Automated Malware Analysis Report For

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-bold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 32111 Entropy (8bit): 7.973376347105969 Encrypted: false MD5: 06A424D24A8CF78F13FCC98521C00B77 SHA1: 638BE48D90FF75EB0214E3CD375DEE1D72C06E37 SHA-256: 4CCA853032FDD4003AD4DF1E56B55AAD4973EB43F10D33F9234CB587767A6653 SHA-512: DB3276D155A7D014B3BF7FE7BE62472B72A085AD830A20FB5B20E222FA896DBDAF65F5911618F52120C914A51EEF564DC5C4DCF4928B8A1CF2FE002BC359625 A Malicious: false Reputation: low Preview: o}...|...... LP....j!.@...... ?(...... A.k.k.u.r.a.t. .T.T.....B.o.l.d...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1.....A.k.k.u.r.a.t. .T.T. .B.o.l.d.....BSGP...... SB.SF.U.....xZg.icyR..&c..4o4F..w....[...... H.zm."...M.n.=.w&d..i..NZ.R...... !.Vx..rm..Lk.A..nQ.L.tz.\..n.xJ.....(..E.!Af...?....M.e4.[Bz...... b.. ..1...P!1&...... D.E.j+...... }.A3p.6...{[email protected]...... 7..R...... !...&.U.4[.v.....a.z....2.....@#...... @.(LX._E.....Y.k..h...*d...... cQ..lc...nbuC*..>.N..y.&...D....p}..M.|`...G6>.Ab..>.A.l...... i6.].p.b.ko.F...Qn..n".W\.Z..I....D....g.v.'.G....9T.V..Zrm...o.>....1.Y.B.l...H.m%z..R..d..d.b)....at...\...}.n ..".d...... 8u.$...... r...... `..aTl.kU.t.q:\.5...=..dy.".Z...o[v6.j....P...}4. ..8..._.p.....&....EWfR.V.X,..J.s.V....!..9.|.Z..u:W3k.[.r\.....=...I`...`.D..i..m..It...... #P...... dP..$...U....J.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-italic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 35858 Entropy (8bit): 7.972007574011726 Encrypted: false MD5: 7825DADD4046F8AD07ED26F387C1F73C SHA1: A20E6E30FC56B3519AB42EAB6806B2F6449987A0 SHA-256: 54E50D56697DE920FA3D27944284FE69631050A66A3A0F5536B272166BBEE0D2 SHA-512: B3B1DBC1C17B44D8011AD3EA8B6FCA33C01BDB08E457B5D907A3E12F09E2C2877E37D16D9A701F43B85B2A6E16435F06B66DB296C3BE8DCE8623341CBAAFA D9A Malicious: false

Copyright Joe Security LLC 2020 Page 22 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-italic[1].eot Reputation: low Preview: ....&...... LP....j!.@...... ":...... A.k.k.u.r.a.t. .T.T.....I.t.a.l.i.c...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...".A.k.k.u.r.a.t. .T.T. .I.t.a.l.i.c.....BSGP ...... X..Y..WZ....xZg.icyR..&c..4o4F..w....[...... H.|.."...M...=.w&ek.i.z.NZ.R...... [email protected].....=...... Q...... f.J.^*=..#.N.>HE....1z...$...... d...`.Xu...h...c.....<..8..5....!E5.V...... ].#....4.#].b....h...$.#..~&...GL...... `Q{.....X4x`...Fg.....5[B..a..'..A..v. snA."xo...... z$<.....5.I"c..s..;.....|. uBB...... -...... M`....Y....7`. ....7...j...... v...... 1..u..]8...D,(g.d4.s-3m`..mLiX...n.8b....0..cPY!..I..(HC.!m..i&#gRU.auK..eX...U. B....r(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-lightitalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT Light family Size (bytes): 35663 Entropy (8bit): 7.971762677624303 Encrypted: false MD5: 52D6CD625FC1EB23D012BEA1282B1129 SHA1: 29D260013F491DB70A3C84DE1C16B11B73BACBCB SHA-256: 6B1212FADA6A52F55A8085F8D39403F81203C05ADB1700E25C0AABB05A0EA87B SHA-512: 864163295510BC1393E07685CB70804509E7DACCD1BF83D66B64E9A43215BA2C1E3A7FC9FE2AE445FB5FE164E79111688EFAB3240C648D0FC43741D9B4C11C53 Malicious: false Reputation: low Preview: O...K...... ,.....LP....j!.@...... !.Y...... A.k.k.u.r.a.t. .T.T. .L.i.g.h.t.....I.t.a.l.i.c...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1.....A.k.k.u.r.a.t. .T.T. .L.i.g.h.t. .I.t.a.l.i.c.....BSGP...... X^.Xb.].....xZg.icyR..&c..4o4F..w....[...... H. Z,D.].....{....v....rr...q....>Z.i....|...v.e*...../.9.5.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lineto-akkurat-regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT family Size (bytes): 31956 Entropy (8bit): 7.969954340065932 Encrypted: false MD5: 3EC7F3D6D12B15205F1135940A3DA105 SHA1: 2703CA5B58D4F6343A9191B23BFC16960992349F SHA-256: B1AADE691F05AC97DF16BD10DC75450F2FF965B11C8B8934208D085E1B48BD2B SHA-512: 67FA97C0BF74B76A395FDC35B8AE0C4725A5DD4051AF9A7D031AE395FC81800F765463DC4831769F4B75F9FADB2FEB01C5F63070ED79068B73F9776DB909D241 Malicious: false Reputation: low Preview: .|...{...... LP....j!.@...... g...... A.k.k.u.r.a.t. .T.T.....R.e.g.u.l.a.r...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...$.A.k.k.u.r.a.t. .T.T. .R.e.g.u.l.a.r..... BSGP...... T..T..UF....xZg.icyR..&c..4o4F..w....[...... H.&....WF)/.s....2..i.u\.....#...O....M.Ve..-.&.E{.2$#...ER.e.4..G{(k~n..pU.7#[email protected].+iB../.qi...(..]$9...<....H...... f8..iH....w..R..C.}:0.6.@}; u.T..k..$D.-fl.F..\(.<.u..p.B... hg.-.g..%k.....s....r2.....)..g.Tp.u..<:lZ..L..w..u^..N.. >.B...... ka..`.c..oQ..(w...j...... `.2..a...... D.F..o.`..c..Q...... A..C.Gr...i%..e...... q.#.y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\link-arrow[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 343 Entropy (8bit): 5.055896950661549 Encrypted: false MD5: FEC2FD0ADBACB9B5937B56473279F2EF SHA1: 45461E98B686225E933515CCBD476601E82B9A3C SHA-256: 5563469E19C21FEA8C7F843FC5FFA58CFD5385BA32F4551FF56D54D20C3987AE SHA-512: 8151BBF0F583B93D6677EE8F16E72C1913CFCE6622DAF49B685E15A098AAF0DB1DE4D875E08F226028B251E4BCAE5C1382A32789BF08E4DD1E928CA1BF158B1 4 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\linkid[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 1569 Entropy (8bit): 5.369127779967127 Encrypted: false

Copyright Joe Security LLC 2020 Page 23 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\linkid[1].js MD5: 0CC3A63FE10060AF4A349E5DF666EEFE SHA1: 3E8D3925B550345123F2CAB26568221FD4154F9C SHA-256: 92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54 SHA-512: 5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C Malicious: false Reputation: low Preview: (function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/$/g,"%28")[k](/$/g,"%29");a=a+"="+c+"; path="+(d||"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=func tion(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=functi on(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s*"+a+"=\\s*(.*?)\\s*$"),f=0;f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\marketing.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Size (bytes): 318202 Entropy (8bit): 5.429394343677798 Encrypted: false MD5: 0900B25F336172C33702C305CD91A7F3 SHA1: 62EFAD827F9E389C88609C4E7CB94B93C8C8A16A SHA-256: 71C9C2645FF19CA5505E705E483B7A24F1006166E9419FB5EF3782CA78859850 SHA-512: 3C4C1898E5669CB18F19A651E5BFDB0A74020B5A18C286A54172686574B9B70462DA3110AC03D3490D9F7B60E11CDDAE66075E11126CB757FEDD4F9314E59B20 Malicious: false Reputation: low Preview: /* Marketing Rules version: 768 */..if (window.location.href.indexOf("dnserrorassist.att.net/") > -1) { } else {.. if ((window.location.href.toLowerCase().indexOf('bcontent.att. com') > -1) || (window.location.href.toLowerCase().indexOf('businesscenter.att.com') > -1) || (window.location.href.toLowerCase().indexOf('businessdirect.att.com/') > -1)) {} else {.. var gaMeasurementID;.. if (window.location.href.indexOf("app.mobilemyaccount") > -1 || window.location.href.indexOf("www.att.com") > -1 || window.locati on.href.indexOf("m.att.com") > -1 || window.location.href.indexOf("ufix.att.com") > -1) {.. gaMeasurementID = "UA-156897858-1";.. } else if (window.loca tion.href.indexOf("www.directv.com") > -1 || window.location.href.indexOf("m.directv.com") > -1 || window.location.href.indexOf("mobile.directv.com") > -1) {.. gaMeasurementID = "UA-156897858-2";.. } else if (window.location.href.indexOf("www.atttvnow.com") > -1) {.. g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otFlat[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 14876 Entropy (8bit): 5.274888311668455 Encrypted: false MD5: 673A54F553834B04E6F44F4EDD35B686 SHA1: 8DA81A4B3D5D41FDA5067B99E38E02C815A52966 SHA-256: 7249DE2725322FDD70620C4466B78479F7B4E2E070700DAFC43CD520CCA2052B SHA-512: E3FF2B8EFB541B0F3C443437874F4044000633BEEDA7A80478AAC7DA98FE56E4A0B1EC67028743BF84DC7558AE518735834D9EC0A9DFA731218A7936288A316A Malicious: false Reputation: low Preview: . {. "name": "otFlat",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCB2ZXJ0aWNhbC1hbGlnbi1jb250ZW 50Ij48ZGl2IGNsYXNzPSJvdC1zZGstY29udGFpbmVyIj48ZGl2IGNsYXNzPSJvdC1zZGstcm93Ij48ZGl2IGlkPSJvbmV0cnVzdC1ncm91cC1jb250YWluZXIiIGNsYXNz PSJvdC1zZGstZWlnaHQgb3Qtc2RrLWNvbHVtbnMiPjxkaXYgY2xhc3M9ImJhbm5lcl9sb2dvIj48L2Rpdj48ZGl2IGlkPSJvbmV0cnVzdC1wb2xpY3kiPjxoMyBpZD0ib2 5ldHJ1c3QtcG9saWN5LXRpdGxlIj5UaGlzIHNpdGUgdXNlcyBjb29raWVzPC9oMz48IS0tIE1vYmlsZSBDbG9zZSBCdXR0b24gLS0+PGRpdiBpZD0ib25ldHJ1c3QtY2xv c2UtYnRuLWNvbnRhaW5lci1tb2JpbGUiIGNsYXNzPSJoaWRlLWxhcmdlIj48YnV0dG9uIGNsYXNzPSJvbmV0cnVzdC1jbG9zZS1idG4taGFuZGxlciBvbmV0cnVzdC1jbG 9zZS1idG4tdWkgYmFubmVyLWNsb3NlLWJ1dHRvbiBtb2JpbGUgY2xvc2UtaWNvbiIgYXJpYS1sYWJlbD0iQ2xvc2UgQmFubmVyIj48L2J1dHRvbj48L2Rpdj48IS0tIE1v YmlsZSBDbG9zZSBCdXR0b24gRU5ELS0+PHAgaWQ9Im9uZXRydXN0LXBvbGljeS10ZXh0Ij5XZSB1c2UgY29va2llcyB0byBpbXByb3ZlIHlvdXIgZXhwZXJpZW5jZSwgdG 8gcmVtZW1iZXIgbG9nLWluIGRldGFpbHMsIHByb3ZpZGUgc2VjdXJlIGxvZy

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otPcCenter[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 77399 Entropy (8bit): 5.538843252044422 Encrypted: false MD5: 1C7799EFDBE2BFB7550309EA34F1728B SHA1: 593D54CC1FF5CD1A589A3627953FD8DDCB9CA1BA SHA-256: 065F0E3F4B25A5D7417F296FA598B646267DD9DBE0A30E217DB3D3A875C87C80 SHA-512: C966DD8D6611AF62EE47FAEE31A3066302FEB2C766A911323AD7EFB995F8565ACE03E387ABF116ADA7E0239253C07984166EFF3B0047F8FD0C212D67DB19D704 Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 24 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\otPcCenter[1].json Preview: . {. "name": "otPcCenter",. "html": "PGRpdiBjbGFzcz0ib25ldHJ1c3QtcGMtZGFyay1maWx0ZXIgaGlkZSBmYWRlLWluIj48L2Rpdj48ZGl2IG lkPSJvbmV0cnVzdC1wYy1zZGsiIGNsYXNzPSJvdC1zZGstY29udGFpbmVyIG90UGNDZW50ZXIgaGlkZSBmYWRlLWluIiBhcmlhLW1vZGFsPSJ0cnVlIiByb2xlPSJkaWFs b2ciIGFyaWEtbGFiZWxsZWRieT0icGMtdGl0bGUiPjwhLS0gQ2xvc2UgQnV0dG9uIC0tPiA8YSBocmVmPSJqYXZhc2NyaXB0OnZvaWQoMCk7IiBpZD0iY2xvc2UtcGMtYn RuLWhhbmRsZXIiIGNsYXNzPSJtYWluIHBjLWNsb3NlLWJ1dHRvbiBjbG9zZS1pY29uIiByb2xlPSJidXR0b24iIHRpdGxlPSJDbG9zZSBCdXR0b24iIGFyaWEtbGFiZWw9 IkNsb3NlIj48L2E+PCEtLSBDbG9zZSBCdXR0b24gLS0+PGRpdiBpZD0iY29udGVudCIgY2xhc3M9Im1haW4tY29udGVudCI+PCEtLSBMb2dvIFRhZyAtLT48ZGl2IGNsYX NzPSJwYy1sb2dvLWNvbnRhaW5lciI+PGRpdiBjbGFzcz0icGMtbG9nbyI+PC9kaXY+PC9kaXY+PGgzIGlkPSJwYy10aXRsZSI+WW91ciBQcml2YWN5PC9oMz48ZGl2IGlk PSJwYy1wb2xpY3ktdGV4dCI+PC9kaXY+PGRpdiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgY2xhc3M9Im90LX Nkay1jb2x1bW4iPjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\photo-1537651442520-4fc506474507[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1186x810, frames 3 Size (bytes): 198465 Entropy (8bit): 7.989922350514683 Encrypted: false MD5: 51D78365B8A450987E0C67E822C57847 SHA1: 5ADE127FBCF73EA74D56BE99368A0C5F8FD22BE4 SHA-256: 81A0F0953ECDE93D302E5353DA10365D24B054974896CF26DCE759C84628C9B2 SHA-512: FAF732E697E81355D59CFF82A13EFE2BC34D4744E2F7C7B01DAC1B5107E1B6A7A78CAA6E7D4674B2305A46E4BC80EC19F291885D86773013E2B77D9A90AE444 A Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... *...."...... o...... x.R..I..K.o&O.<...4.U...!.7.ox.&?.&9...9...... Nqp.]S....G....,[email protected]&R....0..">...... {.4[.x....7.A.2R...... oxDA..U.L..0....E..ccUOx|P.@. .R..!HB..S.C..c...'.."&...... J..@..;....).q/l.t..`.x@}...... &.{...... GU.eC..8....g^(....P!JB.4.i...A4..c.....sx..x.a..}..L..iW...... ?.a?...... |`...... D.....y..%..1p[..u."..)JR...... S"d....s...0.}. ....x...I$...1.DJDYGC)z....%...t._x...B...... cxLa7.....x ...... M$..u.H.7...]9p..>.{.o{....}..Lc...... [email protected]>.%...C....H_&R...)...*i.Ys.Nc.La...... )C..![email protected].>.....(.J.H...d"h.P.2.QC.....R.....R

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\search[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 32482 Entropy (8bit): 4.653719318112755 Encrypted: false MD5: 90B429F68491893BD7F879EF9408E180 SHA1: 7BFF7BD07C7B4AE3AA83899E5BD6CB675B33DCD1 SHA-256: 14E40EDA786D464AB3EE4102593BF4C361D067F30565B6DCAC7FD07A2D85C8DE SHA-512: D92694EB53871BF9397EE84CE2F5477A9F9D3433F1BF05A953BD927A45767A9CF3B25B5E62ED781C7208CB8A968CB15ADAE2F27B86F197F7844C8590845355FF Malicious: false Reputation: low Preview: /* ======..elastic search..======*/..if ($('[data-search-results-module-name]').length > 0) var elasticSearch = (function () {.. var defaultValues = {.. ActiveFacetID: 0,.. Distance: 50,.. RadiusUnitType: 2,.. RecordsPerPage: 20,.. CurrentPage: 1,.. TotalPages: 0,.. Keywords: '',.. Lo cation: '',.. Latitude: null,.. Longitude: null,.. ShowRadius: false,.. FacetTerm: '',.. FacetType: null,.. SearchResultsModuleName: null,.. SearchFiltersModuleName: null,.. SortCriteria: 0,.. SortDirection: 1,.. SearchType: 1,.. CategoryFacetTerm: null,.. CategoryFacetType: null,.. LocationFacetTerm: null,.. LocationFacetType: null,.. KeywordType: null,.. LocationType: null,.. LocationPath: null,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-linkedin[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 854 Entropy (8bit): 5.031816179161669 Encrypted: false MD5: DF2679AC0A69455DC05438AAFB609297 SHA1: ECDF1DFD79131D25FAE27789B16F55FD549B4089 SHA-256: 892DAFE751619C050F33DCD11BA3C996194FCCC060ECC3AE4574C7A8C1FB0466 SHA-512: 1928401898EC08DFBA346E36BDE942FEAEC93B5060392C03988F219852AB3B8C9DB6E3601223C92A95C9D0CA29C338CE8FC9901E6B05C1C26F95D5BF8B959D17 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-twitter[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2020 Page 25 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\social-twitter[1].svg File Type: SVG Scalable Vector Graphics image Size (bytes): 976 Entropy (8bit): 4.865086615336723 Encrypted: false MD5: 3A58E0150D1D2343074EBD2AD334FFAE SHA1: C524B29C5C8E62A5F194329F905E65E6CD0FDBD3 SHA-256: 875EB62F606F0033F670C39FE65EA5A48FCCA8BA2715CEAD21453D2282916348 SHA-512: 1614969D9A77DF6753B2A710A890C8F0C2FFC6BD6A8A233D6B0E4FB3561F249C51F6505B723DD7ADBB8DD2668F252715D4226575E9D0B5FBD3BB7977FAF0CC88 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 44 Entropy (8bit): 2.8317663774021287 Encrypted: false MD5: B798F4CE7359FD815DF4BDF76503B295 SHA1: F8CC6ADDF1707AD236AD9970B0A48F9733D07DA5 SHA-256: 10D8D42D73A02DDB877101E72FBFA15A0EC820224D97CEDEE4CF92D571BE5CAA SHA-512: 921944DC10FBFB6224D69F0B3AC050F4790310FD1BCAC3B87C96512AD5ED9A268824F3F5180563D372642071B4704C979D209BAF40BC0B1C9A714769ABA7DFC7 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... D..;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\uri[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Size (bytes): 48227 Entropy (8bit): 5.470670127697724 Encrypted: false MD5: 203E0BBE14600276C28AE0506A4E78C6 SHA1: 9DDF8A6AF98E271F7228FCB47ADB95D5E26E3DCA SHA-256: 9611BAA741F2FB5F40534054394E5A0998594A2C297ACA544FDBF80C271132A5 SHA-512: DF7CB950E24E87E8556368A102F021ADEB7BB7CE0192C802D39A220691558C34117556B34AC4578ADBC4EB02466E23D18E51ABACCCF0E4425FB8B57245FB3718 Malicious: false Reputation: low Preview: ./*! URI.js v1.19.2 http://medialize.github.io/URI.js/ */../* build contains: IPv6.js, punycode.js, SecondLevelDomains.js, URI.js, URITemplate.js */../*.. URI.js - Mutating URLs.. IPv6 Support.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/ licenses/mit-license.... https://mths.be/punycode v1.4.0 by @mathias URI.js - Mutating URLs.. Second Level Domain (SLD) Support.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/licenses/mit-license.... URI.js - Mutating URLs.... Version: 1.1 9.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/URI.js/.... Licensed under.. MIT License http://www.opensource.org/licenses/mit-license.... URI.js - Mutating URLs.. URI Template Support - http://tools.ietf.org/html/rfc6570.... Version: 1.19.2.... Author: Rodney Rehm.. Web: http://medialize.github.io/U

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wp-embed.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 1403 Entropy (8bit): 5.206464052430262 Encrypted: false MD5: 2DCE40D16F9FF6332D3CBB7AE488A2B9 SHA1: 0A8ECA5975F21A9F1BC079D111CA1657009DBE8F SHA-256: 2152557CAC69E2BD7D6DEBEF5037A9F554F9209CC305B8141B3329ACB10C42B7 SHA-512: 8C5CAFBC2CE3705735FF1131AB34C2AEF7AA50BF25BA13F0A29C07713561B0E6522C93596C8047EC332E7FA98565A9DE56CF040632149B255B58D0BBC43FBA7 B Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 26 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wp-embed.min[1].js Preview: !function(a,b){"use strict";function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf("MSIE 10"),h=!!navigator.userAgent.match(/Trident.*rv:11\./),i=b.quer ySelectorAll("iframe.wp-embedded-content");for(c=0;c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\xandr.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with LF, NEL line terminators Size (bytes): 164291 Entropy (8bit): 5.448747429668633 Encrypted: false MD5: C66981A44C8F0ADFF0CA8B403C829314 SHA1: CCA54F820633AA7B3102A658B0C2A81CB139BB99 SHA-256: 33422BBC50A744AE14EEDEFD9766589B269193399A9C37940D47AE8187F87A08 SHA-512: BE7683A00CB93DA3671587C680426E0B30526E932BFFFC7D6E06F162EAB3307D441994AAF78585C150C911E24E705792D5D8B48E07A7652EB549CC78FF2D97BD Malicious: false Reputation: low Preview: !function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n. o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag, {value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null ,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.ha sOwnProperty.call(t,e)},n.p="",n(n.s=0)}({"./js/Components/Bio.js":./*!******************************!*\. !*** ./js/Components/Bi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\CI0RB4MP.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE Malicious: false Reputation: low Preview: ...... .. .. .. .. .. .. .. .. .. ........ .. .. .... .q...Jt..+..<.\.b....#.D.17....{..Xz.*.o.}.0...>..6..n...]F..d.....!.)..\ob....3x.f.7... ..+.]j.d..m..z.p.r.N.*...2/+.x.].+T...(..uj..'gp.xv.4&...N.,.10l.'.&....^">...(*...%xX...... z!..Y...Z6.`.....h..0..=.JCG.8mv..T.;u....G..v.^Be...A^o...... a...... 0...... C.#...<.z..0P./.+...... 2!..... Q...n...vn\.*J.7.I...88.kPQ..0.q..OgE.j...Z...Yx..UV.s...... }..E.i.-Td ..*...X.Fv..z..yt....F..2D...B.s...eC..sN...svl....A..&$.k....i.?^m,.b...... "j%q..}.R...... )Tz...F=ZxF.c.v.m.)-w.4... V...=...Zs.7Q.7l.,.<...=.^s2....3..G....Y;...... u.>.z..n....F.....O...r.6.wZ.....S[.6<#../G.(m...4.}y.hKL~.g..Xr\....~w..a.X1.d.jVg1.%.....W.D.z..a.g...+.$|..N....-..y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DataLivingLabs1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3

Copyright Joe Security LLC 2020 Page 27 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DataLivingLabs1R[1].jpg Size (bytes): 17757 Entropy (8bit): 7.971408702631118 Encrypted: false MD5: CC9E8F3236F16E3D89CDA1E7E096342B SHA1: 9F4C01D6910EC3EE3115E1A3D0DB679D82E7D0EE SHA-256: 7127C04112C79FA9540EC5AB6AAD08CB431AD882413F5CFC6DFD2F280E595C4E SHA-512: 067C24151B0AE14296A082191BCC387619A71D1369656A55CD3555D263B365B009C8E0C1595D1A3FA05A7E1C812D86B83391C43333CA3E2CC11A45E8EB421F58 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... Z...."...... v.p..[+..m.UN.....n.....9\.+..9...iN...p..|.<$N.....i....4.><).a.s..r..E.G^...... k%L...cm.Df3z..fB:]7..Y...r..s..}.6%_/.&..oS...ff.V.v-B..V.H:Y.Y...r.\..:I.{..!R.....0....y..Z.e[x...... W*.U.._/.G9.Q...... }.~....Lx.x.T..j.D4..r.\...UUW=.s.)N.d...j.^.~m.JUz.\.9W..s..p.+zrU...G.g..F.ao.].....:.{NW;..r...... U..kQ.j...G .^_....gy.\...g.\.*.U..W=\..R.~jtiS....+4.D...... 6ui.M5r.U..UUs..9.-B.1Z....t.34..df....oD...v.a.j{...+..z.ds.C...|7SZ..?O;n.bn.Hx....F....r.."U_*..s....os...... fj.Q.L...... s....B.. j.z....9^./...... ]..@x.|g0.|...G..|.^...`.{..#..s...:7.>t ....ks.qb.J...q]..$...L.14...s..s..9..q.-....>.....k.3iX..q:>.M...j.N@{...9.W9.W=UW.h..|.m..P_..)5Eo.H...&..lI..X<.=.s..9.U..}....k....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\GalanoGrotesque-Light[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 43128, version 0.0 Size (bytes): 43128 Entropy (8bit): 7.9910517463371615 Encrypted: true MD5: 8CB27F62CDA9A2708CF00135D9E75ED0 SHA1: BD1BCBA0F911B9B633FEE407E00709D63E4ABC78 SHA-256: B2EE00D068EF4400CE951FEE4281AD9B344FF9FBF7AEF7EC6DBCBC0E1C3F51B8 SHA-512: E487D22478E052636BF1D46C82984324BCF124C832BC81D5B83A2E2187EC15949003EC01D30EE26AE0E9797B528A0F9C85A73D4121EE2853E6548C80791314FC Malicious: false Reputation: low Preview: wOFF...... x...... g...... X...... GDEF...... ?...D.9.$GPOS...... GSUB...... s....y092OS/2...... O...`j..Vcmap...$...I...T...cvt ...... 4...j..*Rfpgm...... <....vd~xgasp...... glyf...t..w[...... head...... 4...6.i..hhea...p...!...$.6..hmtx...... 0..hNloca...... 7...maxp...... name...0...... k2..post...... x..8.prep...H...... F.."...... V...... ".3...... x.c`d``.b...D..m.2p3...0\_...J/....e>...... $..r).vx.c`f.`...... U.|...8`g@....~...... 3...3.W``...c|.4.H)00....V.x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH....rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6.. .q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``..o..r....,..."...... x..IhTY...s.C.....U&jR...... @%8.`[email protected]_D.qBq.(jTDQ..FP..]8u/.A.V...... 7..VhJ.4..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\HPMedia1Addressable[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 20705 Entropy (8bit): 7.971827202271415 Encrypted: false MD5: E718FC3A2CD5F35F278B682E90C8D54B SHA1: 8F0CBB6B4396B639E0341961C16BC150769E4CC6 SHA-256: CCD866A74A4B805080602C40C825F30C759CA1A7FD23E3477DB217BC1D6A5659 SHA-512: A2F078DE62EA1EBA644D1F12FE30B992169F2669DBE6EA7A308667E823A941EA022253199E6759328A398C5D7DD868C140BDF3D17EEA4925345A50B9C0F975F4 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... Z...."...... y...d.%...(&...... M.0.j..U.!..'H..8.D.s..S|[email protected].).R..O9.y.i)...Y...P.R&...... ^.*I.<{...Qc..Q..}.O..%..6...~.XI.U$J..D.....n.W.....W.g.d..ZF!...6in.=.mr.....|=. <..E.m\.H.H q....h.O.k.&-..>.vr...... *..qZ..O(...T.:;.[....Q.ny|...h.WP...p.fo....(v...... "D.M...Yx..:[email protected]."Au....).IB.^.Xx)....f.|..t...... L.\..R.p...p..E@/...t'.T.....oV.j.`..N.C.? U1x...... V.....g..q.#.r...2..^..S.....z...... E....t.s.un.....1..*P....:/.o.....^.)R./....Zl.{%[..UE.b....R.@@3.n.....(w.w.UNc.E.2..1M35.zs.J^R.._.Tj....;.`X3j...M4.DM2..Ea^...P.T_....;.7 ...... A.f..E..I..M2d>...x.2r....L`(..{.5.;:..e=;g...D.E.QA.PI.).B...Z.^u....?.}...... $J..*I..[.ih..M$.I.QA.."..m...N....\.....Q.v...Y.W}...... i..I".f.H."JA.uQ...... ^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 25419 Entropy (8bit): 7.980672901327252 Encrypted: false MD5: 44DF010D06E4865B5DB767B34218996A SHA1: 954689F05CAD81E4D807FC53455E6512C3BFD2DD SHA-256: 611BBDD7204B122AF193B9F1CC65A4E888AF0578B5219DD38EFDDCDF3A243B6C SHA-512: A19167E5EF9D88546163861094B9DD98FE7B5B85F767A94B358F012358929AFF11DC3DD0579529B2311715DBAF28AFF2E375812D1881CDCD6412880E0EEA55FF Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 28 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital1R[1].jpg Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... Z...."...... v.i....d....H/..6G..K5..P.....^.||...c8....s.3Q.f....JOg...... }.M.{!h.Z....I$Yt].._Z...XJ...... 1.].S....x..Q.w..F.?;..X..b{.m.?..:.3Ld...... -....EUPv.._n...... e..d...... i..).3.b ...WBn..8.$y[.p./[email protected]:.`v..#.f.....qq.s./.....n.o.w...>..uc..'/5)1+#.q.9.....9.*.z6^C...... C...3.v..V....se...<..s...... $iJ.).(Ci.....ZO.YR?j...(=..>0=.~k.....f...... y:...Z._G...Z .3..>..O:y.R[w.O.t..O....p../XI....C.f.N[.8h.di..}....#n&..-.b..v.K.s}.zz.{...mQ.x|s=..G0..j.rk.<..5..k.(...s...mk...... e.b...cM..TH.v7..fV[-.,.< I...... X...n.Hj.)G.3s.....R.G...)..'..u.v2U "..%...Mi...B2.o...f=.9.0.[y&.|..c;t..v.%..+q.:..9Y.ci.bB...[.b...... $..@../....Kgq.}D.z...!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaDigital2T[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 633x346, frames 3 Size (bytes): 19380 Entropy (8bit): 7.960844095868054 Encrypted: false MD5: EB15DEE64295B534DF6F098485F3E11A SHA1: 65AA2269FB62A16E109D069D56985C4737E97BB0 SHA-256: 15657545B321BCD0FB2E04D6C943851AB18AA64F8169FB3F7917B81AF1098CD1 SHA-512: 6F341E6E092FC2A8A640343F20F16CEA289DDEBD667C31E7FF44B0B097CAC7C098680499DAAA33EC54B4C39208AD9B0C3F323F514FCF151095299687DF06D6E4 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... Z.y.."...... Q....rG.e....AS..Y_..*68*.J.HY>.U...... F..v..^/.-.PT..D.F..WV.n...d.l..n'.fg7V.Zt.B....:..V.,v.z...l}...WD.W..J...(.Zg...... 6...GB.x...... S..IV;..j.z.$..<..\&..w.^]S7 ;.CI*.S.)kV..>}..>}.K.w..?Ftu.^.y..s ...... v:U.<..}vR...y>.?_G....O...a..5z.g../?..bKb....[..;<&_...... ;s....z. g..w{..b..!.ei..n..5a.y.^Z....U.~U.KR.Q.[...{..n..jo.....r.x6ct.lg.....H...xwW...... `.W.s....{...>..N.....(...... };.:KV. 7.|...-(....{>.q...... E..q2.g.).....>..-..0..llv...v.CD.U....j.d.;..<..I..Qij..*I....'.c{...M....*.H.f....[.Ar.I...C..6 .$.i..b.T.\.....8.....[.Z...... wd....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\MediaTelevision1R[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 418x346, frames 3 Size (bytes): 16656 Entropy (8bit): 7.967483531274869 Encrypted: false MD5: D789BF1EA73A52CF55B1E6120749B6DB SHA1: 21FB765070EDF59C03C963FCCDDAD0033BF0AAF6 SHA-256: 6AD16AFE47D95DCB1912C20618F2DABE7651DB00323091F7B19977F96C4AEC34 SHA-512: F9EC061573D8F0331872F64019FCF04EF931743E1F9152BB412390D1A0413B04999EBA5E7C10FB6DB0B3A4FB09C3EEAF04282110B10AF06F9E6A3D03754826B3 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... Z...."...... B.....{Hs+..J.z...;c3<...@...... 2.sYB.C...7B.&..}D 1Y..6...4f<(..O..ma.1..q.EZ..l6.3.....s.u...... o(.o...... b...Gt/.....us..q)[S=..(.o.42..Q.Cx...>}....:.0..gpX...%...o).={~h. 9.....`.X!.8H..GB...9v.,WZ~....a.....#....]elN'[email protected]^..V.....+..p.x+.._...u.....b...?.t.r"...... O)..Q.4V`.HKJ..d.\.vr...%.O..B...0...~./...-h43CY.q.}A..=0pV.L..+...... QW>...... ;....b ..:..M..<..1\..~.x.u..?q..H`[email protected]*....foAr.K...lh...il.mT !.p.q.!.;..t$..U.+m.Fg....e...... z.....?..B...... z?M1....0b.."..nJ.*.z..._(....y.D..}.X ....a...... D...... g);f.e..u.....e{.N{..H..X(.aq.a...... Q.."T.7..E.&.+w.K.v..)..+....@.}[\ .a18a...... f.KM.....Y.C../=Q.L..."_G..+.\...... a.7.}+...hP....E.m..u...&.. ..S..]...g.h...... &.hjRl...../L.....Ld

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\NewErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 1612 Entropy (8bit): 4.869554560514657 Encrypted: false MD5: DFEABDE84792228093A5A270352395B6 SHA1: E41258C9576721025926326F76063C2305586F76 SHA-256: 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 SHA-512: E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284F D Malicious: false Reputation: low Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #00 0000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt; ..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Xandr-Carousel-fix-4[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1186 x 810, 8-bit colormap, non-interlaced Size (bytes): 167680 Entropy (8bit): 7.985909107242363 Copyright Joe Security LLC 2020 Page 29 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Xandr-Carousel-fix-4[1].png Encrypted: false MD5: B02CAB246DB4EDEBD5663FED2131BD27 SHA1: FC5BF36C15146BAAD3497F086657D5D4C0FDD320 SHA-256: 538953E8C7D13E2337E7873CD252D49BDF6127C68E3FE8C72749462E78655800 SHA-512: 192D45FE29F88F5FA5B5E0867FB791E3C926E32BF742AFD07CB12A3FF2637762F872614545BA72B8D3411FE7686DCA52B6C10E4D063493E79AA6F8AA6B72A468 Malicious: false Reputation: low Preview: .PNG...... IHDR...... *...... sRGB...... PLTE!.....!."! .#..!. !!.!..$.."..&.."#.!.$$'., .#.").!&. ...! &'..# !#!( .$.#!!)%)....#%.(.)&.%,.!#.&&+.!%@!"/0."1G.1 .!)Y!!+4 .e%.!"4!-f!%"n'. ($#7!.!$=%"!!'#>d (0.5.#!.q!*$!#:0C.-=.!"7"'P*&$H".. .3K.,:.*5.!-m`%.* .:!.!&G!-&)3.[$."(U!'K/@.;).V#.@".<` Q#.!-jE".9X i&.L".(..!"1!9-=".H-.!,c:\ !!-+7."*]!%DA+....6'.?h ,$.!+`!S;- .1!. 6R ...=6.).-![?1.6!6+!gE5O.1%.5.=-('7U !_A!cC@k#;.&!W=!G4An"0+&!D2A91!mH3.)s'.:2,!K6:.E...70*!@0A.'!O8!jG!pJ!/'!=/B!.P0 ! (!1(...D<3%-t!3)G>50("KA7H.)...... ?.L ..*$.+<."OE9Cr#X3 _5!f8 n< \.x5*"% 0%!$SH;'%H8-'&#ABp$' 6b..))i(,zXL>%"<>Ew"...D.SmG 0*.jhhl\I...... GEE; ....rbM$fA5#k][\O.(T90 536.#YQOP9.X...?:.}eOmX 32._D b?2Q?....TP..[EE3-/.I...AE..}~aT |Q>urs..-z]H>1....oQ?nE5FN.&('@C[*5&op.XZo1H&m.l5P$Q.halO...}....tRNS......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 45229 Entropy (8bit): 5.520614975842175 Encrypted: false MD5: AF5C617D36E28D19710B882A6824E213 SHA1: 39A22DC66EE4D211631F701D349BD3EB7EE20824 SHA-256: EAF1B128B927AC2868755CB7366D35554255C8AF362235AFE270F9614F8C806D SHA-512: 3A4325C38AAF546235FC7802956AC5D3FF0C0FBD4959BAA93B249EF9812FCF43029FEC8A8F9BB2C006E94C3532E36FDD5F432FD94BC23F33EBC52E603D88F3A F Malicious: false Reputation: low Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=this||self,n=function(a,b){a=a.split(".");var c=m;a[0]in c||"undefin ed"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var p= function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},q=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var r=window,t=document,u=function(a ,b){t.addEventListener?t.addEventListener(a,b,!1):t.attachEvent&&t.attachEvent("on"+a,b)};var v=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var w={},x=function(){w .TAGGING=w.TAGGING||[];w.TAGGING[1]=!0};var y=/:[0-9]+$/,A=function(a,b){b&&(b=String(b).toLowerCase());if("protocol"===b||"port"===b)a.protocol=z(a.protocol)|| z(r.location.protocol);"port"===b?a.port=String(Number(a.hostname?a.port:r.location.port)||("http"==a.protocol?80:"https"==a.protocol?443:"")):"host"===b&&(a.ho

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\appnexus[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 8372 Entropy (8bit): 5.267589486507733 Encrypted: false MD5: 569D22E93C583092D99E94BF86AC2758 SHA1: BCE875A2B976C7EF71049B110FF39F0FBCF4CB18 SHA-256: F812581FDC45AF5C663831B50C0C20465677B0C77F43B68ECAC22D459A98A299 SHA-512: F5DA5C57494793C54B1EB4E63726F25B55A04B6016F8AED6702AC3DDA5230C203DE2F8B0823D8D871A6DDDEC8F14680750663F16F457D5DE62185CE115791CE8 Malicious: false Reputation: low Preview: //AppNexus.!function(e){var t={};function i(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=e,i.c=t,i .d=function(e,t,n){i.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProp erty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&& e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)i.d(n,r,fun ction(t){return e[t]}.bind(null,r));return n},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="./",i(i.s=29)}([,,,,,function(e,t,i){"use strict";t.__esModule=!0;var n=i(6),r=function(){

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\career-areas-bg-l-v2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1050 x 1058, 8-bit colormap, non-interlaced Size (bytes): 364676 Entropy (8bit): 7.966625301893772 Encrypted: false MD5: 2C06047B75E9B18F4255D8D32EE421D0 SHA1: 01C876B8F76B53F705309D30305DF7D9772E9A4B SHA-256: 7773909D8F3BC5D37E5FD79F9736C4E811E0B3A7D17860AC5D61E601EBF0AA61 SHA-512: E167E60A6CC9726E1FD82312CB30AB775F61CA3DA0AE9B79638A243855315157C3DA4C258B8F1B32245A11517248602BD121C6D40F01D3586E25A819CDAFDBD0 Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 30 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\career-areas-bg-l-v2[1].png Preview: .PNG...... IHDR...... ".....2+n.....PLTE...... 0,/9Y....{y....+'2....;28....%+,'%...1*(...,*+...... 6:6-*)25..%:@B....&+6BE.. ...(%)#"&:1..../[email protected]. (2...mF=@3/[email protected]:....uK@F3:.....W72.VG...... N51...$7G@/6...G/-*""...Ak.Iq.=,*O<5`:4...W>8...\C;...... 7*/2GY.....)=M...... 19E...dQ.[L...... 5L`>75..r.....{HIL...... F`x... :Rh.t\...cT}]O..rkOE..z.lV}[email protected]?E<:@[email protected]..}d+AU...... zi.....raMi.{QGkXR9^.8#$tC8MB>...... -^...... Rx...... j...TEB...... Xn.2V.h..t_Y..\JFM8?p ..Vt...... ^|...... jlytgd]..`.....C('cPL...... yon83?...y...... dio...... xw...... i_^...7Szto..y.&..aWW...u..j..py....Q/+....qc.OAT[a[bi...#U...... ib.YH.to.....z...... J...y...... fRTMQ.~mKSX...[ _{ry.....x...... GGa..?FT.`aPTo.....0...&Fo...>z..T...... tRNS..!.xzzA|..@].2R.....%IDATx..MHtU..+.(b.".Oi...... f4..,.)..A...7ZXV.&.B..)f.Da.hS-.+...D!.c.;f.....\..].....[....{.s...... ^p. ?.EW]u..ywW.{.z..{?*.&.}}}.d.....x..[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\detm-container-hdr[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF line terminators Size (bytes): 94681 Entropy (8bit): 5.371581315280141 Encrypted: false MD5: 668F4477A2C0A48F513A23B8A8D4866E SHA1: C9B891F00EF23AF4FC6BD76478A06288B87D73B8 SHA-256: C7D1C739FE8829FD17557B2E854A80573544092FC6422B657C3C48E44443ECE3 SHA-512: EDFE07458A71968463DFDBF43BA9941BD5D89DAC84CAC4B9C2C8AD60F1E78B102AE8E74A5260002A01DF849E53016A7BAA7AD8024D07E611AD11DE3F0E861C 0E Malicious: false Reputation: low Preview: /* detm-container-hdr 1320 prod */..detmScriptLoader.component={UNKNOWN:{ordinal:0},GOLDENEYE:{ordinal:1,launch:"static",restrictions:"target",forceasync:"golde neye"},ADOBETARGET:{ordinal:2,launch:"static",restrictions:"target",forceasync:"adobetarget"},VIPR:{ordinal:3,launch:"dynamic"},QUANTUM:{ordinal:4,launch:"dynam ic"},UC:{ordinal:5,launch:"dynamic",legacy:!1},DATAMANAGER:{ordinal:6,launch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},DATADEFINITION:{ordinal:7,lau nch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},SATELLITELIB:{ordinal:8,launch:"dynamic",trigger:"script.dataset.trigger.dtm",satellite:!0},DETM_ATOM:{ordinal:9 ,launch:"dynamic",trigger:"script.dataset.trigger.dtm",satellite:!1,legacy:!0},DETM_ADOBE:{ordinal:10,launch:"dynamic",trigger:"script.dataset.trigger",legacy:!0},THIRD_P ARTY:{ordinal:11,launch:"dynamic"},ENGAGE:{ordinal:12,launch:"dynamic"}};var mid=window.location.href.match("[&|?]mid=([^&]*)")||"",adobe_mc=window.location.hre f.match("[&|?]adobe_

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dnserror[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 2997 Entropy (8bit): 4.4885437940628465 Encrypted: false MD5: 2DC61EB461DA1436F5D22BCE51425660 SHA1: E1B79BCAB0F073868079D807FAEC669596DC46C1 SHA-256: ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 SHA-512: A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493 AC6D Malicious: false Reputation: low Preview: ..... .. .. .. Can’t reach this page.. .. .. .... ..

Can’t reach this page

Make sure the web address is correct
Search for this site on Bing

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\down[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced Size (bytes): 748 Entropy (8bit): 7.249606135668305 Encrypted: false MD5: C4F558C4C8B56858F15C09037CD6625A SHA1: EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 SHA-256: 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 SHA-512: D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 Malicious: false Reputation: low Preview: .PNG...... IHDR...... ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U...... W..W.!Y.#Z.$\.']...LpX=f.M...H4...... =...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV ...h..Z._.:<.Y_jG...vN^.<>[email protected]....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bConsumerVisitor_DIR[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Copyright Joe Security LLC 2020 Page 31 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bConsumerVisitor_DIR[1].js Size (bytes): 5439 Entropy (8bit): 5.291450421778226 Encrypted: false MD5: BCD7271BAB3A8C564239D190C0F98FAE SHA1: D4FDD2A99DA4E7F98FC82175038F18A9FA1B9F01 SHA-256: BFB20BE8040CA57C3C9593FB11D0CA150D0A9F274F8E3B51B948EC86A2FEE9C9 SHA-512: B524764ED60CD5118CE226FB266B1E54F4B131B3596721D4B47B96E408F2A822A990B6851FCC3F2E305E2849B71866CC190C6C5C39D28732C0BABFC6ABDA531D Malicious: false Reputation: low Preview: //Rule: eComm_bConsumerVisitor_DIR.//ATTUID: mk667s.//Version: 1.0 12/23/2019..//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=START comScore-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=-=.if (window.location.href.indexOf("directv.com") > -1) {..var comScore = new Image(1, 1);..comScore.src = "https://sb.scorecardresearch.com/p? c1=2&c2=14617392&cv=2.0&cj=1";.}.//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=END comScore-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=.//-=-=-=-=-=-=-=-=-=-=- =-=-=-=-=-=-=-=-=-=-=-=START DCM-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=.if (ddo.getVar("_pageLocation.host") === "www.att.com" || ddo.getVar("_pageLoca tion.host") === "m.att.com" || ddo.getVar("_pageLocation.host") === "www.directv.com" || ddo.getVar("_pageLocation.host") === "mobile.directv.com" || ddo.getVar ("_pageLocation.host") === "www.atttvnow.com") {..if (window.location.href.indexOf("?") > -1) {...var url = window.location.href.substring(0, window.location.href.indexOf ("?")).replace("#", "hash");..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eComm_bXandrHome_RT[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 343 Entropy (8bit): 5.273794040673041 Encrypted: false MD5: 6FB2333D0CF373FA97C9B17A3C97FA19 SHA1: D90F81161B26DD77F2CFB28A203A18156843D526 SHA-256: C73304C8346E10C2D2D0967DA7CD78E39F0576DE1B748650473D6A4F42947919 SHA-512: C8F35BC6B334ED7E7797F44A353407B819D490BD72D7E03125E48A66DBA11E123C9CB922D0206DE900759FB56D5AA56C72FA31B75660E0ADFE2670CEEFB4A21 C Malicious: false Reputation: low Preview: //Rule: eComm_bXandrHome_RT.//ATTUID: mk667s.//Version: 1.0 12/23/2019..gtag('event', 'conversion', {. 'allow_custom_scripts': true,. 'u19': window.locati on.href.replace("#", ""),. 'u20': ddo.getVar("user.uuid").replace("=", ""),. 'u30': visitor.getMarketingCloudVisitorID(),. 'send_to': 'DC-6100125/ecomm0/ecomm01- +unique'.});.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\errorPageStrings[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 4720 Entropy (8bit): 5.164796203267696 Encrypted: false MD5: D65EC06F21C379C87040B83CC1ABAC6B SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E Malicious: false Reputation: low Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts ";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet conn ection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website \u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the web site you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\facebook[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 121097 Entropy (8bit): 5.387336411748081 Encrypted: false MD5: A34804625359275C56F88360358C04C6 SHA1: 290153BBCE1C04D9A81956621D7121E17BB985F5 SHA-256: 8F2BD0A17EB55B38E352473212FA4E8B189B30EADFF241548F19C071807BB9C5 SHA-512: 9C6ED0A8CF0938BBDB87747AC50DA3A8B4F36B7E6678D28940EDDDBE9885B2684E4085937699DCCD5147711C6777F755973540B455CD993D2769CBFC20E4BD30 Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 32 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\facebook[1].js Preview: //Facebook.fbq.version="2.9.15",fbq._releaseSegment="stable",fbq.pendingConfigs=["global_config"],function(a,b,c,d){var e={exports:{}};e.exports,function(){var f=a.fbq;if (f.execStart=a.performance&&a.performance.now&&a.performance.now(),function(){var b=a.postMessage||function(){};return!!f||(b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*"),"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page"),!1)}()){var g="function"==typeof Symbol&&"symbol"==typeof("function"==typeof Symbol?Symbol.iterator:"@@iterator")?function(a){return typeof a}:func tion(a){return a&&"function"==typeof Symbol&&a.constructor===Symbol&&a!==("function"==typeof Symbol?Symbol.prototype:"@@prototype")?"symbol":typeof a} ,h=function(){function a(a,b){for(var c=0;c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\favicon-32x32[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Size (bytes): 1922 Entropy (8bit): 7.030386591170482 Encrypted: false MD5: 9B5C1F432C84D016469F4A7BE4E1D63B SHA1: 2EEE4A568124BE516A682C72395D2FEE11A811EB SHA-256: 049C15B62C151AF9F42AFCC84A5EA3F4F76574DBFB59F1865B6DC94FC1479699 SHA-512: B0829A638C8FE9899CFE71317C64099348DF8B4749DBFBBB9611AF1147B1A7D28EF97023F3FDBF9017B9DCE6CAF363F62BA12BD2E20ED9910E5B007406920B3D Malicious: false Reputation: low Preview: .PNG...... IHDR...... D...... gAMA...... a.... cHRM..z&...... u0...`..:....p..Q<....PLTE....22....PG...... kZ.//...... NE.WN.rc...... VG.pa..~.22.22.22.22...... 33.22.12.QG.P G...... 33.22.12.UJ.PG.PG...... 22.. .PG.PG.PG...... 44.22.01.RH.PG.PG...... 22.22..o.PG.PG.PG...... 88.22.-/.QG.PG.PG...... 22.22.22.^Q.PG.PG...... KN.22.!&.PG.PG...... 33.22.11.UJ.PG.PG...... 22.PG.PG.PG...... 55.22.01.RH.PG...... 22.PG.PG.PG...... QU..#.PG.PG.PG.PG...... NE. NE.NE.WN.XO.XO.XN.XN.rc.rc.rc...... pa.pa.pa.pa.pa..~.pa.pa.pa.MD.....~....n_.pa.pa.pa..~.pa.pa.pa.F>.....~.k\.pa.pa.....~....pa.pa.pa.3-..~..~.bS.pa.pa.OF.....~....o`.pa .....~..~.9*.pa.pa.LD.....~....n_.pa.pa.....~....pa.pa.G?.....~.l].pa.OF.....~.o`.pa..~..~..~..~.22.PG....pa..~...... '....tRNS...... bpo.....).Q..@.?..r...X...p.%n...&.%#..%..wq ....9...)...8..;..Q.P..R...B...Q.V...4.4..m...^.l."s...... !...}^..?...*..*..9>..%$#$#$..%$..*...^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\forms2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 173382 Entropy (8bit): 5.390723941238421 Encrypted: false MD5: E3CF2B4F4A8841E05ADF4AB9F9BF373F SHA1: 4E73F56D93E5A6F0ED1930AA057C83BC9AE4ED93 SHA-256: F6E7E0830124EA580B3F0DE0DA80BA48A45D9DF9D7C092AF0F47C63ED0692578 SHA-512: D3423E6212DD0C8173A7284F5C5C51442F2EC12BDCE17687BD5F9ADEAB7062E27B066B6504174FCF0B7917D2B9828E42AB895B9E32CDCA720CE6A5200D4C5CE 7 Malicious: false Reputation: low Preview: /*! forms2 2019-12-04 See forms2.js for license info */.!function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if (f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1] [a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;ge;)b=a.charCodeAt(e++),b>=55296&&56319>=b&&f>e?(c=a.charCodeAt(e++),56320==(64512&c)?d.push(((1023&b)<<10)+(1023& c)+65536):(d.push(b),e--)):d.push(b);return d}function i(a){return f(a,function(a){var b="";return a>65535&&(a-=65536,b+=K(a>>>10&1023|55296),a=56320|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\gtm[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 178644 Entropy (8bit): 5.527714334315055 Encrypted: false MD5: 63AE6156EFB7DC566DDF9F8E485AF32E SHA1: 9F830B3912085F4BBCE099D1B3C9565112EFA3B7 SHA-256: B546573B6A0E24ABA73BEF1223BA34597C6FB5639645B11D1349FD5842658A46 SHA-512: 138B5E6F0869780F9A029C791C7A36062481E132DE3EEECD068BADD52D6AF871DA9B519BA893DF033A1EC3111241D85095FCFCD42C8DF8275E64281445472868 Malicious: false Reputation: low Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"35",. . "macros":[{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__e". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"gtm.elementUrl",. "vtp_dataLa yerVersion":1. },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__v",. "vtp_name":"gtm.triggers",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":true,. "vtp_defaultValue":"". },{. "function":"__v",. " vtp_name":"gtm.elementId",. "vtp_dataLayerVersion":1. },{. "function":"__r". },{. "functi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2020 Page 33 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\httpErrorPagesScripts[1] File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 12105 Entropy (8bit): 5.451485481468043 Encrypted: false MD5: 9234071287E637F85D721463C488704C SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 Malicious: false Reputation: low Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.su bstring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var pound Index = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild( bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-filter-funnel-white[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 22 x 23, 8-bit colormap, non-interlaced Size (bytes): 280 Entropy (8bit): 5.592961831042693 Encrypted: false MD5: 88A6BE78616403180B091CAE792694ED SHA1: 63EF85E9C66C10DC147EC7DBCA338A8524B6C743 SHA-256: 7090DA22B2B214AEA35FCCE8C3B06EF9A165FDDC3522AAA0D9F9B487D8874DAC SHA-512: 51EE402B9F23C200E582687E947AF83CACE83028C60A79774AD0078D952FD1F9C8324CB0624CBA145ABAD546F5D8362433783CB7DE79A8A2C7638167108DBD28 Malicious: false Reputation: low Preview: .PNG...... IHDR...... 86O....HPLTE...... xx.....tRNS...... D#..uVL:3,....c_.....hIDAT(...... 0....,..(.LA..0(.....X`.E...... S.o.....z...ud 5.s...^.U.dN..8..^;..-..M...O...NY=<..H.~].k.....e:.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-plus-white[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 4-bit colormap, non-interlaced Size (bytes): 180 Entropy (8bit): 5.368902090705298 Encrypted: false MD5: 2E8F7CDAB50455E262BE74ED57C76810 SHA1: 6D0AF660AF0D568C6AD02024B83C257206EE54EC SHA-256: 8503F3AE43820ED32B11B74A668DD9E21BA1EB7AE7B9D372EB4A0A89E62BD83D SHA-512: C25E0A9F8377DB4BCB32E51C62478681385E0A4E06175A57A86B1C376C680E12A0DA05FD0634C7B65C6BEA856C6B428C087D2CAE2194F5A8963A991F527912F5 Malicious: false Reputation: low Preview: .PNG...... IHDR...... y....PLTE...... $|...... tRNS."....<..fN_....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ico-video-button[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 102 x 102, 8-bit/color RGBA, non-interlaced Size (bytes): 3076 Entropy (8bit): 7.614528773862859 Encrypted: false MD5: 82AAF84099B64830409B6CEA53FC1DB5 SHA1: 21D5D3BD110292A6EF72609908F563B74215832E SHA-256: 1D6B6DA15142BA2717D4D728931AF79D3E06A8BD3CC0C4C2E14D6F7F5C5783D0 SHA-512: 331D21DA727A69096B56134673AA2C63F5749E8200DD64B6B329169A88060F67F19676F7A6FD3C90995EE2E5F5E7C14045DF450350D60D8616E4F5E432C3E741 Malicious: false Reputation: low Preview: .PNG...... IHDR...f...f.....9..b....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp..... BM0...."IDATx..]ilTU.>@.....bAPvA

Copyright Joe Security LLC 2020 Page 34 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery-migrate.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 10056 Entropy (8bit): 5.308628526814024 Encrypted: false MD5: 7121994EEC5320FBE6586463BF9651C2 SHA1: 90532AFF6D4121954254CDF04994D834F7EC169B SHA-256: 48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D SHA-512: B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562CC34FE219F71F951D364FA5C68C039B76776CD Malicious: false Reputation: low Preview: /*! jQuery Migrate v1.4.1 | (c) jQuery Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function( a,b,c){function d(c){var d=b.console;f[c]||(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.tra ce()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a) {d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={}, a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a("",{size:1}).attr("size")&&a.attr Fn,h=a.att

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\lineto-akkurat-light[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Akkurat TT Light family Size (bytes): 30770 Entropy (8bit): 7.965094625466987 Encrypted: false MD5: 8FD1F76D6F9C2CAC461F629CCA0A5835 SHA1: 70933F561AA5E368B800F5791D94E380C451744E SHA-256: 07B5C176F243C38873EF7A329B87082AF529D8B758F87D174B5CE0248E00BA8B SHA-512: 37B97F4BEF57EE309FC2A646EE0B84E28248C944686DBB2091C2B6DCE22D70B94460181D2D0DAE46AD8C1A1E151A44A2DB1897E1517C503C64B70D39A13AB5D E Malicious: false Reputation: low Preview: 2x..*w...... ,.....LP....j!.@...... x...... A.k.k.u.r.a.t. .T.T. .L.i.g.h.t.....R.e.g.u.l.a.r...2.V.e.r.s.i.o.n. .1...0.0.3.;. .b.u.i.l.d. .0.0.0.1...0.A.k.k.u.r.a.t. .T.T. .L.i.g.h.t. .R.e.g.u.l.a.r.....BSGP...... L.R..R..V&....xZg.icyR..&c..4o4F..w....[...... H...."...M.....2u...4...... &...'.]M9..j@ZI.$...5..{.5.....ycW.Ja.x. ..%.4.- 6FrB.....K.,./.M...&kBy..3...V...X..P..L!.W.^..{.0bX.o.^*....6Dm...... c...)...>.1._ .3.N?. U...I.x.z..L.j...e.42.H4.H!/.....Q....2.....d....$....}-D.%..G.n.. K.....s..I...... 3c,^.eA.T >}.N"[email protected].(.J...... C....nk.2c...B..c...!..*?...... D.3.....3.L..qI.T.mh....U ...]...b.F...SA..iJw0.1...... a.._...m.!cI..su2 .I\&..X....9n>..\..v#{..Z...s<..z..T{# ...... q.X.2....Pd.. xH....Az.1KB).a.t..hR.....Q...Z...i.>..P.O....%.....m..l.r...'....6~....3..Tk. _Q.,..j..).1.U..P)1*.d.L...... A.S....hH..(s'P....*...... D..dLX...... _.w*.,.a...l..S.E.I...c.w...... $.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\location[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 182 Entropy (8bit): 4.685293041881485 Encrypted: false MD5: C4F67A4EFC37372559CD375AA74454A3 SHA1: 2B7303240D7CBEF2B7B9F3D22D306CC04CBFBE56 SHA-256: C72856B40493B0C4A9FC25F80A10DFBF268B23B30A07D18AF4783017F54165DE SHA-512: 1EE4D2C1ED8044128DCDCDB97DC8680886AD0EC06C856F2449B67A6B0B9D7DE0A5EA2BBA54EB405AB129DD0247E605B68DC11CEB6A074E6CF088A73948AF2 481 Malicious: false Reputation: low Preview: jsonFeed({"country":"CH","state":"ZH","stateName":"Zurich","zipcode":"8152","timezone":"Europe/Zurich","latitude":"47.43000","longitude":"8.57180","city":"Zurich","contin ent":"EU"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\login-black[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 26 x 35, 8-bit/color RGBA, non-interlaced Size (bytes): 1383 Entropy (8bit): 6.887666882350577 Encrypted: false MD5: AAA026B3A0639156C7CDA6A6B2D4E0CB SHA1: 864F2979B14959B95D8FA5B74C22432C74F9B167 SHA-256: A22197C488267F8258A7F0D9C7775551741EF4347F0876E52AB3B0F87D89589E SHA-512: 8AFBDB7C5971E672A78804611DBAE6D46C898CA4FD1A8052075338DF7C3DBA125E4DA93BA92326B3D6F685E425101D12F9395A3655C54411D635721FD3AD03EA Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 35 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\login-black[1].png Preview: .PNG...... IHDR...... #...... ?...... tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp..... .1Lb....IDATx.bd ..{y...l ..b...... x/..l. .1!3...$.Hu.1..%?...hY.>s..XR.....2. v.PUe.y..A.}....H.b ...}v.....M5...V.|..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\nr-1167.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 26895 Entropy (8bit): 5.30832063472068 Encrypted: false MD5: 8155781AB74E51EEE2EAD2C1D5902E63 SHA1: 5679A128CE2702F782C9F3F46D16D95C387B52EE SHA-256: F4AE8A2C83E0A851FD331BBF34D7A6F9184B3E31B6F2E681E8377FB8A8EDC10F SHA-512: BDE3D3A037944032E9822E1F538F958A63582B1E6850BCA2B17BF2E8075FADCDAE6056983327D56B98C6B5684CDB3D49DD82CD8046804C2BB7D28E52C22DCB2 4 Malicious: false Reputation: low Preview: !function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find mo dule '"+t+"'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){var o=n[t][1][e];return r(o||e)},s,s.exports)}return e[t].exports}for(var o="function"==typeof __nr_requir e&&__nr_require,i=0;ie.max&&(e.max=n),n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\social-fb[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 600 Entropy (8bit): 5.158907930018797 Encrypted: false MD5: 5AE9EF1390F6E2AA11123212EB4E8EF3 SHA1: 7CC62EFFEBF74962FD930289F801CEEA86909541 SHA-256: 9549A2429D59FE9BCC0ACE7C76F876F932E793B6AFCE2F6A8B365C3BB10B8D79 SHA-512: 682534CABA6BCFEDDCD1F985DF485E6D542215DC8001805FCF4D0CD54A6BA20CA8B81B32F85460E67B00A55A33E24AEDF6FBE11992DD7A638CF5106A052AFA A7 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\social-instagram[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 988 Entropy (8bit): 5.013448287767325 Encrypted: false MD5: 512A89CC1D487FCE5B4AAD84DABA003A SHA1: 8AC8C15046EAFCD813AD105B3F9FF017D27B83DE SHA-256: 9538DF51047A3F5B1C819D45B2F049714DC439CE7F2B4FB74E67F3E69785F80A SHA-512: 0808AA8A704768D706EBE1BE755165C53FCEFB320FA611296C998384A26D092ABF30906ED294ECB1922D61D47FA0DFB0C4F0E7630EB6B0C8DD940BE393F71578 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2020 Page 36 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min[1].css File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 29295 Entropy (8bit): 4.976392120020101 Encrypted: false MD5: 375BD65D60FF3C8723FCCC343AFB1B9B SHA1: B06BA18A307BDF4821DDED9EBFFD2489F7B01D6A SHA-256: 4B8FE5C3D0E5EF7A6582185CBF5C535B5D369C8DF1DA98C03ED69833E55F474D SHA-512: 938011C747F4F036D7662907B388C5985D1C3200145303E646437B143A9DAFCAD9F5F7431492BBECCB755916E0A8843C0A2F49A3599BE8FF51BC5EB2C648426A Malicious: false Reputation: low Preview: .wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em;color:#555d66;text-align:center;font-size:13px}.wp-block-audio audio{width:100%;min-width:300px}.block- editor-block-list__layout .reusable-block-edit-panel{align-items:center;background:#f8f9f9;color:#555d66;display:flex;flex-wrap:wrap;font-family:-apple-system,BlinkMa cSystemFont,Segoe UI,Roboto,Oxygen-Sans,Ubuntu,Cantarell,Helvetica Neue,sans-serif;font-size:13px;top:-14px;margin:0 -14px;padding:8px 14px;position:relative;bo rder:1px dashed rgba(145,151,162,.25);border-bottom:none}.block-editor-block-list__layout .block-editor-block-list__layout .reusable-block-edit-panel{margin:0 -14px;paddi ng:8px 14px}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__spinner{margin:0 5px}.block-editor-block-list__layout .reusable-block- edit-panel .reusable-block-edit-panel__info{margin-right:auto}.block-editor-block-list__layout .reusable-block-edit-panel .reusable-block-edit-panel__label{margin-right:8

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\xandr-banner-home-sm-v2[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x350, frames 3 Size (bytes): 102332 Entropy (8bit): 7.977130745708066 Encrypted: false MD5: 5CF96B80E2D664DE49F7CA6AA29F9994 SHA1: F107883F90C8FB7E1E901CFFBBA4707977D83ED8 SHA-256: 73ECC97DE01F31BF20E59D5DED61A545B322CBC7F0B944BF6B25E1615A70A74B SHA-512: A70E8D0D5E7F97B23E796D797557EB65E609576524DA68C2A59EAE4D9EDCABFEC1BCF6A775FB86E2F4E5C9D55C9A17CF9C551922D8118FEE4D2307123088FA2 2 Malicious: false Reputation: low Preview: ...... Exif..II*...... Ducky...... d.....+http://ns.adobe.com/xap/1.0/. ....Adobe.d......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\xandr-life-banner-d-v2[1].png

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 880 x 750, 8-bit/color RGBA, non-interlaced Size (bytes): 1356589 Entropy (8bit): 7.991786958181959 Encrypted: true MD5: 9FDB3A6AAD1B5DD375239B69BF49C218 SHA1: 1BB2DF3C2FFEA7B32DA013849C6532450D1FD8E2 SHA-256: E6FAEF19F1EB629828E47BB1DA0AF0B0CEF3AE1396DD03C3E9CA301439AA4641 SHA-512: 2CBC1E3CC6783974F145C3840877551FE8BAE0D337EC643573530B23D4CC3B9F9B18A40B17DE86C23881E4A3705BBBC2E5ED6A73046E25BAF09B78EA46E4B25 3 Malicious: false Reputation: low Preview: .PNG...... IHDR...p...... P.. .IDATx.d.K.m.v....{.9.ZU{.s.qb..(t,H.""!!...... :!.:....P.-$"....&..V.!..D.n`.-.....svU...... }....Uk...... S...._...... )z..9M...].s.\...&..x.x.PU...G..x..(.. .5zk.V)..r.U.9.B...... |w_...... ~..Ri.J..:.{z.4..A..;{ix.P:.6.AE...E.SZ..BW...... Z.....uZk...6.)S.\.....J.(..Jo...... D...9y.-..C.j..N.....N..BBj.}....H....i...5.K...... L...<.B..u.Z.}...N.:]:.n."*.:.V...V..m../...,b.Q...6...E..`[..4x..Z.5$...B.?.Z...[.m.v}...... uP.B.....G.I.v..H-P*.`.w....]..#..f.. .Cz....<.;].)....R...sH.....w.."@)..' ...1....?K.t...(.V.Z.+...... p...~..7...... ?..w.....K.&..?_..s.....J.f....o.....N..l?..q.6Z...q>0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\06X0WIMO.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE

Copyright Joe Security LLC 2020 Page 37 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\06X0WIMO.htm Malicious: false Reputation: low Preview: ...... .. .. .. .. .. .. .. .. .. ........ .. .. ....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\10563-Full[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Size (bytes): 270889 Entropy (8bit): 5.394878370223705 Encrypted: false MD5: A149E87C2077BB1E61C48884DCBA5050 SHA1: 5C5B13DEA6BE2BA46E238475183308CFEF2F4450 SHA-256: B5F635963E3F8BB2C03515032602FC12FB677C82EB9430C3884CA04485FCF629 SHA-512: E72B739A4128501DC8F9E3787BE1DC03D68374C3DF31AC0062DC6A84C6E70FE03B599CBAC886F0433123471F421CB61C0D2C2A0B172743647D9D397E21C44738 Malicious: false Reputation: low Preview: ./*!...... Title: Xandr Careers (xandr.att.jobs)..Author: TMP Worldwide - New York..Lead Developer: Deborah Foerst ([email protected])..Accessibility: Michael "Spell" Spellacy ([email protected], @spellacy)..Ticket: TCDQ-23314..Creation Date: 2017-09-14....All typography property of AT&T and may not be used without eplicit permission.....Copyright AT&T....****** Change Log ******....Ticket: TCDQ-28382..Developer: Jorge Felico ([email protected])..Manager: Hannah Johns (han [email protected])..Creation Date: 2018-03-23..Comments: New class for twitter embeds to be two columns.....Ticket: TCDQ-30676..Developer: Raven Palte (raven.pa [email protected])..Manager: Pamela Vasquez ([email protected])..Creation Date: 2018-06-21..Comments: Added .headroom classes for sticky nav enhancemen t..Addendum: DC removed headroom class 6/26 per PSS request. and added slide-up class - which is added..via JS...... Ticket: TCDQ-38470..Developer: Paul Goepfert ([email protected])..Manager: Ama

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\2e6d347924[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 24 Entropy (8bit): 2.459147917027245 Encrypted: false MD5: BC32ED98D624ACB4008F986349A20D26 SHA1: 2D3DF8C11D2168CE2C27E0937421D11D85016361 SHA-256: 0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300 SHA-512: 71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B 4E Malicious: false Reputation: low Preview: GIF89a...... ,......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\385001538e516effbb0ed5e5794fdd432a522c98[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Copyright Joe Security LLC 2020 Page 38 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\385001538e516effbb0ed5e5794fdd432a522c98[1].jpg File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1186x810, frames 3 Size (bytes): 87114 Entropy (8bit): 7.9847102037476425 Encrypted: false MD5: 0FC808AB423035727C61AFBBB0B99CFF SHA1: 78F2760F575A8EE23EBCE71C02A91236BA6E49B1 SHA-256: 91E6151D3EF58D64AE4CFD70CDAF18325812C8C3F970194A83BF3E9EABF8504A SHA-512: 9D4CD37D696923FE24ECBD2A8216CDDAD990F5B86EA22A881CBBAC44EC0BA26EC41B959C2D8BBDCB181C8835483EAC0D6C2ED3301FD0051ED24472A8AB8D C0D0 Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... *...."...... Z.Y...6t..Z.yn8..._y.%..J|.e..f.....q.(.-F.,...fd`..0j5...F...... 4.u.>...Q..u`.pj..s..aA...... T.]...... <.:.J.N....K|6.(...S.<.)f.R..)JQ..F. ff`...j5...... [.M...i..w1...... Q:u.c.v.u....+qy.. J.....n:.8...PBIo:.B.. 6.(#.....Z...-jZ...(... `...... F..`..$7..7Y.t..la&.;.n.(..n.g....Rl$....[.\/M...y.km.....:.$....)3..4.e. ..q+7d.u..q..[.R..fj2.3.f....Fj3.`."B"R...%.fF..J....^N.]...v...... pr...... ,..#Q.%.2....0.Y.L..F.K1.*U...... f...P3Q...(.....G...2.Z.NJ....,_/..0.j.-r...,.Nnk...<...[Y8`..=!.Vd...... 3.kx.\[email protected]..!.(...D...... vr.,.;w.5.WN.gT`..8...... k.] [...zL.O:..6.I.?....F...S,._..3I....2.^.3Y.D..e.333Q...3.....C.o...i,..\Y....y.f/:..U#L.!.%..#.6..X..wv." ..eH...$3..q....H)`.F$Y5Z.0.2q....7.iQ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\6C2T6OHO.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 33960 Entropy (8bit): 5.115077521411671 Encrypted: false MD5: A4F25D42026E7AE390DFF43E7D20295A SHA1: 10C88E9BB0E28860270CE6E761E1DA8637F2FDF2 SHA-256: 319D6088F40A5DA8E3143743DEBCEAE50F3CF9E7C0847CEC2EC9B857D34FF5C9 SHA-512: A4863FA7BB01066C81A31A3EABCBD821F0DD880F0AF6B6807A411FBE5C9F80A75836F4652295CE18F20C9CAB32A0D8B13947528C298B13F532B20BD187B928BE Malicious: false Reputation: low Preview: ...... .. .. .. .. .. .. .. .. .. ........ .. .. .... ...... *.t....8.../O..V.l4.8..P.F..)&..;...V.0y_=.. ...q..F...2&f..I;..3..Q/j\...... &.TE..g5...R.>..+.3.U...O&._....._....j.m34c..b..+e...y<.."....s.....l...."..s.i4 .2w.I.$.t..r....m\9&1.....[....^...t...V.....s...... /...kN.333E.T&#)3%'..&..aby.!..t- ..E....9g'h.'...;.I;.JF=.../O.p.I.(.r..c...].u}.B..8N..3:j.1..N...... x.z....Db. O.PAgH.h...... H4....u...{F.QhC;....4...... ,.".g...... }E.._..;L.W.....t.Y$..%.I....+..e...8[;z...... 5..x".,.nq....:bA..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Appnexus-logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 300 x 90, 8-bit colormap, non-interlaced Size (bytes): 4661 Entropy (8bit): 7.767333891915912 Encrypted: false MD5: 0C7366F75A91AD061F0FB4D970F97C8B SHA1: FF1135DB59787E531219D29284528CD80BF5E2ED SHA-256: B3C5FC5441A1A105B0D1D86AC1E4E4778B6657E4981F0D6FE9C68200DB582668 SHA-512: A1627FAC0FBA6E89459FC8BD4D8EC61BE75BA80B6036E439FD014636E78BF88CEFE745E094038AA2F70FCEAAFBCEF9FAAC761F541159DAC9732795141238DF 4E

Copyright Joe Security LLC 2020 Page 39 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Appnexus-logo[1].png Malicious: false Reputation: low Preview: .PNG...... IHDR...,...Z.....5../...SPLTE...... 5.....otRNS....}H..ex..(.bQ..s...}.Z...6x.30 ....$.;.MnW-..C.^?...S...... iMK.....k9pC9... vg+...aX....0!..i&.,(..+.tA...."IDATx..YWZ1..G..U.....,....".Rq..P..*..Z.2...... p.T=...... D.|wf2.p.....C...k%.R.PF~...^.7E.+2|Z4.X9....e`+J|&.y.,H.eQ.d....f-..()2.!.*s4_.E...=sY.P ..e].Fz.J|91.u.....eQ.Da.h.m,.(.d.....h...,.fU.U....]....l.....d..2...... -Z...[..,Q..*4S[.uY.tx-....,....L.4.o_...b.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\B772W0WL.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Size (bytes): 48783 Entropy (8bit): 4.888490880660874 Encrypted: false MD5: 373FE9931AD9CC0EF7A768437756EAC4 SHA1: C04B2236D1B4427C352E3D4B4AF44CACF874A191 SHA-256: A41BDD785416B01F5EEDF03C8C9D902B6FD08F762474281688AC14F1D13849EF SHA-512: E5C992515EB3A64F189B68F00FB7CF52D4C01E12CA6AFCAB298B0C772D918BD9FD1242D603BBCB36BCB288F033CB85ACF8CB3BD2014058A87E79C98F8CBC2D D7 Malicious: false Reputation: low Preview: .. . . . . . . . . . . . .. . Xandr.. .. .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GalanoGrotesque-Light[1].woff2

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format (Version 2), TrueType, length 31796, version 1.0 Size (bytes): 31796 Entropy (8bit): 7.993774250951371 Encrypted: true MD5: 9F2AEB5F7463544C8A9AC0528430AEDE SHA1: 20CEE061D9FEA57AC4EC3FEF6CA9DE10973DC91E SHA-256: EBA7B1CE5EC0B9687CF0A6602D099C74318B8EA6ED8285A609FBFB27AC736757 SHA-512: 63060C196B778F0AFAC4A0AA821E861632F1D5D894EDFECCB71B2053D3FF05D389322BDAFD8F2E526A08C0E711086FF44E42E1F1F8D89398BD4A0E60637A94C C Malicious: false Reputation: low Preview: wOF2...... |4...... g...zv...... z....\...... D..Z....`..T.j...... 6.$..0...... x...[P?q :w..r;..m...Bv..P.j...... m.v;3t..?.....\[email protected]...... B....>..5..(.2l..S.;....~... .>....r=n.....q.<...>..l. [...a6L.'...... J..|WzY....CIl..5.&.>..".WT.#b.2.[.wfk(...... K.>.....>..7.....Q4..K.o4OD...... !(8t..p`....X=#k..^...u.(..t....?..{."...n...Y.=.5..E.QMQju...... MQ."* .m.*.,`,*X$.b..HI{.6. <..U.*.....U7...$..2.%{P..7..?...F.M.U..|.@.(..5igz..6...... D...... g.w..a...a..S...A>+...... G/_$...... r;..w...... 8. (J...... U...zC.....L...... |.i..G.../i.\3.#. 1....&..^..R.D"Q..j..%s.....N".V...o.....HE....C...H.H..+.w.....3o.w...;.A`[email protected]@....O...?d.`...... s.*.>.r....]..)...tQ..S.'..._...4I.^..Q..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\GalanoGrotesque-Medium[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 43909, version 0.0 Size (bytes): 43909 Entropy (8bit): 7.9921611367088925 Encrypted: true MD5: 50E69A5881966F8B292E48E0AF21E9D8 SHA1: 0158FFCCC6EA3D77B061F1AA1339DF3405905BB2 SHA-256: 20A8609BD409413EACA2BD607613BD6DE8BB999637148E5E47639BCB3EB58BD4 SHA-512: 37B7B38C4AEB2D04971C80C00C2C11BFFDEE993CC32EF77716FB895F66A2F2D64D250F5C80324CA51C45F78098406FB8AC17B17F2E37D4600D5520A8348B992C Malicious: false Reputation: low Preview: wOFF...... q...... ,...Y...... GDEF...... ?...D.9.$GPOS...... (.@GSUB...... s....y092OS/2...... N...`j".ccmap...$...I...T...cvt ...... 4...j.z+Xfpgm...... <....vd~xgasp...... glyf...p..zc...... head...... 4...6.q..hhea...p...!...$.>.khmtx...... 0..UTloca...... XS.maxp...... name...$...... !..Y.post...... x..8.prep...L...... F.."...... R...... ".3...... x.c`d``..7.....m.2p3...0\_...J.....e..J ....$...... x.c`f.g...... 5.|.6.8`g@....~...... 3...12(00L..1~`...... k..x...]+.a...... [s".,[..y..%Q4G.....jM&E...C%J.....y..8.+8.g.|.QJc...... U.U.._].".DdS.....:.U.....b.G.JQ..t.F8.F...!. .i.0.y,".u|.....6.....6.!5iH....rB...... }.h5.F...f.I.QJ.N.rN9....z.a.1...... !\.N<(eY{....)k...8...... %Z.3?.-.p..|.9...>.S.p..9.|.IN.>.r.W...j...6. ..q.k.:-..-Q....z.g.`..I...^|k.}....?....I.....x.c`d``[email protected].../.....x..[HTQ.....hijS..cZj.$..5Jf.(6E7... .B."Q.BI..(...... C...... C.CP.....EAE...=g.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HP1[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe Copyright Joe Security LLC 2020 Page 40 of 64 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HP1[1].jpg File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 646x355, frames 3 Size (bytes): 26850 Entropy (8bit): 7.963419331113693 Encrypted: false MD5: E4C35409F3BFCB8C197BA7C0B1846FD0 SHA1: DD2CFE574FD67850101A8027D97A7D15E5BB8390 SHA-256: 0B04E420D133DAC7117E1AE596414DA3848879105631BC77B8447B3D901C215E SHA-512: C0A9A59B1687DB132A79CA6F3525ED1021D820409374D97361E8192171D0A1C75455F6F5EE2CAD2A29E39F932A38E40B32F97C1DA541E777F4D818FDE49B6B9E Malicious: false Reputation: low Preview: ...... JFIF.....H.H...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... +. .. .+&.&#&.&D6006DOB?BO_UU_xrx...... c...."...... )....3....i.l...g([email protected].`..f..0...t. ....GO..]4...g.n5....`....`.....`.0f`T...... ''_ ....P.4...... 20`..`..`..1P. @..p....>df...... /. ....f....0`..`...ND...... C.R...... 6km$$.`.f`....`. [email protected]...(.d....D..#3...`..0...... :`[email protected]...... 0`.:RD...f.0`....`.Y...... 0F...... :[email protected]...... a6..j0.0.3...`..0..0`...... F`.n...d` ..<...83Q.Ff....0a-..b..-*L..Q7wj ~>....="d.....!...... <....BP..n...... ?,5}kE....ILdAz4.DT..~...... Mn...B\zT...... 2..{=.s.a.....D+.H..'..^.N..a..<..r.]..+.l.fZ.!..LHv...Y0...... V...... V.Yo8.3.n.zN...2.m.L8Q...;.@?....).y. <.0..YpY_....g$%L..Ku.k..)S.m...Q..ih.....t

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation star-mini.c10r.facebook.com 31.13.92.36 true false high dart.l.doubleclick.net 172.217.18.6 true false high pagead46.l.doubleclick.net 172.217.22.98 true false high stats.l.doubleclick.net 74.125.133.157 true false high dcs-edge-irl1-876252164.eu-west- 3.248.163.0 true false high 1.elb.amazonaws.com att.inq.com 206.17.25.188 true false high d2ctznuk6ro1vp.cloudfront.net 99.84.89.69 true false high bam.nr-data.net 162.247.242.19 true false 0%, Virustotal, Browse low addevent.com 54.194.175.157 true false high cookie-cdn.cookiepro.com 104.20.184.45 true false 0%, Virustotal, Browse unknown cs977204322.wpc.edgecastcdn.net 152.199.21.2 true false high scontent.xx.fbcdn.net 185.60.216.19 true false high pagead.l.doubleclick.net 216.58.207.34 true false high ib.anycast.adnxs.com 37.252.173.22 true false high fe2.edge.pantheon.io 23.185.0.2 true false high ab13.mktoedge.com 104.16.95.80 true false 0%, Virustotal, Browse unknown geolocation.onetrust.com 104.20.184.68 true false high xandr.att.jobs unknown unknown false high app-ab13.marketo.com unknown unknown false high secure.adnxs.com unknown unknown false high smetrics.att.com unknown unknown false high d.agkn.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high 6100125.fls.doubleclick.net unknown unknown false high www.xandr.jobs unknown unknown false unknown i.xandr.com unknown unknown false 0%, Virustotal, Browse low tbcdn.talentbrew.com unknown unknown false high dpm.demdex.net unknown unknown false high hello.myfonts.net unknown unknown false high www.facebook.com unknown unknown false high www.appnexus.com unknown unknown false high js-agent.newrelic.com unknown unknown false high connect.facebook.net unknown unknown false high ib.adnxs.com unknown unknown false high fls.doubleclick.net unknown unknown false high www.xandr.com unknown unknown false 0%, Virustotal, Browse low www.att.com unknown unknown false high

Contacted URLs

Copyright Joe Security LLC 2020 Page 41 of 64 Name Malicious Antivirus Detection Reputation www.appnexus.com/en/error false high ib.adnxs.com/ false high

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation mydomain.com/node/1 js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.linkedin.com/company/xandr/ YQICUJRK.htm.2.dr false high https://www.xandr.com/favicon-32x32.png B772W0WL.htm.2.dr, ~DFB4033196 false Avira URL Cloud: safe low 01620250.TMP.1.dr, imagestore.dat.2.dr https://www.xandr.com/news/amc-networks-disney-and- B772W0WL.htm.2.dr false Avira URL Cloud: safe low warnermedia-join-xandr-in-powering-the-future-of- https://github.com/hernansartorio/jquery-nice-select js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr search-jobs[1].htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/FULL_v2_0/js/jq uery.fancybox-min.js https://www.youtube.com/watch?v=zqRalM_-sh0&t=1s search-jobs[1].htm.2.dr false high https://www.drupal.org/node/2815083 js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.att.com/scripts/adobe/prod/appnexus.js eComm_Universal_AppNexus[1].js.2.dr false high https://www.xandr.com/wp/wp- B772W0WL.htm.2.dr false Avira URL Cloud: safe low includes/js/jquery/jquery.js?ver=1.12.4-wp https://www.xandr.com/platform/monetize/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://stats.g.doubleclick.net/r/collect? analytics[1].js.2.dr false high t=dc&aip=1&_r=3& https://www.xandr.com/about/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/casestudies/relevance/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/casestudies/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/inqChat.html?IFRAME ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low github.com/kenwheeler/slick js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/app/themes/xandr- B772W0WL.htm.2.dr false Avira URL Cloud: safe low theme/public/js/xandr.min.js?ver=1583723005 https://www.xandr.com/platform/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://api.jquery.com/animate js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/about/our-story/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/app/themes/xandr- B772W0WL.htm.2.dr false Avira URL Cloud: safe low theme/public/img/att-logo.svg ~DFB403319601620250.TMP.1.dr false high https://6100125.fls.doubleclick.net/activityi;src=6100125;type= ecomm0;cat=ecomm01-;ord=1;num=8620222 https://openadstream17.247realmedia.com/oas/~ ~DFB403319601620250.TMP.1.dr false high https://www.xandr.com/media/addressable/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.jobs {67AC28D7-73E7-11EA-AADD-C25F1 false 0%, Virustotal, Browse unknown 35D3C65}.dat.1.dr Avira URL Cloud: safe https://sb.scorecardresearch.com/p? eComm_bConsumerVisitor_DIR[1]. false Avira URL Cloud: safe low c1=2&c2=14617392&cv=2.0&cj=1 js.2.dr YQICUJRK.htm.2.dr, ~DFB4033196 false high https://tbcdn.talentbrew.com/company/25348/img/favicon/favic 01620250.TMP.1.dr, imagestore.dat.2.dr on-10563.png https://www.xandr.com//en/error#main-content ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low

https://www.xandr.jobs/search-jobszSearch ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe unknown YQICUJRK.htm.2.dr false high https://www.att.com/legal/terms.attWebsiteTermsOfUse.html? id=tou https://cookie- B772W0WL.htm.2.dr false Avira URL Cloud: safe unknown cdn.cookiepro.com/scripttemplates/otSDKStub.js https://www.youtube.com/user/ShareATT/ YQICUJRK.htm.2.dr false high gtm[1].js.2.dr, marketing.min[1].js.2.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. https://i.xandr.com/2018/09/HPData2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&ixlib=ph https://community-marketplace.com/ B772W0WL.htm.2.dr false Avira URL Cloud: safe unknown https://i.xandr.com/2018/09/MediaDigital2T.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&i https://mths.be/punycode uri[1].js.2.dr false 0%, Virustotal, Browse unknown URL Reputation: safe

Copyright Joe Security LLC 2020 Page 42 of 64 Name Source Malicious Antivirus Detection Reputation https://dl.xandr.com/2019/12/Advertising-T-and- B772W0WL.htm.2.dr false Avira URL Cloud: safe low C_2019.11.25.pdf https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high YQICUJRK.htm.2.dr false high https://www.att.com/legal/terms.attWebsiteTermsOfUse.html? id=attip https://www.xandr.com/wp/wp-includes/css/dist/block- B772W0WL.htm.2.dr false Avira URL Cloud: safe low library/style.min.css?ver=5.2.2 www.reddit.com/ msapplication.xml4.1.dr false high https://i.xandr.com/2018/09/HPMedia1Addressable.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346& https://www.xandr.com/contact-us/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://mediaeastv3.inq.com inqChatLaunch10004119[1].js.2.dr false high https://openadstream17.247realmedia.com/oas/z ~DFB403319601620250.TMP.1.dr false high YQICUJRK.htm.2.dr false high https://tbcdn.talentbrew.com/company/117/FULL_v2_0/img/im g-xandr-socialshare.jpg https://www.xandr.com/media/television/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low kenwheeler.github.io js_1nbY82oPF04MMZOTEWnYLaOYl5w false 0%, Virustotal, Browse low Q0so7mAZQ1l0xyt0[1].js.2.dr URL Reputation: safe https://www.appnexus.com/en/error ~DFB403319601620250.TMP.1.dr false high https://i.xandr.com/2018/09/HP2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. YQICUJRK.htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/img/logo/logo- 10563-11712.svg https://www.appnexus.com/en/errorRoot {67AC28D7-73E7-11EA-AADD-C25F1 false high 35D3C65}.dat.1.dr https://www.xandr.com/privacy/cookie-policy/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.appnexus.com/en/error#main-content ~DFB403319601620250.TMP.1.dr false high https://www.xandr.com/news/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com/site.webmanifest B772W0WL.htm.2.dr false Avira URL Cloud: safe low tools.ietf.org/html/rfc6570 uri[1].js.2.dr false high https://schema.org B772W0WL.htm.2.dr false high www.whatwg.org/specs/web-apps/current- js_1nbY82oPF04MMZOTEWnYLaOYl5w false high work/multipage/states-of-the-type-attribute.html#valid- Q0so7mAZQ1l0xyt0[1].js.2.dr https://i.xandr.com/2018/09/HPPlatform2.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346&ixli https://www.xandr.jobs//en/error#main-contentP ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe unknown B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/385001538e516effbb0ed5e5794fd d432a522c98.png?auto=compress&fit=crop& YQICUJRK.htm.2.dr false high https://www.att.com/ecms/dam/att/consumer/global/logos/att_ globe_500x500.jpg https://soundcloud.com/user-634452212 B772W0WL.htm.2.dr false high https://i.xandr.com/2019/01/photo-1537651442520- B772W0WL.htm.2.dr false Avira URL Cloud: safe low 4fc506474507.jpg?auto=compress&fit=crop&fm=p https://www.instagram.com/xandr/ YQICUJRK.htm.2.dr false high https://www.xandr.com/social-responsibility/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/DataLivingLabs1R.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=346& https://github.com/sindresorhus/query-string js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.xandr.com/data/#audience-insights B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.glassdoor.com/Overview/Working-at-Xandr- YQICUJRK.htm.2.dr false high EI_IE2303526.11 https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false URL Reputation: safe low https://www.appnexus.com/en/error2Page {67AC28D7-73E7-11EA-AADD-C25F1 false high 35D3C65}.dat.1.dr www.youtube.com/ msapplication.xml7.1.dr false high https://clientfiles.tmpwebeng.com/tmp/tb- search-jobs[1].htm.2.dr false 0%, Virustotal, Browse unknown assets/ajd/jquery-scrolltofixed-min.js Avira URL Cloud: safe https://www.xandr.com/media/digital/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://att.inq.com inqChatLaunch10004119[1].js.2.dr false high https://github.com/js-cookie/js-cookie tb-core[1].js.2.dr false high https://ib.adnxs.com/aboutads?action_id= js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://instagram.com/xandr B772W0WL.htm.2.dr false high https://www.att.com/scripts/adobe/virtual/detm- B772W0WL.htm.2.dr false high container-ftr.js

Copyright Joe Security LLC 2020 Page 43 of 64 Name Source Malicious Antivirus Detection Reputation search-jobs[1].htm.2.dr false high https://tbcdn.talentbrew.com/company/25348/FULL_v2_0/img/ relatedcontent/img-rc-look-inside-retail-20 https://tbcdn.talentbrew.com/bundles/tb-core.js YQICUJRK.htm.2.dr false high https://www.xandr.com/privacy/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low w3.org/TR/2012/WD-url-20120524/#collect-url- js_1nbY82oPF04MMZOTEWnYLaOYl5w false high parameters Q0so7mAZQ1l0xyt0[1].js.2.dr https://console.appnexus.com/loginf ~DFB403319601620250.TMP.1.dr false high B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://i.xandr.com/2018/09/7c02a2c907ec8b492714b46788c5 1ff126fa852f.png?auto=compress&fit=crop& https://www.xandr.com/media/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://www.xandr.com//en/error#main-contentUser ~DFB403319601620250.TMP.1.dr false Avira URL Cloud: safe low https://www.xandr.com/apple-touch-icon.png B772W0WL.htm.2.dr false Avira URL Cloud: safe low https://github.com/ded/bowser js_1nbY82oPF04MMZOTEWnYLaOYl5w false high Q0so7mAZQ1l0xyt0[1].js.2.dr https://www.att.jobs/culture/ YQICUJRK.htm.2.dr false high https://www.xandr.com/legal/ B772W0WL.htm.2.dr false Avira URL Cloud: safe low attmonetization.config[1].js.2.dr false high https://www.att.com/scripts/adobe/prod/attmonetization/js/ https://i.xandr.com/2018/09/HP1.png? B772W0WL.htm.2.dr false Avira URL Cloud: safe low auto=compress&fit=crop&fm=png&h=355&ixlib=php-1. 0b48931e-9214-4700-96ed-45d0b5 false high https://geolocation.onetrust.com/cookieconsentpub/v1/geo/loc ef5ed0[1].js.2.dr ation

Contacted IPs

No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs

Public

IP Country Flag ASN ASN Name Malicious 74.125.133.157 United States 15169 unknown false 162.247.242.19 United States 23467 unknown false 31.13.92.36 Ireland 32934 unknown false 104.20.184.45 United States 13335 unknown false 104.20.184.68 United States 13335 unknown false 23.185.0.2 United States 54113 unknown false 206.17.25.188 United States 7018 unknown false 54.194.175.157 United States 16509 unknown false 152.199.21.2 United States 15133 unknown false

Copyright Joe Security LLC 2020 Page 44 of 64 IP Country Flag ASN ASN Name Malicious 104.16.95.80 United States 13335 unknown false 216.58.207.34 United States 15169 unknown false 172.217.18.6 United States 15169 unknown false 99.84.89.69 United States 16509 unknown false 185.60.216.19 Ireland 32934 unknown false 185.33.223.218 Netherlands 29990 unknown false 172.217.22.98 United States 15169 unknown false 3.248.163.0 United States 16509 unknown false 37.252.173.22 European Union 29990 unknown false

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 87 • 53 (DNS) • 443 (HTTPS) • 80 (HTTP)

TCP Packets

Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.118169069 CEST 49746 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.118309975 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.141499996 CEST 80 49746 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.141521931 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.142134905 CEST 49746 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.142158031 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.143296957 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.166332006 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.166488886 CEST 80 49747 37.252.173.22 192.168.2.5 Apr 1, 2020 00:07:13.166930914 CEST 49747 80 192.168.2.5 37.252.173.22 Apr 1, 2020 00:07:13.243746996 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.244868040 CEST 49749 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.261126995 CEST 80 49748 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.261429071 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.262192965 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.262274027 CEST 80 49749 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.262537956 CEST 49749 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.279582977 CEST 80 49748 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.279953003 CEST 80 49748 23.185.0.2 192.168.2.5

Copyright Joe Security LLC 2020 Page 45 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.280267000 CEST 49748 80 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.286406040 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.303790092 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.304137945 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.314064026 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.331450939 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334033966 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334059954 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334085941 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334110022 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.334278107 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.372472048 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.380688906 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.381109953 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.390172958 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.390855074 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.398339033 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.398582935 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.398818016 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.399147034 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399194956 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399247885 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399272919 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399296045 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399317980 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399339914 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399359941 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.399588108 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.408226013 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.408252001 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.415966034 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.415987015 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417032957 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417054892 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417170048 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417356014 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.417371035 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.420682907 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.421528101 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.504755020 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.506570101 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.522685051 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.522706032 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.523700953 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.526659012 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526834011 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526863098 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526887894 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526911974 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526936054 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526959896 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.526983023 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527007103 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527030945 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527683973 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.527812958 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.528644085 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.528789043 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.529791117 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.529937029 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.530092001 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.530631065 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.530761003 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.531610966 CEST 443 49750 23.185.0.2 192.168.2.5

Copyright Joe Security LLC 2020 Page 46 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:13.531753063 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.532629013 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.532766104 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.533788919 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.533932924 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.534599066 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.536276102 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.541165113 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541284084 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541311026 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.541466951 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.543129921 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.553925991 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.555892944 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.558398962 CEST 49750 443 192.168.2.5 23.185.0.2 Apr 1, 2020 00:07:13.561180115 CEST 443 49750 23.185.0.2 192.168.2.5 Apr 1, 2020 00:07:13.561206102 CEST 443 49750 23.185.0.2 192.168.2.5

UDP Packets

Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:11.596752882 CEST 59949 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:11.631742001 CEST 53 59949 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.081551075 CEST 61115 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.106873035 CEST 53 61115 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.204008102 CEST 57276 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.237638950 CEST 53 57276 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.516000032 CEST 54857 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.525022030 CEST 55750 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.549550056 CEST 53 54857 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.561242104 CEST 53 55750 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.622222900 CEST 50153 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.664716005 CEST 53 50153 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:13.725137949 CEST 51561 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:13.771359921 CEST 53 51561 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:15.760123014 CEST 65129 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:15.795283079 CEST 53 65129 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:15.934664965 CEST 52656 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:15.959981918 CEST 53 52656 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:29.497044086 CEST 63177 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:29.530654907 CEST 53 63177 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.265201092 CEST 56380 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.298897028 CEST 53 56380 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.401848078 CEST 62481 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.409461021 CEST 57208 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.418984890 CEST 50600 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.427222013 CEST 53 62481 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.452249050 CEST 53 57208 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.508610010 CEST 53 50600 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.769098043 CEST 63741 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.804402113 CEST 53 63741 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:33.897793055 CEST 62828 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:33.923127890 CEST 53 62828 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.050472021 CEST 59454 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.094774008 CEST 53 59454 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.125489950 CEST 61686 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.169137955 CEST 53 61686 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:34.269726992 CEST 55283 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:34.323036909 CEST 53 55283 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:37.835978031 CEST 57733 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.842097044 CEST 58376 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.849910975 CEST 62387 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:37.867463112 CEST 53 58376 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:37.869793892 CEST 53 57733 8.8.8.8 192.168.2.5

Copyright Joe Security LLC 2020 Page 47 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:07:37.875294924 CEST 53 62387 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.073276997 CEST 64974 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.108366013 CEST 53 64974 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.230519056 CEST 59408 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.271907091 CEST 53 59408 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.325227976 CEST 52145 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.383234978 CEST 53 52145 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.408449888 CEST 50302 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.413273096 CEST 54176 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.442156076 CEST 53 50302 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.446870089 CEST 53 54176 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:38.920542002 CEST 50000 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:38.958180904 CEST 53 50000 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.088377953 CEST 61180 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.125282049 CEST 53 61180 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.214246035 CEST 60708 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.441368103 CEST 53 60708 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.612936974 CEST 56131 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.685925007 CEST 53 56131 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:39.905286074 CEST 59438 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:39.940862894 CEST 53 59438 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:40.383793116 CEST 53102 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:40.431798935 CEST 53 53102 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:41.710558891 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:41.733462095 CEST 63564 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:41.744235992 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:41.776959896 CEST 53 63564 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:42.714658022 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:42.751928091 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:43.822369099 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:43.847706079 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:45.840655088 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:45.866178036 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:47.070136070 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:47.103641987 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:48.080809116 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:48.106132984 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:49.084228992 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:49.109615088 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:49.861294031 CEST 52818 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:49.894895077 CEST 53 52818 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:51.093071938 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:51.118433952 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:55.076518059 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:55.101865053 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:55.144308090 CEST 54338 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:55.169801950 CEST 53 54338 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:56.094702959 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:56.120018005 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:57.119791031 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:57.145201921 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:07:59.142739058 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:07:59.168097019 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:08:03.175103903 CEST 49866 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:08:03.200412989 CEST 53 49866 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:07.253500938 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:07.278914928 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:08.433252096 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:08.458534956 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:09.459152937 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:09.484453917 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:11.460016966 CEST 59815 53 192.168.2.5 8.8.8.8 Apr 1, 2020 00:09:11.493691921 CEST 53 59815 8.8.8.8 192.168.2.5 Apr 1, 2020 00:09:15.483604908 CEST 59815 53 192.168.2.5 8.8.8.8

Copyright Joe Security LLC 2020 Page 48 of 64 Timestamp Source Port Dest Port Source IP Dest IP Apr 1, 2020 00:09:15.508884907 CEST 53 59815 8.8.8.8 192.168.2.5

DNS Queries

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Apr 1, 2020 00:07:13.081551075 CEST 192.168.2.5 8.8.8.8 0x680e Standard query ib.adnxs.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:13.204008102 CEST 192.168.2.5 8.8.8.8 0x42cb Standard query www.appnex A (IP address) IN (0x0001) (0) us.com Apr 1, 2020 00:07:13.516000032 CEST 192.168.2.5 8.8.8.8 0xde41 Standard query app-ab13.m A (IP address) IN (0x0001) (0) arketo.com Apr 1, 2020 00:07:13.525022030 CEST 192.168.2.5 8.8.8.8 0x5154 Standard query addevent.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:15.760123014 CEST 192.168.2.5 8.8.8.8 0x85ab Standard query js-agent.n A (IP address) IN (0x0001) (0) ewrelic.com Apr 1, 2020 00:07:15.934664965 CEST 192.168.2.5 8.8.8.8 0x4885 Standard query bam.nr-data.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:29.497044086 CEST 192.168.2.5 8.8.8.8 0x896b Standard query www.appnex A (IP address) IN (0x0001) (0) us.com Apr 1, 2020 00:07:33.265201092 CEST 192.168.2.5 8.8.8.8 0x64b9 Standard query www.xandr.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.401848078 CEST 192.168.2.5 8.8.8.8 0x80fe Standard query cookie-cdn A (IP address) IN (0x0001) (0) .cookiepro.com Apr 1, 2020 00:07:33.409461021 CEST 192.168.2.5 8.8.8.8 0x5c56 Standard query www.att.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.418984890 CEST 192.168.2.5 8.8.8.8 0xe23b Standard query i.xandr.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.769098043 CEST 192.168.2.5 8.8.8.8 0xf56e Standard query dpm.demdex.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:33.897793055 CEST 192.168.2.5 8.8.8.8 0x8f87 Standard query geolocatio A (IP address) IN (0x0001) (0) n.onetrust.com Apr 1, 2020 00:07:34.050472021 CEST 192.168.2.5 8.8.8.8 0x5a91 Standard query smetrics.att.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:34.125489950 CEST 192.168.2.5 8.8.8.8 0xb96b Standard query fls.doubleclick.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:37.835978031 CEST 192.168.2.5 8.8.8.8 0xb8da Standard query att.inq.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:37.849910975 CEST 192.168.2.5 8.8.8.8 0xb630 Standard query connect.fa A (IP address) IN (0x0001) (0) cebook.net Apr 1, 2020 00:07:38.073276997 CEST 192.168.2.5 8.8.8.8 0xa638 Standard query www.facebo A (IP address) IN (0x0001) (0) ok.com Apr 1, 2020 00:07:38.230519056 CEST 192.168.2.5 8.8.8.8 0x366f Standard query 6100125.fl A (IP address) IN (0x0001) (0) s.doubleclick.net Apr 1, 2020 00:07:38.408449888 CEST 192.168.2.5 8.8.8.8 0xf099 Standard query secure.adn A (IP address) IN (0x0001) (0) xs.com Apr 1, 2020 00:07:38.920542002 CEST 192.168.2.5 8.8.8.8 0x39fb Standard query d.agkn.com A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.088377953 CEST 192.168.2.5 8.8.8.8 0x69d4 Standard query xandr.att.jobs A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.214246035 CEST 192.168.2.5 8.8.8.8 0x80bc Standard query www.xandr.jobs A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:39.612936974 CEST 192.168.2.5 8.8.8.8 0x3d10 Standard query tbcdn.tale A (IP address) IN (0x0001) (0) ntbrew.com Apr 1, 2020 00:07:39.905286074 CEST 192.168.2.5 8.8.8.8 0x79ec Standard query hello.myfonts.net A (IP address) IN (0x0001) (0) Apr 1, 2020 00:07:41.733462095 CEST 192.168.2.5 8.8.8.8 0xbd53 Standard query stats.g.do A (IP address) IN (0x0001) (0) ubleclick.net

DNS Answers

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.adnxs.com g.geogslb.com CNAME IN (0x0001) 00:07:13.106873035 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) g.geogslb.com ib.anycast.adnxs.com CNAME IN (0x0001) 00:07:13.106873035 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.22 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.27 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST

Copyright Joe Security LLC 2020 Page 49 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.36 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.250 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.38 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.173.38 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.37 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x680e No error (0) ib.anycast 37.252.172.45 A (IP address) IN (0x0001) 00:07:13.106873035 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) www.appnex live- CNAME IN (0x0001) 00:07:13.237638950 us.com appnexus.pantheonsite.io (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) live-appne fe2.edge.pantheon.io CNAME IN (0x0001) 00:07:13.237638950 xus.panthe (Canonical CEST onsite.io name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x42cb No error (0) fe2.edge.p 23.185.0.2 A (IP address) IN (0x0001) 00:07:13.237638950 antheon.io CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) app-ab13.m ab13.mktoedge.com CNAME IN (0x0001) 00:07:13.549550056 arketo.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.95.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.94.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.93.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.92.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xde41 No error (0) ab13.mktoe 104.16.96.80 A (IP address) IN (0x0001) 00:07:13.549550056 dge.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 54.194.175.157 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 52.19.76.46 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5154 No error (0) addevent.com 34.246.31.200 A (IP address) IN (0x0001) 00:07:13.561242104 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x85ab No error (0) js-agent.n f4.shared.global.fastly.net CNAME IN (0x0001) 00:07:15.795283079 ewrelic.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.19 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.18 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.20 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4885 No error (0) bam.nr-data.net 162.247.242.21 A (IP address) IN (0x0001) 00:07:15.959981918 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) www.appnex live- CNAME IN (0x0001) 00:07:29.530654907 us.com appnexus.pantheonsite.io (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) live-appne fe2.edge.pantheon.io CNAME IN (0x0001) 00:07:29.530654907 xus.panthe (Canonical CEST onsite.io name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x896b No error (0) fe2.edge.p 23.185.0.2 A (IP address) IN (0x0001) 00:07:29.530654907 antheon.io CEST

Copyright Joe Security LLC 2020 Page 50 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x64b9 No error (0) www.xandr.com www.xandr.com.cdn.clou CNAME IN (0x0001) 00:07:33.298897028 dflare.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80fe No error (0) cookie-cdn 104.20.184.45 A (IP address) IN (0x0001) 00:07:33.427222013 .cookiepro.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x80fe No error (0) cookie-cdn 104.20.185.45 A (IP address) IN (0x0001) 00:07:33.427222013 .cookiepro.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5c56 No error (0) www.att.com prod-www.zr- CNAME IN (0x0001) 00:07:33.452249050 att.com.akadns.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xe23b No error (0) i.xandr.com i.xandr.com.cdn.cloudflar CNAME IN (0x0001) 00:07:33.508610010 e.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dpm.demdex.net gslb-2.demdex.net CNAME IN (0x0001) 00:07:33.804402113 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) gslb-2.dem edge-irl1.demdex.net CNAME IN (0x0001) 00:07:33.804402113 dex.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) edge-irl1. dcs-edge-irl1- CNAME IN (0x0001) 00:07:33.804402113 demdex.net 876252164.eu-west- (Canonical CEST 1.elb.amazonaws.com name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 3.248.163.0 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 34.252.123.130 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.49.234.3 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.50.37.223 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.208.194.150 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.209.191.154 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.50.184.22 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0xf56e No error (0) dcs-edge-irl1- 52.208.212.211 A (IP address) IN (0x0001) 00:07:33.804402113 876252164.eu- CEST west-1.elb.am azonaws.com Apr 1, 2020 8.8.8.8 192.168.2.5 0x8f87 No error (0) geolocatio 104.20.184.68 A (IP address) IN (0x0001) 00:07:33.923127890 n.onetrust.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x8f87 No error (0) geolocatio 104.20.185.68 A (IP address) IN (0x0001) 00:07:33.923127890 n.onetrust.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x5a91 No error (0) smetrics.att.com smetrics.att.com.edgekey CNAME IN (0x0001) 00:07:34.094774008 .net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xb96b No error (0) fls.double dart.l.doubleclick.net CNAME IN (0x0001) 00:07:34.169137955 click.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xb96b No error (0) dart.l.dou 172.217.18.6 A (IP address) IN (0x0001) 00:07:34.169137955 bleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xc5e0 No error (0) pagead.l.d 216.58.207.34 A (IP address) IN (0x0001) 00:07:34.323036909 oubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xb8da No error (0) att.inq.com 206.17.25.188 A (IP address) IN (0x0001) 00:07:37.869793892 CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xb630 No error (0) connect.fa scontent.xx.fbcdn.net CNAME IN (0x0001) 00:07:37.875294924 cebook.net (Canonical CEST name) Copyright Joe Security LLC 2020 Page 51 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0xb630 No error (0) scontent.x 185.60.216.19 A (IP address) IN (0x0001) 00:07:37.875294924 x.fbcdn.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xa638 No error (0) www.facebo star- CNAME IN (0x0001) 00:07:38.108366013 ok.com mini.c10r.facebook.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xa638 No error (0) star-mini. 31.13.92.36 A (IP address) IN (0x0001) 00:07:38.108366013 c10r.faceb CEST ook.com Apr 1, 2020 8.8.8.8 192.168.2.5 0x366f No error (0) 6100125.fl dart.l.doubleclick.net CNAME IN (0x0001) 00:07:38.271907091 s.doubleclick.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x366f No error (0) dart.l.dou 172.217.18.6 A (IP address) IN (0x0001) 00:07:38.271907091 bleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) secure.adn g.geogslb.com CNAME IN (0x0001) 00:07:38.442156076 xs.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) g.geogslb.com ib.anycast.adnxs.com CNAME IN (0x0001) 00:07:38.442156076 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.218 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.203 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.206 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.210 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.202 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.216 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.208 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xf099 No error (0) ib.anycast 185.33.223.215 A (IP address) IN (0x0001) 00:07:38.442156076 .adnxs.com CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x4729 No error (0) pagead46.l 172.217.22.98 A (IP address) IN (0x0001) 00:07:38.446870089 .doubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d.agkn.com data.agkn.com CNAME IN (0x0001) 00:07:38.958180904 (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) data.agkn.com d2ctznuk6ro1vp.cloudfron CNAME IN (0x0001) 00:07:38.958180904 t.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.69 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.76 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.87 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x39fb No error (0) d2ctznuk6r 99.84.89.85 A (IP address) IN (0x0001) 00:07:38.958180904 o1vp.cloud CEST front.net Apr 1, 2020 8.8.8.8 192.168.2.5 0x69d4 No error (0) xandr.att.jobs xandr-att- CNAME IN (0x0001) 00:07:39.125282049 jobs.talentbrew.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x69d4 No error (0) xandr-att- xandr.att.jobs.edgekey.ne CNAME IN (0x0001) 00:07:39.125282049 jobs.talen t (Canonical CEST tbrew.com name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80bc No error (0) www.xandr.jobs www-xandr- CNAME IN (0x0001) 00:07:39.441368103 jobs.talentbrew.com (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x80bc No error (0) www-xandr- www.xandr.jobs.edgekey. CNAME IN (0x0001) 00:07:39.441368103 jobs.talen net (Canonical CEST tbrew.com name)

Copyright Joe Security LLC 2020 Page 52 of 64 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 1, 2020 8.8.8.8 192.168.2.5 0x3d10 No error (0) tbcdn.tale tbcdn.talentbrew.com- CNAME IN (0x0001) 00:07:39.685925007 ntbrew.com v1.edgekey.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) hello.myfonts.net cs977.wpc.4b7e.edgecast CNAME IN (0x0001) 00:07:39.940862894 cdn.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) cs977.wpc. cs977204322.wpc.edgeca CNAME IN (0x0001) 00:07:39.940862894 4b7e.edgec stcdn.net (Canonical CEST astcdn.net name) Apr 1, 2020 8.8.8.8 192.168.2.5 0x79ec No error (0) cs97720432 152.199.21.2 A (IP address) IN (0x0001) 00:07:39.940862894 2.wpc.edge CEST castcdn.net Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.g.do stats.l.doubleclick.net CNAME IN (0x0001) 00:07:41.776959896 ubleclick.net (Canonical CEST name) Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.157 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.156 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.154 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST Apr 1, 2020 8.8.8.8 192.168.2.5 0xbd53 No error (0) stats.l.do 74.125.133.155 A (IP address) IN (0x0001) 00:07:41.776959896 ubleclick.net CEST

HTTP Request Dependency Graph

ib.adnxs.com www.appnexus.com

HTTP Packets

Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.5 49747 37.252.173.22 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe

kBytes Timestamp transferred Direction Data Apr 1, 2020 1 OUT GET / HTTP/1.1 00:07:13.143296957 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ib.adnxs.com Connection: Keep-Alive Apr 1, 2020 1 IN HTTP/1.1 302 Found 00:07:13.166488886 CEST Server: nginx/1.13.4 Date: Tue, 31 Mar 2020 22:07:15 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Location: http://www.appnexus.com/en/error AN-X-Request-Uuid: 7fb9d93b-da21-4e3d-acf7-2617ee3897a8 X-Proxy-Origin: 84.17.52.22; 84.17.52.22; 536.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.184:80

Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.5 49748 23.185.0.2 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe

kBytes Timestamp transferred Direction Data Apr 1, 2020 2 OUT GET /en/error HTTP/1.1 00:07:13.262192965 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: www.appnexus.com

Copyright Joe Security LLC 2020 Page 53 of 64 kBytes Timestamp transferred Direction Data Apr 1, 2020 3 IN HTTP/1.1 301 Moved Permanently 00:07:13.279953003 CEST Content-Type: text/html; charset=UTF-8 Location: https://www.appnexus.com/en/error Server: nginx X-Pantheon-Styx-Hostname: styx-fe2-b-b94bb8456-2mvr7 X-Styx-Req-Id: 86ed7673-72ef-11ea-9be2-56f714405474 Cache-Control: public, max-age=86400 Content-Length: 0 Date: Tue, 31 Mar 2020 22:07:13 GMT Connection: keep-alive X-Served-By: cache-mdw17344-MDW, cache-hhn4060-HHN X-Cache: HIT, HIT X-Cache-Hits: 3, 2 X-Timer: S1585692433.270763,VS0,VE0 Vary: Cookie, Cookie Age: 74066 Accept-Ranges: bytes Via: 1.1 varnish

HTTPS Packets

Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 23.185.0.2 443 192.168.2.5 49750 CN=5677090456207360- CN=Let's Encrypt Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.334110022 fe2.pantheonsite.io CN=Let's Authority X3, O=Let's 23 21 49195-49200- 424db3a98c CEST Encrypt Authority X3, O=Let's Encrypt, C=US 08:31:38 09:31:38 49199-49188- Encrypt, C=US CN=DST Root CA X3, CET CEST 49187-49192- O=Digital Signature 2020 2020 49191-49162- Trust Co. Thu Mar Wed 49161-49172- 17 Mar 17 49171-157-156- 17:40:46 17:40:46 61-60-53-47- CET CET 10,0-10-11-13- 2016 2021 35-16-23-24- 65281,29-23- CN=Let's Encrypt Authority CN=DST Root CA X3, Thu Mar Wed 24,0 X3, O=Let's Encrypt, C=US O=Digital Signature 17 Mar 17 Trust Co. 17:40:46 17:40:46 CET CET 2016 2021 Apr 1, 2020 104.16.95.80 443 192.168.2.5 49753 CN=app-ab13.marketo.com, CN=CloudFlare Inc Wed Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.640922070 O="Cloudflare, Inc.", L=San ECC CA-2, Jan 22 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2020 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020 Apr 1, 2020 104.16.95.80 443 192.168.2.5 49754 CN=app-ab13.marketo.com, CN=CloudFlare Inc Wed Fri Oct 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.642187119 O="Cloudflare, Inc.", L=San ECC CA-2, Jan 22 09 49195-49200- 424db3a98c CEST Francisco, ST=CA, C=US O="CloudFlare, Inc.", 01:00:00 14:00:00 49199-49188- CN=CloudFlare Inc ECC CA- L=San Francisco, CET CEST 49187-49192- 2, O="CloudFlare, Inc.", ST=CA, C=US 2020 2020 Fri 49191-49162- L=San Francisco, ST=CA, CN=Baltimore Wed Oct Oct 09 49161-49172- C=US CyberTrust Root, 14 14:00:00 49171-157-156- OU=CyberTrust, 14:00:00 CEST 61-60-53-47- O=Baltimore, C=IE CEST 2020 10,0-10-11-13- 2015 35-16-23-24- 65281,29-23- CN=CloudFlare Inc ECC CA- CN=Baltimore Wed Oct Fri Oct 24,0 2, O="CloudFlare, Inc.", CyberTrust Root, 14 09 L=San Francisco, ST=CA, OU=CyberTrust, 14:00:00 14:00:00 C=US O=Baltimore, C=IE CEST CEST 2015 2020

Copyright Joe Security LLC 2020 Page 54 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 54.194.175.157 443 192.168.2.5 49751 CN=addevent.com CN=Amazon, Fri Mar Tue Apr 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.672312975 CN=Amazon, OU=Server CA OU=Server CA 1B, 13 13 49195-49200- 424db3a98c CEST 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CET CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Apr 1, 2020 54.194.175.157 443 192.168.2.5 49752 CN=addevent.com CN=Amazon, Fri Mar Tue Apr 771,49196- 9e10692f1b7f78228b2d4e 00:07:13.674535990 CN=Amazon, OU=Server CA OU=Server CA 1B, 13 13 49195-49200- 424db3a98c CEST 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA CET CEST 49187-49192- O=Amazon, C=US 1, O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23- ST=Arizona, C=US May 25 31 24,0 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root CA Thu Oct Sun Oct 1B, O=Amazon, C=US 1, O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

Copyright Joe Security LLC 2020 Page 55 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 162.247.242.19 443 192.168.2.5 49761 CN=*.nr-data.net, O="New CN=DigiCert SHA2 Wed Tue Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:16.219414949 Relic, Inc.", L=San Secure Server CA, Feb 05 08 49195-49200- 424db3a98c CEST Francisco, ST=California, O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- C=US CN=DigiCert SHA2 CN=DigiCert Global CET CET 49187-49192- Secure Server CA, Root CA, 2020 Fri 2022 49191-49162- O=DigiCert Inc, C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 162.247.242.19 443 192.168.2.5 49762 CN=*.nr-data.net, O="New CN=DigiCert SHA2 Wed Tue Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:16.219531059 Relic, Inc.", L=San Secure Server CA, Feb 05 08 49195-49200- 424db3a98c CEST Francisco, ST=California, O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- C=US CN=DigiCert SHA2 CN=DigiCert Global CET CET 49187-49192- Secure Server CA, Root CA, 2020 Fri 2022 49191-49162- O=DigiCert Inc, C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 23.185.0.2 443 192.168.2.5 49763 CN=5677090456207360- CN=Let's Encrypt Mon Mar Sun Jun 771,49196- 37f463bf4616ecd445d4a1 00:07:29.587958097 fe2.pantheonsite.io CN=Let's Authority X3, O=Let's 23 21 49195-49200- 937da06e19 CEST Encrypt Authority X3, O=Let's Encrypt, C=US 08:31:38 09:31:38 49199-49188- Encrypt, C=US CN=DST Root CA X3, CET CEST 49187-49192- O=Digital Signature 2020 2020 49191-49162- Trust Co. Thu Mar Wed 49161-49172- 17 Mar 17 49171-157-156- 17:40:46 17:40:46 61-60-53-47- CET CET 10,0-10-11-13- 2016 2021 35-23-65281,29- 23-24,0 CN=Let's Encrypt Authority CN=DST Root CA X3, Thu Mar Wed X3, O=Let's Encrypt, C=US O=Digital Signature 17 Mar 17 Trust Co. 17:40:46 17:40:46 CET CET 2016 2021 Apr 1, 2020 104.20.184.45 443 192.168.2.5 49766 CN=*.cookiepro.com, CN=DigiCert SHA2 Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.482382059 O=OneTrust LLC, L=Atlanta, Secure Server CA, May 16 May 20 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CEST CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 104.20.184.45 443 192.168.2.5 49767 CN=*.cookiepro.com, CN=DigiCert SHA2 Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.488683939 O=OneTrust LLC, L=Atlanta, Secure Server CA, May 16 May 20 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CEST CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023

Copyright Joe Security LLC 2020 Page 56 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 3.248.163.0 443 192.168.2.5 49776 CN=*.demdex.net, CN=DigiCert SHA2 Tue Jan Fri Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.908262014 OU=Digital Marketing, High Assurance Server 09 12 49195-49200- 424db3a98c CEST O=Adobe Systems CA, 01:00:00 13:00:00 49199-49188- Incorporated, L=San Jose, OU=www.digicert.com, CET CET 49187-49192- ST=California, C=US O=DigiCert Inc, C=US 2018 2021 49191-49162- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 49161-49172- Assurance Server CA, Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 3.248.163.0 443 192.168.2.5 49777 CN=*.demdex.net, CN=DigiCert SHA2 Tue Jan Fri Feb 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.909495115 OU=Digital Marketing, High Assurance Server 09 12 49195-49200- 424db3a98c CEST O=Adobe Systems CA, 01:00:00 13:00:00 49199-49188- Incorporated, L=San Jose, OU=www.digicert.com, CET CET 49187-49192- ST=California, C=US O=DigiCert Inc, C=US 2018 2021 49191-49162- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 49161-49172- Assurance Server CA, Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 104.20.184.68 443 192.168.2.5 49778 CN=*.onetrust.com, CN=DigiCert SHA2 Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.965708971 O=OneTrust LLC, L=Atlanta, Secure Server CA, 12 14 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 01:00:00 02:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CET CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 104.20.184.68 443 192.168.2.5 49779 CN=*.onetrust.com, CN=DigiCert SHA2 Mon Mar Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:33.966504097 O=OneTrust LLC, L=Atlanta, Secure Server CA, 12 14 49195-49200- 424db3a98c CEST ST=Georgia, C=US O=DigiCert Inc, C=US 01:00:00 02:00:00 49199-49188- CN=DigiCert SHA2 Secure CN=DigiCert Global CET CEST 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2018 Fri 2020 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49783 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.283333063 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021

Copyright Joe Security LLC 2020 Page 57 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 172.217.18.6 443 192.168.2.5 49782 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.283704042 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 216.58.207.34 443 192.168.2.5 49785 CN=www.googleadservices.c CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.684885025 om, O=Google LLC, O=Google Trust 03 26 49195-49200- 424db3a98c CEST L=Mountain View, Services, C=US 10:45:04 11:45:04 49199-49188- ST=California, C=US CN=GlobalSign, CET CEST 49187-49192- CN=GTS CA 1O1, O=Google O=GlobalSign, 2020 2020 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 216.58.207.34 443 192.168.2.5 49784 CN=www.googleadservices.c CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:34.711791992 om, O=Google LLC, O=Google Trust 03 26 49195-49200- 424db3a98c CEST L=Mountain View, Services, C=US 10:45:04 11:45:04 49199-49188- ST=California, C=US CN=GlobalSign, CET CEST 49187-49192- CN=GTS CA 1O1, O=Google O=GlobalSign, 2020 2020 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 37.252.173.22 443 192.168.2.5 49788 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.895725012 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 37.252.173.22 443 192.168.2.5 49789 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.899161100 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023

Copyright Joe Security LLC 2020 Page 58 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 185.60.216.19 443 192.168.2.5 49794 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.921183109 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 185.60.216.19 443 192.168.2.5 49795 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:37.921241999 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 206.17.25.188 443 192.168.2.5 49793 CN=*.inq.com, O="NUANCE CN=GeoTrust RSA CA Wed Oct Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.129968882 COMMUNICATIONS, INC.", 2018, 30 Dec 08 49195-49200- 424db3a98c CEST L=BURLINGTON, OU=www.digicert.com, 01:00:00 13:00:00 49199-49188- ST=Massachusetts, C=US O=DigiCert Inc, C=US CET CET 49187-49192- CN=GeoTrust RSA CA 2018, CN=DigiCert Global 2019 2021 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- CN=DigiCert Global Root CA, O=DigiCert Inc, C=US 13:23:45 13:23:45 61-60-53-47- OU=www.digicert.com, CN=DigiCert Global CET CET 10,0-10-11-13- O=DigiCert Inc, C=US Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=GeoTrust RSA CA 2018, CN=DigiCert Global Mon Sat Nov OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:45 13:23:45 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 Apr 1, 2020 206.17.25.188 443 192.168.2.5 49792 CN=*.inq.com, O="NUANCE CN=GeoTrust RSA CA Wed Oct Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.134243965 COMMUNICATIONS, INC.", 2018, 30 Dec 08 49195-49200- 424db3a98c CEST L=BURLINGTON, OU=www.digicert.com, 01:00:00 13:00:00 49199-49188- ST=Massachusetts, C=US O=DigiCert Inc, C=US CET CET 49187-49192- CN=GeoTrust RSA CA 2018, CN=DigiCert Global 2019 2021 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- CN=DigiCert Global Root CA, O=DigiCert Inc, C=US 13:23:45 13:23:45 61-60-53-47- OU=www.digicert.com, CN=DigiCert Global CET CET 10,0-10-11-13- O=DigiCert Inc, C=US Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=GeoTrust RSA CA 2018, CN=DigiCert Global Mon Sat Nov OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:45 13:23:45 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031

Copyright Joe Security LLC 2020 Page 59 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 31.13.92.36 443 192.168.2.5 49796 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.163314104 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 31.13.92.36 443 192.168.2.5 49797 CN=*.facebook.com, CN=DigiCert SHA2 Sun Mar Sat May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.166361094 O="Facebook, Inc.", L=Menlo High Assurance Server 01 30 49195-49200- 424db3a98c CEST Park, ST=California, C=US CA, 01:00:00 14:00:00 49199-49188- CN=DigiCert SHA2 High OU=www.digicert.com, CET CEST 49187-49192- Assurance Server CA, O=DigiCert Inc, C=US 2020 2020 49191-49162- OU=www.digicert.com, CN=DigiCert High Tue Oct Sun Oct 49161-49172- O=DigiCert Inc, C=US Assurance EV Root CA, 22 22 49171-157-156- OU=www.digicert.com, 14:00:00 14:00:00 61-60-53-47- O=DigiCert Inc, C=US CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct 24,0 Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49798 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.339567900 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 172.217.18.6 443 192.168.2.5 49799 CN=*.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.340306997 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:27 11:37:27 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 185.33.223.218 443 192.168.2.5 49801 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.510234118 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023

Copyright Joe Security LLC 2020 Page 60 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 185.33.223.218 443 192.168.2.5 49802 CN=*.adnxs.com, CN=DigiCert ECC Wed Mon Mar 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.510869980 O="AppNexus, Inc.", L=New Secure Server CA, Jan 23 08 49195-49200- 424db3a98c CEST York, ST=New York, C=US O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- CN=DigiCert ECC Secure CN=DigiCert Global CET CET 49187-49192- Server CA, O=DigiCert Inc, Root CA, 2019 Fri 2021 49191-49162- C=US OU=www.digicert.com, Mar 08 Wed 49161-49172- O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert ECC Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 172.217.22.98 443 192.168.2.5 49804 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.512744904 LLC, L=Mountain View, O=Google Trust 03 26 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:45:25 11:45:25 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 172.217.22.98 443 192.168.2.5 49803 CN=*.google.com, O=Google CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:38.512919903 LLC, L=Mountain View, O=Google Trust 03 26 49195-49200- 424db3a98c CEST ST=California, C=US Services, C=US 10:45:25 11:45:25 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 99.84.89.69 443 192.168.2.5 49806 CN=*.agkn.com CN=RapidSSL RSA CA Thu Jun Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:39.019800901 CN=RapidSSL RSA CA 2018, 21 Sep 16 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, OU=www.digicert.com, 02:00:00 14:00:00 49199-49188- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert Global Root CA, CN=DigiCert Global 2018 2020 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CN=DigiCert Global CET CET 10,0-10-11-13- Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031

Copyright Joe Security LLC 2020 Page 61 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 1, 2020 99.84.89.69 443 192.168.2.5 49805 CN=*.agkn.com CN=RapidSSL RSA CA Thu Jun Wed 771,49196- 9e10692f1b7f78228b2d4e 00:07:39.020437002 CN=RapidSSL RSA CA 2018, 21 Sep 16 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, OU=www.digicert.com, 02:00:00 14:00:00 49199-49188- O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert Global Root CA, CN=DigiCert Global 2018 2020 49191-49162- OU=www.digicert.com, Root CA, Mon Sat Nov 49161-49172- O=DigiCert Inc, C=US OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CN=DigiCert Global CET CET 10,0-10-11-13- Root CA, 2017 Fri 2027 35-16-23-24- OU=www.digicert.com, Nov 10 Mon 65281,29-23- O=DigiCert Inc, C=US 01:00:00 Nov 10 24,0 CET 01:00:00 2006 CET 2031 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, OU=www.digicert.com, Root CA, Nov 06 06 O=DigiCert Inc, C=US OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US CET CET 2017 2027 CN=DigiCert Global Root CA, CN=DigiCert Global Fri Nov Mon OU=www.digicert.com, Root CA, 10 Nov 10 O=DigiCert Inc, C=US OU=www.digicert.com, 01:00:00 01:00:00 O=DigiCert Inc, C=US CET CET 2006 2031 Apr 1, 2020 152.199.21.2 443 192.168.2.5 49817 CN=hello.myfonts.net, CN=DigiCert SHA2 Mon Jun Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:40.172338009 OU=SecOps, O=MyFonts Secure Server CA, 03 07 49195-49200- 424db3a98c CEST Inc, L=Woburn, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Massachusetts, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2019 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 152.199.21.2 443 192.168.2.5 49818 CN=hello.myfonts.net, CN=DigiCert SHA2 Mon Jun Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 00:07:40.214620113 OU=SecOps, O=MyFonts Secure Server CA, 03 07 49195-49200- 424db3a98c CEST Inc, L=Woburn, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=Massachusetts, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2019 Fri 2021 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Apr 1, 2020 74.125.133.157 443 192.168.2.5 49821 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:41.888290882 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:30 11:37:30 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed 24,0 Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Apr 1, 2020 74.125.133.157 443 192.168.2.5 49822 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Mar Tue May 771,49196- 9e10692f1b7f78228b2d4e 00:07:41.888767958 O=Google LLC, L=Mountain O=Google Trust 03 26 49195-49200- 424db3a98c CEST View, ST=California, C=US Services, C=US 10:37:30 11:37:30 49199-49188- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49187-49192- Trust Services, C=US O=GlobalSign, 2020 2020 49191-49162- OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- 24,0

Copyright Joe Security LLC 2020 Page 62 of 64 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021

Code Manipulations

Statistics

Behavior

• iexplore.exe • iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4776 Parent PID: 696

General

Start time: 00:07:10 Start date: 01/04/2020 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff7091b0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: false Programmed in: C, C++ or other language Reputation: low

File Activities

Source File Path Access Attributes Options Completion Count Address Symbol

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Registry Activities

Source Key Path Completion Count Address Symbol

Source Key Path Name Type Data Completion Count Address Symbol

Source Key Path Name Type Old Data New Data Completion Count Address Symbol

Analysis Process: iexplore.exe PID: 2872 Parent PID: 4776