ID: 221959 Cookbook: browseurl.jbs Time: 01:40:49 Date: 12/04/2020 Version: 28.0.0 Lapis Lazuli Table of Contents

Table of Contents 2 Analysis Report https://secure.squarespace.com/checkout? cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_PLmffJMU 4 Overview 4 General Information 4 Detection 4 Confidence 5 Classification Spiderchart 5 Analysis Advice 6 Mitre Att&ck Matrix 6 Signature Overview 7 Phishing: 7 Networking: 7 System Summary: 7 Malware Configuration 7 Behavior Graph 8 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Sigma Overview 9 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 JA3 Fingerprints 10 Dropped Files 10 Screenshots 10 Thumbnails 10 Startup 11 Created / dropped Files 11 Domains and IPs 37 Contacted Domains 37 URLs from Memory and Binaries 37 Contacted IPs 40 Public 40 Static File Info 40 No static file info 40 Network Behavior 40 Network Port Distribution 41 TCP Packets 41 UDP Packets 42 DNS Queries 43 DNS Answers 44 HTTPS Packets 46 Code Manipulations 51

Copyright Joe Security LLC 2020 Page 2 of 52 Statistics 51 Behavior 51 System Behavior 51 Analysis Process: iexplore.exe PID: 4808 Parent PID: 696 51 General 51 File Activities 51 Registry Activities 51 Analysis Process: iexplore.exe PID: 1976 Parent PID: 4808 52 General 52 File Activities 52 Registry Activities 52 Disassembly 52

Copyright Joe Security LLC 2020 Page 3 of 52 Analysis Report https://secure.squarespace.com/checko…ut?cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_PLmffJMU

Overview

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 221959 Start date: 12.04.2020 Start time: 01:40:49 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 10s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://secure.squarespace.com/checkout? cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_P LmffJMU Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: EGA enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean2.win@3/92@15/7 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.theresmyrideapp.com/ Warnings: Show All Exclude process from analysis (whitelisted): ielowutil.exe, WMIADAP.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 172.227.108.117, 23.210.248.89, 2.20.212.168, 2.22.154.170, 2.18.68.82, 23.37.33.211, 152.199.19.161, 8.241.122.254, 67.26.75.254, 67.26.139.254, 8.241.9.126, 8.248.123.254 Excluded domains from analysis (whitelisted): e6653.dscf.akamaiedge.net, fs.microsoft.com, p.typekit.net-v3.edgekey.net, t.paypal.com- a.edgekey.net, ie9comview.vo.msecnd.net, e5308.x.akamaiedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, www.paypal.com- a.edgekey.net, fs- wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, www.paypalobjects.com-b.edgekey.net, e9215.x.akamaiedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, e5308.b.akamaiedge.net, auto.au.download.windowsupdate.com.c.footprint.n et, prod.fs.microsoft.com.akadns.net, use.typekit.net-v3.edgekey.net, e6653.f.akamaiedge.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

Strategy Score Range Reporting Whitelisted Detection

Copyright Joe Security LLC 2020 Page 4 of 52 Strategy Score Range Reporting Whitelisted Detection

Threshold 2 0 - 100 false

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 4 0 - 5 false

Classification Spiderchart

Copyright Joe Security LLC 2020 Page 5 of 52 Ransomware

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

Remote Privilege Defense Credential Lateral Command Network Service Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects Drive-by Graphical User Winlogon Process Masquerading 1 Credential File and Application Data from Data Standard Eavesdrop on Remotely Compromise 1 Interface 1 Helper DLL Injection 1 Dumping Directory Deployment Local Compressed Cryptographic Insecure Track Device Discovery 1 Software System Protocol 2 Network Without Communication Authorization Replication Service Port Accessibility Process Network Application Remote Data from Exfiltration Standard Exploit SS7 to Remotely Through Execution Monitors Features Injection 1 Sniffing Window Services Removable Over Other Non- Redirect Phone Wipe Data Removable Discovery Media Network Application Calls/SMS Without Media Medium Layer Authorization Protocol 1

Copyright Joe Security LLC 2020 Page 6 of 52 Remote Privilege Defense Credential Lateral Command Network Service Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration and Control Effects Effects External Windows Accessibility Path Rootkit Input Query Windows Data from Automated Standard Exploit SS7 to Obtain Remote Management Features Interception Capture Registry Remote Network Exfiltration Application Track Device Device Services Instrumentation Management Shared Layer Location Cloud Drive Protocol 2 Backups

Signature Overview

Click to jump to signature section

Phishing:

Form action URLs do not match main URL

Found iframes

HTML body contains low number of good links

No HTML title found

Unusual large HTML page

META author tag missing

META copyright tag missing

Networking:

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Uses new MSVCR Dlls

Malware Configuration

No configs have been found

Copyright Joe Security LLC 2020 Page 7 of 52 Behavior Graph

Hide Legend Behavior Graph Legend: ID: 221959 Process URL: https://secure.squarespace.... Signature Startdate: 12/04/2020 Created File Architecture: WINDOWS DNS/IP Info Score: 2 Is Dropped

Is Windows Process

Number of created Registry Values

static.squarespace.map.fastly.net assets.squarespace.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 3 84 Is malicious

Internet started

iexplore.exe

6 130

stripecdn.map.fastly.net static.squarespace.map.fastly.net

151.101.0.176, 443, 49754, 49755 151.101.0.237, 443, 49747, 49748 20 other IPs or domains unknown unknown United States United States

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Copyright Joe Security LLC 2020 Page 8 of 52 Source Detection Scanner Label Link static.squarespace.map.fastly.net 0% Virustotal Browse squarespace.map.fastly.net 0% Virustotal Browse prod.squarespace.map.fastly.net 0% Virustotal Browse stripecdn.map.fastly.net 0% Virustotal Browse images.squarespace-cdn.com 1% Virustotal Browse www.theresmyrideapp.com 0% Virustotal Browse

URLs

Source Detection Scanner Label Link https://www.theresmyrideapp.com/ckout? 0% Avira URL Cloud safe cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_PLmffJMUb www.southype.com/Commerce/tosSt 0% Avira URL Cloud safe https://images.squarespace-cdn.com/content/v1/5cc30c5c51f4d443e3a3d4e3/1583855478371- 0% Avira URL Cloud safe 4UYWCQ83BUK9NIY www.southype.com/Commerce/tos 0% Virustotal Browse www.southype.com/Commerce/tos 0% Avira URL Cloud safe https://www.theresmyrideapp.com/ 0% Virustotal Browse https://www.theresmyrideapp.com/ 0% Avira URL Cloud safe https://www.theresmyripace.com/checkout? 0% Avira URL Cloud safe cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_PLmffJMUdeapp.com/ https://www.theresmyrideapp.com/ckout? 0% Avira URL Cloud safe cartToken=xKmJuuAeIV_pT_mGVeP_207Cfayeeo5_PLmffJMU https://www.theresmyrideapp.com/(Ride 0% Avira URL Cloud safe opengraphprotocol.org/schema/ 0% Virustotal Browse opengraphprotocol.org/schema/ 0% URL Reputation safe https://www.theresmyrideapp.com 0% Virustotal Browse https://www.theresmyrideapp.com 0% Avira URL Cloud safe www.wikipedia.com/ 0% Virustotal Browse www.wikipedia.com/ 0% URL Reputation safe https://images.squarespace-cdn.com/content/v1/5cc30c5c51f4d443e3a3d4e3/1557087029466- 0% Avira URL Cloud safe FQD0L94DORA7E10

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Copyright Joe Security LLC 2020 Page 9 of 52 Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2020 Page 10 of 52 Startup

System is w10x64 iexplore.exe (PID: 4808 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 1976 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4808 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\www.theresmyrideapp[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 91 Entropy (8bit): 4.420020608117577 Encrypted: false MD5: AF27BA7EBD471802FADC3C56FFB1DC87 SHA1: E42DAA664FC8FA376CD9D6917E8F90F0FDFA5810 SHA-256: E5CC3C0F09533C7B92EC6FAB714DF3FDB78841FE421D5C23467FE3FBEE6C9EA7 SHA-512: 6A9A07B8C1FB773524F9592692942BB98F90CD2120185846B29B79376D2D52F02CEC8264BDDC3BD6B0C3CCE85B0C8B1942F304874CB0B820695841ABE3E90E4F Malicious: false Reputation: low Preview:

Copyright Joe Security LLC 2020 Page 11 of 52 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\m.stripe[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 113 Entropy (8bit): 4.510754379504605 Encrypted: false MD5: 16EB888743CA2490ED3D948D0ECF8F1E SHA1: 7B570C3755DE0BF48389D6BECF2F4784185CDD7A SHA-256: 16200C0EA2D539E92E39DC902BF12AEFC6129434FE6016433A6637E50BF89EF1 SHA-512: 0A0BBDA4D027E8718AE20DAB37577036B0B6C10C63D549D6F1CBD73A54F1812DA9686EC15E1AF239946D0238AD46AFEE651C4A3B8057D5D42B6AFF408217BC4 3 Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\secure.squarespace[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 11657 Entropy (8bit): 5.373318683145787 Encrypted: false MD5: 1C2A95115E7984229F56874D8A381A16 SHA1: 6E43B6588E856584ADD8E51B5181186AF9CFA48C SHA-256: 6D00D0754D79D2D1F20D8749D86E5A3CCDECAEDB038BA24847581B95686453C0 SHA-512: 163E36366404F62A191138FFE16FB61F015EE8CE99577980983DF48281DEE6B9723E2CF5E7FA69AEB7888A1FC92B6AFD6E4141367E5CF2E85CC3DF8456F13B2E Malicious: false Reputation: low Preview: ..0x383ba1e2,0x01d610a6< accdate>0x383ba1e2,0x01d610a6....0x383ba1e2,0x01d610a60 x383ba1e2,0x01d610a6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.139804973550572 Encrypted: false MD5: FA3D50C324E832F1321B6A2501C1EFF7 SHA1: 6957FC532C3CC3FD2459FFF157DACC86C6F16F38 SHA-256: E6A67D0DDFBA04150AAE48AC8F74AC8515611A774F6E73D80937241320540E31 SHA-512: CAF22239683D8A1897F76385CA35A207C373204A2BF51899B1DC022C6DCD7B161CF07D00EFE86F0D089C0AFE688C780370E023B5B5711D329934C255EB3BA4BA Malicious: false Reputation: low Preview: ..0x382c4790,0x01d610a60x382c4790,0x01d610a6....0x382c4790,0x01d610a60x382c4790,0x01d610a6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.098486010370762 Encrypted: false MD5: 07B23BD5134A6AE1E8F3DBF44814CDD7

Copyright Joe Security LLC 2020 Page 13 of 52 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml SHA1: 53454D400DA1C5232CA554810E3FE3EBB1463F3F SHA-256: C1AFCDE2F88126D14D672895B33C7F57C8E0FFF71E2DB9521AB240C59BB1B1F0 SHA-512: F290A3990CAB45C8DBA0A12402601D251080188EF40FC40248E2BFD834750DCE3013C68A873BDA08026A8287DDD381AC29FB5334313CAB18B3EBDEB328393316 Malicious: false Reputation: low Preview: ..0x383ba1e2,0x01d610a6 0x383ba1e2,0x01d610a6.. ..0x383ba1e2,0x01d610a60x383e1624,0x01d610a6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.137166096228081 Encrypted: false MD5: C6A3B1B6FC008999E826290E0F6C64F8 SHA1: B594D308379258524CD713415E781924A73775F3 SHA-256: 7813C4AD9A0FE4F95B7C8D618AF5C5F881F1692C386816F34AAACD0294588AF6 SHA-512: 5AA7D1369AD176449E5D4C80FE2CD8C04DBF46F9018AD181E3499365A510825D7F97CF7C12BC194D71DE329805183FC5EA4326CF3A5D2807F4D136349D0B2334 Malicious: false Reputation: low Preview: ..0x38319246,0x01d610a60x38319246,0x01d610a6....0x38319246,0x01d610a60x38340 892,0x01d610a6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.126102406882907 Encrypted: false MD5: 9E1A480392E1DD5AEF0386ABC90A887A SHA1: 8C0BB82D05A8F62C91192F43261C11C3EFC84612 SHA-256: 4A803B822DD20B8A7D9AD586F4351E05176A50661E64C7C492FECC873379914A SHA-512: B7E84C46E0035C3194D8CFD67CC4EF50076C3C0E56F6A0A24079BC1FF8E8FB96400EDB9382D63B6E2B11A8BD883086046515223F40EE9BEAE0580ED27045B80E Malicious: false Reputation: low Preview: ..0x383e1624,0x01d610a6< accdate>0x383e1624,0x01d610a6....0x383e1624,0x01d610a60 x383e1624,0x01d610a6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.119825328566105 Encrypted: false MD5: 4857EC4267DBB41ECD9CEB4C11C3ABE5 SHA1: B9AE7A563A31214700F7B8D3EEFA3ACB75CBEE0F SHA-256: 3D8AC37F342AC9F12CFE4ADEFF15B96D79F98781B6A82E667BBBDC1718552DB5 SHA-512: C843C56068609104082D8A87CCD0A0E17F38494E7FBBCEB36BFA3DC96FF3718DBD51E23A29CA99A78875A97F214DAA0A6D19DB7EBB01C8344AD92DDBAC82F3 73 Malicious: false Reputation: low Preview: ..0x38340892,0x01d610a60x38340892,0x01d610a6....0x38340892,0x01d610a60x3 836a47f,0x01d610a6 ..

Copyright Joe Security LLC 2020 Page 14 of 52 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.158825746697837 Encrypted: false MD5: 37B777F57166CB263C126D75BA236CEB SHA1: 7E6AF925E44DB1C543A4EEF1CD20CF75198A02FD SHA-256: AC5D4F173AF9B311A70F0A90C83A20CE8E1FF0B478C8DD50186B550C6C4A7DA9 SHA-512: D58664422D96B207179D7A40164B9A5A9FCA3BB51A4AD569D4102FAE364BE6083F759F0E5D14EF7B787407A0C3D888D6AC4018BCB29739DEC4998821F09CA0D1 Malicious: false Reputation: low Preview: ..0x38340892,0x01d610a6< accdate>0x38340892,0x01d610a6....0x38340892,0x01d610a60 x38340892,0x01d610a6 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.07851695025709 Encrypted: false MD5: B95BAF2F701F3DE6F5189AE85274B7FB SHA1: 7284B5653553BA610F63EEF844B35540902EE6DD SHA-256: F273A8780F9F4287BDC57EF3983502ED374A442AEDA6990691BBA1F18D006144 SHA-512: DFBFEF23E6953DBFF0B5BD2FF63DD4BEF28F292801A78EAF2480B72B228B177B4A650E09D32F9EE927DC9906573068B659C588B9C2E45EC00F8A71761A4C8B9 C Malicious: false Reputation: low Preview: ..0x382f1cde,0x01d610a6 0x382f1cde,0x01d610a6....0x382f1cde,0x01d610a60x382f1cde,0x01d610a6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.119245517914554 Encrypted: false MD5: 96627FCABF3FA5A6595E9A95DA372772 SHA1: 92C5FCDD368797C572570606BF870E7F34B23B1A SHA-256: 1FE32F723318674F168F227E6F656D4EB5D814F5EE78298AB0B9405294F468A6 SHA-512: 6A55EE8B6FCD7068A84DF279B40C59F08C07D5CEEE870D0922066A5189E43F2AC08F1DB045BE2E0B2900192FD7B35E94535C11A0B7ADCED3625557E99D32174 E Malicious: false Reputation: low Preview: ..0x38319246,0x01d610a60x38319246,0x01d610a6....0x38319246,0x01d610a60x38319246,0x01d610a6..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 6840 Entropy (8bit): 3.0755835822373987 Encrypted: false MD5: 4962939C94FDC6CDFC1A5A182A38A7FC SHA1: E1A85B2CD446185C7CE0C5AD19CD09A673D78B74 SHA-256: 8632D426DCA95D45B89F4704F19D3D705D41EDFD56490133F2BCFB2D670116FB SHA-512: 97D151D53C6BCC13DF9938DECE25F3B9B347D5C2CC76468704F3D1212177A610A68DAD87FEAFC3B98101EEE657700BA8BC0663BC4A3A84ACEAFD9F958495EE CD

Copyright Joe Security LLC 2020 Page 15 of 52 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat Malicious: false Reputation: low Preview: <.h.t.t.p.s.:././.a.s.s.e.t.s...s.q.u.a.r.e.s.p.a.c.e...c.o.m./.u.n.i.v.e.r.s.a.l./.d.e.f.a.u.l.t.-.f.a.v.i.c.o.n...i.c.o.>...... (...... (...... UU U.TTTpVVV.>>>.;;;p===...... fff.VVVPTTT.UUU.TTT.TTT.:::.:::.:::.;;;.===Pfff...... WWW/UUU.UUU.TTT.TTT.TTT.TTT.TTT.:::.:::.:::.:::.:::.;;;.:::.<<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\0O90Y65P.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1MMBJ9VG.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\2JWV7VNZ.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4S4ZSJ9Q.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA

Copyright Joe Security LLC 2020 Page 16 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4S4ZSJ9Q.gif SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7P8CEX8E.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7RMFUYXP.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\8XUPTWEE.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\E72U94V8.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false

Copyright Joe Security LLC 2020 Page 17 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\E72U94V8.gif Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GQMSC5BX.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\IB7P1PCD.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\OKC5YQF6.js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 22488 Entropy (8bit): 5.561914709625256 Encrypted: false MD5: CDF2B82D68B81B6C3120A3652C429DC5 SHA1: E9EAD8DF000A819BC1443D6153C4070630BA8EEE SHA-256: B79F5F3CB76005562F542DAEE2A4BBEF4AEEE157166EE8A7CDC9436C9CEB47D8 SHA-512: 20D92D73DDFB464F454DA7CBD7A424B192CC77EA2E81AD50306F7F55F9E48EB194C58D7501D4E6E8B6DE166AB93A288DA2EBF8E78F776CE15DE167D9EE7F6C 76 Malicious: false Reputation: low Preview: /*. * The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/prod ucts/eulas/tou_typekit. For font license. * information, see the list below.. *. * calluna:. * - http://typekit.com/eulas/000000000000000000014868. * - http://typekit .com/eulas/000000000000000000014869. * - http://typekit.com/eulas/00000000000000000001486d. * - http://typekit.com/eulas/00000000000000000001486a. * - htt p://typekit.com/eulas/00000000000000000001486e. * futura-pt:. * - http://typekit.com/eulas/000000000000000000013365. * - http://typekit.com/eulas/0000000000 0000000001008f. * - http://typekit.com/eulas/000000000000000000010091. * - http://typekit.com/eulas/000000000000000000010097. * - http://typekit.com/eulas /000000000000000000010095. * - http://typekit.com/eulas/000000000000000000010090. * - http://typekit.com/eulas/000000000000000000010092. * futura-pt-condens ed:. * - http://ty

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\R5GVS0Y3.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA

Copyright Joe Security LLC 2020 Page 18 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\R5GVS0Y3.gif SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\RHQU2U13.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\TMRA+Logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 500 x 200, 8-bit/color RGBA, non-interlaced Size (bytes): 22069 Entropy (8bit): 7.965205146470398 Encrypted: false MD5: D8340B6D7DC3D6B0D46D1243E95A637D SHA1: C8FC6482430BF57429B64734B87583987031F3E8 SHA-256: E1130C2908E29218149C44EE4BAB02FEECA658E634379BDAE5B62CF2C0C01B6A SHA-512: 6CAF8BE4EB3C2B47C0948CCBA951AE2BBEF48A444E30E7846F6B4C4165620DF941A95C366E6A96707DD4A8A7C31AB22FCECD0F50904DD0D9C8A159A3136203 C9 Malicious: false Reputation: low Preview: .PNG...... IHDR...... U.IDATx...... {..(..'. ...(.P.%....K..]...... )D.....T$Y..n~].?..-.y.xI...... z..~..j8...... $..j.}...'....%.....O.....$.q....3._..X.V...5....`../."...oZ..K....4}...9..ND.b.p...... J...... J...... ZD....9...... |.(..N...... \...w...<_.../..ND.r.t....w..r..A.~.~...~m..~..Y...p}8.A/.w..Q.. )Z.V.n.%i.*._..-..q...t6Wo<..:<..5..+..6:....(.u.3a..D..a_..U..+..A.... .g2.L2.d.@....#..*..>.O...... =z.....w.{W=..}..I....gzz.lfQ...TwW._U]....m]...... V...^6..f.....y....io...W^BW.R.w.}. ...W^....BQ....+...%$$$.....p..(...... *..h.%.K..o.i*Y..\j+4g.,f...... U=...lj..dq.r.yE.l...s...n+(>...... O...J..9K..k.VG../,.2.&....P..l2_.z5+...E||...... G.I.&q;...)^{.5..KB..]V^..]..\P.&B..,Uk. NWE?K..9...\...Q\v...... s..A.B.[..E..%,.N.a..)iYb.4.b...e+~.w..../..\...K/.T..2R[B.S.L..F."...... @.>}.tn...... Bs6W..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\U6HRJCFO.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\VY1A2OQ4.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA

Copyright Joe Security LLC 2020 Page 19 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\VY1A2OQ4.gif SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\XXKO9LUP.gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Size (bytes): 43 Entropy (8bit): 3.0950611313667666 Encrypted: false MD5: AD4B0F606E0F8465BC4C4C170B37E1A3 SHA1: 50B30FD5F87C85FE5CBA2635CB83316CA71250D7 SHA-256: CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA SHA-512: EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0 910 Malicious: false Reputation: low Preview: GIF89a...... !...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\YF4RXKFU.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 55529 Entropy (8bit): 5.199950026089786 Encrypted: false MD5: C8405CFC1AF780FA1DC9A0120A2D54C8 SHA1: B4501A5083E4EB26FE7F58AFF572359358C9B00D SHA-256: 132019A779D109726F05EEE8143E9E5AE8FA6215EE132CDFEA4C049233A316CC SHA-512: 00F2C08F0943E3B9BA77EE24CC25F53B246056F2CE51E183F0432DA51D72C2C1D8E3F80DA9C7A420EE0C81843D1D91E4DA749AF38FCAAC8C5C9236D5A3180EF 5 Malicious: false Reputation: low Preview: .. . . . Th is is Squarespace. --> avocado-mackerel-rem4 -->...........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\checkout.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines

Copyright Joe Security LLC 2020 Page 20 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\checkout.min[1].js Size (bytes): 906095 Entropy (8bit): 5.892590677147337 Encrypted: false MD5: 96EC9489625457206015847FFAF436A4 SHA1: 6B3E26A51CB36E3EA4AFC43A3FA4A1FE87F13D7F SHA-256: CCDFA30784B76A2B0DF14D898D4581F5A7FE189BD7E3E7CE13DF01DE3C615C86 SHA-512: 0B3D4CEF75F8A10094AEF02177060E5B0910B900927DDA51C76CEE6B8F19EA5C6536F2D2D60B2271C158C4AA30F8E79621903C89A7DF23152B2F6E47BA225012 Malicious: false Reputation: low Preview: /*! For license information please see checkout.min.js.LICENSE.txt */.!function(e){var o={};function a(t){if(o[t])return o[t].exports;var r=o[t]={i:t,l:!1,exports:{}};return e[t].c all(r.exports,r,r.exports,a),r.l=!0,r.exports}a.m=e,a.c=o,a.d=function(e,o,t){a.o(e,o)||Object.defineProperty(e,o,{enumerable:!0,get:t})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,o) {if(1&o&&(e=a(e)),8&o)return e;if(4&o&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(a.r(t),Object.defineProperty(t,"default",{enume rable:!0,value:e}),2&o&&"string"!=typeof e)for(var r in e)a.d(t,r,function(o){return e[o]}.bind(null,r));return t},a.n=function(e){var o=e&&e.__esModule?function(){return e.default}:function(){return e};return a.d(o,"a",o),o},a.o=function(e,o){return{}.hasOwnProperty.call(e,o)},a.p="",a(a.s=48)}([function(e,o,a){"use strict";a.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\checkout[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 8911 Entropy (8bit): 5.485992738880055 Encrypted: false MD5: F1D2E8144A1E4703F2B998404C2B2AB6 SHA1: 30E9A78A93D8F34F9A2EE4E924C46006323ED867 SHA-256: BF19F37EC8D21069CDD35B4F9959034607C0BD6432EF98C26B56EE302DF64CCB SHA-512: A9C6962286B729380C5F7094AFD5BD7FE8C7B95235C8A809BB478F0C07639F162E02EB79FC8A40D5074C1C38345E8D30286702AD913803C443790947253FEE61 Malicious: false Reputation: low Preview: .. . . . . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 49824, version 0.0 Size (bytes): 49824 Entropy (8bit): 7.988700522651047 Encrypted: false MD5: 9229E673166AD23534578C5665ADEAC6 SHA1: C2862C25184DA74098C6AF9D37C14EC7C544C109 SHA-256: 2BCD72ECBB3B8B1ACBBC30E8947A4021BEED538B5FC462B2DF8B8C6D196CB41F SHA-512: DC9CF88C740C47A12FA1E19C22435B3C46944E3D218F2247A803A03DA710D6BE9CDD50BC59A4F1C7AD014C54C00DBA88310DCD5B87A76E9F4A4A69A99129A7 A5 Malicious: false Reputation: low

Copyright Joe Security LLC 2020 Page 21 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[1] Preview: wOFF...... 4...... DYNA...4...... B.GDYN...... +.n.GPOS...h...... NX..ALTSH...... %}.OS/2...... [...`.e>~cmap...... W.\tcvt ...... (...(.l.wfpgm...... s.. .7gasp...... glyf...... K.....hdmx...8...|..*.f...head...... 6...6..1)hhea...... $....hmtx...... -.loca...... v...... maxp...... Kname...... o.l.Kpost...,...... s.Wz8prep...... S....\.F.d.H.r...... x.]..N.0...8...H...(.*W.L..H(Kh.|K...H..).,.x.c3[^..%.:t...... oG.[GH..-..F...... R...u.a..;G..ece..VW$.j.3.A..].~{.Q.O....w.....O.P...... d..d.a&.&. .~y.....z..p...%....)..[.SR...... 3/V.\.)..B.`.G...CP..1...!..(f..b$...o.Q..5.....D.w..n}.I....|jl$...... BR[rZ_.<...... 'p...... '|...... x...N.0...BuK..7X..N...D.!$.....tN[...6Q. u.'`..X..C.k.p/.. ...e.g...... 7..;W..h...... 5..w....=...r.....qe...#gh.E.y.....h.E.?...-..{h...{y.f.<...... 8..T..<..>.W..'.D.B.....x..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[2] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 47100, version 0.0 Size (bytes): 47100 Entropy (8bit): 7.989322540102536 Encrypted: false MD5: 6B3458E328EFB8DC9DDC0B33BFE7C69F SHA1: 566D26B534FEA04FAC30E2A4C2C7031AD587C483 SHA-256: 5F18F7F97062C3E74282D672F6B19ADCB5DF225571C2EE6E9AF4F6BB58E58BEF SHA-512: EC97218A52E0C1CD364A024BFC6F6E785B7FF6328F1C931201161130FA2B628EEF11D9D79F237CA7E02DDE34362F68870A38C0B772AAFA7867E13975E289C50B Malicious: false Reputation: low Preview: wOFF...... |...... DYNA...0...{....`..GDYN...... GpGPOS...H...... >f..5LTSH...d...... OS/2...... Z...`[email protected]...`...... W.\jcvt ...... $...$...Rfpgm...... s. ..7gasp...... glyf...... S..!...0.hdmx...X...... *.d]?.head...... 6...6..6.hhea...... $.6.)hmtx...$...... l..(.loca...4...g...p..m0maxp...... dname...... cW.!(post...... I. ..prep...... x...... x...... ~.d...... x.]..N.0...8...H...(.*W.L..H(Kh.|K...H..).,.x.c3[^..%.:t...... oG.[GH..-..F...... R...u.a..;G..ece..VW$.j.3.A..].~{.Q.O....w.....O.P...... d.. d.a&.&..~y.....z..p...%....)..[.SR...... 3/V.\.)..B.`.G...CP..1...!..(f..b$...o.Q..5.....D.w..n}.I....|jl$...... _.<...... 'u...... '|...... [email protected]).'...A<.d.'.OR.=.A. =.ui..).....'...... G.D.O.JA..;...3.....w8h...a..\5..&.,.....65...... r..o.r.[\.|Zvp..Xn....:O...|X^..ey...=...[..t^f...W.|_vEO....Y..s},.g#W.%..U..t....s..Sd..#1.C

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[3] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, CFF, length 23332, version 0.0 Size (bytes): 23332 Entropy (8bit): 7.983250292713115 Encrypted: false MD5: 342ADC4BFCAC3F2FA7D74DD0FEA5D478 SHA1: EAC16FC3545B9C7A86D5F6C74510146E8DB4AF51 SHA-256: 69125B5326A4614B95E63C7A5DEE3BFB583DD9C7D6F6044EF0116AC5927EB146 SHA-512: EDF9806D673BCA1EF875AD69D4CEDBBA37F413B03B498C269217504E6818AF73667760D0C0C64F361ED898038081EBB29D40C2552F3830F8ED382A75FD105A51 Malicious: false Reputation: low Preview: wOFFOTTO..[$...... CFF ...... <...H.n.:.DYNA..@...... 6....GDYN..AT...... a..GPOS..B(...4..6V.&..OS/[email protected]...`z_..cmap..Y...... ua.8gasp...0...... head... 8...4...6..=hhea...... $....hmtx..W\...3...<...Tmaxp...... P.name...l...... o..I.post..Y...... 2...... x.c`d```....k.x~...../."..z&....)..X"...... L Q.....x.Q.j.0.=N....X....-.$u.1(..K .J.}..N..l.[....q.}....#.....X76&!...s..$...... q...K.Z..1.9|..\:...x...#..'.{..Y^..w3|s..w.p.=....^.p.....b.}q..o:}.{.:.O".r,.V?fu...4...... \kQ..iD..Uo..H.^.....U.N.....Z$..._...n.....NH....2..0 ..iR .KU.._.YD&...... Y...J-s.O."P,...-...O....>&R.B...j>{C...J....3.v..S..Z...... NqU\7.gT^ .+mvJ..o....dk~..J..!.YE.[n..?...... :[.x.{.;2...m.Y..{..eH.!N.-...<..t...j".c...... a....v..[.o...=. ..K4..z. [.W..&G.ax.c`aba.a`e``.b.```...q.F.|@>...... 1#.S...... 6...... Ar...f.)...... x.c`d``>...... ,[email protected]...... P.....x.|.\...,...... Q....5..{o.^.!...... ""...T.T.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[4] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 27888, version 0.0 Size (bytes): 27888 Entropy (8bit): 7.980773701495848 Encrypted: false MD5: 1832B33E20C3F6F6B5AEB5EF1D06C4B2 SHA1: BEC7B279385BE406DDCE75D3B624CB87F69D1836 SHA-256: 3BE39F4A40075FA2E5816CE0DCDD1DC12610A6569AB926D18A6DBC13283B01BE SHA-512: 0DE6C484A5F240EDDF0FC718C7FBFD68DFE9CE7365B9E6FCEA8C3185B245B8D14DB8DD41D9D19906D4CCA76C66439B48B217595CDFA0716B47511DE63F92CC 9C Malicious: false Reputation: low Preview: wOFF...... l...... DYNA...... ;WzijFFTM...... S.R.GDYN...... 4.aGPOS...... 6..{.5LTSH..!h...`....F..OS/2...... O...`z..VDMX...... 5cmap..lP...... *.. )cvt ...... "..."....feat...... p.....Q.,fpgm...$...... a.?..gasp...... glyf..!...<...q.;.+hdmx..^...... N...head...$...6...6....hhea...... $....hmtx..f....C...l....loca..h...... maxp...... Xname...\...... ]=Y..post..j...... i@?.mprep...$...f...i7.v.x.c```d..cW.f..Ib0..H..W...x...US...E.3g...... Pi.D@Ai.}.>..8.x...".II..e.'...d$..$'.LAJ.CJ..H%S.Z...IK....2=.d.../2.A f"..L&...... d...*..M.?.Iv...279e.r.w.[.#..O^Y.|....( .SP...}.(.e1.....%..JRL...,M.Y...... (-.SFV..}.".d%...T.U.h..J%Y..:Ud....j:.E5Y...5,.....%.S[6...... dc..&4.8..P6..lNc.&.KK..V.[.L...... - e{Z....h:.Fv...L;...EW:.nt...${...... t.}.f..Kw...?=..zY$..-..G....B?.`(..0.....#.do..`9.!r..1..7.e...p9..r.#-...... -'3FNa..1.qr...t&..L.Pf2I.b....9G.f.S.<...L...a!,d.\.,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[5] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 28656, version 0.0 Size (bytes): 28656 Entropy (8bit): 7.980834741187818

Copyright Joe Security LLC 2020 Page 22 of 52 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[5] Encrypted: false MD5: 044CCBEA82C2A0553E18DBF374789A1B SHA1: 2F0144AAC56298728DB5B653FF6932611C4BE7F3 SHA-256: 65659E8E588AB8FA5E750B536A687EAA319F5361BE9D4AAD89A8E746467D2D50 SHA-512: 63AF4D46D2C9F6DCC5D4E05CB3500015D40E9410D7BD3C843E3413B1BE4E449D77DFEDE78688BEB8F4D18341887FC4D06437ACD8B6438755395E6846199B3DA0 Malicious: false Reputation: low Preview: wOFF...... o...... ,...... DYNA...L...... ;Jzu.FFTM...... S.T.GDYN...... Y..=GPOS...... 6.....LTSH.."`...m.....2..OS/2...... R...`{..VDMX...... Mcmap..oP...... * ..)cvt ...... (...(.c..feat...... p.....Q.,fpgm...,...... a.?..gasp...$...... glyf.."...>i..s46'`.hdmx..a<...`....B..?head...,...6...6.\.hhea...... "...$....hmtx..i....H...b.7.>loca..k...... maxp...,...... Jname...d...... c.Tv.post..m...... iC..wprep...<...u....}3.;x.c```d..cW.f....0..H(.C...x...cs...F....Lm.m.m.m.v.$u.&i.6l...... p..C...4...2....dF2.._..B. ..!..T...I-.8LK..M:...... H/3..~.. .23.d.2.d...j?.N6...2'9d.r..r.K.!..K...... /..o...,LAY.B.(.e1...... ,IqY...4%..e(%.RZ...,OY.L...'*R^V...LEY.J.@U*.jT...... S.j...emj.:.8.RK...O....KC..F..i ...bhJ#..9Md..Z4-i&[.\...lCK..- .d;..i-;..".H[.v.3.e.:X.].(..Iv...A...']e/...t.}.aa....G/..r.}.#..+..O...... e..a....$G0.B...9..r4....[0c.!.1R.g...h..D..I....'.0....9..r:...&[ 3."g1U.f..0..\..y..i.,`.\.l..9r1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\default-favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Size (bytes): 6518 Entropy (8bit): 2.951064365485467 Encrypted: false MD5: AA78D04664D6B65058FF847EB8D2D821 SHA1: ABBE5F24DAE7833B596BEAB1C431F58E1C1C95E0 SHA-256: 0D75FA1C9F78745B408F55992519C9BD64DFDD5C1B456C5F48B5DC7C43184A8A SHA-512: 828D6F59938220694CF3A851157F0FFB2179DFED687DA2F15927C8F119852C8F4625356B05D56404AAC91E1846974DFEC459387AC353A513BAA4048BBAE5AA0C Malicious: false Reputation: low Preview: ...... (...&...... (...N...(...... UUU.TTTpVVV.>>>.;;;p===...... fff.VVVPTTT.UUU.TTT.TTT.:::.:::.:::.;;;.===Pfff...... WWW/ UUU.UUU.TTT.TTT.TTT.TTT.TTT.:::.:::.:::.:::.:::.;;;.:::.<<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\elements-inner-card-af6c36fe3bb96744407e596128eb10f3[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 5595 Entropy (8bit): 5.20618592352469 Encrypted: false MD5: AF6C36FE3BB96744407E596128EB10F3 SHA1: B18219939A0D75A740F5991DCB713CCE317B48DF SHA-256: AB3CC7E1935F5B30BD7F9BD2E9D3B626FC6A34EF8434C9ACFD4E8C886F5DD370 SHA-512: 4F7AC91BCA545DC6119DCBA03B0193F6A01217F29BD4B30A2B09D82995F2552B98094F6A3C17F4B763595321DF1D7D48E4D3466EDC421D6A5CA5E2E9CA147C17 Malicious: false Reputation: low Preview: