ID: 430663 Cookbook: browseurl.jbs Time: 19:08:03 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report https://efax-01.simplesite.com/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Dropped Files 3 Sigma Overview 3 Signature Overview 3 AV Detection: 4 Phishing: 4 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 6 Initial Sample 6 Dropped Files 6 Unpacked PE Files 6 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 Contacted URLs 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 8 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Created / dropped Files 9 Static File Info 32 No static file info 32 Network Behavior 32 Network Port Distribution 32 TCP Packets 32 UDP Packets 32 DNS Queries 32 DNS Answers 32 HTTPS Packets 34 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: iexplore.exe PID: 2644 Parent PID: 792 43 General 43 File Activities 43 Registry Activities 43 Analysis Process: iexplore.exe PID: 4688 Parent PID: 2644 43 General 43 File Activities 43 Registry Activities 43 Disassembly 43

Copyright Joe Security LLC 2021 Page 2 of 43 Analysis Report https://efax-01.simplesite.com/

Overview

General Information Detection Signatures Classification

Sample URL: https://efax-01.simpl esite.com/ AAnntttiiivviiirrruuss ddeettteecctttiiioonn fffoorrr UURRLL oorrr ddoomaaiiinn

Analysis ID: 430663 YAYanarrtraiav idrdueesttte edccettteeteddc HtHiotttmn lllfPPohrh iiiUsshhR11L00 or domain Infos: PYPhahiirissahh diiinneggt e ssciiitttee d dd eHetttteemcctlttPeedhd i (s((bbhaa1ss0eedd oonn llloogg…

Ransomware Most interesting Screenshot: Phishing site detected (based on log HPHThTiMshLLi n bbgoo dsdyiyt e cc odonentttaeaiciinntses d llloo (wwb a nnsuuemdb boeenrrr loofffg … Miner Spreading

HHTTMLL tbtiitotlleed ydd ocoeoesns t nanoiontt s m loaawttcc hhn uUUmRRbLLer of mmaallliiiccciiioouusss HHTTMLL tttiiitttlllee ddooeess nnoottt maatttcchh UURRLL malicious

Evader Phishing

sssuusssppiiiccciiioouusss SHSuTussMppLiiicc iitioiotuluess d fffoorerrms nUUoRRt LLm fffaootuucnhnd dURL suspicious

cccllleeaann

clean Suspicious form URL found Exploiter Banker

HTMLPhisher Spyware Trojan / Bot Adware

Score: 60 Range: 0 - 100 Whitelisted: false Confidence: 100%

Process Tree

System is w10x64 iexplore.exe (PID: 2644 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4688 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2644 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source Rule Description Author Strings C:\Users\user\AppData\Local\Microsoft\Windows\INet JoeSecurity_HtmlPhish_10 Yara detected Joe Security Cache\IE\PSUEOSZZ\YUYTH2QQ.htm HtmlPhish_10

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright Joe Security LLC 2021 Page 3 of 43 Click to jump to signature section

AV Detection:

Antivirus detection for URL or domain

Phishing:

Yara detected HtmlPhish10

Phishing site detected (based on logo template match)

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information 1 Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Copyright Joe Security LLC 2021 Page 4 of 43 Hide Legend Behavior Graph Legend: ID: 430663 Process URL: https://efax-01.simplesite.com/ Startdate: 07/06/2021 Signature Architecture: WINDOWS Created File Score: 60 DNS/IP Info Is Dropped

efax-01.simplesite.com Is Windows Process

Number of created Registry Values started Number of created Files

Phishing site detected Antivirus detection Yara detected HtmlPhish10 (based on logo template Visual Basic for URL or domain match) Delphi

Java

iexplore.exe .Net C# or VB.NET

C, C++ or other language

6 62 Is malicious

Internet started

iexplore.exe

9 159

pages-wildcard.weebly.com weebly.map.fastly.net

199.34.228.54, 443, 49758, 49759 151.101.1.46, 443, 49764, 49765 11 other IPs or domains dropped WEEBLYUS FASTLYUS United States United States

C:\Users\user\AppData\Local\...\YUYTH2QQ.htm, HTML

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 5 of 43 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://efax-01.simplesite.com/ 0% Virustotal Browse https://efax-01.simplesite.com/ 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source Detection Scanner Label Link weebly.map.fastly.net 0% Virustotal Browse

URLs

Source Detection Scanner Label Link

Copyright Joe Security LLC 2021 Page 6 of 43 Source Detection Scanner Label Link https://securemailoffice365onlinefaxmessages.weebly.com/ 100% SlashNext Fake Login Page type: Phishing & Social Engineering fontforge.sf.net)IoniconsIoniconsMediumMediumFontForge 0% Avira URL Cloud safe fontforge.sf.net) 0% Avira URL Cloud safe https://securemailoffisite.com/ 0% Avira URL Cloud safe hammerjs.github.io/ 0% Avira URL Cloud safe https://www.gstatic.cn/charts/debug/% 0% URL Reputation safe https://www.gstatic.cn/charts/debug/% 0% URL Reputation safe https://www.gstatic.cn/charts/debug/% 0% URL Reputation safe https://fontawesome.comhttps://fontawesome.comFont 0% Avira URL Cloud safe https://www.gstatic.cn/charts/% 0% URL Reputation safe https://www.gstatic.cn/charts/% 0% URL Reputation safe https://www.gstatic.cn/charts/% 0% URL Reputation safe https://www.internalfb.com/intern/invariant/ 0% URL Reputation safe https://www.internalfb.com/intern/invariant/ 0% URL Reputation safe https://www.internalfb.com/intern/invariant/ 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe fontforge.sf.net)Created 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation efax-01.simplesite.com 143.204.98.105 true false high css.simplesite.com 143.204.98.33 true false high pages-wildcard.weebly.com 199.34.228.54 true false high scontent.xx.fbcdn.net 31.13.92.14 true false high cdn.simplesite.com 143.204.98.102 true false high sp-2020021412301152490000000a- 44.241.96.221 true false high 1069308460.us-west-2.elb.amazonaws.com www.simplesite.com 143.204.98.111 true false high weebly.map.fastly.net 151.101.1.46 true false 0%, Virustotal, Browse unknown ec.editmysite.com unknown unknown false high securemailoffice365onlinefaxmessages.weebly.co unknown unknown false high m cdn2.editmysite.com unknown unknown false high fpdownload.macromedia.com unknown unknown false high connect.facebook.net unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://efax-01.simplesite.com/ false high https://securemailoffice365onlinefaxmessages.weebly.com/ false SlashNext: Fake Login Page type: Phishing & high Social Engineering

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 31.13.92.14 scontent.xx.fbcdn.net Ireland 32934 FACEBOOKUS false 151.101.1.46 weebly.map.fastly.net United States 54113 FASTLYUS false 199.34.228.54 pages- United States 27647 WEEBLYUS false wildcard.weebly.com 143.204.98.105 efax-01.simplesite.com United States 16509 AMAZON-02US false

Copyright Joe Security LLC 2021 Page 7 of 43 IP Domain Country Flag ASN ASN Name Malicious 44.241.96.221 sp- United States 16509 AMAZON-02US false 2020021412301152490000 000a-1069308460.us- west- 2.elb.amazonaws.com 143.204.98.33 css.simplesite.com United States 16509 AMAZON-02US false 143.204.98.111 www.simplesite.com United States 16509 AMAZON-02US false 143.204.98.102 cdn.simplesite.com United States 16509 AMAZON-02US false

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 430663 Start date: 07.06.2021 Start time: 19:08:03 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 20s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://efax-01.simplesite.com/ Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 13 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: MAL Classification: mal60.phis.win@3/69@10/8 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://securem ailoffice365onlinefaxmessages.weebly.com/ Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

Copyright Joe Security LLC 2021 Page 8 of 43 No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EA1BGKC2\efax-01.simplesite[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 26 Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aK1r0aKb:JFK1rFKb MD5: 132294CA22370B52822C17DCB5BE3AF6 SHA1: DD26B82638AD38AD471F7621A9EB79FED448A71C SHA-256: 451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77 SHA-512: 6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\Z6EMRDPE\securemailoffice365onlinefaxmessages.weebly[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 2730 Entropy (8bit): 5.710498379172651 Encrypted: false SSDEEP: 48:0vkQqDx22J8TdlxGRenn4nL5SYXONV5dMXtMDRCQm4hwkIwTWO5Ma9C9D7p5dKbA:PQqDc2J8TdlxGRen4nL5SYXOT5SXtMD6 MD5: AC1497B2595D4839C04D0D24AA2B5EEF SHA1: EF2933698E4D2E12268D19791880C713B7F7EA42 SHA-256: 4165C9DC36DC2DC9DA5604B254EAFEA980890E0B0D3DFA7184F59A82DF39B780 SHA-512: DED89E8910F62620F3A2EC756BC437E10C6505B77820B850320390BD862B63D66A0F9FCAF83FE42FAD3A7334EFC61D87895ACE03181978F72F5E9280E5AA6146 Malicious: false Reputation: low Preview: ...e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\OZpEg_xvsDZQL_LKIF7q4jP3zWj8[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 47412, version 1.1 Category: downloaded Size (bytes): 47412 Entropy (8bit): 7.990698856684309 Encrypted: true SSDEEP: 768:eI9DP3yJ7JOVfH2mdxSZAzNWJmQwewBdNYttezZOdTLI+F5jTQ27KLxL8iE6RSqR:ndPi2W+xSZABwmQw9dmttez4H1zHQwut MD5: F4CE2FACE198528C023D9829F2C8A966 SHA1: 721DA89B459818124B5556D8305807E29E0C9805 SHA-256: BE959900EB3AFF193CDD7192A33B91BB664755F7068B51E6533E8E37CBC32014 SHA-512: 5D7B2DC217BCCA5EFAF328ABA465E2EF491BD7714E93E70BC13C60D44681DFFD51FF3B91DB99CA741A145DF9C58B6DAE46D9F936A83383C99E63174E75ED3D 04 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocento/v12/OZpEg_xvsDZQL_LKIF7q4jP3zWj8.woff Preview: wOFF...... 4...... )\...... GPOS...l...... ".(..GSUB...t...... A.L.OS/2...... S...`l..>cmap...L...... Qa3Vcvt ...4...%...0...@fpgm...\...... IAy..gasp...... glyf...... J...J .N.head...T...6...6.G..hhea...... $...)hmtx...... 4.....K".loca...... j...maxp...... ,name...... C...8M.b.post...... b....prep...... V...V...x.4.C.PQ.E..:.n.mL.m.v.l.m..i.o..l...... };..E.DE.u.>.... >C"...;.8...... `.....9.....EQQ_..k.J.X../...r8;<...... Ny^~U..*..m....j.:.n..n...... ~._..&..i.....k&..f..m.yj.[a...v.]j?;.r...k...... ~...'..\[email protected]O.c...M..f...e....v...=...... /...s...N.S]..[..Y...X...... [email protected]../...... p...V.C....\>;..^.r.7k!Z+.....dx*..F...`g.E/.q..O...... W]...... /90.."G+-C..}...|r...... F...}.. ..h...d.e..<[email protected]..|:..L.R...... @-c.6.}....u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6u9w4BMUTPHh6UVSwaPHw[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 30356, version 1.1 Category: downloaded Size (bytes): 30356 Entropy (8bit): 7.984659107266564 Encrypted: false SSDEEP: 768:7wRsdJP2Pm1jtroogr9oYiCZ2dBhcb6WiMCkCB6:7wqdJu+1jtgRo9CZOBKb6JMfCB6 MD5: C3A17DCD22924A57167BDCA954763C01 SHA1: 670A02140DCE20D2C174049489F9FE7FEC20E4F7 SHA-256: 66BDD962AD3C4A394964E44600D43808FC3377E3323E00C86213C2564AAE5651 SHA-512: DBFC9CD39B4521FAB9CC2FE75B7C9EB9D31DAA9606571726185CBCC7D6A6A913C80F6DDAD8FC16E95C14E3578185E737E0E578DFC99794B18224CC07A23B7C 3C Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwaPHw.woff Preview: wOFF...... v...... @...... GPOS...l...x...X..Y.GSUB...... S...p.S..OS/2...8...Z...`zed.cmap...... Q.[cvt ...L...*...... fpgm...x...... rZr@gasp...... glyf...... ]Z.... ]..$head..n`...6...6...Ghhea..n...... $....hmtx..n....I.....0H.loca..q...... BQz.maxp..r...... name..s....1....8.P.post..tP...... g.prep..vH...K...K....x.T..leQ.EW.>~Dc.m.m+....m ...... {Sg....(4.;..{...1...... p.b[.u...1.%.".w\..[p..`...:...... 3P....[....Z]._.g.l.Lm..%.E...... c.T..fKs..]Yh.T.v.wKW.d.]Q.j...... R..j...`..}.!7.B.|....bb1..A...... c...8'..>..[...... \X...*:&6.8. FujR.:4.!.hJ3..V...miG{:.Nt....C?.2.!.e.#..X.1...c>.X.b.....a....V.....d.{....r....O....L....(.8..Nr.3.....5.s...... y.c..g..5...W.._..?.D.I....G...... k.....`..+X.(.*.....V7zZ...w...y...... T.n..e$".-@ .5M...... 1&...... ".T...v.....4%.....5s8...~..6.(...nr...~...... }..<.j.D...X ^...&u...@#M4.....1..q..7*[email protected].,._...... [!.dR....!U<.%..O!.L...Tt1....g..p6z1...D....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\api[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 852 Entropy (8bit): 5.5042056563136175 Encrypted: false SSDEEP: 24:2jkm94/zKPccAjZy+KVCetjK1iO0FsLqo40RWUnYN:VKEcixKoehK1iO0iLrwUnG MD5: 693DE0A9EB3960A4E5938E3A3AE0774E SHA1: 5C9491B9E447E5367352DD7449BD61A31B9ADEEC SHA-256: 26A7814D15E84C9FA9257A6F35AABAFF58835A67EF9BB29CA1FD17C4EFE320CD SHA-512: ACE03F400EF3C706813426A1449F2A7616380CF8A628E3276FE47BF1D689D99E3A6BE55F62EBB445EF36871A7EFF5F769E41A159D408DDF8971CCE76EE84BA07 Malicious: false Reputation: low IE Cache URL: https://www.google.com/recaptcha/api.js?render=explicit&hl=en

Copyright Joe Security LLC 2021 Page 11 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\api[1].js Preview: /* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.r eady=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']||[]).push('explicit');w[ '__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/ releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-3pNlpjOSWmuah66pVKQKOiPacG4Zb6CkqGCd1vLD 1fLs77yx0HzO8mvn4afvVxw4';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElement sByTagName('script')[0];s.parentNode.insertBefore(po, s);})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 368 Entropy (8bit): 5.131961962605393 Encrypted: false SSDEEP: 6:0IFFN+56ZN7izlpdgmJk2SpJNijFFBPLQ+56ZRWHTizlpdTczfr1nNin:jF3O6ZN76paKeqF70O6ZRoT6p2zRY MD5: 95821BA6370D527B91BB2DCFAD42C0D0 SHA1: AF76A7EAFC5077992D3177012F51EE270DEA7E34 SHA-256: E45B4BC394D249BC29B0F06334CBDE3B4885C29302E1E37395215569937E580D SHA-512: 1D6D9C7DF45C94A950BE470C0A443D25F8809BDED3092998193EA73C758A1108732F0680C335C24DEC9F20162B2A7E2D98DD9B89326DD884421DAA2B089C2A1C Malicious: false Reputation: low Preview: @font-face {. font-family: 'Lato';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwaPHw.woff) format('woff'); .}.@font-face {. font-family: 'Merriweather';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-c iZK.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\custom[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 5906 Entropy (8bit): 4.736424703288825 Encrypted: false SSDEEP: 96:NHglB91+1Sb0dHKzFzam0JHfSEcpyi6pODCeue/l8OpNhTF0OU2VPvAf3yALukQg:NI+1Sb09CMTJ/cpyi6pKie/ldpP2OU26 MD5: 29FC207672510B76EAD1EF5DBA730E07 SHA1: B6786A2C238A15CAFB14171CEBCECE74BC3E54B5 SHA-256: 51336E9210D70B71C15C249D51F2F67EF80B727549AAC03C489071722B7C74F0 SHA-512: 154CFE34A22B6FE063502F185E7E2D9B236CB595718E20BAACFD3F5B79ED2E409863AB9DA6179C4C12ED35EF34AEC97E9BAD5AC1569ED72BB10CEF6C9786C3 99 Malicious: false Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/files/theme/custom.js?1556830342 Preview: jQuery(function($) {.. // Check your elements. $.fn.checkNavPositioning = function($el, $nav, scrollClass) {. var navHeight = $nav.outerHeight();.. if(((this.oute rHeight() - $(window).scrollTop()) < $nav.outerHeight()) && !$el.hasClass(scrollClass)) {. $el.addClass(scrollClass);. $el.css('padding-top', navHeight);. } else if((t his.outerHeight() >= $(window).scrollTop()) && $el.hasClass(scrollClass)) {. $el.removeClass(scrollClass);. $el.css('padding-top', 0);. }. }.. // Mobile sidebars. $ .fn.expandableSidebar = function(expandedClass) {. var $me = this;.. $me.on('click', function() {. if(!$me.hasClass(expandedClass)) {. $me.addClass(expa ndedClass);. } else {. $me.removeClass(expandedClass);. }. });. }.. // Interval loop. $.fn.intervalLoop = function(condition, action, duration, limit) {. var counter = 0;. var looper = setInterval(function(){. if (counter >= limit || $.fn.checkIfElementExists(condit

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\footerlayout5[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 6635 Entropy (8bit): 4.794029988683484 Encrypted: false SSDEEP: 192:dWc+rPoefkMDPJqdyTiFS982r3t5CZb2XGlPMZnXF8AlXto8Y8xETKZFj/fAY1kC:VFq2K1oLyFz7l MD5: F65CBBEE5BA35BEE474F4527D5849A95 SHA1: B27D9A12D3C3AEDCD504C16A9F90D4869E0ED8FF SHA-256: 2DF72E2E645165F7607636572D46FF5383C20005C2FE15102A6EBC92EB407C1C SHA-512: 8B63AD8421E4EABDAFCA68FDCB2FBAA27A2F0A75781B1B44A39EECAF585C5E9F8A8E7ABE023AD652E9C4ABD21B74B2A8C99F85F796989197F0C19433DDE78 A4B Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/d/designs/base/footerlayout5.css

Copyright Joe Security LLC 2021 Page 12 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\footerlayout5[1].css Preview: .layout5 .footer-wrapper {. height: auto;. bottom: 0;. position: relative;.}..layout5 .footer-wrapper .footer-subtitle {. font-size: 14px;.}..layout5 .footer-wrapper .hr-row-co ntainer {. border-top-width: 1.5px;. border-top-style: solid;. margin-top: 15px;. padding-top: 15px;. position: absolute;. left: 0;.}..layout5 .footer-wrapper .second-row-con tainer {. margin-top: 15px;. padding-top: 15px;.}..layout5 .footer-wrapper .footer-info-text {. font-size: 14px;. font-weight: normal;. margin-bottom: 10px;. text-transform: uppercase;.}..layout5 .footer-wrapper .footer-column {. text-align: center;.}..layout5 .footer-wrapper .footer-layout5-flex {. display: flex;.}..layout5 .footer-wrapper .footer-a lign-justify {. justify-content: space-between;.}..layout5 .footer-wrapper .footer-align-center {. justify-content: center;.}..layout5 .footer-wrapper .footer-align-start {. justify- content: flex-start;.}..layout5 .footer-wrapper .social-media-share-footer {. display: block;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 93636 Entropy (8bit): 5.292860855150671 Encrypted: false SSDEEP: 1536:s6IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:O+vIklosn/BLXjxzMhsSQ MD5: 3576A6E73C9DCCDBBC4A2CF8FF544AD7 SHA1: 06E872300088B9BA8A08427D28ED0EFCDF9C6FF5 SHA-256: 61C6CAEBD23921741FB5FFE6603F16634FCA9840C2BF56AC8201E9264D6DACCF SHA-512: 27D41F6CFB8596A183D8261509AEB39FCFFB3C48199C6A4CE6AB45381660C2E8E30E71B9C39163C78E98CEABC887F391B2D723EE5B92B6FBC81E48AC422E522 B Malicious: false Reputation: low IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js Preview: /*! jQuery v1.8.3 jquery.com | jquery.org/license */.(function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nod eType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.tes t(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}ret urn!0}function et(){return!1}function tt(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1) ;return e}function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t== =n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\loader[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 66641 Entropy (8bit): 5.434661983761373 Encrypted: false SSDEEP: 1536:I/21P/UQgXuTldAGYKNT8kUKLahzdulT7rf2TDloAYgXSe1Aon:I+9OXuTsZdATQRn MD5: 71AD5C961CF52E591899582324CD5E19 SHA1: 15231E77FDDF606C83F11107A87BD34218DA6161 SHA-256: EFDDE317B774ED03A69918BB931553608881C84987CE79E68C7F9D32D6138A96 SHA-512: A06019D987EB6ABAAAFF91C08C4158FA4B86D21CB5E8D96B4F83320C5B4972230C3809F2F0CACD121683DFDCCC214017A470D14BBE0E15F35BA76964C3ABCE 70 Malicious: false Reputation: low IE Cache URL: https://www.gstatic.com/charts/loader.js?callback=gloader_ready Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';var l;function aa(a){var b=0;return function(){return b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\plugins[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 67464 Entropy (8bit): 4.809594581809692 Encrypted: false SSDEEP: 1536:59rPpU1wHKYTpQ73CHJHDuYL/OHHeZF+YwLMC0ht/uJFO0815wZDk5/2i:59rPpl1NQ73CHJHDuYL/OHHeZF+pLM7h MD5: 64497D2AB794CDB5E3C5C86CF7C5A611 SHA1: 34ACD67927409D0795EE025F64F99757494AFFED SHA-256: 637B5D2A661D0201F239A7AFCD1278BF55BEC7EF7ADA6CC6C0485C4E45D9B702 SHA-512: 899F4AC83667EBB8A432FC9F6C8D0015ADAA05C82B6EC2CAC2BF8ABC30A11D85BE325B152C01D9BE6CC22D57A92BC6A96D84A866F234A4F26805E65564D782 89 Malicious: false

Copyright Joe Security LLC 2021 Page 13 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\plugins[1].js Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/files/theme/plugins.js?1556830342 Preview: ./*! Hammer.JS - v2.0.4 - 2014-09-28. * http://hammerjs.github.io/. *. * Copyright (c) 2014 Jorik Tangelder;. * Licensed under the MIT license */.(function(window, docume nt, exportName, undefined) {. 'use strict';..var VENDOR_PREFIXES = ['', 'webkit', 'moz', 'MS', 'ms', 'o'];.var TEST_ELEMENT = document.createElement('div');..var TYPE_FUNCTION = 'function';..var round = Math.round;.var abs = Math.abs;.var now = Date.now;../**. * set a timeout with a given scope. * @param {Function} fn. * @param {Number} timeout. * @param {Object} context. * @returns {number}. */.function setTimeoutContext(fn, timeout, context) {. return setTimeout(bindFn(fn, contex t), timeout);.}../**. * if the argument is an array, we want to execute the fn on each entry. * if it aint an array we don't want to do a thing.. * this is used by all the methods that accept a single and array argument.. * @param {*|Array} arg. * @param {String} fn. * @param {Object} [context]. * @returns {Boolean}. */.function invokeArr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\recaptcha__en[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 349568 Entropy (8bit): 5.719470557851192 Encrypted: false SSDEEP: 6144:vkoBKV7P3kPLI5yhOftr91660YoYDKrC/jvOwu0pFK/76iLthcQ63X+r4zt68+w7:vkoWPU8ftH4I/zOwuSFKjrxhcQ6n+r9q MD5: 28936BBDD08D5295ED2D058552DFB90B SHA1: 2209BDB7B6CB70DAD606487A1475955663A08C07 SHA-256: 734160057D9682A89035825F63793CD0F945523EFA3F8D33B8BEF89BD7BDEF5E SHA-512: 8D5758E8F31BBDEE0C603B8CA6349E0FBD55B3612CDADA4CDEFB1159B3F0DAF3A49E81077E881370470F58490669A33764B1F61F75FFD5E899495134BD3F13B7 Malicious: false Reputation: low IE Cache URL: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var m=function(){return[function(T,h,Q,B,G,w){if(!((T|((T>>1)%(w=[2,3,9],1 9)||(G=h.constructor===Uint8Array?h:h.constructor===ArrayBuffer?new Uint8Array(h):h.constructor===Array?new Uint8Array(h):h.constructor===String?R[19](w[0],"",1 ,w[1],4,h):h instanceof Uint8Array?new Uint8Array(h.buffer,h.byteOffset,h.byteLength):new Uint8Array(0)),w)[0])%11))try{G=h()}catch(u){G=Q}return(T|4)%((T^970)% ((T<',G=G+"pro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\screen-shot-2021-04-07-at-12-23-42-pm[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 842 x 273, 8-bit grayscale, non-interlaced Category: downloaded Size (bytes): 19995 Entropy (8bit): 7.979920569704566 Encrypted: false SSDEEP: 384:2YZZez44GzaXL8frdmY2/XYrVh8YesisCaRXwtmDeSLnk5/eoYw4MWIC:dZoz4+XLSdmY2vYZ/eNsCaRkm7Ln0V4d MD5: B26AB8D65B055296155AB8EB9A907E9C SHA1: 134E725A5159BF7A4CF6B43211AC73A804AFB3CA SHA-256: 5256137B53434A8EF08AB40A84886B77F6576A3A40F378CEDF5FD35DB73BABD0 SHA-512: DAE902351C0AF2A35762CCEEBC76B4014B846F4D16AE73A2883F2B8904124549ECBE15AD9D0CC2913859A7B993F481540578AB4A71730B74134C6160536EF509 Malicious: false Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/uploads/1/3/7/9/137919641/published/screen-shot-2021-04-07-at-12-23-42-pm.png?1622801934 Preview: .PNG...... IHDR...J...... `g.,....orNT..w...M.IDATx..y.,G~.7$m...... ,;.a...%.![...C.Z...... h.AI.V.D.$W$w..K..,.K,.X..x...... >..c...... rU...... ?stuuu.~..:2..!...X.i.....HJ..( )!.....@... ..!.HJ..( )!.....@.....!.HJ..( )!.....@.....!.HJ..( )!.....@.....!.HJ..( )!.....@.....!.HJ..( )!.....@.....!.7#...... 9=...... tv.. ...]rzU".O,.... -!.G....t:/.g....dz..kO...i...c.\..N....&...S.\. -!.G...... + .../...x...... g...... 7.X!\...47>..E.._....o....W.H..5..V.8....wr.NC .dA).r...... e....v.._7...... C.....m.m...p...;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\simplesite-webfont-2[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), icomoon family Category: downloaded Size (bytes): 55496 Entropy (8bit): 6.396305200414213 Encrypted: false SSDEEP: 768:KfDTG2CCBlaiDK/hd8jYUf3hk7AGJt7th4b5beREog++M3tW+lOA38mTRtZdwm:8DC2nnDCMvKsy4b5Ego3TlOA38IRtZG MD5: 021B62820C595CFB9C92772243EA042E SHA1: 44869A9DD3E758A0334CAACAB4AF01B1091BEBE7 SHA-256: 58BCBD4EB40DEFDD10E5CEEC3A589E77B0AC875E1BE699FB1EACDA86D138DCE1 SHA-512: 476A0F03889D6F366E454E3CBA10E513533A0B6CABD582BFD4B4E13F0249018A426B919B632566C363E18068A0033956B1C7924ADAFC3CB28CDE0B3B5675B208 Malicious: false

Copyright Joe Security LLC 2021 Page 14 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\simplesite-webfont-2[1].eot Reputation: low IE Cache URL: https://css.simplesite.com/d/fonts/simplesite-webfont-2.eot Preview: ....$...... LP...... B...... i.c.o.m.o.o.n.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...2.....i.c.o.m.o.o.n...... 0OS/2...... `cmap.V.[...... Tgasp...... p ....glyf..Q....x...phead..~...... 6hhea...... $hmtx.H.....D...dloca...... maxp...... \... name.L.....|....post...... 3...... @...... @...@...... 8...... 79...... 79...... 79...... 2.....|...... 3!2.....#!".....'.&47.6....<...}...... o...... F...~...... #.,.5.>.G.P.Y.b.k.t....%.0.'70.7'.0&'70..%.0..'067%.0&'70..'.0&730../.067.0..7'067.0..7'067.0..7'06..0&..70...0&'.70...0&'.70..'06'..0..'067.".1.0...... 6 7>.7>.706...10..'...... P>.S...M4.C1.P.I>.L/.!&5..$"S2..4...3..2..(,,1#<.y.K?.N/..O>.M3..H,.B0.,..+...*..-..++-2#>.....4...... R[U

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\templateArtifacts[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: exported SGML document, ASCII text, with very long lines Category: downloaded Size (bytes): 7160 Entropy (8bit): 4.819263409497788 Encrypted: false SSDEEP: 192:tUpqUXGMhJpJuMEpVyfWsgBm6zCg/8LWLEBOqpJ:tUpqUXGMbpJudWgBrb/8LWIJ MD5: AE81AB7069097A055829FB9919258138 SHA1: 7DC529F16FB595BBBFC5937ADFE1D0A5CF563F8A SHA-256: 5A630B41E7C3D34392BCB150A5731B6261BC6314D71D5DB8407A646AF15BF8AF SHA-512: 923F0E92ED682F638ECA768065630AD26195F03CFD54BA235531C50D587321E45D0E0000E811F943557BA08D9C8A21A3F4B430433370C28C456ACD6B094C63DE Malicious: false Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/files/templateArtifacts.js?1622801939 Preview: // Gets converted to _W.Weebly = window.Weebly || {};.Weebly.templates = {...'search/filter/search-facet-color': "

\n\t

{{facet_name}}<\/h3>\n\t

\n\t\t

\n\t\t\t{{#facet_entries}}\n\t\t\t\t
• \n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t<\/label>\n\t\t\t\t<\/li>\n\t\t\t{{\/facet_entries}}\n\t\t<\/ul>\n\t<\/form>\n<\/li>\n",...'search/filter/search-facet-checkbox': "
• \n\t

  {{facet_name}}<\/h3>\n\t\n\t\t

  \n\t\t\t{{#facet_entries}}\n\t\t\t\t
  • \n\t\t\t\t\t\n\t\t\t\t\t\t

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\va9X4lja2NVIDdIAAoMR5MfuElaRB0zMj_bTDXDoiw[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 32856, version 1.1 Category: downloaded Size (bytes): 32856 Entropy (8bit): 7.985223114913304 Encrypted: false SSDEEP: 768:bmkzdX9eJXHFos2s4O3vRT4vYQv0Rw+h96YZ:hrexHysyIvREAQq397Z MD5: F0192F1825E8AE3528375ABAA2462562 SHA1: 0D026D1FBE96EB7F70912DD457381DB44A6708C3 SHA-256: B55A3545569D49EE028001C91C31B3998663DD9B676CF911795E049239E7BED6 SHA-512: CCAF3BBF11F9EC2FF53391FC3FCBDA74C9044D604307E703B9D6641BC2EDD66B7F6D5B750FB35095CA25654B804CFA263717238BEAFFD1C405647FA4B673F0F 5 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocentosans/v13/va9X4lja2NVIDdIAAoMR5MfuElaRB0zMj_bTDXDoiw.woff Preview: wOFF...... X...... Q...... GPOS...l...... )tQ.Y.GSUB...P...... B.M.OS/2...... W...`l+..cmap...0...... L..&cvt ...... *...0....fpgm...4...... IAy..gasp...... glyf...... d...... head..xh...6...6..Ckhhea..x...... $.J..hmtx..x....E.....I..loca..{...... ow;maxp..|...... name..|....g...._.q.post..~d...... 95u.Vprep...... V...V...x.$...X1...... m..E.m.mF.m.m; ...5w...... G..>j...... {..1H.PH.>]7.kQ@}QVT.u.(1C..K...... r..!/...A.`V.Y.TUU-.B.S..N._.U.U....K.....pyx1..Vg.yua]Kw..v.W..Wu.N4.M'3.,2..C..f..mq[..-.,{.L'..LW6]3..=k...d"'.(H!. S.b....)CE*Q.*[email protected],e#...Vv.....0G9.)Ns...... m.p.{<../[email protected]{Y.....C%.Ae.Ec..<_..}...m....q...z.xf...H.D..,Hw....$'.|}/.?..L...... $#..[..6...+...... m....D.. ._X...=.<..OMN...z.\..c...}rkiw.L....D.u+_P\...... 1..17..M Zt8.....FW..s..u.V..>.M..f.....(..1.A...Q*....k....6{....L.M.I0;.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\va9Z4lja2NVIDdIAAoMR5MfuElaRB0RyklrfPXo[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 31536, version 1.1 Category: downloaded Size (bytes): 31536 Entropy (8bit): 7.984216342520339 Encrypted: false SSDEEP: 384:ggY4m8Qw/zYtFcOBLZqUtWIWzhWX3hzfhEr0aemTGBKb4JU/TOutKFMmThEx2S8v:7Y4lW//tyz4BfhTtKsJOYXTi2Jjz MD5: 3E6818D45FF1E32297DEABEA5B312B36 SHA1: DC3669427E39AA5435A866FB80C5235F28FDE6B8 SHA-256: A75AFACF25F5B146275C61CB85E2E859D8CBCED030F11482CBE66E460434008D SHA-512: 5F611594C5D3CBCEFBD1F7F9E7E9A9053C98351C8490FF5A34A27CEB39FEE8247FB8BA6E738F7EE229CC7E23027156E21AD3ACD1D68BAA81C2567F563363DE E2 Malicious: false Copyright Joe Security LLC 2021 Page 15 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\va9Z4lja2NVIDdIAAoMR5MfuElaRB0RyklrfPXo[1].woff Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocentosans/v13/va9Z4lja2NVIDdIAAoMR5MfuElaRB0RyklrfPXo.woff Preview: wOFF...... {0...... Qd...... GPOS...l...... )V[.6.GSUB...$...... B.M.OS/2...... W...`l+..cmap...... qP.cvt ...... *...0....fpgm...... IAy..gasp...... glyf...... _..... 1...head..sh...6...6.=..hhea..s...... $...fhmtx..s....1...... '!loca..u...... 3ax&maxp..w...... name..w....X....[fn.post..y<...... 7.S4.prep..z....V...V...x.$.3.]Q...9.h..f...... Ml.m.k6...... N].#...,.....@..*...QP.p.B8...IW.-.%AV.Fy.I.....(uQ...A.`Np=H..#uU.]..s.r}.....Y.Z..):.T5..,..D...I39..lu..v.Q6.n.O.k.....n...... r\.W...~._./[email protected].*..uiJ3....#..L.....d.C...F1. 1L`.S..b..E4...JV...l`#[8.1Np..\....].q..<..Ox.s..|..?.K:R.[..D.~....,...... mg=X.b...... m.m[...... s.?...... z.V..H..v.;.1.y.8u....UGS.V[.U.|Z..R.)5{..{.....t.k.....Le...... 8.r..N.}V.3. .Q.w...*..... \...... %.R.\..V...1...... 5.Q....Z...u..Y.G.....L.o...%..V..w..a.D^..K....M....9vr...7....K?.n..\Z.Z..r..GFKd..7b}.Oc...L.q0...k).S.N.'*.H.'J_A.yTj.,...w..,..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\FrontendAppLocalePage[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 5579 Entropy (8bit): 4.849836057646339 Encrypted: false SSDEEP: 96:IEd13ehDz1KlpeVRpbm12O3TM2KijL94WELy6wj13I6Q44AQNMmQNwN6z9CNGI:IEd13ehQpyjm12OFjLpELy6wj13I6Q4y MD5: 8D429C7F0A23C14E074EE18078F81344 SHA1: A9FEBE677A1429018F669AEF9212FC8B230E90F5 SHA-256: 2690169DC7E4B9439524716F2D279050C39C4A12ACF85F677D84BD13760BEC1F SHA-512: 228BECE8463171F0B5E1BEBDCA13D17DCDB8255AD2E569C9C0EBB387FD1BF37B177CDF41CF3320C99E1A180F07CC18BFF4A9E6E19844920253845C62F6B23F6 4 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/userPages/pages/FrontendAppLocalePage.aspx?CultureKey=en-US Preview: window.SS = window.SS || {}; window.SS.i18n = {"V3_contact_form_sendme_copy_email":"Send me an email","V3_contact_form_author_name_plc":"Write your name here","V3_contact_form_author_email_plc":"Write your email here","V3_contact_form_author_msg_plc":"Write your message here","V3_contact_form_send_btn":"Send - Click here","V3_contact_form_send_btn_sending":"Sending","V3_contact_form_send_btn_error":"Error sending message","V3_contact_form_send_btn_sent":"Sent","V3_c ontact_form_label":"Write your message here. Fill out the form:","V3_contact_form_success":"Thank you for your message.","V3_guestbook_form_addmsg":"Add a messa ge","V3_guestbook_form_addimg":"Add image","V3_guestbook_form_author_website":"Your website address, if you have a website","V3_guestbook_form_imguplo ad_tools":"Image tools","V3_guestbook_form_imgupload_cancel":"Cancel","V3_guestbook_form_imgupload_upload":"Upload","V3_guestbook_form_imgupload_uploa ding":"Uploading","V3_guestbook_form_imgupload_error":"Error uploading

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 394 Entropy (8bit): 5.214747564395552 Encrypted: false SSDEEP: 12:jFFdSO6ZRoT6pvWKGqFFdSO6ZN76paJWFY:5FdSOYsyFdSOYN7v0m MD5: AB35911DB24D9967624E197B9D50C304 SHA1: 9D4FBA9EAE573A1D63FAE1EC7B2C6717FA8180A4 SHA-256: 6FA5F726D51B94839AD55BD56B436A50D8EAD4926F6B0B8FF7C0AFE0FAFBF198 SHA-512: 45556983289DD42FF2E33891E1B67884CB38BA725DBB4F0D64F28CEA4BD29B9648AA4433C13A7575279547C75CF6D9EEAAB09BE588FA50FA2EFC323D8DCAF68 2 Malicious: false Reputation: low Preview: @font-face {. font-family: 'Quattrocento';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/quattrocento/v12/OZpEg_xvsDZQL_LKIF7q4jP3zWj8 .woff) format('woff');.}.@font-face {. font-family: 'Quattrocento';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/quattrocento/v12/OZp bg_xvsDZQL_LKIF7q4jP_eE3vfqne.woff) format('woff');.}.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: dropped Size (bytes): 1129 Entropy (8bit): 5.186613259358247 Encrypted: false SSDEEP: 24:5MY3QYNXMY3QYspFMY3QYN79MOYNbMOYsbMOYN7u:SY3QWcY3QLMY3QCuOWIOLIOCu MD5: 698E998DA019EB0C5B74453F98FD0321 SHA1: 0B75C819B6BC8A3EB997B457F295CEF0A9DE65B2 SHA-256: 10936B67847E86878C5204BE600658171E2ABD70B1895932C9E363BBC42D40D1 SHA-512: B66B14CF8D1BDA44EF2EF2EFF46A3489CD16B14C67E1D813B7638FDCA2BC3A51927A61C8FD5D0CEF9ABA63E929B2844CCD5EB5740DDF7C279113082CD48A5 C4C Malicious: false Reputation: low

    Copyright Joe Security LLC 2021 Page 16 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css Preview: @font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/opensans/v20/memnYaGs126MiZpBA-UFUKWyV 9hlIqU.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v20/mem6 YaGs126MiZpBA-UFUK0Xdcs.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/ opensans/v20/memnYaGs126MiZpBA-UFUKWiUNhlIqU.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: u rl(https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OXOhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font- weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFW50d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: norm

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fancybox[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 3911 Entropy (8bit): 5.0666543016860475 Encrypted: false SSDEEP: 48:MV4jWxgDa+AZ5TvUSoekrDSiqfcoj8cqL54QgP2nuwvn:AeLAjYS9sDCkoj8cq9Xn MD5: 1DCEBBB5A1EB8B028310CEEB72A339B3 SHA1: E254B7A35AC189FD1CE9CF8BD78593BEBFE27D7D SHA-256: 865CB87DE9FC4D6530EDCE21F0103107ABAE6ABE45CABDFF2AD9AF067B3D8E0A SHA-512: 1FE84409EC4FEAF49C31208668D29F215EA8136EA49134171F4A930963745031520068C0E17783EE557FAE24590B4079E8ECEEB010766466D7C8097AE97F1E53 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/css/old/fancybox.css?1622755348 Preview: /*! fancyBox v2.1.0 fancyapps.com | fancyapps.com/fancybox/#license */.fancybox-wrap,.fancybox-skin,.fancybox-outer,.fancybox-inner,.fancybox-image,.fancybox-wrap iframe,.fancybox-wrap object,.fancybox-nav,.fancybox-nav span,.fancybox-tmp{padding:0;margin:0;border:0;outline:none;vertical-align:top}.fancybox-wrap{position:absolut e;top:0;left:0;z-index:8020}.fancybox-skin{position:relative;background:#f9f9f9;color:#444;text-shadow:none;border-radius:4px}.fancybox-opened{z-index:8030}.fancybox- opened .fancybox-skin{box-shadow:0 10px 25px rgba(0,0,0,0.5)}.fancybox-outer,.fancybox-inner{position:relative}.fancybox-inner{overflow:hidden}.fancybox-type-iframe .fancybox-inner{-webkit-overflow-scrolling:touch}.fancybox-error{color:#444;font:14px/20px "Helvetica Neue",Helvetica,Arial,sans-serif;margin:0;padding:15px;white-space: nowrap}.fancybox-image,.fancybox-iframe{display:block;width:100%;height:100%}.fancybox-image{max-width:100%;max-height:100%}#fancybox-loading,.fancybox- close,.fancybox-pr

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon-194x194[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 194 x 194, 8-bit colormap, non-interlaced Category: dropped Size (bytes): 1611 Entropy (8bit): 7.78128494056801 Encrypted: false SSDEEP: 24:Zhh/FMwCalM6DPq7hHDV/QqF0uwtjptHmRO8GfZmwAqpb8VbqfEnxxM5v/lD/z:/xFMChq7hjqNvhfLrgVbqcUz MD5: 40D716E5BAFC416DFF33E547555256B6 SHA1: 318DBEDF81A53472CF457E1E54FCBBCAFC700682 SHA-256: CD248206934D648528B8037F28B9A4031451DF5192F30C6A911E7C7D153727D0 SHA-512: 54D762DE8C10A9E24D3E654F1C47A6287806D1BF36980A84617DBD47CA7B38EADE3BA0FC8FAE3B99DF5D33FAC86888B25F8123E1128989629AEC6B2F8FA2DA7 1 Malicious: false Reputation: low Preview: .PNG...... IHDR...... ,?...... gAMA...... a.....sRGB...... NPLTE...... xl...... !..../...... 4 .aR.M<.H;....aU.W...... IDATx.... .E.F...x.....x29.....I.~H*..W5....$...B.P(.. .B.P(...B.P..}W\.$u..C.hX...... ,....,v.e.T..-gE...... WYQ!g. .8...*|.T.dH.@..#.)[email protected]@.~..".9.0..(~.f.8...... r....<.F..H..AA.#..3.B.F...... *...X_}LP...... : ...... m..W .6...... k.....%.k..s.A(...9)E..&....\.....i....v$...... v.../..hUe.k9*..}~..F....,.v.vQ.A5...... l...j.....X..4...g.82!X...... b...6.3T.n..,.}a..4..q...8.{0.0...*.Hs.Q.{N.0%=k..<...Ub.l..#..K .v.....@..(...!...\..~C...... P.*..s.....-G*I...5S.u.KRI.....`60.[.<....~.,U.a...... 2O...... v...<)..5...ME{....*...... TT$a..0.z....3..CQ..4.=.2.....4..3w._...&'..I.N...f....e.\.h.{q.Y...... zd}....Y.R...4...... 0.g.Z. .}.&.-.=cr?..\..3&.u\.-9...vK.oq...;R...z...w..$..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fontawesome-all[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 69105 Entropy (8bit): 4.765300819541195 Encrypted: false SSDEEP: 768:noUii2ukQ5IKkQCsBum6YsTO3DNnYiCh4060boro80EHY:ndii2qIWCsYmtsa3DNnYiIS0clP4 MD5: 92DDB3ADD1421EF6DB8D156EF3FF583C SHA1: 0E7EFC76B3643E3128F06CF0D8E21326758FD8D8 SHA-256: DFD8CA6EC6FFB72EECEFEE16CDBB442D2E2FABDB9D27E3038C64C3E66B711D9D SHA-512: F846347D3A110DBCCCECB52FA61896006F478B30F2BC7CE0238D3D2E87A4744C84CEBEFD848D50CB5864A2EDA7338CA5092BB268FF26F839B48E2FF7C8944E4 8 Malicious: false Reputation: low

    Copyright Joe Security LLC 2021 Page 17 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fontawesome-all[1].css IE Cache URL: https://efax-01.simplesite.com/Content/fontawesome-all.css Preview: /*!. * Font Awesome Free 5.8.2 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,..fas,..far,..fal,..fab {. -moz-osx-font-smoothing: grayscale;. -webkit-font-smoothing: antialiased;. display: inline-block;. font-style: normal;. font- variant: normal;. text-rendering: auto;. line-height: 1; }...fa-lg {. font-size: 1.33333em;. line-height: 0.75em;. vertical-align: -.0667em; }...fa-xs {. font-size: .75em; }...fa- sm {. font-size: .875em; }...fa-1x {. font-size: 1em; }...fa-2x {. font-size: 2em; }...fa-3x {. font-size: 3em; }...fa-4x {. font-size: 4em; }...fa-5x {. font-size: 5em; }...fa-6x {. font-size: 6em; }...fa-7x {. font-size: 7em; }...fa-8x {. font-size: 8em; }...fa-9x {. font-size: 9em; }...fa-10x {. font-size: 10em; }...fa-fw {. text-align: center;. width: 1.25em; }...fa-ul {. list-style-type: none;. margin-left: 2.5em;. padding-left: 0; }. .fa-ul >

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\footer-toast-published-image-1[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 199 x 97, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 9677 Entropy (8bit): 7.970815897911816 Encrypted: false SSDEEP: 192:GVd97ZFfQoDBbxIkFUD/QCEVlcTE85PlcBz6nH89KCCotHkXKp67mkz:KH7ZZDBbKYFHQcFca+x7Pz MD5: 6E0F7AD31BF187E0D88FC5787573BA71 SHA1: 14E8B85CC32A01C8901E4AC0160582D29A45E9E6 SHA-256: 580EF6409E067A4EC4A427400C7D6216184869E2DA53343DF20753CC1F8A46CD SHA-512: A7078CAC9A5319904CB47E01A426EAE30A26D4AF5094438F41360396C280473B9C69748B7E7A603232DA9B6D0F7297FEFB04C434EB8098CC6F89F7183C44AB52 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/images/site/footer/footer-toast-published-image-1.png Preview: .PNG...... IHDR...... a.....U.E.....PLTE...... """...... $$$...&&&...... (((...... 999...... }}}...... 22 2///...... EEE.....Z6)...ooo...... ZZZ...... {.y[***...... R<...... mU3&...... IJIK+...... sF3....Q0#...... xrqr.o}M8...... ttt^;...... tV.jLBBB.Z@,,, .~`OOO==...... u^^^...... tfs\PrVG.aEkNA&...... U

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\footerSignup[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 3600 Entropy (8bit): 5.0991703557984245 Encrypted: false SSDEEP: 48:kAvNhI9OKn/hQVBVan40yt00nzt/VRgj9o91PYczAz9AfK9TPBlVnIkKYeE5W:kAvOpZ+B8R0FVRjrTEzmfgmzPr MD5: 40B81B2D52BA9D2E2C64C31FF6A24CD7 SHA1: 6B5689250661646ECBB841F2475F1556A113373C SHA-256: E06BACA13F25DF9C7D684FC1B1FDFBBBB95070A1D5A9CD648632DA7BCCC90B96 SHA-512: 5657EE166A1EFF5DEEA7A0125EDD6178541396DCCB035785F5790BC1C57DEE6B0E1C9D063D00333E95667F699D99172796CE301EDD1DF2C4BFF02D25536F0D0 C Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1622755348 Preview: (function(t){var e={};function r(n){if(e[n])return e[n].exports;var i=e[n]={exports:{},id:n,loaded:false};t[n].call(i.exports,i,i.exports,r);i.loaded=true;return i.exports}r.m=t;r. c=e;r.p="https://cdn2.editmysite.com/js/";r.p="https://"+window.ASSETS_BASE+"/js/"||r.p;return r(0)})({0:function(t,e,r){t.exports=r(610)},610:function(t,e){(function(t,e){var r={height:62,mobileHeight:124,getHeight:function(){if(u()){return r.mobileHeight}return r.height}};function n(e,n){var u=t("#weebly-footer-signup-container-v3");if(!u.length) {return}i(e,n);r.element=u;r.iframe=t("#weebly-footer-signup-iframe");if(!o()){r.element.remove();return}a();s();l();t(window).on({resize:p(l,500),scroll:p(l,500)})}function i(e,r) {var n='';t(n).appendTo("head")}function o(){var e=t("body");var r=!!document.getElementById( "kb-container");var n=e.hasClass("splash-page");return!(r||n)}function a(){var e=t("body");e.css({minHeight:"100%",posit

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ionicons.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 51284 Entropy (8bit): 4.573895834393703 Encrypted: false SSDEEP: 384:R48w+hhJhjRqFdtYRjJIjsjaHnNfc2C4741mf5HRzL:R4YhhjQFduRjJ7uHFcu7Smf5xzL MD5: 1690997909AAE14B023A6580D4A2F33F SHA1: A4FD9551382A3B5C9C43E14ADB8C4C4149CD2352 SHA-256: 92AC508220F5BB60EC94E07650528EB66625F82A4740ADA068CDE05365781286 SHA-512: 617658DBE762B0F4C1A6433C90EA2FE21A0D27D431F00B2B216DE28636066FC4653A23D0B6CCCC53B9ABBD5A234E3416DCB8296B7F0DEE0CEBA1B45CE99A2B CF Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 18 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ionicons.min[1].css IE Cache URL: https://efax-01.simplesite.com/c/css/ionicons/ionicons.min.css Preview: @charset "UTF-8";/*!. Ionicons, v2.0.1. Created by Ben Sperry for the Ionic Framework, http://ionicons.com/. https://twitter.com/benjsperry https://twitter.com/ionicf ramework. MIT License: https://github.com/driftyco/ionicons.. Android-style icons originally built by Google.s. Material Design Icons: https://github.com/google/material- design-icons. used under CC BY http://creativecommons.org/licenses/by/4.0/. Modified icons to fit ionicon.s grid from original..*/@font-face{font-family:"Ionicons";src:url(".. /fonts/ionicons.eot?v=2.0.1");src:url("../fonts/ionicons.eot?v=2.0.1#iefix") format("embedded-opentype"),url("../fonts/ionicons.ttf?v=2.0.1") format("truetype"),url("../fonts/ionic ons.woff?v=2.0.1") format("woff"),url("../fonts/ionicons.svg?v=2.0.1#Ionicons") format("svg");font-weight:normal;font-style:normal}.ion,.ionicons,.ion-alert:before,.ion-alert- circled:before,.ion-android-add:before,.ion-android-add-circle:before,.ion-android-alarm-clock:before,.ion-android-alert:

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\main-customer-accounts-site[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with LF, NEL line terminators Category: downloaded Size (bytes): 532967 Entropy (8bit): 5.342058864909994 Encrypted: false SSDEEP: 6144:4od6CsNhQLGZTDeFzpKNQt6//7K0x6nchSOFTATi:NNLiF8ewnc9FX MD5: 0FA1BADF55DC82D2E2B50788229D0383 SHA1: 48DA9A8BFD0BED55F29BC4034B2AC497F3C85370 SHA-256: 52E3E4A8C55BC3E562EC8AE059E2C8790999DB6F366FCC70AA16501183BA4B4E SHA-512: 433FEC9BF496C17DA302EB97BAE3A839B7501A5ACE89B103609957ADC70055B854C3DD9DBA746EC1632FC6D2912B714DF2679C7828CD3250EC3C7B3929AF03D 1 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1622755348 Preview: (function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={exports:{},id:r,loaded:false};e[r].call(i.exports,i,i.exports,n);i.loaded=true;return i.exports}n.m=e;n. c=t;n.p="https://cdn2.editmysite.com/js/";n.p="https://"+window.ASSETS_BASE+"/js/"||n.p;return n(0)})([function(e,t,n){e.exports=n(321)},function(e,t,n){var r;!(r=function() {if(window.Weebly!==undefined&&window.Weebly.jQuery!==undefined){return window.Weebly.jQuery}return window.jQuery}.call(t,n,t,e),r!==undefined&&(e.exports=r) )},function(e,t,n){var r,i;!(r=[n(1)],i=function(e){window.Weebly=window._W=window._W||{};window._W.utl=window._W.utl||function(e){window._W.failedTls=window._W .failedTls||[];window._W.failedTls.push(e);return e};window._W.ftl=window._W.ftl||function(e){window._W.failedFtls=window._W.failedFtls||[];window._W.failedFtls.push(e);r eturn""};window._W.utl=window._W.utl||function(e){window._W.failedUtls=window._W.failedUtls||[];window._W.failedUtls.push(e);return""};window._W.stl=window._W.s

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\rowsconcept[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 49158 Entropy (8bit): 4.8202186427726375 Encrypted: false SSDEEP: 1536:y+5581IgrD8zvK508nfWgLqQHMtbv/cC8nINcuyE1J8vRY:Z8r8d808YJ8u MD5: 745B54070C7A541F8D0B4DB8E266B663 SHA1: 70796DA230AD216BDDFE472F9CBBE721DB0C241C SHA-256: 3CE414BDADD954365590DDBE52057E0B465B89FB5E0ECAF6E7C7B12997480308 SHA-512: BAC3CBED2C6C18580C7A1E99DD0F53335F6825FA02F655AB8198477DD20D55EAE38A1575F75ED64A58CF45F6D48508F86BE47DF15ADD98377B4C2EF32FE6821 9 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/d/designs/base/rowsconcept.css Preview: @media screen and (max-width: 724px) {. body.stefan-asafti .content-wrapper .layout5-row .span4 .first .section,. body.stefan-asafti .content-wrapper .layout5-row .span 6 .first .section,. body.stefan-asafti .content-wrapper .layout5-row .span12 .first .section {. padding-top: 10px;. padding-left: 10px;. }. body.stefan-asafti .content-wra pper .layout5-row .span4 .last .section,. body.stefan-asafti .content-wrapper .layout5-row .span6 .last .section,. body.stefan-asafti .content-wrapper .layout5-row .span12 .last .section {. padding-bottom: 10px;. }. body.stefan-asafti .content-wrapper .layout5-row .span4 .section,. body.stefan-asafti .content-wrapper .layout5-row .span6 .se ction,. body.stefan-asafti .content-wrapper .layout5-row .span12 .section {. padding: unset;. padding-left: 10px;. padding-right: 10px;. padding-top: 10px;. padding-bottom: 10px;. }. body.stefan-asafti .content-wrapper .layout5-row.signature-image {. overflow: hidden;. width:

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\social-icons[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 13081 Entropy (8bit): 4.750903527683718 Encrypted: false SSDEEP: 192:YbRWcfub2DJmUDmDrW4xH3gSJJbfebOQzamKy:N3gSJJbfebOQzamKy MD5: 0E88A77A4EE5A62B2ACEF9916548087C SHA1: E265FBE69C1269E3F5B1E79FB6326C88EF7CAFF0 SHA-256: C0FC8CB6E360703D5EA3C7BDD69F65AC63A9B16FB5A9513B297F3CC9D8425712 SHA-512: 9627B47F19643843A79B8453FEBE005924E8F2E8CA705C58B71F0C6244127E09F76AE6A8967128191B4188A663E3F020A71172F0748C9001C99A8A1313D0FF6D Malicious: false

    Copyright Joe Security LLC 2021 Page 19 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\social-icons[1].css Reputation: low IE Cache URL: https://cdn2.editmysite.com/css/social-icons.css?buildtime=1622755348 Preview: @font-face{font-family:"wsocial";src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot?ts=1622754546117);src:url(//cdn2.editmysite.com/fonts/wSocial/wsocial.eot? ts=1622754546117#iefix) format("embedded-opentype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.woff?ts=1622754546117) format("woff"),url(//cdn2.editmysi te.com/fonts/wSocial/wsocial.ttf?ts=1622754546117) format("truetype"),url(//cdn2.editmysite.com/fonts/wSocial/wsocial.svg?ts=1622754546117#wsocial) format("svg" );font-weight:normal;font-style:normal}.wsite-social-dribbble:before{content:"\e60c"}.wsite-com-product-social-dribbble:before{content:"\e60c"}.wsite-social-color .wsite- social-dribbble:before{content:"\e60c";color:#f077a0}.wsite-social-square .wsite-social-dribbble,.wsite-social-square.wsite-social-dribbble{background-color:#f077a0}.wsite- social-square .wsite-social-dribbble:after,.wsite-social-square.wsite-social-dribbble:after{content:"\e60c";color:#ffffff}.wsite-social-mail:before{content:"\e603"}.wsite-com- pro

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\somelinks[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 5712 Entropy (8bit): 4.840227092465098 Encrypted: false SSDEEP: 96:t9eNCYm70zC4CCzdCOq5Ic65Nbkem6TN26keylyBv:t9eQRQuPtvqc65OLaKpav MD5: 4DDDA98C50B7F5652B1C4E743C01F343 SHA1: 703BB5309B261ECF0D9BD0AB8789B1597F41C9D7 SHA-256: A84CD15387E15DF55B5B1FA3B6361DEFE0DA90629C3283852D27D4C8D0F576CA SHA-512: 61EF511BEF03D040EF129739A2DA3A94F40F9C0BE33F89A298060987176995EE7A86F991124950DFF4FCA55D85D6A1A492A6D0892C41D89D63A282A065C417F0 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/d/designs/base/somelinks.css Preview: .social-media-links {. display: flex;.}..social-media-links.display-contact-information .phone-email {. width: 50%;. padding: 7px 0px;. padding-left: 2em;.}..social-media- links.display-contact-information .header-icons {. width: 50%;.}..social-media-links .header-icons {. display: flex;. align-items: center;. justify-content: flex-end;. padding: 7px 0px;. width: 100%;.}..social-media-links .header-icons:not(:last-child) {. padding-right: 20px;.}..social-media-links .social-media-decoration {. text-decoration: none !important;.}.@media screen and (min-width: 724px) {. .social-media-links .social-media-links-container {. justify-content: left !important;. }.}..social-media-links .social- media-links-container {. display: flex;. align-items: center;. justify-content: center;.}..social-media-links .social-media-icon-header {. display: flex;. align-items: center;. justify-content: center;. width: 14px;. height: 14px;. font-size: 14px;. border-radius: 60px;. paddin

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\soundmanager2_flash9[1].swf Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Macromedia Flash data (compressed), version 14 Category: downloaded Size (bytes): 8678 Entropy (8bit): 7.976931613613915 Encrypted: false SSDEEP: 192:ZOV8hcu5qfh75a4zhNUUyCYYmDmbeXZliR0DKBCt4SbJ9J7:w8hcuwps4QUyvYm+ejiR0+B09bD5 MD5: D90C2E7B025FEB999EFD3A72BB837361 SHA1: 538C3038A8C697E7B1C8CB20775BDDCE52F4FE1A SHA-256: 6CC64D582CEEB1087AA0E1295003DA6D26447328369935D136A7921937360C26 SHA-512: 4949599B52C8E6121BCB02C60271B41C9590F08AE0B6105F7C4655595ED85686A8DC967E8C3D19EF89E8384F7B8CD13F748759F00BE7C7B84D249C104D48C542 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/Images/sm297/soundmanager2_flash9.swf Preview: CWS..>..x.{yx\G.xW...fF3..-.R...E...$.l.c[...... 'Q.73.i.C.!.....\..p.B.(qH.$$@ ....v.F...,...... B`/...Cr...??}.~}TWWUWWU.$'..S...2..X..J...... 4...... fr.-..3U*Mn..>~.x..M]..D. ..7w..v..n@.....~bC.xy.VI..(&...R:..P[....:;...D..d...$..n#cd.\...k#.J&...BV/m.''3.N.Ol(..c..)c...... 4...e...'.D..f...... d...C.\...K.B..IH.L$#.6N ...x&]L...#y.t\/...r.Y_..H...... Z...... >....>al. .+.jm.^2...OF6.F#.=.7.Q...... ne.._..g}|~~....w\EP...... _....h...... G....#...K_u=c8...56...bn..H.K.)S.tR.)....#...zN.[..._.Q.1E...... G..6....G.D) y.....K..'..d|..<.*..%=....+....R~...8m..o.CZF!.gv..k...Q,5..f...... X..n.c_!?Q...G.A..IvU[.|....v...... (.Q...... Q2...... z...O..s.....j..Id..?)[.b)?.b..J..^..BR.s

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stl[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 170062 Entropy (8bit): 5.060695158300361 Encrypted: false SSDEEP: 3072:K6k8IV7i3vsVWO97/ZoIdrvrgc5/f2XP4mTieamfKqz0/pvlU+571iiNbAylRXrf:c84evRG MD5: 9815DE6C8BF1B17B4793AAE261F09B08 SHA1: 861CE1246462A69033931891E30F9666A5FC9395 SHA-256: BE14BA6B935B9164CB04C34D8CBAB403BF0084BB014C7D6CED656E8E722A160A SHA-512: 3BB64DF7B2956FD32970404358275958C1E518166526C39282F0014D0465031B0BF19894E91C52E78F039D6AE5701A02B5C9B146B4AEA31F51F475BDB8576774 Malicious: false

    Copyright Joe Security LLC 2021 Page 20 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\stl[1].js Reputation: low IE Cache URL: https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1622755348& Preview: .window._W = window.Weebly = window.Weebly || {};._W.getSiteLanguageURL = function(lang){..return '//cdn2.editmysite.com/js/lang/%lang%/stl.js?buildTime=1234&'. replace('%lang%', lang);.}._W.tli=function(s){return s;}._W.siteLang = 'en';._W.ftl=_W.stl=(function() {..var f = function(s) {...var t = tls[s] || s;...var a = Array.prototype.sli ce.call(arguments, 1);...for (var i = 0; i < a.length; i++) {....t = t.split('{{'+i+'}}').join(a[i]);...}...... return t ? t.replace(/^\\s*(.+?)\\s*$/, '$1') : s;..},..tls = JSON.parse('{\"theme.detail s\":\"Details\",\"theme.subtotal\":\"Subtotal\",\"theme.checkout\":\"Checkout\",\"theme.readNow\":\"Read Now\",\"theme.backToBlog\":\"Back to Blog\",\"theme.share\":\"Sha re\",\"theme.description\":\"Description\",\"theme.qty\":\"Qty\",\"templates.elements.cookie-opt-out.disclaimer\":\"This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\71495645.design.v1622463708[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 270609 Entropy (8bit): 5.181803216529539 Encrypted: false SSDEEP: 1536:sEf8fplaBh2rDN/ftOo3iPJxTnfQiezE1uls43Clv7:E7NyPwieKvN MD5: 71895EAA9C16A5272649676E9F2BC986 SHA1: 572E5648EA4768FEF2C2034733D2C98D9C28C648 SHA-256: EBFB2490A2C7E480D2A9D7C969084FD44E3E262E08B4FC0B24C79385BA047E50 SHA-512: FADD6C04A519B98186477D7E2ABA409C4F4C2A3347275953512E7607E208342576EA95E4C4D76AB9438DD6DD454DD6650AC8C3375B1550D1CBED85F330928D9F Malicious: false Reputation: low IE Cache URL: https://css.simplesite.com/e4/05/71495645.design.v1622463708.css?h=ebfb2490a2c7e480d2a9d7c969084fd44e3e262e08b4fc0b24c79385ba047e50 Preview: /* LESS Output Begin */.../* MD5-Hash:[d41d8cd98f00b204e9800998ecf8427e] */..@import url(https://fonts.googleapis.com/css?family=Lato:700|Merriweather&subset=cy rillic,latin-ext,vietnamese);.nivoSlider{position:relative;width:100%;height:auto;overflow:hidden}.nivoSlider img{position:absolute;top:0;left:0;max-width:none}.nivo-main- image{display:block!important;position:relative!important;width:100%!important}.nivoSlider a.nivo-imageLink{position:absolute;top:0;left:0;width:100%;height:100%;border: 0;padding:0;margin:0;z-index:6;display:none;background:#fff;filter:alpha(opacity=0);opacity:0}.nivo-slice{display:block;position:absolute;z-index:5;height:100%;top:0}.nivo- box{display:block;position:absolute;z-index:5;overflow:hidden}.nivo-box img{display:block}.nivo-caption{position:absolute;left:0;bottom:0;background:#000;color:#fff;wid th:100%;z-index:8;padding:5px 10px;opacity:.8;overflow:hidden;display:none;-moz-opacity:.8;filter:alpha(opacity=8);-webkit-box-sizing:border-box;-moz-box-sizing

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\OZpbg_xvsDZQL_LKIF7q4jP_eE3vfqne[1].woff

    Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 49732, version 1.1 Category: downloaded Size (bytes): 49732 Entropy (8bit): 7.991085553628037 Encrypted: true SSDEEP: 768:e501gRHSDmKmC5vm4DXAMj7SGlLbIIP1L1WyKeEkcQowQhFaKfv:e501RmtkX85IP+yJEkcrwyagv MD5: 236BF209453D5788642AA825F4CFC137 SHA1: 45A7A69D307B0B4FF92410A7388275ADE30B03EF SHA-256: 07AE2FB42BCF7408559A1B756834892A304F89B089645820657A3F8DD9B8915B SHA-512: 32227B4E6C0817BD3EE2639747244CB28E0105E448F1F6D23EF4EB3EE32B558A094DA52AF6E1A41235DA76C259DBB1D0E6E6931D5F8C35C9B249FA46AD726FF A Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocento/v12/OZpbg_xvsDZQL_LKIF7q4jP_eE3vfqne.woff Preview: wOFF...... D...... >...... GPOS...l...... 1P_.{dGSUB...T...... ?.K?OS/2...... S...`n#.*cmap...0...... n\..cvt ...... %...0."..fpgm...4...... IAy..gasp...... glyf...... K...m ...head...,...6...6.n.uhhea...d...... $...Uhmtx...... \...... loca...... $|..maxp...... *name...... T....VTi.post...0...... b")I./|...../~..@ A.SH1.....dY.E.j.5.qM.z^.7.^u..P..$J.U...&..Pc...rq.5E{%U.$M.d/...... k....tP^..k..sk.d.-..\...^..x...D..Z&/i7Q.. \*u...... N..~..x..{./.\n4...x=..v..qd..z...... 1...... Z3.d...&X.K*6U..U.L....-"\|wcu...|8...n..h..~....*[email protected]....><....S..=>@N.....r..G._`.>..3l....nDu.....w<..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\YUYTH2QQ.htm

    Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 22384 Entropy (8bit): 5.348963991330346 Encrypted: false SSDEEP: 384:rcwGIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZuzIRIOITIwIgIiKZgNDfIwIGI5IVJZ:IIRIOITIwIgIiKZgNDfIwIGI5IVJ7SUn MD5: E0D9FE9912D0530E9ACF83615C8010A9 SHA1: 01738841974845DF564FD25633A56895C8E95E42 SHA-256: 051BD2DAF3586185AA7C097ED9E51033317896957974A2CE31DD361685241688 SHA-512: 6464878F6A0B39257B9C8929C287661A47D6AA88B1FBC20A9775F4304799650F26355E22A7AB31640B3A25E93B82DA70029F7FA3A96277190D6339655BD3826C Malicious: true

    Copyright Joe Security LLC 2021 Page 21 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\YUYTH2QQ.htm

    Yara Hits: Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\YUYTH2QQ.htm, Author: Joe Security Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/ Preview: ................. ......

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fa-regular-400[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Font Awesome 5 Free Regular family Category: downloaded Size (bytes): 34388 Entropy (8bit): 6.3192978450446855 Encrypted: false SSDEEP: 384:b/ILltPRwpXUazLuDULbN1TH/uOlrk4jx3I+89AyI6WcRwk9cQUm:bALDPXy6DO7/uOtx29uc59cQUm MD5: 859001F6AE8EB0BB3878AAA971B50FC6 SHA1: BFE858743BEA5FD2C7AFCE109CDB02B48B39928E SHA-256: 939CA0E66E9E1C2966AFAA7CCFA5EA2D8294043CD32424ED84A3BFB22D3B0071 SHA-512: A73B8D47959C1782BB2E7AD49AB1543D70B77F850B0059B9EC588348AA523FA4604D5D261A4E7059CA4E2BA30D6A1313060AF50D80448DB29E69D156C3C8C810 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/webfonts/fa-regular-400.eot? Preview: T...,...... LP...... xR6...... 6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...J.3.2.9...7.3.0. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r. s.i.o.n.:. .5...8...2.)...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r...... PFFTM.N.6...... GDEF.*...... OS/2A...... X...`cmap...... gasp...... glyfl...... n.head... )...... 6hhea.5...... $hmtx...t...... Tloca.E...... 6maxp...... 8... name,41...w....Upost.OA...}<...... I..6Rx._.<...... c...... c...... @...... L.f...G.L.f...... PfEd...... T...... :...... @...... @...... @...... @...... @...@...... @...@...... `...... @...... @......

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fa-solid-900[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Font Awesome 5 Free Solid family Category: downloaded Size (bytes): 186708 Entropy (8bit): 6.356083890637828 Encrypted: false SSDEEP: 3072:hCNGM3n0ubr9ejZ5hLL1CdvPXiazQYY0UhWVNaKL/gjrLhFlxwP+SiehAMedj:ENGM3n04BGh9CxXiMQP0UhW3ejfhFHwK MD5: E2675A616B68F446FA6284C111554C7F SHA1: E256DFF855F792E365F35B3A37877BF9E8FDC98E SHA-256: E055D9C84DCB6AB8684F27E7AC6B48082B626B7C53639502FD05BF45CD43AFE3 SHA-512: B4D670498384CF9D000B3D7840E005025280D0A373C4F0E01A1029B4779B0EE7DE8F01A3D423CE5093D7AFF8CD1F42A4E901EA22D5A6DCDF0DC3A112128CCB9 2 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/webfonts/fa-solid-900.eot? Preview: T...8...... LP...... d...... 2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d.....S.o.l.i.d...J.3.2.9...7.3.0. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...8...2.)...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d...... PFFTM.N.6...... GDEF.*...... OS/2C.....X...`[email protected]...... glyfX.....*(..{4head...)...... 6hhe a.C...... $hmtx8...... loca.1*....x....maxp...... 8... nameG...... \...%post...... -m.....I..d..._.<...... c...... c...... @...... L. f...G.L.f...... PfEd.....>...... T...... :...... @...... `...... @...... @...... @...... @...... @...@...... @...... `...@.....@...... @

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\frontendApp.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 832430 Entropy (8bit): 5.342938058319246 Encrypted: false SSDEEP: 12288:ekhvBmz6SZTHfqO3icT9Hdmlha16ugogs/6XiZu2sJWdBU/xYYJpSp/blRf:BBw/A3JWdgxYYDSZblJ MD5: 24E1B01A60106379078E08EB2A131156 SHA1: 8588A1A1E76B5BA5598EFD29C7CB32F6D5139F5C SHA-256: 4A12751F5E6ABE190738CCE1F72F94DD2E97AB1CD086F983BCDF7DBA97166D9A SHA-512: 9093F7270F94592928763ABA5553D596742F874083D9FA81B740F808DAFC4AA21A2AB63BED3398972F84019D7C67CC6B8F4F0DABF7943C2DCB00A69E58255D18 Copyright Joe Security LLC 2021 Page 22 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\frontendApp.min[1].js Malicious: false Reputation: low IE Cache URL: https://css.simplesite.com/c/js/frontendApp.min.js?_v=24e1b01a60106379078e08eb2a131156 Preview: !function(){function t(t){this.setOptions(t);var e=this;this.timerDelegate=function(){e.onTimerEvent()},this.subjects=[],this.subjectScopes=[],this.target=0,this.state=0, this.lastTime=null}function e(e,i,n,o,s){this.els=t.makeArray(e),this.property="opacity"==i&&window.ActiveXObject?"filter":t.camelize(i),this.from=parseFloat(n),this.to=p arseFloat(o),this.units=null!=s?s:"px"}function i(e,i,n,o){this.els=t.makeArray(e),this.property=t.camelize(i),this.to=this.expandColor(o),this.from=this.expandColor(n),t his.origFrom=n,this.origTo=o}function n(e,i,n,o,s){this.els=t.makeArray(e),this.property=t.camelize(i),this.from=n,this.to=o,this.threshold=s||.5}function o(s,r,a){if(s=t .makeArray(s),this.subjects=[],0!=s.length){var l,c,u;if(a)u=this.parseStyle(r,s[0]),c=this.parseStyle(a,s[0]);else{c=this.parseStyle(r,s[0]),u={};for(l in c)u[l]=o.getStyle(s[0],l )}var l;for(l in u)u[l]==c[l]&&(delete u[l],delete c[l]);var l,h,d,p,f,m;for(l in u){var g=String(u[l]),v=String(c[l]);if(null!=c[l]){if(f=i

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false SSDEEP: 768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false Reputation: low IE Cache URL: https://ssl.google-analytics.com/ga.js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-1.10.2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 93064 Entropy (8bit): 5.3000011389598916 Encrypted: false SSDEEP: 1536:34mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RlfDknv+p0WzH/IoSZ7qABZnu0sFv:3GsKXlI2p0WPSbDrstfam MD5: BDCE12C949E78D570C8D44E9C2B23508 SHA1: 9AFDC4FEC954646BD6270CAF82F107FDEF605BC5 SHA-256: C73B004EBF31B395CF237C3D2B13C1E576F385E04660CEB5F7BE163FF3C201DC SHA-512: B96588D93FB86228ECC8F501BEE6DB5F199B20B086FC88C683BBE1FEB6C343DEC3F99467E1D3140B7F4731D07ADF2F918F0CA88BB257D10B5AB8879FF9CE8E D3 Malicious: false Reputation: low IE Cache URL: https://www.simplesite.com/c/js/jquery-1.10.2.min.js Preview: /*! jQuery v1.10.2 | (c) 2005, 2013 jQuery Foundation, Inc. | jquery.org/license.*/.(function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQ uery,u=e.$,c={},p=[],f="1.10.2",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(? :\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,k=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,E=/^[\],:{}\s] *$/,S=/(?:^|:|,)(?:\s*\[)+/g,A=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,j=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,D=/^-ms-/,L=/-([\da-z])/gi,H=function(e,t){return t.to UpperCase()},q=function(e){(a.addEventListener||"load"===e.type||"complete"===a.readyState)&&(_(),x.ready())},_=function(){a.addEventListener?(a.removeEventList ener("DOMContentLoaded",q,!1),e.removeEventListener("load",q,!1)):(a.detachEvent("onreadystatechange",q),e.detachEvent("onload",q))};x.fn=x.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\screen-shot-2021-04-08-at-5-19-32-pm[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 417 x 267, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 79721 Entropy (8bit): 7.988953164252036 Encrypted: false SSDEEP: 1536:NfY2lYix6Fx/DcJKUiI1iehMdVND+SIJrfn6l4XAGnk2UD1vCM57axwObhjiyU:9YUQxgsUbEVdVNiSIBCl4XLQDRJ1Obh0 MD5: 4FB7A01491355276C0E38372501D5A21 SHA1: 5B6527DE0478EEACDC33AFA4D374BD67D9056335 SHA-256: A95FF8B7B94CC17BB3C943D14B757BF7335E8E59C9C46D960EB06BC47CE78D1E

    Copyright Joe Security LLC 2021 Page 23 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\screen-shot-2021-04-08-at-5-19-32-pm[1].png SHA-512: E82B17772D66A6224AE552246DA7634BE481441F5A2955495DD3BE51DAF0CAE61BC3936ABEDE2E1711AD1063A3BD95AD329E76730AA9D359C5D45804D190086 B Malicious: false Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/uploads/1/3/7/9/137919641/published/screen-shot-2021-04-08-at-5-19-32-pm.png?1622800426 Preview: .PNG...... IHDR...... p/9J..70IDATx...!...... 8A..'[email protected][email protected][email protected][email protected]..$...... H...... H...... H...... H...... ?o...;!...&7=..BI ..E).... M..:.. lc...."]}.... M.HS..A.C $...ws...s....:..{Z.9{.~m..)..EJ.DJ.DJ.D .)..)..)..EJ.DJ.DJ.D .)..)..)..EJ.DJ.DJ.D .)..)..)./!TZZ.VJJKB>S.u...... T...K]...... +..n....q.*.s..?k.~.{...Tb.]..\...7.....m ...... "!.-.:.v.u..5.Rj..u`...[}.b..Z.f]....6..^'.e...=3..c.....^.>.~...#.9V..v..:V.$...vz...... s..a.y-.9....n{}...... So...... ?)u..G[.`..&h.Y..'6.a\...x..(..5.a5B.P.~.l.g<,..Li.^o....:7`@.6..7;...... @S...... C.P.n.h.....p....s_wi..]Z.....NY...5..~..1.90...Fm...... D...x.u..A..m.i.3..... d.PC..=...g{[g.7.W..>\.^.i.X..3..u.l..c_....4*u[.qu.I..-0..s.tY.;....Z.+J=.!.~.vd.D.k..C.*-0. <.vP..2..,.5...... J.0]..x..(..,..?...... kM.S-<.pr....:[email protected]%....z...v..4..m..E7}K..b.T.L8m,l.r...... R....5...... 8...,b..T...... I.-[..CS."-....V.e?../..K?bq..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\screen-shot-2021-06-04-at-6-39-23-am[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 840 x 340, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 179781 Entropy (8bit): 7.988796278220561 Encrypted: false SSDEEP: 3072:eokP7BKRHMr1k+kBMaDre1J/kXslIZ2WOO/CTVyYigPK2uz0I2SdDhMcpqZZkzw:e9tD1/+jre1J/WB//CTVyYi45It3wZZ/ MD5: 34835C6AF7953B34922288706D66323D SHA1: 4E3AB10E9795976730B24D35B4362C2783ABF238 SHA-256: B7E95D71A5902E811E47EAC8AA24462C5E75025925BEC84C79EAE2B39C24AD39 SHA-512: 47E2F320E0F3818D3A7564B2EFB2989CEA5C6FA04C108AA429C3DE766D6138A520BA8AAB480FD1CB42D64F31B58382D6996D2554224D5C182DF3062C1C2E2538 Malicious: false Reputation: low IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/uploads/1/3/7/9/137919641/published/screen-shot-2021-06-04-at-6-39-23-am.png?1622800174 Preview: .PNG...... IHDR...H...T...... l...... orNT..w.....IDATx...y.%.}[email protected]....$.eB.A.#.d.X....H.l.G....f...F...I1r.....x$.~&)..).&i...... X...w..S...... /...... Et.{...... -...'.9...... Z.1f...Bk}. ..#;.#;...... "..[..";..,....{...... E}.^...... lW..?...W...... '.k.H....C.#;...k-J)..../|...'MS...&".Z-..wp.}...wdGvdG.$..Z.=.s.h6.4..v...... "...Q198K.-....*...... H...g..0Xk....6...#M.3.;.# ;2.D...... :..s..w.&..M...... q..!....a...... P..g..."MS...... Y..../...r...... #."..4../.s4..?.....s..Jz...... s..4...^....IT...... m.C.....s.D..O..O9{.,?.S?5s%g...;.#.79{.,...... yx.'8z.(..D. vdGvdG..7q..G.....V/.:.c.x....o_.1.^{-g...... n..K..1.....H.+..o}...c...... *..7.<}./.U...... =...<...F.Q4g.%.2..,//.{..hR.A.*.J.b3.F.....<....k..:.W^9...... 3.p.....H...Y..s...1...;...m..b#..`. <_l.b..v7&./.I....;...... *...Xkq.u..Y.Ol;...... w...... ')..j3....U]h#}.t^..... 'm...gy..gy...^@..x...\...7...{.o.w.}7_..XXX`.]

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\sdk[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 3224 Entropy (8bit): 5.606531121279128 Encrypted: false SSDEEP: 48:Vi+y/clUyAQHWs5+TaorOFzyHOgeEh7z5jFqxv4tx5YHIekZ462X+wJXDuExjGx:g+5AQHAray48f5JJYHIh4PJJXDu9 MD5: CCB9AE804F93AD6CED474A6AA8CD4844 SHA1: 97F934723411AFCFEA4E673710E1EE8770E77AC7 SHA-256: D44EC60ADC28073CE8A924A5EB4072868150E06082D42E42A2A02F0BC35A82C7 SHA-512: B97821DAA3B246FFEEC77D58F2CA826C4E2C73CBFA883911A546EFCEE2F923C1DE71EADF703165634B9F50E6654937049E307B95B6C588D5FC5CA3DCE29F1F0 B Malicious: false Reputation: low IE Cache URL: https://connect.facebook.net/en_US/sdk.js Preview: /*1623084690,,JIT Construction: v1003915564,en_US*/../**. * Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. *. * You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. *. * As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTAB ILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\va9a4lja2NVIDdIAAoMR5MfuElaRB0zMh0P2Hg[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 34136, version 1.1 Category: downloaded Size (bytes): 34136 Entropy (8bit): 7.9872652826418 Encrypted: false SSDEEP: 768:k2TS6an9jxzSmDR5MaNmDLhwUX6iHHfsojBrk7QcSYZ85dP:Gn9jxlR5MJPhwUKiPj0QlYC55 MD5: BAB60E8CFCE720F643AF637F870B850B SHA1: E8D7264D7DD0FB6E3431CB8EBD6B5DADE3B39823 SHA-256: FBADEBCCE90E5552D3721FAAC1BCCA1ACD3437BA57CB68EC3DEED769C87887CE Copyright Joe Security LLC 2021 Page 24 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\va9a4lja2NVIDdIAAoMR5MfuElaRB0zMh0P2Hg[1].woff SHA-512: 82AE5DA4455E1CCFB6EE1F03803BEDDA2A1C28E48E8966F67B87CC66CC96733631CB60A1C4CB5203011FF1A96389B1B259640E94DAD11395E567FEC4EA3AA78 6 Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocentosans/v13/va9a4lja2NVIDdIAAoMR5MfuElaRB0zMh0P2Hg.woff Preview: wOFF...... X...... U...... GPOS...l...S..=.....GSUB...... B.M.OS/2...H...W...`j...cmap...... KT/.cvt ...t...+...0.{.Pfpgm...... IAy..gasp...D...... glyf...L..c".... .}..head..}p...6...6...hhea..}...... $.B..hmtx..}....?.....e..loca...... f.maxp...... name...... ^....].o.post...\...... Ao.CDprep...... V...V...x.$...P....k;.5f.m.vM.m.C..g..D.L.Q.._. a.....R..o.!I..:dDHz3...'yh$4....EDS.!.._...R.i..[F."...+...J.:D=....h.v....\..7.....F6.....i.7b.L.8.U..c}.C;....g.vl'....|u.."n.w.;.]..{..:.Q._.../...U.6..P...... !".i.D....B...E)N.JR..T."U.N m.P..4...iBs:...a...... 2...b.S..Lf...b5.X.F6..].a?.8.1.s....4g..Enq.;..!.y.H|9..$Q.....f`m...... 5F.5Bk...... lv.V..}o..."#.^....{..Y....<...)...~*....]...xw.....{...k..^'..NI..|.~v\(}w../...>.o...j..[ [email protected].~..5|....z;xw...... 3\....w.....a....[....[.-.A..."..|....r.\N...%.E.1.s..XW.G...H_u.qs..g.9.5.3...9.n.I.F....!.l.y..k..w<.0'\.0F.Kw5..zP.G...h.Q.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\va9c4lja2NVIDdIAAoMR5MfuElaRB0zHt0k[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 31580, version 1.1 Category: downloaded Size (bytes): 31580 Entropy (8bit): 7.984857083477711 Encrypted: false SSDEEP: 768:sCBPck+/nukaac67yMhPUgb1DkFcQ+8DbzdP:dBPc9uJalPhPUi1DiM6z5 MD5: 7DFA8D9D47BE6A61596B8FFD686813A9 SHA1: 114FD7A4D18876E3DBD8BE3D385DEBEDFDC09E79 SHA-256: 0A11E81CC846F83022291E523B0FF58566150819084C9A7C033BC42F57DBFF2E SHA-512: B5D137C46ABC01B7B13B5D4FF3C578AD4F9BB929AA8C085FF86216D9AFC693D94109BE75A5A55E707C6AFDF925DAB3D3EACF5789CECCA3D512A195A287D304 1A Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/quattrocentosans/v13/va9c4lja2NVIDdIAAoMR5MfuElaRB0zHt0k.woff Preview: wOFF...... {\...... I...... GPOS...l...... *.NO6.GSUB...4...... B.M.OS/2...... W...`j..-cmap...... KT/.cvt ...... *...0.y.Nfpgm...... IAy..gasp...... glyf...... _....< .8.Lhead..s....6...6.$..hhea..s...... $...Zhmtx..s....3.....},Ploca..v...... ^...maxp..w...... name..x....R...vV.gBpost..y`...... Ao.CDprep..{....V...V...x.$..lXQ.....E.FE8.^4.[0.f0 [....`.m.{.o..D ...... w.m..X.F'.|...... U,.k.&.P...E...d..Y...e/.o....Zv...<.B..'.m.SF.x....QK.*uD}W.*R.Z..u_.L...K.^....h....l..&.$.RS...a..1...... L..'...... '..M?.3...c8#..(F3..Lf...l.el`+ ...n...C...'9.E.q.....Ox.K^..|.....W.....L..D.M:..k.chK..Zj..R..J...s.....d...W....6.lj.f.X.j#...j...... en...u....?G3..b..kR!.b.....S...._...V...... '..v.l....5.>f.....~....cw..>@5..A.._~..g.Ie.^.q 19."et.t....?+MU.BU,.[..#m..&j.|D.e./r...j.4Y...!...jWA&"...... N....J.*...J.*....8..P...k=&rX.^....Z....^.WT...^....j..u...(..kJlM..|i....Y..E.v1...5...

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\OS1DYB4I.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators Category: downloaded Size (bytes): 50436 Entropy (8bit): 4.682550598756895 Encrypted: false SSDEEP: 768:m77jxsk8aJFiQZAFtk8aJFiQZAFPF6qNr/6YSu+OQt6ZoE4Eo29ug:mvM7GM7dFn1jDjoEv9ug MD5: 28FC0086AF0B900D32572146E7F31A91 SHA1: 08A5F887765C22BE593DBA64D2A2E7AE110035FD SHA-256: 6A672431FCB74EB80C1F608BD26459D0221653BD56F91842402CBDAA14D95D8E SHA-512: 6066B7492496DF61FF3FB5EE0B6C5F7193E6E544B40EC931488589BE0F04668EF178C758DA97BF7DE2155800750E797E12CDB0D2A32CB41EEC7703B7CBEFE9D3 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/ Preview: ....... .........5.....E;4.D;3.D;3.D<3.F<5.E<4...... F?4.ID5.D<37C; 3.C;2.C;2.C;2.C;3.D<3LE=3.E=2.D<3.D=3.C<2QC;2.C;2.C;2.C;2.D;3.D;46JB;.G>6...... E;4.H<5.D;3]C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2.G<3.G< 4.D<3.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3[C=7.C<4...... H<7.B;1.D<3CC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2nD<3sC;2.C;2.C;2.C;2.C;2.C;2.C;2.C; 2.C;2.D<3@B:3.HA2...... D<3.E<4.C;2.C;2.C;2.C;2.D<2.C;2bD<3pC<2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3lD<3^D;2.C;2.C;2.C;2.C;2.E<3.D<3...... C;2.D<3FC;2.C;2.C;2.D;2.F=3.E=

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\free-footer-v3[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 2633 Entropy (8bit): 5.0358460999390555 Encrypted: false SSDEEP: 48:kIGDhDRSDDTUN5D8QSDmvQ53Q3fDTTvArx1qAOY:BUgmGsPTvArx1qAOY MD5: B09E83D2AEAC55C0D3B67186CD5009FF SHA1: FA87CEC84CC36FC2E70804867DA24578EA331999 SHA-256: 251A983A1B4B2CC76542AA398AE6B3499978A788860B54A8081D35D7A843303C SHA-512: 3E98FC9895EAA5B9965329A428A9D5EDA04C442C984D1D6F18C8E608D1DD3C740E71CA38F108671CCC828981CF20DEC0FF9ED97E2890744B5C409688962D679A Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/css/free-footer-v3.css?buildtime=1622755348 Preview: #weebly-footer-signup-container-v3{overflow-y:hidden;font-family:SQMarket-Medium,SQMarket,"Helvetica Neue","Helvetica","Arial",sans-serif;line-height:normal;-webkit- font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;z-index:1}#weebly-footer-signup-container-v3 .signup-container-header{position:relative;display:block;font- size:14px;height:100%;font-weight:bold;cursor:pointer;text-transform:uppercase;color:white;text-decoration:none}#weebly-footer-signup-container-v3 .signup-container-he ader .powered-by{position:absolute;top:0;right:0;padding-top:15px;padding-right:30px;height:100%;opacity:1;left:2%}#weebly-footer-signup-container-v3 .signup-co ntainer-header .powered-by .link{vertical-align:middle}#weebly-footer-signup-container-v3 .signup-container-header .weebly-icon{display:inline-block;height:23px;width:76p x;margin-left:5px;padding-bottom:3px;background-image:url("../images/landing-pages/global/logotype.svg");background-repeat:no-repeat;background-size:contain;fil ter:bright

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\i286823014331379971._szw1280h1280_[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 958 x 220, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 78091 Entropy (8bit): 7.9718629238080405 Encrypted: false SSDEEP: 1536:WExI07dOulAkdZWynhox/Sp64PpevJ7eFxD/wc2YvwTDDsCVXW3xFxSv:LIQsrYhUKVUEh2YvwTfVXoSv MD5: D4B4D7964AB2394637D23305C41777A3 SHA1: A18CA9F0DA997BCBDF80CFE3EC14FBE500A25FB2 SHA-256: ACE27A665CC79A542D145EB5D4C1032B6B56B6512E4163CE522E1F510D117453 SHA-512: EC4E1A21BEABA70E8B07359444544427B4F31AA9BE555DBE84E47FEF69711AAD7B9CE24B4640B0FF722EF757034BC28F6D8B44F110B3AB6CBA572878A0C67E B7 Malicious: false Reputation: low IE Cache URL: https://cdn.simplesite.com/i/91/33/286823008566195089/i286823014331379971._szw1280h1280_.jpg Preview: .PNG...... IHDR...... W.}....OiCCPICC Profile..H....\[email protected]..!...2.Q.I a...T.R...QP+Z...j..N.:.....J-Vq...... }.....s..sr.{...... E..ERt8{rF&...... T`.L.B...... /..D} ...... *.".R....9G...A....\(W..@.@...... +`...j..r..s.\..II.A....&.(...o.zv.0.....C&...`.!..%.....c...... [email protected]..\4B..*...g9...... p..&Q.$.s.u.QP..f..>YN|.d#..".=d.*Q.j.Q....k.X.=D. .X....d..q:}N.4.....t...... X..L...W.'%.s....m.(4..O..R.:.7$b....e..t.T.0j.4-..>dceAr....-...m..$u...9bYt..?....J...... b..)?^.%...m}.]B.&~S.-b.7u.X99n8..8"R.;.)...... K.tc..:{.,..V.m!.+K.uc. .%pAj..q...m.xv.`B.6...... l..-...| ..k..=Q@...... N3<"].#..dP.~.$..q.^1(...#Z....jzK5#..C.E ....*.(..li.W...cv!...6u.?u\...iT.~.aKb$1..C."...x.....k.l^8...../{.CB..>.*..ps..\.I,.A7....8..q G...... w..g...... p.P8./..tq.sg..P"..~>.^.|.B.')as._...c..<.<.P.G....,...a..KW,..s..u...p..:.W..t

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ionicons[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Ionicons family Category: downloaded Size (bytes): 120724 Entropy (8bit): 6.287087751543086 Encrypted: false SSDEEP: 1536:AaXgEIdYIqdsNvGq1O2ogroUWg/E5YBwD2hNQflm60HDRDY6/dSbVB1uJaTDf:AO+dYjuGL2dcUJre2hL60HDRXpof MD5: 2C2AE068BE3B089E0A5B59ABB1831550 SHA1: 61532E89E212F8DD16BA31F3EBCF35C0A7334035 SHA-256: A4803D7BDEB478A5B9238FE74D8AAA98DAFE2E8E68FCCBD0E3F4DCED823F27F0 Copyright Joe Security LLC 2021 Page 27 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ionicons[1].eot SHA-512: A4E744E0D7A1E135ABAEF3FA5685EA365A114C43E0F614A4F34C5B0EA0EA1201FB31C97FE3A66B26DC037F78DC15864DDEB3F5C21E40D4D5F57537385E0196A 1 Malicious: false Reputation: low IE Cache URL: https://efax-01.simplesite.com/c/css/fonts/ionicons.eot?v=2.0.1 Preview: ...... LP...... G.%4...... I.o.n.i.c.o.n.s.....M.e.d.i.u.m... .V.e.r.s.i.o.n. .0.0.1...0.0.0...... I.o.n.i.c.o.n.s...... PFFTMm...... OS/2A9 a....X...`cmapm.n....8....cvt ...D...4....gasp...... glyf."&...... phead.k...... 6hhea...... $hmtxA..I...... ~loca..)....8....maxp.<.....8... name...n...l....post...... 4%.G_. <...... 3...... 3...... r...... @...... |...... L.f...G.L.f...... PfEd...... @...... @...... ` ...... `...... @...... `...... @...... @...... @...... N...... @..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jsapi[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF, LF line terminators Category: dropped Size (bytes): 260 Entropy (8bit): 5.342360473530174 Encrypted: false SSDEEP: 6:wRkrQWR0iYBtqWt2aSyujLKdqEijyxGoP:ekrY1tdkytVF MD5: 06106E5E611CF7B9ACD40CEA9A58B97D SHA1: FCFD21286EDAFCEA56FEF947A775A43B539E051F SHA-256: BCD7F82C414EC1F4FDF22CC7084E073D6B9C549F2C05C1CE73944611CB70769F SHA-512: 47700733A2421E2AFB3302B1CA79688BF14CD82E99EA1CD2C17CA6DB605EB9B41E8368A210AA98AD2FA92175C88CF706E2CC51754F6C54513D9B45FB374DA0A A Malicious: false Reputation: low Preview: ..

    301 Moved

    .The document has moved.here.....

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 477188 Entropy (8bit): 5.4187273836630325 Encrypted: false SSDEEP: 6144:BW8OfwjsL0W6FYEeiFzRNIHftOma4kbEamIia49AnbViWMXb9Mv:ofwja+yU49An5iWOq MD5: F88AD9FB085A6C0DC219E8AA282CE47B SHA1: 28D40D567859F99251BDC3337BAFA088224DA780 SHA-256: BA97504B136B447BEA2ECC59111BA5A63200D2662F92936D0F7C206492B989D8 SHA-512: 4D8BB69E749B6E3247DF1D4135A1FFCC73447FC8BC466E0F58F1071B4BA2D03E13399521600D678918E828452387BC35D7FE150C15C4F3DE92C23CAA0210A7DB Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/js/site/main.js?buildTime=1622755348 Preview: (function(e){var t=window["publishedWBJP"];window["publishedWBJP"]=function o(s,a){var l,u,c=0,d=[];for(;c

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main_style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 32819 Entropy (8bit): 4.956146667763194 Encrypted: false SSDEEP: 384:ljI0uB/tBqWrNHekJ08s1oi4fzTVnRABLBERRHMqQRdgAGCiTPFE/Iv:VuB/tEWI8sCzTtRousddgAGCiTPFE/e MD5: 8CE8DFF596E59E1F962C428AB5028DE6 SHA1: 5DB6EC015F5E1E997CF6D9E0176942963ABD22EC SHA-256: 7138302A26E7C1CB20300FE7EA12C104E5B93E22A642A5520B32AA344E735E85 SHA-512: 2E5D5FD0FD112A88815FE2FEDB0BBCD68B8B50393C9337EC99C177D2BE5A90CBAC9154D0516D64ED768AF478804CD256E9EF18D05190E102043B1645029EA7A 5 Malicious: false Reputation: low

    Copyright Joe Security LLC 2021 Page 28 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main_style[1].css IE Cache URL: https://securemailoffice365onlinefaxmessages.weebly.com/files/main_style.css?1622801939 Preview: ul, ol, li, h1, h2, h3, h4, h5, h6, pre, form, body, html, div.paragraph, blockquote, fieldset, input { margin: 0; padding: 0; }.ul, ol, li, h1, h2, h3, h4, h5, h6, pre, form, body, html, p, blockquote, fieldset, input { margin: 0; padding: 0; }. html { height: 100%; }. body { width: 100%; height: 100%; background: #ffffff; color: #3e3e3e; font-family: 'Quat trocento Sans', sans-serif; font-size: 16px; font-weight: 400; line-height: 25px; -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; }. a { color: # b9b9b9; text-decoration: none; -webkit-transition: all 300ms ease; -moz-transition: all 300ms ease; -ms-transition: all 300ms ease; -o-transition: all 300ms ease; transition: all 300ms ease; }. a:hover { color: #333333; }. a img, a:hover img { border: none; }. h2 { margin-bottom: 15px; color: #000000; font-family: 'Quattrocento', serif; font-size: 24px; font-weight: 700; line-height: 1.2em; }. div.paragraph, div.paragraph { margin-bottom: 10px; line-height: 1.5em; }

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sdk[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 228877 Entropy (8bit): 5.4530860144092514 Encrypted: false SSDEEP: 3072:7fvQQP9QIsK4EzHTAi/y0Nexeffmj+0EX:c+9QIsREzHL/y0N2effmEX MD5: 2ACBEB8D49D58955BB40D92D0D54E877 SHA1: FEAE72DB5F7FFE80A28A88D4E00050C164E669F6 SHA-256: C417EE896878716AB6E82B8AA9081C028A8D71E88820AE88800842BFB7F7AED4 SHA-512: 7008CEEE372D30D1BFF24F56641E2D9CB9204B2E242DD7CA102DFD2485908EC1FD0542B16A826A05A6858791FC31F9C346CE9DB40C81488D0A74D418757433E7 Malicious: false Reputation: low IE Cache URL: https://connect.facebook.net/en_US/sdk.js?hash=a9446a283e51222d49f9dc04a22c24ec Preview: /*1623066222,,JIT Construction: v1003915460,en_US*/../**. * Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. *. * You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. *. * As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTAB ILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\sites[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 214956 Entropy (8bit): 5.0535689910376265 Encrypted: false SSDEEP: 768:tEna6MVmtj++7bqoBtgmuHKBP/ksdB0UB5KUJ0GM5BUUQXE0Csoptr+pPPy7ki2B:tEnMVmtSSdBS5H5Vptr+prRG4w6xf MD5: 9B0CEA89EFE53D91D78D11FFD47932D9 SHA1: 4923AB33295645E85508386F7B6B884BA671C25A SHA-256: 004224D90390C7CD683C2B1911C8FF02DA3C2F1DD84DB133333F3D704ADB7355 SHA-512: 7C4A77D774D905F15BB3CBB1211849CED2F33992A77A246E20F7BC82AEA7B0CBA8AAC41C6D4F6BA67F0C38814404B227769F3BC637F6BA721598F72D6701A8D 6 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/css/sites.css?buildTime=1622755348 Preview: @keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}/*! Reflex v1.5.0 - https://github.com/leejordan/reflex */.grid{display:inline-block;display:-ms- flexbox;display:flex;*display:inline;zoom:1;-ms-flex-wrap:wrap;flex-wrap:wrap;padding:0;margin:0;position:relative;width:100%;max-width:100%;letter-spacing:-0.31em !important;*letter-spacing:normal !important;word-spacing:-0.43em !important;list-style-type:none}.grid:before,.grid:after{letter-spacing:normal;word-spacing:normal;white- space:normal;max-width:100%}.grid *:before,.grid *:after{letter-spacing:normal;word-spacing:normal;white-space:normal}.grid .grid{-ms-flex:1 1 auto;flex:1 1 auto}.grid * {box-sizing:border-box}.grid *:before,.grid *:after{box-sizing:border-box}[class*="grid__col-"]{display:inline-block;display:-ms-flexbox;display:flex;*display:inline;zoom:1;-ms- flex-direction:column;flex-direction:column;letter-spacing:normal;word-spacing:normal;white-space:normal;position:relative;width:100%;vertical-align:

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\snowday262[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 75006 Entropy (8bit): 5.625174285042866 Encrypted: false SSDEEP: 768:YdDFSZ8JdMS1xGPlopXbk+KQZPKOf/py7pFw7N5o9qmse9fLrJIWzAfap34VEzH0:6FSZYdMS1xGNopX5LP16FuvqT7bmVF MD5: 99BBE560926E583B8E99036251DEB783 SHA1: 8D81B73AE06F664F9D9E53DD5829A799BF434491 SHA-256: 648E766BF519673F9A90CC336CBECEDE80DCBE3419B43D36ECBB25D88F5584A3 SHA-512: EE24915AA5C1C7C1DD571C07EFE46DFC173CB69D2DADC4C32891CE320EEF4FE1CFB614D9C212F16BFE2C83B29C6EEAB6C5A43F8E32D475DA8081B1E2D3386 9B4

    Copyright Joe Security LLC 2021 Page 29 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\snowday262[1].js Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/js/wsnbn/snowday262.js Preview: (function e(b,g,d){function c(n,j){if(!g[n]){if(!b[n]){var i=typeof require=="function"&&require;if(!j&&i){return i(n,!0)}if(a){return a(n,!0)}var m=new Error("Cannot find module ' "+n+"'");throw m.code="MODULE_NOT_FOUND",m}var h=g[n]={exports:{}};b[n][0].call(h.exports,function(l){var o=b[n][1][l];return c(o?o:l)},h,h.exports,e,b,g,d)}return g[n].e xports}var a=typeof require=="function"&&require;for(var f=0;f

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\u-440qyriQwlOrhSvowK_l5-ciZK[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 35696, version 1.1 Category: downloaded Size (bytes): 35696 Entropy (8bit): 7.986011105874064 Encrypted: false SSDEEP: 768:2WjhRIJYG9geaIgC8Ur9qS24F3f9NhwRZ6PoxET1PqfEYZ4Zn+u/0:2yeJ33vgoDF3frh+k0EYZ4Znv0 MD5: 757EFB349637CD90764BE5A359ACFB05 SHA1: 704672DBC2EF0040E47402312F88D4022B965A2C SHA-256: 29787613DF0C91A5319324070310E4376B956CEB10EACCA23694EAE398902325 SHA-512: 808A171CD37B35FDD2F53FAC7DDDE3C8C9B7C9DC51E9C17529A34C5D67D73DAC42A4EBE32E3C00CEB430C28AAB1813221E7412AEBF83589CE7F34076056DC0 4B Malicious: false Reputation: low IE Cache URL: https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-ciZK.woff Preview: wOFF...... p...... d...... GDEF...... GPOS...... DvLuGSUB...4...... dW.O.OS/2...... Q...`U..Kcmap...t...... |"$.$cvt ...L...8.....~.lfpgm...... F...mA..|gasp...... glyf...... lt...t.ZT.head..{H...6...6.).7hhea..{...... $...}hmtx..{....G...... ?2loca..~...... *...maxp...... c.pname...... r:.Q.post...... Xprep...... Z.,.x...CV...E..3..v.l..0l 7... ^L\F.e....\.D...d.D$".$.b".b_J...... A..(c~.i?gb.%.._g....M.s...W..;...... ~.P..P..W.OV..S./P./R..U.oV'...... DFLT...... x.....a.D..m.6..m..X.Y.nl..b....>..].....$. sn.N.9.9.....O..-..2.....i..4.+....L/.S..d.).+Y:mi.....E.+..t.J..._.j..y...FpH...K>...QEk.=2(...(.dRB..Q...Z:[email protected](...('.K..tG9.<*i...... p<.yt.6M...... q....o\j\m.h.n.k

    C:\Users\user\AppData\Local\Temp\~DF46A705453BE6463E.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 50421 Entropy (8bit): 0.8804277541712638 Encrypted: false SSDEEP: 192:kBqoxKAuqR+RP98fD6rVVVkMx1ySsff7X4hz1ySsff7X4h+VY/:kBqoxKAuqR+RP98fDevu+uHG/ MD5: 62427816CAB0DEE0C9A37C94523E61A5 SHA1: 05EDE50CFF5BCCA9662C8C7D82D6E054F682B214 SHA-256: 279C3EB01A0AB092CE242F90FBC426E791CF08B46C884A9A7BA6C536D78DB73C SHA-512: 7260E617E6F4E1F0D1FF0560777FF375D43C260CFD3AFB113526BA059AF66A7681B625937677A8332BADF0D67D243F0291C45F8D709917416739A2E21666737B Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

    C:\Users\user\AppData\Local\Temp\~DFBEF89C537F6C9AD4.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 13029 Entropy (8bit): 0.4800867812197211 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lobSF9lobu9lWbU+qV+8lyqVK:kBqoIFzPhi50 MD5: 32832B1F6A0C60F8EA60035421150CCA SHA1: F96536C201FE392720DCAE66EECA509F2DFE351B SHA-256: D6C040E239619814E39F68593152EF9C29BFEFF014EF5A671A098F6617DD1821 SHA-512: 77C4D662CFA0AEFA691BF48A003F96D7C84C9BA6720FC568485F030EBB84554ABAD45A42DBB5BF408F568BA3707C1F42DB6B7C7EE27063A0F3B59670AE553B4 A Malicious: false Reputation: low

    Copyright Joe Security LLC 2021 Page 30 of 43 C:\Users\user\AppData\Local\Temp\~DFBEF89C537F6C9AD4.TMP Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

    C:\Users\user\AppData\Local\Temp\~DFD14176E9E0131039.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25441 Entropy (8bit): 0.2884865391776062 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAoas:kBqoxxJhHWSVSEabHs MD5: D028E8A9570322BFAFFDC8A9CCE6374C SHA1: 97605504641E83F453205EE6E949916C29EF2E0E SHA-256: E15B1E1E732878412ECD572CBF308E96AA35B31BF36876B1A2E96CCED59C85F8 SHA-512: 1415A038651DA1AD838911AEB5D1C15F572AF6A214334E73679CB982037CBF3DC1A50A3545A459B8F0F340F2B8A74A67900CDBC74F5E5C40D56775C58D2DABA6 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......

    C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25475 Entropy (8bit): 5.107054019913224 Encrypted: false SSDEEP: 384:A4Jfu/C+CxqnqeqYqaq9q5Cqrqqq/qTq0qRq/qrqUqHq8qlq9q6q7qYqc:QVnC MD5: 9719C1CC305FC697651AB1E996E5BB39 SHA1: 79B39123A7B55F98731B4200BA57F128494D5215 SHA-256: 78F106E1BAEFDAFB61E88E134022393339BDCD89D0E3C2ACE934784232FBB3D3 SHA-512: C543CD95A37155E0F3FD500AAC977325ECD04D4C1B9E4F775AF19E8732F8FF0F6BFA12203F735B24EA4F687CC4A9028ACEA88E65FA4CF3E85457A454C1619DF C Malicious: false Reputation: low Preview: .....(TCSO...... settings...... gain.@I......

    C:\Users\user\AppData\Roaming\Macromedia\Flash Player\openssl\cache\RevocationCacheFile.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 1024 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:: MD5: 0F343B0931126A20F133D67C2B018A3B SHA1: 60CACBF3D72E1E7834203DA608037B1BF83B40E8 SHA-256: 5F70BF18A086007016E948B04AED3B82103A36BEA41755B6CDDFAF10ACE3C6EF SHA-512: 8EFB4F73C5655351C444EB109230C556D39E2C7624E9C11ABC9E3FB4B9B9254218CC5085B454A9698D085CFA92198491F07A723BE4574ADC70617B73EB0B6461 Malicious: false Reputation: low Preview: ......

    Copyright Joe Security LLC 2021 Page 31 of 43 Static File Info

    No static file info

    Network Behavior

    Network Port Distribution

    TCP Packets

    UDP Packets

    DNS Queries

    Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jun 7, 2021 19:08:50.677251101 CEST 192.168.2.3 8.8.8.8 0xc87b Standard query efax-01.si A (IP address) IN (0x0001) (0) mplesite.com Jun 7, 2021 19:08:51.143515110 CEST 192.168.2.3 8.8.8.8 0x3cb0 Standard query css.simple A (IP address) IN (0x0001) (0) site.com Jun 7, 2021 19:08:51.152357101 CEST 192.168.2.3 8.8.8.8 0x82c0 Standard query www.simple A (IP address) IN (0x0001) (0) site.com Jun 7, 2021 19:08:51.173482895 CEST 192.168.2.3 8.8.8.8 0x77a0 Standard query cdn.simple A (IP address) IN (0x0001) (0) site.com Jun 7, 2021 19:08:54.942023039 CEST 192.168.2.3 8.8.8.8 0x17a4 Standard query connect.fa A (IP address) IN (0x0001) (0) cebook.net Jun 7, 2021 19:08:59.828167915 CEST 192.168.2.3 8.8.8.8 0x2640 Standard query fpdownload A (IP address) IN (0x0001) (0) .macromedia.com Jun 7, 2021 19:09:18.193039894 CEST 192.168.2.3 8.8.8.8 0xd050 Standard query efax-01.si A (IP address) IN (0x0001) (0) mplesite.com Jun 7, 2021 19:09:22.679124117 CEST 192.168.2.3 8.8.8.8 0xe03f Standard query securemail A (IP address) IN (0x0001) (0) office365o nlinefaxme ssages.wee bly.com Jun 7, 2021 19:09:23.363020897 CEST 192.168.2.3 8.8.8.8 0xe5e6 Standard query cdn2.editm A (IP address) IN (0x0001) (0) ysite.com Jun 7, 2021 19:09:24.819312096 CEST 192.168.2.3 8.8.8.8 0xbd9 Standard query ec.editmys A (IP address) IN (0x0001) (0) ite.com

    DNS Answers

    Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 7, 2021 8.8.8.8 192.168.2.3 0xc87b No error (0) efax-01.si 143.204.98.105 A (IP address) IN (0x0001) 19:08:50.733966112 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xc87b No error (0) efax-01.si 143.204.98.109 A (IP address) IN (0x0001) 19:08:50.733966112 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xc87b No error (0) efax-01.si 143.204.98.46 A (IP address) IN (0x0001) 19:08:50.733966112 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xc87b No error (0) efax-01.si 143.204.98.93 A (IP address) IN (0x0001) 19:08:50.733966112 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x3cb0 No error (0) css.simple 143.204.98.33 A (IP address) IN (0x0001) 19:08:51.189109087 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x3cb0 No error (0) css.simple 143.204.98.101 A (IP address) IN (0x0001) 19:08:51.189109087 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x3cb0 No error (0) css.simple 143.204.98.85 A (IP address) IN (0x0001) 19:08:51.189109087 site.com CEST

    Copyright Joe Security LLC 2021 Page 32 of 43 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 7, 2021 8.8.8.8 192.168.2.3 0x3cb0 No error (0) css.simple 143.204.98.2 A (IP address) IN (0x0001) 19:08:51.189109087 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x82c0 No error (0) www.simple 143.204.98.111 A (IP address) IN (0x0001) 19:08:51.198265076 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x82c0 No error (0) www.simple 143.204.98.116 A (IP address) IN (0x0001) 19:08:51.198265076 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x82c0 No error (0) www.simple 143.204.98.81 A (IP address) IN (0x0001) 19:08:51.198265076 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x82c0 No error (0) www.simple 143.204.98.34 A (IP address) IN (0x0001) 19:08:51.198265076 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x77a0 No error (0) cdn.simple 143.204.98.102 A (IP address) IN (0x0001) 19:08:51.219332933 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x77a0 No error (0) cdn.simple 143.204.98.25 A (IP address) IN (0x0001) 19:08:51.219332933 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x77a0 No error (0) cdn.simple 143.204.98.124 A (IP address) IN (0x0001) 19:08:51.219332933 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x77a0 No error (0) cdn.simple 143.204.98.15 A (IP address) IN (0x0001) 19:08:51.219332933 site.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x17a4 No error (0) connect.fa scontent.xx.fbcdn.net CNAME IN (0x0001) 19:08:54.986244917 cebook.net (Canonical CEST name) Jun 7, 2021 8.8.8.8 192.168.2.3 0x17a4 No error (0) scontent.x 31.13.92.14 A (IP address) IN (0x0001) 19:08:54.986244917 x.fbcdn.net CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0x2640 No error (0) fpdownload fpdownload.macromedia. CNAME IN (0x0001) 19:08:59.874095917 .macromedi com.edgekey.net (Canonical CEST a.com name) Jun 7, 2021 8.8.8.8 192.168.2.3 0xd050 No error (0) efax-01.si 143.204.98.105 A (IP address) IN (0x0001) 19:09:18.239700079 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xd050 No error (0) efax-01.si 143.204.98.93 A (IP address) IN (0x0001) 19:09:18.239700079 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xd050 No error (0) efax-01.si 143.204.98.109 A (IP address) IN (0x0001) 19:09:18.239700079 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xd050 No error (0) efax-01.si 143.204.98.46 A (IP address) IN (0x0001) 19:09:18.239700079 mplesite.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe03f No error (0) securemail pages- CNAME IN (0x0001) 19:09:22.724426985 office365o wildcard.weebly.com (Canonical CEST nlinefaxme name) ssages.wee bly.com Jun 7, 2021 8.8.8.8 192.168.2.3 0xe03f No error (0) pages-wild 199.34.228.54 A (IP address) IN (0x0001) 19:09:22.724426985 card.weebly.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe03f No error (0) pages-wild 199.34.228.53 A (IP address) IN (0x0001) 19:09:22.724426985 card.weebly.com CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe5e6 No error (0) cdn2.editm weebly.map.fastly.net CNAME IN (0x0001) 19:09:23.407758951 ysite.com (Canonical CEST name) Jun 7, 2021 8.8.8.8 192.168.2.3 0xe5e6 No error (0) weebly.map 151.101.1.46 A (IP address) IN (0x0001) 19:09:23.407758951 .fastly.net CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe5e6 No error (0) weebly.map 151.101.65.46 A (IP address) IN (0x0001) 19:09:23.407758951 .fastly.net CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe5e6 No error (0) weebly.map 151.101.129.46 A (IP address) IN (0x0001) 19:09:23.407758951 .fastly.net CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xe5e6 No error (0) weebly.map 151.101.193.46 A (IP address) IN (0x0001) 19:09:23.407758951 .fastly.net CEST Jun 7, 2021 8.8.8.8 192.168.2.3 0xbd9 No error (0) ec.editmys sp- CNAME IN (0x0001) 19:09:24.862330914 ite.com 202002141230115249000 (Canonical CEST 0000a-1069308460.us- name) west- 2.elb.amazonaws.com

    Copyright Joe Security LLC 2021 Page 33 of 43 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 7, 2021 8.8.8.8 192.168.2.3 0xbd9 No error (0) sp-2020021 44.241.96.221 A (IP address) IN (0x0001) 19:09:24.862330914 4123011524 CEST 90000000a- 1069308460.us- west-2 .elb.amazo naws.com Jun 7, 2021 8.8.8.8 192.168.2.3 0xbd9 No error (0) sp-2020021 52.43.249.183 A (IP address) IN (0x0001) 19:09:24.862330914 4123011524 CEST 90000000a- 1069308460.us- west-2 .elb.amazo naws.com

    HTTPS Packets

    Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 143.204.98.105 443 192.168.2.3 49717 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:50.842320919 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.105 443 192.168.2.3 49718 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:50.847790003 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025

    Copyright Joe Security LLC 2021 Page 34 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.33 443 192.168.2.3 49721 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.294555902 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.111 443 192.168.2.3 49724 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.301013947 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US

    Copyright Joe Security LLC 2021 Page 35 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.33 443 192.168.2.3 49723 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.302189112 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.33 443 192.168.2.3 49722 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.307894945 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

    Copyright Joe Security LLC 2021 Page 36 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 143.204.98.102 443 192.168.2.3 49726 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.318834066 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 143.204.98.102 443 192.168.2.3 49725 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.325061083 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

    Copyright Joe Security LLC 2021 Page 37 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 143.204.98.111 443 192.168.2.3 49720 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 9e10692f1b7f78228b2d4e 19:08:51.325272083 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 31.13.92.14 443 192.168.2.3 49736 CN=*.facebook.com, CN=DigiCert SHA2 High Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 19:08:55.077502966 O="Facebook, Inc.", Assurance Server CA, May 26 Aug 25 49195-49200- 424db3a98c CEST L=Menlo Park, OU=www.digicert.com, 02:00:00 01:59:59 49199-49188- ST=California, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert SHA2 High CN=DigiCert High 2021 2021 49191-49162- Assurance Server CA, Assurance EV Root CA, Tue Oct Sun Oct 49161-49172- OU=www.digicert.com, OU=www.digicert.com, 22 22 49171-157-156- O=DigiCert Inc, C=US O=DigiCert Inc, C=US 14:00:00 14:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028 Jun 7, 2021 31.13.92.14 443 192.168.2.3 49737 CN=*.facebook.com, CN=DigiCert SHA2 High Wed Wed 771,49196- 9e10692f1b7f78228b2d4e 19:08:55.079041958 O="Facebook, Inc.", Assurance Server CA, May 26 Aug 25 49195-49200- 424db3a98c CEST L=Menlo Park, OU=www.digicert.com, 02:00:00 01:59:59 49199-49188- ST=California, C=US O=DigiCert Inc, C=US CEST CEST 49187-49192- CN=DigiCert SHA2 High CN=DigiCert High 2021 2021 49191-49162- Assurance Server CA, Assurance EV Root CA, Tue Oct Sun Oct 49161-49172- OU=www.digicert.com, OU=www.digicert.com, 22 22 49171-157-156- O=DigiCert Inc, C=US O=DigiCert Inc, C=US 14:00:00 14:00:00 61-60-53-47- CEST CEST 10,0-10-11-13- 2013 2028 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 High CN=DigiCert High Tue Oct Sun Oct Assurance Server CA, Assurance EV Root CA, 22 22 OU=www.digicert.com, OU=www.digicert.com, 14:00:00 14:00:00 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CEST CEST 2013 2028

    Copyright Joe Security LLC 2021 Page 38 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 143.204.98.105 443 192.168.2.3 49754 CN=*.simplesite.com CN=Amazon, Fri May Mon Jun 771,49196- 37f463bf4616ecd445d4a1 19:09:18.360301971 CN=Amazon, OU=Server OU=Server CA 1B, 21 20 49195-49200- 937da06e19 CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 01:59:59 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2021 2022 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-23-65281,29- L=Scottsdale, Mon Thu Dec 23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 199.34.228.54 443 192.168.2.3 49759 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.115895033 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 199.34.228.54 443 192.168.2.3 49758 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.119317055 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 151.101.1.46 443 192.168.2.3 49764 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.507833004 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029

    Copyright Joe Security LLC 2021 Page 39 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 151.101.1.46 443 192.168.2.3 49769 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.508210897 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029 Jun 7, 2021 151.101.1.46 443 192.168.2.3 49768 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.508706093 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029 Jun 7, 2021 151.101.1.46 443 192.168.2.3 49765 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.508837938 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029 Jun 7, 2021 151.101.1.46 443 192.168.2.3 49767 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.508971930 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029 Jun 7, 2021 151.101.1.46 443 192.168.2.3 49766 CN=*.editmysite.com CN=GlobalSign Atlas R3 Tue May Sun Jun 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.509063959 CN=GlobalSign Atlas R3 DV TLS CA 2020, 11 12 49195-49200- 424db3a98c CEST DV TLS CA 2020, O=GlobalSign nv-sa, 01:04:12 01:04:11 49199-49188- O=GlobalSign nv-sa, C=BE C=BE CN=GlobalSign, CEST CEST 49187-49192- O=GlobalSign, 2021 2022 49191-49162- OU=GlobalSign Root Tue Jul Sun Mar 49161-49172- CA - R3 28 18 49171-157-156- 02:00:00 01:00:00 61-60-53-47- CEST CET 10,0-10-11-13- 2020 2029 35-16-23-24- 65281,29-23-24,0 CN=GlobalSign Atlas R3 CN=GlobalSign, Tue Jul Sun Mar DV TLS CA 2020, O=GlobalSign, 28 18 O=GlobalSign nv-sa, C=BE OU=GlobalSign Root 02:00:00 01:00:00 CA - R3 CEST CET 2020 2029

    Copyright Joe Security LLC 2021 Page 40 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 7, 2021 199.34.228.54 443 192.168.2.3 49762 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.803355932 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 199.34.228.54 443 192.168.2.3 49761 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.804945946 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 199.34.228.54 443 192.168.2.3 49763 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.805074930 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 199.34.228.54 443 192.168.2.3 49760 CN=*.weebly.com CN=RapidSSL RSA CA Fri Oct Thu Dec 771,49196- 9e10692f1b7f78228b2d4e 19:09:23.805206060 CN=RapidSSL RSA CA 2018, 04 02 49195-49200- 424db3a98c CEST 2018, OU=www.digicert.com, 02:00:00 13:00:00 49199-49188- OU=www.digicert.com, O=DigiCert Inc, C=US CEST CET 49187-49192- O=DigiCert Inc, C=US CN=DigiCert Global 2019 2021 49191-49162- Root CA, Mon Sat Nov 49161-49172- OU=www.digicert.com, Nov 06 06 49171-157-156- O=DigiCert Inc, C=US 13:23:33 13:23:33 61-60-53-47- CET CET 10,0-10-11-13- 2017 2027 35-16-23-24- 65281,29-23-24,0 CN=RapidSSL RSA CA CN=DigiCert Global Mon Sat Nov 2018, Root CA, Nov 06 06 OU=www.digicert.com, OU=www.digicert.com, 13:23:33 13:23:33 O=DigiCert Inc, C=US O=DigiCert Inc, C=US CET CET 2017 2027 Jun 7, 2021 44.241.96.221 443 192.168.2.3 49774 CN=ec.editmysite.com CN=Amazon, Wed Sat Oct 771,49196- 9e10692f1b7f78228b2d4e 19:09:25.433376074 CN=Amazon, OU=Server OU=Server CA 1B, Sep 09 09 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034

    Copyright Joe Security LLC 2021 Page 41 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034 Jun 7, 2021 44.241.96.221 443 192.168.2.3 49775 CN=ec.editmysite.com CN=Amazon, Wed Sat Oct 771,49196- 9e10692f1b7f78228b2d4e 19:09:25.526356936 CN=Amazon, OU=Server OU=Server CA 1B, Sep 09 09 49195-49200- 424db3a98c CEST CA 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49199-49188- CN=Amazon Root CA 1, CN=Amazon Root CA 1, CEST CEST 49187-49192- O=Amazon, C=US O=Amazon, C=US 2020 2021 49191-49162- CN=Starfield Services Root CN=Starfield Services Thu Oct Sun Oct 49161-49172- Certificate Authority - G2, Root Certificate 22 19 49171-157-156- O="Starfield Technologies, Authority - G2, 02:00:00 02:00:00 61-60-53-47- Inc.", L=Scottsdale, O="Starfield CEST CEST 10,0-10-11-13- ST=Arizona, C=US Technologies, Inc.", 2015 2025 35-16-23-24- L=Scottsdale, Mon Thu Dec 65281,29-23-24,0 ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification Authority, CEST CET O="Starfield 2015 2037 Technologies, Inc.", Wed Wed C=US Sep 02 Jun 28 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CN=Amazon Root CA 1, Thu Oct Sun Oct CA 1B, O=Amazon, C=US O=Amazon, C=US 22 19 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Services Mon Thu Dec O=Amazon, C=US Root Certificate May 25 31 Authority - G2, 14:00:00 02:00:00 O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Authority, Sep 02 Jun 28 O="Starfield Technologies, O="Starfield 02:00:00 19:39:16 Inc.", L=Scottsdale, Technologies, Inc.", CEST CEST ST=Arizona, C=US C=US 2009 2034

    Code Manipulations

    Statistics

    Behavior

    Click to jump to process

    System Behavior

    Copyright Joe Security LLC 2021 Page 42 of 43 Analysis Process: iexplore.exe PID: 2644 Parent PID: 792

    General

    Start time: 19:08:48 Start date: 07/06/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff7dabf0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

    File Activities Show Windows behavior

    Registry Activities Show Windows behavior

    Analysis Process: iexplore.exe PID: 4688 Parent PID: 2644

    General

    Start time: 19:08:49 Start date: 07/06/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2644 CREDAT:17410 /prefetch:2 Imagebase: 0x1350000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

    File Activities Show Windows behavior

    Registry Activities Show Windows behavior

    Disassembly

    Copyright Joe Security LLC Joe Sandbox Cloud Basic 32.0.0 Black Diamond

    Copyright Joe Security LLC 2021 Page 43 of 43