ID: Cookbook: browseurl.jbs Time: 18:33:33 Date: 06/04/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 03:38:04 Date: 30/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:40:31 Date: 11/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:25:07 Date: 07/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 01:54:38 Date: 10/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:57:53 Date: 27/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 19:33:28 Date: 25/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 01:14:26 Date: 03/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:30:00 Date: 09/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:16:31 Date: 24/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:08:00 Date: 05/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:49:21 Date: 20/04/2018 Version:

ID: Sample Name: html Cookbook: defaultwindowshtmlcookbook.jbs Time: 15:11:10 Date: 11/04/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 16:38:13 Date: 14/04/2018 Version:

ID: Sample Name: sentenza berwind.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 21:41:19 Date: 11/04/2018 Version: 22.0.

ID: Sample Name: Harry Potter and the Sorcerer's Stone.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 06:34:30 Date: 24/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 15:58:06 Date: 04/06/2018 Version:

ID: Sample Name: message_zdm.html Cookbook: default.jbs Time: 17:40:56 Date: 04/05/2018 Version:

ID: Sample Name: Zipongo Value for Investment_ Theresa & Year 1 ROI vs. treatment costs.pdf Cookbook: defaultwindowspdfcookbook.

ID: Cookbook: browseurl.jbs Time: 09:15:48 Date: 09/01/2018 Version:

XC2 Client/Server Installation & Configuration

The MQ Console and REST API

Diver Training Options

Integrate Riverbed SteelHead. EventTracker v8.x and above

Cisco SIP Proxy Server (CSPS) Compliance Information

ACI_Release_Notes.txt VERSION Fixed Tank info for ELITE in Dive section 2. Fixed USB port initializing for old DC VERSION

86 5A 62 DF 67 3A 7B A F A 65 F6 95 F4. win7-sp1-x64-app02-1 win7-sp1-x64-app02-1 KVM :32: :51:37

AGW SYSTEMS. Blue Clock W38X

Oxygen Meter User Manual

PRODUCT MANUAL. Diver-Mobile for Android

THE STATCREW SYSTEM For Basketball - What's New Page 1

Rules of Soccer Simulation League 2D

Microsoft Windows Software Manual for FITstep Stream Version 4

Instrument pucks. Copyright MBARI Michael Risi SIAM design review November 17, 2003

DESKTOP SKILLS COURSEWARE

Quintic Automatic Putting Report

Using MATLAB with CANoe

SQL LiteSpeed 3.0 Installation Guide

Software Manual for FITstep Pro Version 2

Version 3.1.0: New Features/Improvements: Improved Bluetooth connection on Windows 10

Inspection User Manual

Inspection User Manual This application allows you to easily inspect equipment located in Onix Work.

Using the Lego NXT with Labview.

Skillsoft Course Catalog. Desktop Collection

Armfield Distillation Column Operation Guidelines

We release Mascot Server 2.6 at the end of last year. There have been a number of changes and improvements in the search engine and reports.

[CROSS COUNTRY SCORING]

Digi Connect ME 9210 Linux: serial port 2 for JTAG modules

Meter Data Distribution User Manual

FAQs GOLF CANADA KIOSK

Previous Release Notes

CSE 154: Web Programming Spring 2017 Homework Assignment 5: Pokedex. Overview. Due Date: Tuesday, May 9th

NETDIVER TUTORIAL. Revision Doc-NDT Dimensional Insight

Mac Software Manual for FITstep Pro Version 2

Hunt Evil Your Practical Guide to Threat Hunting

KEM Scientific, Inc. Instruments for Science from Scientists

ONSIGHT FIREWALL CONFIGURATION GUIDE

ONSIGHT FIREWALL CONFIGURATION GUIDE

Section 8: Model-View-Controller. Slides adapted from Alex Mariakakis, with material from Krysta Yousoufian and Kellen Donohue

REMOTE CLIENT MANAGER HELP VERSION 1.0.2

System Administration Tasks

Tournament Manager: Running a VEX IQ Event - Beginner

Excel 2013 Pivot Table Calculated Field Greyed Out

SteelHead SaaS User s Guide

WildCat RF unit (0.5W), full 32-byte transmissions with built-in checksum

FireHawk M7 Interface Module Software Instructions OPERATION AND INSTRUCTIONS

Blackwave Dive Table Creator User Guide

Evaluating chaff fire pattern algorithms in a simulation environment. JP du Plessis Institute for Maritime Technology South Africa

- 2 - Companion Web Site. Back Cover. Synopsis

VMware Inc., NSX Edge SSL VPN-Plus

Tennis...32 Stay above...34 Decimal...36 Bundesliga simulator...38 Shooter management...41 Installation...43 Registration...45 Where do I get the

USA Jump Rope Tournament Software User Guide 2014 Edition

Totalflow Web Interface (TWI) software Help notes v1.0 Oct. 3, 2014

The Race Director. IPICO Integration Direct Connect [IPICO INTEGRATION]

LiteSpeed for SQL Server 6.5. Integration with TSM

Decompression of run-time compressed PE-files

Steltronic Focus. User Manual Manage Focus Tournaments

Instruction Manual. BZ7002 Calibration Software BE

1001ICT Introduction To Programming Lecture Notes

Section 8: Model-View-Controller

World Leading Traffic Analysis

SmartMan Code User Manual Section 5.0 Results

Fencing Time Version 4.3

A Hybrid Code Compression Technique using Bitmask and Prefix Encoding with Enhanced Dictionary Selection

Burner Management System DEMO Operating instructions

BVIS Beach Volleyball Information System

TESLAGON. ShotHelper Manual. How to install and use the Program. Version /30/2014

N4 Hazards (Hazardous Cargo) Training Document

PLA 2.1. Release Notes PLA 2.1 (build 604) December 21, 2015

Accelerate Your Riverbed SteelHead Deployment and Time to Value

USER MANUAL

Sail Chart Drafter for Deckman v.2

Fencing Fox SmartApp Documentation. 25 avril 2018

Operational Settings:

APP NOTES Onsight Connect Cisco Integration. July 2016

Wickets Administrator

Flow Vision I MX Gas Blending Station

An STPA Tool. Dajiang Suo, John Thomas

Connect with Confidence NO POWER NO PROBLEM

NanoSight NS300. NanoSight NS300. Operation instructions. Laser Spectroscopy Labs, UCI

Quick Start Guide. For Gold and Silver Editions

Transcription:

ID: 53568 Cookbook: browseurl.jbs Time: 18:33:33 Date: 06/04/2018 Version: 22.0.0

Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Phishing: Networking: System Summary: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets Code Manipulations Statistics Behavior Table of Contents Copyright Joe Security LLC 2018 Page 2 of 416 2 4 4 4 6 6 6 7 7 8 8 8 8 9 9 9 9 9 9 9 10 10 10 10 10 10 11 11 11 11 11 11 12 12 71 71 71 73 73 73 73 73 155 160 162 165 165 173 415 415 415

System Behavior Analysis iexplore.exe PID: 3728 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 3792 Parent PID: 3728 General File Activities Registry Activities Disassembly Code Analysis 415 415 415 415 416 416 416 416 416 416 416 Copyright Joe Security LLC 2018 Page 3 of 416

Analysis Report Overview General Information Joe Sandbox Version: 22.0.0 Analysis ID: 53568 Start time: 18:33:33 Joe Sandbox Product: CloudBasic Start date: 06.04.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 7m 58s light browseurl.jbs https://t.yesware.com/tt/7982e396a30be487d52872fd1 21ee18126740554/6f9d2976f69cdf1ec152cfcc 7d66e036/e6b8597654d27ffd99d516fd374e079 5/app.smartsheet.com/b/home?tg=explore&u tm_source=marketo&utm_medium=email&utm_c ampaign=newsletter&mem=button&mkt_tok=ey JpIjoiTlRoak9EQmhORFUyTW1JdyIsInQiOiJPS1 hcl0dndstszjzwd2nfvdjqoxn6tfhc RXYwdHRYMVNpcEJxcjg4N2E5VGdRa0Q4RGhoeTVt R0w5a2FBcW5cL2xWd1BjcXhxQlQzUFIyeHQreFdq dhltrgjkddczuytic0c5bgxrbgdnkzcyythjr3lo Nm5nTWZBUlVPTTlBcXR4In0%3D Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout MAL mal52.phis.troj.win@3/275@65/34 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Cookbook Comments: Adjust boot time Correcting counters for adjusted boot time Browsing link: https://app.smartsheet.com/b/pwd? tg=explore&mem=button&utm_campaign =newsletter&utm_medium=ema il&mkt_tok=eyjpijoitlroak9 EQmhORFUyTW1JdyIsInQiOiJPS1hcL 0dNdStsZjZwd2NFVDJQOXN6TFhCRXY wdhrymvnpcejxcjg4n2e5vgdra0q4r GhoeTVtR0w5a2FBcW5cL2xWd1BjcXh xqlqzufiyehqrefdqdhltrgjkddczu ytic0c5bgxrbgdnkzcyythjr3lonm5 ntwzbulvpttlbcxr4in0%3d&ut m_source=marketo Real link is: https://app.smartsheet.com/b/pwd? tg=explore&am p;mem=button&utm_campaign= newsletter&utm_medium=emai l&mkt_tok=eyjpijoitlroak9e QmhORFUyTW1JdyIsInQiOiJPS1hcL0 dndstszjzwd2nfvdjqoxn6tfhcrxyw dhrymvnpcejxcjg4n2e5vgdra0q4rg hoetvtr0w5a2fbcw5cl2xwd1bjcxhx QlQzUFIyeHQreFdqdHlTRGJKdDczUy tic0c5bgxrbgdnkzcyythjr3lonm5n TWZBUlVPTTlBcXR4In0%3D&utm _source=marketo Browsing link: https://app.sma Copyright Joe Security LLC 2018 Page 4 of 416 Failed Failed

rtsheet.com/b/oauth2login?form Name=fn_oauth2login&formAc tion=fa_logingoogle&tg=exp lore&utm_source=marketo&am p;utm_medium=email&utm_cam paign=newsletter&mem=butto n&mkt_tok=eyjpijoitlroak9e QmhORFUyTW1JdyIsInQiOiJPS1hcL0 dndstszjzwd2nfvdjqoxn6tfhcrxyw dhrymvnpcejxcjg4n2e5vgdra0q4rg hoetvtr0w5a2fbcw5cl2xwd1bjcxhx QlQzUFIyeHQreFdqdHlTRGJKdDczUy tic0c5bgxrbgdnkzcyythjr3lonm5n TWZBUlVPTTlBcXR4In0%3D&sua=home Real link is: https://accounts.google.com/signin/oauth/identifier? client_id=46145466229.ap ps.googleusercontent.com&a s=3s7g18sjofwdwl16nxa3ra&d estination=https%3a%2f%2fapp.s martsheet.com&approval_sta te=!chroz002og9iderkcu1iu0pmvz NkVhIfczlkTGVSM1VCSFlZY0t0V0xt Y192ZHFZRXZtOEtSWQ%E2%88%99AB8 ihbuaaaaawsjzlp-0lfosek5b4subtcdxkqwerh4&xsrfsig=ahgife _ebeijfwyep6mio8solnbtmv5osa&a mp;fname=generaloauthf Browsing link: https://app.sma rtsheet.com/b/azurelogin?tg=ex plore&utm_source=marketo&a mp;utm_medium=email&utm_ca mpaign=newsletter&mem=butt on&mkt_tok=eyjpijoitlroak9 EQmhORFUyTW1JdyIsInQiOiJPS1hcL 0dNdStsZjZwd2NFVDJQOXN6TFhCRXY wdhrymvnpcejxcjg4n2e5vgdra0q4r GhoeTVtR0w5a2FBcW5cL2xWd1BjcXh xqlqzufiyehqrefdqdhltrgjkddczu ytic0c5bgxrbgdnkzcyythjr3lonm5 ntwzbulvpttlbcxr4in0%3d&sua=home Real link is: https://login.mi crosoftonline.com/common/oauth2/authorize? response_type=id_t oken+code&client_id=3290e3f7-d3ac-4165- bcef-cf4874fc4270 &scope=user.read&respo nse_mode=form_post&resourc e=https%3a%2f%2fgraph.windows. net&redirect_uri=https%3a% 2F%2Fapp.smartsheet.com%2Fb%2F azure&nonce=eyj0ijo0mcwibc I6ImV6SzdCM2I2My1KQVYxZTZ3V2pW Y1JQaTM5RHdXZG9sZDhsMHl6bVJNUm 9B%0AR3dGeVhPSTNtUTBoOFhEMENsS VMiLCJyIjp7InRnIjoiZXhwbG9yZSI sim1lbsi6imj1dhrvbiis%0ainv0bv 9jYW1wYWlnbiI6Im5ld3NsZXR0ZXIi LCJ1dG1fbWVkaXVtIjoiZW1haWwiLC Jta3RfdG9r%0AIjoiZXlKcElqb2lUb FJvYWs5RVFtaE9SRlV5VFcxSmR5SXN JblFpT2lKUFMxaGNMMGROZFN0c1pq% 0AWndkMk5GVkRKUU9YTjZURmhDUlhZ d2riullnvk5wy0vkegnqzzromku1vk dkumewutrsr2hvzvrw%0adfiwdzvhm kzcy1c1y0wyefdkmujqy1hoeffsuxp VRkl5ZUhRcmVGZHFkSGxUUkdKS2REY 3pVeXRJ%0AYzBjNWJHeHJiR2RuS3pj evluagpsm2xvtm01blrxwkjvbfzqvf RsQmNYUjRJbjA9Iiwic3VhIjoi%0Aa G9tZSIsInV0bV9zb3VyY2UiOiJtYXJrZXRvIn19 Browsing link: https://app.sma rtsheet.com/b/signup?tg=explor e&mem=button&utm_campa ign=newsletter&utm_medium= email&mkt_tok=eyjpijoitlro ak9eqmhorfuytw1jdyisinqioijps1 hcl0dndstszjzwd2nfvdjqoxn6tfhc RXYwdHRYMVNpcEJxcjg4N2E5VGdRa0 Q4RGhoeTVtR0w5a2FBcW5cL2xWd1Bj cxhxqlqzufiyehqrefdqdhltrgjkdd czuytic0c5bgxrbgdnkzcyythjr3lo Nm5nTWZBUlVPTTlBcXR4In0%3D&amp ;utm_source=marketo Real link is: https://app.smartsheet.com/b/signup? tg=explore&mem=button&utm_campai gn=newsletter&utm_medium=e mail&mkt_tok=eyjpijoitlroa k9eqmhorfuytw1jdyisinqioijps1h cl0dndstszjzwd2nfvdjqoxn6tfhcr Copyright Joe Security LLC 2018 Page 5 of 416

XYwdHRYMVNpcEJxcjg4N2E5VGdRa0Q 4RGhoeTVtR0w5a2FBcW5cL2xWd1Bjc XhxQlQzUFIyeHQreFdqdHlTRGJKdDc zuytic0c5bgxrbgdnkzcyythjr3lon m5ntwzbulvpttlbcxr4in0%3d& utm_source=marketo Browsing link: https://www.smartsheet.com/privacy/ Real link is: https://www.smar tsheet.com/legal/privacy Browsing link: https://www.sma rtsheet.com/intellectual-property/ Real link is: https://www.smar tsheet.com/legal/privacy Warnings: Show All Exclude process from analysis (whitelisted): WmiPrvSE.exe, dllhost.exe Execution Graph export aborted for target iexplore.exe, PID 3792 because there are no executed function Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Detection Strategy Score Range Reporting Detection Threshold 52 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 5 0-5 Classification Copyright Joe Security LLC 2018 Page 6 of 416

Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Phishing Networking System Summary Copyright Joe Security LLC 2018 Page 7 of 416

Click to jump to signature section Phishing: HTML body contains number of good links Phishing site detected (based on logo template match) Found iframes HTML title does not match URL META author tag missing META copyright tag missing Networking: May check the online IP address of the machine Connects to many different domains Social media urls found in memory data Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS System Summary: Classification label Creates files inside the user directory Creates temporary files Reads ini files Spawns processes Uses an in-process (OLE) Automation server Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Uses new MSVCR Dlls Binary contains paths to debug symbols Behavior Graph Copyright Joe Security LLC 2018 Page 8 of 416

Behavior Graph ID: 53568 URL: https://t.yesware.com/tt/7982e396a30be487d52872fd121ee181... Startdate: 06/04/2018 Architecture: WINDOWS Score: 52 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend Number of created Registry Values HTML body contains number of good links May check the online IP address of the machine Phishing site detected (based on logo template match) started Number of created Files Visual Basic Delphi iexplore.exe Java.Net C# or VB.NET 17 54 C, C++ or other language Is malicious started iexplore.exe 2 266 munchkin.marketo.net geoip-js.maxmind.com 169.55.60.80, 443, 49310, 49311 SOFTLAYER-SoftLayerTechnologiesIncUS United States 41 other IPs or domains May check the online IP address of the machine Simulations Behavior and APIs Time Type Description 18:34:22 API Interceptor 1496x Sleep call for process: iexplore.exe modified Antivirus Detection Initial Sample No Antivirus matches Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Detection Scanner Label Link crl.rootca1.amazontrust.com 0% virustotal Browse o.ss2.us 0% virustotal Browse munchkin.marketo.net 0% virustotal Browse Copyright Joe Security LLC 2018 Page 9 of 416

Detection Scanner Label Link app.smartsheet.com 0% virustotal Browse t.yesware.com 1% virustotal Browse s.smartsheet.com 0% virustotal Browse login.windows.net 0% virustotal Browse crl.rootg2.amazontrust.com 0% virustotal Browse js.maxmind.com 0% virustotal Browse www.google.com 0% virustotal Browse 464-onm-149.mktoresp.com 0% virustotal Browse stats.g.doubleclick.net 0% virustotal Browse crl.godaddy.com 0% virustotal Browse 752092193.log.optimizely.com 0% virustotal Browse ocsp.rootca1.amazontrust.com 0% virustotal Browse 8phvz2leo7.execute-api.us-east-1.amazonaws.com 0% virustotal Browse cdn.optimizely.com 0% virustotal Browse www.smartsheet.com 0% virustotal Browse clients1.google.com 0% virustotal Browse d2myx53yhj7u4b.cloudfront.net 0% virustotal Browse ssl.gstatic.com 1% virustotal Browse crl.pki.goog 0% virustotal Browse bam.nr-data.net 0% virustotal Browse x.ss2.us 0% virustotal Browse www.google.de 0% virustotal Browse s.ss2.us 0% virustotal Browse ocsp.rootg2.amazontrust.com 0% virustotal Browse accounts.google.com 1% virustotal Browse geoip-js.maxmind.com 0% virustotal Browse secure.aadcdn.microsoftonline-p.com 0% virustotal Browse www.gstatic.com 1% virustotal Browse fonts.googleapis.com 0% virustotal Browse ocsp.pki.goog 0% virustotal Browse login.microsoftonline.com 1% virustotal Browse logx.optimizely.com 0% virustotal Browse www.googletagmanager.com 0% virustotal Browse cdn3.optimizely.com 0% virustotal Browse pki.google.com 0% virustotal Browse js-agent.newrelic.com 0% virustotal Browse fonts.gstatic.com 0% virustotal Browse accounts.youtube.com 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Copyright Joe Security LLC 2018 Page 10 of 416

Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshots Copyright Joe Security LLC 2018 Page 11 of 416

Startup System is w7 iexplore.exe (PID: 3728 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3792 cmdline: '' SCODEF:3728 CREDAT:275457 /prefetch:2 CA1F703CD665867E8132D2946FB55750) cleanup Created / dropped Files C:\Users\SAMTAR~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): 4.457028341946757 53D7B3927BC874C8F0CD751C8579ADD2 1D451B33DB2BC44A84F52C0CE7522735138BAB47 A6808C0B6E8740253B0F0CBB56B3F589DAE595155F12BCB774DCC018C82AA308 A3CA630580AFF820FCD9C2409C46A7208425BDF94F66CBC21D73733E8799D1003FBB9624D2468567F40544AF0288 F0004DB30AC416ECBD8A520B98F20E929C6A C:\Users\SAMTAR~1\AppData\Local\Temp\~DF288402B4F96BD2CB.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 13157 Entropy (8bit): 0.573839093625257 56813CBF6D9754454C943E7E200061EB D44A0632A3EEC8BC44C6CBD1532D1A93DA131A61 489F461F1CA8083965087C714863ED96355DD23866D06B1851926190A2DE14EF 6E2F33D34BFD2008257873A8FFB89931AE18867377EFB377A9A861D5C86B4B05EF7973E72AABA932D120B3685A8 ECBD006869421C60E1AC63C6943D98F96C8B0 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF4CF8A5539DCBB2B1.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 250263 Entropy (8bit): 3.73676937483299 A4FE3310D8AC2ADB78CEE17E2FDE8248 0C33C0E919D76A45066EF481331247C63F4646B3 9D6B86601875376DE2CDDEAA3F751A92EC3D5DB993FC4E94523F482698739205 64C3765B4F3106599E6867BC1699632AD5F7D6BDE28251906DA91C3B1D25A1FA810C9F13D5DC956DC3FAB081E2 62C01AF3F60E62A7031C703F3AD0686AC63EC2 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF56D1A2746165A28F.TMP data Size (bytes): 29745 Entropy (8bit): 1.5537545737703609 541D9DC8F98DB6C5132FF5D8C108FF35 17D73A24EAE0C7BA522974E4CE6F335DBD93ECB3 5160B787B3894C570634345AAE649C6E4ACF4E78726C10A46857B3D3840F1CCC 335E3FEF8F3C52370608F6EF16ED68002C3933EF9F20F86A0079CF7B2945D81D06B281D1AEF03DF5931AD77B859 3D4D18BE460B4CC3927D9318490AB26783F17 Copyright Joe Security LLC 2018 Page 12 of 416

C:\Users\SAMTAR~1\AppData\Local\Temp\~DF56D1A2746165A28F.TMP C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\001836CEC9B3850D003670B9D75C6973 data Size (bytes): 796915 Entropy (8bit): 6.591757571267581 70BB4DE8F44194EF5CCA34F5112980A1 020FA8308D6D314F17828DE73D35E0E6755BE9B4 1F8E2A03781CF0ACA358A6C59B6DC1D22110C85DEFB94FBDCB3D44E69BF355C6 E315E2526B05A8590BD5E2E6FB0214E617AFAF377F7445742FC98FE580CBF5E32E3B5FBD414300F286A5000F6FF 837ACD6DF8A57CB9253AEE6D7E88474359BD6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 552 Entropy (8bit): 7.035515740931769 F9B9BD4C69E5F2455D4B81BD73A47900 573FE76748F673D5A2FEDBAF22EF6AD6BDD48BD5 3FD38F1B25B866569B2D6609C979A6BC35EE4B69C71578D0E12DF515B7EA91A1 E4155833D9BBD2DFA4820F884F510202651A4F398E9D09E47ED29CC0395B50D9F41401F565092CE9587D56132F01 8E26EF0E1F8D042D3D1CB49863438FC6D94E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\024823B39FBEACCDB5C06426A8168E99_26F9FF5BB38FE4DAEF20A B8190D4B2CA data Size (bytes): 471 Entropy (8bit): 7.225882804373283 12C4E675599D53AC2CB426DCBE546BF7 D7FDC570843E267D24F5326081930B6B43F47EF2 00846A9FDC84BB693301B856390705C5F397174FEB51C202560DD5B2AB58F23B C3C97319E323C8B72D41F5C1815A80E5B8330A98C10C00E71CC496968BB9406407BE98D859150A97B0CC6C57426 E587A358AB89BAE94B150C2596DE6688ABE4B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 543 Entropy (8bit): 7.028327622517225 109688898948A44610A723F7DD5EE6D1 10A1C166DDE69ECA158A523616006C6BEF8C9FC8 3ECCCBA8082258424273C39C7FEDDB758C91688C007D662D06B310DE7A32B03C 3291D47546E3916CB6655E7EB638C49A99FE0602C31C5D13780E448FBC384BE2E799F9064920D3DBBD57D61BFF6 28E7B50005B7F9429C5DF16C00349C680A249 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\041738039DA7B23A0B8C1E6C396DBE1E data Size (bytes): 14819 Entropy (8bit): 5.9510258586914775 AC6202702AA3F58E8267ACA13013640C Copyright Joe Security LLC 2018 Page 13 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\041738039DA7B23A0B8C1E6C396DBE1E 95D232C40023CD7585E7B0940435C199663BEB14 A98B37711159227067A0B3EB8A3D3DB219FEF72EA6D76590A93F95AF32CF7EBE 065C487C8466100BFDFA701889F0C629B9913B5E37A18238C7C16801FAF2AC867D380B6F3511932A9391EAEB48F5 95729F5F66B9B7BC7D9C6028A3BC4DF450CD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070C03D13B170C50ED5CDDF6BA1053A6 data Size (bytes): 15651 Entropy (8bit): 5.92236317244285 F1BBFDB625CE36922F4425583C2ED7C0 B2695ABDACF6512F2306CE174D4F06DBE17E5B47 1DF5723C7955610DBA224CA9B731D6F870DB9CC0C6579E88C98B205E491D5610 B1630FCDE98AA122F4048661C23384E8C4BFC1B34DB00657CD19306CD3454BAA966547D60242F57CCAF8D2C7D8 8AB48C6F6E9892E15684CB28899AC1C9658CD7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 data Size (bytes): 1302 Entropy (8bit): 6.936349015335051 55540A230BDAB55187A841CFE1AA1545 363E4734F757BDEB89868EFE94907774A327695E D73494E3446B02167573B3CDE3AE1C8584AC26E15E45AC3EC0326708425D90FB C899CB1D31D3214FD9DC8626A55E40580D3B2224BF34310C2ABD85D0F63E2DEDAEAE57832F048C2F500CB2CBF 83683FCB14139AF3F0B5251606076CDB4689C54 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58 data Size (bytes): 531 Entropy (8bit): 6.9621301840528655 DD754F51E28F9AEFF863654C74AE9212 A8B08715BB5DA8DEF28197E31C25F8A33CC83372 CAB66E610B711C265AF248C8DE27B6D01D0DD1C914B255894A2C1B8BD8095DD5 FC0B581D22B8A672D6AA8CF433A124765861A75846653A84643BB9AD2D98B03161E56D7E11A3AC95BAC0306110E 93A1B51519D33E720E353EC74865691F9C04C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C9 9552548EC2F data Size (bytes): 1521 Entropy (8bit): 7.48230848751059 A500F74958FF72FE57743DD973880872 A8ED73ED753CA9D6BFCAA50C6DB5A2D931103C35 C7857D809186B200FA0C5FD5DE3A2655155769EC159FF425EC639117B4B1154F 90F845BEC3D723331290705FCEA75406C117FC0223959EB820342B7036DE9296AE295115D7D53D05BAB62F100865 3E0459E598B28E7DF8DE01F50990CD448378 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BA79029EC3FFD076F5DAC2F70A18685 Copyright Joe Security LLC 2018 Page 14 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BA79029EC3FFD076F5DAC2F70A18685 data Size (bytes): 782 Entropy (8bit): 6.559668550029846 8144A8995270179C598D32A188A57122 B5B8B0EC0AD69FBFE881B0C31A3DE09E376B8910 6CEB8172E20099CABE1E7B62B4AA8BD071C2268F283B28272CD3ADA1515113DD D267E5AB148ED4CFDF5D87B18C62DB16142F48D45C2E44F2099FF84F5F45C4023D3D71D0D88B5EDB9E08079B15 D5D2A987625E6E6A0336C16815ED54F6E1F0ED C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_0A997AECFBC6C7AB30A98 E11E80C8E17 data Size (bytes): 471 Entropy (8bit): 7.208258361097886 1D84E89BFCDB1D0E842E79A724E310D3 DCD0327C9D1DA93672528167A6D54C7FAC1779D6 1AD028E33253432E8EDADFE5B20008FD6C782548DB4D006C7E5E57211BD8DC1B 0FBB16B3F1A7BA57CAFD937D2AA30E138BACFAA778E5D071223A7CE68FB5BA340CF52D8B0CC45DE976F5C4A3 7EBA8C11CF5F7FC4DCBE761EDD369065B639F80B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B177 1 data Size (bytes): 1730 Entropy (8bit): 7.282301916090638 4850244073A29AF5E074DF506D30E281 E3D5F43AF681E68C8023BED859A6AB76C94FB1E7 C666349273978523F34328F8245D33307C221DBD7D21F95F611192A1573BA6D1 D6FA898C8CDE6DCF7174908884F07EEBAB434B0B6E92D0C09655D7800FAA8893E30E7C52EE342A38DAFC2B3BB D264E4DBCEEE3831DE61A7EF5CEF9C2FBF0E70E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D data Size (bytes): 325 Entropy (8bit): 6.703219448010749 19A0B0F21B12751E013E6CA655114D0F 4C47B782C609C4ADDA4D0298E775ABC544DC8CAC A87CE53FCB40C399E4C2B69CC8B1EB9BE153532912DA6BFD56FC34FD654CC707 24DD6A47E68A7FDA1F6B46D034EBC36FA48BE15B3EA9901E41C970DA87B4392D9063E00E8D917C3768796E2BC B0732FBEC63D7F12FE23B5E4B0346B81B2C91A6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\242D23DDBD947BF510369DC41BEA052E data Size (bytes): 14819 Entropy (8bit): 5.9510258586914775 AC6202702AA3F58E8267ACA13013640C 95D232C40023CD7585E7B0940435C199663BEB14 A98B37711159227067A0B3EB8A3D3DB219FEF72EA6D76590A93F95AF32CF7EBE Copyright Joe Security LLC 2018 Page 15 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\242D23DDBD947BF510369DC41BEA052E 065C487C8466100BFDFA701889F0C629B9913B5E37A18238C7C16801FAF2AC867D380B6F3511932A9391EAEB48F5 95729F5F66B9B7BC7D9C6028A3BC4DF450CD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37D958F0157C4E87D39A5E7FAB3AECCC_0E496EF156E4B37329D835BF288927D C data Size (bytes): 1831 Entropy (8bit): 7.588018541201198 F31760B3436FE7CE9FB6EE1078F7B37F 4536B7EF1F41528532F3CADE2CB58216C39668F4 156458D261F01DDD5ABACCF2310B5F0719A84C7B596B844BB456F45E92F246A8 91E35BEA5BC8B83441F336E570BA5AD829B394E2CCBB1896209CF5841E1ABC316FDF7F121BC8168AA5919E64B C85CDF300D1B3B816213D12454B7781A704EB31 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B6E683A7A45CC59BF035C9BA8C7AB9D data Size (bytes): 602 Entropy (8bit): 7.200712502835809 0FBE16A494876C56CFEFFA4A61ABCE6C ABC534C892F8E5E388DD1CC25ACD33B321788D86 15579CBEE5EBEDC6D8F41601BF49E22F97474AE4C860383DF72B8806DAC118E0 DB6A271A95C5FE21146FD23B6A30D71CDAE94C721860E874EC822568CF757D2D2859CC7BD921777306AA6D9E14 829CA39C1F0D278D30F6D786D1133918898653 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0C E44422ED38B data Size (bytes): 471 Entropy (8bit): 7.125295797261929 CAE0AF9F2157F865E60273723B0AD9AB B669E81822A6D9BB112502AD4EB555A0D2F756EA 951F18716FE3CD84510303CB386757E0546CC4F680499902FB08AA455116FCBC 13C16399D7BEF633C4034C288A504E8804A8CABC3F55ACD2DFC5FA5760A3071187CD54F52D2FE912E5575B2691 C6B1F07043C4E7E110BEA68C7163727B0602A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_6BF99D49F7848CB4DF1BBF4D7AE0535 8 data Size (bytes): 471 Entropy (8bit): 7.164643410548819 C170C31B4749B008150A8BD165C3530E D5C5940000F8535A12D002E3A711ED786E8B1A6F EAE4BF12248648A874EDF13399DF50F54599985939F9FF249FD01EAFE610E958 5F50EF9F5B37AC109F078A54A63C4CE98D8933D8512CE4EE1982F88A338B05AB9454CC112F351E785A0F5416F2D DBBFE3E723A6BEABDD3990FB338C5223AFEAD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C622 0 Copyright Joe Security LLC 2018 Page 16 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C622 0 data Size (bytes): 727 Entropy (8bit): 7.549754306862317 3C983660409C76D2AFB6A023BCC7823F 7CCDB4D5468B5A61A3250429D5C632FD537D9B7B B6AAB7EDAC296530FB9030D29924CDD6E2FEC4AFCF2A9EA961D194476C037640 4C68088303D76264CC3BD64DFC8CFE7F04FE880AC1EC85BC341B6A729BFD4FA5038A76F777B052758CADA360C FAAF7AC314996891CC4313C5BD850423571C015 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\537EC5B641ED5E0F8A4396270680F35B data Size (bytes): 100620 Entropy (8bit): 6.510070959012475 B1853DF0B3C8F1ED7B263AB65C9F0097 94D3724A2FB3F28552AC9FA6A2E0027340DF326B C491D70565F27CDD1C04DD467DDFCB2FCA43440BFE58EA11FE8D97A6D02206AC 9A25966411CD989C1F9190067FE8B5BE513DBF576415FF13BBB93A9CA43CECDDD1A9E10385637A8DA5B580DDD B7A0207CF92F4250164D2D1A6ED687A9BED6774 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B 4 data Size (bytes): 471 Entropy (8bit): 7.142299979384661 D608A8C2089B6B6C53AE1BD45112A28E B0ED97241967E2FD79153448E74838DC2BA1A6DB E68E0D05DF072777169E44823FF430699526CA33FD9711EA26780F44CCFAB026 A6838C0013F2AF7DAE82CA8711234EA5B008B29AE5B42E0166258EAFD5FE0FDBEB091875E885CD0F6049007B83 D5E9C60C75981606F3C7DF902DE14025913584 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_0BD1116445C634D7D3F0AD75BE8EBC5 3 data Size (bytes): 471 Entropy (8bit): 7.238849635784454 74CD3AD3F3D31AC5F71E5FFBCA3008E8 409B6B56E921E24BF879B05234FD7A1F46A7E15A 0D9CFA1FE262422AB4849D8852FDE43F7E9D280ADE4E53F66064CCCE0E234A1E 3082CA2F78C06F39C404ECB77BE12E75E36D960263845E1A9A337A86B5B1A170FD499A62BBE831D7C5B1E29B52 5A2A8CDFB13468125E504C1C87088FF188F9E5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_5BBD67B6E699F362F30ED6A87DB1CE9 B data Size (bytes): 471 Entropy (8bit): 7.222481508546263 6C950027F35FC2FCF1861B7A96BFA4AF 812EEBD4C58417CA16CBD1BEC9491D783588F973 Copyright Joe Security LLC 2018 Page 17 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_5BBD67B6E699F362F30ED6A87DB1CE9 B AF24246DE3C6D3E89CCE04EDBEDD0778AFAEB570C2B6CDC61CC1DCA4A375C2EB 4AFF332E7644B61EF7BBE69283129908FAD54C54CA817912CFB939E09FDE41508BE1CDE07FD1F9BF6D4F3E9B4F E67015661AB2029046DDDDC2F11D012162E780 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\620BEF1064BD8E252C599957B3C91896 data Size (bytes): 439 Entropy (8bit): 7.2158405500826985 809A76B87E3E2A9F0C864610B7CCBC3C AA0762C939E3155CCC4E051F9B2EF5B1D060299D 2176AE7D47513B54DADD14FF28C141A7BDC92EF6F84D211C9867186B60D8644D D4D41551C97E8E422A9D7D9CEA3953B3A486E83B711DCB11E04CA9613A179272B3A685268F95BF78DB0EFB6B51 2C373A1F6468586B4D2DBA6BC7ABA5DEADA106 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\67F6625BC22310D5C99DDE12020DBD90 data Size (bytes): 462 Entropy (8bit): 7.217965932549452 A68A2AE020719B8942F12700C2AA7326 8B382EF2E4FE11578EB042012F49DA87F2CC56E9 D605EF4CA0057C59A4E90EB65A86BFFCA2A76509F5D67A2B7C6FCB66DA48B95F E9E343A249A7E304703D2584334C17A870C4245A84755B2592A6736A70CD921D0B249A14A7EA4E3C9674CED206B E0D825760003D1301244A722A7495CE672BAE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C data Size (bytes): 531 Entropy (8bit): 7.000081776700013 C182EF91FA1D94E062E30550F5123378 D5AD99A3825E217B32350BA0F17DFD78BFB91643 C773F30F77F8BAA03828CE4E66C6622B2F35B2F8E4CBEF03976289ED68AC2407 CC61DA96785002B7AEF3C81A0A0C99B70875CA0F4A97656910ECF42F0FE8368FE96353410AE3F06AF180E19A266 72C0BE34714F163FCB93E12761E6ACD4CE81D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A2279C2CA42EBEE26F14589F0736E50 data Size (bytes): 434 Entropy (8bit): 7.14585038393539 77CA4289661000B3A8B8E912E7D2138B DEEC92073BEA4176589F4840121ECF6F2750B1B4 A7692AA2B5B2664DE344B922A091B7BA6F4FA01A4FFC80F279BAC31D4A3E468B F8DC07C60ABEAB1B60DED14C3D51C25A41F28FA7EC657A06038ECB2AFEF504450646D3041557FAFBD4777263A 8ED5A2039A20B37F3A341518BACDD319C7B6D02 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 data Copyright Joe Security LLC 2018 Page 18 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 Size (bytes): 471 Entropy (8bit): 7.157462301898582 B93B055F18ED02AC65402253BFA21777 77E49C843005A144BE3DE9485B1F9BC4E5A9126D A2649B55B45DF55AC2A8374490B428AD312A749BDA88AA21B6C800DCE6AD4CED 1A7E8C92A1516E9B2E224E239C29EA395C615585A429B5FDF66B794DBBE6336C2BCE435ACD4F145563E5ACB4E DDBE001566E1BB345BF9F6F5EAE0341B9AAB2A6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA7347534520 3 data Size (bytes): 471 Entropy (8bit): 7.23675395704991 43AEA98A8B257C0958C1B93FEFAC07CB 0F6674CB94E9B0BBC00861E77E3D4EF7364DDE99 B210CEF267DA647C74A99CBE49E261346EBAAA3BC3B4264CBA17CE4B4A5C164C 3DCCCDFD39354EBB23D6CD5BADF195C01F69CF0D53C8749B777DB8DA56E2DAA2A4A60F3BD3E381CFB3BFDB7 AFDBD353FF78464058080CCAD392E04E4ABEE8CF4 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6FB1C7BC744B04B7C9588E58823D7FBD data Size (bytes): 191765 Entropy (8bit): 6.522941636697453 77977A7FD09B4038B947DB1A677BBE0A 1F445ED1B0BC6C3315B55D606BDD3F44C1790D1E D548B72A7A23672EA0C0200CD9A04F52E6E512166409F271CE06453F024AC511 5E98A9C0A179917FFA168B28B061B95A68739AE301BCCB71B611224D63CBC0F374A072FAF7AC12BB3832E4E20F 0A54915122D226851D0DB429AE119CADDC130A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4 F data Size (bytes): 1426 Entropy (8bit): 7.437454011443837 3419CD6B131CB858F45653049F04321B 36CE9DAAF479D4996546736EBCCD607094D6DFCE 5ED164EE671C0F9012B49C6C89D8B80F10022E43232BF0A9B9E6CCFEA264F21A 4E72D2B51453BB49E46BB7D86B149DB12B4D18967DEFC02EF69D439B5A6795D615513E9CDD0F324A04096B0561 40B6DE986E857BC843A629CA7C2AC6AF7FCFA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Microsoft Cabinet archive data, 54015 bytes, 1 file Size (bytes): 54015 Entropy (8bit): 7.995678090757771 true 89BDF8CFF3B90356B6E57BD51F6DDEE8 EE5CE85ABD2594DB8050B76462E7AB602D9E169D EA99A003C32F94FBBEDF5965E2A9DA9C1D7FAD954D37E9596CFAE90C4FE725F0 Copyright Joe Security LLC 2018 Page 19 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 F31DEC84A3819B12E70324B8E239FCEE0D52C3A451E7AA4744E38D9F870C1D01786D5E8F9A355E440C82A1ECCA A199C379C9F15F2745D8A1C68E178CA187FB37 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7810C722F621F1DEEC60D43FBB188281 data Size (bytes): 45436 Entropy (8bit): 6.517274241367655 E940031241B1FCF902EAEBB9E009A92F 48F560F5841BD43F7DC19C9850BB0F0EDCF1119B 0B7B9540B718DB5616984F14FA0761423AE5A90C8BB6D3126E2927BBC53AA98B 0A5745F8CB1C3935C79F844D96ABF257A826A144155D9475C7C961DFA0CBEA2728F097360D2570F8211A3EF1068 D863D3733BD3654B307448B5EE91D330640AB C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_426B797803FE239319F133BE151A40A1 data Size (bytes): 463 Entropy (8bit): 7.267277302486219 B6F96E956B0CFBE85A52762E5290A722 DAB9F826998031B76C50A6B879E893C52949D48D 0CE5A8D508FEF188146BC91C9EC8269C04E5FE31AC63DACF5FCE22A36C7E52A0 A9F8F5927EA9EC24E5E92DF5D464ACF6746D2435163C378A55C61FA03D054571DD99E357CD1C8B18CE16517E12 B19D8EF3F6C1A24708842F270B2F46A12A257D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_F400ED6670C6C1513DF5EF4A682530A B data Size (bytes): 463 Entropy (8bit): 7.2507610249742145 EF67231C0308CAB53B8AAF3FECE1FB53 3B4FCCB51C9361ABB7B7FC55EB064905CE5831F1 8A6596EBE809D31868D4192F63F6BC64AA8F7E997616A464AF285EB37D133604 96B5537AB30A426C89609CC3987DE28B0A84C47925C8E1F41EE5AFB66179FCDC410ACB7BCF24AC5048B8F6DB1 1286940211537CF5D33C6FD7693D09013A6CAC9 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56 data Size (bytes): 1391 Entropy (8bit): 7.5382125963942395 16F8B2676224DC29C31ADC32288BAB41 3B898C2A772558EE28DA701FDE12BB0912D836E9 EF6A5C15E25E69794B79A36843AB2D34E3910AB97ECF64F50C2F7EFB6DE7DD93 1EC5AC99B24FE95A0D8F2B1EF5DC3CA64E3535F7D10AC1BDF3D3C5561C31966A50B17D8DB48F84FC1072D9BFE CC19A3E3B36896F64752CFDABD224C664634375 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 4221 Copyright Joe Security LLC 2018 Page 20 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F Entropy (8bit): 5.545958759357003 A4AA4354C48180A889F3056B123C9E44 D6E283E452B966327023FBD9153DB633900D78E8 057B0E1C559BC5B153C01C1982548C4B53D157E45D30272B607277711C790781 848D5C8BD58B629981BF7C2034E3A0FF049868695003D59810A3B73A709D1BEEF46928663DDBDD5EF33B55232C2 60591E9797242FBF5A2F0A10B2488D304FF9F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\85B3F147E3624A14E6A20DB4F6C2C5D9 data Size (bytes): 815 Entropy (8bit): 6.474731366561624 5A99E19642F99863906AC33AF33D1B8A C8CCEE43E0AB479AD0542E3F8B715F13FD461CDB CD2A45625000373BB8110959D34703AC4174C38AD925652F23467DB98A14C640 9F422752A3EFD97A442767029140A08E3147B67813B7C497CF580437C68FAE4B459F2A737DB326F7B6E2C5ACF53 BE5F88C998831AD050307AF8D09F7BC820EF7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A574ED5927B3CEC9626151D220C7448 data Size (bytes): 596 Entropy (8bit): 7.021556583189558 5B9948A6667873300330A078667025C5 3186618504F05914582EEBDD643047D64924488A 9EBC8C77D2870A85CA440CC18D75B38CCF07B3D4AD662817D285C0FCCCA21865 4DF4E4FE9A869FBEBDEE18356B8EB7017D97687C3844E8477CA74DF416B05474F51D99BFEC8FE86ECA81D69219 AE850E3F990F9B1FE56C38B68B6275549C60CF C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B data Size (bytes): 531 Entropy (8bit): 6.9621301840528655 DD754F51E28F9AEFF863654C74AE9212 A8B08715BB5DA8DEF28197E31C25F8A33CC83372 CAB66E610B711C265AF248C8DE27B6D01D0DD1C914B255894A2C1B8BD8095DD5 FC0B581D22B8A672D6AA8CF433A124765861A75846653A84643BB9AD2D98B03161E56D7E11A3AC95BAC0306110E 93A1B51519D33E720E353EC74865691F9C04C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\96385D66FC0D184E05CF52F82EF524C0_211A310D4F931FB5C44BEAAD745DED1 5 data Size (bytes): 1831 Entropy (8bit): 7.570718731149022 6ACB27FAC1B7D1E5BFDED927468F5425 D622D96459C13670BA4CF87161DAE5E4C8DC589C A7B1750A316878BB3F8425193ACAE0FBB2036C2646D3045FC654E768A1C8C542 8DDC50498EEBC6EB7CE56D3EF6819271B9933B01E3C7B04D48AE954F3FA1A9E554839367CC5F73371D939B1A27 1DA8EE436A8657CB034F02C6ADC947DCC79D6E Copyright Joe Security LLC 2018 Page 21 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9F9C58BCF02CB8A34F017EC53AEBBE1C data Size (bytes): 191765 Entropy (8bit): 6.522941636697453 77977A7FD09B4038B947DB1A677BBE0A 1F445ED1B0BC6C3315B55D606BDD3F44C1790D1E D548B72A7A23672EA0C0200CD9A04F52E6E512166409F271CE06453F024AC511 5E98A9C0A179917FFA168B28B061B95A68739AE301BCCB71B611224D63CBC0F374A072FAF7AC12BB3832E4E20F 0A54915122D226851D0DB429AE119CADDC130A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A data Size (bytes): 712 Entropy (8bit): 7.160107455721385 D94F1E22F1BD768583C33CA604B04C7F EA77754E95A8A083F2624E68D87D6BD747A0A138 23F85655DD756A38954FD63F2218B4F6FA6BBFFB5467BA02F3143DC7E4CD36C2 12FB2B5E831F474BCF2153EE7EEC2C727B2570E24918897926ECEE0DC4C03B693B03F1A79BE4E42056593E638F4 E4DCA79C364E9591195BAF5CA94258BA246BC C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_592839A8569F831D0F2306AE4BB5C24B data Size (bytes): 471 Entropy (8bit): 7.13388341934218 5E8FE21AECD167FE40B595ED860E2E0C 7B310B2E0A806F3381E04A0CDD0945FB0B432A7A BC7E56C608F42C648A36F0DF872AB93DCBCFC052E031087100FBFF519579E61D EFC4744D946E4817C19D1C931D3C0A24EE20900B9AA23735CE7F5BB36A52BD09C221099C09B38FC8934541B6233 6476F54315954EF84C9E5971B7406776B46A3 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A6 2 data Size (bytes): 1744 Entropy (8bit): 7.304268876703597 5CDD25B4017292D7F01AF1028F036295 A7CBF59EB46D49E18134E07B98225EA67B08BF04 AEA1027F9176EB47EFFD615A50BE04B43C4FEEBB832D36A7A0E2A10F397DBD41 E7589A834BC06D9F8CC50926DD1B1B4223B883D4069443A965B18ADA3E5125BAB0FE45B81125535EDB94A4815E 11A8D3505390E4CE37B015E06DE3B78836DD94 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD0289 4 data Size (bytes): 1548 Entropy (8bit): 7.427979868163367 95DD4A4D856D8CEA72F747B557B31F37 F934D9CC64E7AF7FD516B516726D3A226EB15AB8 7FE050C4CC8E4BF83573D3D78D367F293673611373E7FF709C6B3F6937F51B20 Copyright Joe Security LLC 2018 Page 22 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD0289 4 FC0AFD468F62E5F42F5DDE253C939018BC7E1C974893E6839554E2C569F15F3FBCDC43579640D350EC152D9D0A A7F5BD11FBAC15A50E991AB2987A608A39C630 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BCB67D7ECB470284AF35679F339E879F data Size (bytes): 608 Entropy (8bit): 7.024800024806636 425BA4BAFED05B83120D4319B565AA08 14A5980218273D60E10A0B834EE6C9B9F762F83D FCE2ED7B48D566A1BCD6EFBA6A4AC8C1BA9892B7CFC95AE4BDEA7534A323C6A6 3D9C347BC2687A66F004D4F87773A5F0B3CBBE6505E015AB253B06330734D0CD92E5FE8F37DD735A761203DF3A CACC8C326C57E43FCC7E768AAD3BAFFEEE11A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C1F52EFD459704E23E98B5C774A45162 data Size (bytes): 15651 Entropy (8bit): 5.92236317244285 F1BBFDB625CE36922F4425583C2ED7C0 B2695ABDACF6512F2306CE174D4F06DBE17E5B47 1DF5723C7955610DBA224CA9B731D6F870DB9CC0C6579E88C98B205E491D5610 B1630FCDE98AA122F4048661C23384E8C4BFC1B34DB00657CD19306CD3454BAA966547D60242F57CCAF8D2C7D8 8AB48C6F6E9892E15684CB28899AC1C9658CD7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5FD5BF0CE6372B1CAFE381FD0BC969C data Size (bytes): 429 Entropy (8bit): 7.108143368539895 EC298C64E5AACBC4DBD62633AA53A80B 5A5CA27645EBCE6B9AEAFC9A803C39FD3E2C8B5E CC4BEAAB8386E2700C8CED0C4556B2C24DBA47B6FE9F0BD4D9AB2B408C9355A9 874F02B0FCB2A7A00C79A3980013244E92B8E45A8BC6FF34B90E079578F3E4C0704670A26659B737B2BB10CB662 9CF95F06BAC0F6D4240FCEA2675DB472AABF1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC42971B7939A9CA55C44CFC893D7C1D data Size (bytes): 812 Entropy (8bit): 7.515701421896786 DA1CF577CFE32A1B1ED7D21A6038BD7D 6F8511D0E73166A3F51FE8CD24646C64FA5C5550 65BC42F7740237E94903E1B5A22C97281A9432D81FEB23174AA564E84489BE94 7FA33C42235E53A43C78851FADBD85AA9CA9441DD30B7DD04FF53125EC82153656E3D206491755CEAB2011DA8C 051C4143EB7AF8DFEBC417D0FF5D9B5E3259E8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CCFB45DC01E4F1B903156D3DCF37211F data Size (bytes): 13391 Copyright Joe Security LLC 2018 Page 23 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CCFB45DC01E4F1B903156D3DCF37211F Entropy (8bit): 5.863315018231026 ACC86631F070BB434C100EF229B39624 D059ACDB578EE63E75D6A31A6E6967A16412F845 8601CAD94DCF1A6B0335C0BA083948D53F54D5848D3E1B491AF47DEFC6530D6F D6DA45EBB85DFD02B84CA375085393028778CD98947C548CD25A45B68BF92642E566BC5F4C506A336F2B611560B 2B29ABCBFE5EC994A166929B546DE93B0D7A5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F82 1 data Size (bytes): 468 Entropy (8bit): 7.13567145321609 6BF50EC404FB4A8B4A94BE8390D11938 0CAAAB7704D6221ABC5E0342909A4928CEE50B1C 63B592179B1E9A528344CE1D430B9479FC55F43420A468EC35AAEAA9DFF911CF 0A92BAB2CE20636800568F1245B2D240D2CFDC84E2D1C484F9C7E36FBFC9473229E0236F3D68E4F20E09F335004 78B029FDF859F965E5E446F47390DC93CF815 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7B4E43171BB9E412497B0377F4343E7 data Size (bytes): 665 Entropy (8bit): 6.485110791086804 C0FC7EC6D88ECC67E0923EE47D40E10B 46509427CD441B80997499B732BB92E3B22F62F4 B4B70625D79853B396A7344C8481CCB068A115DC9B442303C40B26999A86DD6E 63C93C1B2E363824BABDD8588551F973EC3FEF8E3CE0347E7F55D6932747E2B351CB401B016CBA962D2B151424 B8F79AA7E7693A28ECCF0A695C1C2A9FFB3670 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DC6B80144D0FCD1DEE5236200755F8E1_8CD9E2FBA1704DD67C188 AEE51D99097 data Size (bytes): 1776 Entropy (8bit): 7.307927731671891 6EBFCE2D3BFD868AD81B13C4B8016E5B 7677E32CBDB86F8FE2DCFA65A9C55B4E6D884F4E BABDD097FE780EE6E1D12128CB6413838C134F181E5641E14233EEE1BBC4B305 B017F4158143BD64D4BC4540A9B488E561545DFEEFC0DDCC205077A0D0FC5CC11A68360FF818A2A2E428EA315C 3D12FA2210B3B17975D17B46B9F03676FDB411 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_C48486D082C63F16CB1D0 680CCDB69F7 data Size (bytes): 471 Entropy (8bit): 7.198206592632067 D16E469BB3464072D40897534F3E2C50 67B1F00709C713E4B6A8E69458F839116846118A 43D91EEF15185BA78DDDB1CEE28E927DB929C87F5448D4E1500FEC8E76712F2A 4E31378FB65259DE29423B0E3BBDC3E63CB6A18B00C8E8CDF5CE673ACE0D8AA8B8E6E7B67679747A423C5EDA E8E37CFBD1B56FFCED8F3F9446F0F2659105CF58 Copyright Joe Security LLC 2018 Page 24 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_C48486D082C63F16CB1D0 680CCDB69F7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E665346F0BE57F34168E0A55B8020561 data Size (bytes): 45436 Entropy (8bit): 6.517274241367655 E940031241B1FCF902EAEBB9E009A92F 48F560F5841BD43F7DC19C9850BB0F0EDCF1119B 0B7B9540B718DB5616984F14FA0761423AE5A90C8BB6D3126E2927BBC53AA98B 0A5745F8CB1C3935C79F844D96ABF257A826A144155D9475C7C961DFA0CBEA2728F097360D2570F8211A3EF1068 D863D3733BD3654B307448B5EE91D330640AB C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E961199C820C769E8780DF5E0A920455 data Size (bytes): 202764 Entropy (8bit): 6.508156972140568 F89C60B87CA5F079D256FC5EA5A968E1 E0222AF567F5B9C1F2F73D1B4E59F79C00729D8B DCEC8AE7A87B66FF329443F6A7DEF6A9CF86653270CCB15003967503239477F3 623DB1E8C800B4E962339CBE302766EA65DD03320C25A43D5D99A67AF3E958FB5BFEC6CF3FD156FEE990574747 25887FCA6C74B993E2733E779B0B30D1F6FFDD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2 D data Size (bytes): 1697 Entropy (8bit): 7.31007694335806 00C0BC745914E9B0A18E23529C74C903 8F632EF4175DF5ECFB700170C237EC17A7E0F097 9E23A051AF1AA5E8B2BB615D4ABEE44C85F90C8937BB286D03D6DC4839F46F07 E6FC83E685BB2308DC31E58C7DFDDAE4C3DB711EAB5557B042551BDE07B5CF3A622B4B60C0492944EE4E94AA 2FECBCC9139EAEA9E00D54CDCEF00BA8C7D686CD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619 data Size (bytes): 471 Entropy (8bit): 7.100794686312488 2842FC50C762E04E4AA7CEE35FD6810A 8E056A1B45F650E94007AFB25F4254296FFAB0A3 3BBC48A2F4E6D884BB192481B1FAE59891F9D02B32165D05D878C3C8C2BD1B2A 4BF922B4D97DD2D9309D6642527037D45537F0EAD0348E541C60BCBED73E82283D83785BF4BDA569E2CF3C1C93 A8D6B471E11BAC0C4BE67D99FAC9FEC2028C17 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0060A9F9287878B15AB61E0E47645E5 data Size (bytes): 3261385 Entropy (8bit): 6.590714651497547 Copyright Joe Security LLC 2018 Page 25 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0060A9F9287878B15AB61E0E47645E5 9FD8F181715BB7B47964D383E70B5B54 5F3EB7C6731007E5F0B6407ED4E34D19218AF9BB 9D79E2D96BCDE9C376FE3FF395B163DCFBDEC01ECC17B880E1212A099232A58D 0BCED0EAC27743BBB999C612940FFA7C2F1E5E250700D5362ED33B6A244CA2C19C42328147AA0818063FF58445D 55E2C68F1B3541430527A2A836244E0E8C269 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_AB501A3D945868CB53EB6D4176A33CF A data Size (bytes): 463 Entropy (8bit): 7.184915898067388 6D6958F27B8C221DA502F35912BE3E1D 538B4502513682DF4C171CC8836DB0D7F5AC662F 5209E9F9E58921E94E2050D42696A3CA890946E02A1D0FA9583E43A55D3E4438 4F86125FEE7C645E00FF31B5F9A021B199BCC246F5509C8BFF044992650243061A9D78DA7FC5BFE9F6553EB1797 40CA4557558453EB801E346F87F532C4E3017 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F94FD5F2AAEFDB64257601230509A4E9 data Size (bytes): 202764 Entropy (8bit): 6.508156972140568 F89C60B87CA5F079D256FC5EA5A968E1 E0222AF567F5B9C1F2F73D1B4E59F79C00729D8B DCEC8AE7A87B66FF329443F6A7DEF6A9CF86653270CCB15003967503239477F3 623DB1E8C800B4E962339CBE302766EA65DD03320C25A43D5D99A67AF3E958FB5BFEC6CF3FD156FEE990574747 25887FCA6C74B993E2733E779B0B30D1F6FFDD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FE0DA2326A35120037F66779D450C7D6_78FB178A52778BDEDC9C9955DD948B91 data Size (bytes): 471 Entropy (8bit): 7.157857837764191 3031700F2C05D95111C6C0EC60857415 2CC3AB398949827A7CAE929DDE894951D380DB85 3B7CC166F5033F5BA939EA0C4F3D6A148156F5026FDD9A44FB0A7FA70366D5CC AE42665AF0F3BDB6C71E78CEE9E0D8CD921D1CF896A1834F3823B4C6F23FD70EAF7FCFD2C4600B32C3FDC1CD 4517DCFB371A2996D4BA0D774FAB43DD9D6E8D49 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\001836CEC9B3850D003670B9D75C6973 data Size (bytes): 264 Entropy (8bit): 3.0257135391139856 8B3A41B262BDDA7423D33E1B469D6DDF CA9D12FF6A6C8AF32FA6D6B9F59888FE6D97FE53 3A3B255B1757EAD8CF5D9FE8329CADF15D50812891437F1FDFE0439FEFAFAE41 97B0BD802C7A13C026D06CAAA1FFB053A9AE868526E8BCA986DECCED5D40B290390832746B28906B31F087881B 73BC0B53FD407BD0F8F24C974C40D390773AE3 Copyright Joe Security LLC 2018 Page 26 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 364 Entropy (8bit): 3.0626449031062397 9437D4EAD32DC8D916D28F48BBF9A2C8 FDFDE499EDE4BA198174D578D62F8625A67F3C9A DCE355540FC57D57853B2DD38BE088EEAA11FEA8B6F5456A205B8C8A1F0E549C 503C0DFFF94C7E3979E582783204ACC87589C78D01FE7B498353154B36CB369A3DEAB42D6AB0BB247DAA047AE4 B000EEC3D22C45D3E18E6F28163D9EAD410C41 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\024823B39FBEACCDB5C06426A8168E99_26F9FF5BB38FE4DAEF20 AB8190D4B2CA data Size (bytes): 404 Entropy (8bit): 3.522165778762859 10CF42EA6BA1F517C0E79D2FFB6BAC0B 9116256F779B0775D1AF6AA0027B363DEE27B2D2 650399C609773548492A8658B80BA36838B6D6E4C0D5630DDA0295E6873713CF C08A7F086AF96BB9B577B15F59FDD7F81283D85B47570CA6B294FB1552C14B43EFAE71B829898B87EA914804C98 F744E9746F748D68434B76404855AB043A654 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 468 Entropy (8bit): 3.277296979865895 91F9FEC72031D4D96222539ED6B71F6D E7984F1389E5487C9944407C72AB7C81E73933B2 093C2DA2B3695DA9FF46FE0AC13ED105EA6C87E234CDFADA65EF099D38A6B7F8 3013A85C6CE1F22DD43D52603F06A46066FFB19AC6FAC6EBB0B3CF65C579E8D555DDC83F191777D6C6969603A6 24FB38B2B720B9977BD15AB606281761F10DC9 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\041738039DA7B23A0B8C1E6C396DBE1E data Size (bytes): 264 Entropy (8bit): 2.9030770317743873 42C88A25C3AAB8B92E1BD00269DD5DDC 8CF48C816F65A79BB227640CA9DE14CAD9A49A82 9C1BC233D3A41DD7612BEEE5DD6CD780B043F917757B43ECD75A8E55D0B2BA59 9567AF1C2080826404C934A8CF2E40BC826FF2C47810B31B73CDE4F293923B6D384C7D2848CA44EA693BE6EC9C D0F1882A8FAC0F4C94F6657B3CF204ACEAC6FA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070C03D13B170C50ED5CDDF6BA1053A6 data Size (bytes): 264 Entropy (8bit): 2.9049339446367854 838163EDB79006AE685EEE102172FB98 E3FC7C8E3C6E215D9AF66656F4D439BCBF79D0DB 59305131BD686C304AF2E8A43A7EA2E9EC3B413A3A0CE790CACD68A9A213FA87 Copyright Joe Security LLC 2018 Page 27 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070C03D13B170C50ED5CDDF6BA1053A6 9822E8BC1E7648B323A638F1115A61EF0EEFB0ADD7DC5A7E1D35C764E48E2323CBFB42381EC55B3B491F40C388 22F8D0E509BC327332ABBDA17E513078A9CA5D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 data Size (bytes): 230 Entropy (8bit): 3.143464147443289 8EB32FC1A8D85BBDDE7F0F753CB2AE28 8EE8CAB09AD61607A3D2BB96D935145630A0AE03 3B5C6D64659C501AD00FF8B496C8F8778B48536907281AEB6B21FCF9AAD8CF6D F4505F4C95685C3BF207AF8F2EC81B81F7EC12036BA4717361BD6FCB4682BE65BE08D62A40A02225F9FC8CE1029 FABD2F0C7D05041DADABC9C49CD86DD971A6B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0AB67BD4882FB0E09822529CFEB33A58 data Size (bytes): 216 Entropy (8bit): 2.7892886093254594 E13DE9B6C7D153BA3066A5C0065298E6 0ABF25778420E3195554C8CF8F53D19EB30C5DEF FC5C2B646C8CA2FF845FCCCBBFC403593974FE47EFA1AB06C7B533D2D75E8B2A CE8390F55D34BCE560BA17E8947AEF07E9B2D87C52B70EDB25EC2EE378B951071E880197BFA60B566D07DD9111 31EFD5F0FAEEDAFC62644C388F3B5D2A4AEEC8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C 99552548EC2F data Size (bytes): 1000 Entropy (8bit): 3.827326102310241 82B389A6D9AE66AE4BA3FA855B549894 9DCF51073123C4458239DD9B598B3AF27BFF8D88 59C85F0BDE6DEF5F4331B9D46DC96A8559F604A04AF5E8D181F59E285D7C692C C83074D8C93370D3583C1967262095E0146782654AD829CCF891030599928B6A2D5D4E30D592C3AB9949E8CEA5E 33D3295DFFA4369741063DE130FCF231CD2C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BA79029EC3FFD076F5DAC2F70A18685 data Size (bytes): 186 Entropy (8bit): 2.5028032433657272 7917035B546972743C115BE5520E455A 8AB38352DC37A4FCEAE2C84CCCD3F26CC8656EA3 83DC6F610B17E4E3E1DD3C02F188F955FC845E7E6ACF1139674036A4F6A40869 40F84D0F35F94F3E270B02E5690192B10A6EC9B0C5EF5E93D6B8A58E66958BEB1A9D9C05D8D7F940B7A0E79912 54D7D6DC0DDC740453254FF86F366E450071F7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_0A997AECFBC6C7AB30A9 8E11E80C8E17 data Size (bytes): 400 Copyright Joe Security LLC 2018 Page 28 of 416

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_0A997AECFBC6C7AB30A9 8E11E80C8E17 Entropy (8bit): 3.4973320151515095 2B8AE49E0F316ADC9509A9F302D6CC03 916D2D1AAD799A97DC2CF8CC56E1C079462F9862 2073864C1797379A28727A9570F835E545E5B491269A399CF9785AA796AFD424 2F8C9AF8A0FB6DA4AF0824AEFF4B4FDAD9E9D98AE1D066B21592822D7A4E1A153270E6F2EDED9B63385548A32 39D7113CCC035E104FCC08C1BF1603135E7E43E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F26 1FA85A0B1771 data Size (bytes): 450 Entropy (8bit): 3.6176652833872582 2FC20CD18EB1EC7296A40A873E1B35C6 CD1104BA572B2EB7023A38FE835DCAA0069A7585 AD36792C2DEEB3C673313BBB37059732577CE4107BA808ABD7A2802E7142398F 00C620DC9530179A96350AC3A3769FC84AD89B2273C590B407C33991798177794DA20B6E1FE5DD8535E554557CC D2F6A5E80CBFD2EE113C11DDB461AF5106002 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D data Size (bytes): 584 Entropy (8bit): 3.300915604237389 1DDFFCC6DCD38FCC24BD787DA133CCCA B4E9D278DB2D88A7EB8E9906CEB5F592D45EDB3B FBCE235B0EFC638F25474453DBB0FCEE2FF9F3B5FA70B592EA535BC19240D1F9 9B8021BF3A83FF09899EF99F80FA7322D82AB6F7C1507E093FB25E5082F3A41EA742AF1B9BDE5BA943F496DB95 CC733EBC6305889A9E5BFE01543B5845B18334 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\242D23DDBD947BF510369DC41BEA052E data Size (bytes): 268 Entropy (8bit): 2.9162634448199953 5D6957F81DDAD5F6B0CEAFCF6FE8F48C C4A126DA116CC11EB7ACA3CE33D9C473728086DE 3D2B10E3B517D10E686F53D8DB971ACACCF3D70A8C4F85A5CAEE445E394287D8 27FD4BBF9B9EDAB3A744926EC3FBC4E87C6030147B19DB4832DB18684DB0F0A840D71CFA0A2D7C360281AEEC A8ADC7330851B4E93DE677C6F05A99AF03A15798 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37D958F0157C4E87D39A5E7FAB3AECCC_0E496EF156E4B37329D835BF288927 DC data Size (bytes): 498 Entropy (8bit): 3.6408582544968198 7BB98017DA64382E9CE1DD9EEEBC9242 DAEDF6C3BF38314557264B5A840742D5B9A3AD0D 11C7EC129464E6B09CCE9E323D7397333AA9A2A25466338E738C2C16C10C5BB6 14BF13679865CEC467FA6EE95AF880C450B4AFCE262540A3AD1DEBC5DBF99AE19AFF8342C233443A78B8C5405 CBB9D1E25EC77B4120E20FCC1043E6C1458DA3D Copyright Joe Security LLC 2018 Page 29 of 416

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback