ID: Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 16:09:48 Date: 05/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:01:22 Date: 30/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 23:25:27 Date: 29/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:02:15 Date: 20/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 03:47:54 Date: 05/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:29:51 Date: 17/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 01:36:57 Date: 12/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 17:13:23 Date: 27/08/2018 Version:

ID: Sample Name: OVERDUE_INVOICES qrypted.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 11:58:04 Date: 14/05/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 13:58:58 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 21:43:32 Date: 28/11/2018 Version: Fire Opal

ID: Sample Name: CCS Projects.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 19:48:41 Date: 14/06/2018 Version:

ID: Sample Name: xnyjv5cbuw Cookbook: default.jbs Time: 07:26:31 Date: 02/07/2018 Version:

Blue Bamboo P25 Device Manager Guide

PaperCut MF - General Elatec TWN Reader Tasks

Quick Start Instructions EMV-INspektor V2

"Terminal RG-1000" Customer Programming Software. User Guide. August 2016 R4.3

UCP-Config Program Version: 3.28 HG A

The Snipping Tool is automatically installed in Windows 7 and Windows 8.

PaperCut PaperCut Payment Gateway Module Authorize.Net Quick Start Guide

Customer Programming Software RG-1000e (CPS RG-1000e) User Guide. October 2017 R2.0

Live Agent for Administrators

ID: Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version:

Submittals Quick Reference Guide

COALESCE V2 CENTRAL COALESCE CENTRAL USER GUIDE WC-COA 24/7 TECHNICAL SUPPORT AT OR VISIT BLACKBOX.COM. Display Name.

Field Device Manager Express

PaperCut PaperCut Payment Gateway Module - Heartland Quick Start Guide

Batch Processing Converting images in a folder to JPEG

Scanning: pictures and text

PaperCut PaperCut Payment Gateway Module - Realex Realauth Redirect Quick Start Guide

MADEinUSA OPERATOR S MANUAL. RS232 Interface Rev. A

Kalipso 3.6 Features on each edition

Celtx Studios Owner's Manual January 2011

DakStats Web-Sync. Operation Manual. DD Rev 4 12 December 2012

PaperCut PaperCut Payment Gateway Module - CASHNet emarket Checkout - Quick Start Guide

PaperCut MF - Fuji Xerox ApeosPort V+ Embedded Manual

PaperCut PaperCut Payment Gateway Module - Payment Gateway Module - NuVision Quick Start Guide

0FlashPix Interoperability Test Suite User s Manual

DocuSign Connector. Setup and User Guide. 127 Church Street, New Haven, CT O: (203) E:

Business Getting Started Guide - Windows

How To Make Money With CPALead

Live Agent for Administrators

Submittal Exchange Design Team User Guide

WPE 48N USER MANUAL Version1.1

Getting Started Guide

VR-Plugin. for Autodesk Maya.

INSTRUCTION MANUAL IP REMOTE CONTROL SOFTWARE RS-BA1

Underwater GPS User Manual

Scalable geospatial 3D client applications in X3D - Interactive, online and in real-time

LincView OPC USER GUIDE. Enhanced Diagnostics Utility INDUSTRIAL DATA COMMUNICATIONS

PaperCut Toshiba MDS V3 Embedded Manual

Live Agent for Administrators

Go Daddy Online Photo Filer

A Teacher s guide to the computers 4 kids minecraft education edition lessons

Wireless systems. how radio works radio spectrum allocation examples. tradeoffs. non-technical issues

2009 Michigan Educational Technology Standards - Grades 6-8

User Manual Veterinary

Appendix C: User manual for performing image analysis in experiment of monitoring E-coli growth. ImageJ user manual

10 Steps To a Faster PC

In this tutorial you will use Photo Story 3, a free software program from Microsoft, to create digital stories using text, graphics and music.

Bibb County School District Technology Scope and Sequence Kindergarten - 12 th Grade

USER MANUAL VOLANS PUBLIC DISPLAY FOR JOHN WAYNE AIRPORT

Nikon View DX for Macintosh

PaperCut PaperCut Payment Gateway Module - Nelnet Business Solutions Commerce Manager Quick Start Guide

PaperCut PaperCut Payment Gateway Module - CardSmith Quick Start Guide

The Joy of SVGs CUT ABOVE. pre training series 2. svg design Course. Jennifer Maker. CUT ABOVE SVG Design Course by Jennifer Maker

Effective Training Inc. Aug 2009

Smart Vision Sensor INSTRUCTION MANUAL

Aimetis Outdoor Object Tracker. 2.0 User Guide

Banner. Double Banner

Ansible Tower Quick Setup Guide

AirScope Spectrum Analyzer User s Manual

TEST INFORMATION: 40 questions 50 minutes 70% minimum required to pass. Score is based on a 1000 pt system so passing will be a 700.

ID Photo Processor. Batch photo processing. User Guide

of Vijayanagara History the study

Ansible Tower Quick Setup Guide

4 Exploration. 4.1 Data exploration using R tools

TRBOnet Mobile. User Guide. for Android. Version 2.0. Internet. US Office Neocom Software Jog Road, Suite 202 Delray Beach, FL 33446, USA

Recodring a Video In Youtube

PaperCut Cloud Services: FAQs and Troubleshooting. Channel Availability Release: 18.3

CONTENTS INTRODUCTION ACTIVATING VCA LICENSE CONFIGURATION...

Chanalyzer by MetaGeek USER GUIDE page 1

A Novel Approach for Image Cropping and Automatic Contact Extraction from Images

Connector for PaperCut Manual

MANUAL. Textron Motors Diagnostic Tool. This manual is valid for the following Textron Motors Diagnostic Tool:

PAPERSCAN V3. User Guide

Tech Topic Sign Data Overlay for Google Earth

Infographics: Display Data for Easy Interpretation

Infoblox and Ansible Integration

e!cmi - web based CATIA Metaphase Interface

Network Scanner Guide for Fiery S300 50C-KM

Scanner Utility for Microsoft Windows Version 9.6. User's Guide

domovea energy tebis

P3PC ENZ2. Basic Operation Guide (Mac OS)

Facebook Fan Page Secrets... 3 Section 1 Social Media Optimization... 4 Set Up Your Facebook Page... 4 Section 2 Fan Page Customization...

GW3-TRBO Trbo Module Software Version 2.14 Module Book

MCOM 215 Basic Photography (Digital) Associate Professor Michael Crowley Department of Mass Media, Briar Cliff University

PaperCut PaperCut Payment Gateway Module - CommWeb Quick Start Guide

TurboVUi Solo. User Guide. For Version 6 Software Document # S Please check the accompanying CD for a newer version of this document

Interactive Game Design with Alice Bit by Bit: Advancing Cyber Security

Transcription:

ID: 74933 Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version: 23.0.0

Table of Contents Table of Contents 2 Analysis Report http://community.bvp.com/links? lid=uhj1pgvvabulmrxn7vqmvw&token=k1dx7i_dls8_shdjgf97kg&url=https%3a%2f%2flinks6.mixmaxusercontent.com% Overview 33 General Information 3 Detection 4 Confidence 4 Classification 4 Analysis Advice 5 Signature Overview 5 Phishing: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Boot Survival: 7 Hooking and other Techniques for Hiding and Protection: 7 Behavior Graph 7 Simulations 7 Behavior and APIs 7 Antivirus Detection 7 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 8 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 10 Dropped Files 10 Screenshots 10 Startup 10 Created / dropped Files 10 Domains and IPs 32 Contacted Domains 32 URLs from Memory and Binaries 32 Contacted IPs 35 Public 35 Static File Info 35 No static file info 35 Network Behavior 36 Network Distribution 36 TCP Packets 36 UDP Packets 37 DNS Queries 39 DNS Answers 40 HTTP Request Dependency Graph 42 HTTP Packets 43 HTTPS Packets 44 Code Manipulations 243 Statistics 243 Behavior 243 System Behavior 243 Analysis Process: iexplore.exe PID: 3220 Parent PID: 548 243 General 243 File Activities 244 Registry Activities 244 Analysis Process: iexplore.exe PID: 3272 Parent PID: 3220 244 General 244 File Activities 244 Registry Activities 245 Analysis Process: ssvagent.exe PID: 3328 Parent PID: 3272 245 General 245 Registry Activities 245 Analysis Process: OUTLOOK.EXE PID: 3500 Parent PID: 3272 245 General 245 File Activities 245 Registry Activities 246 Disassembly 246 Copyright Joe Security LLC 2018 Page 2 of 246

Analysis Report http://community.bvp.com/links?lid=uhj1pgvvabulmrx N7vqMvw&token=K1dX7i_dls8_SHDjGF97kg&url=https%3A%2F%2Flinks 6.mixmaxusercontent.com%2Fbn3pERSPa3T5Q3Ey6%2Fl%2FTFEtngSrGq rw7nxmb%3fmessageid%3diupa8nypl6omzudcm%26rn%3diic ldmbpxgbl9mvgkhzvnki%26re%3di02bj5yzulgdpvncjvmc0l2aj9mcalhz vnmi%26sc%3dtrue Overview General Information Joe Sandbox Version: 23.0.0 Analysis ID: 74933 Start date: 31.08.2018 Start time: 17:28:58 Joe Sandbox Product: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: CloudBasic 0h 4m 47s light browseurl.jbs http://community.bvp.com/links?lid=uhj1p GVVABUlmRXN7vqMvw&token=K1dX7i_dls8_SHDj GF97kg&url=https%3A%2F%2Flinks6.mixmaxus ercontent.com%2fbn3perspa3t5q3ey6%2fl%2f TFEtngSrGqrW7nXmb%3FmessageId%3DiUpA8nYP l6omzudcm%26rn%3diicldmbpxgbl9mvgkhzvnki %26re%3Di02bj5yZulGdpVncjVmc0l2aj9mcAlHZ vnmi%26sc%3dtrue Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 6 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: Cookbook Comments: Timeout CLEAN EGA enabled clean4.win@7/168@26/18 Adjust boot time Browsing link: https://reports.zoho.com/ Browsing link: https://reports.zoho.com/zdbpricing.cc?showpa GE=CurrentPlanDetails&STRU CT=true&ZDBACTION=USERPLANDETAILS Browsing link: https://reports.zoho.com/zrpt.js.url Browsing link: mailto:missionc ontrol@rockitrecruiting.com?su bject=salary%20survey%20inquiry Copyright Joe Security LLC 2018 Page 3 of 246

Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Detection Strategy Score Range Reporting Detection Threshold 4 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 4 0-5 Classification Copyright Joe Security LLC 2018 Page 4 of 246

Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Phishing Networking Mouse, Clipboard, Microphone and Screen Capturing Key, Summary System Survival Boot Hooking and other Techniques for Hiding and Protection Copyright Joe Security LLC 2018 Page 5 of 246

Click to jump to signature section Phishing: Form action URLs do not match main URL HTML body contains low number of good links HTML title does not match URL Submit button contains javascript call META author tag missing META copyright tag missing Networking: Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Urls found in memory or binary data Uses HTTPS Key, Mouse, Clipboard, Microphone and Screen Capturing: Creates a window with clipboard capturing capabilities System Summary: Creates files inside the system directory Deletes files inside the Windows folder Searches the installation path of Mozilla Firefox Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Writes ini files Tries to open an application configuration file (.cfg) Checks whether correct version of.net is installed Executable creates window controls seldom found in malware Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Copyright Joe Security LLC 2018 Page 6 of 246

Checks if Microsoft Office is installed Uses new MSVCR Dlls Boot Survival: Creates or modifies windows services Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Behavior Graph Behavior Graph ID: 74933 URL: http://community.bvp.com/links?lid=uhj1pgvvabulmrxn7vqmvw... Startdate: 31/08/2018 Architecture: WINDOWS Score: 4 started Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend iexplore.exe 25 49 started iexplore.exe Number of created Registry Values Number of created Files Visual Basic Delphi Java.Net C# or VB.NET C, C++ or other language Is malicious 8 167 iplocation.zoho.com accounts.zoho.com 204.141.42.37, 443, 49186, 49187 ZOHO-AS-ZOHOUS 8.39.54.100, 443, 49236, 49237 ZOHO-AS-ZOHOUS 32 other IPs or domains started started United States United States ssvagent.exe OUTLOOK.EXE 6 83 17 Simulations Behavior and APIs Time Type Description 17:29:44 API Interceptor 874x Sleep call for process: iexplore.exe modified 17:29:44 API Interceptor 1x Sleep call for process: ssvagent.exe modified 17:30:28 API Interceptor 3x Sleep call for process: OUTLOOK.EXE modified Antivirus Detection Copyright Joe Security LLC 2018 Page 7 of 246

Initial Sample No Antivirus matches Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Detection Scanner Label Link zstatic.zohostatic.com 0% virustotal Browse zohostatic.com 0% virustotal Browse zohostatic.eu 0% virustotal Browse cdn.pagesense.io 0% virustotal Browse jz.zohostatic.com 0% virustotal Browse cz.zohostatic.com 0% virustotal Browse fonts.zohostatic.com 0% virustotal Browse iz.zohostatic.com 0% virustotal Browse css.zohostatic.com 0% virustotal Browse js.zohostatic.com 0% virustotal Browse js.zohostatic.eu 0% virustotal Browse URLs Detection Scanner Label Link https://fonts.zohostatic.com/proximanova/proximanova_italic_macroman/proximanova-regit-webfont.eot 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zdbembedfeedback.b35736cf593175833dffc0528d5 cb0a2.js 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_thin_macroman/proximanova-thin-webfont.ttf 0% Avira URL Cloud safe https://mail. 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_light_macroman/proximanova-light-webfont.ttf 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabbold/font.svg#robotoslab-bold 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zrqueryeditor.c3a2157108cc4b506857d6e0ef3972ce.js 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zrscreengrabber.749f0a8c1f43cc1ada613bac3aa7 1738.js https://css.zohostatic.com/db/v2_zr/themes/common/images/screen01.69d2aad5ad969b3681e3d1a4 d7ec5d88.p https://fonts.zohostatic.com/proximanova/proximanova_semibold_macroman/proximanova-sbold-w ebfont.eot 0% Avira URL Cloud safe 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabthin/font.svg#robotoslab-thin 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_black_macroman/proximanova-black-webf ont.eot?#i 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/ 0% Avira URL Cloud safe https://accounts. 0% Avira URL Cloud safe https://css.zohostatic.com/db/v2_zr/themes/common/svgimages/dialogueicons.d70f71efe7357657 01f537272a 0% Avira URL Cloud safe https://css.zohostatic.eu/iam/m4007.20/css 0% Avira URL Cloud safe https://reports.zoho.c 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_extrabold_macroman/proximanova-xboldwebfont.tt https://fonts.zohostatic.com/proximanova/proximanova_lightitalic_macroman/proximanova-lightitwebfon https://fonts.zohostatic.com/proximanova/proximanova_extrabolditalic_macroman/proximanova-xbolditwe https://fonts.zohostatic.com/proximanova/proximanova_extrabold_macroman/proximanova-xboldwebfont.sv 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_bold_macroman/proximanova-bold-webfont.woff 0% Avira URL Cloud safe https://css.zohostatic.com/db/v2_zr/themes/common/formulasuggestion/zdbformulasuggestion.3 b1e798aa0b https://css.zohostatic.com/db/v2_zr/themes/common/svgimages/datatype.9e7e820a09cc5872ee6fe 3b5ad2de71 https://css.zohostatic.com/db/v2_zr/themes/common/images/color_picker_bar.4ad043696b572e0c 26cf54cb42 0% Avira URL Cloud safe 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://accounts.zoho. 0% Avira URL Cloud safe Copyright Joe Security LLC 2018 Page 8 of 246

Detection Scanner Label Link https://css.zohostatic.com/db/v2_zr/themes/common/styles/f2/commenting.fddb6ed70497f996a73 273a844f0d https://js.zohostatic.com/db/v2_zr/compressed/zaanalysisfields.784d6f866bcc6801117519b2333 ebfdd.js 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://fonts.zohostatic.com/proximanova/proximanova_light_macroman/proximanova-light-webfont.eot? #i 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zrremotedb.a99727c069ecdb24ddb762572a69025c.js 0% Avira URL Cloud safe https://www.zoho.eu.cn/ 0% Avira URL Cloud safe https://js.zohostatic.com/salesiq/chat_window_rare_52/js/cwcomponents.js 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zdbformulasuggestion.ad4ce8d1712c3e338cf7bcd f22525503. 0% Avira URL Cloud safe https://www.zoho.eu.cn/security.html 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zrshome_template.2da1d558b885fbe54fa906057f5 52dce.js 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslablight/font.woff2 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabbold/font.ttf 0% Avira URL Cloud safe https://www.zoho.eu.cn/policy.html 0% Avira URL Cloud safe https://css.zohostatic.com/db/v2_zr/themes/common/styles/f2/db_zdbanalysisviewstyles.d02a5 962adc7aa9 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabthin/font.eot 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabbold/font.woff2 0% Avira URL Cloud safe https://js.zohostatic.com/salesiq/aug_31_2018_1_https/js/siqchatwindow1.js 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslablight/font.woff 0% Avira URL Cloud safe https://webfonts.zohostatic.com/robotoslabregular/font.eot?#iefix 0% Avira URL Cloud safe https://js.zohostatic.com/db/v2_zr/compressed/zdbanalysisviewmode.d9ef2f085e8c3e501c1a125d 88a78264.j 0% Avira URL Cloud safe https://www.zoho.eu.cn/privacy.html 0% Avira URL Cloud safe Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context Copyright Joe Security LLC 2018 Page 9 of 246

ASN No context Dropped Files No context Screenshots Startup System is w7 iexplore.exe (PID: 3220 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3272 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3220 CREDAT:275457 /prefetch:2 MD5: CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 3328 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new MD5: 0953A0264879FD1E655B75B63B9083B7) OUTLOOK.EXE (PID: 3500 cmdline: 'C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE' -c IPM.e /m 'mailto:missioncontrol@rockitrecruiting.com?subject =Salary%20Survey%20Inquiry' MD5: E8D2BEEE0809B48D1DF1B86252EDC0D3) cleanup Created / dropped Files Copyright Joe Security LLC 2018 Page 10 of 246

C:\Users\HERBBL~1\AppData\Local\Temp\Cab9A2A.tmp Process: File Type: Size (bytes): 55153 Entropy (8bit): 7.995722006815289 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe Microsoft Cabinet archive data, 55153 bytes, 1 file true C80707FEAA56B9F5F9F299A70A89A675 2DD4AA8EB8E0AD265AFA6FDEF00FCC1625CA959C 8573C2B9348FD9364D6DF901D44C5BD80E33278D4D4AD705D22C9757FA2B52B3 4E955F122EFDB59443FD78DD5F599AA7C3E03A0014A5404676B382AE85E40304D2DA68EE402E007424F596682E7 86C7E53E2A1D224342ABFB06F545EBC1A3B1F low C:\Users\HERBBL~1\AppData\Local\Temp\Tar9A2B.tmp Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 133284 Entropy (8bit): 6.411417607676471 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: CD81F6A51AEC72583E68BF8219904438 724924A6C906D3953E7B92BD5CC12DAE27C772E3 540CB7459D0FD892B5C540F293E04AA3A049E65C0FB17F3B2E6245B37530C1D0 33FA38041F42317B1E36F673A7E27889483BA691ECA127EDC0A191D9B4F6F663AD44E8AF84948B77A13FD64D4DF C0CB7A178AF64CA16D5A714F41B6264944E2E low C:\Users\HERBBL~1\AppData\Local\Temp\outlook logging\firstrun.log Process: File Type: Size (bytes): 143 Entropy (8bit): 4.9898075906299475 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE diff output, ASCII text, with CRLF line terminators 2D07E6D176BA54F296B2E727E9ECDE13 CA1F17E3742B5C2761CE59E4F944E1BC182B7346 FACFCCD9A92D5AB1F575E7066D5B427D08A0F3CD20AAA7E3FCBB67F4208EBF81 B23B5AE498266A4393A4D0C7AE0B38A0F73EA88E34D3B060109D3819541BD582CEEE7CD6CB5A968428BA8EBD6 D21CB9C49B49A31CB3933F987DCD0BA1CE89F44 low C:\Users\HERBBL~1\AppData\Local\Temp\~DFCEB0B8E6944621C7.TMP Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 92286 Entropy (8bit): 1.8366158406520103 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 35A728283C94C3EF980E980A035B7504 D0C7CC49E854CE6AD26EEEB5CC4586C6CA1FEA9C D6F720FF02835D3EA327866D61212DF76CBD49A5ECC319BAEF9D493A7E992DF6 1B86EBD70034067A9FE984EFDAB71A4473EF6E0305AD6B6E2261BD396B78CC92D2EEA3EDEF47C63E8245EE7A7 274A211D47887B705015707742A396BB7A658AE low C:\Users\HERBBL~1\AppData\Local\Temp\~DFCEF2267F29F25D39.TMP Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 13125 Entropy (8bit): 0.5451891952220189 Encrypted: MD5: SHA1: SHA-256: SHA-512: 9160B1D18682712D8187CE7F603A4C63 B292E9545161B6ED11364F6C1491F7DF074AD22C 489D0D164E28C1D93EE9DF4B409C5AD8A71DB87BE6C2427F3DC082C0A25C75DA B248BDC4F4FD0124394773EA64A8E10C0B3C3F7760B3A7C7179D78DFA12F06C46E4A05178E3370213C3B33E3D65 97D05F55A0F81B9344C330C22E877B7365318 Copyright Joe Security LLC 2018 Page 11 of 246

C:\Users\HERBBL~1\AppData\Local\Temp\~DFCEF2267F29F25D39.TMP Malicious: Reputation: low C:\Users\HERBBL~1\AppData\Local\Temp\~DFDA3E6CA5DFBF16D8.TMP Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 25441 Entropy (8bit): 0.4255349969470275 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 5071824CAE5460AA1D7651E09E996B07 66485F1C03B68E424AD9EE2F025332CAD7D1C4D3 C5DCD470C2EC4AED7579712EC8CD5A5F36CE56987A5A529A10AF7A9C11209E4C 05E075BEA14C4F112AE3C55E4E5DEB11B6E3BB9B30E48724690570EE9423CD714CC2CE71AA43F959432A1CB33 FDB09567FB9D59CCFDB6028C36A515A0030E1EB low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416 Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 2604 Entropy (8bit): 6.936349015335053 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 66AB1579E53AFCCF5038481C19D25AF0 5154854FA9EF64F2F27D7C6C039BDF0DAD3814B1 FA8F31103CBCB150797C4E49D43F6FF150549BCE3D15511C0321478ACDE12AEE F70E91BE7B8E437C98ED40B633A6E30E8E0EB25EB392BD6EF937D09B2A24CA478F18A3CE76F81ACC513781C2F A70BBF1361AFD8CF58A7AC81A06641E0BD7C14B low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\34DA60AA966CD9270C5362E6AEF824CF Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 1548 Entropy (8bit): 7.431771648829539 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 83E10465B722EF33FF0B6F535E8D996B 339CDD57CFD5B141169B615FF31428782D1DA639 02AB57E4E67A0CB48DD2FF34830E8AC40F4476FB08CA6BE3F5CD846F646840F0 A3E6460D4702FA4109658B2BED2D8347FBCD732024C106F3383CA1053CEE7B33AFF122D8926AE68015D80257243 4D5F38160A99F46D82BF05CAF4A432BE9257E low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\74FBF93595CFC8459196065CE54AD928 Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 1400 Entropy (8bit): 7.549127169266783 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 1EDAF9AE99CE2920667D0E9A8B3F8C9C F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0 4F32D5DC00F715250ABCC486511E37F501A899DEB3BF7EA8ADBBD3AEF1C412DA 7B8CC9A44E5E6F490F24545AAA47BAFC9DA58F1E46A03E032130F1CF9A79D0589E17355005C5C5F93B8A6DE6BF 9779A91E1A7CE4A9AE85D88DECBC2E91447AEA low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: Microsoft Cabinet archive data, 55153 bytes, 1 file Size (bytes): 55153 Entropy (8bit): 7.995722006815289 Encrypted: true MD5: C80707FEAA56B9F5F9F299A70A89A675 Copyright Joe Security LLC 2018 Page 12 of 246

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 SHA1: SHA-256: SHA-512: Malicious: Reputation: 2DD4AA8EB8E0AD265AFA6FDEF00FCC1625CA959C 8573C2B9348FD9364D6DF901D44C5BD80E33278D4D4AD705D22C9757FA2B52B3 4E955F122EFDB59443FD78DD5F599AA7C3E03A0014A5404676B382AE85E40304D2DA68EE402E007424F596682E7 86C7E53E2A1D224342ABFB06F545EBC1A3B1F low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416 Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 460 Entropy (8bit): 3.1641937269069613 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: E7E5A3772B60F3B77686218F29C643EF D4ADE4201C77819B6435F2018592F96C3549AEF0 A9D16FCEEDF19E7C73C4A25F55308615D21026A3B5C417998105B1619C872DD7 C2433F8F0D00A2A75593A5753E06DAE86F68AE9522527265AF059D8CADB919485001E6DDECD0A76DB7C4C144B3 04393489675D761FFCDF591AB514503331F1D3 low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\34DA60AA966CD9270C5362E6AEF824CF Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 282 Entropy (8bit): 3.145647940785989 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 13909C47497727B3AF38C373C5559440 6D9322399A8538D6575160FE43EDF09747526188 DA8F5744386B071ABC752794CD9DC971E4F98ECDFDA57165285A0D50A4839CD1 085AE1D1D9F93ECEB1544153C2306DD52F88D140863ACC49F7837E7AA38276C3D8DD5CF2173751B3BF54367711 3584E4372336A9A7B7D4348E47599097BBFC6 low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\74FBF93595CFC8459196065CE54AD928 Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 242 Entropy (8bit): 2.959534183001213 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: AB01F5703032217B4F65346619884ADC 73641D261AC9AA759A5C7308520C05CC203AC6F5 086BC08ADF17DC9A9151560448C827D26C8E65500B5095F19F7AF949751547E7 910102D97000F91C14D9EACA897BD7B26AA980195B584186E051EE5154FC596F1CA00D29D2F20442C8A3973A1E3 0927573012D90EE5D0CA85F9474153F18330E low C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 328 Entropy (8bit): 3.1463176961953434 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: CB68862351915D8F963EE3173DE2D2C8 E46DBB374B39EFEC1A4D3711997261752479238C 3BDAB47310EE4FFB4ECD214979CBE9ED627F348B94077EEA5ECCFE59FEA58FD4 D2105C0E312F4361414DDBF0D3BE7AF07FE4AEE89B17ABABE844D48882A42BBEB70DDA2528A8A83AA7EED10B FAD389A50C20B6DF2A7BF2FDA293A3946193D1B0 low C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: PNG image data, 16 x 16, 4-bit colormap, non-interlaced Copyright Joe Security LLC 2018 Page 13 of 246

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Size (bytes): 237 Entropy (8bit): 6.1480026084285395 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 9FB559A691078558E77D6848202F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B low C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT Process: File Type: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE data Size (bytes): 3243996 Entropy (8bit): 4.394437060071071 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 27A711D21EC2B6843CA39E9B61E0DE21 597B0033B212177CDF972A14EE5B3ADD778C65F4 77370DEB30379E5CBA93B3EFF1A640F194A6A04E1F149288994F7F9FEC82510F AEE5BF74437B42630064BF789522F9E103F565DA28E481A1703F4362971C0C5F88D65C2EA5F3A30614B8EB527063 1197C27A5BBDA50892F075051C9A1161B5AC low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\HOW87OJW\reports.zoho[1].xml Process: File Type: Size (bytes): 13 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with no line terminators Entropy (8bit): 2.4696704873718613 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72 B7C08752C0BE445DCEADE5CF79F73480910FED low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\K9QJY0WM\www.zoho[1].xml Process: File Type: Size (bytes): 98 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with no line terminators Entropy (8bit): 4.650225090084378 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: BF3F5858E66E7A99CC9844F22EC85079 AFC440704A80FA5E988AF1275C4B2FD89E0BADC0 D1041E0C5B2F636CF54931BB5E68CAF2A69352ED613BDD0B3874078E207E64E5 9824AFFF625016CCBD45F109F9DB5D42100C41783BD63EC00FF71F60AA8F5F4B2E94031C3F608FC6973139D5EAC 16288B46B00C6CF3F8394282318067181749D low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\WVVTKA5S\www.zoho[1].xml Process: File Type: Size (bytes): 59241 Entropy (8bit): 4.896939607731424 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with no line terminators DEB72A7F64C219C41210674391637AE3 314194C4EEA276460F34E8B5332DB3FAAE07CCD0 A762DADDFB9A30AEDD19CA7AC33EAF748A333E730E9EC5B002F059030FBD57AF 0C542F3F2A535EACFED1B3F3E477756B80988FE58622FA4D571C883EAF4446D7B55DB24615C7DFABA753498DAA 7029021E9346C0D7665447651A6CBC9FE1C55F low Copyright Joe Security LLC 2018 Page 14 of 246

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\XS4TRKS1\accounts.zoho[1].xml Process: File Type: Size (bytes): 13 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with no line terminators Entropy (8bit): 2.4696704873718613 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72 B7C08752C0BE445DCEADE5CF79F73480910FED low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE6A6B61-AD32-11E8-B7AC-B2C276BF9C88}.dat Process: File Type: Size (bytes): 36440 C:\Program Files\Internet Explorer\iexplore.exe Microsoft Word Document Entropy (8bit): 1.8939082271471908 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 643AE7E2A972B2EA45D33073B2690C63 340D28A65E0C8C159445263A03CBE692D3B13BAB 0915E4908460EB03D250DB3ECD95DE934D2AA92A6AA06CA171F4FECD31DBB82D AF3DFCBDB23B65525FB27F9FD01997F311F74502286359A30083C869EDBA4E3C545EBAD7751273F685557E53E33 BB8D13BDB76F6F9C4CD3CB17EAB6773FA6E6D low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE6A6B63-AD32-11E8-B7AC-B2C276BF9C88}.dat Process: File Type: Size (bytes): 101830 C:\Program Files\Internet Explorer\iexplore.exe Microsoft Word Document Entropy (8bit): 2.8932557548453772 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: B147DFA64E41909ADC0306E0E3205B1E 0A8C33C7C8C620BA56C07C8F662913CDACAE70E8 82BF4DC8D606245019D0B6808CF31F59E55809B2BBBE3A643BE58AD5405C3EA8 D55A78A07A78A3453DAFD85311986D032A12C13F0BCFECDCA14E3D36097B541DD16C278EC7F8B6B1BF7DE9B26 923BE46F7A39563DD22CEF418D5E38159CC165E low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B8EC8F00-AD32-11E8-B7AC-B2C276BF9C88}.dat Process: File Type: Size (bytes): 16984 C:\Program Files\Internet Explorer\iexplore.exe Microsoft Word Document Entropy (8bit): 1.566103799098918 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: ECFD0F91CB3503777AE7D9EC347C35C9 6DF869ED4239C8D1D3DEAD091E98033ACE57A7CB 75B142887A1E3B50C06981140222225A54E8863776113A0EA32789D0A77FDFBD 1E3AF83FA64C803E2B9B37880BC97215CAF310B9704E9974A8443975D927846C0D1F745301E00B6562D27AA9A76 AF0B2A30C9539E095C5549DFA4576E4F13215 low C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\fb4mf11\imagestore.dat Process: File Type: C:\Program Files\Internet Explorer\iexplore.exe data Size (bytes): 37468 Entropy (8bit): 3.762452334750557 Encrypted: MD5: SHA1: SHA-256: SHA-512: 3A9D665467891E7826FDDA05413F35E1 3D11962F31535679CC2A16167068489012AB98E9 F5D7A17202347920CC31A8F6AE7D7EA66C8A07F6F14DBDA6134036C2A3B59A5A B4FCC8F114165CC3F271009850E7E462C1551A5564101B259B79311DEB20355E3D039C22CB09F57EE69D03085FA DD71D97729C86112CCE5BE565870D996BBF31 Copyright Joe Security LLC 2018 Page 15 of 246

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\fb4mf11\imagestore.dat Malicious: Reputation: low C:\Users\user\AppData\Local\Microsoft\Outlook\mapisvc.inf Process: File Type: Size (bytes): 1122 Entropy (8bit): 3.5559421507431628 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE Little-endian UTF-16 Unicode text, with CRLF, CR line terminators 48DD6CAE43CE26B992C35799FCD76898 8E600544DF0250DA7D634599CE6EE50DA11C0355 7BFE1F3691E2B4FB4D61FBF5E9F7782FBE49DA1342DBD32201C2CC8E540DBD1A C1B9322C900F5BE0AD166DDCFEC9146918FB2589A17607D61490FD816602123F3AF310A3E6D98A37D16000D4ACB BCD599236F03C3C7F9376AEBA7A489B329F31 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\27818[1].js Process: File Type: Size (bytes): 5 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with no line terminators Entropy (8bit): 1.5219280948873621 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 750E2B14C260D45039EDD2046466B4CB 1693AAB1B81546EB945354A7C89D7E55C859D6A7 69AE0CB0EC9CFB72DEB6C3F0B6B17877401B217D4438A5721D2AED2ECED0FB27 2B58721C1E1D73CADE7E79947236445470D1F06B8C7034E43583D96452E593AD4707975F6E899FAF1EAA532CADA 86C00F3A6DDDA5D0F90403C667561073F0E85 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ProximaNova-Bold[1].woff Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: Web Open Font Format, flavor 65536, length 23932, version 1.0 Size (bytes): 23932 Entropy (8bit): 7.975998572231884 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: CA2967A4B3444EF6017F149D93CB452B 1B602D4C1E67A164B292174C9CC2BE2DCFA5B6B9 918BDDAC2406B4CE8AE52BC4EB761A34AB4B5D280D90ADF768987307B26CAC64 4CFF0CDC2D90E77C0A99E05AA978F645B188DAFC1AC8F2BE01629445938C76337E7D958CC3E071B724B51FA8A1 9407E2F73BECBB5626CB9C514F6ACA19EF786D low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ProximaNova-Regular[1].otf Process: File Type: Size (bytes): 94668 C:\Program Files\Internet Explorer\iexplore.exe OpenType font data Entropy (8bit): 6.917040943278492 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 410504D49238E955BA7DC23A7F963021 28D04EB938C05B5158A69A709682D4F0517A59AB 36B59421BDC34FD9869A7541C47D5F157FF19EB183032EFFF759C4D5BE5D9CAE 66364693910E72394B9E8C8711D72A0ED82D58D5D8FBB0D2200FC9BA0BDF07601B8128A0560B30E1B6BF8A56709 9E68690641B99E6B5CCE27C64269766B55735 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ProximaNova-Regular[1].woff Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: Web Open Font Format, flavor 65536, length 25932, version 1.0 Size (bytes): 25932 Entropy (8bit): 7.978985027868433 Encrypted: MD5: 4D1D4E7AA374A4753ECCA78B3ABFCB1F Copyright Joe Security LLC 2018 Page 16 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ProximaNova-Regular[1].woff SHA1: SHA-256: SHA-512: Malicious: Reputation: 424021B165A77D90E50888B0901CA989A41EEA22 29C46EBD77ADBEFB81FBBE6C1CAEA51F469DE442812BEBFD2607C03F4542C6F2 077FA4C642541F98066B4F7909AB61F1BEFC01BC61E16EFA8510AF76BB23BB136F9B0EE27CA2D4E6DEF24D681 C2EEAA0B1B20942FF2CEDCBD848CFC581145EC6 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ViewModeContentNew[1].txt Process: File Type: Size (bytes): 136098 Entropy (8bit): 5.15739262354298 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe HTML document, ASCII text, with very long lines 7432C44FA318F7A40DF8D5BD73476D71 DDCD005A1545BEB1420E4DFC985ADEA676338BDD 667574AC3EDB0ED05E4D51D12A83ABECEBBEA5C99F8FC0355C660032B612C3C8 936F494875D921756457408113DA8F574A0ECD6E2C3A94E1A17049F2F3549D2F9CB4DEC1E61B52269768CDD1645 074DFD20FBE2FB9B7213C0E2DF11B4A3B3E0 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\analysis.e91c3dfc257c5c4029ad2e3ac306abc3[1].png Process: File Type: Size (bytes): 17555 Entropy (8bit): 7.926424727732301 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 225 x 500, 8-bit/color RGBA, non-interlaced E91C3DFC257C5C4029AD2E3AC306ABC3 F8689C36CFDFA3995E7B54FCEF68625E796BBACF 89DE5E21E78F900D7A2C057BC04AF97E835AB147F2FAB6391D7515259C6DD9EE 636858D7A2A69E3D790916C47D8E0ABDBDE8E07C4EBCBA40B5E18638B44D48B25FA5537921E339A48331F2B670 D1CD3FF287B5CE6411C4B3E635F319256987BF low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\analysisSprite.4f76c518c724180f26584d9274744f57[ 1].gif Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 153 x 840 Size (bytes): 8262 Entropy (8bit): 7.839522052096128 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 4F76C518C724180F26584D9274744F57 6BFCB21B348A1800864740D6338C02DAD97A85EC 87DE24F71DBA44727DF2EBF656A5B85F0486C0F76A2E6EB8D0D9DDC39D3DD945 EB923C3E23709EA9B0A42FB123B3B0750EF7E145F6FE1B1452306BD48A8D65EBEE0D6E84421AB8A71FF5A07EB B4BCACD4E240A452AACADA9DF7CA363270D2793 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\blank[1].htm Process: File Type: Size (bytes): 77 C:\Program Files\Internet Explorer\iexplore.exe HTML document, ASCII text Entropy (8bit): 4.638213937886359 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 52C7DE44D4B2EFD5CD44B1E6826BC468 A0B7C03E13E9B942EFCBB5BFD195B4C5F15EE86C 8EF43746D64B11E4A4F2E85359BE1445FF90E2AF5316E89269FF81A9FD5DA773 ECE4DBAE00B425B24C141DD03E94BCDB62D8CA0FE11D57CE031A680E872AD90C95D9D88CE0EB025D659D18A9 D9D1DEE47837D1BA93A3C8613ACD0488997FD559 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\blank[2].htm Process: C:\Program Files\Internet Explorer\iexplore.exe Copyright Joe Security LLC 2018 Page 17 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\blank[2].htm File Type: Size (bytes): 77 HTML document, ASCII text Entropy (8bit): 4.638213937886359 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 52C7DE44D4B2EFD5CD44B1E6826BC468 A0B7C03E13E9B942EFCBB5BFD195B4C5F15EE86C 8EF43746D64B11E4A4F2E85359BE1445FF90E2AF5316E89269FF81A9FD5DA773 ECE4DBAE00B425B24C141DD03E94BCDB62D8CA0FE11D57CE031A680E872AD90C95D9D88CE0EB025D659D18A9 D9D1DEE47837D1BA93A3C8613ACD0488997FD559 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\chartchooser.e6f7f48127e90b3068caa86b39f6c98c[1].svg Process: File Type: Size (bytes): 221584 Entropy (8bit): 4.92287665039942 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with no line terminators E6F7F48127E90B3068CAA86B39F6C98C 4775C5C35602545203FA1912CF0CBEFBA20C4B0A 36F3C3D221C25777C0E8D45E4706D1CEB9524FE4140463B7B9532584E4EDE760 C75BB52C6DFC94BDB7EF118EFED036411FBC2C637F43982D2E683C73622312144BFEA9B624625E375C2597C89A FBEBB1B14DCA61BBD54BC73A893C2CF6C99564 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\chosen.jquery.min[1].js Process: File Type: Size (bytes): 24319 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines Entropy (8bit): 4.984089895373565 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 9E773C89956FA1857D3E8B5384C1FFBA B01359528F2DC84A2FAF28B9BF4B16E37FCCCCC4 F02AC5703A0BAB73B9FBE2FE9B70BEA8C47B5BE36138888D598A787241620073 9A057EEF9E4A5251A74004AD6B102F6990DA3F65299602AD60D326968AFB6AA0AC64CEBE2EEB675B66B9B02E3 861FFD01B636D072BE3F906A7EFA9EA9837386E low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\datatype.9e7e820a09cc5872ee6fe3b5ad2de71c[1].svg Process: File Type: Size (bytes): 9962 Entropy (8bit): 4.43302075098269 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with no line terminators 9E7E820A09CC5872EE6FE3B5AD2DE71C 82549BC5A2C3E295BE71096017C491A57615CA8D 7934CC1887BB7E8150E18DA1EC98F3DCA8FDE0950E20F88A2776A2B3AC226A18 5C9DC676D362117CCE461A94FD018E1CA6E177B3854552B62644EDD70D2B9ABA84C94E7E29A20B91E1CE490240 CF19C007F1714A567FF9ED35290DEC294F3B29 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\e-p-sprite[1].png Process: File Type: Size (bytes): 674 Entropy (8bit): 7.094431135360996 Encrypted: MD5: SHA1: SHA-256: SHA-512: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 158 x 53, 8-bit colormap, non-interlaced 73F92DFE8C96FFC051D97A33BE05A1E3 9C1CE5314EC070177FA99AD245298AE75A1F5C16 6E2D43F72150EC1C11A1F422829F03D674393C11333413998079863924BF41A8 9F39DA5C226670B23DC22149825ADD82F3E4140A55834D86602DF5AD1F3D6BDB3D8DC37F7FD1E9E6A754A1B729 E747608D8F08CF644709584819A08803E167A2 Copyright Joe Security LLC 2018 Page 18 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\e-p-sprite[1].png Malicious: Reputation: low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\favicon[1].ico Process: File Type: Size (bytes): 1150 C:\Program Files\Internet Explorer\iexplore.exe MS Windows icon resource - 1 icon Entropy (8bit): 4.778842760973228 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 28528E6FCD65189B6883EFA9F80A14F2 8150ACACA773E88AD272E33F43730DD9DBA4E67E 55CA7A06D0BD76A4EF5EB4509152E02682D710A2EC7090706A2493DDAA693501 9C95315672390D02EDDC3648D00F23A14A69A8F11BC317BE33F11E149E3B2A6212B7E24FFC0DA56645AF87BA453 BAF131FAAE611B6DB29F2F994F52759FFE92E low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\floatbutton[1].css Process: File Type: Size (bytes): 75407 Entropy (8bit): 5.259220366362549 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with no line terminators 1035AE609B60E0B463A8CB7AC5F313E0 2C0856DD449A9E5CD038CDA900E1137A5229AD3F 93C53462AFC59420AC177A155D05EDA6A7BF7EBB6D6AB5AB23BBA11B395CF8B3 382772B2C61C819DA25A02866781F770F23153F9FF7BA43FF9C700453BA8923C167D2FAFDDB5551EAD29B4622FF C6E9902E776F188522ADCE52BD5A952422F70 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\floatbutton[1].js Process: File Type: Size (bytes): 50902 Entropy (8bit): 5.578137775130233 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with no line terminators 72F509864C00ACEAD156BABCD16C13B3 56211A94B667F3FB6A6DB0D4A99D2C60AAE169EB 7FCD7A55FBD64AB9FF3A871A1F7EA5FEB4E7E645EA9DF70673263F3A6DDB4267 742E61553EFDAEB18CFDFB57671A17AFA08463525147BAB4F76216BD630A9D01F469A9F03296C6F5B074149DD9D D8DF870D24B11B680689F5F11AEC0F2C74BB3 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\gdpr-compliance[1].js Process: File Type: Size (bytes): 12381 C:\Program Files\Internet Explorer\iexplore.exe UTF-8 Unicode text, with very long lines Entropy (8bit): 5.379108493757382 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: B028CE272DCF7846B6B516BE8AD4E7F2 D8C2C379EF32F9A3063FEBE0170F397E330B9BA3 DEA37BCBCA1E55A8CB4CF345EDC0C7A2C1A32BDA20BAD3153180935234455B70 7DB3638EE3B10BC63B5F14B6A20EB0153F93C01EC16313EAFB5E9B1A36EBED40D28FA0AE32FDB4F286C74E56 E814266AF51287FAC9E13BCC2C59FFC4A958B5D8 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\getipinfo[1].htm Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 33 Entropy (8bit): 4.377727452691787 Encrypted: MD5: 670D02E8309A82F7B423E2DF42044DF1 Copyright Joe Security LLC 2018 Page 19 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\getipinfo[1].htm SHA1: SHA-256: SHA-512: Malicious: Reputation: 037F4D1BA9F5CAF574B8022913EB204F7938370B 3AD85A13C0832A7610703EC70BB8758AFE1511293C880AB3A4BEBDA4F5DA1C88 CB31D6C04A9D961013FB0F573969546E2E141C1C4B963D3532B322E3D1BDB9AE008DC1850620857E6E53179CAF D21A3A564B48F858655684E0264E670A07CF8C low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\global[1].css Process: File Type: Size (bytes): 136859 Entropy (8bit): 4.964215433043854 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with CRLF line terminators EB7B84A19BA4C066DD07E12E30EC33D6 EB21158A918FB46E63BA77AA87CD97124FEBD0B7 EE30D1763613156D1B35A02A5981E57C88195A8C26C48F741DC876597AB8FDA1 137BA133518970185B0443FABA58708C037A2284618C10D3C5C5A860FB06D0959432E940A655315633961F6C141A1 F0AFACA5CDD98790429698309BB7DC7268D low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\icons-new.8e4a877de6ffc75893a586fdfd613e98[1].png Process: File Type: Size (bytes): 16832 Entropy (8bit): 7.9474379769328785 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 250 x 300, 8-bit/color RGBA, non-interlaced 8E4A877DE6FFC75893A586FDFD613E98 956E4C2C7BC3EB9F2526C9ECB2C9DD5DAF2FE128 4E1D0E4FA577298735B49D622640C0A155B1AD73211EED538EE811F86D176793 F0A532D6570A8B229BF1D60B7975C47674C61F65F6E91D954B22CCE7AF6278706878D9759888E8ED6CF91228DB6 A4DCA2ACE400A7978940123E772474EE80369 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\product-icon-sprite[1].png Process: File Type: Size (bytes): 24129 Entropy (8bit): 7.96170913186112 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 380 x 270, 8-bit colormap, non-interlaced 2AAE54695736113D6048CAB45250BFFD F6871E09938944684C1462D9688C17936900A6F4 BDFF030A4D2E9C5F3386A9C71241F05252693A7D772929823614626DCE4F14CF 71D2710AA90EE59754B592EFEE5CD82B1C8207FCCA6F9A9FD798B26B572138CAA33E6D598CE97D9579EEC3D1D 7735D10779FE715AC751DDF5D238DDCF3402084 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports-home-screen[1].png Process: File Type: Size (bytes): 176870 Entropy (8bit): 7.98298205270291 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 1280 x 800, 8-bit/color RGBA, non-interlaced 8BB0D19B68B02139417AA167A9445F8A D4DD1B08ACABD7FD2E14ED3B6E40B43F3829D7DD 8368567AB639D45BBBF899D8917C22B0CD4A9F7436127E075D62F4FD6301F56D 9BA5985C2CE489CC8691A95FCCDF3BE66D63D95951E287594C220EF29C12B7FC721DFFC02DDCAD8CEA619C1B E89094DA48C46692B1F7AB2F0DA612A0B25E7C8 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports-mob-home-screen[1].png Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: PNG image data, 380 x 730, 8-bit/color RGBA, non-interlaced Copyright Joe Security LLC 2018 Page 20 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports-mob-home-screen[1].png Size (bytes): 54674 Entropy (8bit): 7.97989942096916 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 352AAA54A61492C26E33A4D9726DDBA3 CD86940A14648FE720DE0F764E6C9197CFAC49B5 6EA3B7F42458EA012DBD249EF51E02F032269AF5FC59268C6B04200160E9D64A E487A1F7AC151CCEECB3DA5B03343B79C8092B789609C0392AC0F44024AFDE4BEDAAE93F60EF3A7E50CC795A 7BF170F8006CADFB8C0A420797EB41A5A360DE89 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports-mobile-apps-poster[1].png Process: File Type: Size (bytes): 26937 Entropy (8bit): 7.932170031223089 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 640 x 630, 8-bit colormap, non-interlaced AAF9307D92F4391058CE1A85F2E0B2E3 2BE174C4F8D0B1A8B7A71C237463CDF8B48E94AD 661ADB5B4AFC9B6774BEED2F6E72A68C73C0FC4AEABA263EC1B641728AED6264 4670010811DD8260707EA4D8993D6DBBFD49ACFFDFF2211CD01F7200A6CE82D75322646D01256FBD770508933A0 15A409AD4BFE50E6E581E97F88F7976648219 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports-testimonial-poster-2x_0[1].jpg Process: C:\Program Files\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01 Size (bytes): 50068 Entropy (8bit): 7.823078568496013 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 4505FE8A326482B91C16E96E66C920BA 8029547AC29B4BEF4636F18EEE4908415E79F26D 628C6E536E9421FB23F441200758906CD5C9C115EEBFE51A5255E79EDBCAE2F2 A910D128DF300842913B64030A643BAFE27D8571A8A1AF0E6EE5A2F3B46958E4077C74B14B0E55CCE75CB077F6 2D3B93F09FB9B647CEACB8B12178389C439037 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports[1].css Process: File Type: Size (bytes): 13203 Entropy (8bit): 5.003957327617988 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with CRLF line terminators 0F74F7F5325886F3DA894D950229ABB7 748AE42D1B61E991FF8BB8992FBD5FBCA514ECF0 035351D83C2637C8D1C6FAB063384C887BD57134DFB163733AA0A26BF9837AEE 8564A3D5B354E0BBC2ED0D409BCA1051F5AFCF884DE0A0695116EA5358ACDD2095B5A67E3D28113D6954270755 119E88180D06CADB50AFAFB824C448B2C3CBDB low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\reports[1].htm Process: File Type: Size (bytes): 34503 Entropy (8bit): 5.136650318816203 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators 99AA1A58571B5240F1D35B989A880CC3 F9EE73E18187A9DE7D147B188681F802F850AA4A A161E0716DCCF01E9AF7FF5E307CCEE59CA45A517FC2D11A6E21D3C3BD5E41E4 057963072A4FFE2FACA2F14A49D430A278404CF7824C91BCE76179B6680948797D2A9273397D4C954BFA66BF6996 CA5F93313BDA99715583A14F3D9BBAF10FF1 low Copyright Joe Security LLC 2018 Page 21 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\urlblockindex[1].bin Process: File Type: Size (bytes): 16 Entropy (8bit): 1.6216407621868583 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe data FA518E3DFAE8CA3A0E495460FD60C791 E4F30E49120657D37267C0162FD4A08934800C69 775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7 D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A 81AC13A69E49A6A2FE2FDD0967938AA645C07 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\widget[1].js Process: File Type: Size (bytes): 84025 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines Entropy (8bit): 5.475308582745333 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: BC40E87EA555DE6BEACFC3CC716B3D7D FDA0B59474F66061C091374D91E6FB372FB3C18B 1593A09648A433AD38B576DCC3C49EF9CB224C6DB8514B391BE0CA23405420DB 694F005EE3D36FF003B7DB7259C8146F13E4208B20B86F9DD359E3A9175A9E7D3C2F9BE50113D9233569B1437FA 49193226D093E3982F4A16392C4AA20A058BF low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\zohocustom[1].js Process: File Type: Size (bytes): 173209 Entropy (8bit): 5.433957988401668 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines, with CRLF line terminators 62BC373D179CF2D0DF81CACE4CA68904 1E6840273BDB9DC460582419425D268002264C08 E96A575130B146DDE2FBA0D699E29EB19BFF69933FE54EC9D4BD8D190CF84D41 402D63B67B0611F6E15EF0EA0D4542F27A9FEDE9F5C89DAD0D9EC1F003831715518A5C2F4A09E0B2D8E13114B9 06EE98FC9B1A281BECB6C3DCC938A3DAB09A43 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\zone-sprite[1].png Process: File Type: Size (bytes): 36487 Entropy (8bit): 6.139776046683191 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: C:\Program Files\Internet Explorer\iexplore.exe PNG image data, 500 x 58, 8-bit/color RGBA, non-interlaced D69D6529E8E48267D93B683712C9BAF9 EB2BCF1D2F0B0EFB7FE4BD7F2F2109DF3525E05E 228FE10D1AAFB4F47EC5D635B9B79AB01896C70724AEE3F953CEFFB928B04B2E BA7B42A9450EEA6A01EF35376E65F3A494611AA4F5E284FB2914BBC8F48BF2D6F5AE0AC99CF2469C28596CC954 224B607EF1C89F5A599DE9F135C04ED372C1EA low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\zp_home[1].css Process: File Type: Size (bytes): 49767 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with CRLF line terminators Entropy (8bit): 4.8513144181940655 Encrypted: MD5: SHA1: SHA-256: SHA-512: 0E353EAF20E0B03B438431ABF32B4367 C7208EE57E0BC66336B6D47DC8FB5D58263FDBC7 825811DC230D57530CB1600EFFAD300438BA20658F530602454DEC25FA9840A7 4280F9D68C1CD7EC15B45D79E3FA4B8B0F43E4AFE19FF27832EC90B9DA049CB0382BFDE56EDDB42931C69B264 4EA06202E271E1D8205EC3AB199746534A74C2B Copyright Joe Security LLC 2018 Page 22 of 246

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\zp_home[1].css Malicious: Reputation: low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\zp_home[2].css Process: File Type: Size (bytes): 49767 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with CRLF line terminators Entropy (8bit): 4.8513144181940655 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 0E353EAF20E0B03B438431ABF32B4367 C7208EE57E0BC66336B6D47DC8FB5D58263FDBC7 825811DC230D57530CB1600EFFAD300438BA20658F530602454DEC25FA9840A7 4280F9D68C1CD7EC15B45D79E3FA4B8B0F43E4AFE19FF27832EC90B9DA049CB0382BFDE56EDDB42931C69B264 4EA06202E271E1D8205EC3AB199746534A74C2B low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ProximaNova-Sbold-webfont[1].eot Process: File Type: Size (bytes): 22742 C:\Program Files\Internet Explorer\iexplore.exe Embedded OpenType (EOT) Entropy (8bit): 7.973625980033963 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 44012B2694FBCBE472DB9FD409EEAABB 6BEE2C478807D1E8C3F37A95BE99B7E604FAFD11 25B2FC8E05BC9E82DB73560EA2E6A519597FBDEA2EAEC9181F33C3DE1EC0A2AB 27A9E7AFCC64BD149DA16841DE735B2CD2AE9512122952BD9E22DECC1850A5C2F31D534E89CB558C6A7DD729A 5B6F28A51C07550BA7247DE301C4917CBCFF2EA low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ZAVMFilterCompressed.6f64ab00aaee869af eb51a6170d1eb3a[1].js Process: File Type: Size (bytes): 299821 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines Entropy (8bit): 5.339946422948269 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: 6F64AB00AAEE869AFEB51A6170D1EB3A 1D4247EFB3FEE6C59FD04D91084A33C116890477 26DB9A7D10EAAEB6A057DDCCD0F3A5ED2583BA130BD55AA81B4322E9FE6175F2 1CB0B3C118D44C4DE8944420F5894F21C7DFF0E5656AC2414A73A7D60D919D7C105CFAF9B0AC2C88FAF0B8A47C 5D1992D65A4C842797FA388E365CF99C07DD49 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ZDBAnalysisViewMode.d9ef2f085e8c3e501c 1a125d88a78264[1].js Process: File Type: Size (bytes): 383686 C:\Program Files\Internet Explorer\iexplore.exe ASCII text, with very long lines Entropy (8bit): 5.448172718924059 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: D9EF2F085E8C3E501C1A125D88A78264 DED91C4F3BE4DA3901CC5EB38054D2A76364E916 99745BA0FB41B783A72E1DE2E92C5D79EAFE7638AC5B24F7BBA9C19D99046DD0 6F0372FB7CA631B42765043E6E79C0F8D705CB1A5ED4D2A9A2AA122F9FF292AA172BAF2476205055A481950BF57 6F8FF043E7CB5519AB459D4A0145162A5A6E4 low C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ZRChartVendors.6fc3e78abc67a57fdefca882c3680d03[ 1].js Process: File Type: Size (bytes): 1228560 C:\Program Files\Internet Explorer\iexplore.exe UTF-8 Unicode text, with very long lines Copyright Joe Security LLC 2018 Page 23 of 246

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback