ID: 432532 Cookbook: browseurl.jbs Time: 13:20:26 Date: 10/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report https://apkdownload.com/down_RHI-Magnesita- Gatherer/com.rhimagnesita.gatherer_mobile.html 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 6 URLs 6 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 7 Public 7 General Information 7 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 9 Created / dropped Files 9 Static File Info 32 No static file info 32 Network Behavior 32 Network Port Distribution 33 TCP Packets 33 UDP Packets 33 DNS Queries 33 DNS Answers 33 HTTPS Packets 34 Code Manipulations 35 Statistics 35 Behavior 35 System Behavior 36 Analysis Process: iexplore.exe PID: 4952 Parent PID: 792 36 General 36 File Activities 36 Registry Activities 36 Analysis Process: iexplore.exe PID: 4828 Parent PID: 4952 36 General 36 File Activities 36 Registry Activities 36 Disassembly 36

Copyright Joe Security LLC 2021 Page 2 of 36 Analysis Report https://apkdownload.com/down_RHI-M…agnesita-Gatherer/com.rhimagnesita.gatherer_mobile.html

Overview

General Information Detection Signatures Classification

Sample URL: https://apkdownload. No high impact signatures. com/down_RHI-Magnesita -Gatherer/com.rhimagnesit a.gatherer_mobile.html Analysis ID: 432532

Infos: Ransomware

Miner Spreading Most interesting Screenshot: mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Process Tree

System is w10x64 iexplore.exe (PID: 4952 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4828 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4952 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Copyright Joe Security LLC 2021 Page 3 of 36 There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 432532 Process URL: https://apkdownload.com/dow... Signature Startdate: 10/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

prda.aadg.msidentity.com apkdownload.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 1 58 Is malicious

Internet started

iexplore.exe

5 121

play-lh.googleusercontent.com prod.pinterest.global.map.fastly.net

142.250.180.246, 443, 49738, 49739 151.101.0.84, 443, 49732, 49733 9 other IPs or domains GOOGLEUS FASTLYUS United States United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 4 of 36 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link https://apkdownload.com/down_RHI-Magnesita-Gatherer/com.rhimagnesita.gatherer_mobile.html 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches Copyright Joe Security LLC 2021 Page 5 of 36 No Antivirus matches

Domains

Source Detection Scanner Label Link prod.pinterest.global.map.fastly.net 0% Virustotal Browse apkdownload.com 1% Virustotal Browse v1.addthisedge.com 1% Virustotal Browse z.moatads.com 2% Virustotal Browse

URLs

Source Detection Scanner Label Link https://apkdownload.com/Data-recovery-photo-recovery-amp-Video- 0% Avira URL Cloud safe recovery/com.fruita.view.alldatarecov https://apkdownload.com/Libra-Weight-Manager/net.cachapa.libra.html 0% Avira URL Cloud safe https://apkdownload.com/Hisn-Almuslim/com.islamix.hisnulmuslim.html 0% Avira URL Cloud safe https://apkdownload.com/Photo-Vault-PRIVARY-Hide-Photos-Videos-amp- 0% Avira URL Cloud safe Files/com.fourchars.privary.html https://apkdownload.com/Top-Anime-Wallpaper/com.ifuncreator.tanimewall.html 0% Avira URL Cloud safe https://apkdownload.com/wn_RHI-Magnesita-Gatherer/com.rhimagnesita.gatherer_mobile.html 0% Avira URL Cloud safe https://apkdownload.com/Disk-Video-Recovery-Pro/com.app.diskdoggervideopro.html 0% Avira URL Cloud safe https://apkdownload.com/PDF-Reader-amp-PDF-Viewer-eBook-Reader-PDF- 0% Avira URL Cloud safe Editor/com.ascal.pdfreader.pdfvie https://apkdownload.com/Kung-Fu-Ninja-Fighting-Shadow-Tiger-Karate- 0% Avira URL Cloud safe Games/com.sgs.Kungfu.ninja.html https://apkdownload.com/Dead-Empire-Zombie-War/com.tap4fun.invasion_zombie.gplay.html 0% Avira URL Cloud safe https://apkdownload.com/down_RHI-Magnesita- 0% Avira URL Cloud safe Gatherer/com.rhimagnesita.gatherer_mobile.htmlXRHI https://apkdownload.com/Song-Lyrics-Music-Free/com.rubenpsaav.song.lyrics.music.free.html 0% Avira URL Cloud safe https://apkdownload.com/WadZee/com.wadzee.video.html 0% Avira URL Cloud safe https://apkdownload.com/Voice-Recorder-HD/eapps.pro.voicerecorder.html 0% Avira URL Cloud safe https://apkdownload.com/Panda-Emoji/com.sayhi.plugin.pandada.html 0% Avira URL Cloud safe https://apkdownload.com/Stupid-Zombies/com.gameresort.stupidzombies.html 0% Avira URL Cloud safe https://apkdownload.com/WeightWar-Weight-Loss/com.dencreak.weightwar.html 0% Avira URL Cloud safe https://apkdownload.com/down_Ninja-Tobu/com.cerebralfix.ninjatobu.9887329.html 0% Avira URL Cloud safe https://apkdownload.com/Casanaretrade/xyz.appmaker.dvfqmk.html 0% Avira URL Cloud safe https://apkdownload.com/Chegg-Study-Homework-Help/com.chegg.html 0% Avira URL Cloud safe https://apkdownload.com/McDonald-39s-Portugal/pt.mcdonalds.html 0% Avira URL Cloud safe https://apkdownload.com/down_Ninja-Tobu/com.cerebralfix.ninjatobu.9400757.html 0% Avira URL Cloud safe https://apkdownload.com/2byCate.FINANCE_1 0% Avira URL Cloud safe https://apkdownload.com/down_Ninja-Tobu/com.cerebralfix.ninjatobu.7931469.html 0% Avira URL Cloud safe https://apkdownload.com/Photo-Comics-Super-Stickers/com.keyspice.photocomics.html 0% Avira URL Cloud safe https://apkdownload.com/AlMosaly-prayer-times-app-qibla-quran-in-Ramadan/com.moslay.html 0% Avira URL Cloud safe https://apkdownload.com/180-Caller-ID-amp-Block/com.opplysning180.no.html 0% Avira URL Cloud safe https://apkdownload.com/TQmart 0% Avira URL Cloud safe https://apkdownload.com/Magi-Magic-Video-Editor/com.video.cameramagic.html 0% Avira URL Cloud safe https://apkdownload.com/Defense-Table/com.EmpyupyuCo.DefenseTable.html 0% Avira URL Cloud safe https://apkdownload.com/Meme-Creator/com.gentoozero.memecreator.html 0% Avira URL Cloud safe https://apkdownload.com/Learn-French-free-for- 0% Avira URL Cloud safe beginners/com.gonliapps.learnfrenchfree.game.html https://apkdownload.com/Wood-Shop/com.HeroGames.WoodShop.html 0% Avira URL Cloud safe https://apkdownload.com/1byUD.2021-06-03_1 0% Avira URL Cloud safe https://apkdownload.com/FutureSeer-Aging-App-Gender-Swap-Palm- 0% Avira URL Cloud safe Scanner/com.future.me.palmreader.html https://apkdownload.com/Lock-Hot-Girl-School/com.HotGirlGame.SchoolOpenWindow.html 0% Avira URL Cloud safe https://apkdownload.com/XOS-Launcher-2020-Customized-Cool- 0% Avira URL Cloud safe Stylish/com.transsion.XOSLauncher.html https://apkdownload.com/Comi/com.comicola.app.html 0% Avira URL Cloud safe https://apkdownload.com/Pull-The-Pin-Games-Pin- 0% Avira URL Cloud safe Puzzle/com.rescuethegirl.pullpin.herorescue.savethegi https://apkdownload.com/1byFUD.2021-04_1 0% Avira URL Cloud safe https://apkdownload.com/JokesPhone-Joke-Calls/com.cashitapp.app.jokesphone.html 0% Avira URL Cloud safe https://apkdownload.com/The-Sims-Mobile/com.ea.gp.simsmobile.html 0% Avira URL Cloud safe https://apkdownload.com/1byUD.2018-05-23_1 0% Avira URL Cloud safe https://apkdownload.com/CapCut-Video-Editor/com.lemon.lvoverseas.html 0% Avira URL Cloud safe https://apkdownload.com/Zareklamy-Ads-Build-your-brand-39s-reputation/com.zareklamy.ads.html 0% Avira URL Cloud safe https://apkdownload.com/1byCate.GAME_STRATEGY_1 0% Avira URL Cloud safe Copyright Joe Security LLC 2021 Page 6 of 36 Source Detection Scanner Label Link https://apkdownload.com/Boxing-Star/com.ftt.boxingstar.gl.aos.html 0% Avira URL Cloud safe https://apkdownload.com/Rumble-Every-Step-Counts/com.rumble_mobile.html 0% Avira URL Cloud safe https://apkdownload.com/Genshin-Impact/com.miHoYo.GenshinImpact.html 0% Avira URL Cloud safe https://apkdownload.com/down_Ninja-Tobu/com.cerebralfix.ninjatobu.12479817.html 0% Avira URL Cloud safe https://apkdownload.com/Melody-Music/melodymusic.freemusicplayer.androidfloatingplayer.html 0% Avira URL Cloud safe https://apkdownload.com/Fashion-Days/com.fashiondays.android.html 0% Avira URL Cloud safe https://apkdownload.com/Music-Detector/com.musicdetectorapp.html 0% Avira URL Cloud safe https://apkdownload.com/versions_Ninja-Tobu/com.cerebralfix.ninjatobu.html 0% Avira URL Cloud safe https://apkdownload.com/AL-KAHRABA/sa.com.se.alkahraba.html 0% Avira URL Cloud safe https://apkdownload.com/1byCate.FINANCE_1ENT_1 0% Avira URL Cloud safe https://apkdownload.com/Python-Programming-Ultimate- 0% Avira URL Cloud safe guide/python.programming.coding.python3.developm https://apkdownload.com/digibank-by-DBS-India/com.dbs.in.digitalbank.html 0% Avira URL Cloud safe https://apkdownload.com/Beach-Buggy-Racing/com.vectorunit.purple.googleplay.html 0% Avira URL Cloud safe https://apkdownload.com/QR-Code-Leader-Free-Barcode- 0% Avira URL Cloud safe scanner/com.go.bacord.myapplication.html

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation prod.pinterest.global.map.fastly.net 151.101.0.84 true false 0%, Virustotal, Browse unknown play-lh.googleusercontent.com 142.250.180.246 true false high apkdownload.com 104.26.5.235 true false 1%, Virustotal, Browse unknown m.addthis.com unknown unknown false high api-public.addthis.com unknown unknown false high v1.addthisedge.com unknown unknown false 1%, Virustotal, Browse unknown s7.addthis.com unknown unknown false high z.moatads.com unknown unknown false 2%, Virustotal, Browse unknown widgets.pinterest.com unknown unknown false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 151.101.0.84 prod.pinterest.global.map.f United States 54113 FASTLYUS false astly.net 104.26.5.235 apkdownload.com United States 13335 CLOUDFLARENETUS false 142.250.180.246 play- United States 15169 GOOGLEUS false lh.googleusercontent.com

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 432532 Start date: 10.06.2021 Start time: 13:20:26 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 6m 13s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs

Copyright Joe Security LLC 2021 Page 7 of 36 Sample URL: https://apkdownload.com/down_RHI-Magnesita-G atherer/com.rhimagnesita.gatherer_mobile.html Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 23 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/74@9/3 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://apkdownload.com/ Browsing link: https://apkdown load.com/1byCate.APPS_1 Browsing link: https://apkdown load.com/1byCate.GAMES_1 Browsing link: https://apkdown load.com/1byCate.BOOKS_AND_REFERENCE_1 Browsing link: https://apkdown load.com/1byCate.BUSINESS_1 Browsing link: https://apkdown load.com/1byCate.COMICS_1 Browsing link: https://apkdown load.com/1byCate.COMMUNICATION_1 Browsing link: https://apkdown load.com/1byCate.EDUCATION_1 Browsing link: https://apkdown load.com/1byCate.ENTERTAINMENT_1 Browsing link: https://apkdown load.com/1byCate.FINANCE_1 Browsing link: https://apkdown load.com/1byCate.HEALTH_AND_FITNESS_1

Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Copyright Joe Security LLC 2021 Page 8 of 36 Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\apkdownload[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 38410 Entropy (8bit): 4.882245118842033 Encrypted: false SSDEEP: 768:rLV2d2PTj2PTj2PTj2ETjwETjwETjwETjwdTjedTjedTnedTjeWTjeWldeWldDWA:8M7i7i7iQ0Q0Q0Q0hqhqhehqaqSsS9SG MD5: B068213CDD1D7D029333147B510157E4 SHA1: 1D743E4127779FA0F12523557FCE30EE4226001A SHA-256: E792ED050702B4288C0404BF0BD356018402D145C27818833FA9C306DB9B9DC6 SHA-512: 4A663BF56DD41708540B29D7C8E297D5CFBB59CF56B6523E5C0C0454FFD2D21D9A70849A7F3495025A53F62642105017F71A531D274A73B3D2DE1776242E7583 Malicious: false Reputation: low Preview:

Copyright Joe Security LLC 2021 Page 10 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\com.lge.lifetracker[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 84235 Entropy (8bit): 4.863506067383309 Encrypted: false SSDEEP: 1536:hRTtgg22C5N+wMC2On9VBaPgpQTcwkOisOysi:hRhg4wR2lVb MD5: 93DA96900FF817C2B7C514B22A34819E SHA1: 4B67A6865BD93E0EFCD3B3CE7641624B789D8CEC SHA-256: 846AFB8EA749CDB13DE90595B594F351812F85FAD5375C8FBFAD78716CD094A1 SHA-512: B12386D39E2D29AD3814E7201215625CB13FCE9FE54C89AE3F811DEC81CA165122572B0EBA76602D799904FEAD4FFFB17F6CF9D11EBA55B80C08382AC1B243C E Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/LG-Health/com.lge.lifetracker.html Preview: ... . . .. . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\com.muslim_book.muslim_book[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 94918 Entropy (8bit): 5.014243114866701 Encrypted: false SSDEEP: 768:Wqt6hUl2sCygghN5hlG9HLdzfEZK3HY068iQxOysi:Dtgg2EhRs9rxEZ2pisOysi MD5: 69F9966421DC0FED61A74D7C5332FC1E SHA1: 073FB8097217212C8889FA851BC089457C0D3A50 SHA-256: A11EAF849547F8B7152292B6C97DE1A18EB77F6BC4E0282AA5188A1DA8BE3C91 SHA-512: 6CF484B161E20EB003874C2FAA76AF8DF813EF03C3509220FA465C8104E42610AEA16DC042A73D4FF8C534A6ADB97EA04FE7CB38DCD82FD959CE58B282670B9 F Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/down_--/com.muslim_book.muslim_book.html Preview: ... . . .. . .. . . .. . . . . . . . .

Copyright Joe Security LLC 2021 Page 11 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\count[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 130 Entropy (8bit): 4.842786903209227 Encrypted: false SSDEEP: 3:jmz2YINVifoJlKstpZC0WRsOyKd4KCLAe2ERSXy2ouDIJJ9QLbhn:jmzZICwnK6ZC0ig0UduUH4h MD5: D48959C4F055AEA706721804C45B8A96 SHA1: 5EF550834D6F00DC379487483E7A788110663691 SHA-256: 74F14A3065F3B0B7EDC2EA623F9512F699B0D6943BDA978185B9520EE86127F0 SHA-512: C40016E97871F21A28939E462A47FA07357E0B85EDDB60E6ED352084DF9AE9E40E93847156FE3B5F33D33D38613985315EBE61893735A0F1E4A3F1CADFAA44D1 Malicious: false Reputation: low IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fapkdownload.com%2FRHI-Magnesita- Gatherer%2Fcom.rhimagnesita.gatherer_mobile.html&callback=window._ate.cbs.rcb_hvna0 Preview: window._ate.cbs.rcb_hvna0({"url":"http://apkdownload.com/RHI-Magnesita-Gatherer/com.rhimagnesita.gatherer_mobile.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\count[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 131 Entropy (8bit): 4.892469308749181 Encrypted: false SSDEEP: 3:jmz0J2xNVsXJlKstpZC0WRsOyKd4KCLAe2ERSXy2ouDIJJ9QLbhn:jmz0EQnK6ZC0ig0UduUH4h MD5: ED1CCB25CB617AF7A4CE400CF1AC4E24 SHA1: EC6FA112D27C47D1E2248258C35C4B2EFEF917B7 SHA-256: 94930A16E14DB6706581119F83E643B37E5ABD3FA9B820E0D85B3540A212CC44 SHA-512: EF89D1DB6017DE50B8C68A74190859EE6BA8198FF7D1FCF5B58CDF6E9C1828684423C4EF3381CEA679C0D9130B02B27D222278E78B82A0904FEA8F5564E72972 Malicious: false Reputation: low IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json?url=https%3A%2F%2Fapkdownload.com%2FRHI-Magnesita- Gatherer%2Fcom.rhimagnesita.gatherer_mobile.html&callback=window._ate.cbs.rcb_9uys0 Preview: window._ate.cbs.rcb_9uys0({"url":"https://apkdownload.com/RHI-Magnesita-Gatherer/com.rhimagnesita.gatherer_mobile.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\empty[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 1 x 1 Category: downloaded Size (bytes): 53 Entropy (8bit): 3.8078333150753125 Encrypted: false SSDEEP: 3:CUqcJlEQkv+L1pse:j9X/se MD5: 26206732ACA5E92D398CFAFFE3CF4162 SHA1: D8A13BFED35405DCFACED74C3D0A46E705F461A2 SHA-256: 1EDDC73CD37D151291ADC510A4A547C4B0248B5BF7D368FCF4B73840A75B819A SHA-512: E03C1072B4AD7C3432345A169EBEF597C303EFD1AC22E9F9DD70F51570B83B5F8645E4560C37061598E091F9A7F159DB8A61D8F02FA8B560C2C3EB20D1BE90FE Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/empty.gif Preview: GIF89a...... !..psa_ll.!...... ,...... L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\js[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 91062 Entropy (8bit): 5.5019635182180835 Encrypted: false SSDEEP: 1536:JE3JknAU+0U+HY+bo1WuQvdVQ0xqWTDhpSOv5AR/DJ5TpKWWz1d99KPxgfqScQX:JE3anAU+0jb2WuCD+fR/D7T9WBX MD5: C2C5726CC21C55A3BC96D7B9EDA99C89 SHA1: 116AA1E3488F89C63ACBA863C572E92FA96C98BF SHA-256: B65CB84B31939FE4A959C1883DE4834085E9C4852F1914E034D115267C7A3D75 Copyright Joe Security LLC 2021 Page 12 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\js[1].js SHA-512: 4D37856E3890C7FF238062BD6B19243C79BDFEBCA8F721013C99199DB799E77476663EEC77F4218C75E28D8D007B80BABA66FB81875F171388CDC18B6C783F74 Malicious: false Reputation: low IE Cache URL: https://www.googletagmanager.com/gtag/js?id=UA-147546746-1 Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["mac ro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};../*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var ba ,ca=function(a){var b=0;return function(){return b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\pre-32[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 510 Entropy (8bit): 7.245270953012175 Encrypted: false SSDEEP: 12:6v/7i8eZZLUyqfhdZJ1l5VyDvxvyWcLrBu8Ig2dESmn:CeZ6xfz1l5Cv1cLV0g2dEjn MD5: 5314C118FFCD165A41230C3C234A5685 SHA1: 47C007831C652571647228A1FD2777546AAE52C3 SHA-256: 6107D9092E4C58CA018B72CF2D7422B1C11DE492DD956C0D9FBEEDC62A1D85AB SHA-512: 4E4ABF8C55191AFFFA8164A60C280C9190AC2F277B52D53AA90716AF8070901C03459FAA789BC894D2E1D90BEE5E696A190E96C15D2205FF9B54E5C3BF8CA892 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/pre-32.png Preview: .PNG...... IHDR...... szz.....sBIT....|.d.....pHYs...... n.....tEXtSoftware.www.inkscape.org..<....{IDATX..J.@....=.X.6...Z...... +l...g..JP....6.p`.6Z.....X.....X.S....$.....A.E...... U]..\..63_....~E.>.N...... s...... z.kf.0..Y.}...... 4M.].....|..s....V`..gY..6.....[....cF.p/.:.Z..i...o- .o%...Y...... c/PJ.3...... ;./"f&""...p'.".~....Q)u....p..g..jY.....9.../.*.,.`[email protected]..."...... wEQ ..x].J...C*...$...D.D.*!2..H.....b.....8...N.<..a...... $.'..f>#"+.....f;.u.DA.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\shares[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.187889194919351 Encrypted: false SSDEEP: 3:kXuT+I:US+I MD5: 6C62C9B2537E8EE6F58C4D2BF1232A11 SHA1: BC5403041F675B334E06C8F26BFBF0C182FA3305 SHA-256: 2FC9C10CC405B7666DA6D32E8F02D159413BF0F4FB7E6F0806E9A3A82E7C36DE SHA-512: 23582E615D3581BE1839D5F53FDEA3D3B8AC5B7682D159661C17ED175947924F2B51EFF66E23996D6D7E7EB73901C7A1B83B6801052E7203AB616A12E8DC47D6 Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fapkdownload.com%2FRHI-Magnesita- Gatherer%2Fcom.rhimagnesita.gatherer_mobile.html&callback=_ate.cbs.rcb_frle0 Preview: _ate.cbs.rcb_frle0({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\shares[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.294246013232288 Encrypted: false SSDEEP: 3:kXtB+I:UT+I MD5: 41FB610F394505793A63F387816271A2 SHA1: ECC0B544F5108B49F8BC73CCDA12066F34AF1BF9 SHA-256: BF6161DFFC8C979F73B8FFF320023D6CD54E512E9DAD71E2A712686D8A8BA11D SHA-512: 7FBB12CEB3B8BD5D2D008A9B3BB5A7CD0205C4E994B8DCECDDED5E9508FAE5908C6BB8385D301EEE890ED14B4ECED798A28B03277FB6CC2584B05FB13D17 3B6E Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fapkdownload.com%2FRHI-Magnesita- Gatherer%2Fcom.rhimagnesita.gatherer_mobile.html&callback=_ate.cbs.rcb_f6f40

Copyright Joe Security LLC 2021 Page 13 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\shares[2].js Preview: _ate.cbs.rcb_f6f40({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\shares[3].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.2107645737727895 Encrypted: false SSDEEP: 3:kXeXNYI+I:UeXNB+I MD5: AAAC8473E1B37E88D189DE5D984A2877 SHA1: A2868BB58D9F35A0A1209433E9C9B66426F3362F SHA-256: 54C8B5F377530BED35ECDF57AF25941B8A2A5F1BFC91C1D01B6CC543F51FFF5F SHA-512: D0439B0C73C23D01FB877CAF44232CD6AD5805FAEA2B78316D9D4613633DB97968E00C9BDBA63AF81AF39B1110F64C3611C670AA12106667C2E31D1B9D9B52DF Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fapkdownload.com%2FLG-Health%2Fcom.lge.lifetracker.html&callback=_ate.cbs.rcb_hhkx0 Preview: _ate.cbs.rcb_hhkx0({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\shares[4].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.35485207383835 Encrypted: false SSDEEP: 3:kX5vs+I:U6+I MD5: 9D185714C988886A4924BDCE71AC08CB SHA1: 272D3DF2D11FFB8E29F5D92F5010226062FF2B56 SHA-256: 0AA40A3D037360A62D145D15E537866240DC075A076E36F2AE2B8F918A81221D SHA-512: CAC8C167FCCC75BB275A2B0AC336F91974B085D48419AA9A60527A94922DF7EE33EF2898AB5617532B861593651D3E27A1624E953C0FE403838498823ED8ED6A Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2Fapkdownload.com%2FLightBike- 2%2Fcom.pankaku.lightbike2.html&callback=_ate.cbs.rcb_479u0 Preview: _ate.cbs.rcb_479u0({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text Category: downloaded Size (bytes): 15453 Entropy (8bit): 4.754073383148667 Encrypted: false SSDEEP: 384:BFcJBtwoq3irGUUFDgF92FidF6+kFMcFl4FI90F5F/Fu4AXT1nYlozd67FA:BFcJBtwoqfFDgF92FidFZkFMcFl4FI9F MD5: 0BF490A8A2BD7CF8AD7D00E8F3E6CE39 SHA1: FA6AEF972974533663D3CC37766DEB2EA0D9F2C3 SHA-256: 373E87CCD84177C9EC62C7FA9F618EBACBC0E34D29F75B8BC8B8B866239F0B37 SHA-512: 387DA894C944E88C01391D139CF02EF4DE8AAA583384C816A1A6A24B3EE33551F25BEB107C94D5D4DAC7DB3D01551D8E627D8976F5355BACBA96A6396FC92A4 F Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/cssjs/style.css Preview: .cicon i {. display: inline-block;. vertical-align: middle;. width: 20px;. margin-right: 5px;. border: none;. height: 20px;. background-repeat: no-repeat;. background-image: url(/images/icons.png); .}...cicon .action {. background-position: 0 0;.}...cicon .adventure {. background-position: -20px 0;.}...cicon .arcade {. background-position: -40px 0;.}...cicon .board {. background-position: -60px 0;.}...cicon .card {. background-position: -20px -20px;.}...cicon .casino {. background- position: -40px -20px;.}...cicon .casual {. background-position: -60px -20px;.}...cicon .educational {. background-position: -40px -40px;.}...cicon .family {. background- position: -80px -40px;.}...cicon .music {. background-position: -40px -80px;.}...cicon .puzzle {. background-position: -60px -80px;.}...cicon .racing {. background-pos ition: -80px 0;.}...cicon .role-playing {. background-position: -60px -100px;.}...cicon .simulation {. b

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\unnamed[1].webp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: RIFF (little-endian) data, Web/P image Category: dropped Copyright Joe Security LLC 2021 Page 14 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\unnamed[1].webp Size (bytes): 3918 Entropy (8bit): 7.907134222188748 Encrypted: false SSDEEP: 96:81+FwHKYET1i9SPCiVbk/QRlVwevikTcpgO:81+KKh1iCVB3vTtO MD5: 2F4C35F3A07B6722A3A4E8958D0F7BAA SHA1: 8E39D0AD02BB6DB49E8ACC12D4A80A86A268907D SHA-256: 00ABEE9810A006C33D6C88F1D03D07988F606D54326DD755FF7D4B4DFCFEA973 SHA-512: A35C3EE17217125395D4C0E34D9FC48491A7B4C6DC93499195936DD3FFA61B1A090630D2C7FA589DD82B06295438AEE90F23A19E8EF0C560E6853946B08CA73D Malicious: false Reputation: low Preview: RIFF.r..WEBPVP8L.r../.@%.M8l.F.F3.`!M...... 7....B5....v..X..*.Xk..`..A...... K5.h.....MN....E...{...|...Yq...@....#j.s.9.iA9.....B..3...... Vq.....,E.T[.a...... e.6\...~.K....fi..*R...r../.... .m5.Z.;...C.zn.'...... K...... +.....b.3....7....n4...._k.....8.c...... ;t<..SW#....@...... F6h....F...r,.B...... &.8...P....dfD.D....X2..*.R.8\.$.I[c..,+h+.k.y....C.u.....xo..|l5.I..2...z.zc....3 .....#..dr=...mv.V...}..aB-..f..n...b....g..%f..c,[email protected]..?..g..[...... BmY..*.g..RD.W6._...L...... 3.....F.`.h.....G[G...E.....|.C...1.h.....I). .[.M#../.Sg..nf>.O...0sR.....,e....8)....GhF3M i...U...?.&.M~dN.e.2..2..m.....i.....0...... G...M.3...... SN...*...... o(...*..H...tl]..^..77..4).343.....P.m[..s...03333..I#2..f...... Tbff..t.._`.-8...m.!.z..V..m..N.t...... D...X.....m.m..}..=.TB... (...F....m.E'.....].-..K$....;,.q.|f../.+...... x<..^@..C...... $.F..m.3.^..\...m..vwY.Y...... O...e.U.....'.I...... V1W...nQ.>...jT...... w..~%.Vm...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\1[1].txt Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 1478 Entropy (8bit): 5.069751515014936 Encrypted: false SSDEEP: 24:mG37eYefNzf13BjXtJ/8Yedue79M6G/tcBeAfNzf13BjXtJ/8Yedue79M6kP1OBf:jeYwhhtJ/8YeduS9G/tgeqhhtJ/8YedX MD5: 730846453BD94C3FD461146D9C803919 SHA1: 87CE0A6994970BF44A00496CDA0D3A70E5678FCF SHA-256: E92C979C80F16F9301FE6202DDEC332070B1070055D02E20CEABA91EAFFB3BA6 SHA-512: 7EA99718D8A12ECED23E57B2248BFCBA29CFAD05AC6E29CB8CDF909F288F732793CDE75911A8F2764371EFFE0AB31E2675CFEE88F0AC3BE760CF5A85841DA0 D5 Malicious: false Reputation: low Preview: _ate.track.config_resp({"pc":"shin","tool-config":{"_default":{"widgets":{"z73q":{"countsFontSize":"60px","hideEmailSharingConfirmation":false,"counts":"one","widgetId":" z73q","shareCountThreshold":0,"originalServices":"facebook_like,tweet,pinterest_pinit,counter","label":"SHARES","__hideOnHomepage":false,"numPreferredServices": 8,"borderRadius":"0%","size":"32px","titleFontSize":"18px","thirdPartyButtons":false,"elements":".addthis_sharing_toolbox","responsive":"0px","creationTimestamp ":1417074153173,"iconColor":"#FFFFFF","counterColor":"#666666","hideDevice":"none","style":"fixed","id":"shin","hideLabel":true,"toolName":"Inline"}}}},"subscription":{"a ctive":true,"edition":"BASIC","tier":"basic","reducedBranding":false,"insightsEnabled":false},"customMessageTemplates":[],"pro-config":{"_default":{"widgets":{"shin":{"co untsFontSize":"60px","hideEmailSharingConfirmation":false,"counts":"one","widgetId":"z73q","shareCountThreshold":0,"originalServices":"facebook_like,tweet,pinte rest_pinit

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\1[2].txt Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 2868 Entropy (8bit): 5.002999810127879 Encrypted: false SSDEEP: 48:jeYwhhtJ/8YeduS9G/tgeqhhtJ/8YeduS93kFeYwhhtJ/8YeduS9G/tgeqhhtJ/I:fwrkYedHrkYed5kNwrkYedHrkYedJ MD5: CEF355A7C7FF51291A72C626D506D1F4 SHA1: 9EABC86A03E15795D786A7AE26D2C52C2EB77B62 SHA-256: 329F597E4A300263A322B1CF97C67DC54D7533797F13E2BE0612C5896429EF5C SHA-512: EAED5EEB1B2FE7DEC920FF7225B11388423FC6A6922178E8A77C215413AA47B6CF8E1A5B184E3264DEAD3681D282B0B62F1B02A0D106D499D7759BF24CF75F7 4 Malicious: false Reputation: low IE Cache URL: https://v1.addthisedge.com/live/boost/ra-5476d42400e868c9/_ate.track.config_resp Preview: _ate.track.config_resp({"pc":"shin","tool-config":{"_default":{"widgets":{"z73q":{"countsFontSize":"60px","hideEmailSharingConfirmation":false,"counts":"one","widgetId":" z73q","shareCountThreshold":0,"originalServices":"facebook_like,tweet,pinterest_pinit,counter","label":"SHARES","__hideOnHomepage":false,"numPreferredServices": 8,"borderRadius":"0%","size":"32px","titleFontSize":"18px","thirdPartyButtons":false,"elements":".addthis_sharing_toolbox","responsive":"0px","creationTimestamp ":1417074153173,"iconColor":"#FFFFFF","counterColor":"#666666","hideDevice":"none","style":"fixed","id":"shin","hideLabel":true,"toolName":"Inline"}}}},"subscription":{"a ctive":true,"edition":"BASIC","tier":"basic","reducedBranding":false,"insightsEnabled":false},"customMessageTemplates":[],"pro-config":{"_default":{"widgets":{"shin":{"co untsFontSize":"60px","hideEmailSharingConfirmation":false,"counts":"one","widgetId":"z73q","shareCountThreshold":0,"originalServices":"facebook_like,tweet,pinte rest_pinit

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\1byCate[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded

Copyright Joe Security LLC 2021 Page 15 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\1byCate[1].htm Size (bytes): 59520 Entropy (8bit): 5.04885327078013 Encrypted: false SSDEEP: 768:NS5qt6hUl2spSlO8W7iI9zKb61S93HG8iQxOysi:NSwtgg2uSlO86/eisOysi MD5: CA7D506675C27472FD176BAF9223B241 SHA1: 9F8809BC79E4DB345D41EB86DDB3B627D906861F SHA-256: FFA02BB78F36DD155ADAF3442FF50F878CDD363F9D3AD0711EBD9B0CC0442AFB SHA-512: 6CDA331D521C8CBE5DE96498AAC339FF879A119F98308A6A7CD58BDC0B8FD325BD8FAC6F0CBE9A2AA59F2ED49310317136A5E88DC380804C258BF6548F1FAE E0 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/1byCate.APPS_1 Preview: ... . . .. . . . . . . . . . . .. . . .. . . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\count[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 428 Entropy (8bit): 4.115284896162877 Encrypted: false SSDEEP: 12:/QnKbgyY/YheOiJXHih4RY5ihHP2Z5Q5WyPGdrCy4h:Fs4haJXHih4+iheZ5cqhCym MD5: A3CBEAD0D05C18EC4B8FE198F554D770 SHA1: 595DDFB52E4812A053CFFE1721C17DD3E7316BAE SHA-256: 352005E16D0A1D23E3B047B0717F66BF54E134105ED9841C7D368F1F14AE0DF2 SHA-512: B61F393DEB502D3E054778AFFA58170555B99EFC5B17290F224472B1A8531B83B7CAF4FF7D193163CB602E95916FE0D974F750125E676DC182A4DB4D94ECF843 Malicious: false Reputation: low IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json? url=https%3A%2F%2Fapkdownload.com%2F%D8%A7%D9%84%D8%A2%D8%B0%D8%A7%D9%86%D8%8C%D9%85%D9%88%D8%A7%D9%82%D9%8A%D8%AA - %D8%A7%D9%84%D8%B5%D9%84%D8%A7%D8%A9%D8%8C%D8%A7%D9%84%D9%82%D8%B1%D8%A2%D9%86%D8%8C%D8%A7%D9%84%D9%82%D8% A8%D9%84%D8%A9%D8%8C%D8%A7%D8%B0%D9%83%D8%A7%D8%B1%D9%85%D8%B3%D9%84%D9%85- %D8%A8%D9%88%D9%83%2Fcom.muslim_book.muslim_book.html&callback=window._ate.cbs.rcb_hw4p0 Preview: window._ate.cbs.rcb_hw4p0({"url":"https://apkdownload.com/\\u0627\\u0644\\u0622\\u0630\\u0627\\u0646\\u060C\\u0645\\u0648\\u0627\\u0642\\u064A\\u062A-\\u0627\\u 0644\\u0635\\u0644\\u0627\\u0629\\u060C\\u0627\\u0644\\u0642\\u0631\\u0622\\u0646\\u060C\\u0627\\u0644\\u0642\\u0628\\u0644\\u0629\\u060C\\u0627\\u063 0\\u0643\\u0627\\u0631\\u0645\\u0633\\u0644\\u0645-\\u0628\\u0648\\u0643/com.muslim_book.muslim_book.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\count[3].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 427 Entropy (8bit): 4.139071277506256 Copyright Joe Security LLC 2021 Page 18 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\count[3].js Encrypted: false SSDEEP: 12:m1nKbgyY/YheOiJXHih4RY5ihHP2Z5Q5WyPGdrCy4h:Vs4haJXHih4+iheZ5cqhCym MD5: 5A13AD6C1026B9B19B643923808F7D10 SHA1: 52421D2C999DDFCBC42FA0F580B02A9581085F63 SHA-256: A38F33A1EFD3809F6A19D61A248535A85BDC01A1F24ADE6FADE1C6364CA41E99 SHA-512: 7857CACF25CF73841F5072C305DE5E6F6D87CA03851986B4B6122215BB1B84FAA79C0F044D58FA39B3674B18F3324D570814C5CABCE74BFAAECECE0EB75D00F 8 Malicious: false Reputation: low IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json? url=http%3A%2F%2Fapkdownload.com%2F%D8%A7%D9%84%D8%A2%D8%B0%D8%A7%D9%86%D8%8C%D9%85%D9%88%D8%A7%D9%82%D9%8A%D8%AA- %D8%A7%D9%84%D8%B5%D9%84%D8%A7%D8%A9%D8%8C%D8%A7%D9%84%D9%82%D8%B1%D8%A2%D9%86%D8%8C%D8%A7%D9%84%D9%82%D8% A8%D9%84%D8%A9%D8%8C%D8%A7%D8%B0%D9%83%D8%A7%D8%B1%D9%85%D8%B3%D9%84%D9%85- %D8%A8%D9%88%D9%83%2Fcom.muslim_book.muslim_book.html&callback=window._ate.cbs.rcb_gyqe0 Preview: window._ate.cbs.rcb_gyqe0({"url":"http://apkdownload.com/\\u0627\\u0644\\u0622\\u0630\\u0627\\u0646\\u060C\\u0645\\u0648\\u0627\\u0642\\u064A\\u062A-\\u0627\\u0 644\\u0635\\u0644\\u0627\\u0629\\u060C\\u0627\\u0644\\u0642\\u0631\\u0622\\u0646\\u060C\\u0627\\u0644\\u0642\\u0628\\u0644\\u0629\\u060C\\u0627\\u0630 \\u0643\\u0627\\u0631\\u0645\\u0633\\u0644\\u0645-\\u0628\\u0648\\u0643/com.muslim_book.muslim_book.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\download-32[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 358 Entropy (8bit): 6.930897993713769 Encrypted: false SSDEEP: 6:6v/lhPkB2prdc0Cmww5drADcLIACf4MOfVvD+Ronp5K2DwLVfsZEimiUjsJBXCNR:6v/7sorKWwKrvk2p525fs1mU1QYc MD5: F3FAE2E40EE447DB9F2014CA1304CAEF SHA1: 3772892D3665F7F71ACB6EA502DF587BBE1BF10B SHA-256: 33077EBD90CEEB38A3EFA1D50F308E144DBB09C47FA0F80FF931A5ED4CFF6822 SHA-512: 765E081BDF2871ACC94D7E26F340B78225C99389264EC92E878F444FBB9EF6B20CB83CC7F1347575D730318177FBE9D0EFFDA7CABCF041B4F66473AFF10D82FE Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/download-32.png Preview: .PNG...... IHDR...... D...... oPLTEGpLQ.9.x8.wA.~J.U.-.q-.sv.8.yR.0.p:.y0.rT.B.~;.x3.sX.w.-.s=.{E.3.f:.{9.y;.zU.T...... i4c....tRNS..UM...f3.N.KT...W...(...SLV ..m...... IDAT8...... 0.E.....3...... b...... WI.<+.(`..UU.R.3....(.6..<_.,.^..3.B...;.G..x...x...3..m.pg..>....p.#Dy...._.. ..E...... D...`.P...... IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\gp_logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 183 x 39, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 3015 Entropy (8bit): 7.903303196959841 Encrypted: false SSDEEP: 48:KxS/DDR4f0ZARcDQbch05t8fBZP1Tdch07nxFJeu98jBrj4Q1OFceddEOmZAHJV1:aSE0mqXfBZ9TmhAxFgu98jBrj4yOFrdl MD5: 8C6CFF43DBC8A86E4BC32B60961C34F5 SHA1: 1866EDD5336E2E729C1A922BB3986433A0C1130F SHA-256: A12B2B589A2A7AAFE31A40AEE94ACC4C820DBB81CAA41CDBE2F2508E3E6BA866 SHA-512: D0CA68AB7A1CD16B2C7987386B0E9A73C1323E5D9629A67150C47020DEFEEEEBEC49B23C6C0149241A628B314C20A481DE9BE2F62AC3AF67DC6D0E42D08BA2 E0 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/gp_logo.png Preview: .PNG...... IHDR...... '.....M...... IDATx...P....OBp...8!....w...#...... _...+M..T..s3...L6..j...... %./g.MA..w6.h.q.%[email protected]%..}...... b...n'..$<....t..x..6.....t}...\.....%X?3...y.c. ..E4....6....o.Z.._...V...... z...9...... ~..l>w...uh....67....]....=z..F..7..6..7.L.uh...... !<\.m..j..>3...... 9..\.#.F/...... A..N...-O>..o|..9..G%..._.'...l....G..[C..R..%..t!....$...M..F....".c... .$8<..g.=...... I.o....b...... t .....I!.....9.0...... S...... xK}h..eX.ZU2..K.....3...(...... pL.GN....Zs..!.\[email protected]~>.Z6... o#J.$"..'2..l.q.%..;..=.%|.L.."...... +~....h.||.....Kd...<.b..% M'[email protected]".(....f.}.In.I'.."...... /../...... K.t....j.}...... L.7O...... +...... AV..].8..ruf..!.....Y$m....}....'.zp....}5.9^..k...bu..Xo..O.<.n....5.5.>...D.ZP.I....6....HH.K=.I....}.....*q..ET...... &. ..o...K, v.....DUr..1.../.w.$1b.+.n!2._b. Gl...... V.}[J.{Xn#...w#...H,...... X...... J..,...r.?.*.q.;....H.s.x...D-Q...... 8....].w..&...... B

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\layers.fa6cd1947ce26e890d3d[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 269557 Entropy (8bit): 5.429111467374434 Encrypted: false SSDEEP: 6144:ap1Lf7mGJQoq/cpp6+PVfVDRGpTr5ojO3:abj7mGJQCp6+PVfA5oK

Copyright Joe Security LLC 2021 Page 19 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\layers.fa6cd1947ce26e890d3d[1].js MD5: 476D935D6723F9ABEA1160C155FFB725 SHA1: 477FF2F072C62493BE703060B3DA7C7A5492F840 SHA-256: 6121CA306AD1045453D52517B8F436EB5A68055C82AEFA46A9A77DE36996A3DF SHA-512: C8B11FC445236C60E3D75BDC4BE71F3E6CA46E931740795A1ADDCD86B0F53F721192842017BD414E383A74F5544C23DBADD796E2074E0FC57CCFC7F06B84CD0 9 Malicious: false Reputation: low IE Cache URL: https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js Preview: atwpjp([216,210],{347:function(e,t){"use strict";e.exports=function(e,t){var a=t.replace(/\//g,"\\/").replace(/\./g,"\\.").replace(/\+/g,"\\+").replace(/\?/g,"\\?").replace(/\]/g,"\\]").repl ace(/\[/g,"\\[").replace(/\^/g,"\\^").replace(/\$/g,"\\$").replace(/\*+/g,".*?"),n="^"+a+"$";return new RegExp(n).test(e)||e===t}},359:function(e,t){"use strict";e.exports=function(e) {return e.replace(/\s+/g,"").split("//").pop().split("#").shift().replace(/\/$/,"")}},360:function(e,t,a){"use strict";var n=a(5);e.exports=function(e){if(window.addthis_config& &window.addthis_config._forceClientMobile)return!1;var t=n("mob",e),a=t&&window.screen,i=a&&window.screen.availWidth?window.screen.availWidth:0,o=a&&w indow.screen.availHeight?window.screen.availHeight:0,r=!!t&&(i>o?o:i);return!!r&&r>767}},361:function(e,t,a){"use strict";var n=a(360),i=a(5);e.exports=function(e){return i("mob",e)&&!n(e)}},362:function(e,t){"use strict";e.exports=function(e,t,a){var n,i;if(e.some)return e.some(t,a);for(var o=0,r=e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\moatframe[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 1705 Entropy (8bit): 5.531860359366191 Encrypted: false SSDEEP: 48:V+SiCucuqiTlBgaavwmpbDDRlsSEpvJEBrcm:8FJqQMZvJcSEty MD5: DD1A19CB8D13E4571D2B293C0A0D2CCF SHA1: 18070DD5C894930A8AEF7117BF8D49BD4922A723 SHA-256: 05090F9390F5BC0CD23FE5F432037CC92D7CBCE1CED9BFE8FAF3D1C9ABAE85CD SHA-512: 9103CA5B7E85BA307A366134146D9505A6CA8722878629678F680B790108AB9DE31ACEDCCA36AC79EC989194BEA55C2C08CD14A08CD0BC67841D16C115D4FCB 2 Malicious: false Reputation: low IE Cache URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js Preview: /*Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.*/.(function(){try{var l=function(b){var a=!0;try{b.domain}catch(f){a=!1}return a},r=function(b){return b.replace(/:/g,"%3A").replace(/=/g,"%3D").replace(/,/g,"%2C")},q=function(b){try{var a;var f=b.data;if("string"!==typeof f)a=!1;else{var c=f.match(new RegExp("([a-z]+)"+d+" ([a-z0-9.-]+)"+d+"([0-9]+)"+d+"([a-z]+)"+d+"([0-9]+)"+d+"(.+)","i"));a=c&&7===c.length&&c[1]===m&&c[2]===n&&-1!==c[6].indexOf("check")?!0:!1}if(a){var p;var h=window. top&&window.top.location&&window.top.location.href;p=h&&("string"!==.typeof h?0:/^(?:https?:\/\/)?[^.:\/]+(?:\.[^.:\/]+)/.test(h))?h:!1;if(p){var t,e=window.top.location. hostname.replace("www.","")+window.top.location.pathname;"string"===typeof e&&"/"===e.charAt(e.length-1)&&(e=e.substr(0,e.length-1));if(t=e){var g=JSON.stringif y({available:!1,fullUrl:r(p),cleanUrl:r(t),urlSrc:5}),g=g.replace(/"(\w+)"\s*:/g,"$1:"),l=b.data.split(d),q=[m,n,k,u,l[4]||k+1,g].join(d);b.source.pos

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\more-24[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 180 Entropy (8bit): 5.6215021100713 Encrypted: false SSDEEP: 3:yionv//thPl5ljXrtxBllyyGU9mG9RthwShLKOWGEVwrBxtsUF8riwRYMTWfljoK:6v/lhPZXQAjdKcrNs/RvTKx0/mp MD5: 2694BAA850386D1958F12A2F64D6FD4D SHA1: 019E37524A4E8ACCDA363673D80671A57BB80963 SHA-256: 4C5D76134DDBF96DAF4B19B1B9B900CB40A411EE266FD03FE4CF75C588FDB3E8 SHA-512: 4A3953B4C5F8E864492493910AAB0FF3373E4DE68563FA9C246D3D3E424775D773D1D22E5B8909313D80999C9D60331F35C8124B47B9868B97982C3882E7DCC5 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/more-24.png Preview: .PNG...... IHDR...... w=.....sBIT....|.d.....pHYs...... c.....tEXtSoftware.www.inkscape.org..<....1IDATH...... [email protected].}/k....$....dE.gEz...... B..V....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ru.tsk.ftc.bender.qpay[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 141074 Entropy (8bit): 4.722545283376508 Encrypted: false SSDEEP: 1536:Wtgg2NVAPnXIM3v1+MVepTOn9VBaPgOAEY9isOysi:eg5OPnXIM3v1+eetHVcVb MD5: F54F916224CA91A54449C88C7708332A SHA1: FBFC7339ED31CF9509E6FC743C75FE9647F6D16C SHA-256: EA515382A5BEC4D9C64A3839D58CCE8F5E8D6C9F6268449FAEAB288462B9793D Copyright Joe Security LLC 2021 Page 20 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ru.tsk.ftc.bender.qpay[1].htm SHA-512: BBC11A8C646ABA7DA15C5D200129ABC18D98DD3CED3AEFAEADCB4856558F1457A15C042C689BEE445BC043EFF5A44CEF1E13E672124890C142B98EFA5081F8 62 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/KoronaPay-Money-Transfer-Send-amp-Receive-Worldwide/ru.tsk.ftc.bender.qpay.html Preview: ... . . .. . Maestro debit or credit card issued in Europe, or by bank transfer. Your family member or friend can credit incoming transfers directly to their card or pick up cash at the KoronaPay agent locations.."/>. . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\1byCate[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 61054 Entropy (8bit): 5.224296125708703 Encrypted: false SSDEEP: 768:L+5qt6hUl2sl/bBuh6keRfMDV+Fx68iQxOysi:L+wtgg2CbBuEFMDV+FJisOysi MD5: 7C5E68D3F1CC05457CB3FC3B2FCB7774 SHA1: 3298BCA9EA8204788182B261F346CD12C77E91EC SHA-256: 61E50544287CB2F6F88ECDADA67DBB92E2B5EF2581107C725DFF1F720D666E61 SHA-512: 99AE5EDF1A388E152C5148C9524B6D339D5F28B0B3278BA5EA17493DFA544570B0FD65DDAF5D180D39FB6DBFB7C0FF30857EAD7A52AEF187F20731BFFDBBCB C6 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/1byCate.BOOKS_AND_REFERENCE_1 Preview: ... . . .. . . . . . . . . . . .. . . .. . . . . . . . . . . .. . . .. . . . . . . . . . . .. . . .. . . . . . . . . . . .. . . .. . . . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\appicon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 860 Entropy (8bit): 7.451669947595083 Encrypted: false SSDEEP: 24:hin5aZpgLd1nSDFl8u0kkVS1Qqqn0y8XG:hi5aPOTnSMaQDngG MD5: 4E51F7B7096F45FB7816AE863AF7D101 SHA1: 0A5781BE935F2B7F08AFA7D95108EEB3D78CE0B5 SHA-256: 6457657EC44AAB1A20770E2B34E927AB40EF09CC0183CAA32A4023E9C6A3D63E SHA-512: 30E0C28A6B7AE57F3062AEE6B38409046E6118D18F6CABEB2176E15C0A4FB74EDDB4546685FE260066624BFA66C4418D9ACB8CD55EFD613C2B1E18E6922B16E 6 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/appicon.png Preview: .PNG...... IHDR...... D...... nPLTEGpL3.s..r..q+.q..q-.q..q..q-.p,.o-.p-.r..q..q-.r,.u+.q..q..q..t..q..q1.m..p..t,.o(.k..r-.q-.q/.q-.o/.q/.o-.r-.r-.q+.r,.r..q..q..p..q/.q..q..q..q/.q.. p/.p0.p..q...... 7.wr...0.r.....A.~....K...... <.z3.tL...... w.?.}...9.y...... m....;.z...... G...... P...... 5.u...... {...... c....F...... f...T...... >.|..c....4tRNS..8...-..I.9U..#$H...... !....".>.GJ../:..V...~T}0|...... iIDAT8.Sec.0.E[..0../=..1`...... I(...>...^.r.....[[..\MmhkB...... 1...ufT...R..4...z...... N....hl.3..%N..(#.v>...... [$F..l.'.!.h...... O.....r7._6....z.<..&l.... .?..O`..X.A..qQ||..(!.;[...... 1...W6.g...... J..sx"{.\]Q"...... ]z}c1...... I..O.!"...d...0'.....Kd>....|.AZ...K.ajR.t.jz...zU.Y.u.A.R.2.w..)..U..m[..|Q...^F,.V..`..e...3..=...x...|.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\com.pankaku.lightbike2[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 68193 Entropy (8bit): 4.846793799490662 Copyright Joe Security LLC 2021 Page 23 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\com.pankaku.lightbike2[1].htm Encrypted: false SSDEEP: 768:vyMqt6hUl2s630d93cJ1vyT8N7KwDv3w0qoI8Vl58iQxOysi:ytgg2568lKwD3wqeisOysi MD5: 650415C1D77836010157322022A01F9D SHA1: 190035464A21E93C6C3723DE4BA12C201FAF6A6E SHA-256: 11C96371AA22BFEF74F01013D9ADDDD48F1A6E3DB67C2B169BD249F434CA8D11 SHA-512: 5732A4CA174D2925242FB05038C1112076C9633160205188B07C95C39314E13FA612D8C6C9036C1A3B8EB43864A6A4EE416140886DA4D15D3D58FDC55A7E1A8C Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/down_LightBike-2/com.pankaku.lightbike2.html Preview: ... . . .. . . . . . . . . . .rQ...... =...I.l..T..`....m...e..3O...E1X.'....k..<.q..W....`.A..Q..f..... F.$...Ib.A..'P..kP[...K.X,..=.A0..tuu.G?...... IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\search-24[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 36 x 36, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 610 Entropy (8bit): 6.346988472027064 Encrypted: false SSDEEP: 12:6v/7GaB53ZJQx/3c3VM2E3K3v7g1GgXni:3aj3v3rzg1GMni MD5: 8B23C91B59B504C838E6AA6BFDCA7181 SHA1: EC533ECE333C99C5C7E3C866F1792ABE7D2B73E1 SHA-256: 6A4237649E6EB27A34C95E127412F9B882E4A4558F3F24680A6DB317E83C173F Copyright Joe Security LLC 2021 Page 24 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\search-24[1].png SHA-512: 3300C99B3B900BCF04CCEDB5B2871C146AB2FC7149B5D753AD969E84B4F2591B3ED8C96CBAD17E5EA894179F622DD9211BDAD5E055670C7EA2CF6C5507ACE9 21 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/search-24.png Preview: .PNG...... IHDR...$...$...... h.....PLTE...... %....1tRNS....~....7x...... ZI?.....mja R=,.....e]&".rpC....B...JIDAT8...z.0...... j.V.K....SRLH.....a...AU.s..yH../.9..${....F.....:...3....8...|...... z..AF....O..KC.#.\P....QGn...... 2W`...[z"i.{..A.G....`..b.(.pw.o...ZOY....J. .W..C...... /l...a.e1.....vs.....fo.T}..^.....k..p.;:.....O#.|.O]q..r+...L.p...;D,|.Z..X.C.b%.g...... )RP..h~.+(R.....8.LAU.o.~.a$J.@},.,.....z..,.7.C#O.T)....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\shares[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.173033892020167 Encrypted: false SSDEEP: 3:kXl2BV+I:U2V+I MD5: C6514EDCCA3754F98119802F2F74E024 SHA1: 89936B618605AA62F5E381294952AEB4A0D6ADE6 SHA-256: 1AACC09B0467C136648CEFA9C9CAB73CEFE4E5E776F02499794320671FD0E04C SHA-512: 766BEC695D813473CF89A144DA585F913AED8DF82476ACB2908E0962E31F1CE4B37AC009578C78802D05BC0EE6F50BEB5E96F7E9CFA11B624BB8BCBCB62BD5 7B Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fapkdownload.com%2FLG-Health%2Fcom.lge.lifetracker.html&callback=_ate.cbs.rcb_aamz0 Preview: _ate.cbs.rcb_aamz0({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\shares[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 33 Entropy (8bit): 4.294246013232288 Encrypted: false SSDEEP: 3:kX6D+I:U6D+I MD5: 2CDA8ADE954B638383DA99E2167A0AA6 SHA1: 74C3821F641C958FB1EB49A4F8D53E6960EB4C32 SHA-256: 220C3FA825DA1458535BC021C10C736828B6B86247EA6C910C2F2C7E9515082E SHA-512: 14055E495FB447506542497949E8118975F2DEB6533F36D97F669B74F2995E5A941F9B37EAC64B847427D80D292668126F64B6CB303A766C3C9604598C255ACA Malicious: false Reputation: low IE Cache URL: https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2Fapkdownload.com%2FLightBike- 2%2Fcom.pankaku.lightbike2.html&callback=_ate.cbs.rcb_788p0 Preview: _ate.cbs.rcb_788p0({"shares":0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\unnamed[1].webp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: RIFF (little-endian) data, Web/P image Category: downloaded Size (bytes): 5624 Entropy (8bit): 7.966028943845409 Encrypted: false SSDEEP: 96:qb4I4M+Irnkt4aTLWccnAX/p3HIP1grIoV2XpEIbK39bMY7SDK2Sh:srn84GW1ncBoNgkoV2ZE339SDKRh MD5: 4F20F4E14CBD22944F1AFF770C8548E7 SHA1: B37B3DA000C71D4B9BEC99C01AAF54389EC91A3B SHA-256: C99C69C17A56393FA36CE58C91AAAC3F0C2309EA71E12B126D512EAC79421377 SHA-512: 04CFF4C3F30750B36F4DA6FFFB067FD17A4D6BDB852795B753E8BBC03F74F14890572BA4E6AB11F7B28E219F9DC9BE86504CFD3B6BDDF2A1E5AB771F44FB56 C7 Malicious: false Reputation: low IE Cache URL: https://play-lh.googleusercontent.com/UMvAsVzmIXThmPElXk9HbLvRsyTXJJENYoed0pgFpJXiEe21aVGdSyaQQl6KhtXbYQ=s150-rw

Copyright Joe Security LLC 2021 Page 25 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\unnamed[1].webp Preview: RIFF....WEBPVP8L..../.@%.....m..?... "[email protected]&..*K.!V....e;.m..J.....h...tztN'.....WpwV...8...;...... m...... ='.H.... .j.r..|.Dq $o%yk...... c..<.F.6..~i.*Q.....B...... \N.....".E.z,N.R.8|....L....:.s7.5.5...... `.q.O.+...h.AS.:.^r...@.....)..S...... !..C)!'5Kff.WA.w8.:To..b.."lp...z...... w..{..npj F].{.~.I...i.L..;[email protected]..'..y..Q.Xi.ML..H..{6.^.8.4.M.n.773|.~...$....ej4...68f..Df3S.>:..8....jT.(<...p....A..R.,.|.,"...q-..% q|..3.....4@c<......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\unnamed[2].webp Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: RIFF (little-endian) data, Web/P image Category: dropped Size (bytes): 3918 Entropy (8bit): 7.930315172431069 Encrypted: false SSDEEP: 96:sRwcQQHNVAJ9BwOcS/TCFlbk5PdPVnIRqm0JSD+xW7Vx:ITFHNq/6OcICFlodPVnIl0JSD+xW5x MD5: 959B69AC1982BA872110E7A7FCC212DD SHA1: D24DF50C82CACA2904B765B336A90476ABD71F35 SHA-256: 8A37C9111C01D29C9D9EE0F73EA5389BE72A34BA80B125C704F2DE874E3B2521 SHA-512: E5AAEB61643395443DAA8F03567550CD735C2004701AB30C18E6E077364775C27E5DE48999C2E660E41808EE7103F8BE3FE014E56AD86D8994A631D742B9C43F Malicious: false Reputation: low Preview: RIFF....WEBPVP8X...... VP8Lu.../.@%.M8l.F..r..Y.._.=5D.....fFR$.TK.;.,.*`-IKv..lN..d)O..F....<..NU4.V...... k?.L...... &.....h..{..4...... N.z.,...... #*..|.$q...... @.~.....$DA.J.{.A. ..Ad...... B.....u.V$.$.)..Z..."}...i.")...m.f...n.m....F...5....8.R..Y-..g's.r...b.)....Io.ZVR...=..&.PJ{.I.]R.A?.0h)...T/$S32..u.`O.Qr..k...6.E6m..."....rW..NRh..`p...... P{.`....P.;...&. ....XX...... y..^...q....5.6./.'...,di.C?.b....8...;xA.h.Zg.I..^.....N..2\.q..[...4..n3;.O.$..4"MiZ..#.i.....3.z.g.M...... R#.|k`..XmA..S8-...l..?Wr.H.~..]...+.G..].>.).{.h.6.2...H.Q...A6/#.;.N.....: ...Y.Gc..7...... ?...... `u.Y...... X...... b..L]./..I(Q...s.f...)..Y...... QRj..B.L.1aC#'.!...g...A.\R{T2A.\.J..G"...... ub..E.E..f.i4.n.S..7...... 0....^R.a*/.Vp+..;+z[....(..D.....*k..U.7.Ce.T .b.....h.A.6...g}...... P..)6).TQ....=*6Ey...... c.....a.6.M)...... c[.b...... h..[.....l.>...6...%.L..m.m..'.k..g..t..m-...... P.y^.m.e....mUo$.}...O.d...$sf1333..g0W.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\14.2dfb61b890959f78272d[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 397 Entropy (8bit): 5.155948597629389 Encrypted: false SSDEEP: 6:4SrPgMr/V3mc4slZDMjRb1yTJWfcfeJF6gvzCc9Ij3m+ECFdgb/GtCt:4mgY/V3jMjrylYcfeWgvW4Ij3m7/3 MD5: 0CC2F1AB1C909FD8FEE32A26D05819D4 SHA1: 81F95F27B3621D27C3F4637EE824419CDC50E797 SHA-256: 6070049215EF9B98D1B389D67963816172FF29513D34335C5061CD9619A3EA17 SHA-512: F85144DFB00874EC0139D65E808FDFE7DFFC4AAAAE2B2458C7FBB219F2078E8B047D36B9305F8EEFFFECBCE19F46BE61A73927BF3350031F1A5CC1E30A97576 0 Malicious: false Reputation: low IE Cache URL: https://s7.addthis.com/static/14.2dfb61b890959f78272d.js Preview: atwpjp([14],{119:function(h,t){h.exports=''}});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1byCate[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 59756 Entropy (8bit): 5.11381802148834 Encrypted: false SSDEEP: 1536:Y9wtgg2zPw7eOBRQu7mLASVDkQTcwkqisOysi:FgieOBRX7mLASNJVb MD5: DF15BAF1844571B46CFB7776FF8C059B SHA1: 21D4B62DBC975B5ABA7FE1B817F05E2E070E9492 SHA-256: C7A48B624FDF38A1A0180FABD625F5C6FCE3E59EF64C7940E65FEDBDFE39476C SHA-512: 1B9216E0350B3661A33E61CA764D0FFE25D4825CEE9012CB5E6C00A0C5C9A9F08BEE4C7BCFA0E1B1D25D6C2C6401667CCE6706C1125DFB770F32D26D03AA5E E8 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/1byCate.GAMES_1

Copyright Joe Security LLC 2021 Page 26 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1byCate[1].htm Preview: ... . . .. . . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1byCate[2].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 61156 Entropy (8bit): 5.114754997536382 Encrypted: false SSDEEP: 768:7U5qt6hUl2siaTGRNphJW53xpkKUDXz57RU8iQxOysi:7Uwtgg27fRK6Xz9isOysi MD5: 20CD69ED5A0791DFD0387E27A6BE955F SHA1: DD17BABEBAABD2EAE7DCA076333DBD3BEB281DF1 SHA-256: 86559874B69D36EFAC49B6589F2D9F420335EDC4DBF11610CB0F9B25E092C211 SHA-512: 947F88112BAAB38EFCAD550C940F9D8B97C4DF23B24C869314FFE3B6580CDE806BA6704F79E45EAA6F946DCA9F36490A097FD5ECC34CD6252C3E551BD3C90E7 6 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/1byCate.COMICS_1 Preview: ... . . .. . . . . . . . . . .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1byCate[3].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 60228 Entropy (8bit): 5.128044769864702 Encrypted: false SSDEEP: 1536:rWwtgg2+nZ+iw3NxqgWqExu8Ck+arqisOysi:VgKZhzqExOk+argVb MD5: B57773CA7511BD6ED21D688089B08259 SHA1: AD14E30C4728D513034CB98064B7F647300ADB35 SHA-256: 1A14EAD3F32572065907F7288D3014E5AFD91AE9D1EDA4C04317563AA4DCE783 SHA-512: 8E8664249D3C9A42CD89D6CE146FF3816962BA26D363D1105611A90126350939340E500CCF23EF252EB53842A7BB282D44BB87EBFDA1108C99C12464CA2E14FF Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/1byCate.ENTERTAINMENT_1 Preview: ... . . .. . . . . . . . . . . .. . . .. . . . . . . . . . . A.2.....&....Q4.....>..$q.....v.S.h ....F...... [email protected]....+...... &....Eq....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\count[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 104 Entropy (8bit): 4.882260151910625 Encrypted: false SSDEEP: 3:jmz+Q1hNVifoJlKy55YGHJDLAAxEGORH9QLbhn:jmz+UCwnK+hUZh4h MD5: AD1C380C05AEE83A4C387CEAD5D9E000 SHA1: 21AB987708909081B50D3CB54308AF87C3F70BE6 SHA-256: A0F9EC098C41C6C21DE3DAA816737973BEEBC5160258C50D0AD168B305DB4089 SHA-512: 0D4626814F1F4BF691F3C332641238A624BBA43D456D92AB66E60F844F2242523BE3F1C4B81520263C93BC5F641D7E1F67D9DCB8A87D2D8B53FFEB76720E901F Malicious: false Reputation: low IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fapkdownload.com%2FLG- Health%2Fcom.lge.lifetracker.html&callback=window._ate.cbs.rcb_3zid0 Preview: window._ate.cbs.rcb_3zid0({"url":"http://apkdownload.com/LG-Health/com.lge.lifetracker.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\count[2].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: downloaded Size (bytes): 109 Entropy (8bit): 4.903134730022905 Encrypted: false SSDEEP: 3:jmz04HDNVifoJlKy3MOf4vCORYX8HJ9QLbhn:jmz04HDCwnKg3+np4h MD5: 7B309A8E8E1F02F83B428A8028032CCF SHA1: 80B1816BEF736CE609657FBDDB5E6698D921BB0C SHA-256: FA25F0A53016EEFB2757A0B8DF5FB4476E3CE41C75F6630D7F39859132E132E0 SHA-512: B402C5055F8F0C2B2F0ACD4734A0F186AA5662B52A1C65D69F2EDF878E946718EA4DEFEA9C39C1A33F8A44E28BED08921FB37832F676EA297D83B076BB1334B 5 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 28 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\count[2].js IE Cache URL: https://widgets.pinterest.com/v1/urls/count.json?url=http%3A%2F%2Fapkdownload.com%2FLightBike- 2%2Fcom.pankaku.lightbike2.html&callback=window._ate.cbs.rcb_9exb0 Preview: window._ate.cbs.rcb_9exb0({"url":"http://apkdownload.com/LightBike-2/com.pankaku.lightbike2.html","count":0})

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\email-decode.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 1239 Entropy (8bit): 5.068464054671174 Encrypted: false SSDEEP: 24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc MD5: 9E8F56E8E1806253BA01A95CFC3D392C SHA1: A8AF90D7482E1E99D03DE6BF88FED2315C5DD728 SHA-256: 2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8 SHA-512: 63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBE E Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Preview: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.inner HTML='',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a =r(n,c),i=c+2;i-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll( u),c=0;c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 1 icon, 24x24 withPNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel Category: downloaded Size (bytes): 222 Entropy (8bit): 6.249154834522423 Encrypted: false SSDEEP: 3:9la/212onv//thPl5ljPhpSChJde6xAN09eWKjtA5HNsJTX/leMYwjeg7XORDzlX:Hz1vv/lhPZZppt1itUcYGQzWUp MD5: DB125A1679AF9948C34C3F2B6A411364 SHA1: F1470993536D7532ED6C551C537606B4F1D73456 SHA-256: F1671DC18D9165ABECC99B1D992C90342470D0D49575AAE809CC0FAE07D067B1 SHA-512: 33FC90EBBB3A43A704DBD7A26AC2AE5B50756689CDB42D4520F669F0F6F65AC4DC21085F539B8A0DCEA7942CFB66707CDBE4B3CCF9CA8C292360F6887C6612 20 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/favicon.ico?116022019 Preview: ...... PNG...... IHDR...... w=.....IDATH.c`...... t..>...Xq.A.PQ.a.m..0E.Wl...e8...O.....`@...... T.5[...lv<....pC:.?1.].~.6;...... d...Z@..[]~.mu.N..H....X@...... Z @{.F6....{vfl.Q....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\gameicon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 518 Entropy (8bit): 7.465700505622492 Encrypted: false SSDEEP: 12:6v/7eeur9k57E2pYMYCw0hG76d2bZqrEATvKmjZiu7iYj:prE42pY8978qgU99i0iE MD5: 8382B031CDEF7D785943D055F4EE0EBE SHA1: DD2693AD63DB751FE4DED2C8D125EECFC3CBA2DF SHA-256: D0EF988BFF004B433C306171AFA1278F2EE41F6659DFB7A940C426DCB023146C SHA-512: BD08DAA3562815F3E6B5FBF51A56B93EC8409B5E531BCAE9E1CD44EEB7AB0C285CA009BB589352FC138705BCAD73CCAA4C91264E8415CAC498C9D350BC23C 693 Malicious: false Reputation: low IE Cache URL: https://apkdownload.com/images/gameicon.png Preview: .PNG...... IHDR...... ;0...... IDATx...?(.a...KY..(.2.$...b8...$1Q....d...P.na....8g.A..W...... '...... A.S...}...}...... jV.._.....dB...... 5.....^....94.e6....;NT.U7...x.%...... :..I3...... *.U.;Zh>....a..K../.)....;,\...F.v....|.."Nw-4.P.vc...g.+=.!...... S...... _...`...y...... }.!....C2...... cD.-..p.+eH...... L.....j..p.G.....3~F#....0.../!....X.....E.>...... WL...4.iO...Q..K... .t.x..(V.&4....g..6S...7[.L.N...6.pip"....A=$..]n..Tk.*!../.j.....R~.lv...... IEND.B`.

Copyright Joe Security LLC 2021 Page 29 of 36 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\sh.f48a1a04fe8dbf021b4cda1d[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: downloaded Size (bytes): 72412 Entropy (8bit): 5.38735381785321 Encrypted: false SSDEEP: 1536:aV69lS5FN9hXuSja0+S+4p94gHaF1NCo+mzITLE5zv:a8lStbuy+4pag6jNCaIUl MD5: D1E5460011EFAB67F9D298E62CA41C69 SHA1: B518BB4FEF90AF133240C8E6EFC08F4B3B74C5AD SHA-256: 7B6BFA13F0778C40BB2A00AF9819BEA2F07AFCB4D071E7E4F436196953A5DB4D SHA-512: B8299E1E51BE8B1C913239D83CB5CA6CFCB48E4C6653FB235E08287276CF39CFD5C2E0288614BE164A799955561A0B868070837B44F94C7F7819404161C7D3A3 Malicious: false Reputation: low IE Cache URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html Preview: