ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

Transcription

1 ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

2 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Networking: System Summary: Hooking and other Techniques for Hiding and Protection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted URLs Contacted IPs Public Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Table of Contents Copyright Joe Security LLC 2018 Page 2 of

3 Statistics Behavior System Behavior Analysis iexplore.exe PID: 3348 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 3404 Parent PID: 3348 General File Activities Registry Activities Analysis ssvagent.exe PID: 3476 Parent PID: 3404 General Registry Activities Disassembly Copyright Joe Security LLC 2018 Page 3 of 69

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 20:04:11 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 2m 42s light browseurl.jbs 5/2120.jpg Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: Cookbook Comments: Warnings: Timeout CLEAN EGA enabled clean0.win@5/60@10/6 Adjust boot time Correcting counters for adjusted boot time Show All Exclude process from analysis (whitelisted): dllhost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Copyright Joe Security LLC 2018 Page 4 of 69

5 Strategy Score Range Further Analysis Required? Threshold true Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample HTTP request are all non existing, likely the sample is no longer working Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Copyright Joe Security LLC 2018 Page 5 of 69

6 Signature Overview Networking System Summary Hooking and other Techniques for Hiding and Protection Click to jump to signature section Networking: Downloads compressed data via HTTP Downloads files Downloads files from webservers via HTTP Performs DNS lookups Posts data to webserver Tries to download non-existing http data (HTTP/ Not Found) Urls found in memory or binary data System Summary: Searches the installation path of Mozilla Firefox Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Found graphical window changes (likely an installer) Uses new MSVCR Dlls Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 69

7 Behavior Graph ID: URL: Startdate: 14/06/2018 Architecture: WINDOWS Score: 0 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend started Number of created Registry Values iexplore.exe started iexplore.exe Number of created Files Visual Basic Delphi Java.Net C# or VB.NET C, C++ or other language Is malicious 6 76 googleapis.l.google.com , 49166, 49167, 80 GOOGLE-GoogleIncUS , 49168, 49169, CONFLUENCE-NETWORK-INC-ConfluenceNetworksIncVG 13 other IPs or domains started United States Virgin Islands (BRITISH) ssvagent.exe 6 Simulations Behavior and APIs Time Type Description 20:04:45 API Interceptor 2880x Sleep call for process: iexplore.exe modified 20:04:46 API Interceptor 1x Sleep call for process: ssvagent.exe modified Antivirus Detection Initial Sample Source Detection Scanner Label Link 0% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link a1490.d.akamai.net 0% virustotal Browse Copyright Joe Security LLC 2018 Page 7 of 69

8 Source Detection Scanner Label Link googleapis.l.google.com 0% virustotal Browse 1% virustotal Browse neighborshame.com 0% virustotal Browse cs9.wac.phicdn.net 0% virustotal Browse dt.gnpge.com 0% virustotal Browse a1621.g.akamai.net 0% virustotal Browse 0% virustotal Browse a1961.g.akamai.net 0% virustotal Browse i1.cdn-image.com 0% virustotal Browse i3.cdn-image.com 0% virustotal Browse pxlgnpgecom-a.akamaihd.net 0% virustotal Browse ajax.googleapis.com 0% virustotal Browse i2.cdn-image.com 0% virustotal Browse URLs Source Detection Scanner Label Link 0% virustotal Browse 0% virustotal Browse media /fonts/ubuntu-b/ubuntu-b.eot? 0% virustotal Browse 0% virustotal Browse 0% virustotal Browse media /js/min.js?v2.2 0% virustotal Browse media /pics/12471/bodybg.png 0% virustotal Browse 0% virustotal Browse media /pics/12471/search-icon.png 0% virustotal Browse media /pics/12471/libg.png 0% virustotal Browse media /pics/12471/arrow.png 0% virustotal Browse 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Copyright Joe Security LLC 2018 Page 8 of 69

9 Domains No context ASN No context Dropped Files No context Screenshots Startup System is w7 cleanup iexplore.exe (PID: 3348 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3404 cmdline: '' SCODEF:3348 CREDAT: /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 3476 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A FD1E655B75B63B9083B7) Copyright Joe Security LLC 2018 Page 9 of 69

10 Created / dropped Files C:\Users\HERBBL~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): BD14B3FD3C5C08EE23A0DEFE30C D2196D22B44DB9A86A843EE811402C7164 D6580E2E7F5FB72D5648A6700C3F6C9AC3ECCB0ACF13FCF52AB0F A5A6 B479BD17801E28A319F22CCAAE74DB630968D091C45CE59EC9BE0277F295CE8FC59D5C FC98FEB C7C521397C35788D21B5D4F409A1BA75186FE C:\Users\HERBBL~1\AppData\Local\Temp\~DF CC2E60332.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): B39E743F4497CA7C C5B9D8DA66A222ED37099EDBE14CAFAAD6B79EF 47853E92B7CDDC2309B4A43EF461E58915F0DEEB F34771DB194045ABB 2ED F9C5BB03E5D87F460DA8C513BDB3E4D6E733428FF0A89AFC61D7FA EA06BFD2111BE18 9BEE B74F9CA94DC7A87A88089E36515 C:\Users\HERBBL~1\AppData\Local\Temp\~DFC53A315F7F90B604.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): A32234D5CB12B6C9334FADDE4B68B0A C995543D5655F3C7745AB5ADA F27956D 00B1C4702CC0F31840E33A6D10A383AC15443BD0526EFACA5F5E E9F5 D4B356C41520DDCC7D686B87B0E4FC4921D305713A1E58B63D5EC239C2BF23E6863C67CAB4C D4C3F895 7C7631A68D2CDA1B1EDFF0F42571BA59D6A0A7 C:\Users\HERBBL~1\AppData\Local\Temp\~DFE9FF072F931DEA10.TMP data Size (bytes): Entropy (8bit): E0B16F25ED48D002E4D46CA15E83 71D655649B931A1F91EBAE8586A5D739A521D9A5 80A0B39F0F2B85569A32C2DD6DAFE6C B0FD14675A7E0EEA750A4BD22 E8026C4DC8BA1051E A169A921A8AA5B06A204AC691A90370E663F08260C5794A E93820F6416 CDE29A67C23461E986E2A58ADACAB76ECA06 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 Microsoft Cabinet archive data, 6509 bytes, 1 file Size (bytes): Entropy (8bit): B95F90C3BEA1D0E7ECA664B8FA01A720 A2ED44DF03C6971C0A7C335ECEF8D996D6BC0652 Copyright Joe Security LLC 2018 Page 10 of 69

11 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 D82B D19804D73473CE65D84C4F7D64E453041A9B30CF96C738AA0C 4DB9F495F3B3E39D89685FEDD1F0C715E3C3B0D FB3F51D2B454943E7AC34B1F871C435299B799FCAF3F8 13DAA3BB67C33B221D27C721CCF0F4D67C033 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E0 4 data Size (bytes): 471 Entropy (8bit): F0210FCA CC216A E2 D10B86C6F353C30D98B55BFCAADD40E7D493397C 397AD878DB2D20AFD65BA634252E B089E1C9526BD D1221F9 C5CA0CE0D36CB0716ECC6E37F96C261EF4E992C6C6B03D7EF703252D5494DE7AAFB222089C8BEC0A52ECD39D CF B994898E994C7D29C8C513BB690DA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 4451 Entropy (8bit): CC16E9EC39581AD2A78559BC94C405 F6FDACEB7ED846FDE1AB F71A E003BC8BC529ECBFEA8959C133419A17DA67B69BC835BA5B237040AF3FF1 DCE5A7DE47BA3BC14FDA89BCF76F5E0208EA B03C157A1A3D92A2BDCF10E33AAF4479EE31A66DA069 EE62815C22C71C9DC3AFEA81128D6E B C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 684 Entropy (8bit): D4D74F922CA7A66B158A0A51BE9030F3 CE F37C3F4E9ACF74E181F2CBE423EF F FAD922D8199DCC912DD7E38D6F1F95FEF B66DD42D2E0365F 9F70AC110D A43B8A8905CD91F133EE2D2EA39709BA4B2A573B9DB1ADB3DAE1763BD5B5E CF 604D90EC86FDB27F8314CB7CD9EA3BB581FEBA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E04 data Size (bytes): 434 Entropy (8bit): B61193C33D0707FFACF0E3C0CB4D DDBCF2A0DA60F7D50BBA28C938CE101C5C BEA23ECA753DFF76AD66A95AB365D6826C04550F AD51A1A8E21022D 7CC7A45430C92B4CE83A7889D41EE3C34D4667DF9C5B64CE8CDD282073AD013061A5A687866E730CACF9BC3D7 7A127B FCF731ED32D72243E837B001 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F data Copyright Joe Security LLC 2018 Page 11 of 69

12 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F Size (bytes): 226 Entropy (8bit): E5CBAD81C1302F81169CD7CFF78496 A2239F111BCC5A9BC79170CE369F9D0B9C9B79EB 646AD1A9B89758E1B867B0366AC591CE2997A93A23798C FE011FCB4 1564D15937FFA379FF12B6DD3D6E849A8A0B70F EB2EA7C2F25F66BADD57E62CAC937B11A213899E97C FB9942D9C75C9F8691BAA9B9B226BA57824D1C C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D f-A0FF-E1416B8B2E3A}.ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\4I9V514B\ Size (bytes): 126 ASCII text, with no line terminators Entropy (8bit): D4E2EB7839BB30B44D908C881B703F 33744D58B2FD94752AF5C3171D64D969FE71884B 8628FEB19D53D9D72AAF52A1BAEE EAE816A6343A803BD03F354C66E 2FB68EE9E5060A753BDED655301A918F7A97BF7B3EBF11138EAD01D7D03F9CF3B1B8B1A2F7AFDB302F2A94A0F 3E467F1AE81B9AEC780B61D9A865F3B186F71FD C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\RSJ7BDVP\pxlgnpgecom-a.akamaihd[1].xml Size (bytes): 128 ASCII text, with no line terminators Entropy (8bit): D FC2FFF8B255385E798009F5E 0F47CDF56A21AFA1A40269E2B E7D8DF1A 3EA7877FBD888F0DC110689CBF4B0820FE862FD44213E3348BBD48F163A9C26A 13E9C787514F8997F533E6B762637F61DE68983D99BBBF85C1E4321D61E04E8024ECCBBEAAF7A3737B72626D57F 7BF5FC7238B90793D2BB53FA3A3E6BF029FD0 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6AAFF151-6FFD-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): DEF4DBA85C E280D26DE1B F3056CAC87C20B7365BCE BAC D21394F3211ABF61EBD632E3092D83F06B4DEC0BCE1776E0ABBED6BDCC70B E5B7423FF210C4164D8FD3EBBBEDB691DA8EFCB4FA0E06682BC083F972ABA4AC42460D09137D55FBE137C9CA BAEFDD8443D8080C133AE979F68C3BCEB994CB7B Copyright Joe Security LLC 2018 Page 12 of 69

13 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6AAFF151-6FFD-11E8-B7AC-B2C276BF9C88}.dat C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6AAFF153-6FFD-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): D649A811958EDF73B7CA1988AD60EEC 8E6712C84A91874A9E4F15EA174EF273F06A73A0 7F68854F24EB D94F8A1308B45406C2380DEB7F1E234B5DC645483A9C2 6E C35249C8FDE67A6242D36E7A5C38C26AF4A35137DCEF BB33690E37B542DB90FC82D597F06E0 A46C21414CA4C87DD73A31A3A683431AC1B67 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7205C1F0-6FFD-11E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): F8B1600B1F AAC83E2C7 4AA8886B8DC5035F1C59DD A A1176ECE7E05CDC9BE5994F0E2FE065B8F3E2A1D465937F2A80A67E1270D F2F57DF61F4111E3CD41FAFBBB912D548295DBB261BDB8E8B724B9D281CF7792F4732D5FA3E492A8F3926B583C 1E9E357313B6937DD220C8C0ED08FA71F2A338 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\G8WMBG43.htm Size (bytes): Entropy (8bit): HTML document, ASCII text, with very long lines, with CRLF, LF line terminators 07E24E0C6405CE D8B79D6 CF3C EA7AB6CA2D2B53EBC9488F49AAF62 4B17A62F212C F25B66E C5E18CB36DCEB0A10BD414C74FAFB 8138B9CE0CD720F8640F3CBDC1300FE3106D4F317630F8F131B1540F038DAECF498E2A8C57D85A0BC9F9066E82 7FED17E279226CF21EB24C73699DFEEAF9706 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\arrow[1].png Size (bytes): 1060 Entropy (8bit): PNG image data, 12 x 19, 8-bit/color RGBA, non-interlaced 9B3B30BF536E8E02958B60FE30988CD3 1614DF649E959B231E3F33EFBD33A69C0AC1B C4A249C5EEB F5314AF8F89E7A7CC583D8BEF33950F60CF0214D0 6CBF1A93E9CC752693A741EB3E51F6788F A8210D6691E27A323D98D9462CD0363DB748F8AD6EB26681B 1BB4C15DBCB3C6AFD3A1366A81DFA1B60E1C1 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\bfp_ssn[1].htm HTML document, ASCII text, with very long lines Size (bytes): Entropy (8bit): B33A C7A8CBE521D624C02D0C6 AD1EF9878B2DD66F45A16D744C208F4E649A0575 Copyright Joe Security LLC 2018 Page 13 of 69

14 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\bfp_ssn[1].htm AFBC3DEE7BCD D6C310E8F EAA360CE1AD9C6D2CBBD9BA2F A884B0E31F5385AB397B F6EA EA7E31223DE71D6C2843BDA414B701FDCB30AEBCF746BEB9 41B016CD03E49FCDE2F F99B4B2686 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\cec[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\cet[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\favicon[1].ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ptmd[1].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ptmd[2].gif PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced Size (bytes): 70 Copyright Joe Security LLC 2018 Page 14 of 69

15 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ptmd[2].gif Entropy (8bit): CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ptmd[3].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\ubuntu-b[1].eot Size (bytes): Embedded OpenType (EOT) Entropy (8bit): D5E2A6F3D6F461B69B292A47E B53278AAE736142A4BD5EE266CF67EF538C0AAF9 F61D164B9E4C3DBDBE6F34B7D9FCA55A3B9DAE1929AA65E FD B081082BE433ED91E6BE46FE5E8D340B542ECE916E70637C2B8F5FE4B6A9567E5443C4EB289F126E508E EBDB5E6468BE2397A7DD11FB07F63A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\bodybg[1].png Size (bytes): Entropy (8bit): PNG image data, 1637 x 921, 8-bit/color RGB, non-interlaced 5082CE2CA4166A85AC3651BC34EC3EC A6DF2FCC07A2318A8459E282F93E45FAE E5C A8E9ACB1E966ACA9D01F39A D1A4811AD26CD48234A1F 8A55A33524EB7CBE54D79ECD72C559AEDA70C788DFB3D137B405A15B315E3AA16A E1F3DE11E BE4B4AD98D0CB3F44EE2D98FA16D3161E757A1A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\browserfp.min[1].js data Size (bytes): Entropy (8bit): D3B760BBF61617B5300B16C1F54E084C 9A9782CA46B36331D9ADF129BFBC095C6B1E0DE4 C7A98BFDF828BBBE9A9FFC F4D475C0DCA5D F88B0742DEDF D90959CDB D9AC428FEB5610D354B65FEA2698F02CF8390B06844D394CDC324D4CBE7F9C615F0 D9376D723AEC D839D07AD6D3 Copyright Joe Security LLC 2018 Page 15 of 69

16 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cec[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cec[2].htm Size (bytes): 4 Entropy (8bit): 1.0 ASCII text, with no line terminators D01DFB750618CD60DD3CB365 8D61CFFC6D854E69F07F013141F0CAA4C22D41EB B0EEC9231AE82C7FA5FB54EDF7BEDE438134A74DF81A7FCEECA068B6F09C C D6A A61113B0FDE FA9EF43490DB1E6DCCE2D1410C4F0DF9AFEB54AB8F7F35 213FEBAA4F0C1BB43F6601DB8F388F09AAC5E C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cenw[1].htm Size (bytes): 36 ASCII text, with no line terminators Entropy (8bit): D9CE9C7B AB0968B4362E7F F2A1D085E17269ED CCD6E582F3 9933E0F714B035F0C4FE31BA243B69C5C2268D5329C0CB D6A429B94D 9748CC393C9A42256BA954582A0B33CF7D7E3965B04E98E43B692EAC694D65ADE606E924283F7525A69232D6EF1 F76275C93D035C0BE E3AE A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cet[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cet[2].htm Size (bytes): 4 Entropy (8bit): 1.0 ASCII text, with no line terminators D01DFB750618CD60DD3CB365 8D61CFFC6D854E69F07F013141F0CAA4C22D41EB B0EEC9231AE82C7FA5FB54EDF7BEDE438134A74DF81A7FCEECA068B6F09C C D6A A61113B0FDE FA9EF43490DB1E6DCCE2D1410C4F0DF9AFEB54AB8F7F35 213FEBAA4F0C1BB43F6601DB8F388F09AAC5E Copyright Joe Security LLC 2018 Page 16 of 69

17 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\cet[2].htm C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\kwbg[1].jpg Size (bytes): JPEG image data, EXIF standard Entropy (8bit): AC32F78C89E9E21E66009A46E538E8CA 6F28CA89ED5E69650C93B230579D774EF586F273 F38235E9EEEEF5F8B2E931C53A950B8AFA0691A4F8BDD32FC CEE71FC 51A24F429C5BEAE9E703C371B2BDF77A E8AE0BEE572E76DE4AF E81FD28629F5FB58B80B8EED 4C92AA8DCF0E6FEC8CFEF87CBE318422A2C9BD C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ptmd[1].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\ptmd[2].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\px[1].js Size (bytes): 346 Entropy (8bit): ASCII text, with very long lines, with no line terminators F84F931C0DD37448E03F0DABF4E4CA9F 9C2C50EDCF576453CCC07BF65668BD23C76E8663 5C1D5FD46A88611C31ECBB8FFC1142A7E74EC7FB7D72BD C880EF3F584 AFC3089D932FB030E932BF6414AC DD51D164F09635CA09CBD8525A B6AA24E972E7766DDF CC1EC416DE8B A89BA781F8C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\cec[1].htm ASCII text, with no line terminators Size (bytes): 38 Entropy (8bit): DDE60AD5DEE2DEFE8F4DC37BBED1 Copyright Joe Security LLC 2018 Page 17 of 69

18 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\cec[1].htm 6C3B1E36402DC91450ECF89ACE3B10FBD A75BBC4B673CD D95E1E9A0DBD7B637D8BEBF3A41AEE83DDAF4A92944 A7314E0DA78F8529C614F5A31FDF12B2217F17F73A57AD50F883D05ADC6FC69558B3453DBC8C7737F8356B9D80A 2949D8E853F93486BF1DB B04ADA5AA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\cec[2].htm Size (bytes): 36 ASCII text, with no line terminators Entropy (8bit): D9CE9C7B AB0968B4362E7F F2A1D085E17269ED CCD6E582F3 9933E0F714B035F0C4FE31BA243B69C5C2268D5329C0CB D6A429B94D 9748CC393C9A42256BA954582A0B33CF7D7E3965B04E98E43B692EAC694D65ADE606E924283F7525A69232D6EF1 F76275C93D035C0BE E3AE A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\cet[1].htm Size (bytes): 38 ASCII text, with no line terminators Entropy (8bit): DDE60AD5DEE2DEFE8F4DC37BBED1 6C3B1E36402DC91450ECF89ACE3B10FBD A75BBC4B673CD D95E1E9A0DBD7B637D8BEBF3A41AEE83DDAF4A92944 A7314E0DA78F8529C614F5A31FDF12B2217F17F73A57AD50F883D05ADC6FC69558B3453DBC8C7737F8356B9D80A 2949D8E853F93486BF1DB B04ADA5AA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\cet[2].htm Size (bytes): 36 ASCII text, with no line terminators Entropy (8bit): D9CE9C7B AB0968B4362E7F F2A1D085E17269ED CCD6E582F3 9933E0F714B035F0C4FE31BA243B69C5C2268D5329C0CB D6A429B94D 9748CC393C9A42256BA954582A0B33CF7D7E3965B04E98E43B692EAC694D65ADE606E924283F7525A69232D6EF1 F76275C93D035C0BE E3AE A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\jquery.min[1].js Size (bytes): ASCII text, with very long lines Entropy (8bit): E0E B222245DEB26B6AE8BD940 E2F3603E23711F6446F278A411D905623D65201E 89A15E9C40BC6B14809F236EE8CD3ED1EA42393C1F6CA55C7855CD779B3F922E 60740DA8F871B DB2421B0E565FC18E95C772F7C3D5916F224263CD71A6A2E6ACCEAB2F6F8BA1C F0198F525D87D0589FA57045B1D5F292DACF0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\libg[1].png PNG image data, 41 x 5, 8-bit/color RGB, non-interlaced Copyright Joe Security LLC 2018 Page 18 of 69

19 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\libg[1].png Size (bytes): 1092 Entropy (8bit): B06CC0EE3C9BE723861A2FE8F3B594E6 4382BF913EA359024F00F6D95F93154BEC2B7475 3D876C43F21D31D03EEF6D5B51E9CF7D28F6B0F AF88522A173A0 A088EBB813AF41A81F315AB2A0B8E2A581C2FE25EDCF97CE97A754F28F28CF3B01ECA88FA0686ACCBB62A7FA 43FE3DBD0359D909415BB8F190ABCD0EBF5733B6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\ptmd[1].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\ptmd[2].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\ptmd[3].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\ptmd[4].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 Copyright Joe Security LLC 2018 Page 19 of 69

20 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\search-icon[1].png Size (bytes): 1189 Entropy (8bit): PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced EC52C1B77AA2E72D76895D3A BC2D4766ABFC566EEB2FB5B21EF20E8F CF2E997ED10DB7EEF3394C65EC68720FCE20C858BF202A8C83328B7C1586D87D E275871E2CDCD5A7B9493AED08CBEAAE0B6C8F12E90A8A7B3526DF51246C9972BE5C8E D7BE 3BF70BCB6FCE3826F2D75F86EBEF4E8B4B7A1F C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\ubuntu-r[1].eot Size (bytes): Embedded OpenType (EOT) Entropy (8bit): DBA7374F1813F5D55190C F 6E10FFEB25A05B792C4255DE B792ED2D 645A384C895A5E3F9ABDFE2C8FE1BDAB2CFBAE6E69BA711F58DD3F237F2839FE CA F63754D6B5DD65DF59BF8BAF165273BB76536D476E6462B651283A FB3BA1B2C51B76435A72 62BD77FE55BAF3D1AE1D52E1C79F01D60C41 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\cec[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\cenw[1].htm Size (bytes): 36 ASCII text, with no line terminators Entropy (8bit): DD136CE62DE2960AB1029CB42CF24A D6BC BBBBC46F F7FA 0D2E9C5C315DCD298729ED00BF1C8B2CD307028AC5D9FD74C6F40A6E18F2919B 75BD5AEA757B9DC678921AF2F19312A989AA9F9E5A21ACCDE348883B019A236EF9B8718B9CBD957E10FC881EB BC5156BE63D9C63A82A277013B D41 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\cet[1].htm Size (bytes): 2 Entropy (8bit): 1.0 ASCII text, with no line terminators D4CD0DABCF4CAA22AD92FAB40844C786 3FEDA0153EEE1380B DC5A74324EB8C1 20EF0F0C8D0EEA CEA9B3B92612E3E53CB5E59152B F56E8A53 79FF7D15B4166DF2D41F0DB8858C36DD16948F6FD16E307846FEE859A40AE67452B8ABF432C A6E1FB226 D64360AA029B2511B3C2A51BF22D28E295C06 Copyright Joe Security LLC 2018 Page 20 of 69

21 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\cet[1].htm C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\logo[1].png Size (bytes): 3956 Entropy (8bit): PNG image data, 52 x 60, 8-bit/color RGBA, non-interlaced 9C E8A8F5A7B6D4F88DCEEA6A EE14B50F3332D03E4557C14449DEEC1FA13BA773 B690A0CC0AD3A4899A5E6C52E4A5C7CA6C2F334F946C72B2AAFECB316D83B E26C12D2E C8BD7D8B13CCC44B8DC8DFB3B413297A01071D9E22C76701B0A00D1CB0E59C3AD16B7A ABCD6A4FADAC5286CBB2308CFD51BE99DBD0030 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\min[1].js Size (bytes): 8477 Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators AD6AF63C9C94CEF15761BE544 A207AE89013D3F583F68D0BCAD52EA C09 4EFEC11A42893D4DF CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 8646B06B2019C32DD95CF2F22B5C884392FF70A1B78A74947B69C8138D43E793D54434B7D55C566294BC981BE2E FFB8534C0444B85882B61EDB685600E015A5 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[1].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[2].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[3].gif PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced Size (bytes): 70 Entropy (8bit): CD8BDE463F5D82AAE0F0CEC061D6B8F Copyright Joe Security LLC 2018 Page 21 of 69

22 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[3].gif B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[4].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\ptmd[5].gif Size (bytes): 70 Entropy (8bit): PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced 2CD8BDE463F5D82AAE0F0CEC061D6B8F B2BBE763C7E1828C750D53F A6FEA19BE C414CD0E204DE974F73753C7E28D7638E7B3691BB8B1A2BAB6B25BB7FED7CE77 FCBA48F85167B732F75C33A2232A87E F265737A483C8B4923FBC2D7DD4EA1EBF00BB774D8CB09C ABFBC3D4597EBE2D16E81BB92CB3AA48 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\px[1].js Size (bytes): 346 Entropy (8bit): ASCII text, with very long lines, with no line terminators F84F931C0DD37448E03F0DABF4E4CA9F 9C2C50EDCF576453CCC07BF65668BD23C76E8663 5C1D5FD46A88611C31ECBB8FFC1142A7E74EC7FB7D72BD C880EF3F584 AFC3089D932FB030E932BF6414AC DD51D164F09635CA09CBD8525A B6AA24E972E7766DDF CC1EC416DE8B A89BA781F8C Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation a1490.d.akamai.net true 0%, virustotal, Browse high googleapis.l.google.com true 0%, virustotal, Browse high true 1%, virustotal, Browse high neighborshame.com true 0%, virustotal, Browse cs9.wac.phicdn.net true 0%, virustotal, Browse unknown dt.gnpge.com true 0%, virustotal, Browse unknown a1621.g.akamai.net true 0%, virustotal, Browse high true 0%, virustotal, Browse unknown a1961.g.akamai.net true 0%, virustotal, Browse high Copyright Joe Security LLC 2018 Page 22 of 69

23 Name IP Active Malicious Antivirus Detection Reputation i1.cdn-image.com unknown unknown 0%, virustotal, Browse unknown i3.cdn-image.com unknown unknown 0%, virustotal, Browse unknown pxlgnpgecom-a.akamaihd.net unknown unknown 0%, virustotal, Browse high ajax.googleapis.com unknown unknown 0%, virustotal, Browse high i2.cdn-image.com unknown unknown 0%, virustotal, Browse unknown Contacted URLs Name IAcgIJ6GkBmMAtOvsSQC7nW3sePQWbUhwAm3GsM6iBQ8AGsAhuQDscAGz0AnAFYUcJpvqimKFGAAcTRX AsomcLXEWL1RJK53j8YeQCMYFHwiADcCcmAAHRAAGxIiRRiAfQIOEgAnRQBzMGjoaLVNXX1DemNTcysb OwcnFzcPdS9o3GiCMAICAEsSADsUtMycvIKNbT0DIxMzS2tbe0dnV3dPUWiAX14ORQ4AV3DoAG10LABdfAAvZWggkA AHLPIQ2jBe59g72iyAC3IUHXQFi0wKQTjgKi0+iwOlQSBUdn+tA4BxAKCQ6C0FnBSHU6B0OgstDC5HUADo4KSTkhaI lanb8pqimxbmbriatdyar5jmawfgkrm-cocuxiai-jz0eq4h4-nsfbwuoeaucqvosgwoi9optcpi-irgvpqvgknpcx ATnBoSh0C8up9YCgLDpSVh0JT0B7bbwYqkDYCjaC4HA9LQYgJbkR9hwkl1xLAtABhACqAFl0Ch1FgANJfJk3Q1qszo FT4ACOYEC6yAA gqbzlkyc6e4eazjclwcwealyxy5tigf9otljwauerqfdzsffibeuaas4ahaoywqanxbcapmevqqhqygm ALMwRqIWrNOXKYyATkRDTwBPCYTASezoqyIBEoTAHw6Ig0NEzO5gnoAHTk+YgkzhAANjDBXABmAMYwAL QGINZ6IMgQ5F7wXY3o1tZEzQTWTI0ARphZjUEAJhNjiHXkExPwztaKglVePqjI1CBKptDkCgDWHnusB0QA+jRkiAz0 oqsim4jodsw0+uremveecps4eoulndvlc-n0cm5yjuqlw6upfpdbhmzmgamiavqasowqabpzzgbr6g6+ ZAhZhcACO1iqAF8gA Process 2acIAQgPIAiAmiMgC4CWcAjACzYCcADgC+AXWQBnVhFYBXCcQBM2cSABeEbsjABzKmAD68FiDQA7AG76 TOgBZUuAVkWD+bnv2zYA7Py7Z4Rx5eb0EuJxNWBVgQXkUhHx4ANkVHR0ETC2iQJIA6bFzFeB4TCDJuXB AAMxhYAFouZDRNGP4IbGcedrqktDR4Bq40QTr8b3S6vwx8YcUobHx8EqaObmdXd34kECk9WEqJAGsHdbd+D3gDRy4U 7CKA68UTNHYwB0FHXPhFQsUfriekjIUhOLjOHi81xMZCqWhAUHkrAM7CwrQAwgBVACyihu8AA0iZ2LJuDxHNsdLUnG C3I5sMEPMgAI6UWBcYRAA ICMAOIyuPTHOEghcoiBANkpABpwIAFxgh0ndLgR5KzSujiYE6cmkwEc6AIzk4OHGVSo+IAM6CSggK4mYAbWR4AuvwB ejgjv4ahaoyiabsayahabsf7gpgawiprobjsgqesoehhwqjp4yohemkrwljpxxoi2spkeqjtprjweejz8-uugnab0e O0EyETGJAA2Hnj8EDgwALSeIJjusKgkePGkeBOcmJjIU5qYlBM66HuZrLvqeORsQYIAlh7xiYYpyPxmftAjpgDWsfd JTwD6WnqhAcOU0BCC1wiFTk7WQBG6BAR4OMJgGZh+CT+qSWmmMAyg0GmOGsgn+1wQIlQAGEAKoAWQImk 4yAA0pFxkTfo9UshOER+ABHTAeAC+QA media /fonts/ubuntu-b/ubuntu-b.eot? G15lkBdbAZygEMoBXO8gJg9pAC9G48bGADmcEADcQ2CISmxw0kCIAW4+Og6oAnLsTaqAdm2UAzOkRJDq ebqvr2cpb22pkhxadyo6dkiusjiceahtiirymieqmadacyngazgdgcac0qjgcctqmyjqi+emeebcmmfaqqokaroz+6 SbEtdUcKci1tdEyUACWgpo6etqm9FBisIkgdADW6kO62vqmAPro8N7Ikcjm8BxKEH1g6hghphwRXCH7SnSxDAtaS-p UG0qxSYLYKWxQq31SLkAMIAVQAshxNqYANJKPosQSIdBjZRpBCLXToZCWDbYACOEEEAF8gA CL3hWMjk0VlByUksvTUZzZG9IS2YzbUFWaFBReERmN1dIS3VYd2gzeGxFNEJiclJwQUs1ajZXdTcrSzYzSnQ2WVU9& b= media /js/min.js?v media /pics/12471/bodybg.png ED6AzCJgKYB2AbmYbSMQBZl4CsATAA4AnKIAswgAySA7MLySqvMXjEzBePuwgJEIVf2GDZYgGz9evQeya6QpgHSSH- KmPZQANvkmYAZgDGSAC0BCB0uHrCUJICYjHBpnR0VKF4dILBAEYyVsHyACZZGfwBkllZ7vQQAJb4AiLiwlSYkKSIvu AA1jwNosISVBS8eOaSrooj-Ox0NWx6eIK8DlT8LvxreNOtnpC9Qv0S0iPsnn74mAHwEBQ1BWTCAMIAqgCy-KNUANLs NbD4Yl4LRAAHdPPc9BtzA4ZHIZKZTDJxnhmuw9gthDJtOj9JiPBAyFQZDRMNACQsJuwGDi+AdxIJBFQqKZTnRyfo+k 1YkZ2AVduzaY0BiJlCSQAUAgLOQMpLweZhiEFEIL+rxJCorJgAI50fAAXyAA IuAhugsgE4CmAJnAAzIDOhlhArh3ADaGVgF1kAL0pxyBOBQD68EMgYA7AG7zcKkPgAW8+AFYMADgCcVg CwXWrAOwX4rAMzHr8aw7PwTuwgFYEC8MCzNHawA2DGNjM10NIJAogDpWVIxXa11KCBl2EGwaMlVpYItKVlNrKpIohg ZXMngGMxIoB3iSZyYoNoxUVigoHNVCAEsZU0sbC1dOQnw2TgBrIxmrC1tXBWN4GNYst32MXQYJnWD4M2 NU1wxMjEf4M84ILg3zLdt7fd0INgZMhUPxCAoJiwKgBhACqAFkMAdXABpXT4Ggmb5zUyucgARwYMgAvkA MIUiApgHZTQg0iJ0AWjfAFZYADkKSALIQAMsgOyF8sgMzCp+KQrH4RvEChxctsQmMVSAbLGHCxBiMZBW AdLNexVUg2gA2VLKIAGYAxjAAtNQgLJRchGiyolKJEVYsLKpR+CxiEQBGCvYRygAm+bmwobL5+T6sKGBUohLShKqIq AzQQcgA1kItkoQyqgD6wvg2sl5qk7AGLGA8JmLCrqqwnrBb+AudfqiD4sMy8pMGfsFUiKHYKGNgpYyEAMIAqgCysFO qanigojhaaie5thaqkyiacolcoaf8ga Acm5E2hArCitgMYBGRKAnAEymkgAacKxhEhzAG4wQwADogANgHtmEBQH0AzgBclAJwgBzUvOjzEqdFjwFiZStVqYGT Nhx595A+ZtKbNAJZKAHZaugbGpubIaBgIOPiEJBRUNPSMLOxcvCYgAL6CIIbauDAA2ggClXBVteQCREhVALpCxZrll ZViXQIALAJNCK0gOh3QZdy1PbUDQyOkzNoAttLYRHCFOhDaAK7jZZwjAF5Q0GIgAA6G0lJCpMFSsJeFhgAW0kR03OS cf32cbaioccijioh9ih9odkeh0qracygkhctjkyf9bdcoh0cifcri7aaogqro4sd6htuokqifwzbgxhuzxanagcg+f XZOD4SDsKVYcFxmFBKFYFG4zAQrFYlPu2gCom+v3+nCao20N2gtM0YE+yr+nABSHUdCIWIQ5PBRG4hVI AResCI5DoRKQ3DJ3A9Nq2Ch0+p+hoBQLNhQUpXO4n22nUARQ0k4AGEAKoAWW45qQAGlXgzzgbVQhyEg6 EIAI78c55IA Copyright Joe Security LLC 2018 Page 23 of 69

24 Name ED6ATCJgKYB2AbmYbSMQBZl4CsVADgCcIgCxCADBIDsQvBIDMvUXlHSBePuwgJEIVVSECZogGxVevAey a6qpghqshvbapzqanvgmyazgdgsac0bcb0uhpcubl8ojhbpnr0cqf4dalbaebsvsfyaczzgvqbellz7vqqajb4- MJiQgqYkKSIvuAA1jwNIkLiChS8eOYSroojNPQ1bHp4ArwOClQuVKt40+CekL2C-eJSI+yefviYAfAQFDUFZEIAwgCqAL JUowoA0ux03nrAAB0QAAnMBAjoAX3YxCCiD4+xEvAkKgUpkwAEc6PgIUA gf1uavlgy1abwhmyqpubtaoymhazcomac1bfeajgacpwqbzsswahzsxwagzec4novti4wsawe+uiaskq 5ANgmJEU4xDMhb8BBI1zjWADZ0sKgAZgDGMAC09CActHykWLCSckmRthwcGtHEHFKRAEbKTpFqACYFeR JhsAUFvpwYYHSSMvKkGqiYLHBdANZirbKkChoA+ojE9rDempMSxhxgAuZSiPAaEvASO-DEC13+mIPSwwpKk8b+IXSo YfgYY2BlrKQAwgCqALISUxoA0sYmBFoOJTu0VIhbKgAI4cOgAXyAA media /pics/12471/search-icon.png MIUiApgHZTQg0iJ0AWjfAFYATAA5CU2IQAMsgOyF8sgMzDY+WAvH4RvEChxctowuMWwAbKOHDxBiMZBW AdLNejVsA2gA2VLKIAGYAxjAAtNQgLJRchGiyYrCJEVYsLKpR+CziEQBGCvYRygAm+bmiobL5+T6sKGBUYpLShKqIq AzQQcgA1kItUoQyqgD6wvg2sl5qk6IGLGA8JuLCrqqinqJb+AudfqiDEsMy8pMGfsFUiKHYKGNgpYyEAMIAqgCyolO qanigojhaaie5twa7qiiacolcoaf8ga media /pics/12471/libg.png media /pics/12471/arrow.png MIUiApgHZTQg0iJ0AWjfAFYATLEKSALIQAMsgOyF8sgMzCp+KQtj4RvEChxctowrEVSAbKOHDYBiMZBWAdLNejVUg2 ga2vlkiagyaxjaatnqgljrchgiyylkjevyslkpr+cyweqbgcvyrygam+bmiobl5+t6skgbuyhlshkqiqazqqcga1ki tkoqyqgd6wvg2sl5qk6iglga8jrdcrqqinqjb+audfqid4smy8pmgfsfuikhykgngpyyeamiaqgcyoloqanigojhaa ie5twc2xoarxyvaavka 4CWcAHNQGwCseGEN2uqGARnAIzzUOKDDFhCMWMczRwAtNWYAzOQs4BzPu3EALPvACcdPAGddsQUOMB3P YIC+AXWTGyEMgFdjxeNicgAXqywvMhgGrDgAPrwIMhoAHYAbnDgsSBqZiC8DAL6eQAs+uwA7Pq82ADMDPm8+cXUvNl pzf4rtqacxfl08awm1gmjrsb0ahtyo-av+wkqadaayiqisiegaeeg+hdyofk7snroabwrvgjuslzf-bjl3bfwunhcx DNxlHw51Hn6hRXOMjhDjGADWKWyuQK+gqkQYvB62CmlXhMTiFDAEOoDFGFXgk3g+P4aWMcxcEO+v0K7H hatmymcycgnjikqoki2ageakoawxgciqagk0mprjcfnkgoxcaoai4yyj2ia HYS8cA2HLE2WADjxEQGc0I0BXdmANpYmAXUQAvKHEQAHAOaYAbmxABTAHbLoIGSrlJMsAKzCSZgiRw4K sfeykwczjoymq0-by-pnrbalhgrkwqip4g1eq4rfiekhaanjc2iabmydaatahquiakedgmbiwz1kqqenmwqkyzaezk wzkmacb1tvhgopx1bcqqacjjjkxmjbz4hggk0dgcanago+otappgsaf0vhibwamoul5mrkr4wdfyl7ah HAmcy6bmlkWwKgmpyYhgfGhrKFamBIAGEAKoAWSwWzwAGk9Bk4CsXvgyDkAI6qZIAXyAA gdgsabq1giynmcwvdcgcnkg5kjjckady7lkajzfia9l0zhcxamymahhak5gkmu0wx5tjzj5gatcfollj1kfl7wtakz i9yejilbyufcokwrailjrmwaacjlwafqjkahzyakwmenrkekia1liowqvhykhr0flitguanczc1mqo9ddz8kgwxsic 3fVIYP1N9XxlyRm8XXXa9ZTEQ9AALAC+ILjIQjAgnNvITJLZ9glNl2tN2It4yGAwALSc9vdISPtvAHRrRwBWen2nDW hx2qh+rhaqcb0aa2gbdcf7aazyjuajgk6o9gy6ekgboje7fswugcm4xk43baadiasohaa8oxmyhdsiymcj7sqmo9yn gjgbhyw2eaqqj7aqy768aceyf46d53yyklqrxluok8qhtokukvufgnfpa3s3wablttltoe1adg1tlltojgowakxjt0 JRvdxwOgTQcEmsrd8Lq7ndobba-jshD4QxTzpcmtdsJwEtkjkVgXnsSAAOI+JjFFR5qWwADqvAy2nseZ8+2y32wAAI ABR1jKEFTSSgdgByABUOxHOABuDujhS8Qg+DIQAD0tPbM4AygAZADCu-sM++w4AouPd9uAEody3Yb49Wn2WlH0-nq8 d7t377aon2jovs8owva9pzvh9h3-dsafkfeixg9capcib8bqowabv3ccnw7y8zzwdtdwa0d8owe8zwuvg6k4dsaeoo 2oXhih8DtS3LSsdgCfYoJUAAvXgMSBDiUn2PN-k1eE8Ek3ApM5Dj-koGB7CtDjinEjlpMZPRigU6A-x2QgmDJRlCEI IydhSQ4cWJEAUibKy8WoWF7moHkdmobFnOrZyW2MEAhAyKF5V4fVYRAJcngAVU3I4mRREAmQSK0YoJOo dizct7izdb9tfabtbaekizbelqwogkflktyiouah9hscaihqaavxxgvpdlrvlvvdvubxab+qgmgaxgyhxecqfihais guj0vafdvduadj0axiamjqgb5bcrqamxsaajbn4tqt5upaahtubab6sa5rwtlbulrvdjft6gbhtg8bjum2b5rela1o 27a9sO466AMYgdPJRxOF0ClcApRkeNhQN0DOkBWCOJcsdgbKdgm4FKXTTM6QmW5slBNZaQSTgKSOQxgQ tjoejpcn7gybieiodx9gjo97g0y69fqup7jabeftc0kmj0bazjwownithwfg0f5ob8biniewkuaeczcctbj7cybahc EY7k2CupiepXQQDoM77koYoibTe2AH1sk4K03kFinXmx5VgRzb9LXsSPviDnYaDod2qQzGkfaOagBUDJgoYgT2F32J pdwiqd7f97qagkrr8zgniaa media /pics/12471/logo.png ED6ATCJgKYB2AbmYbSMQBZl4CsVADgCcIgCxCADBIDsQvBIDMvUXlHSBePuwgJEIVVSECZogGxVevAey a6qpghqshvbapzqanvgmyazgdgsac0bcb0uhpcubl8ojhbpnr0cqf4dalbaebsvsfyaczzgvqbellz7vqqajb4- MJiQgqYkKSIvuAA1jwNIkLiChS8eOYSroojNPQ1bHp4ArwOClQuVKt40+CekL2C-eJSI+yefviYAfAQFDUFZEIAwgCqAL JUowoA0ux0PXrAAB0QAAnMBAxB4AC+7GIQQhfREvAkKlEvEwAEc6PhIUA rhmprvhgkxidmoanobe6utnkwcz9mrabwch1xkn4iu-fbg6njtfilz0mkduhub6yevq4zunkgvqz+heczxtlgeayqi syiq6zzk80+p2imoccfjm9iwyxcioqsji5caa7gcomlbjkabogukahvkwiacyapyaxgcwady1+qd09ab 0WAAEABQA6lUAdgAmZckAzm0AcgAqbSjNCADcbRPZVf0Apr0ALg0YrQsAygAyAMJHOAvNYwCiU0cHAEp tok3n9fgyobjnvzf3buwvzr871yx2ubvud3+webbzycxkq36vxy4pwg1w2taaaujtndm0ltd+k0jqcjsssjcftkag7 QBAIVoASjaNSqAGtVm0AOKrADG7LKICQIAA5kVoL0AK51EWi-rFAAWGw2AAdoA0Gr1VlVRYqAEZlbLDRX5MCrZp8sp gbrjvuawitmzrdslqpqzxy-wgdqich4dsw9f9caizqavqrrckqozkgb9fbfgnx+oqsrdypygoq-ki1ajhxqed1az9u VpvOrGM0qqF4phegfFD0fivVg4fgYFitlA14b14usIM07LN1vtggiHvyGOKmkDpNDkcbcdtrAdjwzvsi7KrVLxwZgY ra3ugo0ms0wq3h3erabmafvsjulsr1zrt3rdcbtebldatook66kbk67qet6vq+agqyhmgkbrikwzzhyz6vswypqhqt rjmkzrvba95vkquq9abnoapz9l0ac8x7nr+v4uqazkqky0awwiapihcgabioaabl8dgfjssmgydiarbhi+jq4agkbm AA0jmS4yTxfGCSJMb6hKohCCA+r6jAobuCK+p8jAnaWUWYS2cZ1bQI5+r3mZOAWSAfIStKsogP0EruOEAWmdAGAKCK -TWdAIX9EWcXOXYAXudAKB4AF0bQPQJBRYqMDBVF4Zmch+XQKwzjIckMARaYICrPkGGZCKDWqnkIr3r0 xruw1yebpkgwsrkybhegdjjtgsqvbkyagfgxq0jg6ylcwvvimviaie2liskw-ddm8rbhewrb+s4dl0dggyzsw-pso4 1jpZEIj9sUMzQjgAgxo1ZkhfeMX2rNDXFKw+RBp2YP2igqyrEwgMIKsIj2vqDBI0d-T6ojOB8lgJmiS1GxVGZ227Xt rbccaklzsfwzsg2jo7fttdxgy6w4d4j2hktjeniilqsm0obc7moaxsmnssftnmk-twbbggmy1kls2ijfw3s4zw4ikw jagkkzkiaavkaa media /pics/12471/kwbg.jpg media /fonts/ubuntu-r/ubuntu-r.eot? Process Copyright Joe Security LLC 2018 Page 24 of 69