386D6C729AC313CBEE6AB1D086BE21614D566C6A9983B749ED5D Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/api Preview: .....................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\bframe[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Size (bytes): 1676 Entropy (8bit): 5.591720090696457 Encrypted: false MD5: E2586D589FD2FB2B12A10B9927639745 SHA1: A35112E3979625DA29F66CCF26D11B1CCA80ECC9 SHA-256: 6215BA46D462D2D111C4D6484D7AAF62347061A6926BC925CB9EB505A81E990C SHA-512: E81BFF25432FC35635781A79B21E809E5FF902C255954CF242B0421F859A3BCA8BB987C2EBAC9C7269F37C5099177B338D42247888888089749DF9F9D55557F6 Malicious: false Reputation: low Preview: .....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\chrome_throbber_fast[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 24 x 24 Size (bytes): 4469 Entropy (8bit): 6.7695629044778185 Encrypted: false MD5: 81247683E65B6F536D25AF4B2917E823 SHA1: 331043F7F52D006377003B2AFAE4EC8EB877CEE5 SHA-256: 3E846532CACBDA65EB384367C713A798D6D6D619D97ED30D136C6ECB911AB9BB SHA-512: 075EF7168959423DC01D3057384B1D6ADDCF7848162C44405ADCD8A8FE9412C8FF30B80259302D96D25BF262AB382E362626482AF3D5036E19817D1A5D6B9A39 Malicious: false

Copyright Joe Security LLC 2020 Page 32 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\chrome_throbber_fast[1].gif Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/chrome_throbber_fast.gif Preview: GIF89a...... 4f...t.....L~...... \.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\common[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 1360 Entropy (8bit): 4.944300057947054 Encrypted: false MD5: 82B34A0F20682B94458A89521A92C7CA SHA1: CD97BDD72C8F7CA65A37EA7D78FF71580633169A SHA-256: C05EE8FAC93FDE19412046A913B9AECD86210ABA6B72CFF7C94E01170DD11E3B SHA-512: DF8292CF42883FD65320FDB0A7C731F38BD7ADF4BD8F9D7E90DE3F1F3FE927FFC6CC28267825E2F7F20B8F2E50CB7E2712CA6DF43CA74CC672A094913121ABC 0 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.0.11 Preview: (function($){..$(document).ready( function(){...var user_agent = navigator.userAgent;...var is_opera_edge;...var browser = user_agent.match(/(opera|chrome|safari|firefox| msie|trident(?=\/))/i) || [];...var browser_name = '';...var browser_class = '';....if ( /trident/i.test( browser[0] ) ) {....browser_name = 'ie';...} else if ( browser[0] === 'Chrome' ) {.. ..is_opera_edge = user_agent.match(/\b(OPR|Edge)/);.....if ( is_opera_edge !== null ) {.....browser_name = is_opera_edge[0].replace('OPR', 'opera');....}...}....// use na vigator.appName as browser name if we were unable to get it from user_agent...if ( '' === browser_name ) {....if ('standalone' in window.navigator && !window.navigator.st andalone) {.....browser_name = 'uiwebview';....} else {.....browser_name = browser[0] && '' !== browser[0] ? browser[0] : navigator.appName;....}...}....browser_name = br owser_name.toLowerCase();....// convert browser name to class. Some classes do not match the browser name...switch( browser_name )

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 1089 Entropy (8bit): 5.1798518283750346 Encrypted: false MD5: AF5D6AE523E57D843CBFD9250022A9F0 SHA1: D98484D28B013F56C5CE043F2DB2E8E0EBC553E6 SHA-256: F1C1115E95EDA88A8EC69EA32996661E49352BB2367420D6A9D85848D04830C3 SHA-512: 06E15A3457EA88F45617AD4D3958BDAAB6161B84AFB7593FAF0CFD958DF427FA6E6FE74BFA7142D440ADF45339C50A48817531D477D894F3658A452FE299D750 Malicious: false Reputation: low Preview: /*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. font-display: swap;. src: l ocal('Google Sans Regular'), local('GoogleSans-Regular'), url(https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff) format('woff');.}.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 500;. font-display: swap;. src: local('Google Sans Medium'), local('GoogleSans-Medium'), url(https://fon ts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. font- display: swap;. src: local('Roboto'), local('Roboto-Regular'), url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff) format('woff');.}.@font-face {. font- family: 'Roboto';. font-style: normal;. font-weight: 500;. font-display: swap;. src: local('Roboto Medium'), local('Roboto-Medium'), u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\devices[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 320 x 330, 8-bit colormap, non-interlaced Size (bytes): 9890 Entropy (8bit): 7.935726525318203 Encrypted: false MD5: 2DE540626FDC2CE1DF881746A1C8B8F8 SHA1: FD3DE803EADF5B92062E307A774AC74253195EDA SHA-256: 7C74D092E1E717E78C9F26AE1B70E22921A98A4BA6ED48BBE1C9A0C50DD24708 SHA-512: 7091D5BB6D676D46CCBDDB6FE2CC3E247DC442B5CEDA9F935FB884DB1CD1E3797E80324A09EAC02A88364104EEA5F7671914A1B26C5DAEEE135DCE4F01E5A 6DB Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/devices.png Preview: .PNG...... [email protected].....[.v.....PLTE...... X.D7..@B...... =6.....L.g^[email protected]...... >.n.O>c....[.JA...... l..b._Y}...... x...c.....O...... 1.b...... Z..N....z.P.ZO..M...i..bN.Z..U...... Y...... n...rh.._..T..Mz...k%.\0.T. M..L.eC...a..T..P.RL....r.cwyU.cIs...\.n..n..k..WVyR.gR.UC...... tRNS.333333333333333.3.....XZX.....ZY...Y...... !...... )..J%.}-...m...?.....xq.d...... [email protected],.<.LC...... :#...... E...".IDATx..[l.U..G..,&5.ElK....%....DS4mB...

Copyright Joe Security LLC 2020 Page 33 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\favicon-196x196.5e474118060e[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 196 x 196, 8-bit colormap, non-interlaced Size (bytes): 7360 Entropy (8bit): 7.914107770419037 Encrypted: false MD5: 5E474118060E71FF388EC6CBE4B43BDF SHA1: 9E4D0BF22D602272127F5AB4CCCBBBD0BEF065F0 SHA-256: 7BA1707429ED001B2714CEF7FE1E4A3B03F3995681EB99205703FAD5A066E7D5 SHA-512: E9D3D70DB9E0A5B022C9C846200AA43B8F923741E476E757182CCDC192A7B1C03CA1E32750C3386200A8BA26BEB18E619BFA2FCA1CF1334380260BD2F7159842 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/favicons/firefox/favicon-196x196.5e474118060e.png Preview: .PNG...... IHDR...... x~Y....PLTE....h...n.S...m..k.;w..j.M..,[email protected][email protected]..(w..[..iFj..2w.4v..a.G.C.ek..7w.._..k.^v.C..Cw..q.l.%Y.q`..r.<^..Q[`..we..a.oe.Xy..]..V..X..f.Uv.?s.5p..c..v.hd..q..W.>j.Gi.Ze..t..o..i..g.Qg.F`..U.Ob.bf.Wc..n..k..e..m..j.5h.?a.n|.E_>M..`c..l..j..VTR.?\...i..L.0f.N.}s..1m ..c..Rh\..x...... w..iz^..T.fl...... KtRNS....c.G7H.).7E.v..M...)....7.m...Z..mm...... \K.....i...... z.$.....'IDATx...1..!..aE..^!S>+.-..9.2.^...... 4..+."....6..L`.$...... p8....lB.."c...... L B&.2..0n.,6%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\firefox-master.10f97c18f875[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 20702 Entropy (8bit): 5.02722137305683 Encrypted: false MD5: 10F97C18F875D0FCE58198D3B0DD2862 SHA1: F76152B7EBE61B57DAECDBA5B31538A3C54D5816 SHA-256: 1896F72110579619F2F6EA551B1E968DF8948024FF7A9114F13F7DB5398BE728 SHA-512: D012E334F6B900EA61B931E97D9AEEEB7E95BBE3761597EA8D0D140B25974DB26B9236C54ED484F2B465A3072FE06267494768D9208D85015464064CDBA45701 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/css/BUNDLES/firefox-master.10f97c18f875.css Preview: .mzp-c-card-feature{margin:0 auto 32px;text-align:center}.mzp-c-card-feature.mzp-has-aspect-16-9 .mzp-c-card-feature-media{padding-bottom:56.25%;position:relati ve}.mzp-c-card-feature.mzp-has-aspect-16-9 .mzp-c-card-feature-media embed,.mzp-c-card-feature.mzp-has-aspect-16-9 .mzp-c-card-feature-media iframe,.mzp-c-card- feature.mzp-has-aspect-16-9 .mzp-c-card-feature-media img,.mzp-c-card-feature.mzp-has-aspect-16-9 .mzp-c-card-feature-media object,.mzp-c-card-feature.mzp-has-a spect-16-9 .mzp-c-card-feature-media video{bottom:0;left:0;position:absolute;right:0;top:0}.mzp-c-card-feature.mzp-has-aspect-3-2 .mzp-c-card-feature-media{padding- bottom:66.66667%;position:relative}.mzp-c-card-feature.mzp-has-aspect-3-2 .mzp-c-card-feature-media embed,.mzp-c-card-feature.mzp-has-aspect-3-2 .mzp-c-card- feature-media iframe,.mzp-c-card-feature.mzp-has-aspect-3-2 .mzp-c-card-feature-media img,.mzp-c-card-feature.mzp-has-aspect-3-2 .mzp-c-card-feature-media obje ct,.mzp-c-card-feature.mzp-has-aspect-3-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\google-logo-one-color[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, baseline, precision 8, 86x28, frames 3 Size (bytes): 4992 Entropy (8bit): 5.4750750601521405 Encrypted: false MD5: 5B856138975423814107326E2FA47826 SHA1: 27E99D08D7EC1C73C4A938C69C275EEC3CE62F9E SHA-256: 47C129740EF242CBE19218FB5A8EF253391C875F92423EB2CB1D73F34AD22474 SHA-512: B2A23129EE45236F0E41ED63C8F73FD337DA168ADDDFBF50738E71CD84268160CE77FDE06FF93D3C6CAD056FB35DBB13AF8677BCA441B97056068206B637613F Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/fallback/google-logo-one-color.jpg Preview: .....Phttp://ns.adobe.com/xap/1.0/.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\graphic-privatetab[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1262 x 837, 8-bit colormap, non-interlaced Size (bytes): 59378 Entropy (8bit): 7.947132333375582 Encrypted: false MD5: 2CFEB6DD1D93BF09B7C399CF6792EAF4

Copyright Joe Security LLC 2020 Page 34 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\graphic-privatetab[1].png SHA1: 2B88722931015B4E6688F41859B1E3CEEC35687B SHA-256: DE4CC4B030DD18F8E80B247F6C38B158A3E08F43D34D991C85740D1FBF5E174E SHA-512: EC2D749621C9CB7962E52208A4439A6BCF4C2585F752B3B58FF9D790AD562532CD705D5EF9E7E73E00CA4053F249241CEAD43BA9B6BD108D0458D504D7C2F065 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/graphic-privatetab.png Preview: .PNG...... IHDR...... E...... C"....PLTE9.='.9..)..*&.1:)?2&=..%..+R'/.?:.b/&D,5j2.K9.m].X;[email protected]..=[.Ll;>YM^4,CjaoB9Qyr{....."...@3I...... w...... {...... ;...... p.....c;/'E...K.lV..U..S..R..P.|N.yK.vN2.O7.]:.U4.^[email protected] wG'.:#.E4.G8.L,.tR.z...... nG...^.dE.g=.W<....I.s.d...... T'x.{...... nO.cG...... }h...kI.jI.\:.^?....Y> ...._D.pM.H.phH.nQ.sT....<.u..E.m1.l...U9.<5.D.o.j..u.wQ.Z.~a6...... @.i}S.b;.{Q.=.fi;.o<.C.j.[.u>.{[email protected]+oC.gR.rF"i?.e>.b[=v{k....;._:.Uf.E.@$.N' ..k....A%].....2.T...... Y0.PT>lK2e-.L+.I(.G'.D`MugT{vf.r`.m[....O:f$.C#.?D-]4.O..<0.MZFo..9>)V,.H..4&.A0.J..1H6^!.;6#M..9+.B..5$.=..2#.7.....$..&T..c....tRNS...... g..w....IDATx...y_.J..q ....u....$....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\gtm[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 97983 Entropy (8bit): 5.538044560994743 Encrypted: false MD5: 8B119B4D955EB863D0E67DF3467132E6 SHA1: A53EA4D84AFE2576A17F0DF064E5D010BCA4D7A4 SHA-256: C3A5C442A133D6B58F395BC36670596293ACF71FE95010F74AFAA6D5F2EE1297 SHA-512: 48D656BBF35A865F12A661EFC57FA0515618359928456CBE44D8E4D3FD310707712CD1C0A522364F1C3A4981527D626401125B0749860379BB9D5DC946C7511A Malicious: false Reputation: low IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZ6TRJB Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"34",. . "macros":[{. "function":"__e". },{. "function":"__v",. " vtp_dataLayerVersion":2,. "vtp_setDefaultValue":false,. "vtp_name":"edgeSModeApi". },{. "function":"__v",. "vtp_dataLayerVersion":2,. "vtp_set DefaultValue":false,. "vtp_name":"linkUrl". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgn oreEmptyQueryParam":false. },{. "function":"__r". },{. "function":"__u",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"gtm.elementClasses",. "vtp_dataLayerVersion":1. },{. "function":"__v",. "vtp_dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\header_2019[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1200 x 200, 8-bit/color RGBA, non-interlaced Size (bytes): 73757 Entropy (8bit): 7.980539529835118 Encrypted: false MD5: 2DC68815808F2C44A132B68E12AA491B SHA1: 66CD1624DEE7415B11FA0A457381B221DA60FF97 SHA-256: B9762043EC4BDAFF5F561AF0E928F2EDDC0413BF2D99D69027A456C0168928AD SHA-512: 7CC2F9CDDC185EE448864AD7E82D96C9E5D9B92BEE11F4D469FDDA86523170EA42B9FD4BF5769CF6BA7BE863390CCB83338D5C6464C88195319598E53CBB8A A9 Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/res/img/header_2019.png Preview: .PNG...... IHDR...... p.. .IDATx..}w..E..[.=ag6..6.de.P.EEAAI.D.DA...QNE...z..z.N=..;.=...A1.)F..%(."A.*aa...t...g.z{...{zvg.z...... z..)R.H."E..)R...... R?..H."E..dq :R.H."E..)R$Nd.$(.~H.."E..)I.x.H."E..)R.H.H.IPH..:"E..)R...H."E..)R.H...,....!uD..)R.$..."E..)R.H."..Q$A!.C..)R.HIZ'$E..)R.H."E..H.B...)R.H...H..)R..f.%0."EJ[....o.I;.~b..#R.H.*EJ. ;#)R.H..x.,...)R...... '%....#R.H.*EJR8$)R.H...W..)R...=r./..~GJ..*.#R.H; ...RH)R.H..z6W..)R...M...$.?...... ?...)R$f."%.)E..)RZ..J@ E....G(Av.8.m..%...:"E..rMJi..)E..)RZ..JP E..D.$...D.....K>..~H.."EbV)RZUI.H."EJ.m...R.Hq.&...... c.)b....%..r..RG.H..U.K)mFQ.H."E.....R.H...Y....?...D....y-.C}....#R.H.*EJ.*..)R.H.*A..)R..6!....R<.k=.%BV9%...H.rd.V.>. ..`K..)R.=...S.....)RDm..bB....K..J.cN.zK.._9%.ZZG$.%E..R..J."E...... I,A..)R.l...p..EN_y6M...,....K..)..J..".)%1.R.b)R.w .RvB..)R.}.}.ELX...... s.... .?.z/m].p..r../ uD...Y%f...... D....A..;9o..i....{...1...H.@...../... ..T..i.,.o.g...._...X..b...... #..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\history[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 21206 Entropy (8bit): 5.329324990681889 Encrypted: false MD5: 0BFF94F73123FE60737CDBAFB64C6BAB SHA1: 664CC499B43FAC356312516AC90FD5B80B817DE4 SHA-256: 2F7520DD7F8A3271E6C4E6C70271D6C2059012D9E18FAEF9D1EC9E307F927EBF SHA-512: 739BCC54B310EFF21BD73899C33A25CA835249FD4CEDDCCA76B1210F75F3AE6FB4E33D2EC6C68AFB08F7AC72DF86B2DB0E70C21DB95ECCC1B65FE5FA09422 F90 Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/history Copyright Joe Security LLC 2020 Page 35 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\history[1].htm Preview: .....................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\icon-arrowdown[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 1367 Entropy (8bit): 5.153825885091723 Encrypted: false MD5: B7B88F922F9DF3EEC44B22633D732C9C SHA1: 83C0025E5A93FA7CD047A64A71E8337487ED0D6E SHA-256: 7C4ECD17A309F2042059AA2789BE653BDEF456CC178C7A29E70556E585E8EE68 SHA-512: 1B2A5AEBA8C2C869B43549AB22275D9E97AF7D42756608D0981B3FB4A8C67A2C4F9BE79AE0D2A7B8ACAAE9F787E0E32D2C1474F9EB5600196B4917050E04A46 2 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/icon-arrowdown.svg Preview: .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\icon-help[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, baseline, precision 8, 20x21, frames 3 Size (bytes): 3287 Entropy (8bit): 3.54107963615874 Encrypted: false MD5: B14EDD59B0B6BBE624B8EFC19F2724AC SHA1: 3B1345D845498E12723B24770DF8863BF72BAC45 SHA-256: BB963DED37FEEA9AEA52FDC5901808752446E5EB0A901304F15C4A923F5FF659 SHA-512: 13302472CF0EB048B5199B98F7B56A56033338371771E45A9E8BBDD441BAC8C2A32C6E2C125536B70B1349D0D47D06C109244DB7F4326436A19979125B782EDF Malicious: false Reputation: low IE Cache URL: https://www.google.com/chrome/static/images/fallback/icon-help.jpg Preview: .....Phttp://ns.adobe.com/xap/1.0/.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\icon-rightarrow[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 1322 Entropy (8bit): 4.955270988686483 Encrypted: false MD5: 9CA2F46316F80544D700A663E69D7F78 SHA1: F18574EA2C6078ECA9C7A49D5DB4162640A27452 SHA-256: 531C8B3ACE41823E78840DB33F10A80A39B9994DFCFCF868CF09A8E26422BF32 SHA-512: E1578808FE1C88D50846F891DC801DADE6A7B1A0E1AB3B17879CBFD689B1A50B9F7E126D269A3BAE279D05054340F32A0D42EC32C7BA31B8AAFA75F39BE1FE 4D Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/icon-rightarrow.svg Preview: .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\lockwise.2ff0b22bab02[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 20761 Entropy (8bit): 4.2089661510590615 Encrypted: false MD5: 2FF0B22BAB024007A5FD9A451B71D9EE SHA1: 128EEAEEFCC1A17B05AC1FFC4919DD1CDB12DCF0 SHA-256: 3D626B4624E1F7BBE74CD4B85A0F9A76F4CF1390A4ED42CC363D1BE59EC3919F SHA-512: 0C7A496F822C4F8D6A52457CE4F50F574088567A3BE26153ACCFA0DEAB44C396AE1524B1790E2E4B293A726EE02F86226EA075469D166AE5844E4AC908AE17B0 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/home/master/lockwise.2ff0b22bab02.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\logo-word-hor-sm.f2f82f1a0125[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 336 x 64, 8-bit colormap, non-interlaced Size (bytes): 4826 Entropy (8bit): 7.875830960662104 Encrypted: false MD5: F2F82F1A01252B43C7DB2103FFCD2512 Copyright Joe Security LLC 2020 Page 38 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\logo-word-hor-sm.f2f82f1a0125[1].png SHA1: 56351B69CD7A90878FB560D806989E92BA45193A SHA-256: 6008B253C0DF587705BC6C34FCE0AD6D82ED3BEA422468DC141D71B72D58E3BC SHA-512: C943EBE4A5B8295BD563B34AA531D43BE103BEEE70F0F8FA98FF0BD3AA2605CD94C30C585D8AE5FB3AF5F94BB0649A36BAD59CDD8E6C01AC230E88B4B0720 8E1 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/monitor/logo-word-hor-sm.f2f82f1a0125.png Preview: .PNG...... IHDR...P...@.....{...... PLTE... .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.b` .: .: .:.ye .: .: .: .: .: .: .: .: .: .: .: .: .: .: .: .:.L.... .: .: .: .: .: .: .: .: .: .: .: .:.1n .: .:..[..[.Ba .: .'q.nY.8gX_. .:.7. .:.=f..ZJa./e..?b.2...{..^.1i.U[.D...Y.2..!y.:.E..aY.N...]..d..^.L...\.P...^.xY..\.\Z..[..Z.fZ.%v.O..LO..\.Q\.7...[..c..Z.QZ..|..5..7e.._..^.3...b.Ab..j..`.7...a.L.f\.=d...d.U..3.rZ.|X..UW.DK..o._...Df.Z...29. ...tRNS...... h....D...6.I..2...... n.T.cO:...y...... Ys+.@#^..'.G...I?..)$...... $...... ~<)...... P...... }xg>/...... riO=...... b[[R*...... o\...... neP>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\logo.d97e5516f9e6[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 4049 Entropy (8bit): 5.06238787248724 Encrypted: false MD5: D97E5516F9E6641712EE6C8ECAE835D7 SHA1: 45B7C2F33FCE47ECE99C844ADB90C0020210D5CF SHA-256: 499B17C0884891BA3A59004E6A9EA8E4BAF48122040561F49E87A55A9E3C904B SHA-512: 7850F78311CF09B96F234CEC96EF8FE4EB4AB3CAD8E93091AB239791C089CFE5333BFAF7A7C0B6A3403FAA9399BBF5CD36A4D03CFF1D639F4245EE2CC801149 7 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/protocol/img/logos/firefox/monitor/logo.d97e5516f9e6.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\onboarding-shields-weblight[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 104643 Entropy (8bit): 4.6092005715809705 Encrypted: false MD5: F4EEB99CEB5C338AB63EF010ECC8D3BF SHA1: B93011DBC22995A09F6FE8C2BE775D2B246577F9 SHA-256: E47870050D3534383DEBA0315E04AF22386CE58116FFCB7E2AA622BA0A8D7E64 SHA-512: 3724F996EB9FBC4A5C6788F2D1EB582D23FE1142E17A964C385D7515B31EB9B4AA8EAB48C4BA7F85C9133EAB4437FF43232E2B7BC36DE8FC01801FB0AB7A90 EC Malicious: false

Copyright Joe Security LLC 2020 Page 39 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\onboarding-shields-weblight[1].json Reputation: low Preview: {"v":"5.5.7","fr":29.9700012207031,"ip":0,"op":130.000005295009,"w":1275,"h":1000,"nm":"phone base","ddd":0,"assets":[{"id":"comp_0","layers":[{"ddd":0,"ind":1,"ty":4,"nm ":"inner-white","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":1,"k":[{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[0.167],"y":[0.167]},"t":0,"s":[0]},{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[ 0.167],"y":[0.167]},"t":29.97,"s":[-90]},{"t":59.9400024414062,"s":[-180]}],"ix":10},"p":{"a":0,"k":[148.832,145.739,0],"ix":2},"a":{"a":0,"k":[0,0,0],"ix":1},"s":{"a":0,"k":[100,1 00,100],"ix":6}},"ao":0,"shapes":[{"ty":"gr","it":[{"ind":0,"ty":"sh","ix":1,"ks":{"a":0,"k":{"i":[[0,0],[0.19,0.22],[0.19,0.22],[-0.25,0.09],[-0.48,0.16],[-0.01,0.01],[0.02,0.12],[0.1,0.51], [-0.26,-0.06],[-0.55,-0.11],[-0.07,0.21],[-0.11,0.32],[-0.22,-0.19],[-0.4,-0.36],[-0.01,-0.02],[-0.25,0.22],[-0.19,0.16],[-0.09,-0.26],[-0.12,-0.36],[-0.06,-0.2],[-0.28,0.05],[-0. 29,0.04],[0.04,-0.24],[0.1,-0.51],[0.02,-0.07],[-0.31,-0.11],[-0.23,-0.08],[0.17,-0.2],[0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\onboarding-shields-weblight[2].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 104643 Entropy (8bit): 4.6092005715809705 Encrypted: false MD5: F4EEB99CEB5C338AB63EF010ECC8D3BF SHA1: B93011DBC22995A09F6FE8C2BE775D2B246577F9 SHA-256: E47870050D3534383DEBA0315E04AF22386CE58116FFCB7E2AA622BA0A8D7E64 SHA-512: 3724F996EB9FBC4A5C6788F2D1EB582D23FE1142E17A964C385D7515B31EB9B4AA8EAB48C4BA7F85C9133EAB4437FF43232E2B7BC36DE8FC01801FB0AB7A90 EC Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/svg/onboarding-shields-weblight.json Preview: {"v":"5.5.7","fr":29.9700012207031,"ip":0,"op":130.000005295009,"w":1275,"h":1000,"nm":"phone base","ddd":0,"assets":[{"id":"comp_0","layers":[{"ddd":0,"ind":1,"ty":4,"nm ":"inner-white","sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":1,"k":[{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[0.167],"y":[0.167]},"t":0,"s":[0]},{"i":{"x":[0.833],"y":[0.833]},"o":{"x":[ 0.167],"y":[0.167]},"t":29.97,"s":[-90]},{"t":59.9400024414062,"s":[-180]}],"ix":10},"p":{"a":0,"k":[148.832,145.739,0],"ix":2},"a":{"a":0,"k":[0,0,0],"ix":1},"s":{"a":0,"k":[100,1 00,100],"ix":6}},"ao":0,"shapes":[{"ty":"gr","it":[{"ind":0,"ty":"sh","ix":1,"ks":{"a":0,"k":{"i":[[0,0],[0.19,0.22],[0.19,0.22],[-0.25,0.09],[-0.48,0.16],[-0.01,0.01],[0.02,0.12],[0.1,0.51], [-0.26,-0.06],[-0.55,-0.11],[-0.07,0.21],[-0.11,0.32],[-0.22,-0.19],[-0.4,-0.36],[-0.01,-0.02],[-0.25,0.22],[-0.19,0.16],[-0.09,-0.26],[-0.12,-0.36],[-0.06,-0.2],[-0.28,0.05],[-0. 29,0.04],[0.04,-0.24],[0.1,-0.51],[0.02,-0.07],[-0.31,-0.11],[-0.23,-0.08],[0.17,-0.2],[0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\overwhelmingads[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 82487 Entropy (8bit): 4.667886523508658 Encrypted: false MD5: 31902D60AF4A20700D0FED63219F51EB SHA1: 12E9F0A2F195FFFF11C24BDBBCA37502B546E3AD SHA-256: B521F6C3163058273CA5E1F2889CFE3A2EB5723911C8D221F13641F3BAC9386F SHA-512: 2E3427785AB9823863A37FC42585404CFE1530DC5DB0E6D47F3D9ADEF4D9D5FD5885A122FD03E10B69E9C2548048610AD47C07FC381B45215BEDF864635D36A7 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/svg/overwhelmingads.json Preview: {"v":"5.5.7","fr":60,"ip":0,"op":360,"w":2241,"h":1326,"nm":"overwhelmingads","ddd":0,"assets":[{"id":"comp_0","layers":[{"ddd":0,"ind":1,"ty":4,"nm":"pointeffect1","sr":1,"ks": {"o":{"a":1,"k":[{"i":{"x":[0.667],"y":[1]},"o":{"x":[0.333],"y":[0]},"t":6.005,"s":[100]},{"t":26.02490185498,"s":[0]}],"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[242.5,266.5,0],"ix":2 },"a":{"a":0,"k":[54.25,-60,0],"ix":1},"s":{"a":1,"k":[{"i":{"x":[0.833,0.833,0.833],"y":[1,1,1]},"o":{"x":[0.333,0.333,0.333],"y":[0,0,0]},"t":0,"s":[0,0,100]},{"t":6.00537060497998,"s": [673.301,673.301,100]}],"ix":6}},"ao":0,"shapes":[{"ty":"gr","it":[{"d":1,"ty":"el","s":{"a":0,"k":[15.477,15.477],"ix":2},"p":{"a":0,"k":[0,0],"ix":3},"nm":"Ellipse Path 1","mn":"ADBE Vector Shape - Ellipse","hd":false},{"ty":"fl","c":{"a":0,"k":[1,1,1,1],"ix":4},"o":{"a":0,"k":100,"ix":5},"r":1,"bm":0,"nm":"Fill 1","mn":"ADBE Vector Graphic - Fill","hd":false},{"ty":"t r","p":{"a":0,"k":[54.275,-60.396],"ix":2},"a":{"a":0,"k":[0,0],"ix":1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\placeholder.71a50dbba44c[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1 x 1, 1-bit colormap, non-interlaced Size (bytes): 95 Entropy (8bit): 4.347811435468635 Encrypted: false MD5: 71A50DBBA44C78128B221B7DF7BB51F1 SHA1: 0EC63B140374BA704A58FA0C743CB357683313DD SHA-256: 3EB10792D1F0C7E07E7248273540F1952D9A5A2996F4B5DF70AB026CD9F05517 SHA-512: 6AD523F5B65487369D305613366B9F68DCDEEE225291766E3B25FAF45439CA069F614030C08CA54C714FDBF7A944FAC489B1515A8BF9E0D3191E1BCBBFE6A9DF Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/placeholder.71a50dbba44c.png Preview: .PNG...... IHDR...... %[email protected]`...... !.3....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\pocket.2085f528220a[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2020 Page 40 of 54 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\pocket.2085f528220a[1].svg File Type: SVG Scalable Vector Graphics image Size (bytes): 7754 Entropy (8bit): 5.07965694259702 Encrypted: false MD5: 2085F528220A8FAAC920C1BD1ED53870 SHA1: 20609B4AFE0C5792F2D6365F7CAF576F42A5CBB4 SHA-256: 6C93D0F65F2074A41F534AC457CF20393F1373F71867A337D3D004DA0CE7BFF9 SHA-512: AC898409A1E52C6915CA08A95C77476A31581AFBCA9E70D38AC88BA8B5F82D66503C687AAF34FB2481C66BF4DA9E00ECD32352A1F929261D247B4AE61EA6153 C Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/home/master/pocket.2085f528220a.svg Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\promovideo-speed@2x[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1267 x 713, 8-bit colormap, non-interlaced Size (bytes): 123101 Entropy (8bit): 7.973815613268638 Encrypted: false MD5: 7640AC50BCFF04F6465D75597E9DC971 SHA1: 2BBDE2ACA624E4B50D931B35B76D956A7B6526D7 SHA-256: E09ACB1B4915201DE69CB2222A1801064850BA457706AE0CC2348030187D77B7 SHA-512: 4CBB45276FBDDE5F11B6F3C285A842836D77F928921F1C3F2A17CBB0E52AFE5754A87C8A13F9179440446DF17C844518038F64B91EAE92FF657075E5E1BC0809 Malicious: false Reputation: low IE Cache URL: https://brave.com/wp-content/uploads/files_2019-11-home/images/[email protected] Preview: .PNG...... IHDR...... m...KPLTE...... }..u.xm{pbodS^P...... z.}e.iQmUAV>-?-!MVCGQ>@J;3:4.#%'--...... G=...MIDATx....r.0.D52,...w.y%..f....0.J..vb....UY...... Z.....w .&bO...st...m..z....vU.H.VoX....z.&...v.Wk.EE.....Q.e.7{..].-*.-o...... (..S...Z{:...Z...YQ.L[&..+S..3...... 5.K.&^..H.78w.<.......$..@\.S3|..C.LB.. .|...3%.zvb^..n...... <...o.}...).."..x....Ng........\.kL..4...`....'? ..<(..Z...... ^ /..2&.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\register[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 19521 Entropy (8bit): 5.289454303588497 Encrypted: false MD5: DA1F76C7DDF0DAFD35F0A94A1FFA2CA9 SHA1: 986DB364513B98C11AFCF4144AC92BD365B050F0 SHA-256: 0321107A7B1730C4B709AD69F239B38C405584E5A230337B7522AACB64AE5C4E SHA-512: 41A98E56A36210953D7EE92ADABDA0EBF34DE2AC4E4E14632D745FB4B82AD0A1516B8EE1AB0BDF92BBA9C624D97B7B31EC086B232FACFD3D0473C7B5FA8F1 C3A Malicious: false Reputation: low IE Cache URL: https://pixeldrain.com/register Preview: ................... ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\send.3c9b56cd8981[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 3976 Entropy (8bit): 5.318015081020013 Encrypted: false MD5: 3C9B56CD8981F2B3FC08D8C4C84D8982 SHA1: 60F27F8E37EB9BBE3DBA7B9B3248F135A64560FF SHA-256: D1BFAB9B5F8DB5F55F1D9D22BF60C35EC5A5CBB8B625B646BA577AEF7F9EA55E SHA-512: 38A3C1DC4639301ADA5C47C674BAFA73B09B67C8AE26926A81ECCCDF3A1336DAA25755D610421B589D08B2B8EA5779EC3895819DCD4B181447C95418AF047768 Malicious: false Reputation: low IE Cache URL: https://www.mozilla.org/media/img/firefox/home/master/send.3c9b56cd8981.svg Preview:

Copyright Joe Security LLC 2020 Page 48 of 54 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 27, 2020 104.26.6.105 443 192.168.2.6 49955 CN=sni.cloudflaressl.com, CN=CloudFlare Inc Sun Nov Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 16:57:52.515562057 O="Cloudflare, Inc.", L=San ECC CA-2, 17 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2019 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020 May 27, 2020 104.26.6.105 443 192.168.2.6 49954 CN=sni.cloudflaressl.com, CN=CloudFlare Inc Sun Nov Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 16:57:52.516721010 O="Cloudflare, Inc.", L=San ECC CA-2, 17 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2019 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020 May 27, 2020 151.101.113.7 443 192.168.2.6 49956 CN=p.ssl.fastly.net, CN=GlobalSign Tue Sep Mon Feb 771,49196- 9e10692f1b7f78228b2d4e 16:57:52.885723114 O="Fastly, Inc.", L=San CloudSSL CA - SHA256 03 22 49195-49200- 424db3a98c CEST Francisco, ST=California, - G3, O=GlobalSign nv- 20:15:12 18:14:27 49199-49188- C=US CN=GlobalSign sa, C=BE CEST CET 49187-49192- CloudSSL CA - SHA256 - CN=GlobalSign Root 2019 2021 49191-49162- G3, O=GlobalSign nv-sa, CA, OU=Root CA, Wed Tue Aug 49161-49172- C=BE O=GlobalSign nv-sa, Aug 19 19 49171-157-156- C=BE 02:00:00 02:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2015 2025 35-16-23-24- 65281,29-23- CN=GlobalSign CloudSSL CN=GlobalSign Root Wed Tue Aug 24,0 CA - SHA256 - G3, CA, OU=Root CA, Aug 19 19 O=GlobalSign nv-sa, C=BE O=GlobalSign nv-sa, 02:00:00 02:00:00 C=BE CEST CEST 2015 2025 May 27, 2020 151.101.113.7 443 192.168.2.6 49957 CN=p.ssl.fastly.net, CN=GlobalSign Tue Sep Mon Feb 771,49196- 9e10692f1b7f78228b2d4e 16:57:52.886044025 O="Fastly, Inc.", L=San CloudSSL CA - SHA256 03 22 49195-49200- 424db3a98c CEST Francisco, ST=California, - G3, O=GlobalSign nv- 20:15:12 18:14:27 49199-49188- C=US CN=GlobalSign sa, C=BE CEST CET 49187-49192- CloudSSL CA - SHA256 - CN=GlobalSign Root 2019 2021 49191-49162- G3, O=GlobalSign nv-sa, CA, OU=Root CA, Wed Tue Aug 49161-49172- C=BE O=GlobalSign nv-sa, Aug 19 19 49171-157-156- C=BE 02:00:00 02:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2015 2025 35-16-23-24- 65281,29-23- CN=GlobalSign CloudSSL CN=GlobalSign Root Wed Tue Aug 24,0 CA - SHA256 - G3, CA, OU=Root CA, Aug 19 19 O=GlobalSign nv-sa, C=BE O=GlobalSign nv-sa, 02:00:00 02:00:00 C=BE CEST CEST 2015 2025 May 27, 2020 63.245.208.195 443 192.168.2.6 49962 CN=mozilla.org, CN=DigiCert SHA2 Fri Nov Fri Nov 771,49196- 9e10692f1b7f78228b2d4e 16:57:56.898508072 OU=WebOps, O=Mozilla Secure Server CA, 09 13 49195-49200- 424db3a98c CEST Foundation, L=Mountain O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- View, ST=California, C=US CN=DigiCert Global CET CET 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2018 Fri 2020 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023

Copyright Joe Security LLC 2020 Page 49 of 54 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 27, 2020 63.245.208.195 443 192.168.2.6 49963 CN=mozilla.org, CN=DigiCert SHA2 Fri Nov Fri Nov 771,49196- 9e10692f1b7f78228b2d4e 16:57:56.901814938 OU=WebOps, O=Mozilla Secure Server CA, 09 13 49195-49200- 424db3a98c CEST Foundation, L=Mountain O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- View, ST=California, C=US CN=DigiCert Global CET CET 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2018 Fri 2020 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 May 27, 2020 172.217.18.6 443 192.168.2.6 49968 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:57:59.676017046 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:22:31 10:22:31 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 172.217.18.6 443 192.168.2.6 49969 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:57:59.676593065 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:22:31 10:22:31 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 172.217.18.2 443 192.168.2.6 49971 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:57:59.970094919 LLC, L=Mountain View, O=Google Trust 05 28 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:22:35 10:22:35 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 172.217.18.2 443 192.168.2.6 49970 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:57:59.970139980 LLC, L=Mountain View, O=Google Trust 05 28 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:22:35 10:22:35 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021

Copyright Joe Security LLC 2020 Page 50 of 54 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 27, 2020 173.194.76.157 443 192.168.2.6 49972 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.008749962 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:22:33 10:22:33 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 173.194.76.157 443 192.168.2.6 49973 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.008968115 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:22:33 10:22:33 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 216.58.212.131 443 192.168.2.6 49974 CN=www.google.co.uk, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.204189062 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:30:36 10:30:36 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 216.58.212.131 443 192.168.2.6 49975 CN=www.google.co.uk, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.204804897 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:30:36 10:30:36 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 May 27, 2020 172.217.16.130 443 192.168.2.6 49977 CN=*.google.co.uk, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.281105995 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:33:08 10:33:08 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021

Copyright Joe Security LLC 2020 Page 51 of 54 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest May 27, 2020 172.217.16.130 443 192.168.2.6 49976 CN=*.google.co.uk, CN=GTS CA 1O1, Tue May Tue Jul 771,49196- 9e10692f1b7f78228b2d4e 16:58:00.281971931 O=Google LLC, L=Mountain O=Google Trust 05 28 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:33:08 10:33:08 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CEST CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021

Code Manipulations

Statistics

Behavior

• iexplore.exe • iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5240 Parent PID: 692

General

Start time: 16:58:11 Start date: 27/05/2020 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff7286b0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: false Programmed in: C, C++ or other language Reputation: low

Copyright Joe Security LLC 2020 Page 52 of 54 File Activities

Source File Path Access Attributes Options Completion Count Address Symbol

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Source File Path Offset Length Completion Count Address Symbol

Registry Activities

Source Key Path Completion Count Address Symbol

Source Key Path Name Type Data Completion Count Address Symbol

Source Key Path Name Type Old Data New Data Completion Count Address Symbol

Analysis Process: iexplore.exe PID: 4900 Parent PID: 5240

General

Start time: 16:58:12 Start date: 27/05/2020 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5240 CREDAT:17410 /prefetch:2 Imagebase: 0xe00000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has administrator privileges: false Programmed in: C, C++ or other language Reputation: low

File Activities

Source File Path Access Attributes Options Completion Count Address Symbol

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Source File Path Offset Length Completion Count Address Symbol

Registry Activities

Source Key Path Completion Count Address Symbol

Source Key Path Name Type Data Completion Count Address Symbol

Source Key Path Name Type Old Data New Data Completion Count Address Symbol

Disassembly

Copyright Joe Security LLC 2020 Page 53 of 54 Copyright Joe Security LLC 2020 Page 54 of 54