From c4b7afc143ad9de40d017f804d52ddd3a03098e1 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 28 Sep 2022 18:21:58 -0400
Subject: [PATCH 01/11] portable case fix

---
 .../report/modules/portablecase/PortableCaseReportModule.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java
index f15dcd1692..1b022d069f 100644
--- a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java
+++ b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java
@@ -1378,7 +1378,7 @@ public class PortableCaseReportModule implements ReportModule {
             }
 
             try {
-                OsAccountRealm newRealm = newRealmManager.newWindowsRealm(oldRealm.getRealmAddr().orElse(null), realmName, newHost, oldRealm.getScope());
+                OsAccountRealm newRealm = newRealmManager.newWindowsRealm(oldOsAccount.getAddr().orElse(null), realmName, newHost, oldRealm.getScope());
                 oldRealmIdToNewRealm.put(oldOsAccount.getRealmId(), newRealm);
             } catch (NotUserSIDException ex) {
                 throw new TskCoreException("Failed to copy OsAccountRealm with ID=" + oldOsAccount.getRealmId(), ex);

From 41055f0bd36687fa3a8882f376e1c057bc55ab6c Mon Sep 17 00:00:00 2001
From: Mark McKinnon <mark.mckinnon@gmail.com>
Date: Fri, 28 Oct 2022 17:22:52 -0400
Subject: [PATCH 02/11] Add lookup of malicious chromium extensions

add lookup of malicious chromium
---
 .../autopsy/recentactivity/Chromium.java      |  64 +++-
 .../malicious_chrome_extensions.csv           | 338 ++++++++++++++++++
 2 files changed, 399 insertions(+), 3 deletions(-)
 create mode 100644 RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
index 41eefc21f8..352e23e767 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
@@ -29,6 +29,7 @@ import com.google.gson.JsonIOException;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
+import java.io.BufferedReader;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import java.util.logging.Level;
@@ -51,6 +52,7 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.casemodule.services.FileManager;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.coreutils.NetworkUtils;
+import org.sleuthkit.autopsy.coreutils.PlatformUtil;
 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
 import org.sleuthkit.autopsy.ingest.IngestJobContext;
 import org.sleuthkit.datamodel.AbstractFile;
@@ -109,6 +111,9 @@ class Chromium extends Extract {
     private Boolean databaseEncrypted = false;
     private Boolean fieldEncrypted = false;
 
+    private static final String MALICIOUS_CHROME_EXTENSION_LIST = "malicious_chrome_extensions.csv";
+    private Map<String, String> maliciousChromeExtensions;
+    
     private final Logger logger = Logger.getLogger(this.getClass().getName());
     private Content dataSource;
     private final IngestJobContext context;
@@ -154,7 +159,8 @@ class Chromium extends Extract {
         this.dataSource = dataSource;
         dataFound = false;
         long ingestJobId = context.getJobId();
-
+        String now1 = "";
+        loadMaliciousChromeExetnsions();
         userProfiles = new HashMap<>();
         browserLocations = new HashMap<>();
         for (Map.Entry<String, String> browser : BROWSERS_MAP.entrySet()) {
@@ -605,7 +611,8 @@ class Chromium extends Extract {
                     version = "";
                     description = "";
                     extName = "";
-                }                
+                }      
+                BlackboardArtifact art = null;
                 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
                         RecentActivityExtracterModuleFactory.getModuleName(), extension));
@@ -625,10 +632,30 @@ class Chromium extends Extract {
                         RecentActivityExtracterModuleFactory.getModuleName(), browserName));
 
                 try {
-                    bbartifacts.add(createArtifactWithAttributes(localStateArtifactType, extensionFile, bbattributes));
+                    art = createArtifactWithAttributes(localStateArtifactType, extensionFile, bbattributes);
+                    bbartifacts.add(art);
                 } catch (TskCoreException ex) {
                     logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
                 }
+                
+                 if (maliciousChromeExtensions.get(extension) != null & art != null) {
+                    bbattributes = new ArrayList<>();
+                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
+                        RecentActivityExtracterModuleFactory.getModuleName(), extension));
+                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
+                        RecentActivityExtracterModuleFactory.getModuleName(), 
+                        maliciousChromeExtensions.getOrDefault(extension, "No Source Identified")));
+                    try {
+                        bbartifacts.add(art.newAnalysisResult(
+                                BlackboardArtifact.Type.TSK_INTERESTING_ITEM, Score.SCORE_NOTABLE, 
+                                null, "Malicious Chrome Extensions", null, 
+                                bbattributes)
+                                .getAnalysisResult());
+                    } catch (TskCoreException ex) {
+                        logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
+                    }
+ 
+                 }
 
             }
 
@@ -1672,4 +1699,35 @@ class Chromium extends Extract {
         return faviconArtifactType;
     }
 
+    /**
+     * Load the malicious chrome extension file to check
+     */
+    private void loadMaliciousChromeExetnsions() {
+        maliciousChromeExtensions = new HashMap<>();
+        try {
+            configExtractor();
+            String malChromeExtenList = PlatformUtil.getUserConfigDirectory() + File.separator + MALICIOUS_CHROME_EXTENSION_LIST;
+            BufferedReader csvReader = new BufferedReader(new FileReader(malChromeExtenList));
+            String row;
+            while ((row = csvReader.readLine()) != null) {
+                if (!row.startsWith("#", 0)) {
+                    String[] data = row.split(",");
+                    maliciousChromeExtensions.put(data[0], data[1]);
+                }
+            }
+        } catch (IOException ex) {
+            logger.log(Level.SEVERE, String.format("Failed to load Malicious Chrome Extension List file (%s)", MALICIOUS_CHROME_EXTENSION_LIST), ex);
+        }
+    }
+
+    /**
+     * Extract the malicious chrome extension config csv file to the user directory to process
+     *
+     * @throws org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException
+     */
+    private void configExtractor() throws IOException {
+        PlatformUtil.extractResourceToUserConfigDir(Chromium.class,
+                MALICIOUS_CHROME_EXTENSION_LIST, true);
+    }
+    
 }
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
new file mode 100644
index 0000000000..401d8f5c5f
--- /dev/null
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
@@ -0,0 +1,338 @@
+# Detection Rule License (DRL) 1.1
+#
+# https://github.com/randomaccess3/detections
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this rule set and associated documentation files (the "Rules"),
+# to deal in the Rules without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 
+# and/or sell copies of the Rules, and to permit persons to whom the Rules are furnished to do so, subject to the following conditions:
+#
+# If you share the Rules (including in modified form), you must retain the following if it is supplied within the Rules:
+#
+# 1. identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated).
+#
+# 2. a URI or hyperlink to the Rule set or explicit Rule to the extent reasonably practicable
+#
+# 3. indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License to the extent reasonably practicable
+#
+# If you use the Rules (including in modified form) on data, messages based on matches with the Rules must retain the following if it is 
+# supplied within the Rules:
+#
+# 1. identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner 
+#    requested by the Rule author (including by pseudonym if designated).
+#
+# THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
+# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER 
+# DEALINGS IN THE RULES.
+extensionID,reference
+bgbeocleofdgkldamjapfgcglnmhmjgb,"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/chrome-extensions-malicious-domains-used-to-steal-user-data"
+ncjbeingokdeimlmolagjaddccfdlkbd,"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/chrome-extensions-malicious-domains-used-to-steal-user-data"
+cflijgpldfbmdijnkeoadcjpfgokoeck,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+ciiobgcookficfhfccnjfcdmhekiadje,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+cpdngajmgfolfjhnccalanfegdiebmbm,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+dfehheanbnmfndkffgmdaeindpjnicpi,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+djdcfiocijfjponepmbbdmbeblofhfff,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+epcdjnnpcbidnlehlklebmdijbjleefc,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+fichcldcnidefpllcpcpmnjipcdafjjl,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+fkacpajnbmglejpdaaeafjafjeleacnj,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+flhahaabnnkoccijodlhobjfchcchgjd,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+hadebekepjnjbcmpiphpecnibbfgonni,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+ijbcfkkcifjgnikfcmbdfbddcgjdmgga,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+iogkcdbmgbhoelodlobknifhlkljiepm,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+lamaflkhfcmnjcfkcolgmmlpajfholja,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+lepjcehmlpfdgholbejebidnnkkannpl,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+ljnppgaebjnbbahgmjajfbcoabdpopfb,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+llfdfhfdkdpkphlddncfjmajiciboanf,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+loiloamappomjnanlieaipcmlpmmolkg,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+mfdcjdgkcepgfcfgbadbekokbnlifbko,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+mgkmlkgpnffmhhfallpoknfmmkdkfejp,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+ndhhhgoicnabjcgnamebnbdgkpobbljm,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+njmjfnbhppmkpbbcfloagfmfokbokjgo,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+nofdiclilfkicekdajkiaieafeciemlh,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+pdfakgkkbagclonnhakillpkhoalfeef,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+pdlfbopkggkgdmgkejgjgnbdbmfcnfjn,"https://www.catonetworks.com/blog/threat-intelligence-feeds-and-endpoint-protection-systems-fail-to-detect-24-malicious-chrome-extensions/"
+aaeohfpkhojgdhocdfpkdaffbehjbmmd,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+abghmipjfclfpgmmelbgolfgmhnigbma,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+abjbfhcehjndcpbiiagdnlfolkbfblpb,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+almfnpjmjpnknlgpipillhfmchjikkno,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+bbjilncoookdcjjnkcdaofiollndepla,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+bblkckhknhmalchbceidkmjalmcmnkfa,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+blcfpeooekoekehdpbikibeblpjlehlh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+dajgdhiemoaecngkpliephmheifopmjb,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+dcbfmglfdlgpnolgdjoioeocllioebpe,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ddenjpheppdmfimooolgihimdgpilhfo,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+dealfjgnmkibkcldkcpbikenmajlglmc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+dehhfjanlmglmabomenmpjnnopigplae,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+dibjpjiifnahccnokciamjlfgdlgimmn,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+eeacchjlmkcleifpppcjbmahcnlihamj,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+eebbihndkbkejmlgfoofigacgicamfha,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ehibgcefkpbfkklbpahilhicidnhiboc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ekijhekekfckmkmbemiijdkihdibnbgh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+emkkigmmpfbjmikfadmfeebomholoikg,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+eogoljjmndnjfikmcbmopmlhjnhbmdda,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+eohnfgagodblipmmalphhfepaonpnjgk,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+faopefnnleiebimhkldlplkgkjpbmcea,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+fdbmoflclpmkmeobidcgmfamkicinnlg,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+fekjbjbbdopogpamkmdjpjicapclgamj,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+fhkmacopackahlbnpcfijgphgoimpggb,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+fjclfmhapndgeabdcikbhemimpijpnah,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+fkllfgoempnigpogkgkgmghkchmjcjni,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gbkmkgfjngebdcpklbkeccelcjaobblk,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gdnkjjhpffldmfljpbfemliidkeeecdj,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gelcjfdfebnabkielednfoogpbhdeoai,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gjammdgdlgmoidmdfoefkeklnhmllpjp,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gkemhapalomnipjhminflfhjcjehjhmp,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gmljddfeipofcffbhhcpohkegndieeab,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+gpaaalbnkccgmmbkendiciheljgpdhob,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+icolkoeolaodpjogekifcidcdbgbdobc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+iggmbfojpkfikoahlfghaalpbpkhfohc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+igpcgjcdhmdjhdlgoncfnpkdipanlida,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ilcbbngkolbclhlildojhgjdbkkehfia,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jaehldonmiabhfohkenmlimnceapgpnp,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jdoaaldnifinadckcbfkbiekgaebkeif,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jepocknhdcgdmbiodbpopcbjnlgecdhf,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jfnlkmaledafkdhdokgnhlcmeamakham,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jmbmildjdmppofnohldicmnkojfhggmb,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+jpnamljnefhpbpcofcbonjjjkmfjbhdp,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+kdkpllchojjkbgephbbeacaahecgfpga,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+lebmkjafnodbnhbahbgdollaaabcmpbh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+lgljionbhcfbnpjgfnhhoadpdngkmfnh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+lhfibgclamcffnddoicjmoopmgomknmb,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+lidnmohoigekohfmdpopgcpigjkpemll,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+lojgkcienjoiogbfkbjiidpfnabhkckf,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+looclnmoilplejheganiloofamfilbcd,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+mjchijabihjkhmmaaihpgmhkklgakinl,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+nchdkdaknojhpimbfbejfcdnmjfbllhj,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+nfhpojfdhcdmimokleagkdcbkmcgfjkh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+nlhocomjnfjedielocojomgfldbjmdjj,