ID: Cookbook: browseurl.jbs Time: 01:54:38 Date: 10/05/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 03:38:04 Date: 30/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:40:31 Date: 11/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:25:07 Date: 07/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:33:33 Date: 06/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 19:33:28 Date: 25/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:30:00 Date: 09/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:57:53 Date: 27/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 01:14:26 Date: 03/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:08:00 Date: 05/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:16:31 Date: 24/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:49:21 Date: 20/04/2018 Version:

ID: Sample Name: html Cookbook: defaultwindowshtmlcookbook.jbs Time: 15:11:10 Date: 11/04/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 16:38:13 Date: 14/04/2018 Version:

ID: Sample Name: sentenza berwind.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 21:41:19 Date: 11/04/2018 Version: 22.0.

ID: Cookbook: urldownload.jbs Time: 15:58:06 Date: 04/06/2018 Version:

ID: Sample Name: Harry Potter and the Sorcerer's Stone.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 06:34:30 Date: 24/04/2018 Version:

ID: Sample Name: message_zdm.html Cookbook: default.jbs Time: 17:40:56 Date: 04/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 09:15:48 Date: 09/01/2018 Version:

ID: Sample Name: Zipongo Value for Investment_ Theresa & Year 1 ROI vs. treatment costs.pdf Cookbook: defaultwindowspdfcookbook.

XC2 Client/Server Installation & Configuration

SQL LiteSpeed 3.0 Installation Guide

Oxygen Meter User Manual

ACI_Release_Notes.txt VERSION Fixed Tank info for ELITE in Dive section 2. Fixed USB port initializing for old DC VERSION

The MQ Console and REST API

FAQs GOLF CANADA KIOSK

Quintic Automatic Putting Report

THE STATCREW SYSTEM For Basketball - What's New Page 1

We release Mascot Server 2.6 at the end of last year. There have been a number of changes and improvements in the search engine and reports.

Diver Training Options

Instrument pucks. Copyright MBARI Michael Risi SIAM design review November 17, 2003

Flow Vision I MX Gas Blending Station

Integrate Riverbed SteelHead. EventTracker v8.x and above

REMOTE CLIENT MANAGER HELP VERSION 1.0.2

Inspection User Manual

Inspection User Manual This application allows you to easily inspect equipment located in Onix Work.

- 2 - Companion Web Site. Back Cover. Synopsis

PRODUCT MANUAL. Diver-Mobile for Android

86 5A 62 DF 67 3A 7B A F A 65 F6 95 F4. win7-sp1-x64-app02-1 win7-sp1-x64-app02-1 KVM :32: :51:37

Using the Lego NXT with Labview.

Cisco SIP Proxy Server (CSPS) Compliance Information

DESKTOP SKILLS COURSEWARE

Version 3.1.0: New Features/Improvements: Improved Bluetooth connection on Windows 10

AGW SYSTEMS. Blue Clock W38X

Rules of Soccer Simulation League 2D

Digi Connect ME 9210 Linux: serial port 2 for JTAG modules

Using MATLAB with CANoe

Blackwave Dive Table Creator User Guide

Totalflow Web Interface (TWI) software Help notes v1.0 Oct. 3, 2014

Decompression of run-time compressed PE-files

FireHawk M7 Interface Module Software Instructions OPERATION AND INSTRUCTIONS

Previous Release Notes

Tennis...32 Stay above...34 Decimal...36 Bundesliga simulator...38 Shooter management...41 Installation...43 Registration...45 Where do I get the

LiteSpeed for SQL Server 6.5. Integration with TSM

Excel 2013 Pivot Table Calculated Field Greyed Out

Online League Management lta.tournamentsoftware.com. User Manual. Further support is available online at

Software for electronic scorekeeping of volleyball matches, developed and distributed by:

Section 8: Model-View-Controller. Slides adapted from Alex Mariakakis, with material from Krysta Yousoufian and Kellen Donohue

Section 8: Model-View-Controller

Microsoft Windows Software Manual for FITstep Stream Version 4

PC Configuration software for Discovery MkVI v 1.03 User guide

Hunt Evil Your Practical Guide to Threat Hunting

Skillsoft Course Catalog. Desktop Collection

Fencing Time Version 4.3

BVIS Beach Volleyball Information System

Digi Connect ME 9210 Linux: 2 nd serial over FIM

Meter Data Distribution User Manual

APP NOTES Onsight Connect Cisco Integration. July 2016

ICD-10-CM IN VERSION 10

[CROSS COUNTRY SCORING]

NETDIVER TUTORIAL. Revision Doc-NDT Dimensional Insight

Software Manual for FITstep Pro Version 2

Table of Content IMPORTANT NOTE: Before using this guide, please make sure you have already set up your settings in

An STPA Tool. Dajiang Suo, John Thomas

KEM Scientific, Inc. Instruments for Science from Scientists

IBM Security IOC Manager 1.0.0

VMware Inc., NSX Edge SSL VPN-Plus

Virtual Breadboarding. John Vangelov Ford Motor Company

Instruction Manual. BZ7002 Calibration Software BE

PGA Tour, Champions Tour & Web.com Tour LED Scoreboard Graphical Style Guide and Tournament Instructions. (Revised 4/1/2018) Section 1: Introduction

SteelHead SaaS User s Guide

Wicket Cards & Tags For Cashless Stored Value Payment Systems Rev: 10/2008

SENSUS PRO MANAGER (for SENSUS or SENSUS PRO devices) User s Guide Palm OS. Version 2.0 Published October 17, ReefNet Inc.

DST Host User Manual

Tournament Manager: Running a VEX IQ Event - Beginner

World Leading Traffic Analysis

CSE 154: Web Programming Spring 2017 Homework Assignment 5: Pokedex. Overview. Due Date: Tuesday, May 9th

Ranging and Communications Module Reconfiguration and Evaluation Tool (RCM RET) User Guide

USA Jump Rope Tournament Software User Guide 2014 Edition

Evaluating chaff fire pattern algorithms in a simulation environment. JP du Plessis Institute for Maritime Technology South Africa

1001ICT Introduction To Programming Lecture Notes

Steltronic StelPad User Guide

SWIM MEET MANAGER 5.0 NEW FEATURES

CAAD CTF 2018 Rules June 21, 2018 Version 1.1

Multi Class Event Results Calculator User Guide Updated Nov Resource

Figure SM1: Front panel of the multipatcher software graphic user interface (GUI) at the beginning of multipatcher operation.

A physicist, an engineer and a programmer were in a car driving over a steep alpine pass when the brakes failed. The car was getting faster and

Operational Settings:

CT PET-2018 Part - B Phd COMPUTER APPLICATION Sample Question Paper

Sales Create Outbound Delivery from Sales Order S01- Lean Baseline Package

Microsoft System Center Data

Transcription:

ID: 58820 Cookbook: browseurl.jbs Time: 01:54:38 Date: 10/05/2018 Version: 22.0.0

Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Phishing: Networking: Spreading: System Summary: Anti Debugging: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Language, Device and Operating System Detection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets 2 4 4 4 5 5 6 6 7 7 7 7 7 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 9 10 10 10 10 10 10 10 10 11 11 77 77 77 78 78 78 78 79 238 241 242 244 244 Copyright Joe Security LLC 2018 Page 2 of 392

HTTPS Packets Code Manipulations Statistics Behavior System Behavior Analysis iexplore.exe PID: 2868 Parent PID: 544 General File Activities Registry Activities Analysis ie4uinit.exe PID: 2844 Parent PID: 2868 General File Activities File Created Registry Activities Key Value Created Analysis iexplore.exe PID: 2904 Parent PID: 2868 General File Activities Registry Activities Analysis ssvagent.exe PID: 2236 Parent PID: 2904 General Registry Activities Disassembly Code Analysis 249 389 389 389 389 389 389 389 390 390 390 390 390 390 390 390 391 391 391 391 391 391 391 392 Copyright Joe Security LLC 2018 Page 3 of 392

Analysis Report Overview General Information Joe Sandbox Version: 22.0.0 Analysis ID: 58820 Start time: 01:54:38 Joe Sandbox Product: CloudBasic Start date: 10.05.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 13m 34s light browseurl.jbs https://www.enett.com/?utm_source=signat ure&utm_medium=email&utm_campaign=bau&ut m_content=textlink Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 6 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout SUS sus24.phis.win@7/311@33/22 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Failed Failed Copyright Joe Security LLC 2018 Page 4 of 392

Cookbook Comments: Warnings: Adjust boot time Correcting counters for adjusted boot time Browsing link: https://www.enett.com/? utm_source=signature&a mp;utm_medium=email&utm_ca mpaign=bau&utm_content=textlink# Real link is: https://www.enett.com/? utm_source=signature&am p;utm_medium=email&utm_cam paign=bau&utm_content=textlink# Browsing link: https://enett.c om/enettregistration/en-au/registration/validate Real link is: https://www.enett.com/contact-us Browsing link: https://www.enett.com/? utm_source=signature&a mp;utm_medium=email&utm_ca mpaign=bau&utm_content=textlink# Real link is: https://www.enett.com/? utm_source=signature&am p;utm_medium=email&utm_cam paign=bau&utm_content=textlink# Browsing link: https://www.enett.com/? setlang=true Real link is: https://www.enett.com/?setlang=true Browsing link: https://www.enett.com/de/? setlang=true Real link is: https://www.enett.com/de/? setlang=true Browsing link: https://www.enett.com/jp/? setlang=true Real link is: https://www.enett.com/jp/? setlang=true Browsing link: https://www.enett.com/it/? setlang=true Real link is: https://www.enett.com/it/?setlang=true Browsing link: https://enett.com/enett Real link is: https://enett.com/enett/ Browsing link: https://www.enett.com/contact-us Real link is: https://www.enett.com/contact-us Show All Exclude process from analysis (whitelisted): dllhost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found. Detection Strategy Score Range Reporting Detection Threshold 24 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 2018 Page 5 of 392

Strategy Score Range Further Analysis Required? Threshold 2 0-5 true Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Sample searches for specific file, try point organization specific fake files to the analysis machine Copyright Joe Security LLC 2018 Page 6 of 392

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Phishing Networking Spreading System Summary Anti Debugging Malware Analysis System Evasion Hooking and other Techniques for Hiding and Protection Language, Device and Operating System Detection Click to jump to signature section Phishing: Phishing site detected (based on logo template match) Form action URLs do not match main URL Found iframes HTML title does not match URL META author tag missing META copyright tag missing Networking: Social media urls found in memory data Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS Spreading: Enumerates the file system System Summary: Searches the installation path of Mozilla Firefox Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Writes ini files Copyright Joe Security LLC 2018 Page 7 of 392

Found graphical window changes (likely an installer) Uses new MSVCR Dlls Anti Debugging: Checks if the current process is being debugged Malware Analysis System Evasion: Enumerates the file system May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Language, Device and Operating System Detection: Queries the volume information (name, serial number etc) of a device Behavior Graph Behavior Graph ID: 58820 URL: https://www.enett.com/?utm_source=signature&utm_medium=em... Startdate: 10/05/2018 Architecture: WINDOWS Score: 24 Legend: Process Signature Created File DNS/IP Info Is Dropped Hide Legend Phishing site detected (based on logo template match) iexplore.exe started 76 117 Is Windows Process Number of created Registry Values Number of created Files Visual Basic Delphi Java.Net C# or VB.NET C, C++ or other language www.googletagmanager.com www.googleadservices.com 23 other IPs or domains started started Is malicious iexplore.exe ie4uinit.exe 4 281 2 6 syndication.twitter.com enett.com 199.16.156.52, 443, 49242, 49243 TWITTER-TwitterIncUS 198.151.56.6, 443, 49277, 49278 TRAVELPORT-TravelportOperationsIncUS 20 other IPs or domains started United States United States ssvagent.exe 6 Simulations Behavior and APIs Copyright Joe Security LLC 2018 Page 8 of 392

Time Type Description 01:55:31 API Interceptor 1x Sleep call for process: ie4uinit.exe modified 01:55:31 API Interceptor 4908x Sleep call for process: iexplore.exe modified 01:55:35 API Interceptor 1x Sleep call for process: ssvagent.exe modified Antivirus Detection Initial Sample No Antivirus matches Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link oss.maxcdn.com 0% virustotal Browse cm.g.doubleclick.net 0% virustotal Browse doug1izaerwt3.cloudfront.net 0% virustotal Browse syndication.twitter.com 0% virustotal Browse cdnjs.cloudflare.com 0% virustotal Browse www.enett.com 0% virustotal Browse enett.com 0% virustotal Browse www.googleadservices.com 0% virustotal Browse maps.googleapis.com 0% virustotal Browse www.google.com 0% virustotal Browse stats.g.doubleclick.net 0% virustotal Browse maxcdn.bootstrapcdn.com 0% virustotal Browse googleads.g.doubleclick.net 0% virustotal Browse crl.pki.goog 0% virustotal Browse img03.en25.com 0% virustotal Browse i.kissmetrics.com 0% virustotal Browse ocsp.comodoca4.com 0% virustotal Browse ocsp.pki.goog 0% virustotal Browse www.googletagmanager.com 0% virustotal Browse trc.kissmetrics.com 0% virustotal Browse ib.adnxs.com 0% virustotal Browse www.google.nl 0% virustotal Browse bid.g.doubleclick.net 0% virustotal Browse img.en25.com 0% virustotal Browse ad.yieldlab.net 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files Copyright Joe Security LLC 2018 Page 9 of 392

No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshots Copyright Joe Security LLC 2018 Page 10 of 392

Startup System is w7 cleanup iexplore.exe (PID: 2868 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) ie4uinit.exe (PID: 2844 cmdline: 'C:\Windows\System32\ie4uinit.exe' -ShowQLIcon 184C8F06D073803490CDA3954C489A36) iexplore.exe (PID: 2904 cmdline: '' SCODEF:2868 CREDAT:275457 /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 2236 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A0264879FD1E655B75B63B9083B7) Created / dropped Files C:\Users\ANNEBO~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): 4.4600329090158475 F40F86107E7947A6AAE175AD5BDFC99B C37F7785D63C11D6B711677F7034F1516031375B B2C73CDCD95786617BE8DCCC2341D857D7901796BDDCD57D09F4C797FB83DB89 072C9DA1FB03BC7179CA95C39DD7829535066A44CD54BA91BBED4C3F04AF97A19DF52CC2BAF1DA70C41707AB0 C3B696C2E62E1566AC984FEBEF99691D592D114 Copyright Joe Security LLC 2018 Page 11 of 392

C:\Users\ANNEBO~1\AppData\Local\Temp\JavaDeployReg.log C:\Users\ANNEBO~1\AppData\Local\Temp\Kno7497.tmp Size (bytes): 90518 XML document text Entropy (8bit): 5.363150872510243 002D5646771D31D1E7C57990CC020150 A28EC731F9106C252F313CCA349A68EF94EE3DE9 1E2E25BF730FF20C89D57AA38F7F34BE7690820E8279B20127D0014DD27B743F 689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D4089215AD3FE33440908E687AA9AD7D94468F9F57A4C C19842D53A9CD2F17758BDADF0503DF63629C6 C:\Users\ANNEBO~1\AppData\Local\Temp\www7BAD.tmp Size (bytes): 324 ASCII text, with CRLF line terminators Entropy (8bit): 4.872866254997386 5DDF93B98C5AE2C79C09BFA87363078D 71BA59BB8429DFA73A5DD73502E0098A6308CF1E F5E35EA56DBF3FDB1A6EDC8C4B26B170FE9512F8DDDAE56353B5DD03D6FB1386 5EA667BE4746FAF1AF72149D2C18B3BE72C7379ABE95E42140C266B531D6E2FAF4ECD9F8C31B03F82AA578240A AC863E2EAFBD17700425757B749784877CD862 C:\Users\ANNEBO~1\AppData\Local\Temp\www8923.tmp Size (bytes): 411 ASCII text, with CRLF line terminators Entropy (8bit): 4.951621068409854 480D8EF58C50B63649CA2A11A6DD21CA FF65A43FC6514B94D815E123DCC87543DFEB3509 A0E38252764186742D382B06CDF904BB849EA9C84A19C22B7380F32089735228 8F07279D9234D17C8D2F890F18D6D07A64F22002B39B51956F2DAFD38D6EF46C261B7F756B858108CC996A95A7C E92F8AD08ADABF996B81291E49CD247D32AE0 C:\Users\ANNEBO~1\AppData\Local\Temp\www8974.tmp Size (bytes): 452 Entropy (8bit): 4.9927327575549 ASCII text, with CRLF line terminators 431CE3C728B963E531AC57ED03AD7885 4E59DD95CB200BD87778F26DE2C078D943BD0532 928B92D61A40EC12A97B69BFD1743747EEEFBB07CD5C91BD5F4C3A1FAF6A64F1 7F0A79E04A7C0471631B54E38E3377E041B221E7A891278ADA5ECEFE2367AB728F8FE3F5A71DA1815C23800CC5 028BFCB6B3A7936142241D5DD732D05DEEC11B C:\Users\ANNEBO~1\AppData\Local\Temp\www899D.tmp ASCII text, with CRLF line terminators Size (bytes): 752 Entropy (8bit): 4.99700067863974 6997211BDCC6FFB83C24153C5FF45FF8 5753D953EDA2ADA640779E282C19E37F159AED09 Copyright Joe Security LLC 2018 Page 12 of 392

C:\Users\ANNEBO~1\AppData\Local\Temp\www899D.tmp A7F9A28D672F9F78C0F950F0262EE8AF2DFDD6E31AE3881C2038D8277522A4B9 BED2B6004038841804D8082C48D8CB4C45FC185AF94FAFF8DA00FC3C10CFBC711408FC5CDE1118E67D7483FE33 376447C892E00FB11232D9BE9207B252E70DBB C:\Users\ANNEBO~1\AppData\Local\Temp\~DF122338832208AA1F.TMP data Size (bytes): 29745 Entropy (8bit): 0.722777726624217 00E8DB296D5B9CE3E1EA5B4055B60104 52BA8C5F2C23935934CA867F6D5AACB3E314B266 71EAECC13C93EF67D0F7EF8E84309074F4C454B3CD8560BEC32F026F515F6DF9 8015C41B01DC80602A2D65417E803544DEDA8007840F05EC9B70EAF439F213BD0C4F654565A4E06C07E1404724B 6B8343ADF0095BD6FA951C2D8D8F7D093EC1 C:\Users\ANNEBO~1\AppData\Local\Temp\~DF17543CB5F7FC13E1.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 13557 Entropy (8bit): 2.4928625290230397 86B69BD4E8C4FF75C8AB39CC4D7183DD CFB5406645539B3FC805313B7D38A7CBE61A06E6 CCCB8B67910DDAEC2B6D90F0F6AA172E72CFFD2FB598D2FACFC12A134A490C33 3A48DE11D78E9D6C9CF28843007696BA0DD9F7EED4BA3E01A4456058016D5B3EB9D27369E5B08EC3D1E48F92FF 741F8B721FEC5EA85FB2CA25773A3B417AA703 C:\Users\ANNEBO~1\AppData\Local\Temp\~DF283BAA36E432E421.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 160761 Entropy (8bit): 3.488650682114946 D7DF0498B601DC55E6E1B5488F0CED89 957A9E31D4B88E6F1135A8101D13FEA2A23E5377 E5CE9AD95D134DEA1016F51114EF4A10EAC03D1BD79E9867B2FD5BC5BA39CE52 82A93676202CB4D0AD005CF1D2818FF232348C5A7526EFE396D01C4CF963AF8E5D683A65815C9DE13DCDC0BB34 B4820178E0691B02144927BFACBAC0938F0D64 C:\Users\ANNEBO~1\AppData\Local\Temp\~DF30E4CF7378B64D14.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 29745 Entropy (8bit): 0.9602308855381793 F390F6E665B7D9A5EB4E498CB02C74CA BF5C9A00D8CD6D5621D3537483E9D47C6270C16A AB699534A380F8748719E679959BA5D128BED1908F91A539D35FEC9729EE0C7C 9608DF49A4FAA96CA47C76D3DC9BE7C7A096451D0B65BDCE149001D7A93BDF32A3D1D98491D1D243FB2B1909E C0A4AA39503371BC9EC2F7F96632277A7B4082F C:\Users\ANNEBO~1\AppData\Local\Temp\~DF5F37863287F08784.TMP data Size (bytes): 29745 Copyright Joe Security LLC 2018 Page 13 of 392

C:\Users\ANNEBO~1\AppData\Local\Temp\~DF5F37863287F08784.TMP Entropy (8bit): 3.827598967710534 9B9EF36D6CFCAE91987DEA4384357E45 ED5F463C9D73E96E928BA7B42E7F01A3ABC438D3 434D4F40510DF1ADB6765C8D4EBAC6D2642F9DCC757DD1C72B4B0411F474700E C0A1D51ACEC9D10157F0EB5DF27DCED1E68136983C113C365ECEA718604D0D600DC17C7B785870BBAADB2AC4 4EB131F1996AAF07126A5FDAD1025E71F2178B6B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 593 Entropy (8bit): 7.030584557406149 18C1812A882C2FBB908237F26F07E7F5 175E61E7A8A432DE55043915526EA6A45BA71A92 28202D408E3B63F9E9F430111BEEF486F97DF70158C12C3DFC2F0B27A111497E FB4CDB95640E16E2D76F8A192DEAB0E1A978725D5B42120D29A1DD19585CE33045F55424342BA73CBDB2289DBF 64F57C359749D168DE372965E73F8F30E6A3DA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 543 Entropy (8bit): 7.0159987278002145 909DC5969243BCDC119F0B03951940D0 B92BD37BE1338ADFFC5E08A19B279B00526346E8 4EA7600D1EF823C6526E3A23ACFB6A2FF19A0E8DC51A713770B93CC29B81F2A2 3A0BAB994AEC6296BFE62E00A29FD0F29724600789E90EF745A906F05E5367422700889165EBEF8DEEF285D5A3A FC6F033440200E1CAF47C1DD0481C4DC8E2BF C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0AB67BD4882FB0E09822529CFEB33A58 data Size (bytes): 531 Entropy (8bit): 7.073092766754946 78BDA5618A275F4D8F03FC737EB59189 9913A4A0639984F3752E0AF469762E23646EBBC1 86F5768236C8DE9D223B04349C3925B078856D8DA2CD5A633774678341EB5D00 0B413EAE87FDB6A7451478485FE34579E90C68FE59A857E32AED37B2B4B878CB11536C280CC9F391D02E7389240 F3E788D54AC7E6E7ACDEC3E8D88F40B8BBB5B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_23C17A228306CAEB4EB2C 888908D2DDF data Size (bytes): 472 Entropy (8bit): 7.22499248367702 BBB97A9E5B79BCD4EFE7809B337DB4BC 09C3E4D1A48E0C0F7BBF9312FAE0CF3A6C42621C D8E0710017B56F277EB15D810A1F3CECDB97089CFA50D25474D0BC3694F318B3 90FFF1DF556D2AC13F4F8C6E15838AE07EB7AACBE5A353E06B7A43C9A9E3A3E41E9E90B4DDA7693AC1474BBD 34985D0E6336A1C37DB30EB857E443BDE48736CD Copyright Joe Security LLC 2018 Page 14 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_6CA46809F08C6D2B1C30A BA88F1C6D87 data Size (bytes): 471 Entropy (8bit): 7.1806960359085945 EB81FA3941A8AA99C650252BA91B6CFD 7DB6A36B93E99FF96B0061E4A16BFA8D2BE48E70 913105D04D2B018D6B46A13CBFF4140D2933AF9F113F900E4B6C397E98508C8E 31B3643D50DC2DEAF98ECD9410791FF1879728CF348E9B8E58C924BC6FBE58CD271A70CC9E32FF674808147C8E 69821B05B30BC0080B428D698E7F7439E38C3E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0C E44422ED38B data Size (bytes): 471 Entropy (8bit): 7.148786160783784 6A6D7F31AE864E5FCD632E3C36623CDF E66D475A04F625B3AA1F2BF354EB9E629D3B8E58 9C567CCF21D5B82AF43A8BC8F70450F546BEE4C10F51D396CF716B78D95C98A7 C81C84D1CD79166DB49611A0727765D37006399732B90D4DA0EB02A2B7398800CA9CA850057037AB43FC38DF04D 2480858CAA357A84BC71468442421566FF460 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\41E729636896BD186E9FDA558705F775 data Size (bytes): 620057 Entropy (8bit): 6.521423309428052 D5CC407260D68F4CBABC6CEFA39D415C D5D6CD42232CE6C56A89A260533D14196DB98CC1 C79C85267F18E9324AD7AC7D2385BF75663C92DA20953ECDA915A026CB2FBCBD A30273EFF639D68C0A058E0902CF33910C7CD25FC31BD9011D5D3804164F2CB64727743511A56A3B61887F64D91 2EB98D2EDA66579D9B63ABEB078BB390056D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C622 0 data Size (bytes): 727 Entropy (8bit): 7.578380200149644 65FA90F22ED90B9BBE2603E07443EA8B 34B1C1E9AD896DC9525181B656087A8F62A91A54 27258B2FF992EDDA8655009F062013D688B6DF946C648562DCE7F400D0A70D24 80705D9ED8ABC02FC801822E1879DC682A31837B72916184B7561593F41CB846B95D23F72628DE019B83739B9B7F 9928FFA695C26BC04C869983657F536DF6AA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9 911FE760A9B data Size (bytes): 1831 Entropy (8bit): 7.555749065872329 3239B76A6AEDB428BB249E167406A341 Copyright Joe Security LLC 2018 Page 15 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9 911FE760A9B AC059898B5B9BC147FF176548C8B871C3D18E4AB 383CAE7593140E648B7D7E34103B88004BA8CE36C02212EE13B3B257674AC286 34338269FF9368F11B177E045D9122F240B4BC24A3C7294B9DE356DCCD37CA64727E4DCC569035C740ED1F23249 ECAE12E64C9F2463D3932DAF430848159A31B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 Microsoft Cabinet archive data, 6509 bytes, 1 file Size (bytes): 26036 Entropy (8bit): 7.96414732129194 806381CE371CD7EF9CC216BB58438764 7EBD518D1A89C6F0079BE759A38869DE9ECC399A D858B12945B35906DD709A2FA9EAFEDA3CDE7E342041AEE65BBD43CDF783C993 292C5FB7B6ED27E52F6EF48754DE5D1B9A756961A5309905EB086135BD5C5420D4882051CC8C1D82D845E8AEBD 50ACABDE23EE17A401379448DB0A13C30E2CC1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F data Size (bytes): 314 Entropy (8bit): 6.707547031814999 498C6201B6151790332F50AF881FE8F7 AE196D5382147CF348D74563ECF6177587682899 5FB87B0B7E8DB9DE86429E8588536073D9A929CD1D5697408F4F3460FF7B8C5B 42D8A931B1D5A229BF5702B27D2724621AA2528165480E5AE0B16D910B75228A025E638D44E62C3490AF8E24AF0 E78F8EB9778BE0043CBC161A0DF00C4AF3595 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\678B9F95B126F50368710CA85CB2F3DA_AB8D94F29896452B4806732E3EB7F2B7 data Size (bytes): 1428 Entropy (8bit): 7.521119311123745 0D8FADB0453F75516E1335FE6F54E2BD 23410FD1B4897085EB6E5E39B8716DC1D09C5B59 D5749C02AEC986C8BCE1415641D27EF585D11CFC5C92BB0E91AB95EB77E2E6B9 DDF5C0B475633E4A4A18E548DDFC5B27AB3852234F0B56964A603DCDE8223112D8EF02D28F7ED653A45E206CE3 CFB12197550C4BD0A3785F9EA2B5134EAD63B7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C data Size (bytes): 531 Entropy (8bit): 6.969098992936405 D4320A556DE14BC2613A905047002E66 6F5A53DD344613D9AD2434FE1A4EFE5165AFCA7F 1DE7AD2D11BC04482BA1E6318A4596B2E079EEF1D4118497ADD983763049B416 A697F39E5ECC745220B8DDA3144A368BCD392FD306D4E22EBA618B65F5200A9ED2EDBB9100D75D730222DB968 FE725A48446650B18FB723827763069C7F26E96 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 Copyright Joe Security LLC 2018 Page 16 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 data Size (bytes): 471 Entropy (8bit): 7.145090462928694 F0210FCA650329651CC216A3079899E2 D10B86C6F353C30D98B55BFCAADD40E7D493397C 397AD878DB2D20AFD65BA634252E0347735B089E1C9526BD654829881D1221F9 C5CA0CE0D36CB0716ECC6E37F96C261EF4E992C6C6B03D7EF703252D5494DE7AAFB222089C8BEC0A52ECD39D CF139748318B994898E994C7D29C8C513BB690DA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DB145CFEEC544B1582FED1ADA3370DD data Size (bytes): 531 Entropy (8bit): 6.969098992936405 D4320A556DE14BC2613A905047002E66 6F5A53DD344613D9AD2434FE1A4EFE5165AFCA7F 1DE7AD2D11BC04482BA1E6318A4596B2E079EEF1D4118497ADD983763049B416 A697F39E5ECC745220B8DDA3144A368BCD392FD306D4E22EBA618B65F5200A9ED2EDBB9100D75D730222DB968 FE725A48446650B18FB723827763069C7F26E96 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD 6 data Size (bytes): 471 Entropy (8bit): 7.113806806376518 5927E75BC2AF773C7B1AB96B8D21EF5F 644193F7C79212579D8C24F739C27B821335F1F1 F0FC070273183B2F8E56864C744D79D8512A3BE8A9DFF7A5029300B5D37C9B8E 8286CA2E037F2219D725AF8B4F530D87ADB178E140A3B17B5D5B8B27FFFA704D0D7F5D40E517E044D532128F753 B8814D2C88F4BE94826323E6E55B76662AF61 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D3BD78A30B98D17C317EDD4FFE850A0 data Size (bytes): 151583 Entropy (8bit): 5.72879674024606 C8A05998694EF98E7BD14F4CB6888890 E314B48800C1F8F8638E3D74835E7C78336C1B8A 37EA1F379A2AD13226F208E6E2B6F8718EB46CEB987C7BEB41E18FE2975F4B28 7D945AFEC2BED76366ACBF20C342A78E628B3F0667AD5634AF491C6CD311DC40C37A646CBA8B7294C3340B2C1 4AA87521033EEF36B32C103A64175592A02FB75 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 4405 Entropy (8bit): 5.519366423614025 8F49D05A12DAF7DC1437D8CCDB188A74 CC31C730E0CB60FF2135016D781AD8F1F8DB788F B6CAF30D26C9B2571099F0E345C3C5F343AE0D4378DE4FEECB0E9E5D9DA27C16 Copyright Joe Security LLC 2018 Page 17 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F 956F073E850CC741480764D01450C632CDCA0CE7B449221FF81DA4C278785D1F1933A85C43FE97994CC7C67EBB 70E177ADA752BFDE76A88D061C7B047FB548C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\85B3F147E3624A14E6A20DB4F6C2C5D9 data Size (bytes): 815 Entropy (8bit): 6.474731366561624 5A99E19642F99863906AC33AF33D1B8A C8CCEE43E0AB479AD0542E3F8B715F13FD461CDB CD2A45625000373BB8110959D34703AC4174C38AD925652F23467DB98A14C640 9F422752A3EFD97A442767029140A08E3147B67813B7C497CF580437C68FAE4B459F2A737DB326F7B6E2C5ACF53 BE5F88C998831AD050307AF8D09F7BC820EF7 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B data Size (bytes): 531 Entropy (8bit): 7.073092766754946 78BDA5618A275F4D8F03FC737EB59189 9913A4A0639984F3752E0AF469762E23646EBBC1 86F5768236C8DE9D223B04349C3925B078856D8DA2CD5A633774678341EB5D00 0B413EAE87FDB6A7451478485FE34579E90C68FE59A857E32AED37B2B4B878CB11536C280CC9F391D02E7389240 F3E788D54AC7E6E7ACDEC3E8D88F40B8BBB5B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8FE2C641C99CFA6687FA8D31B7D528A1 data Size (bytes): 151583 Entropy (8bit): 5.72879674024606 C8A05998694EF98E7BD14F4CB6888890 E314B48800C1F8F8638E3D74835E7C78336C1B8A 37EA1F379A2AD13226F208E6E2B6F8718EB46CEB987C7BEB41E18FE2975F4B28 7D945AFEC2BED76366ACBF20C342A78E628B3F0667AD5634AF491C6CD311DC40C37A646CBA8B7294C3340B2C1 AA87521033EEF36B32C103A64175592A02FB75 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\935997A99AD561648D062FC0CD034158 data Size (bytes): 30802 Entropy (8bit): 6.534284476845045 ADA17A0B6DCB9DE53EA39528EA9930ED 72EE933728A71BA49DBCA7D3D248DD5BF39C3A5A 4BFB35F59282F9C4FFD32417FADF2C2DDA947DAC9ED666A7D07CA9CB97F1A9C2 861DABDBC02F49CE987894E0D84EDDC7C3746F089D78E9B2ED47D1EE5728C143099A5E9ED9DFD154DCECFD94 8827D750345D4C2CC271C1C78D75DF9784427AB5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A819A172D8B839CA790602F4C968FBA data Size (bytes): 525 Entropy (8bit): 7.119722459365706 Copyright Joe Security LLC 2018 Page 18 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A819A172D8B839CA790602F4C968FBA 5DF8909067FB22C336F41E02DA3EB629 674F4F81CA1E98542C984480951574F6C8CC8AC6 6C1B93E21B448CCCCAD3960F167B1C08691D4DEBD5BB4C7D942AA0FB2ADA8C3A DF3D5980070080F833EFB7BC9C45AEF4C2BF2F8C30A3CD1D315BD585DD0C8296431B6588E02FCD0D4D1B15F78 B0168AD4DAADCEB6A17A7CB7EAAAB1B7C4ABB0 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CD228D3BE9D7C030237F48AE580AC0E_1D3FBDB0C20467F3946D8C08E88C997 A data Size (bytes): 1425 Entropy (8bit): 7.51139169818133 B141040B8BE450FD2B55B1BF25B5A341 2812E3277F9EE58FA391521D02420B898E9113A2 7EF44E033B0EE9C0BED6D1C89BDCC0A625E81D18D25E5FB2C01F3B5CC2B1652F E43B5DB42103D9A74F36B1BD3978705771E0078A885E889F62AC842B9A221055EF8DF96AA11B3CCFD2B84780D2 CA9FD2B4251D163BD46E1BF0CED1BFF7192A75 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A data Size (bytes): 712 Entropy (8bit): 7.160107455721385 D94F1E22F1BD768583C33CA604B04C7F EA77754E95A8A083F2624E68D87D6BD747A0A138 23F85655DD756A38954FD63F2218B4F6FA6BBFFB5467BA02F3143DC7E4CD36C2 12FB2B5E831F474BCF2153EE7EEC2C727B2570E24918897926ECEE0DC4C03B693B03F1A79BE4E42056593E638F4 E4DCA79C364E9591195BAF5CA94258BA246BC C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A6E643304C5FBB7CBF4025F1978D6EED data Size (bytes): 357 Entropy (8bit): 6.470563178823345 AF4CB2814447F0B762032BC3B601A986 BF4459702B0E033B1DF5CB8C92973AECA20438F0 23C6BE787F67F15FBA1800F46D2FBC713008A617A97AC2E36C91503D8F02395D F6E63331C49E0046B68A918F92109DAE5DAC011E4202714E4EC378255A2BFC0721A0E495B81619F4434C883E2286 813DBE60BE41F53F034A937F8E4A70F1A4AB C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_E27CFF85F206CF55AF304E2955820A15 data Size (bytes): 471 Entropy (8bit): 7.241624390240204 FF3E5BFD6604CA112EA6CD372C786220 547D2AC3F752B28759E8B8729E290395CA14BE8B 6D4FFC4C7A052A9986CC5AD1C70402F36C21CD52EEEF721C27F34D26B1CC6E15 78A2A0572B0ECBB8176D78E0C211748F004798273362D257D07AD3C75B9F33F5D92274B325BD23378F4AC9074836 9553CB0B7218227C9C16F478868B837F81EE Copyright Joe Security LLC 2018 Page 19 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC42971B7939A9CA55C44CFC893D7C1D data Size (bytes): 812 Entropy (8bit): 7.530016869288109 007939F82592FA84DB8BFD006DCFD0AD 3B77CEEBE8300D4511D1E572F897B0B383EFBEDA 021AEF6353A89CCFECE38B508CD7C7F92C0A8934A27D72CB21E98A7F8D4FC084 13E659DBFFF49B38042ABFB0EA0D41A8494A661F9491A12EB507009E0DD1078AF96D8F848CB037A8E7396E3F37 B91B140672B3C68450DA2AFD97ED1B7B97C123 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F82 1 data Size (bytes): 468 Entropy (8bit): 7.13567145321609 6BF50EC404FB4A8B4A94BE8390D11938 0CAAAB7704D6221ABC5E0342909A4928CEE50B1C 63B592179B1E9A528344CE1D430B9479FC55F43420A468EC35AAEAA9DFF911CF 0A92BAB2CE20636800568F1245B2D240D2CFDC84E2D1C484F9C7E36FBFC9473229E0236F3D68E4F20E09F335004 78B029FDF859F965E5E446F47390DC93CF815 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D080F8FD8CC1905DCE0E357DE704D67D data Size (bytes): 620057 Entropy (8bit): 6.521423309428052 D5CC407260D68F4CBABC6CEFA39D415C D5D6CD42232CE6C56A89A260533D14196DB98CC1 C79C85267F18E9324AD7AC7D2385BF75663C92DA20953ECDA915A026CB2FBCBD A30273EFF639D68C0A058E0902CF33910C7CD25FC31BD9011D5D3804164F2CB64727743511A56A3B61887F64D91 2EB98D2EDA66579D9B63ABEB078BB390056D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_C82ABCBFF5F798932E6AA 48E5B0C1C95 data Size (bytes): 471 Entropy (8bit): 7.2174939326675975 8EC47C0CAC8306EBEDBD982C2E5BC0A1 EA462765088355696724F269A9D3514AD4F79B8D 02BC9DE178A08A79697FFFD44E3C2141BCF6A002DEFCF4198EA90C0EE7273759 20660B964BAF6C67AD298BC53C916A120381D5AE15934169849A3FC833F77A52008CD69E217DCB4B4DD4C8ABC6 92EF614A8F79D0DF2D2A6E309E49EDB6152C3B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E961199C820C769E8780DF5E0A920455 data Size (bytes): 192754 Entropy (8bit): 6.509684458025678 7BE22EE8436FAB5A4302B7EDB87682EE B60F23E0C9417FBFCF87D9CD9BAD441219B8F268 A2A7F62B792979D6E1D01A1EDF562EE208D334D82DDBECEED8BCDB28868AE853 Copyright Joe Security LLC 2018 Page 20 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E961199C820C769E8780DF5E0A920455 B000565C3222789B2B19B3DDB5AECD475ED867AFB93508A3C21910C85CECE8AFECA7B5003A3587EA8974686B4 B47EBD07A68E74CD8903EE25B8EF8A646BBF8CE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5A B data Size (bytes): 471 Entropy (8bit): 6.9941588895441535 4E6704EA7B8CFB9BAB506EE9E84A7C04 455E0BAC3509A9F491A2B1C26068CA97ACDAC792 6965DF0E73F48069D9D5B7236BCC2E01E8B87883BFD695EC8E9488BC3FA727AD 0DABFDF34427E65E99A4FE24C385949387F51E72C44B77DF071CCC3616536512A3AE41FFB265608B687B0FFFD05 97D560EBA234F73BEC3D10733308B1FDC6986 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0060A9F9287878B15AB61E0E47645E5 data Size (bytes): 3320105 Entropy (8bit): 6.591169159432837 E7335B3FF8385DD81C9E2E64BB8879A5 147C26A55F786618EC7F4D808A53F6F319436A20 95989FCFC222B5F76B31FFD15F8C8FF7DEB1C41A471149E4564DB8996F07766E E493D1BBFBD58DF7A34E9170D8C60596C882AAA47D56B64062BFB329D6FAD9F77BF0CB9805DCB7509A4B3F01A 46E9F47572D7B7B26360CB67397EC98B5E09072 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F5F320A94D4D2B4465D8F17E2BB2D351_D0021D188712E9DC384A4B357EF70F08 data Size (bytes): 463 Entropy (8bit): 7.202158421974309 51F3E8813C5332504EC39CBEFDCAAB25 7DCCEF379471990E9F6550D1F43EE22CB2C4C36F 2053AA69836A85A3B7AC2EDA1B3FC6ABD2AAE0D247881E444A566FDD7EA3BDB1 034941F09ED64E174F86C7D7C4F183F67DFA02A3179FFF40E77149C63F09F6B72BBE6D4EFAB5D462F3906345BF9 0AE6498E9B8D6EBBB0E8584EA26CFDF33A496 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F94FD5F2AAEFDB64257601230509A4E9 data Size (bytes): 192754 Entropy (8bit): 6.509684458025678 7BE22EE8436FAB5A4302B7EDB87682EE B60F23E0C9417FBFCF87D9CD9BAD441219B8F268 A2A7F62B792979D6E1D01A1EDF562EE208D334D82DDBECEED8BCDB28868AE853 B000565C3222789B2B19B3DDB5AECD475ED867AFB93508A3C21910C85CECE8AFECA7B5003A3587EA8974686B4 B47EBD07A68E74CD8903EE25B8EF8A646BBF8CE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\01B16CDBADE7DB774141D7E30D50EC69 data Size (bytes): 364 Copyright Joe Security LLC 2018 Page 21 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\01B16CDBADE7DB774141D7E30D50EC69 Entropy (8bit): 3.0963390308713237 48B1E0A8BC96EEE705D359FD4203F989 89FBE01B61996101DBA9D117F8ACFD9403FD8B7B E0E59D58BFC6B6B980BB2D9F67F0E505429027F3A0B139FB8838EFC01B12998C F58DFE9CC99BD7B904BAD6C0A0944A693A1B0F26F5EB4BFCCE8E66BCC41C9EFB7F1DF6212385A682997D07C5 BD00B0C3A4A1E5B333370696F2A5C840AEA90AFD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF data Size (bytes): 234 Entropy (8bit): 2.943827999647265 5CD9B484B66F5DC3372760483D3FDF88 246126D6029D34BF9E4AE7BC3932A47383A855AC 05E4B65818B0CE8591AC6063D0A09465E820316993D7B51CDDF9891DAED880DF 7E9B2ECF6B6F24C6FA138C5A3EFADDE6E63FD3D04801887B6FFBC4AB0CE21E5FE81D5FF77D1BD1A95E36D410 0937E58EF1B6E30AF934667941E254438D967780 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0AB67BD4882FB0E09822529CFEB33A58 data Size (bytes): 216 Entropy (8bit): 2.8005644587950718 8E95209FC4701B682930F69F7E905F8F D54021FA0A7F4A76A01947F237D96EEB5A358255 4F3C55CE6B82DC85145B325E045A87A8850F0344424D25BE760E3D09AA05E4FA 6971F264EA77FD9CC27EA6D346FA1F4C591F87D749ACE025382B15F6E5CD1849A1B9C8CF570EF72F5184267B13F 87B22C4377CA0065517D49CB82E65B134C598 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_23C17A228306CAEB4EB2 C888908D2DDF data Size (bytes): 396 Entropy (8bit): 3.542334922186363 B15D5E17EBAB8D0478F3A29D333D03F9 2F04B5195E51AAD3D4D2179C2E8B0B6B61E813CE 6D6A6CBEC42F56CDCB8BDE9B365DB226A8B96689081128A11957DBAC992B38EF DD6E62DD035B19329D2B93BBA76050FAE83030CC5CA531232BC0B85106237997A9E52C4E61C59070A063141E976 44B1A6EAFA84E72B426BE83414EB08FFEC292 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_6CA46809F08C6D2B1C30 ABA88F1C6D87 data Size (bytes): 404 Entropy (8bit): 3.511158503490374 65F844949BA65C03125AE28B2E6BB65E 5B166E232F0FB0FF1D6DF38B337582A7B0AD0309 4F8027F3E03ACA0C7853A72257945639658A420D2CD2B4EC8FDFFBA4E2BBAE93 42C5C5F9B30F839B41E000199225502C9534FA6908ED55580E851A45693B01883FB401D46E2FC558409BDBFC411F 37ADB571A6B6FE4CD142C94C50E2B6D615C2 Copyright Joe Security LLC 2018 Page 22 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_6CA46809F08C6D2B1C30 ABA88F1C6D87 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0 CE44422ED38B data Size (bytes): 446 Entropy (8bit): 3.6288573235337758 2C77C5D66A146FEF359BF623B5C2B626 D043DD638307476C69B06C1E96C2F975549FE8EF E82985A2E943A0DFB7F70B1D049BA8175DB8E48F54027DF73490F4E2026A17A4 136A4AC7CADD6C83D5C9B24A34D41D2BECEC9842857FCB4EADDDBBE1B483A9D3C06E3EB33258B54CAE59527 E990C1282A9E35E76A17D09F6CC1AD8A22A026EB5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\41E729636896BD186E9FDA558705F775 data Size (bytes): 200 Entropy (8bit): 2.8315721487264947 01563FC7112B79984859D66E8D2C1AA8 E91D3C0D281E0BD9BD9B26A75550150C5BDA5732 415C5ED1515D7A2FDC247AE20422F7EA04EB6F515124BEA44EC8CDDC97A35A97 656F96AD9F8AAA5B9EFFDED94418006231F9A786CC394FEF55B2A5445BE5985B1BB289430BD9FE2DB2BE64C28 255B74B55EA04B351181F87F40635BFB3FB7DB0 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE5 9AF8FC7C6220 data Size (bytes): 800 Entropy (8bit): 3.800295240639347 8AFF71C55B9C88E04A37FE56210533C8 2DE38E62D05E711D6BD4AD003C917CFFCE5F96F8 4BED253A004079751B7A533644E26F670EE525A5FF7523E07C85ED703B0E6B4C 99AE56B678AAE7318C765AA5CC24B24DD8DD8BCCFF785A1256C158062EDCE286A5BE5B0AA925C678C6725A48C 4C19F508D94F2428D390031BCBBF94A43A4C649 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA 9911FE760A9B data Size (bytes): 486 Entropy (8bit): 3.6052789685093916 0BCB88A09F223AA1CF16D4DB4ACB374D A93423080B6C49B60C72E7CEC876E67DC27E35F6 2B0DD809125969A0B3B14A4258B27CD72BAFC7FE6E531ACC4DF66F0A36BB3D99 F6257DB7AD8D40922A3EAFC044D6C4D3C63D9EBCAB8D6BAF6FDBE5A3EAF269DA1E9013866739CC27EFA43AC 409B1D2074957D545A8C9B60B30C64EFC1084500C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 1368 Entropy (8bit): 3.1345491856696284 Copyright Joe Security LLC 2018 Page 23 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 51EE9A041521BEF89D3DAE0156FA5C12 E491E659A77FD63FC9CCE8E090382E5DA1A6C76D 8849842DF86EFB8BA16711796DDBB158F3FD24013F2FAE9CDE9040CBE49179A1 59731E439314E577B4045243387C50BF9F1566A2E6EC6395890B5C3590E0817DA3988C367853EB4A04D6D4892905 D8E6353C3E68541835F7980110770BD9BF3 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F data Size (bytes): 406 Entropy (8bit): 3.5496229279005247 86119C685F1208BB65A7CD03193DC31D 837CD286942150D0A73752DDD648107B48DC02DC 8ED2B1777158C98179940DF7135DC23402CAC16D1BD30AB6445F7D5010205685 C1C42CDA5622B6DE1E339AD9D53F0B217AA548CD53BD6A9BC0FB9E7D83280668B9DEA0EB0748FBA7A221D542 F89560815713216B45D756FD18F9F1BD819D561F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\678B9F95B126F50368710CA85CB2F3DA_AB8D94F29896452B4806732E3EB7F2 B7 data Size (bytes): 390 Entropy (8bit): 3.5697926471336663 2D47D1D932883B29131F6E06B5DCF882 07978F04DD12150CE6CF6077BF928DD9798CB5F4 0DA20A4B1FEA7E7D352B675FECB3184678CF6AFD7B1FE9F0254E38ED5C9D3819 08C284A82348C1504A43059FB7C1F53ABE61FAC6B1A825DA74B1F985157826D25D2FDC64EF82CFF18EC731F4843 DF5535049EA992D50B5DB2745322D0D7F05CE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C data Size (bytes): 484 Entropy (8bit): 3.3271140093856477 C9C8CF1CE556E45C9353A1C9DF968E07 AD41CB4AEF126CB6F7E0D5108F6551A4857AB34A 8268C92A88EE2E853C6E5AF7606E2C0FB60738F83D43BDE15BD5048964BC368D 50BFE9BC9D3788AF3C01D686D3CE1EE649F1604ABE6CD94939D9091B443CC1BD6FEF3B3196134E0C7D02701708 671605994D332EAFE0C3705BE9B0CFB21DD350 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF3971487123 2B4792417E04 data Size (bytes): 868 Entropy (8bit): 3.8499682744769017 A3C4DBDCA5EC84927F106CCC7D597D51 71A935C0FA8DD6B8142EE3AA0EB9ABD76B6A3A74 8C0EB01F658FCD4FB59D8668FE7D711FC0C1EF33077C2EF925E42FF140FC5236 3C5F2C11B7D4B589DCCDD8BB61350AB4216AA7357A12E51F21A692FE5BE6FDEA44E2A7501C7DB6FB81B25DA4 C0B12B59B71A31A5B49AC5983C29DE4469A95462 Copyright Joe Security LLC 2018 Page 24 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DB145CFEEC544B1582FED1ADA3370DD data Size (bytes): 216 Entropy (8bit): 2.7870190491603064 8A19E7D6E59E8F658ECAB4EF76F8FA83 8584BCB8E289D1596A617184312FB9C279E99756 01FCD0C1CACC73E4F92638B57BFDFF6D1B3C6E838B423834A8DFEB30B7522695 CE16EADD47D189BA21D588C7DC32E8967C4BC2A772A7769A8C772AC8312DC52841CFF88DBEF50AC9EE00D5B2 958BC9B83D66012B8D2458B6DC4734F2812C66D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8A D6 data Size (bytes): 868 Entropy (8bit): 3.8669346549401205 9A77ED8EFDA4BBA0D6AB05C0B379AE99 C7C5FB618F9F6CA472901B22F1B7A7AC3086CCA7 F9D695914CE31D6665922418515394785FFD860182D217EAD484902B77636225 09E48E3ED27B489A6283894C7EF03B1A55656F79D868622F068DBD3FB88F34881B572CC631FC77AC7B48B252080 2E05B6A48595F89CB086C3080BE233D5222C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 data Size (bytes): 3960 Entropy (8bit): 3.465570507436722 AE4C5296414C4BB8D795D60334A2496E 45287895B3BA91CE90BD206743AF62EA9F41E0E4 83712BB7B2C943939AE876653A6F69461E7E48EF2C80C08E6AF98C33456A0C08 564CB5CD422EB6B9DB7B421F008071EC71D4746AF588994D55AA0E5B7066750F7D26CEC1B3C0677F00A1C07F54 924100181AC57DAA3D9D53FC6EC45ED6320C6B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D3BD78A30B98D17C317EDD4FFE850A0 data Size (bytes): 264 Entropy (8bit): 2.9378397143422648 94592666B1F8CE186B46E7939FE6019A AC5EC69FF31123F306816E99ADC4067779E75DF2 865739C14A17FEFB02FACA1EB602B1094F988C0EB293ED07A94144B5ECA5BB0C B7E62FFA08B0C5E3860D199E4AC97B4CC41F15EEBDF48D490E12592B47CC1DE5185E70257BB3E2EC6A025685A 7B79928A16DC9075255A023C497455E350040D0 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 452 Entropy (8bit): 3.28803453102071 2752311034AD146664845A4FD167D04F BA8BD9967BEEE024ED6226BCD7ECF4F4A026C901 5AE36E21A3502A694B57F3226796F83972D15C1B540DB09650F5AD799B2BF8BC Copyright Joe Security LLC 2018 Page 25 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F CEC6E1879846F81907A774435E2A7DABC8ADA333B741085BB62A10A55E47B44F1B67BE947737EA15B228309CC4 4A2944988976CA834C3D283199F7D3DACB38F8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\85B3F147E3624A14E6A20DB4F6C2C5D9 data Size (bytes): 184 Entropy (8bit): 2.574830816407664 4AA205C6DCB3882625E7AAC3FF41CE3C 65C22A79200018FD7DD1CA43D7C55074DD6B450B 29E677778E7A058204676843CB6E13B57BE4D7CE530F5DC8BB6755932D7B219F 579C78FBCF4BBC1C8CB41C3846661DD3A09F6AA0C7BEC298549B2B6EEF1BCD651FE0A35BB7757C72E8DDB8D5 EEF9583BB72277C59F468F9965C1BCCB37EAFC6F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A7891822FCFF127E4EADADE9757112B data Size (bytes): 242 Entropy (8bit): 2.9905581628590863 D8F97AA6968A987BEAE16E0E6F2BF7A2 57D6AEBD62A6B17F24EFBDB6DD722B25667243E0 27DDBE4D8EF04D2BF8E9824F7BAB274DED69750674164D0DD0DAF04FED465E2E B69B8D28915B8F56AAD2837B7CB833E8160B139B196F851BAB789ABFA47A9D2EDEAEA9FBAE179FCFA9CB905C C45D8ED8FC666E0EAA943C99DF6B6E1184966A9A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE2C641C99CFA6687FA8D31B7D528A1 data Size (bytes): 268 Entropy (8bit): 2.913074068057781 3E3C8B82CDD8E9DD360E1F5123117877 D00EC6BDEABD27D5A3CDEA38026BB54BD2C728C8 9D5BB3144B3A1A657AF160DA32095E92D909D0410F375D68B8A0D6A46C422FF5 2070E00A1B952513ECDC0588E4EF047E84F96E192AF6DCA53A8EC5DFA903287D4A29F1345D6CEDC25E3FEEBE5 41FFC415335D7E17E6E7F1F1BC00F5607407D3C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\935997A99AD561648D062FC0CD034158 data Size (bytes): 262 Entropy (8bit): 2.9836299734956127 BA76417908A9EC4E188059ECC854DA75 7F319D88DCF4092EB353528293F7CC21F9C6A623 650566AA40AF8D998DDFA4922E921AA9E76D86C89A679809A0E81EE583FEBED3 63AFEC3B4F3E0CAA2361C5EF947B165DAECE826AE179A83390AD2EA18E946A5B1D86727492E009FF451427C2A3 672807A61DD563A9AB906179F7FDAF137633D1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A819A172D8B839CA790602F4C968FBA data Size (bytes): 280 Entropy (8bit): 3.083723936340373 Copyright Joe Security LLC 2018 Page 26 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A819A172D8B839CA790602F4C968FBA 228544F93598FE038869CEC8C5034504 7E2796B30025A290D319D94FE41DA1820DDB3F1A 12761C9FDA81C2AC587018B2D8026ABB5062736B138F7C54F525021E8B2F9682 181C62A46CD773F2769320CE0CE05B88F745C9557C4845B6B730FFE426AF9205DB57F8D03CBE4C68F2FF4A94266 9DFA9A37E2A086714C64AAF5ACD8CFA1CFD48 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CD228D3BE9D7C030237F48AE580AC0E_1D3FBDB0C20467F3946D 8C08E88C997A data Size (bytes): 390 Entropy (8bit): 3.5861119496377714 87715DE09CA7FA664B2E268A1910460E 6A0EB5615723CD4BDB905663965D269AE839DE71 370EF9E60F9524EDA9A429C9D8986009023D5B58A441B985A0B5477B9AE88477 8932D240D93A1139286CC064F01B064FE720BDD9AB8F9DB2038130F321A0836EEC98D28AD10CED5013D1EB81C5 770FDB8E509D4FFE5429CA821F8EDEC9378088 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A3D5BF1283C2E63D8C8A8C72F0051F5A data Size (bytes): 270 Entropy (8bit): 3.0318990478583805 7AA8B61D83B836538DD74EC8772E9931 34DDC204411B477876870D5FE2C3D36210C52D64 DA658C56E7687BF2E49F4A297DB5D951BB447AF4882783C7BFB2FDAAE2E8AF58 65883E40A8E801F41E485B4C6EA41B0BAA5CC4833D807834AE4C290EA08EF87243FF836717DBD2C9E4F1DA08EB EED05784C8240BCBCE54DACECBF8DFAA194FA6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A6E643304C5FBB7CBF4025F1978D6EED data Size (bytes): 236 Entropy (8bit): 2.8813652230040727 E4220B4C83C178A5EE370F56A2D58F25 14E13661085B8873FA921162FE72B4F7F9B46EF0 4435A6B73BA91911717AD8F374FD2F1CFCFA36437E8D7F98E099E3BD3BE6A880 FEE2258F9002B0C95EC6983BE5EC5D6BFC03705C4C03C33F6DDB4F2C43BD3CF966F7846A9AD8C1E892FBAC156 7DF2D594F601254A6246D9A632EB39CD3D0D5E6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_E27CFF85F206CF55AF304E2955820A 15 data Size (bytes): 852 Entropy (8bit): 3.8796446901244894 DEF8C9BB8B3028B94B001CDFBF5E0DB1 7AB35FD904F2F86937910D916506EABE833F3849 1C613ED4E6370EA8B3DB84B5616CC588C3F7A6946C215CF48FB91111370A2A8A 3776BE310348F44B0AAF75F018DB2DAD9ACE3AEF01E89C2CFC1F2E7869513B0B99BD80B1090452B34B605647A4 8E1EF8B4B86A08AE8ECE081EB895D368030691 Copyright Joe Security LLC 2018 Page 27 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC42971B7939A9CA55C44CFC893D7C1D data Size (bytes): 236 Entropy (8bit): 2.8739887308760084 DF677EB1B57B1E8CCB700D536408F6D4 1B38668379A04649034D4EA1758588E795170EFB D45165E79D3D689B1616D64726ED856E1FDC4123BA3A0440CFA02A4AF1EE1225 9B15FF6371ACA1FC76176537ECD774DC35843ED7103C608C9B381A9142B0B5B4B9EEA48CF6C9ACA119EABE26E 9BA0FBA08F5CB7B5CC9E6A110C34638EDCB80BD C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F8 21 data Size (bytes): 804 Entropy (8bit): 3.5770755878761276 247C88EFB2B3DAC706F604467D421B4E 9531D66CA8796A182DF74FE22FE8859966AEB54B A41A982FD4CFB11FD58D4E0B8FDC891C4F88D55886A74E453F186ACC0C3983C8 5A1B77304BD4758FDE62F139036309B21E90FBC5042C5A15271F4B00E2735B0BC8CDBB37C85A48372FB93B2E7A 4549688C9DC490D899F900BB6780F2527FF69F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D080F8FD8CC1905DCE0E357DE704D67D data Size (bytes): 226 Entropy (8bit): 2.989433993990232 6F3670F02DD4311AA145B2249C59791E C6A2F5270C600389C403FBD48D109BED20819C05 985D553A16EEAFA6DE46AB5E78B5E8DDC652C091459F2EE59851933B3B1D79D1 D08E0F0D7C213180A2E524519D6FFC9389A4075EE40104D0038028FA70E2C507D259D58928A7835381402A8D5FC8 0A5BB8FCA92055E851F76804F563CEC57836 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_C82ABCBFF5F798932E6A A48E5B0C1C95 data Size (bytes): 438 Entropy (8bit): 3.622089416513293 1C0DEDF30810B03A2C69E429519C2CFC D24744B7FAC817841E0139C833FF4226A9A9E1B6 4AA4F5E1BC064E45240897BECF080C6BBF90E868459E0B7A5D23B1A34430E339 5EFB4509EE982AC690179C4BF436DFB6D7989D4EAE87418FA1E2DD279A6C7FC7B097BFF4BE7F8C5FEF369D0B1 72B77BFB8C2B1E55C33CDDE30CA67825825F4D9 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E961199C820C769E8780DF5E0A920455 data Size (bytes): 210 Entropy (8bit): 2.8653709855269596 908703EBBF95C50BCCE0E2CD1BB3C8FF 4FF6915F833717B6AA670AD1B764E0C87F854CBF 460505AE135E699F9ABE756EB22E5F95F2D4F1D4F480961A503000A5227898B6 Copyright Joe Security LLC 2018 Page 28 of 392

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E961199C820C769E8780DF5E0A920455 9BD48598764345329328FBADC7E6D4020CF566379F32D5C9438C2A81DDA9367E03D031322EFD75E840C015C8CA DFD815DE3B9D8E78BF5DCD3C46563926DA13E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5 AB data Size (bytes): 426 Entropy (8bit): 3.602952587786245 834660B537F0BF489175FBD838291020 348A228F88BCB110990900445C3DDD30304258B4 C6DF345EB9AF3C4A3F8C18585DE1AED785E7E6BD0E15BA48C4ED9FBC597031C7 84533181845132D00BDA31E3C28F943593BFA5E933DDA237F3974E758935A615AD9AE7A5F5DB9F5A090F26DAA29 C03DBCB8EBF3498F0E087FF6B88785F90541D C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0060A9F9287878B15AB61E0E47645E5 data Size (bytes): 252 Entropy (8bit): 3.0306195844653896 00234FF442DFCB9409E6EEDA62B73743 BF39015E95E245AE45FE2E22D79D96B1D0926C49 1E550C13D601C5C089108DB7BCE9E1D8D3847635A7380506E2CA4701C998BD99 1551D432636375B5083660EC04D48D590D686BCFA458D7CC10F0920FF9B046B4584A77BF2C971B376E5896CEEA0 CB9F46500C7FFA2277819BFCCF815345FD70B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F5F320A94D4D2B4465D8F17E2BB2D351_D0021D188712E9DC384A4B357EF70F 08 data Size (bytes): 386 Entropy (8bit): 3.3134978354639695 F2FDD606387ED8D6D86B4A2F43787372 C0DB742E72564F64A4A7D08F81B7D3233DC4D091 61917413ADD2828D98DB185DA237D5EE65029F250AA6039EA8FB7A078A356A8D 998551BD82364C23C2FD9D6FF4A2CDE3D17FA688CCE91C915740EF9A698C3FA5F94B529644BC830F4A5BD35CAB 6485ADE3173688B7F021FC0A6355BCC467CE91 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F94FD5F2AAEFDB64257601230509A4E9 data Size (bytes): 236 Entropy (8bit): 3.0478963499957374 8B1493F7FBCBF047C82BA2799AC09AE2 FEDE945BDE28212A4607FE198E74AA0D4B4260ED 7063EEEC7BAB8A6BAF1A068DB5649E4DC86DD2D26030A16CA76FBB8B98294A38 3A356F3564D7A2C2BE67BC8080E7E671F0E8F27E3E649816A3BCB51959B8669AC9FAE91C425AB63205C36388F0 A4A5066EB23F9736A1B05FC82BA74BE4114336 C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico PNG image data, 16 x 16, 4-bit colormap, non-interlaced Size (bytes): 474 Copyright Joe Security LLC 2018 Page 29 of 392

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Entropy (8bit): 6.1480026084285395 B296C9568BE4B40F54525532DA56A3CE F4B7D1E31B78D81A9740049F951E27745CE921CB 27D67BA98E8641B6A8B5BB9CCDA13FAB5B0E0C8D231311BD39C4915DC71B3159 AF25BC3A74CF1B4F914BB54D65A834020CF81DF369B6892E546EF51DB5A58769B44BA2E33C7B29C3D4B23454F7 5007E9EB88F454CF51459DB2099F361E3272A9 C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms data Size (bytes): 33282 Entropy (8bit): 3.201913091426029 AD984F418E87A8AFD398C0E5903197A0 C2CF063021679F5A1D03D6F9CA8B50B180F90524 55DA5D7CABC72351A8C72696F624135516A120B522BD8F3C5FD1FFF23973BA04 AE6CC8A9D89A186B00076B7352F54A992710487206B0F8A04C176A208C1EF55EA9A205C4CB48D29984277851701C FD9B3CDA949EEA3CF7CBB8141158611AFAD4 C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms Size (bytes): 61952 Entropy (8bit): 1.1275893502106151 Composite Document File V2 Document, No summary info 789A8C45ECA7CB07DF0F43ADFE03B5BF 326A179AD6E7ECB890CE40CC20AF94A7CCD408B4 4DC0D17E322BFC26E5D09455AC2D0431CB6AEB81EF2505B9EE14A3820845CC1C C47066AAF60BE27E1629FEC79CC8000912DB2D753D8F9D0476BE0C783281FD06E9D63BFD136D67E7598EBAAAF 032481478E0A7716300D98FD6B796578CF38E6E C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VOM8QEN2\www.enett[1].xml Size (bytes): 117 ASCII text, with no line terminators Entropy (8bit): 2.469670487371862 98DCE6287ABC9DA240D2140D0ACEF3D0 3B8FED97CE6B31E0F1AC3D25AB1C3A30E7461518 3B4E474A6359540CD8864DDCB74C526279C70429611860AD14C8BBDC0C112C50 9AFCF8F4835D2DF555AA99FD879EA404106D66EAD5EC063B81145BE286E32C5600A6411D0D0ADBFAB274BB605 ED9489467EB7F9EC99E591B120593A850D2C01C C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1 data Size (bytes): 18176 Entropy (8bit): 5.525633053475079 5A34CB996293FDE2CB7A4AC89587393A 3C96C993500690D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE Copyright Joe Security LLC 2018 Page 30 of 392

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback