ID: 430572 Cookbook: browseurl.jbs Time: 16:38:56 Date: 07/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report https://www.weebly.com/app/help/us/en/topics/quick-answer-guide 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 5 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 17 No static file info 17 Network Behavior 17 Network Port Distribution 17 TCP Packets 17 UDP Packets 17 DNS Queries 17 DNS Answers 17 HTTPS Packets 18 Code Manipulations 20 Statistics 20 Behavior 20 System Behavior 20 Analysis Process: iexplore.exe PID: 3412 Parent PID: 792 20 General 20 File Activities 20 Registry Activities 20 Analysis Process: iexplore.exe PID: 4084 Parent PID: 3412 20 General 20 File Activities 21 Registry Activities 21 Disassembly 21

Copyright Joe Security LLC 2021 Page 2 of 21 Analysis Report https://www.weebly.com/app/help/us/en…/topics/quick-answer-guide

Overview

General Information Detection Signatures Classification

Sample URL: https://www.weebly.c No high impact signatures. om/app/help/us/en/topics/q uick-answer-guide Analysis ID: 430572 Infos:

Ransomware

Most interesting Screenshot: Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Process Tree

System is w10x64 iexplore.exe (PID: 3412 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4084 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3412 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Copyright Joe Security LLC 2021 Page 3 of 21 There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 430572 Process URL: https://www.weebly.com/app/... Signature Startdate: 07/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

www.weebly.com weebly.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 2 84 Is malicious

Internet started

iexplore.exe

3 49

weebly.com weebly.map.fastly.net

74.115.50.109, 443, 49702, 49703 151.101.1.46, 443, 49711, 49712 3 other IPs or domains WEEBLYUS FASTLYUS United States United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 4 of 21 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://www.weebly.com/app/help/us/en/topics/quick-answer-guide 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Copyright Joe Security LLC 2021 Page 5 of 21 Source Detection Scanner Label Link https://raw.githubusercontent.com/jashkenas/underscore/master/LICENSE 0% Avira URL Cloud safe https://orbit.weebly.net/cdn/releases 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe https://www.google.%/ads/ga-audiences 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://openjsf.org/ 0% URL Reputation safe https://webpack.js.org/guides/production/ 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation weebly.map.fastly.net 151.101.1.46 true false unknown weebly.com 74.115.50.109 true false high cdn.embedly.com unknown unknown false high www.weebly.com unknown unknown false high cdn2.editmysite.com unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://www.weebly.com/app/help/us/en/topics/quick-answer-guide false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 74.115.50.109 weebly.com United States 27647 WEEBLYUS false 151.101.1.46 weebly.map.fastly.net United States 54113 FASTLYUS false

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 430572 Start date: 07.06.2021 Start time: 16:38:56 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 29s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://www.weebly.com/app/help/us/en/topics/qui ck-answer-guide Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 18 Number of new started drivers analysed: 0 Copyright Joe Security LLC 2021 Page 6 of 21 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/30@4/2 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXQPHS0A\www.weebly[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13 Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aKb:JFKb MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FE D Copyright Joe Security LLC 2021 Page 7 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VXQPHS0A\www.weebly[1].xml

Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3B948A4-C7E9-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.856276539099741 Encrypted: false SSDEEP: 96:rsZvZL2UW9rst9ryqf9rN5PrM9rcH59rytb9rZUf9rq5O7X:rsZvZL2UW9ot9Pf95BM989a9Kf9OcX MD5: 9077360F74A221A8E8C8AB33C28584C7 SHA1: 49595D84C435F058E1D3ADA15B5BB8D5591DE4FB SHA-256: 62ECDE01E20072AB6CE90D7A38C6AC2DB3E9EBF4D01E895C422BE2CD2283F49C SHA-512: FD612AE92DFB9714892C70B8B9359FFCBB70399D87D69D3F32093F27FAC243587BAB2AEEE943B0C11D5D2E88CF230DD0487D10C43F3F373B694FF72C4F6B3959 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3B948A6-C7E9-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 24236 Entropy (8bit): 1.6429441134627194 Encrypted: false SSDEEP: 48:IwXGcpriGwpaaG4pQqGrapbSo2hGQpB6GHHpcciTGUp8mGzYpmn9yGopumd2llye:rdZKQa6cBSpjB2xWKMEP8ig MD5: 4F366308E8D90710898780836C42BA17 SHA1: 53C30F510DF66C7650F0B8AEA14EBDF77667FA6D SHA-256: 9D99615910980848297DBC73D5BBCCDD2D6A7E88C0AA94F548B0A6002CA4E60B SHA-512: A823312A7BC4A817EE4E63897B62662520F5A4B54FCC04F3A4E8FDD11C8121F876E88A78253B088345EAFFFA72132D493BDE1269552DBDADD83EE62BFEC6F20 2 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA181029-C7E9-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5634309728112448 Encrypted: false SSDEEP: 48:IwcGcprRGwpa0G4pQFGrapbSyGQpK8G7HpR9TGIpG:rAZLQE61BSaAXT7A MD5: 06E07AFFDB795CE9A41A4FBBAC12F80B SHA1: DEB3F2F0A8588D915EC7F531A2782E9E8EED50C7 SHA-256: 3E33868B1F8740969464D0056200B1E5B5243C76C146FC3A1E18FBB2918E8E28 SHA-512: 9BFB42F9A38951D1A0D9DAE0C12F8C816BF4D739E03B0A9C17291044DF82C5E3D5C60CF506B9F015B8A3BF9531561902C0F2BC4A42DAECCB1DC658209580F92 8 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

Copyright Joe Security LLC 2021 Page 8 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.100370289597539 Encrypted: false SSDEEP: 12:TMHdNMNxOEJP49PanWimI002EtM3MHdNMNxOEJP49PanWimI00ObVbkEtMb:2d6NxO+PKPaSZHKd6NxO+PKPaSZ76b MD5: 480A31AF64BEC804CFE4FCA41E4C7E2D SHA1: 0C88559C3C597BA658E26579A100720A582892B2 SHA-256: 5DE6422CF4F5BC208C87B2B4F461BF04CAADC713D3D7AE79C19A2A2EE0B469F3 SHA-512: 8A31BB7B2B4AF0574508FEF89A61117F26EF4722C3D92B58D3106BB39AFBBE061C7A7A6C34CBAE9EE49728F15C6A6EAA20297C8894304CC68BC1BE4CDD696B 29 Malicious: false Reputation: low Preview: ..0x7b14377e,0x01d75bf6< accdate>0x7b14377e,0x01d75bf6....0x7b14377e,0x01d75bf60 x7b14377e,0x01d75bf6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.076197508412425 Encrypted: false SSDEEP: 12:TMHdNMNxe2k1P4ZPanWimI002EtM3MHdNMNxe2k1P4ZPanWimI00Obkak6EtMb:2d6NxryPOPaSZHKd6NxryPOPaSZ7Aa7b MD5: 05D585D8238F66394BED15F12E63E334 SHA1: 5E20FBB6F00908275BEDE3A3CA1D6FD65EE12967 SHA-256: 7E0907DCA1A9AB8E7749EE0245539B504EF78576B8BEDD2CCABBD48BE14B133B SHA-512: 485F869D288FFEC9719D9BDBBDEB877AEAFCC9AD0E02DB8F641909E62EBAF5B8EDE76CE99610EDE8F42E4903730CA6EA88A0C20EDCCA517548AE86478DA89 B42 Malicious: false Reputation: low Preview: ..0x7afc5fea,0x01d75bf60x7afc5fea,0x01d75bf6....0x7afc5fea,0x01d75bf60x7 afc5fea,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 662 Entropy (8bit): 5.093737212404392 Encrypted: false SSDEEP: 12:TMHdNMNxvLzP4HPanWimI002EtM3MHdNMNxvLzP4HPanWimI00ObmZEtMb:2d6NxvnPYPaSZHKd6NxvnPYPaSZ7mb MD5: C09EADB009ACDE80C7A89C70E6E786B2 SHA1: 5353FBF5B0460FDB9AE931D8FDD059379070BC3B SHA-256: 261F49F09699E1CC28A29F9DE8FCF525D164519716357B2839E85EF13D3B36BC SHA-512: 2FB9109E8CAB9A889169AC7809E46FD6F8C202AEF4101E4CA36AB3C931DA1BD453D2836D661032EB32554F58C676829365643BF057D85B5B767C769B2E81E0A7 Malicious: false Reputation: low Preview: ..0x7b1b5e7e,0x01d75bf6 0x7b1b5e7e,0x01d75bf6....0x7b1b5e7e,0x01d75bf60x7b1b5e7e,0x01d75bf6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 647

Copyright Joe Security LLC 2021 Page 9 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Entropy (8bit): 5.116213212701335 Encrypted: false SSDEEP: 12:TMHdNMNxiJP49PanWimI002EtM3MHdNMNxiJP49PanWimI00Obd5EtMb:2d6NxMPKPaSZHKd6NxMPKPaSZ7Jjb MD5: 4250548788A604F7FFD5FE7679B534BA SHA1: E5746757D87B21063081E99BDEC88A6BDA9BE03A SHA-256: A140CB3C542D7BF9359F40DD02038A3A49756D1FFDDC6779C0394F0F92F0F8A6 SHA-512: 4149216D41EAE7E3AE3F1931097D4AC6DF072AE60D030ECC8F1CBD8E7B92981558421E17DD7425349BDB73774A2BF8C9C63FE0167B418D29EA627A555FE18C0F Malicious: false Reputation: low Preview: ..0x7b14377e,0x01d75bf60x7b14377e,0x01d75bf6....0x7b14377e,0x01d75bf60x7b143 77e,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.100594494497222 Encrypted: false SSDEEP: 12:TMHdNMNxhGwzP4HPanWimI002EtM3MHdNMNxhGwzP4HPanWimI00Ob8K075EtMb:2d6NxQYPYPaSZHKd6NxQYPYPaSZ7YKa/ MD5: A72A82EDCD3CFDF02FD7F483AD26BCC6 SHA1: 5E24CAA624AAF0B569CBCAAE7D173EF09C1E972D SHA-256: 2F2D4039B79C3DA54A09A4C9FAC55B66AA8996265E2EBB9BA955D78840722B6B SHA-512: C7077B27D3C5F64414A53D22B0580F097E9B42588B4D16BD1D2C8D753F4367C8C78A3529390F64D9F2FE37C7C2A738F1ADF09A5857FEFBA566A0C7826AFA287F Malicious: false Reputation: low Preview: ..0x7b1b5e7e,0x01d75bf6< accdate>0x7b1b5e7e,0x01d75bf6....0x7b1b5e7e,0x01d75bf60 x7b1b5e7e,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.103568798169422 Encrypted: false SSDEEP: 12:TMHdNMNx0nJP49PanWimI002EtM3MHdNMNx0nJP49PanWimI00ObxEtMb:2d6Nx0JPKPaSZHKd6Nx0JPKPaSZ7nb MD5: 55E030027F6FAE10712212220415E507 SHA1: 710E0042705BB424C14C8D7AFC1087299C89A29F SHA-256: BA476F31426C7B8EC67A857DCE37F71F2C7D78012465C7C9935143720ED1D4D3 SHA-512: 914680C974B08F4D164716F3C6E9E70F7B0DF4A3FB7059A76282D20BF11465B2007FCEFFC0F2FE927695437A1530446156B3BBEF52E97028B277455A555A1334 Malicious: false Reputation: low Preview: ..0x7b14377e,0x01d75bf60x7b14377e,0x01d75bf6....0x7b14377e,0x01d75bf60x7 b14377e,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.140793990868235 Encrypted: false SSDEEP: 12:TMHdNMNxxJP49PanWimI002EtM3MHdNMNxxJP49PanWimI00Ob6Kq5EtMb:2d6NxzPKPaSZHKd6NxzPKPaSZ7ob MD5: 1EC9EF09598675A25E86BDCD55B6B67D SHA1: 868A120637115724B7E32B2CFBCFB4A5037B691F SHA-256: 348DEC676C87066794968820322954A1DBB32BCA5D14FD5FE607512FFDE1998E Copyright Joe Security LLC 2021 Page 10 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml SHA-512: 0370E8E4172B8816D7D4D382ED48A2AC0284A091F0FAE5794EAB6F0892E3FB1E79EC9DFAADB99A2C2D5F94B43277320EADC6411D254B7B5383A6E629E48C24C 3 Malicious: false Reputation: low Preview: ..0x7b14377e,0x01d75bf6< accdate>0x7b14377e,0x01d75bf6....0x7b14377e,0x01d75bf60 x7b14377e,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.067903362449514 Encrypted: false SSDEEP: 12:TMHdNMNxc1P4ZPanWimI002EtM3MHdNMNxc1P4ZPanWimI00ObVEtMb:2d6NxqPOPaSZHKd6NxqPOPaSZ7Db MD5: 2918CAE6CBC5D320B7D408E7E35E75F6 SHA1: CF8A8A4234BECD8298CA8FF97AF7D8139A5BC3EC SHA-256: 79F6809043CF969EA8664B48048159FEB6AFB033F22099E4453C9DEC6943472D SHA-512: FB1408A309B9A37237B8DF25910E6CE69850558B0D92C8BC86F72470B76F7DBAC79194F8DB07C672E048FC6B12465D80690BB027D0A19994792CADCE4687B810 Malicious: false Reputation: low Preview: ..0x7afc5fea,0x01d75bf6 0x7afc5fea,0x01d75bf6....0x7afc5fea,0x01d75bf60x7afc5fea,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.101830014361333 Encrypted: false SSDEEP: 12:TMHdNMNxfnJP49PanWimI002EtM3MHdNMNxfnJP49PanWimI00Obe5EtMb:2d6NxhPKPaSZHKd6NxhPKPaSZ7ijb MD5: D04482E9236022CEE1CBB8CD87B74C4C SHA1: FA1E0FFDFB468F1928559F34E647AF5E2CB4600B SHA-256: DD984084F913B70B47835F113395F9DFAEEDA5046C0D5782FB7BB74018D505D2 SHA-512: 68BAD318DCAAA0E74535A502E8232762ECD769896686AF33AE84CC9C97B8A44FCB8A13B588B592A4D5ED73EE442C27687B55C758A8B12BE386F8F9E5ABC8F1 AD Malicious: false Reputation: low Preview: ..0x7b14377e,0x01d75bf60x7b14377e,0x01d75bf6....0x7b14377e,0x01d75bf60x7 b14377e,0x01d75bf6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: modified Size (bytes): 4410 Entropy (8bit): 4.2306756151124 Encrypted: false SSDEEP: 48:wcPDoH8yAXQ8K5UvCUbpXtlhMVDBilhB7IODnNcynEJPMHErU8ACbtRKO7nheN:hDlyAXQ8yUdduBiloycKeRg8xbtsO8 MD5: BCE361DFDEB40E815F0004D7C53CEB1E SHA1: 7956B01D33F7D7035E8B905723FA0BBDCF9D7D80 SHA-256: 5D10A257E0ECEBD594E7B21AACFF788C82780C5B6AE7995A67424A5E4F9276EC SHA-512: 7F01AAEEC54C556AA3ADABFB71805A4292F3142E124C7070BCAABFA285034947CA3F6BCBFA3E27CF2EA98FADCE03A5FAA40BB02F3EE5017D87500DDF8F728 D78 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 11 of 21 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Preview: +.h.t.t.p.s.:././.w.w.w...w.e.e.b.l.y...c.o.m./.a.p.p./.h.e.l.p./.f.a.v.i.c.o.n...i.c.o...... (...... @...... D;3.C;4.D;3.D<3.D<3.D<6.A2".Pc...... M> 5.....E;4.D;3.D;3.D<3.F<5.E<4...... F?4.ID5.D<37C;3.C;2.C;2.C;2.C;3.D<3LE=3.E=2.D<3.D=3.C<2QC;2.C;2.C;2.C;2.D;3.D;46JB;.G>6...... E;4.H<5.D;3]C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2.G<3.G<4.D<3.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3[C=7.C<4...... H<7.B;1.D<3CC;2.C;2.C;2. C;2.C;2.C;2.C;2.C;2.C;2.D<2nD<3sC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3@B:3.HA2...... D<3.E<4.C;2.C;2.C;2.C;2.D<2.C;2bD<3pC<2.C;2.C;2.C;2.C;2. C;2.C;2.C;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\orbit-ui.c41c67aa[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 text, with very long lines, with no line terminators Category: downloaded Size (bytes): 595845 Entropy (8bit): 5.448218797128629 Encrypted: false SSDEEP: 6144:hq9ewFzeDbSNq9ewFHrf/7/ush22iWjlMS6WwEt:hq9ewFzeDbAq9ewFHrf/rusTRMS1xt MD5: 26BB1F16E1CCCD44D0C1C690D448687B SHA1: E58F2539C434557E22EEC18A2F59CDF336C72086 SHA-256: DDCF9085E176BFE070E2FE9D229692D85C09054A1BBA9BDB5C2138388C76CF36 SHA-512: C5AA9C6445DF7212A9D9533C2DFF587302C0D42429A796395233D1C96FC072846583E0164E668626DADC1992A02378516882F9254A1ED1EA3479B3854EC2A780 Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/app/help/assets/js/orbit-ui.c41c67aa.js Preview: (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["orbit-ui"],{"0190":function(t,e,n){!function(e,r){t.exports=r(n("5c96"),n("ff87"),n("3312"),n("5e3a"))}("undef ined"!=typeof self&&self,function(t,e,n,r){return function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i. l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?fu nction(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="/",n(n.s=777)}({0:function(t,e,n){"u se strict";e.a=function(t,e,n,r,i,o,s,a){var u,c="function"==typeof t?t.options:t;if(e&&(c.render=e,c.staticRenderFns=n,c._compiled=!0),r&&(c.functional=!0),o&&(c._scopeI d="data-v-"+o),s?(u=function(t){(t=t||this.$vnode&&this.$vnode.ssrContext||this.parent&&this.parent.$vnode&&this.parent.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sqmarket-medium-italic[1].woff

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 43328, version 1.0 Category: downloaded Size (bytes): 43328 Entropy (8bit): 7.9900583711243245 Encrypted: true SSDEEP: 768:HVzh4gmRMtyI/xgn8E6uToaLhvEof5dGlpQdUBcR9ApWdfUSK8+ci2WS:HVzh4gmKty46twsMoLGlbe9qWd+IWS MD5: 1CB7C958D80B54743F57F90D26B9B5B5 SHA1: 04932A5D6D3E78B8FBA2F08FF53FA402B7F588F3 SHA-256: 2720B29DD50D4090DE5BBB49F9A7C54236BCDD1BF3DE326664E808CADDAF4AC8 SHA-512: FA1D570A7BAB504A0DAFF7CC48BC6D2F7C4EA57559AB51BECE709B411580B47C74EE5767F8F41FE5341EC9EA6FB776D0543DAE7BECB36D877B7A1F1B002535 79 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/fonts/SQ_Market/sqmarket-medium-italic.woff Preview: wOFF...... @...... O...... FFTM...... n..GDEF...... K...Z...yGPOS...... &&..K.....GSUB..(8...... OS/2..-....X...`.~+.cmap..-d...... 6...Jcvt ..0T...... 5..fpgm..0p ...... s.Y.7gasp..1t...... glyf..1|..e...... 1Ehead...P...3...6..p.hhea...... !...$....hmtx...... ;....N_).loca...... y)E4maxp...... name...... c..post...... 2.....w..prep...... k....(.. .webf...8...... T...... W...... P...... :x...A..0.D.....y.[.s).D.hq.(.....I.M.h...... l/Z.Y.H.dv...'.}S...... p.x...x.E...#{'...HBB...... Y...... 9.g.y.x..{.{]..r...q..8....D...8 ....&+.tg..;.3u.U.%. .}....S..W.V.....t.C.a.w.....U..7.,F..Y...... ].....\...... +..B.3....V-D.....(.DZ..RR,...... ~...`c?_\..%`u.+q..{3n].{q;.v...s.U.].k.....$.....O....mBV...?..&.N.%.N,N...\.;.MI...L:.T.\.|_...o'.M>..r _...... wKSJ..N.Ki.e.&...... }b...Z.z{jI...... E..KS.aD...... d...... }.e.g.W.S...... i..F.s.E/...mk..SH[..v...X.._.^..B..^8.r_.|..4.{.....w..={<..R

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sqmarket-medium[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 41400, version 1.0 Category: downloaded Size (bytes): 41400 Entropy (8bit): 7.987786743859343 Encrypted: false SSDEEP: 768:m7pa+BU8NwS6bOC+doenRUulo72fxBXi5I2TS/rwfTlt5saZWP:m7pJxNwSG/+dvhlo6y5I2TarwfTr5sQ8 MD5: ADE801C572E692ED6ABE4213896ECCC8 SHA1: 82A61609A657857D3A2B2A4E12D7DB9546221F22 SHA-256: F321DF4AF5EA5D9AD9D0840C3F6B332567584620EFEDD1FADE186123ABC7479E SHA-512: C909842FB4005EC6374563C0F96E39ED77DC4FA20D50A8BBAE08106DFE7B8DA9E9E50D28899A16E7F01F01B924B4E6B3B5139A6013908BC35D1D075E73BC3FD C Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/fonts/SQ_Market/sqmarket-medium.woff Copyright Joe Security LLC 2021 Page 12 of 21 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sqmarket-medium[1].woff Preview: wOFF...... I...... FFTM...... n.a]GDEF...... K...Z...yGPOS...... $...HL.4..GSUB..&...... OS/2..+l...Y...`.~+Scmap..+...... 6...Jcvt ...... 7..fpgm...... s. Y.7gasp../...... glyf../...`=...t~} .head...... 1...6..p.hhea...T...!...$. .'hmtx...x...... P.F.loca...\...... g.maxp...4...... 5name...T...... \...post...... 2.....w..prep...H...h...."...webf...... T...... 0...... 9x...A..0.D.....y.[.s).D.hq.(.....I.M.h...... l/Z.Y.H.dv...'.}S...... p.x...tT.y..]..hA..d....1..c0`..1..P.1.../.O...q...)....%..p..v.1..c...... 2.F...a...3..FW.(...}.j. LOS...33.]...,.E.....@..._mz.E..$...}.PLzd...~..U.^....~z.J~.aYB....[/..".N$.8d.pe>w_...... wB./...@m|n.d.'...... ?..H...P.2.....^M8.P.89...&..:..H.+_%-Mz=.,Y$OK~:....).).'e[jB.. .S...I.:..s..;J..yU.0.e...3iO.=..-...... |....'...N..;=.y...... ?v.].j...... -./.3{...:..WQ.J/...t=...O..q>...u.Dz.k\...... V....)q.c..|.Q:....m....G..'.3i..H....Ic]..^.IK...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sqmarket-regular-italic[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 40132, version 1.0 Category: downloaded Size (bytes): 40132 Entropy (8bit): 7.989113001340109 Encrypted: false SSDEEP: 768:0FP86JkyVTk3pHn3rGF83hTPZyA6/sB7OomqEe5IInb3StDWw:QBJd63pHbhADW7O+F5IM3StDWw MD5: 0D9D4A8348A0A253CC4ACA39F64124FA SHA1: 3ED0D32D4AE327A6E3B33EFE71B48D8F300CB868 SHA-256: 7A3517E9D2B2E543A22B28B53E9769B4B3FFB1D512EE98C64B2F46C9A1CF5FDA SHA-512: F7B051DA32A60DD0CA0EC87B54A791C0F3727D36BED813D129FAED6A4E11135225D8396C466664DE14B53DE949BFC312A4C06D78F568FF2EC3D5279A616F3A4 3 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/fonts/SQ_Market/sqmarket-regular-italic.woff Preview: wOFF...... ;...... FFTM...... n.}pGDEF...... K...Z...yGPOS...... R..6v.5..GSUB...d...... OS/2.. 8...X...`..*.cmap...... 6...Jcvt ..#...... fpgm..#...... s. Y.7gasp..$...... glyf..$...f.....o..Vhead...... 2...6..o^hhea...... !...$....hmtx...... -....:.=.loca...D...... maxp...... name...@...... f?..post...... 2.....w..prep...L...o.....R t.webf...... iT...... x...A..0.D.....y.[.s).D.hq.(.....I.M.h...... l/Z.Y.H.dv...'.}S...... p.x...t....7.d&....d.D..(j...... U@...... w..vAE...... r.J..dQ.X....(.B.dL..B .$..gB...s.. '.$`...... v.D....r.I...... 'c$c..kG.kJo....f.]z.-|.^z3."Z...... I.I..A=..s.%...P#.0..is....-N[.6.....=..|.8.$O..?...... S..T..I..^..P.b.*}}...K2.f.4.<.1sV...3wd...... W{o....z.g....5|...z...}c}...... {.Y..[|[}.=...U.-Q.}.|Q..*^...... &..S....g...=.3w.dM..Y.....Y...<.^_o...^.....MY;...u".#+'}.w....}..B..J.C..IXN..S.Wy...5}.wM.l7..^}J..[...F.I.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sqmarket-regular[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 39020, version 1.0 Category: downloaded Size (bytes): 39020 Entropy (8bit): 7.988657817383604 Encrypted: false SSDEEP: 768:5uZLul995n/3nscMN6dR6x4eFBJkEJoDH+nrMvw6fYWrqK:B399kcUmR6x4CBJkZL+rMI2YWZ MD5: 6D82EADA1D3AF65A01D7A535B15ED1CC SHA1: B473E899CDE33D7F903C754729EE41B46229A1E7 SHA-256: 5E094FC97EE2575583299CC73A332E742C43A80E5FEFEB3579FE3C5108C535F7 SHA-512: 44263C1DA01EEA7036A8E13B3C7F6CCF295A62434E1B1C7BF37007D8CDEDA7030712281F78082EFF6E17EAB857E7B0DBF30679AA5E2D40AF1254804A0CCDAD7 4 Malicious: false Reputation: low IE Cache URL: https://cdn2.editmysite.com/fonts/SQ_Market/sqmarket-regular.woff Preview: wOFF...... l...... ;...... FFTM...... n.h.GDEF...... K...Z...yGPOS...... R..4.e..GSUB...d...... OS/2...8...Y...`..+>cmap...... 6...Jcvt .."...... fpgm.."...... s.Y .7gasp..#...... glyf..#...c&...l.I..head...... 0...6..o^hhea...... !...$.%.-hmtx...(...... <.X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 49153 Entropy (8bit): 5.520906949461031 Encrypted: false SSDEEP: 768:/yR3fYFBLbfs5sP5XqY3TyPnHpl1WY3SoavFVv6PU+CgYUD0lgEw0stZM:/y9gZfl5h3UHpaY3SoRCw0sk MD5: 6DF1787C4BE82D1BB24F8BFFA10C7738 SHA1: 3634E839429E462E49C5F42B75FBFB4BA318AF6D SHA-256: 2CB09C7B3E19BFC41743CA3624EF81C3258D56525647FEAC76AA757E0292627A SHA-512: CB3CE2BCEB61F390298C21E470423CCEB6DD93E648A7DD0467195B11FEF30BF7A086DFF47C4494E2533498D1448C1A22AAB1414C14FD73278F1C92E0F7BC3F9 4 Malicious: false Reputation: low IE Cache URL: https://www.google-analytics.com/analytics.js

Copyright Joe Security LLC 2021 Page 13 of 21 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefin ed"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q= {},r=function(){q.TAGGING=q.TAGGING||[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a. hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListene r(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel Category: downloaded Size (bytes): 4286 Entropy (8bit): 4.191445610755576 Encrypted: false SSDEEP: 48:9DoH8yAXQ8K5UvCUbpXtlhMVDBilhB7IODnNcynEJPMHErU8ACbtRKO7nhe+:9DlyAXQ8yUdduBiloycKeRg8xbtsO7 MD5: 4D27526198AC873CCEC96935198E0FB9 SHA1: B98D8B73AD6A0F7477C3397561B4AAB37BF262AA SHA-256: 40A2146151863BCF46C786D596E81A308D1B0D26D74635BE441E92656F29B1B4 SHA-512: 1EE4B73F4DA9C2B237CD0B820FFAD8E192D9125CE7D75D8A45A8B9642CE5FE85736646CAF12D246A77364C576751C47919997D066587F17575442A9B9F7CC97F Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/app/help/favicon.ico Preview: ...... (...... @...... D;3.C;4.D;3.D<3.D<3.D<6.A2".Pc...... M>5.....E;4.D;3.D;3.D<3.F<5.E<4...... F?4.ID5.D<37C; 3.C;2.C;2.C;2.C;3.D<3LE=3.E=2.D<3.D=3.C<2QC;2.C;2.C;2.C;2.D;3.D;46JB;.G>6...... E;4.H<5.D;3]C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2.G<3.G< 4.D<3.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3[C=7.C<4...... H<7.B;1.D<3CC;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<2nD<3sC;2.C;2.C;2.C;2.C;2.C;2.C;2.C; 2.C;2.D<3@B:3.HA2...... D<3.E<4.C;2.C;2.C;2.C;2.D<2.C;2bD<3pC<2.C;2.C;2.C;2.C;2.C;2.C;2.C;2.D<3lD<3^D;2.C;2.C;2.C;2.C;2.E<3.D<3...... C;2.D<3FC;2.C;2.C;2.D;2.F=3.E=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\help-center.ec2c15a0[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 105393 Entropy (8bit): 5.585629198308768 Encrypted: false SSDEEP: 768:ryfO8dOb7LTdIp8yBBWIkT7wynspLI+X6z3tTNIG9fL1sxizyXIX02:ydFh0wXaiizyXL2 MD5: ECCDA2CE0EEAC2EA70FB48DCB3F1C62C SHA1: 7C7F30546EAECFE40FDCD966A9A8CE4C4F03DABC SHA-256: 9566064EAC428B5623F79F0B02B69749C29D05636AD62E450BC6AECB0A833A09 SHA-512: 57499E4E8238C711850AE2C165749A27FD6F96D3A07DF1D13E2DFB268186AD3A824BBB4EE07C063F9C54B96A266714FCF33341CB63301568BB06A706E070DE04 Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/app/help/assets/css/help-center.ec2c15a0.css Preview: .SearchContainer__ZIsTL{max-width:640px;width:100%;display:grid;grid-auto-flow:column;grid-gap:8px;grid-template-columns:1fr auto;margin:0 auto}.SearchBtn__3aoJ k{display:none}@media (min-width:900px){.SearchBtn__3aoJk{display:inherit}}.InvisibleOption__1tBCT{height:0;display:none}.SearchContainer__jD49w{max-width:640px ;width:100%;display:grid;grid-auto-flow:column;grid-gap:8px;grid-template-columns:1fr auto;margin:0 auto}.SearchBtn__3Ya-5{display:none}@media (min-width:900px) {.SearchBtn__3Ya-5{display:inherit}}.SearchResult__1UdBT{margin-bottom:32px}.Link__1qp0b:link,.Link__1qp0b:visited{color:#3374ff;text-decoration:none}.Link__1qp 0b:-webkit-any-link{color:#3374ff;text-decoration:none}.Link__1qp0b:any-link{color:#3374ff;text-decoration:none}.ContentBody__2bdGi{font-size:16px;line-height:2 8px;margin:0}.FeedbackRow__yWOVZ{display:flex;align-items:center;margin:16px 0 32px}.FeedbackRow__yWOVZ>*{margin-right:8px}.FeedbackIcon__3Y3Rf{color: #adb1b5}.FeedbackText__3HtwD{font-size:12px;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-vendors.14c220f4[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: exported SGML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 600764 Entropy (8bit): 5.578844129775073 Encrypted: false SSDEEP: 6144:B89pcr9bMDqD55wk5j0TtTz7HQOps/3bzfbITAUPtnYOwrg4+l+QIc:a7WDESgTptJYO4gKc MD5: 3F770BD2E6CAF78078F1F7DBD8FD5F8E SHA1: 896C8F24EEE0C392584518E57E78EBDE7571E0D8 SHA-256: CA93726A86AA5D8C5293FC412ED9889817D19233EEC55E790F9075052CB383FD SHA-512: 56B1E1DCE361FB2EC10651C87FB9DF4DD38AEB8796B783CF02DE42412FF355BD9B9D847778C31ACB28607C7ABA018196BFBFD572ABB9D082C3128A17AE067F DA Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 14 of 21 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-vendors.14c220f4[1].js IE Cache URL: https://www.weebly.com/app/help/assets/js/chunk-vendors.14c220f4.js Preview: (window["webpackJsonp"]=window["webpackJsonp"]||[]).push([["chunk-vendors"],{"0a06":function(t,e,n){"use strict";var r=n("c532"),i=n("30b5"),o=n("f6b4"),a=n("52 70"),d=n("4a7b");function u(t){this.defaults=t,this.interceptors={request:new o,response:new o}}u.prototype.request=function(t){"string"===typeof t?(t=arguments[1]||{},t. url=arguments[0]):t=t||{},t=d(this.defaults,t),t.method=t.method?t.method.toLowerCase():"get";var e=[a,void 0],n=Promise.resolve(t);this.interceptors.request.forEach(func tion(t){e.unshift(t.fulfilled,t.rejected)}),this.interceptors.response.forEach(function(t){e.push(t.fulfilled,t.rejected)});while(e.length)n=n.then(e.shift(),e.shift());return n},u .prototype.getUri=function(t){return t=d(this.defaults,t),i(t.url,t.params,t.paramsSerializer).replace(/^\?/,"")},r.forEach(["delete","get","head","options"],function(t){u.prototyp e[t]=function(e,n){return this.request(r.merge(n||{},{method:t,url:e}))}}),r.forEach(["post","put","patch"],function(t){u.prototype[t]=funct

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\help-center.2af59f5d[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 243540 Entropy (8bit): 5.504573220569791 Encrypted: false SSDEEP: 3072:v0wKerOdC946QMOgrolxQbob91ZfCKJQ78xLh9:vXn4C946QMOgrolxSq35h9 MD5: DC0BAFB53BC83CC92625E61748A43AE8 SHA1: F23CF137EF7EF591949EE8C6921F97899EAA3E5F SHA-256: 9823E8C52DAFD4FB8CA602AAC3B16C257FBB69B94E91D7291671FAFA81204A72 SHA-512: FFFE649D3E486853E6DB60076DEDDDF3A542C8CE540AC8D3FF493F5B09F78F88168910896E14D41F275082327AA50D060F534A653F0585B0F22E04496F9290E4 Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/app/help/assets/js/help-center.2af59f5d.js Preview: (function(e){function t(t){for(var r,c,i=t[0],s=t[1],l=t[2],p=0,f=[];p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gdprscript[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 16339 Entropy (8bit): 5.373443822739607 Encrypted: false SSDEEP: 384:FUx7+weXslZZE7fn63M/kD+qOky1OPCgLL0XWZ23wiqdLmzxxVpOHHVk:Gx7A7ic/kq71oC00mQqdLmzxxVpGi MD5: 3B228E455BEA3555505CAD0C524AD976 SHA1: 74805BD19BE2949DD058A8B4E4F15D140849666C SHA-256: 5445A7AEA20584E6C4E47738F141D3AB9F9165D5AEB570A9A8A8C0DD04F3D17A SHA-512: 13A7DEE32D0D0A959CA126C6457324290189B3F4ED08ABF5FA6D5BE6FF2921DFAD6D1FFAD143A74974A07F144DF6881C26B9BAB7B1E0CEF97C9CA2296532C3 E8 Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/gdpr/gdprscript.js?v=v0.1&stealth=false Preview: // Script created for GDPR Compliance. Source code located: weebly/kings-banner..window.w_gdpr = {"whitelist":["__cfduid","__cflb","__paypal_storage__","_csrf", "_redirectLocation","chamber_ses_id","chamber-xsrf","cmsapi_session","ConvenienceStore","editor_session","encore_session","fulfillment-selection","gdpr_hide_unt il","guides_session","guides-xsrf","ipar_allowedIP","ipar_iparcelSession","ipar_sess_id","ipar_WelcomMatEngaged","ipar_WelcomMatShown","laravel_session","LiSESS IONID","LithiumUserInfo","LithiumUserSecure","loggedIn","loggedout","M","oauth_login","oauth_signup","order-online:buyer-location-info","order-online:dine-in","order-onli ne:order_notes","order-online:selected-location","OrderId","promo","referral_token","SelectedSiteId","site_session","square_sync_session","square-sync-csrf","sq uaresync_session","sto-id-billing","sto-id-editor","sto-id-pages","sto-id-springboard-home","sto-id-springboard-insights","sto-id-springboard-squaresync","sto-id-trumpet" ,"sto-id-web.prod-c3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\platform[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: C source, ASCII text, with very long lines Category: downloaded Size (bytes): 70488 Entropy (8bit): 5.27767241132901 Encrypted: false SSDEEP: 1536:FNDPHdpHosMk6khVMxj9IpaktOf0RV7X5hgsHjJJHEHRd9OGJqqBlEfx89u+lpTO:FNPHdpHpMchVMxj5f0RV7X5hgsHjJJHz MD5: 1515208CF0F82E612ECF50BD9E1C1A3E SHA1: C56AA75C5E9A1613A6F40E25648733E69503B27D SHA-256: 53C5ED98422E6540E595C4AB165B0BF25FA166BD8C588564101C84822D410492 SHA-512: 073F1C10B39D2EEA10353337BCB1631056AC430776037941B9724F0729080EB27EC3CA5052F6876E9C2658E87DAFCA518333878EC6235DF20C030104EE927959 Malicious: false

Copyright Joe Security LLC 2021 Page 15 of 21 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\platform[1].js Reputation: low IE Cache URL: https://cdn.embedly.com/widgets/platform.js Preview: /*. * @overview underscore - JavaScript's utility _ belt. * @copyright Copyright (c) 2009-2016 Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors. * @license Licensed under MIT license. * See https://raw.githubusercontent.com/jashkenas/underscore/master/LICENSE. * @version 1.8.0. */ !function(){var a=function b(c,d,e){function f(h,i){if(!d[h]){if(!c[h]){var j="function"==typeof a&&a;if(!i&&j)return j(h,!0);if(g)return g(h,!0);var k=new Error("Cannot find module '"+h+"'");throw k.code="MODULE_NOT_FOUND",k}var l=d[h]={exports:{}};c[h][0].call(l.exports,function(a){var b=c[h][1][a];return f(b?b:a)},l,l.exports,b,c,d,e)}return d[h].exports}for(var g="function"==typeof a&&a,h=0;h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\quick-answer-guide[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 137344 Entropy (8bit): 5.34306316619628 Encrypted: false SSDEEP: 3072:q03RD1pQezMj6FYtgLts4/X6/jhCbj2d8hvCndOcOs7pR5b48HE3hjly:utmK84ndOcbP148k3O MD5: 134E4D36F9B06848A12E90A604FF1033 SHA1: 2486D7B09516E63EECA9DD5FFC80D90D77E1E072 SHA-256: 8FB4647939C78F15B14DA463E9FCDCFCEDA39581FF6B681C93F2C53A31AD2BF8 SHA-512: 42F62F684E1029EEBA78A5561552F56E493E67094F12E2817BFE786565262199F7E0BCE9FBCA6B8CC13F73505AB9B20F6A8F258D9489592E897A149D89D55275 Malicious: false Reputation: low IE Cache URL: https://www.weebly.com/app/help/us/en/topics/quick-answer-guide Preview: Quick Answer Guide | Weebly Support - US.