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+oanbpfkcehelcjjipodkaafialmfejmi,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+obbfndpanmiplgfcbeonoocobbnjdmdc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+obcfkcpejehknjdollnafpebkcpkklbl,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+obmbmalbahpfbckpcfbipooimkldgphm,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ocifcogajbgikalbpphmoedjlcfjkhgh,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+oehimkphpeeeneindfeekidpmkpffkgc,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ofdfbeanbffehepagohhengmjnhlkich,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ofpihhkeakgnnbkmcoifjkkhnllddbld,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ogjfhmgoalinegalajpmjoliipdibhdm,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+ojofdaokgfdlbeomlelkiiipkocneien,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+opooaebceonakifaacigffdhogdgfadg,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+peglehonblabfemopkgmfcpofbchegcl,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+pjjghngpidphgicpgdebpmdgdicepege,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+pjpjefgijnjlhgegceegmpecklonpdjp,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+pmhlkgkblgeeigiegkmacefjoflennbn,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+pnhjnmacgahapmnnifmneapinilajfol,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+poppendnaoonepbkmjejdfebihohaalo,"https://duo.com/labs/research/crxcavator-malvertising-2020"
+acdfdofofabmipgcolilkfhnpoclgpdd,"https://github.com/mallorybowes/chrome-mal-ids"
+aemaecahdckfllfldhgimjhdgiaahean,"https://github.com/mallorybowes/chrome-mal-ids"
+akdbogfpgohikflhccclloneidjkogog,"https://github.com/mallorybowes/chrome-mal-ids"
+aoeacblfmdamdejeiaepojbhohhkmkjh,"https://github.com/mallorybowes/chrome-mal-ids"
+aonedlchkbicmhepimiahfalheedjgbh,"https://github.com/mallorybowes/chrome-mal-ids"
+bhcpgfhiobcpokfpdahijhnipenkplji,"https://github.com/mallorybowes/chrome-mal-ids"
+bhfoemlllidnfefgkeaeocnageepbael,"https://github.com/mallorybowes/chrome-mal-ids"
+bmcnncbmipphlkdmgfbipbanmmfdamkd,"https://github.com/mallorybowes/chrome-mal-ids"
+ceoldlgkhdbnnmojajjgfapagjccblib,"https://github.com/mallorybowes/chrome-mal-ids"
+cgpbghdbejagejmciefmekcklikpoeel,"https://github.com/mallorybowes/chrome-mal-ids"
+chmaijbnjdnkjknoigffoohjhpejjppd,"https://github.com/mallorybowes/chrome-mal-ids"
+cjmpdadldchjmljhkigoeejegmghaabp,"https://github.com/mallorybowes/chrome-mal-ids"
+dambkkeeabmnhelekdekfmabnckghdih,"https://github.com/mallorybowes/chrome-mal-ids"
+dgjmdlifhbljhmgkjbojeejmeeplapej,"https://github.com/mallorybowes/chrome-mal-ids"
+dljdbmkffjijepjnkonndbdiakjfdcic,"https://github.com/mallorybowes/chrome-mal-ids"
+dppilebghcniomddkpphiminideiajff,"https://github.com/mallorybowes/chrome-mal-ids"
+eikbfklcjampfnmclhjeifbmfkpkfpbn,"https://github.com/mallorybowes/chrome-mal-ids"
+ejfajpmpabphhkcacijnhggimhelopfg,"https://github.com/mallorybowes/chrome-mal-ids"
+emechknidkghbpiodihlodkhnljplpjm,"https://github.com/mallorybowes/chrome-mal-ids"
+eoeoincjhpflnpdaiemgbboknhkblome,"https://github.com/mallorybowes/chrome-mal-ids"
+fbhbpnjkpcdmcgcpfilooccjgemlkinn,"https://github.com/mallorybowes/chrome-mal-ids"
+fgaapohcdolaiaijobecfleiohcfhdfb,"https://github.com/mallorybowes/chrome-mal-ids"
+fmfjhicbjecfchfmpelfnifijeigelme,"https://github.com/mallorybowes/chrome-mal-ids"
+gfjocjagfinihkkaahliainflifnlnfc,"https://github.com/mallorybowes/chrome-mal-ids"
+glgemekgfjppocilabhlcbngobillcgf,"https://github.com/mallorybowes/chrome-mal-ids"
+hajlccgbgjdcjaommiffaphjdndpjcio,"https://github.com/mallorybowes/chrome-mal-ids"
+hdbipekpdpggjaipompnomhccfemaljm,"https://github.com/mallorybowes/chrome-mal-ids"
+ibehiiilehaakkhkigckfjfknboalpbe,"https://github.com/mallorybowes/chrome-mal-ids"
+ickfamnaffmfjgecbbnhecdnmjknblic,"https://github.com/mallorybowes/chrome-mal-ids"
+iibnodnghffmdcebaglfgnfkgemcbchf,"https://github.com/mallorybowes/chrome-mal-ids"
+inlgdellfblpplcogjfedlhjnpgafnia,"https://github.com/mallorybowes/chrome-mal-ids"
+jhcfnojahmdghhebdaoijngclknfkbjn,"https://github.com/mallorybowes/chrome-mal-ids"
+jlkfgpiicpnlbmmmpkpdjkkdolgomhmb,"https://github.com/mallorybowes/chrome-mal-ids"
+klbibkeccnjlkjkiokjodocebajanakg,"https://github.com/mallorybowes/chrome-mal-ids"
+klejifgmmnkgejbhgmpgajemhlnijlib,"https://github.com/mallorybowes/chrome-mal-ids"
+klmjcelobglnhnbfpmlbgnoeippfhhil,"https://github.com/mallorybowes/chrome-mal-ids"
+lalpacfpfnobgdkbbpggecolckiffhoi,"https://github.com/mallorybowes/chrome-mal-ids"
+ldbfffpdfgghehkkckifnjhoncdgjkib,"https://github.com/mallorybowes/chrome-mal-ids"
+lfedlgnabjompjngkpddclhgcmeklana,"https://github.com/mallorybowes/chrome-mal-ids"
+lgjogljbnbfjcaigalbhiagkboajmkkj,"https://github.com/mallorybowes/chrome-mal-ids"
+lmcajpniijhhhpcnhleibgiehhicjlnk,"https://github.com/mallorybowes/chrome-mal-ids"
+lnocaphbapmclliacmbbggnfnjojbjgf,"https://github.com/mallorybowes/chrome-mal-ids"
+mbacbcfdfaapbcnlnbmciiaakomhkbkb,"https://github.com/mallorybowes/chrome-mal-ids"
+mdnmhbnbebabimcjggckeoibchhckemm,"https://github.com/mallorybowes/chrome-mal-ids"
+mdpgppkombninhkfhaggckdmencplhmg,"https://github.com/mallorybowes/chrome-mal-ids"
+mdpljndcmbeikfnlflcggaipgnhiedbl,"https://github.com/mallorybowes/chrome-mal-ids"
+miejmllodobdobgjbeonandkjhnhpjbn,"https://github.com/mallorybowes/chrome-mal-ids"
+mnafnfdagggclnaggnjajohakfbppaih,"https://github.com/mallorybowes/chrome-mal-ids"
+napifgkjbjeodgmfjmgncljmnmdefpbf,"https://github.com/mallorybowes/chrome-mal-ids"
+nilbfjdbacfdodpbdondbbkmoigehodg,"https://github.com/mallorybowes/chrome-mal-ids"
+njdkgjbjmdceaibhngelkkloceihelle,"https://github.com/mallorybowes/chrome-mal-ids"
+npdpplbicnmpoigidfdjadamgfkilaak,"https://github.com/mallorybowes/chrome-mal-ids"
+ojmbbkdflpfjdceflikpkbbmmbfagglg,"https://github.com/mallorybowes/chrome-mal-ids"
+oknpgmaeedlbdichgaghebhiknmghffa,"https://github.com/mallorybowes/chrome-mal-ids"
+olkpikmlhoaojbbmmpejnimiglejmboe,"https://github.com/mallorybowes/chrome-mal-ids"
+onbkopaoemachfglhlpomhbpofepfpom,"https://github.com/mallorybowes/chrome-mal-ids"
+oobppndjaabcidladjeehddkgkccfcpn,"https://github.com/mallorybowes/chrome-mal-ids"
+pcaaejaejpolbbchlmbdjfiggojefllp,"https://github.com/mallorybowes/chrome-mal-ids"
+pccfaccnfkjmdlkollpiaialndbieibj,"https://github.com/mallorybowes/chrome-mal-ids"
+pfnmibjifkhhblmdmaocfohebdpfppkf,"https://github.com/mallorybowes/chrome-mal-ids"
+pgjndpcilbcanlnhhjmhjalilcmoicjc,"https://github.com/mallorybowes/chrome-mal-ids"
+phoehhafolaebdpimmbmlofmeibdkckp,"https://github.com/mallorybowes/chrome-mal-ids"
+aeocankoflefcaiabdkdjkenofcpjagb,"https://github.com/uku/malicious-chrome-extensions"
+alddjbjplgobbllfolehibiclbhmomla,"https://github.com/uku/malicious-chrome-extensions"
+emmoddikhgncnaikamapbkggedoafomi,"https://github.com/uku/malicious-chrome-extensions"
+fmakoabecaggdofhohcdjiaifnkmpldj,"https://github.com/uku/malicious-chrome-extensions"
+gighmmpiobklfepjocnamgkkbiglidom,"https://blog.avast.com/greedy-cybercriminals-host-malware-on-github"
+acmnokigkgihogfbeooklgemindnbine,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+apgohnlmnmkblgfplgnlmkjcpocgfomp,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+apjnadhmhgdobcdanndaphcpmnjbnfng,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+bahkljhhdeciiaodlkppoonappfnheoi,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+bannaglhmenocdjcmlkhkcciioaepfpj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+bgffinjklipdhacmidehoncomokcmjmh,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+bifdhahddjbdbjmiekcnmeiffabcfjgh,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+bjpknhldlbknoidifkjnnkpginjgkgnm,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+blngdeeenccpfjbkolalandfmiinhkak,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ccdfhjebekpopcelcfkpgagbehppkadi,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+cceejgojinihpakmciijfdgafhpchigo,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+cebjhmljaodmgmcaecenghhikkjdfabo,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+chbpnonhcgdbcpicacolalkgjlcjkbbd,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+cifafogcmckphmnbeipgkpfbjphmajbc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+clopbiaijcfolfmjebjinippgmdkkppj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+cpgoblgcfemdmaolmfhpoifikehgbjbf,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+dcmjopnlojhkngkmagminjbiahokmfig,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+deiiiklocnibjflinkfmefpofgcfhdga,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+dipecofobdcjnpffbkmfkdbfmjfjfgmn,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+dopkmmcoegcjggfanajnindneifffpck,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+dopmojabcdlfbnppmjeaajclohofnbol,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+edcepmkpdojmciieeijebkodahjfliif,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ekbecnhekcpbfgdchfjcfmnocdfpcanj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+elflophcopcglipligoibfejllmndhmp,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+eogfeijdemimhpfhlpjoifeckijeejkc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fcobokliblbalmjmahdebcdalglnieii,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fgafnjobnempajahhgebbbpkpegcdlbf,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fgcomdacecoimaejookmlcfogngmfmli,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fgmeppijnhhafacemgoocgelcflipnfd,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fhanjgcjamaagccdkanegeefdpdkeban,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+flfkimeelfnpapcgmobfgfifhackkend,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fmahbaepkpdimfcjpopjklankbbhdobk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+foebfmkeamadbhjcdglihfijdaohomlm,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+fpngnlpmkfkhodklbljnncdcmkiopide,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gdifegeihkihjbkkgdijkcpkjekoicbl,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gfcmbgjehfhemioddkpcipehdfnjmief,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gfdefkjpjdbiiclhimebabkmclmiiegk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ggijmaajgdkdijomfipnpdfijcnodpip,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ghgjhnkjohlnmngbniijbkidigifekaa,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gllihgnfnbpdmnppfjdlkciijkddfohn,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gmmohhcojdhgbjjahhpkfhbapgcfgfne,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+gofhadkfcffpjdbonbladicjdbkpickk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+hapicipmkalhnklammmfdblkngahelln,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+hijipblimhboccjcnnjnjelcdmceeafa,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+hmamdkecijcegebmhndhcihjjkndbjgk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+hodfejbmfdhcgolcglcojkpfdjjdepji,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+hpfijbjnmddglpmogpaeofdbehkpball,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ianfonfnhjeidghdegbkbbjgliiciiic,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ibfjiddieiljjjccjemgnoopkpmpniej,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+inhdgbalcopmbpjfincjponejamhaeop,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+iondldgmpaoekbgabgconiajpbkebkin,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ipagcbjbgailmjeaojmpiddflpbgjngl,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jagbooldjnemiedoagckjomjegkopfno,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jdheollkkpfglhohnpgkonecdealeebn,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jfefcmidfkpncdkjkkghhmjkafanhiam,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jfgkpeobcmjlocjpfgocelimhppdmigj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jghiljaagglmcdeopnjkfhcikjnddhhc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jgjakaebbliafihodjhpkpankimhckdf,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jiiinmeiedloeiabcgkdcbbpfelmbaff,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jkdngiblfdmfjhiahibnnhcjncehcgab,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+jkofpdjclecgjcfomkaajhhmmhnninia,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+kbdbmddhlgckaggdapibpihadohhelao,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+keceijnpfmmlnebgnkhojinbkopolaom,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+khhemdcdllgomlbleegjdpbeflgbomcj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+kjdcopljcgiekkmjhinmcpioncofoclg,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+kjgaljeofmfgjfipajjeeflbknekghma,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+labpefoeghdmpbfijhnnejdmnjccgplc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lameokaalbmnhgapanlloeichlbjloak,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lbeekfefglldjjenkaekhnogoplpmfin,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lbhddhdfbcdcfbbbmimncbakkjobaedh,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ldoiiiffclpggehajofeffljablcodif,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lhjdepbplpkgmghgiphdjpnagpmhijbg,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ljddilebjpmmomoppeemckhpilhmoaok,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ljnfpiodfojmjfbiechgkbkhikfbknjc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lnedcnepmplnjmfdiclhbfhneconamoj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lnlkgfpceclfhomgocnnenmadlhanghf,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+loigeafmbglngofpkkddgobapkkcaena,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+lpajppfbbiafpmbeompbinpigbemekcg,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+majekhlfhmeeplofdolkddbecmgjgplm,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mapafdeimlgplbahigmhneiibemhgcnc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mcfeaailfhmpdphgnheboncfiikfkenn,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mgkjakldpclhkfadefnoncnjkiaffpkp,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mhinpnedhapjlbgnhcifjdkklbeefbpa,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mihiainclhehjnklijgpokdpldjmjdap,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mmkakbkmcnchdopphcbphjioggaanmim,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mopkkgobjofbkkgemcidkndbglkcfhjj,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+mpifmhgignilkmeckejgamolchmgfdom,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+nabmpeienmkmicpjckkgihobgleppbkc,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+nahhmpbckpgdidfnmfkfgiflpjijilce,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ncepfbpjhkahgdemgmjmcgbgnfdinnhk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+npaklgbiblcbpokaiddpmmbknncnbljb,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+npdfkclmbnoklkdebjfodpendkepbjek,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+nplenkhhmalidgamfdejkblbaihndkcm,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+oalfdomffplbcimjikgaklfamodahpmi,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+odnakbaioopckimfnkllgijmkikhfhhf,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+oklejhdbgggnfaggiidiaokelehcfjdp,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+omgeapkgiddakeoklcapboapbamdgmhp,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+oonbcpdabjcggcklopgbdagbfnkhbgbe,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+opahibnipmkjincplepgjiiinbfmppmh,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pamchlfnkebmjbfbknoclehcpfclbhpl,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pcfapghfanllmbdfiipeiihpkojekckk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pchfjdkempbhcjdifpfphmgdmnmadgce,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pdpcpceofkopegffcdnffeenbfdldock,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pgahbiaijngfmbbijfgmchcnkipajgha,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pidohlmjfgjbafgfleommlolmbjdcpal,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pilplloabdedfmialnfchjomjmpjcoej,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pklmnoldkkoholegljdkibjjhmegpjep,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pknkncdfjlncijifekldbjmeaiakdbof,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+plmgefkiicjfchonlmnbabfebpnpckkk,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+pnciakodcdnehobpfcjcnnlcpmjlpkac,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+ponodoigcmkglddlljanchegmkgkhmgb,"https://awakesecurity.com/wp-content/uploads/2020/06/GalComm-Malicious-Chrome-Extensions-Appendix-B.txt"
+acmnokigkgihogfbeooklgemindnbine,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+apgohnlmnmkblgfplgnlmkjcpocgfomp,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+apjnadhmhgdobcdanndaphcpmnjbnfng,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+bahkljhhdeciiaodlkppoonappfnheoi,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+bannaglhmenocdjcmlkhkcciioaepfpj,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+bgffinjklipdhacmidehoncomokcmjmh,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+bifdhahddjbdbjmiekcnmeiffabcfjgh,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+bjpknhldlbknoidifkjnnkpginjgkgnm,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+blngdeeenccpfjbkolalandfmiinhkak,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+ccdfhjebekpopcelcfkpgagbehppkadi,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+cceejgojinihpakmciijfdgafhpchigo,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+cebjhmljaodmgmcaecenghhikkjdfabo,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+chbpnonhcgdbcpicacolalkgjlcjkbbd,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+cifafogcmckphmnbeipgkpfbjphmajbc,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+clopbiaijcfolfmjebjinippgmdkkppj,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+cpgoblgcfemdmaolmfhpoifikehgbjbf,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+dcmjopnlojhkngkmagminjbiahokmfig,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+deiiiklocnibjflinkfmefpofgcfhdga,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+dipecofobdcjnpffbkmfkdbfmjfjfgmn,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+dopkmmcoegcjggfanajnindneifffpck,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+dopmojabcdlfbnppmjeaajclohofnbol,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+edcepmkpdojmciieeijebkodahjfliif,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+ekbecnhekcpbfgdchfjcfmnocdfpcanj,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+elflophcopcglipligoibfejllmndhmp,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+eogfeijdemimhpfhlpjoifeckijeejkc,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+fcobokliblbalmjmahdebcdalglnieii,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+fgafnjobnempajahhgebbbpkpegcdlbf,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+oiigbmnaadbkfbmpbfijlflahbdbdgdf,"https://heimdalsecurity.com/blog/malicious-chrome-extension/"
+andnkmffoleapmidfgnnjjoepadbiika,"https://www.gosecure.net/blog/2022/02/10/malicious-chrome-browser-extension-exposed-chromeback-leverages-silent-extension-loading/"
+adikhbfjdbjkhelbdnffogkobkekkkej,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
+flijfnhifgdcbhglkneplegafminjnhn,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
+gbnahglfafmhaehbdmjedfhdmimjcbed,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
+mmnbenehknklpbendgmgngeaignppnbe,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
+pojgkmkfincpdkdgjepkmdekcahmckjp,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
+dgiklkfkllikcanfonkcabmbdfmgleag,"Test Extension"
+fogppepbgmgkpdkinbojbibkhoffpief,"Test 2 Extension"
\ No newline at end of file

From ba8d115e89840d98a0ce296539668354ff038677 Mon Sep 17 00:00:00 2001
From: Mark McKinnon <mark.mckinnon@davenport.edu>
Date: Wed, 9 Nov 2022 14:31:10 -0500
Subject: [PATCH 03/11] create tsk_comment for malicious extension found

create tsk_comment for malicious extension found
---
 .../autopsy/recentactivity/Chromium.java      | 28 +++++--------------
 .../malicious_chrome_extensions.csv           |  2 --
 2 files changed, 7 insertions(+), 23 deletions(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
index 352e23e767..17b1c58740 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
@@ -107,7 +107,8 @@ class Chromium extends Extract {
     private static final String FAVICON_ARTIFACT_NAME = "TSK_FAVICON"; //NON-NLS
     private static final String LOCAL_STATE_ARTIFACT_NAME = "TSK_LOCAL_STATE"; //NON-NLS
     private static final String EXTENSIONS_ARTIFACT_NAME = "TSK_CHROME_EXTENSIONS"; //NON-NLS
-
+    private static final String MALICIOUS_EXTENSION_FOUND = "Malicious Extension Found - ";
+    
     private Boolean databaseEncrypted = false;
     private Boolean fieldEncrypted = false;
 
@@ -616,6 +617,11 @@ class Chromium extends Extract {
                 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
                         RecentActivityExtracterModuleFactory.getModuleName(), extension));
+                if (maliciousChromeExtensions.get(extension) != null) {
+                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
+                        RecentActivityExtracterModuleFactory.getModuleName(), 
+                        MALICIOUS_EXTENSION_FOUND + maliciousChromeExtensions.getOrDefault(extension, "No Source Identified")));
+                }
                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME,
                         RecentActivityExtracterModuleFactory.getModuleName(), extName));
                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DESCRIPTION,
@@ -637,26 +643,6 @@ class Chromium extends Extract {
                 } catch (TskCoreException ex) {
                     logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
                 }
-                
-                 if (maliciousChromeExtensions.get(extension) != null & art != null) {
-                    bbattributes = new ArrayList<>();
-                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ID,
-                        RecentActivityExtracterModuleFactory.getModuleName(), extension));
-                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
-                        RecentActivityExtracterModuleFactory.getModuleName(), 
-                        maliciousChromeExtensions.getOrDefault(extension, "No Source Identified")));
-                    try {
-                        bbartifacts.add(art.newAnalysisResult(
-                                BlackboardArtifact.Type.TSK_INTERESTING_ITEM, Score.SCORE_NOTABLE, 
-                                null, "Malicious Chrome Extensions", null, 
-                                bbattributes)
-                                .getAnalysisResult());
-                    } catch (TskCoreException ex) {
-                        logger.log(Level.SEVERE, String.format("Failed to create Extension artifact for file (%d)", extensionFile.getId()), ex);
-                    }
- 
-                 }
-
             }
 
             if (!context.dataSourceIngestIsCancelled()) {
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
index 401d8f5c5f..6459ce134c 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/malicious_chrome_extensions.csv
@@ -334,5 +334,3 @@ flijfnhifgdcbhglkneplegafminjnhn,"https://www.mcafee.com/blogs/other-blogs/mcafe
 gbnahglfafmhaehbdmjedfhdmimjcbed,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
 mmnbenehknklpbendgmgngeaignppnbe,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
 pojgkmkfincpdkdgjepkmdekcahmckjp,"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users"
-dgiklkfkllikcanfonkcabmbdfmgleag,"Test Extension"
-fogppepbgmgkpdkinbojbibkhoffpief,"Test 2 Extension"
\ No newline at end of file

From f0f26524843ae78fff961401212133db03fea895 Mon Sep 17 00:00:00 2001
From: eugene7646 <elivis@basistech.com>
Date: Tue, 23 May 2023 14:53:15 -0400
Subject: [PATCH 04/11] Revert "Lowercase the search term for UI"

---
 .../src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
index 144704a27e..cfc13f7bc9 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
@@ -244,7 +244,7 @@ class LuceneQuery implements KeywordSearchQuery {
         if (snippet != null) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW, MODULE_NAME, snippet));
         }
-        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD, MODULE_NAME, foundKeyword.getSearchTerm().toLowerCase()));
+        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD, MODULE_NAME, foundKeyword.getSearchTerm()));
         if (StringUtils.isNotBlank(listName)) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, listName));
         }

From f1def9cd32e42c3b035fe2c4eb3a8408498fabfe Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 24 May 2023 12:29:13 -0400
Subject: [PATCH 05/11] add-export for pasco

---
 .../src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
index 8630ecf09b..d492631ffe 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
@@ -413,6 +413,7 @@ class ExtractIE extends Extract {
             logger.log(Level.INFO, "Writing pasco results to: {0}", outputFileFullPath); //NON-NLS   
             List<String> commandLine = new ArrayList<>();
             commandLine.add(JAVA_PATH);
+            commandLine.add("--add-exports=java.xml/com.sun.org.apache.xalan.internal.xsltc.dom=ALL-UNNAMED");
             commandLine.add("-cp"); //NON-NLS
             commandLine.add(PASCO_LIB_PATH);
             commandLine.add("isi.pasco2.Main"); //NON-NLS

From a08b04451365164cc774f84fb87559846dbf7dc2 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 24 May 2023 14:04:53 -0400
Subject: [PATCH 06/11] sqlite version updates

---
 Core/build.xml                              | 4 ++--
 Core/nbproject/project.properties           | 2 +-
 Core/nbproject/project.xml                  | 4 ++--
 ImageGallery/nbproject/project.properties   | 2 +-
 ImageGallery/nbproject/project.xml          | 4 ++--
 RecentActivity/nbproject/project.properties | 2 +-
 RecentActivity/nbproject/project.xml        | 4 ++--
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Core/build.xml b/Core/build.xml
index dc10c1c19c..5b8a4aec61 100644
--- a/Core/build.xml
+++ b/Core/build.xml
@@ -134,8 +134,8 @@
         <property environment="env"/>
         <copy file="${env.TSK_HOME}/bindings/java/dist/sleuthkit-${TSK_VERSION}.jar" 
               tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
-        <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.36.0.3.jar"
-              tofile="${ext.dir}/sqlite-jdbc-3.36.0.3.jar"/>
+        <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.42.0.0.jar"
+              tofile="${ext.dir}/sqlite-jdbc-3.42.0.0.jar"/>
 		<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.3.5.jar" 
               tofile="${ext.dir}/postgresql-42.3.5.jar"/>
         <copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.5.jar"
diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index a7ccabca45..1ef54eac7f 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -83,7 +83,7 @@ file.reference.sleuthkit-caseuco-4.12.0.jar=release/modules/ext/sleuthkit-caseuc
 file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
 file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
 file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
-file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
+file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
 file.reference.txw2-2.3.3.jar=release/modules/ext/txw2-2.3.3.jar
 file.reference.xalan-2.7.2.jar=release/modules/ext/xalan-2.7.2.jar
 file.reference.xml-apis-1.4.01.jar=release/modules/ext/xml-apis-1.4.01.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index 8f8400bdc5..97a3e8b00a 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -709,8 +709,8 @@
                 <binary-origin>release/modules/ext/spotbugs-annotations-4.6.0.jar</binary-origin>
             </class-path-extension>
             <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
+                <runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
             </class-path-extension>
             <class-path-extension>
                 <runtime-relative-path>ext/txw2-2.3.3.jar</runtime-relative-path>
diff --git a/ImageGallery/nbproject/project.properties b/ImageGallery/nbproject/project.properties
index 3ae24ff4ac..d9bd5f605c 100644
--- a/ImageGallery/nbproject/project.properties
+++ b/ImageGallery/nbproject/project.properties
@@ -1,4 +1,4 @@
-file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
+file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
 javac.source=17
 javac.compilerargs=-Xlint -Xlint:-serial
 license.file=LICENSE-2.0.txt
diff --git a/ImageGallery/nbproject/project.xml b/ImageGallery/nbproject/project.xml
index 18ec9ec6a1..7a505d2ea6 100644
--- a/ImageGallery/nbproject/project.xml
+++ b/ImageGallery/nbproject/project.xml
@@ -142,8 +142,8 @@
             </module-dependencies>
             <public-packages/>
             <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
+                <runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
             </class-path-extension>
         </data>
     </configuration>
diff --git a/RecentActivity/nbproject/project.properties b/RecentActivity/nbproject/project.properties
index d7078e6616..1727284eb3 100644
--- a/RecentActivity/nbproject/project.properties
+++ b/RecentActivity/nbproject/project.properties
@@ -1,6 +1,6 @@
 javac.source=17
 file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
-file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
+file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
 javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml
index a9b830a4cd..bf1d1df30b 100644
--- a/RecentActivity/nbproject/project.xml
+++ b/RecentActivity/nbproject/project.xml
@@ -88,8 +88,8 @@
                 <binary-origin>release/modules/ext/Rejistry-1.1-SNAPSHOT.jar</binary-origin>
             </class-path-extension>
             <class-path-extension>
-                <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
+                <runtime-relative-path>ext/sqlite-jdbc-3.42.0.0.jar</runtime-relative-path>
+                <binary-origin>release/modules/ext/sqlite-jdbc-3.42.0.0.jar</binary-origin>
             </class-path-extension>
         </data>
     </configuration>

From 839b91ec98778bf4be316d0760e2dae3a5778bde Mon Sep 17 00:00:00 2001
From: eugene7646 <elivis@basistech.com>
Date: Wed, 24 May 2023 20:52:54 -0400
Subject: [PATCH 07/11] Revert "Revert "Lowercase the search term for UI""

---
 .../src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
index cfc13f7bc9..144704a27e 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
@@ -244,7 +244,7 @@ class LuceneQuery implements KeywordSearchQuery {
         if (snippet != null) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW, MODULE_NAME, snippet));
         }
-        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD, MODULE_NAME, foundKeyword.getSearchTerm()));
+        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD, MODULE_NAME, foundKeyword.getSearchTerm().toLowerCase()));
         if (StringUtils.isNotBlank(listName)) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, listName));
         }

From 9eca59463196ff8638f32640df169dba05aa9a15 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Fri, 26 May 2023 10:10:14 -0400
Subject: [PATCH 08/11] regression test fix

---
 test/script/regression.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/script/regression.py b/test/script/regression.py
index e898bec3e5..89054fe019 100644
--- a/test/script/regression.py
+++ b/test/script/regression.py
@@ -464,6 +464,7 @@ class TestRunner(object):
         test_data.ant.append("regression-test")
         test_data.ant.append("-l")
         test_data.ant.append(test_data.antlog_dir)
+        test_data.ant.append("-J--add-opens=java.base/java.security=ALL-UNNAMED")
         test_data.ant.append("-Dimg_path=" + test_data.image_file)
         test_data.ant.append("-Dknown_bad_path=" + test_config.known_bad_path)
         test_data.ant.append("-Dkeyword_path=" + test_config.keyword_path)

From fd386969d82aecb5c432b74110b4a5cbc3c8643e Mon Sep 17 00:00:00 2001
From: "eugene.livis" <elivis@basistech.com>
Date: Fri, 26 May 2023 10:38:12 -0400
Subject: [PATCH 09/11] Bug fix that resulted in Indexed Tab being disabled

---
 .../src/org/sleuthkit/autopsy/keywordsearch/Ingester.java        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
index b1a32769e4..6d9875d433 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
@@ -265,6 +265,7 @@ class Ingester {
                         }   
                     } else {
                         indexChunk(chunk, sourceID, sourceName, language, contentFields, chunker.hasNext());
+                        fileIndexed = true;
                     }
                 } 
                                 

From 2d8b2d7d7edbbee2a154ed0cb36bbed27f185fd2 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Fri, 26 May 2023 11:25:09 -0400
Subject: [PATCH 10/11] fixes

---
 Testing/build.xml                                              | 1 +
 .../src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java    | 3 ++-
 test/script/regression.py                                      | 1 -
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Testing/build.xml b/Testing/build.xml
index eea244f7ef..8fd1aaa89c 100644
--- a/Testing/build.xml
+++ b/Testing/build.xml
@@ -58,6 +58,7 @@
                 <classpath refid="test.classpath"/>
                 <syspropertyset refid="test.@{test.type}.properties"/>
                 <jvmarg line="${test.bootclasspath.prepend.args}"/>
+                <jvmarg line="--add-opens=java.base/java.security=ALL-UNNAMED"/>
                 <jvmarg line="${test.run.args}"/>
                 <!--  should be in sync with project.properties and build.xml of autopsy main project -->
                 <!-- disable for now, causes issues with Java 7 -->
diff --git a/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java b/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java
index dd7593eceb..1507e14792 100644
--- a/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java
+++ b/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java
@@ -68,6 +68,7 @@ import org.netbeans.jemmy.operators.JLabelOperator;
 import org.netbeans.jemmy.operators.JListOperator;
 import org.netbeans.jemmy.operators.JTabbedPaneOperator;
 import org.netbeans.jemmy.operators.JTableOperator;
+import org.netbeans.jemmy.operators.JTextAreaOperator;
 import org.netbeans.jemmy.operators.JTextFieldOperator;
 import org.netbeans.jemmy.operators.JToggleButtonOperator;
 import org.netbeans.jemmy.operators.JTreeOperator;
@@ -438,7 +439,7 @@ public class AutopsyTestCases {
             jbo1.pushNoBlock();
             JDialog previewDialog = JDialogOperator.waitJDialog("Progress", false, false);
             JDialogOperator previewDialogOperator = new JDialogOperator(previewDialog);
-            JLabelOperator.waitJLabel(previewDialog, "Complete", false, false);
+            JTextAreaOperator.waitJTextArea(previewDialog, "Complete", false, false);
             JButtonOperator jbo2 = new JButtonOperator(previewDialogOperator, "Close");
             jbo2.pushNoBlock();
             new Timeout("pausing", 10000).sleep();
diff --git a/test/script/regression.py b/test/script/regression.py
index 89054fe019..e898bec3e5 100644
--- a/test/script/regression.py
+++ b/test/script/regression.py
@@ -464,7 +464,6 @@ class TestRunner(object):
         test_data.ant.append("regression-test")
         test_data.ant.append("-l")
         test_data.ant.append(test_data.antlog_dir)
-        test_data.ant.append("-J--add-opens=java.base/java.security=ALL-UNNAMED")
         test_data.ant.append("-Dimg_path=" + test_data.image_file)
         test_data.ant.append("-Dknown_bad_path=" + test_config.known_bad_path)
         test_data.ant.append("-Dkeyword_path=" + test_config.keyword_path)

From 553ca57c2cd1ebf4ae74a159252b46cd2efc9e43 Mon Sep 17 00:00:00 2001
From: "eugene.livis" <elivis@basistech.com>
Date: Tue, 30 May 2023 09:16:31 -0400
Subject: [PATCH 11/11] Fix

---
 .../autopsy/keywordsearch/Server.java         | 28 +++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
index 7d68bcbf3f..d54d6964dd 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
@@ -2513,11 +2513,29 @@ public class Server {
          * @throws SolrServerException
          */
         private int queryNumFileChunks(long contentID) throws SolrServerException, IOException {
-            String id = KeywordSearchUtil.escapeLuceneQuery(Long.toString(contentID));
-            final SolrQuery q
-                    = new SolrQuery(Server.Schema.ID + ":" + id + Server.CHUNK_ID_SEPARATOR + "*");
-            q.setRows(0);
-            return (int) query(q).getResults().getNumFound();
+            final SolrQuery q = new SolrQuery();
+            q.setQuery("*:*");
+            String filterQuery = Schema.ID.toString() + ":" + KeywordSearchUtil.escapeLuceneQuery(Long.toString(contentID));
+            q.addFilterQuery(filterQuery);
+            q.setFields(Schema.NUM_CHUNKS.toString());
+            try {
+                SolrDocumentList solrDocuments = query(q).getResults();
+                if (!solrDocuments.isEmpty()) {
+                    SolrDocument solrDocument = solrDocuments.get(0);
+                    if (solrDocument != null) {
+                        Object fieldValue = solrDocument.getFieldValue(Schema.NUM_CHUNKS.toString());
+                        return (Integer)fieldValue;
+                    }
+                } 
+            } catch (Exception ex) {
+                // intentional "catch all" as Solr is known to throw all kinds of Runtime exceptions
+                logger.log(Level.SEVERE, "Error getting content from Solr. Solr document id " + contentID + ", query: " + filterQuery, ex); //NON-NLS
+                return 0;
+            }
+            
+            // ERROR: we should never get here
+            logger.log(Level.SEVERE, "Error getting content from Solr. Solr document id " + contentID + ", query: " + filterQuery); //NON-NLS
+            return 0;
         }
     }