ID: Cookbook: browseurl.jbs Time: 22:08:00 Date: 05/07/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 03:38:04 Date: 30/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:40:31 Date: 11/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 19:33:28 Date: 25/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:57:53 Date: 27/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:30:00 Date: 09/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 01:14:26 Date: 03/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 01:54:38 Date: 10/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:16:31 Date: 24/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:25:07 Date: 07/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:33:33 Date: 06/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:49:21 Date: 20/04/2018 Version:

ID: Sample Name: html Cookbook: defaultwindowshtmlcookbook.jbs Time: 15:11:10 Date: 11/04/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 16:38:13 Date: 14/04/2018 Version:

ID: Sample Name: sentenza berwind.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 21:41:19 Date: 11/04/2018 Version: 22.0.

ID: Sample Name: Harry Potter and the Sorcerer's Stone.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 06:34:30 Date: 24/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 15:58:06 Date: 04/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 09:15:48 Date: 09/01/2018 Version:

ID: Sample Name: message_zdm.html Cookbook: default.jbs Time: 17:40:56 Date: 04/05/2018 Version:

ID: Sample Name: Zipongo Value for Investment_ Theresa & Year 1 ROI vs. treatment costs.pdf Cookbook: defaultwindowspdfcookbook.

FAQs GOLF CANADA KIOSK

XC2 Client/Server Installation & Configuration

Cisco SIP Proxy Server (CSPS) Compliance Information

Integrate Riverbed SteelHead. EventTracker v8.x and above

Oxygen Meter User Manual

ACI_Release_Notes.txt VERSION Fixed Tank info for ELITE in Dive section 2. Fixed USB port initializing for old DC VERSION

SQL LiteSpeed 3.0 Installation Guide

REMOTE CLIENT MANAGER HELP VERSION 1.0.2

THE STATCREW SYSTEM For Basketball - What's New Page 1

The MQ Console and REST API

DESKTOP SKILLS COURSEWARE

PRODUCT MANUAL. Diver-Mobile for Android

PGA Tour, Champions Tour & Web.com Tour LED Scoreboard Graphical Style Guide and Tournament Instructions. (Revised 4/1/2018) Section 1: Introduction

Totalflow Web Interface (TWI) software Help notes v1.0 Oct. 3, 2014

Diver Training Options

Table of Content IMPORTANT NOTE: Before using this guide, please make sure you have already set up your settings in

Section 8: Model-View-Controller

We release Mascot Server 2.6 at the end of last year. There have been a number of changes and improvements in the search engine and reports.

Section 8: Model-View-Controller. Slides adapted from Alex Mariakakis, with material from Krysta Yousoufian and Kellen Donohue

[CROSS COUNTRY SCORING]

Microsoft Windows Software Manual for FITstep Stream Version 4

Fencing Fox SmartApp Documentation. 25 avril 2018

Instrument pucks. Copyright MBARI Michael Risi SIAM design review November 17, 2003

AGW SYSTEMS. Blue Clock W38X

FireHawk M7 Interface Module Software Instructions OPERATION AND INSTRUCTIONS

Quintic Automatic Putting Report

86 5A 62 DF 67 3A 7B A F A 65 F6 95 F4. win7-sp1-x64-app02-1 win7-sp1-x64-app02-1 KVM :32: :51:37

BVIS Beach Volleyball Information System

Steltronic StelPad User Guide

Using MATLAB with CANoe

Software Manual for FITstep Pro Version 2

Inspection User Manual

Inspection User Manual This application allows you to easily inspect equipment located in Onix Work.

Skillsoft Course Catalog. Desktop Collection

Using the Lego NXT with Labview.

Meter Data Distribution User Manual

Flow Vision I MX Gas Blending Station

Digi Connect ME 9210 Linux: serial port 2 for JTAG modules

NETDIVER TUTORIAL. Revision Doc-NDT Dimensional Insight

The Race Director. IPICO Integration Direct Connect [IPICO INTEGRATION]

DDR Dive Data Recorder Manual - Rel /12

Tips to Prevent Form 2802, Lost to Follow-up. Casey Beardslee, Supervisor Donor Contact Team Minneapolis, MN

Tips to Prevent Form 2802, Lost to Follow-up

Quick Start Guide. For Gold and Silver Editions

Australian Ice Hockey League Limited Privacy Policy

March 6, 2013 Tony Giarrusso, Rama Sivakumar Center for GIS, Georgia Institute of Technology

Excel 2013 Pivot Table Calculated Field Greyed Out

Instant Trapper. User Guide

APP NOTES Onsight Connect Cisco Integration. July 2016

Software for electronic scorekeeping of volleyball matches, developed and distributed by:

Multi Class Event Results Calculator User Guide Updated Nov Resource

Decompression of run-time compressed PE-files

Rules of Soccer Simulation League 2D

by Robert Gifford and Jorge Aranda University of Victoria, British Columbia, Canada

ICD-10-CM IN VERSION 10

2 November WSI Hubcast VERSION 3.5 RELEASE NOTES

User Help. Fabasoft Scrum

ITF SCORER ONLINE TRAINING SETUP

A physicist, an engineer and a programmer were in a car driving over a steep alpine pass when the brakes failed. The car was getting faster and

Blackwave Dive Table Creator User Guide

[CROSS COUNTRY SCORING]

Tennis...32 Stay above...34 Decimal...36 Bundesliga simulator...38 Shooter management...41 Installation...43 Registration...45 Where do I get the

- 2 - Companion Web Site. Back Cover. Synopsis

KEM Scientific, Inc. Instruments for Science from Scientists

World Leading Traffic Analysis

PC Configuration software for Discovery MkVI v 1.03 User guide

SmartMan Code User Manual Section 5.0 Results

DST Host User Manual

Mac Software Manual for FITstep Pro Version 2

CSE 154: Web Programming Spring 2017 Homework Assignment 5: Pokedex. Overview. Due Date: Tuesday, May 9th

Mapping a course for Pocket Caddy

Sales Quotation For: Tyler Software & Related Services. City of Cape Girardeau Page 1 of 9

Version 3.1.0: New Features/Improvements: Improved Bluetooth connection on Windows 10

Wanamaker Corporation. Golf Coaches Guide Season

Fencing Time Version 4.3

Digi Connect ME 9210 Linux: 2 nd serial over FIM

LiteSpeed for SQL Server 6.5. Integration with TSM

CT PET-2018 Part - B Phd COMPUTER APPLICATION Sample Question Paper

Microsoft System Center Data

SteelHead SaaS User s Guide

ONSIGHT FIREWALL CONFIGURATION GUIDE

Transcription:

ID: 66955 Cookbook: browseurl.jbs Time: 22:08:00 Date: 05/07/2018 Version: 23.0.0

Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Phishing: Networking: Persistence and Installation Behavior: System Summary: Hooking and other Techniques for Hiding and Protection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted URLs Contacted IPs Public Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph 2 4 4 4 5 5 5 6 6 7 7 7 7 7 7 8 8 8 8 8 8 8 9 9 9 9 10 10 10 10 10 10 10 10 10 11 11 85 85 85 86 86 87 87 87 87 87 255 257 258 264 Copyright Joe Security LLC 2018 Page 2 of 445

HTTP Packets HTTPS Packets Code Manipulations Statistics Behavior System Behavior Analysis iexplore.exe PID: 3304 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 3400 Parent PID: 3304 General File Activities Registry Activities Analysis ssvagent.exe PID: 3456 Parent PID: 3400 General Registry Activities Disassembly 264 270 443 443 443 443 443 443 443 444 444 444 444 444 444 444 445 445 Copyright Joe Security LLC 2018 Page 3 of 445

Analysis Report Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 66955 Start time: 22:08:00 Joe Sandbox Product: CloudBasic Start date: 05.07.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 4m 5s light browseurl.jbs https://www.echobh.com Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: Cookbook Comments: Timeout SUS EGA enabled sus21.mine.win@5/349@22/17 Adjust boot time Correcting counters for adjusted boot time Browsing link: https://www.echobh.com/ Browsing link: https://www.echobh.com/softwaresolutions/ Browsing link: https://www.echobh.com/softwaresolutions/echovantage/ Browsing link: https://www.echobh.com/softwaresolutions/sharecare-mco/ Browsing link: https://www.echobh.com/softwaresolutions/dashboards/ Browsing link: https://www.echobh.com/softwaresolutions/mobile-assessments/ Browsing link: https://www.echobh.com/softwaresolutions/offline-forms/ Browsing link: https://www.echobh.com/ourservices/ Browsing link: https://www.echobh.com/ourservices/cloud-services/ Browsing link: https://www.echobh.com/ourservices/revenue-cycle-management/ Browsing link: https://www.echobh.com/ourservices/health-information-exchange/ Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found. Copyright Joe Security LLC 2018 Page 4 of 445

Detection Strategy Score Range Reporting Detection Threshold 21 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 3 0-5 true Classification Copyright Joe Security LLC 2018 Page 5 of 445

Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Phishing Networking and Installation Behavior Persistence Summary System Hooking and other Techniques for Hiding and Protection Copyright Joe Security LLC 2018 Page 6 of 445

Click to jump to signature section Phishing: Found iframes META author tag missing META copyright tag missing Networking: Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS Persistence and Installation Behavior: Installs a Bitcoin mining software System Summary: Abnormal high CPU Usage Searches the installation path of Mozilla Firefox Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Found graphical window changes (likely an installer) Uses new MSVCR Dlls Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Behavior Graph Copyright Joe Security LLC 2018 Page 7 of 445

Behavior Graph ID: 66955 URL: https://www.echobh.com Startdate: 05/07/2018 Architecture: WINDOWS Score: 21 started iexplore.exe Legend: Process Signature Created File DNS/IP Info Is Dropped Hide Legend 26 55 Is Windows Process Number of created Registry Values cs9.wpc.v0cdn.net 152.199.19.161, 443, 49246, 49247 ANSBB-ASNNET-1-AdvancedNetworksServicesIncUS United States started Number of created Files Visual Basic Delphi Java iexplore.exe 2 372.Net C# or VB.NET C, C++ or other language Is malicious a875.dscb.akamai.net echobh.com 80.239.152.136, 49236, 80 TELIANETTeliaCarrierSE 45.33.70.108, 443, 49163, 49164 LINODE-APLinodeLLCUS 42 other IPs or domains dropped European Union United States C:\...\OpenMinds_Logo_2013-300x127[1].jpg, JPEG started Installs a Bitcoin mining software ssvagent.exe 6 Simulations Behavior and APIs Time Type Description 22:08:49 API Interceptor 4743x Sleep call for process: iexplore.exe modified 22:08:50 API Interceptor 1x Sleep call for process: ssvagent.exe modified Antivirus Detection Initial Sample Source Detection Scanner Label Link https://www.echobh.com 0% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link apps.digsigtrust.com 0% virustotal Browse Copyright Joe Security LLC 2018 Page 8 of 445

Source Detection Scanner Label Link a771.dscq.akamai.net 0% virustotal Browse cdnjs.cloudflare.com 0% virustotal Browse scontent.xx.fbcdn.net 0% virustotal Browse pagead46.l.doubleclick.net 0% virustotal Browse a279.dscq.akamai.net 0% virustotal Browse cs9.wac.phicdn.net 0% virustotal Browse www.google.com 1% virustotal Browse stats.l.doubleclick.net 0% virustotal Browse ads-bid.l.doubleclick.net 0% virustotal Browse a1621.g.akamai.net 0% virustotal Browse www-google-analytics.l.google.com 0% virustotal Browse cs9.wpc.v0cdn.net 1% virustotal Browse echobh.com 0% virustotal Browse www-googletagmanager.l.google.com 0% virustotal Browse googleadapis.l.google.com 0% virustotal Browse star-z-mini.c10r.facebook.com 0% virustotal Browse gstaticadssl.l.google.com 0% virustotal Browse a767.dspw65.akamai.net 0% virustotal Browse a875.dscb.akamai.net 0% virustotal Browse crl.comodoca.com.cdn.cloudflare.net 0% virustotal Browse trk.mx8.inboxgateway.com 0% virustotal Browse www3.l.google.com 0% virustotal Browse rvip1.ue.cachefly.net 0% virustotal Browse www.google.ch 0% virustotal Browse a1363.dscg.akamai.net 0% virustotal Browse pagead.l.doubleclick.net 0% virustotal Browse ocsp.comodoca4.com 0% virustotal Browse ocsp.int-x3.letsencrypt.org 0% virustotal Browse www.googleadservices.com 0% virustotal Browse stats.g.doubleclick.net 0% virustotal Browse fonts.googleapis.com 0% virustotal Browse ocsp.pki.goog 0% virustotal Browse www.echobh.com 0% virustotal Browse www.facebook.com 0% virustotal Browse bid.g.doubleclick.net 0% virustotal Browse googleads.g.doubleclick.net 0% virustotal Browse connect.facebook.net 0% virustotal Browse crl.pki.goog 0% virustotal Browse fonts.gstatic.com 0% virustotal Browse URLs Source Detection Scanner Label Link http://ocsp.pki.goog/gtsgiag3/mekwrzbfmemwqtajbgurdgmcgguabbt27bbjyjkbmjx2jxwgnq JKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCGFquezHariY http://ocsp.pki.goog/gsr2/me4wtdbkmegwrjajbgurdgmcgguabbtgxisxbvr2lbkppoievre6gh lcnaqum%2bihv2cchsbqbt5ztjot39wzhi4cdqhjqtac%2fhigod%2baux0%3d 0% virustotal Browse 0% virustotal Browse http://crl.pki.goog/gsr2/gsr2.crl 0% virustotal Browse http://crl.pki.goog/gtsgiag3.crl 0% virustotal Browse http://ocsp.comodoca4.com/mfewtzbnmeswstajbgurdgmcgguabbtrjdiq%2ficg9b19asfe73bp Ys%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D http://ocsp.pki.goog/gtsgiag3/mekwrzbfmemwqtajbgurdgmcgguabbt27bbjyjkbmjx2jxwgnq JKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCEsy3nLKooNp 1% virustotal Browse 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Copyright Joe Security LLC 2018 Page 9 of 445

Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshots Copyright Joe Security LLC 2018 Page 10 of 445

Startup System is w7 cleanup iexplore.exe (PID: 3304 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3400 cmdline: '' SCODEF:3304 CREDAT:275457 /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 3456 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A0264879FD1E655B75B63B9083B7) Created / dropped Files C:\Users\HERBBL~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): 4.4557725071697485 68DF0DB46384A782816DB17A8CC94DA8 6804D44120309431E6D862118830719CF6C3A5BD 6CEB6B05009E840F0991F23C9E6EA56BA3550F9BD96FAC3E5DC9903AEAC7FFEE 342A1624C9300A03FF108ED7D52B13A0E38BEAA8B8BAD40794133E91BFCBDE64FC29764B66F56170FEEDDE8153 059BC29AA34BFAD5285CCD2C940E9D85A76DA1 Copyright Joe Security LLC 2018 Page 11 of 445

C:\Users\HERBBL~1\AppData\Local\Temp\dat1C9B.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat3E86.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat4EFF.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat6249.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD93 1F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat6C3A.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD Copyright Joe Security LLC 2018 Page 12 of 445

C:\Users\HERBBL~1\AppData\Local\Temp\dat6C3A.tmp C:\Users\HERBBL~1\AppData\Local\Temp\dat7DD6.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat8943.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD93 1F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat93FC.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\dat9DE2.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\datA715.tmp Embedded OpenType (EOT) Size (bytes): 1640 Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E Copyright Joe Security LLC 2018 Page 13 of 445

C:\Users\HERBBL~1\AppData\Local\Temp\datA715.tmp 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\datB2C8.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\datD2F1.tmp Size (bytes): 1640 Embedded OpenType (EOT) Entropy (8bit): 4.454430123057044 302FB8DEC221320B3CFED002BEC8F33E 614D118E2307A175D6D7CB64C21B0346F5D4F576 0580B306D0E3B6C72DCBBE1001C5043FAC25C08E74650B80468593411E842332 D506301AD0209F490772260E3BB78CC8D998011AA87E0AB53BE59385B63EEF9EE9B936418A5FAC77948DC33BD9 31F316686EFF21DEDB2DA4859825BB7B6144AD C:\Users\HERBBL~1\AppData\Local\Temp\~DFE60760EAFEF9D2A0.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 29745 Entropy (8bit): 2.94284162347926 027ED17F0CD615CC8315445A571033D1 11896728549B2D4E0E1721162FB357A524419E8A C191317D09891C8853C6865BE6B3619F78469CF5268905606938EA3FE46C4AD2 DDAFBEFC11C7B41364D93ECAAFB5DAAD03E701B2C5A6D8FA0F4BC6B3DA7F4C35478007C5D43051FC5CFB3FD 6FC653A25372FE4BE17D87F79AC62902AC3246FC6 C:\Users\HERBBL~1\AppData\Local\Temp\~DFE78AE3DD39512507.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 181375 Entropy (8bit): 1.6999632332250172 8172D24D211A985430FB1DD30BBCF939 4B700A2C19886BF5348848D1132FC1012FF78700 07D4988C9FC46A7A52F6AAACA484C65FD14CD8759E9B9C33040CC282F3CC3AAA D080C1D846D6469BFC9AE53DEE7FCE143DC2ADEF51860546511562A4464707148D7394D0E586E540531D578A2ED FFD0F6446C99D3A5FAFC114C2EB61241A4584 C:\Users\HERBBL~1\AppData\Local\Temp\~DFF36A1D69C83507A4.TMP data Copyright Joe Security LLC 2018 Page 14 of 445

C:\Users\HERBBL~1\AppData\Local\Temp\~DFF36A1D69C83507A4.TMP Size (bytes): 13109 Entropy (8bit): 1.4826235151674718 363A1908E41216D366CB2F603F89A5D3 FEBE67F8A37C52AB33B228B85732FCE0EA9286F4 5834038B52109820DFCC786206C8CF9B014084B2B847CE9C5539154EBEAEB417 ECA09EF5D7659E4F1158821C5091BBA4BB9DAEA7C0A6E0DF88ED8AFA4D4898609D8679EB46FF1F71C3EB7F3EE ADC0B751B598159A35F76E22A69007443B03AC8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 635 Entropy (8bit): 6.998189420109672 B663111761F77C56BBD72FA535E767DD B71215975BEEDE36112896E965D2CC51CDDDF7BF CDC9EBE83D41703C0E37E59EE19477283D52AE07F43B5D1073AFA8E7867D5D89 DB78B516123C7C72097DC07F279B126C489702480C849F6E7D11A01872EF50AFCD85A016463D7D21AC63811F4CE 33DD95DA1A5C530875134CC957B95CC65BEBC C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 543 Entropy (8bit): 7.013848593098416 22860A50051ED1FF70358FE6394FCFAA 7BD314E19AD681C6DDDB7DA72A15B06169180EFA 4D4CF9620948CE94303A1A4A6B3180E0FC51ADBD651111D730A916F5F68696FE 6C9C1814C29CF5588AFDF3AE3AFFED3816FF4A4787CFD3F6EA6E5FCCE999C6182F413227AEB6C3F01E63EC9B2 550854BDD587E2795D106A1982CE8F5B8D2D3CE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534BA AAB62F0BD4B data Size (bytes): 471 Entropy (8bit): 7.251000500980685 0A6DC6F592E9EF05FDEBE1B96F4B479A E50EE7BCC7D48856E1C6743656BE5B2B421BEDFF F4AD9F80CB616FD1611F344DA1722D71CD45383DEF052C24E5FAA419C8FE37AF 4D48FE7253F10FD342B7CF7E54A7BAFFF9C042D430C981BD3EDDD244D12F84E4D7D159EE2C0753B463E4B61360 84DFD97C44D26E924307F489925EE9B827CBC9 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 Size (bytes): 13018 Entropy (8bit): 7.96414732129194 Microsoft Cabinet archive data, 6509 bytes, 1 file B95F90C3BEA1D0E7ECA664B8FA01A720 A2ED44DF03C6971C0A7C335ECEF8D996D6BC0652 D82B3648518203D19804D73473CE65D84C4F7D64E453041A9B30CF96C738AA0C 4DB9F495F3B3E39D89685FEDD1F0C715E3C3B0D7319362FB3F51D2B454943E7AC34B1F871C435299B799FCAF3F8 13DAA3BB67C33B221D27C721CCF0F4D67C033 Copyright Joe Security LLC 2018 Page 15 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4 data Size (bytes): 896 Entropy (8bit): 6.813694478863745 FAEBBB0D3063B6B3037D1CCB95B3E301 ECC65CB82D0E12C2AA91989C12AA6CC9C83A157F 9E94A4D38D64A06B142CA9315382D1143B4483855D3A8D0BB96B4594F7FAA57D 6AE25AD88DC376A39E8D5DDDEF806543DF73785A9490B75ED629CA0AA7579CDCF2F6265ED78EC2D41767CB673 EFB6D91D53D3391361116D0443984D0F22EEB29 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F data Size (bytes): 314 Entropy (8bit): 6.73019776787049 DFA0E23F7E78177B8FDB5302C8C46291 2CBA7AD3D6945FDBF2C749F1506261BE9F4E9051 4BAE1D5F7AAFBCF365A45B6D8484163A87AA155854FA260811D10653D5E5C9CB 9EC710C92E0AE611C7090AC32C31366A57720E6BD36C641C340FA9E0246201B682E9EECA788E1AE625B7AF8F01 406F4D0CAC72EB6F3C83BD764C8728F0007283 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 data Size (bytes): 471 Entropy (8bit): 7.145090462928694 F0210FCA650329651CC216A3079899E2 D10B86C6F353C30D98B55BFCAADD40E7D493397C 397AD878DB2D20AFD65BA634252E0347735B089E1C9526BD654829881D1221F9 C5CA0CE0D36CB0716ECC6E37F96C261EF4E992C6C6B03D7EF703252D5494DE7AAFB222089C8BEC0A52ECD39D CF139748318B994898E994C7D29C8C513BB690DA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\739F2FF4259CDC6CBE7B90F1A95601EF data Size (bytes): 97414 Entropy (8bit): 6.516636519894958 4B383849ECB693A25D2A319F607FE4A4 409CF67D8158639DD3322AF5AB3168377624F287 8ED806D5B899D3F033C75C71FCDC0F90C6E3310F0F045D796CEBB27AFC2B1826 6956C9E8B215BF4F7E9B121CE8F8F3FBAFBB4355FC2C3E9FBEE0576A003715FF1345ADF27FD5BBA2BA5BF4E08 5F68C57CE8E762F5ABD06926ED2D6B5112A6300 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Microsoft Cabinet archive data, 54062 bytes, 1 file Size (bytes): 108124 Entropy (8bit): 7.9954688192197025 true 7728A4F5FFCA53E3165CCFB18C585D83 Copyright Joe Security LLC 2018 Page 16 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 6D23556AA5823623EDE7AF9A4488CFD822718F33 B6F623669BCD3C3F0A4BA80ABA41A0AA2DE2646635421916A98FE5505D82C6D4 5EA3736B419813353B5B07525F6ECBD499C74031F397673125472C9A08D18F756B42A9A03F838427334806CDC784 3CF7E207EB52BD68DBA52B56ECC6D3FE344 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 4497 Entropy (8bit): 5.510581528052942 0B9AB2AEA3E1C155FD0DA5CE57082BD2 C2413FBF65971755D40ECA4D548EAED4D3EB644A F88F05DBA035B61A74B7A96B557B8F5FB7A6368A9C8166A3F10FAC1C56E5B265 BF133FBFE010FA77F8BFD5545C6696BF3797818CF23F11C16229EB0DB0394CCA448991B3A9F54D66131D65800C0 DF46861562505E0C41217473869987DEEEE9B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\85B3F147E3624A14E6A20DB4F6C2C5D9 data Size (bytes): 815 Entropy (8bit): 6.502314464372182 BC66A157E3E9EE64D62B3D2597B8278A 82C3F11D62F2E3C5FA23E093C7ABEA7C84CFEDEE E70E62368F94E96BC2DB007C7F09233A2AD20C4B9D7C006550D060483D7913E4 272CF63EEDBAC3ACA64B2A7F41DD4CCB81EE6F096D35819E0B5B4DCA07D6CB33BD799F8DCEF29AFA6734D67 C1AB9B56D12609B4B441AD1F41B283836C5979216 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E201822AE136D10294308E866F250D7 data Size (bytes): 527 Entropy (8bit): 7.141383105787264 6213524388BBCD71ADF0306030C6F1E2 EE88D413BA066BED243ED9655437B3ADE6D1E228 BC03BD7F499171D040C1732E2AE3C2AF851E059515001EF56FCEE1B93ABDC6F2 33BFE622FA7CE244A0422A13E08CA849EA722D44FC89BCF489A35C98CE27DC06180A28FC96098510B85C19BF95 85B7A47A3D83C22470179FE6FBC13FBD967985 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A6E643304C5FBB7CBF4025F1978D6EED data Size (bytes): 355 Entropy (8bit): 6.616342264754818 07832B465F879450B6A65F1AEB3C6129 783206724AB39510E2F0E662839D40B454EF1189 EA301E4F4D1A6A5E324C6A633744021EBDD3C1864B3C5199D530C162C238F00C E27BBEE0136D9202B78F64DDD2F359011F673379C610EF2D87B14AB6E487B18E5F487074E3ABD5BC9020A4CAA8 36EC3D3439E99108D023833B2A6093467CE439 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BEC6224B02D155A396218A2504F3EE0B data Copyright Joe Security LLC 2018 Page 17 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BEC6224B02D155A396218A2504F3EE0B Size (bytes): 97414 Entropy (8bit): 6.516636519894958 4B383849ECB693A25D2A319F607FE4A4 409CF67D8158639DD3322AF5AB3168377624F287 8ED806D5B899D3F033C75C71FCDC0F90C6E3310F0F045D796CEBB27AFC2B1826 6956C9E8B215BF4F7E9B121CE8F8F3FBAFBB4355FC2C3E9FBEE0576A003715FF1345ADF27FD5BBA2BA5BF4E08 5F68C57CE8E762F5ABD06926ED2D6B5112A6300 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F82 1 data Size (bytes): 468 Entropy (8bit): 7.092843961483663 D9D754520AE3340AA37CCA6115EEE05B A0320372760D99C762CB2EB4B37F776625EF1B33 7DC8284C51C9A38DC1BF03BD28857EA5336E8F5C564EDDBB1C9082EE43C93738 440F6A9EA2CE5ECD1FD7CB3D122A6F5F108550D71A9FF5F88F235BE5495903712555F95C75F66CCF716AC2A4920 2716EDBDBAFBD114EFF0AD3D98E3DA6A30C94 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A data Size (bytes): 1786 Entropy (8bit): 7.366016576663508 6AEB4E76C6F68EFD7A48092E9F0F3492 823A035C0BDCC3DC09C881E788F7FACA53C6B458 FE1B9A0EABF44FDBE4DDE97C3CC1209FAD2FBB2D2D7476FFBF64066BD9919A4F 50D98FB4C9875B1AED0AEC06A9C934DB5010B6C5F54539E323EC14FD487E1D92D01652E4614DDF308AB2F1EDE A9E9CB1E23030C971255CC106016C6E7BBAF48C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B0 8 data Size (bytes): 1398 Entropy (8bit): 7.534522675371303 5A2A60F11EAB2155A098F39EAA658EF0 A59C52EA3B7B64CC740DB10C500819565BB6DBAC 89A34310AADC663A96BEFA842A87E9B0E8FE95801291C3C047DCF6F879E17E74 1A5C9C7198E23BEC69E376F54D713EDAEBF61DEFEC98A685DB9E8E36C6540578233EBBFD150BD2A4FA0CEF9D 4FDAD661B4AF0464F97FA9B2FD738D8E1ABD802E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5A B data Size (bytes): 471 Entropy (8bit): 7.1118703869527735 6BDAA119BADF941D385183E899317A63 8D8F1636E13C2FCBC182BE26CDEFCEDF22F50869 88BEF67E1AE1D1222AB3BCACC1E8129B2859EBD37F1130218EFDBA16D68A1FE1 FE55DD8ED5896A44E9DDEFD387AA2EA0D2F36A1135C00BA97495DBA8DAD78CEFD7FBFBE84F256E076FFA1562 CB8A9DCAEE6FD8122D28BE34E58070DF2BA8AFF5 Copyright Joe Security LLC 2018 Page 18 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5A B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_9A38F2B39682F2F92D8A2F9E074E856A data Size (bytes): 463 Entropy (8bit): 7.167288835598702 726CE97723E8E327EA5ABDE28BD843BE 2B6B3648E3F42A47E90C8852128CF242DBF9764B FBF3AB77A0C0458BDBDAD270BA74FCE4B50CE0D1A99A6F855BB2048827FF1D35 9AD9F121CA2C930B10BE1B04816A65AC6C81771AB763524D3820AA16AE80785915C787D13F132A554584B3DDEA0 FECC770DF5701EA6DB8DB5F874CEB880942BD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_D4DFD1F713A64C6DB92E1 22DADA3AC33 data Size (bytes): 463 Entropy (8bit): 7.09577080568519 F244B86018A55BC8396503369D898E65 31CF9C4BCD462BD6CD6A953BC8C2B1D11C07C3F9 69C4986DCB274186A8E2C243711E17EEB66BC83140960F6BC1BAEE92BCBFBD06 A94B7504209D19400EFBCE4E81CBCF65E69B618CCDDF115AB6726EB24DF7D2B087E4F55F943C720F48E228DEF 99693426F67F8E577589A25BBBF9F782E0573F1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 364 Entropy (8bit): 3.091118881063933 2C7E6ABD7874FF021E33017BF66E7A54 F04E10BE69FD063DFB57BFBF498B75DECF121C37 4C56E649CEED552DE961A6FFAAA49151EC4338CBE52D1A292229A4F87003A7CB E57DF60E9B24E00A5BDC57E153D726A845C99033B2FF807CB9486B5F985D063A0AAD301C85BAFA8F7DDD21E9C 9F291D28A4707E11A8D6D76B39DD953264B3219 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 234 Entropy (8bit): 2.935280991100256 EAC83747CBE1704B040191A7A4F58D2F 2D5B328E65A3B4D0C7611223ED65067F02197511 F93C5DC9F8E0AB61B1F3A4930E45A6E250C99A81E76BC483208509D1749B8571 FDF1E5CFA8277E3EE4164D89085199C0843EDD91A190894E2BDE318A24F6E4F034F74B4C32DAF58D0BF0038AFA 2B59916179613D221211627DE6EA0B5573976B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534B AAAB62F0BD4B data Size (bytes): 876 Copyright Joe Security LLC 2018 Page 19 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_F2DE72102A14736B534B AAAB62F0BD4B Entropy (8bit): 3.819240992904737 D18FE76BFBB9B3D29BEA00DCDCAD822E 313BC0354561AFFF8AB083D4D410D3F010B264CB 9C8082524FD47942A11E5EFCE8EA8069955E3405DC552937E8EF803137720C8D 1E898F0C0C32764CE9F153FD09295B44FC5D10190EADAFC39CA24C8DD161E0F4239C6D48D09E6F2B62D6E64FB 95C7CC6F7D178D1DF0334A61A118D5DE82A7E1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 1026 Entropy (8bit): 3.2504497520014404 CB11B85878E0D215E31007AD045F0E3F 1873AED86F9ACD9CC4C365946A1B16D8BEEA69B5 A581D693406AD73D2799C53752F7F012FD4F0BA37E58EDD8EFFEF114BCB6928D 9E39C305ADCECE7F8A06A85279545B2AD10873340BF20E195D0EC9CA5BDC6A584C6597D9F1FB7259497C4C2662 9E06E49BEBBF02C17CC0F5B3F31E2641BA4D4F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4 data Size (bytes): 204 Entropy (8bit): 2.8300551818575417 391E52B3D829853DDF1FA81369803E6B 4BDE73F562A050B9F7D35B1018EB28BDB5E66BE1 2FFF6F876A4178B9DA989DF6D240D69F8F3A814857990E4FFDD992E302AEFB87 EB11581D5071330CA38E02EF0C2978A9535418510CACD36683DEF21868787D0716355D7C5CE17CFD131DC5C7E4 3649CB22DA7CA12FBC2C5186D5F901F4A184C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F data Size (bytes): 406 Entropy (8bit): 3.546196370462069 7F9DC49C3B54959043FF14A68CCA948B 7B897F786BF49991B9E0C43B52DCE11D0DC4372A 80DFFC823F9267445B7490788C3C5182ADB84FA87840BD4189CC0D77104BC03F 8B465F07F0AF69E189C681B77C329F58D2F62D10AA8F002DCCDBE9F6D71CEFAF5829955D07B5D0BC453AC198A8 FA4D58AFA4251CD0F3ED5E31EF4C3A6FF91FE6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF3971487123 2B4792417E04 data Size (bytes): 434 Entropy (8bit): 3.592297680889653 A1FF789F47AE59A7D3234906B80EC05C E0022D960187435B2B7C793ED99A0EF968F52DCA BCF6225B29DA0FE3BF0D9F67678D3DB9B05D6A6C34B4FC3C0D96A4AC4E987F85 478E927B904BDB0E2D71706D06961910D22020F3C2EB2C605297E0DB49B400ADAABE67EA306A3D3FA55CBC1D3 1B553CFCC6BEC821B550536A422DF34F61237F4 Copyright Joe Security LLC 2018 Page 20 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF3971487123 2B4792417E04 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\739F2FF4259CDC6CBE7B90F1A95601EF data Size (bytes): 210 Entropy (8bit): 2.8420538571829614 3C56F61D972C89EBBE6C9DF4EF535909 041C9E2F0A18DA1AFB8DD6D08FF69B1E85D24DCD 09A86BC82BACE897A19FB3C6B4F1F4C480EF9F5414C191F44AC9352DBF3DB8B6 2E6F2080D7D5D8F0DAEA5529135FC7EEEEEE935174CF565AE32D16DDCE6602861121E7A3930E45345AC9D66915 29475350BF5E0D398A7EA04DBFB51513AC0B36 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 data Size (bytes): 2934 Entropy (8bit): 3.4002112848961863 48540DC263ED6AB018C5661500EFB243 C1789613142F70FF3357473CE8D58B7D4A83C6C4 D598FAF0FCA7BDCD5C57F9BDADE1A255EA91523D20FE3E0345CA42228010994A BA8B02BFCDCB5643BB40C6A9842CF6A8313F272668AAB49BD7D75EA4EBE6DC6865BAB98E684DA6BCC42FBCD 2A161AEAEA03F6807811C95EC7DA81B2DB2D2449C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 452 Entropy (8bit): 3.2876573941956417 3ED0463FEC3056A9914E590CE4C2A520 41CAD5E83B93D9FD78066739B441E04548BB263F 08E11EDD53A9AA9A14DEB24137812A39546D9F448D643D5C0AFB5F29C0934337 CC4B7A1E277B50C509D8D5B59956687399207E7D0E7F1F4FB6E58938ACDD7849A027A5EAD65A3DEC75C0F8D7C 27ADC84665F722FACAA25DCB95EB9F9BB361F1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9 data Size (bytes): 184 Entropy (8bit): 2.589803031093335 60745DD4872E87DBD618B84928A34DDC 94A4FF496575F7015E948FB521AC937A1EAB1FBB 24C738BADFDC30AE6997CF30D7799FDC490110AA6C6F54D2D319BF62F47B0AD3 76026718A2F0D96F007164975701E8667E894A6A13ED409742C918E2AC03B3B630E34CBB585ADB5CBADFADA5F5 9F60C8481E4F4C847B6825F2301716CA6DCF00 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E201822AE136D10294308E866F250D7 data Size (bytes): 574 Entropy (8bit): 3.6818360899370672 6F5BD35DADCBE519FF791CE1FD2B433A Copyright Joe Security LLC 2018 Page 21 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E201822AE136D10294308E866F250D7 C364C6F9413A95781A564021682183249B7B05C9 6B872B05415EA55F0385D64F35C5FA3E3D834AEB48E3F5767F3086653FABEBA5 1B128F28AFFD7E01C8269FADFFBC1956366ECD9A2CB87A395197A7FD6332425D531BF13BF4DBBD0051F7F47D34 5223C6F7631FD9198DCE0F38225B6F917D7184 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A6E643304C5FBB7CBF4025F1978D6EED data Size (bytes): 236 Entropy (8bit): 2.8898397992752596 D1EAE968FDA2FD03447EC06F6CD30F47 FD2F501987C784531ECCBA41965D8D8261AD31DA 271C449A27CC1F7F305DE34C0682536C3F8E3F9FCDF284575DD1D3104460ED34 0A194EA02651C2A58A9D1CEFA629ACB4B3C444A510F80F163B0F0149A50BDC1084A6743FAB503794A7C01C01C1 7C904F8B8149401518AEE9C3E7F25491F50FB8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BEC6224B02D155A396218A2504F3EE0B data Size (bytes): 234 Entropy (8bit): 3.011328233892478 653EE625BFE1FB82E0AA7906D14596A0 689C6C42DFF433BAFA50E5AA5190CBCEA5490DB3 254DC3426564B7352673B8B9BBFB4A848BC7FAB8ED25C542CB720FCE7B59E4F1 4AD27888D7F1D47E6E008F689500EFA48F462F8A608C49E1732DE0D3A61FBF5AE857302A1D18D11F828A0202D4B F6C159704F89F1F42C9BF8B1452B5882C0828 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F8 21 data Size (bytes): 804 Entropy (8bit): 3.5732379747688117 9736693B961CC37C2AE2DAA78E3E9E8E 8E147E640750151F3596CFF71BDE86049D25EB94 3F88965F395067AAF88429D29228714224FB624890CAC5A3CF1CCA1393FD9C54 7538B8FAAF9582937F55332EFA55E0477D13ED63CCAD2F131B925EC946CDEB4C25E1CFC49340B23A1568EB2C7 AD26322515B725CD9CE4352CF433D4CF5A1D391 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A data Size (bytes): 424 Entropy (8bit): 2.810387812879661 31559C99C46A81A14AAAA29D6D6D84DE 2FAB64E2F55ED6F711C3CEFD8D77D361661E5898 2F914AC45A0E56591812D860A5EF8A9DCD9CF0897A97B21E5821436ADB49BE0F E288C0086975C818F9473B01A236B188467B645D5877B3A3E8D980C9223A259322BE91523BBB6E2E674359D7B23C BD33D1F6C320386BB8BFFF8EDC8A25B209FF C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B 08 Copyright Joe Security LLC 2018 Page 22 of 445

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B 08 data Size (bytes): 514 Entropy (8bit): 3.637069267705188 21AF31DC369136CB51700639958B6D02 605138D70D38C5F0146DE00E149F5958D141E375 48AC0425F029B1B00F683DAD5ADF7A45E2EA69C71F888BAAD285DD3E83344709 C9A77CB25BC2A1535148B0A3A3C42BDDDEB28B7A75A30D2CB6C9013AE0AF132BC0F7D20583A89358C7DECAF2 51768A6E480A67970FBF01BD5BA8E33A1633D434 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5 AB data Size (bytes): 852 Entropy (8bit): 3.854238166006687 499EAF68E30A6B58E1C941DB4BEE4C03 89E1C5AC19007373539CDAB249BA8556E5661DC7 64D87326BE9CCAB49F7E7BFA7E520341C0EAB692D1A88AB7CC1D7648079A5AAA DA8FF195AC1E4FED0A0C8B0F6DB4A6A41B736E5F4528FA39E603B98931DEFED76EF3E182606C3AAFC82D2E51 A92B564BAD7A83F90FD6820DB064AEC8CFEBA146 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F5F320A94D4D2B4465D8F17E2BB2D351_9A38F2B39682F2F92D8A2F9E074E85 6A data Size (bytes): 382 Entropy (8bit): 3.3522374450572934 5882DA3775B5572495977EF8A8B4A9BD DF0F89D0B466AF761604F6A4883D1C5A15985782 03547029131DB4EFE71E7C44F34E644BA078C500E214C9C63B32643A8785FA3E C9796AF8640AF1278224726FE7049C1D568E32BC9D2C4E81674D5371D04F0C0EF49ADE30DB3BC2DB6E98892704 8AEA3B782208139D71EAEED15DD6623E6EB4A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F5F320A94D4D2B4465D8F17E2BB2D351_D4DFD1F713A64C6DB92E 122DADA3AC33 data Size (bytes): 382 Entropy (8bit): 3.3703828137904837 DBE374A11806430EE564D231A34DDA1B 67FB5248E3BF71EE32FA181BF655AA7A7CBBCDDA A010E27DB53FFC5BBF0C43D3B0B54FCC1ED2AB57A79C714A1A005774579575E0 A04532BB694496BC3C2A349EA3B5DA238C3EBBE13749D97C25547C6488AC0FA600AD7C12E501370304C5E5AFE0 65A51ADA22EE62A75658A5A8E2B9811C71EB6B C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico PNG image data, 16 x 16, 4-bit colormap, non-interlaced Size (bytes): 237 Entropy (8bit): 6.1480026084285395 9FB559A691078558E77D6848202F6541 Copyright Joe Security LLC 2018 Page 23 of 445

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A6A57F1-808F-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): 46680 Microsoft Word Document Entropy (8bit): 1.9130329154966585 C72AFA0B5C3CA7490B4F0FE9ED7A6FD6 341F6D4C39FA13AA18D720DEB84C77F2CB09D035 E380FA9BA6D0D48522E43172761962B3F7BAB696ECB7B565434534E59544B0E7 369AA57075BE9A955966D68ADBD77A366FBDB309157AE15649E5162DB346267587FEFEE82626AC1819B4763D703 33726E13BFA669C1B54B6D354892780387DD8 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A6A57F3-808F-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): 241472 Microsoft Word Document Entropy (8bit): 2.6872819668621313 FA2B5E1FCCA2BB835E1B9ED2CF8D1BB2 628F055B733E0FCD5D6F2EBB1A23B61229969EE9 67ED31C567F20A11CDDB790E2985C1B5FA5CAC1AEC2EB30519563735A280E12E EEA8EF1BE08E66E84F6B0983A5AA40CA2B268E42B682D5770CFD121D13ECFEAF4580F00BB4D8DF4033025F8AA 50FC396F8BF6CBAC3AD669BFA84D4CD86D8E65B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{442E7150-808F-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): 19032 Microsoft Word Document Entropy (8bit): 1.5871769957902016 43D00DA946A2937A7927DD3A342E7FEC 4CA3F8BAA3BDDBCB1F2758F514312C5EEE662ABB 397997BA0828072B1C2399A415A2FD380716AC00008866FFF31DB25AA52EC6C3 17DCF909E5F7C1140E26185D7A014935C855BC3B587FA35EEB5896725DFD0B17165AD9DB90E4F8C0D1C56469E8 549F1C4E7BF68DFCE373469DDABE4C2412338 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\fb4mf11\imagestore.dat data Size (bytes): 1080 Entropy (8bit): 6.859791908570435 8ECF32159479C7EFE9362BABD3DAF99E 9B7C72F82B83871D1AFC27C69EAA16C7440B4CE1 41B8BB4FEAD709F5801018A711FD15C66D24A5E54B1F1997DC36B12955BC28CA 32E30C239651A1E690CFEAB729D0A5DCE7B4ECDFA0D86B01AC1742B61EB2808665BAE4F26F760C03DBB3964F6 921832FC784E95A989E05A4E09C59056238156A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\1666269096786404[1].js ASCII text, with very long lines Copyright Joe Security LLC 2018 Page 24 of 445

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\1666269096786404[1].js Size (bytes): 59146 Entropy (8bit): 5.534102815992641 818A5F9284D1F8FA60374981C6DE0B5C 14D2FFDE46B4E6B92207B5E9C5794DCA9F40A958 7DDBA8C183456AED4C473D94DED2B05882EDC8885736090538C053A45CE450B8 0B96B9DF00D628A367602017559A4551C442916E37E7BC13FF49B7F50ABE002C8160F6916647BAC95746BF3A29D0 17AC7B104D149D0A8E37B5BB1C8284BE994D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\1Ptsg8LJRfWJmhDAuUs4TYFs[1].woff Web Open Font Format, flavor 65536, length 21832, version 1.1 Size (bytes): 21832 Entropy (8bit): 7.976873190381182 5C9B39FCA6FDD0E3AB010F693AE88D8E CF9990C0EEAD0E3D06034CDB679B4C0DBBD6B569 BC3B9971A9FF06BC4D79A588FD01E47619EFDCFCE71CAFE0D8FBF272CB58DCA5 192CB6CA142F632A20847F4F60CF3A719E11B1579C4C7C3C54AB4948FDCC00A1DD9D86821186FDD95EC8925653 2EF5D4830A0AB12C69BDBFFC64CB6178A05BA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\2014-EHR-Ambulatory-300x127[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 9442 Entropy (8bit): 7.915274284893607 6F20617F5AFA5A1536821954162A180C BFF57CEBC63E2F8290AFA2456F8678958866D7B5 206E9FBB6E8E06FA0B599E949D4E6FFEA84983096D7FC71504DB1A0790D326B0 95D5D72C8FCE9B8FCB35D2832AEBC2C899DD14974C7CDE1339ADFE9C0EFBBD9C20409DEA873D43A1CF59BFE4 B29098427F664A70BD23DF2B385772247B27B6B3 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\Clinical_VHR_Shadow1280[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 106126 Entropy (8bit): 7.896237728533758 9F2F75A40356F8D48EFF1F47A22A0F75 D840D10886456D08C1FFCC1F8E29C7C428ECBC21 E38A509ECE9B3DB0EDA4306981725EB67A211F7EA9F7656E79E867A359732013 2A6922BE095633644920DFECF45E4EBF7255A32FE13C4005B9FC510CD9D4AC8595E843116D8C15C541E00425F48 8DBC180D8283939A19F6E000417910137A79B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\Cloud_PlugIn[1].png Size (bytes): 307353 Entropy (8bit): 7.984231594516776 PNG image data, 1164 x 1024, 8-bit/color RGBA, non-interlaced 88B8CBC247E06451EFD3B522DF748E17 96DD041156236C529D9F054C7592B15DABC74797 DF3E65C9B74D3E2F3CD14AEB66E9D97BE33D98A5CDD0DC8550F5B6F5ADE3F229 12DBAC9BBD506962AD6143A2A46CDB1A7AA14F9F86C10026151E5861AD316077C2616D0300C21A2A33BD201641 EE18F6DF591539052D689D9875A5B8DA0115C Copyright Joe Security LLC 2018 Page 25 of 445

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\Dashboard-screenshot_6.1.18[1].png Size (bytes): 230852 Entropy (8bit): 7.988544022708812 PNG image data, 1280 x 557, 8-bit/color RGBA, non-interlaced DA342B779B0E2F2C6FA639ED094BE98E BC630B5AA29A408F227D0586B405CCB99BB5FEF5 5C77A3AB0A287C8F35D7FB684A95133C58F34BB877AA6360F44D0445F238E7A2 06B7FAF2C2698B023ACC875099FDEECF064C33A1A9F61B4AAED22A78D079D655292FEDF9C5455B3B27CBDEBA8 9BEB4B3799CED222DB53C4A719686519B29DF17 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\Fiscal-VantagePoint[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 102618 Entropy (8bit): 7.8253373470738135 55F87BAE6FAB42416F33FAF0E63B2222 71F20E7F64DD2613A04B4D53B1BE822181558AF3 63A384126CB29083B5DF0178239FA62B2F1E8A7F8F2DA0E2682D641D14905E11 DD91E6F2D59F04E0F7FB818C5B9D5EF80EE6AC157B399C013F058A8FD251E3C863CE232F3519996BBA5A837A58 9134200C9940A23228F16A44B52D08F993187D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\FiscalVantagePoint_Shadow1280[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 69101 Entropy (8bit): 7.638991432451655 D492D16DE2912ABA4373CA5DA3C38F71 7CF1A909217573D7DA92A8573D7FBD7D66D1C682 3806B384315AE81C101EB5DE94F6E2800DE4C08FF91C7BF469C8B7593969566A D27F848EDD8AA1B8C1C49308D4DA134FD20C66F4C70E5A03387E3FE3D277B90E11AD9A0956B0F52509306E30CC F41AFD0E590023E9D4D3432BD1427F37CBD8B8 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\MOBASSmartPhone[1].png Size (bytes): 190511 Entropy (8bit): 7.987300029817467 PNG image data, 627 x 1024, 8-bit/color RGBA, non-interlaced 864406456D9B56A31045C3CE2A5794D4 091AABE093632DE90AE1C53DA3F53B98CF720965 A4C8016E721EE0E8B50EF8122077308515A7AF2EE8FAC83554A59E2FC43CD10E 5E77BBC20B6A3388C41E68528C218ECBD1DA38712DC53ED6AE108347677B7325F0086D281ADB2E47E84E7FBFF C103008C67778A1922EF29F100AD47C4767BCA0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\NC-Health-Information-Exchange-Authority-300x127 [1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 5853 Entropy (8bit): 7.8356911470428425 5D2E91D98644E2FF5BCA7232821FA9EA 672E9C45A616F47C31F953E5D6E537B080AB3935 54DED28DFAE9979EE3C044BB9BFD867949B8871314D8173A3D07CA555294E4CB Copyright Joe Security LLC 2018 Page 26 of 445

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\NC-Health-Information-Exchange-Authority-300x127 [1].jpg 9ADD3B7E6CC750AB9ACCD059F154DB0C112E6DA3885D37D09A0294B66AD708F8486D321478CA743D057A2BE1B 1388A46F033724AB30BF38F5A9C28B579303848 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\OpenMinds_Logo_2013-300x127[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 3786 Entropy (8bit): 7.66363353006289 918B33AA3701F7563E154C8D9F346D4C 7427D3017B3F2FC93D872D26F50E6086DBB6281B 81F026049A3EE3938BC9746E98BE3D231C1DB801BEA8A6D5475541431FE59F69 AF425C39D8D32A5A7FB07E1274148B8EC6D01B05D3B9C4B0C8638F42B2515B14652597522EF4849FBA4EEF77464 AF288634477A2916C76FA7AB5A15361E94FDE true C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\S6u9w4BMUTPHh6UVSwiPHw[1].woff Web Open Font Format, flavor 65536, length 27848, version 1.1 Size (bytes): 27848 Entropy (8bit): 7.984514380033371 96759E32FDC800C78B527A3E53FE2BE6 E12403CFE60F852A8FBBE05D84D58D33C6C2A6B9 60C05EE47E768315541E487D11B92EEC54A7F5336F84CECC8B5825C87BB70053 1782E6686CE4D235372BFCC1C886D428E76D9F21242EC358BBBC065630EFE0D559784A71B87EB56C29449F9D304 307C9EB1F7B32846E6243BC9B741C1D1F691A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\analytics[1].js Size (bytes): 35266 Entropy (8bit): 5.515403481162538 HTML document, ASCII text, with very long lines 64615ACD5DA6E5ACBD0A54B34174AEFE 8DB13CF86FA09D44B60D8E3E480DA1646631B00E 3FAB1C883847E4B5A02F3749A9F4D9EAB15CD4765873D3B2904A1A4C8755FBA3 E77057008FC0A3B8380E9F8DAF79BB521DAA5EA545E9DDB01DE8FD38F70E30C224FD8018C349EC8F32AA9CEC7 470F204378A70DB59EF3EB09807016E84431146 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\animate[1].css Size (bytes): 211981 ASCII text, with very long lines Entropy (8bit): 5.918507455340655 FE1AF3E84F6B63E14A17676AC032AF54 B625743D6F1BB4F09517814535CD5C069B409B5B 2382803B73308C52B1DEE217C163E1928380652A2E9BE420A54D938BDDAE2156 F7A2498A57E429AB58DAA447E648DF8D0E58F6930CDF157C81EB9E94318F6C7D440965BBB2C8CA86CE79EBBD0 3B99379D3334CD099F1830A21C7EB0A954D86C4 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\benchmarksnc.org_-300x127[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 2339 Copyright Joe Security LLC 2018 Page 27 of 445

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\benchmarksnc.org_-300x127[1].jpg Entropy (8bit): 7.258533245692386 313A61824FE1E4D8F1287584DA2E6511 62615D39EB0A1D32DDA4241052AD7ACFAD75EB47 4CFFFCB06550C7F5086AABF1B49BEF58D85EC72F10ED39998AF0EFC20587F4F7 35ACC876B9FB80FE09317CE36E355AB0CD585C47329DB696924D1C96AA33A18C10E97A52082C2145823CA8BDDB C582EA5E6E8F77E93137FCACCFA83969148112 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\css[1].css Size (bytes): 721 ASCII text Entropy (8bit): 5.094287369979621 04158B7952A36C96A29947CECD812BBF 4ACB32527BFB6776E13305E2432219581C2F413F 0FC5FADB25F42A88ADC4EBDBB189CDE280F5A551E8BEE3AD7FFA31EF49050481 352575FBA526DF6FB52569849B2CDB87A00C44DC674B4BEC133D3B106BF8C29BE43D40D786E01843390D2B5039 B14B3E258C5BBF19D2698DC538E9DA3C83707E C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ctnonprofitalliance.org_-300x127[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 9113 Entropy (8bit): 7.914122966345373 2DF9A2AB57B2BF1520C2F03E88468D60 8872CBA1B25E97F77C80D29C130EB6F3F31ECE7F 9AE571597720092524AA768FE3F061BBDCC406D31E30262FD4656491C405F8D4 80E06033F4184E07308C1F679A46D7E38EEC97C030BEF6671B375E822BE459B404C76B430615AA7B23F98B0BB6D 4CC2D1FD16FB5C0FBCDD389B9FF4AF36D7375 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ep-elements[1].css ASCII text Size (bytes): 11010 Entropy (8bit): 4.913938792180543 884C929B23791B851FA18070638578B9 44A6CC5840877BD2D0A42AC4935267D2110823FC C061F76E6821262328A3C40300C8A93C26320EE4A5FC98BFA631EEF1BFC8EAD9 0B54BCE8A7D5F359944137B97857F8860E115C7D6B4D00FEE1776964133BC7EF69552F1E0F9B9BEFF0DA644752F D5405F4FB2725EFCC172AC4F6404D860BB7E6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ep-scripts[1].js Size (bytes): 6666 ASCII text, with CRLF line terminators Entropy (8bit): 5.207958208447875 5EA02CB1922488B632B528533208D649 1A170B35CD301319BC35CB7125EDBED014115C6C E368B4339C336920FFDEFA3E9CBF1168AF89F784F7101CD1572C0A0DFC650FBE 8B003B8C3B640CB214D3BD3D8F3F5FF90779D227F286A7945F7E0730D33CA349D2E08DAA3BDED9CB407A97D9E D21A12D9174E53B9E5CD8532B8DBBA0AFB1F146 Copyright Joe Security LLC 2018 Page 28 of 445

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\fccmh.org_-300x127[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 5942 Entropy (8bit): 7.826479293450758 4AA6787460C7C37263B080EA413CD0E7 25AA968C4DDB7D9347FAA4CE997D0D365CA86E2D 048645316AB76D76EE03B48EE12C384DA9E81692C5E89C2AC538380543A3FCA6 EA1A5D5DC94C96B22E1C223A864F85E9448C8B79E42182692794BD8398EB706899BECBE611ED0823E855BFC1CA 7697DF884909A6CADD892EA0EBCA7D8B09013D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\filtery.min[1].js Size (bytes): 1359 Entropy (8bit): 4.817079977804147 ASCII text, with very long lines, with no line terminators D20CB67D8135ABC8873E6E058EF15F7B 5A4862DBF274805AA39F755891E371E7161C781E BBC060F2FE85636799B3328561D1E8FA2F679720007BE9B3F553058B6E60AF7D B135FF5C228F1A4B85CFE8BDCD647EBC900637CFE1659EA9061AAF03EB425D9C1EE4F5223B68330E8CCC60A07 FCC2610EDE1FE501215D0D91C0D88CB6A5EC62E C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\frontend.min[1].js Size (bytes): 23141 Entropy (8bit): 5.037683951166273 ASCII text, with very long lines, with no line terminators 0825F113DCD0750126CA80A6DE138447 4985FEC5232856B4EA9DE2862DEAF6765F2A34AA D0F2DF1CCFCE3DF1B656B0065911835D8634C17639884CCA4B5E82EAD2E2C124 782EA055574E3C649B09B5E90686DBA18615FF81364EA259086F5EBA44EE5051EBE2BB53B4984D729D5852A6F01 795D0D1BDD98F08FD3EE4B49D95FDCF63A839 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\icomoon[1].css Size (bytes): 7663 ASCII text, with very long lines Entropy (8bit): 5.892771630426351 E1AE090C5E4ED7BFC7672F29BBFDC7EC 0C4F4D39346291ED17BEDDFA69D2DD7713BF4FC3 81B98FA0B24E7C23656E645B5056ABC980B25716D6E03599F4EB1C6F40BAB39E B7B3F921B607A8A2BA0B8A84DFE704A842A6BDB925716639FEAE4DF79CF738FB8FF205014DD8519A5763C43B11 866D51DC38EB05FA8FC4712E5688D723B3021D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\jquery-migrate.min[1].js Size (bytes): 10056 ASCII text, with very long lines Entropy (8bit): 5.308628526814025 7121994EEC5320FBE6586463BF9651C2 90532AFF6D4121954254CDF04994D834F7EC169B 48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562C C34FE219F71F951D364FA5C68C039B76776CD Copyright Joe Security LLC 2018 Page 29 of 445

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback