ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

Transcription

1 ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

2 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Networking: Spreading: System Summary: Malware Analysis System Evasion: Hooking and other Techniques for Hiding and Protection: Language, Device and Operating System Detection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshot Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets ICMP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Copyright Joe Security LLC 2018 Page 2 of 56

3 Statistics Behavior System Behavior Analysis Process: iexplore.exe PID: 2304 Parent PID: 544 General File Activities Registry Activities Analysis Process: ie4uinit.exe PID: 2328 Parent PID: 2304 General File Activities File Created Registry Activities Key Value Created Analysis Process: iexplore.exe PID: 2544 Parent PID: 2304 General File Activities Registry Activities Analysis Process: ssvagent.exe PID: 2488 Parent PID: 2544 General Registry Activities Disassembly Code Analysis Copyright Joe Security LLC 2018 Page 3 of 56

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 16:56:06 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 5m 56s light browseurl.jbs licensecentral-bbio.bruker.de/get.php?bindingcmact id=0002&bindingname=bruker_bbio_wmlv Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 8 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Detection: Classification: HCA enabled EGA enabled HDC enabled CLEAN clean2.win@7/58@1/2 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Cookbook Comments: Failed Failed Adjust boot time Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Browsing link: Copyright Joe Security LLC 2018 Page 4 of 56

5 Warnings: Show All Exclude process from analysis (whitelisted): WmiApSrv.exe, dllhost.exe Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold Classification Copyright Joe Security LLC 2018 Page 5 of 56

6 Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample searches for specific file, try point organization specific fake files to the analysis machine Signature Overview Networking Spreading Summary System Analysis System Evasion Malware and other Techniques for Hiding and Protection Hooking Language, Device and Operating System Detection Copyright Joe Security LLC 2018 Page 6 of 56

7 Click to jump to signature section Networking: Downloads compressed data via HTTP Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Posts data to webserver Urls found in memory or binary data Social media urls found in memory data Spreading: Enumerates the file system System Summary: Found GUI installer (many successful clicks) Found graphical window changes (likely an installer) Uses new MSVCR Dlls Binary contains paths to debug symbols Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Writes ini files Searches the installation path of Mozilla Firefox Malware Analysis System Evasion: Enumerates the file system Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Language, Device and Operating System Detection: Queries the volume information (name, serial number etc) of a device Behavior Graph Copyright Joe Security LLC 2018 Page 7 of 56

8 Behavior Graph ID: URL: licensecentral-bbio.bruker.de/get.php?bindingcmactid= Startdate: 13/02/2018 Architecture: WINDOWS Score: 2 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend licensecentral-bbio.bruker.de iexplore.exe started Number of created Registry Values Number of created Files Visual Basic Delphi Java.Net C# or VB.NET started started C, C++ or other language Is malicious iexplore.exe ie4uinit.exe , 49358, 50865, 53 GOOGLE-GoogleIncUS United States licensecentral-bbio.bruker.de , 49185, 49186, BTGB Germany started ssvagent.exe 6 Simulations Behavior and APIs Time Type Description 16:56:27 API Interceptor 2187x Sleep call for process: iexplore.exe modified from: 60000ms to: 100ms Antivirus Detection Initial Sample No Antivirus matches Dropped Files No Antivirus matches Domains No Antivirus matches Copyright Joe Security LLC 2018 Page 8 of 56

9 Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshot Copyright Joe Security LLC 2018 Page 9 of 56

10 Startup System is w7 cleanup iexplore.exe (PID: 2304 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding CA1F703CD665867E8132D2946FB55750) ie4uinit.exe (PID: 2328 cmdline: 'C:\Windows\System32\ie4uinit.exe' -ShowQLIcon 184C8F06D CDA3954C489A36) iexplore.exe (PID: 2544 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:2304 CREDAT: /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 2488 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A FD1E655B75B63B9083B7) Created / dropped Files C:\Users\ANNEBO~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): DE12F706A67160B97FC275D3855B014D 8C7F6E9A0C909FEC0CC6F5DE8D3E68872B1A9A3E E5CEAC58CC4E3CDFCE A6F7AC597B9366BCE0051CE7604B E B34A7F15BC0FD868E15FBAF650E8175AE978069F2CCA4D206ED3AAC43856C99D6FD E9ADDDA78AEE0A4 1D56D32D5A A68C452CBD2CC60364E670 Copyright Joe Security LLC 2018 Page 10 of 56

11 C:\Users\ANNEBO~1\AppData\Local\Temp\KnoDA9E.tmp Size (bytes): XML document text Entropy (8bit): D D31D1E7C57990CC A28EC731F9106C252F313CCA349A68EF94EE3DE9 1E2E25BF730FF20C89D57AA38F7F34BE E8279B20127D0014DD27B743F 689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D AD3FE E687AA9AD7D94468F9F57A4CC 19842D53A9CD2F17758BDADF0503DF63629C6 C:\Users\ANNEBO~1\AppData\Local\Temp\wwwCEF2.tmp Size (bytes): 324 ASCII text, with CRLF line terminators Entropy (8bit): DDF93B98C5AE2C79C09BFA D 71BA59BB8429DFA73A5DD73502E0098A6308CF1E F5E35EA56DBF3FDB1A6EDC8C4B26B170FE9512F8DDDAE56353B5DD03D6FB1386 5EA667BE4746FAF1AF72149D2C18B3BE72C7379ABE95E42140C266B531D6E2FAF4ECD9F8C31B03F82AA578240A AC863E2EAFBD B CD862 C:\Users\ANNEBO~1\AppData\Local\Temp\wwwCF11.tmp Size (bytes): 411 ASCII text, with CRLF line terminators Entropy (8bit): D8EF58C50B63649CA2A11A6DD21CA FF65A43FC6514B94D815E123DCC87543DFEB3509 A0E D382B06CDF904BB849EA9C84A19C22B7380F F07279D9234D17C8D2F890F18D6D07A64F22002B39B51956F2DAFD38D6EF46C261B7F756B858108CC996A95A7C E92F8AD08ADABF996B81291E49CD247D32AE0 C:\Users\ANNEBO~1\AppData\Local\Temp\wwwCF26.tmp Size (bytes): 452 Entropy (8bit): ASCII text, with CRLF line terminators 431CE3C728B963E531AC57ED03AD7885 4E59DD95CB200BD87778F26DE2C078D943BD B92D61A40EC12A97B69BFD EEEFBB07CD5C91BD5F4C3A1FAF6A64F1 7F0A79E04A7C B54E38E3377E041B221E7A891278ADA5ECEFE2367AB728F8FE3F5A71DA1815C23800CC5 028BFCB6B3A D5DD732D05DEEC11B C:\Users\ANNEBO~1\AppData\Local\Temp\wwwD90D.tmp Size (bytes): 752 ASCII text, with CRLF line terminators Entropy (8bit): BDCC6FFB83C24153C5FF45FF8 5753D953EDA2ADA640779E282C19E37F159AED09 A7F9A28D672F9F78C0F950F0262EE8AF2DFDD6E31AE3881C2038D A4B9 BED2B D8082C48D8CB4C45FC185AF94FAFF8DA00FC3C10CFBC711408FC5CDE1118E67D7483FE C892E00FB11232D9BE9207B252E70DBB C:\Users\ANNEBO~1\AppData\Local\Temp\wwwD90D.tmp:favicon PNG image data, 16 x 16, 4-bit colormap, non-interlaced Copyright Joe Security LLC 2018 Page 11 of 56

12 C:\Users\ANNEBO~1\AppData\Local\Temp\wwwD90D.tmp:favicon Size (bytes): 474 Entropy (8bit): B296C9568BE4B40F DA56A3CE F4B7D1E31B78D81A F951E27745CE921CB 27D67BA98E8641B6A8B5BB9CCDA13FAB5B0E0C8D231311BD39C4915DC71B3159 AF25BC3A74CF1B4F914BB54D65A834020CF81DF369B6892E546EF51DB5A58769B44BA2E33C7B29C3D4B23454F7 5007E9EB88F454CF51459DB2099F361E3272A9 C:\Users\ANNEBO~1\AppData\Local\Temp\~DF02EF724DA8EB4135.TMP data Size (bytes): Entropy (8bit): B1381E53760CD922AFDD650D91CD8CB 0970FCD548FA515646C63E38768CC9FF9782C531 F53A8EDF1C883CA2999F3A64658A49D451E5023A56AF9742AF6B673405D9C514 B9AA02865B9DC10A650D6077D703D93720A39EC16BBF076DBF1B6E809299A A47A F3C3 178E743B887A242D5D3A725EE7781E81B5FF C:\Users\ANNEBO~1\AppData\Local\Temp\~DF ADB.TMP data Size (bytes): Entropy (8bit): AFEFC8697A05707C06D6A907253B1 0179B6E9AD756BCA5708FDBA86EEF4EEA FBE407FE8797C6A54468CE934EA4C9A1A07D0A9D93F7161FE182ED6CB 1258B75DDBA4F2F961BCA28210B169991B06A5B4F71661F9A500DF3B108210DB3460F388A0C4A7A2C269A1C1724 9C95C11B32301DD D BDCB6 C:\Users\ANNEBO~1\AppData\Local\Temp\~DFFEDDD0135C25182E.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): FC29DF138DD2A9021A2E6632AFF5361B 6617F2A24BD860760B4E23B532B36E0150FDC51F EEADEE CFE03E686EE3E230235E4A652693BD50D E F248110AFA82B21A29BC796507F739A8894AB2F757FFE531AA AA9A9B7E56C56301C382BCAA1BDCE22 F321E8603B0B488FD6DCB82E268D75FC1D28CF C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA9 911FE760A9B data Size (bytes): 1831 Entropy (8bit): A4A049F9A2E01C6D622BC45E7E9B96DF D27408E62EB6BF544BA8AB440CEDF82A9 C7486D0C177889AF7E8B059C34120F4E1B20D61C B8A2D01A360FD4 AAC A4C5A52B0B44F827377CC628D900442A91F0C7F2925F2E9931D645CA8A A67939C F8A66747B98EF65892E9CE64AF1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E0 4 data Copyright Joe Security LLC 2018 Page 12 of 56

13 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E0 4 Size (bytes): 471 Entropy (8bit): B93B055F18ED02AC BFA E49C843005A144BE3DE9485B1F9BC4E5A9126D A2649B55B45DF55AC2A B428AD312A749BDA88AA21B6C800DCE6AD4CED 1A7E8C92A1516E9B2E224E239C29EA395C615585A429B5FDF66B794DBBE6336C2BCE435ACD4F145563E5ACB4E DDBE001566E1BB345BF9F6F5EAE0341B9AAB2A6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50D6B15D9F2DCE1EDBB0C098625FBE47_281AC807DE0FEF15F2CA 9911FE760A9B data Size (bytes): 972 Entropy (8bit): FFF41AC301090F5D0FDEF836581F032D 8DD906DB4E338D50331A76B71AF85EF322DD697E 6ED37FE7914FE66A91A77E60E1B5626CE B1FF63B38EB9F6159E67D9 3A9E7437AD343F1AE153E7C0D9F4B90569C33E89543D94C84EF0D042CDFD01DDF9A70836BE6285C95D C6F3AE04A4EF4D5F0B988B6A6EAF572BAB8F C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 340 Entropy (8bit): CA45368A255B607D2CA60911D41FFA1 1335F29D04E8D462A449AA881B13CC666322ACC6 130A63293BC1B67BC E49CA70988FBE97E98C9B56AF847D7A44F5F9E 1ED DD37D9C1D976C44AB40D03AEA75368CACFC412C87BEB443F8F22FB757C28303D2C29D990AA E8EC20A5C0EE8FEEF0C5D4A9063DAADC3B8 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E04 data Size (bytes): 868 Entropy (8bit): C172CEA40F33C105C4CB80AA3AE7E9C 070BEA8EC AB89A D30AEC2EC B1A08C967A8B7A682A9BE5E4410C E1691B60F3D363AEB8EADF9FD0509 1AE9DD C8DB6CFB88EF1744FEBE BE37E670C18FC8B3B3DDB8AACFBABED35C38A9C37BCFF8 C8CF4F480506F7C8EDF87EA689C B0C1F C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D f-A0FF-E1416B8B2E3A}.ico Size (bytes): 474 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced B296C9568BE4B40F DA56A3CE F4B7D1E31B78D81A F951E27745CE921CB 27D67BA98E8641B6A8B5BB9CCDA13FAB5B0E0C8D231311BD39C4915DC71B3159 AF25BC3A74CF1B4F914BB54D65A834020CF81DF369B6892E546EF51DB5A58769B44BA2E33C7B29C3D4B23454F7 5007E9EB88F454CF51459DB2099F361E3272A9 Copyright Joe Security LLC 2018 Page 13 of 56

14 C:\Users\user\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms data Size (bytes): Entropy (8bit): F3A3675FE871ABAE40C31C72D9B4F483 7B50FABCC1774D17C935DA1FA6ED2FE DB7AC85385A3E38CCC921D3D18A580A923B8F D952D41A4C067BD32C1 A64A5C096AC6B01E720679AC96519C4E9E3C1CFBD CA3EAA87A81B8FBDD53689A9D04478D4BFAAE70 F85084BAF5E43F3D99B91BAA97C38F C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms Size (bytes): Entropy (8bit): Composite Document File V2 Document, No summary info 521EBD3AB895FA5743EEFBBDF4F7009D A07F3B A25CC ADD66D8A FB401967A9BD673C15BF3B23989BAFC9150B0AA BDDE8 FAD420B6104CA5D0B911563ABFCD A0B9FC704BB9CCC4B49CDB1C9153AA081E D8EF16B53DC0 4B14265E7460E2B582A3C4DFB6D7D32FBE5ACED C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1 data Size (bytes): Entropy (8bit): A34CB996293FDE2CB7A4AC A 3C96C D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D F E70F68B1BE6FD0CA65DCCF4FF D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7281E8D1-10D6-11E8-A469-AE5BC7F122F5}.dat Size (bytes): Microsoft Word Document Entropy (8bit): F33EABDDE6E389CD8221E A5A EBDD05C5BBC2A1E02AF5BE5A9BCAF48AC84BDA1F 7FFAE15ADE40757FB3F4EA3254C9F6FAAA1B6B08F2C0D01E B47602 E99EFBF6B20C510AC27BD21D B2A9C6AF2EC30A4D03C3BE9F C7552D8AC25BBCCD86BE B2076A230A6F8B80AB6DEC540D3ED8C9C7C95C4 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7281E8D3-10D6-11E8-A469-AE5BC7F122F5}.dat Size (bytes): Microsoft Word Document Entropy (8bit): FA21250CD92A3F51E78FD2C9467B2C 3C69E979A1555E4F4C4BD1D52CE5FADB E0B366C39562B85328AB1A3348AC63E61D F37592CF0620BAB4D08DB7C 156F6374DA078B592CF4A918B C1DA147D64D657BC68A020BA003A B07855A16FAE CA78819CD1A90D15AC1C815E30B151BBE683 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7EE19C89-10D6-11E8-A469-AE5BC7F122F5}.dat Microsoft Word Document Copyright Joe Security LLC 2018 Page 14 of 56

15 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7EE19C89-10D6-11E8-A469-AE5BC7F122F5}.dat Size (bytes): Entropy (8bit): E5AD3DC90D0512BF93B548BE5EED D C24E98182AB9CCF61844BD07F49 0C4A4FC5C8031A67F74FD7E6106DA080ACF707149EB1EB9B7371A924F5A4C121 F B5ECE2ED435B8F768CD8530BAFE558DB4F19E4445E47DAAD58F2243E676371EAA3D508DAC6DD BB253772CBE432B5ABC8ED09DB446503C84B6 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin \msapplication.xml Size (bytes): 708 XML document text Entropy (8bit): CD1F9DDDC4A9117EC5FE0A8E8A19BB1 4BB0FB7A6E9FF773FDB1C8E9E9023E6D56E8273B B A49EA45DAF87C645A88F2B169B2FD6647ABCC4BE95A468F12205D F75E6EE6F12F38A631E22D999A5A50EE51A B79E67DBBCD0F65A2638C9B070BC8C1B0D3A86436 A4055A4FAD824039BDA3278B0C90F5266E2681 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\rs8ypcq\imagestore.dat data Size (bytes): 726 Entropy (8bit): F303046F4F2550B8D0C058DE59 53C7CDE200B2DEBF31E7D758693BFFA354852A38 AE1C44A5F CD6846FB656CB0C32919FEF608A23A689EA9908DE06C2B5A C415F325BFA2643AD4EDF17C4A021A6DEDAD5F68A192EC296A1C1835E26693AA55752B87DDE1577E2F4D3D8157 DF0125FD7D05A3AD904C02D432CDABA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\design[1].css Size (bytes): ASCII text, with CRLF line terminators Entropy (8bit): E0741C5F94282DE51FDCE46C69F3C1A1 0F94404B E3F039AE4DE3C3973AEE CBABE259CC42E3E06EC CEF4B31429C49407D299C4F28AA8283 2DF383D7CF96166C07DF5E046A447FAECFC68DE3A70BAA5142B89EB3E1E6C504092E E09251C3A16E49 342FDA5830EBBE4600CD845B0812C0C3E62BFB C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\favicon[1].ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\index[1].htm HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators Size (bytes): 5936 Copyright Joe Security LLC 2018 Page 15 of 56

16 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\index[1].htm Entropy (8bit): A68FE412491D62BDA48CAB2A5D656D0A CB3D4F7E7BC9484E4064B EC4A F802EAFBE77CD78ABA3CAF801AE BB9A97BBE050B8A8CEDC0E55C8F0 A8E027E05B6B17F0B3EE8DCEFAA57AEC4B7FF718E0E2533BD8599B7F799CDA2CCDB3CC13957BD00200B6D562 D3EF0519FBA3EFBE3E5301B364974BEFD5A22459 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\index[2].htm Size (bytes): 2968 Entropy (8bit): HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators 3E6C818F000EF00B64A8FD54F1C3ACC6 F5A0827A828BF3B8F0DD1E50BB02651DD38BD5E8 A15BA6014F6B8B649A31C42211B3D71244F763ABD0C587D4853B1F8CDDC5F17F 8C D2A359C2521E58C01098AB D5BD88D128C7E9240F90CD4C3B0A998FB052FB1F2C95D687410E A1732EAE156E6F07C709CB51CED3A28F7732F C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\index[3].htm Size (bytes): Entropy (8bit): HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators D0A23526DFF8FC57F52EA3A735179AC5 B9B3CB137BEE4E108A194D1690AC70F8A8AE74FF 46AD6F403C4C833A5BB62889FA402E EF40BDE105A7943B47424E28C79 E17882A9B560D00C8A6723F21257EA15225E594ECBB55692E179D1B6FF1F614C1CE8BB1EC85D4196C2ABBF02E5 A7C435CBBD8D25031AAF DFC93D1C7 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\index[4].htm Size (bytes): Entropy (8bit): HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators F4D1ADD0B78C1316EBEA3E B5E FEEDACED57A569694E3A576BDAEB26C3EFDF D07C182ECA5F4BD72A62BA0A14842B41FB7E862DAD80F73697B29312E33 7F548AE3688D358709B8169FCEE6499AB9A59FB445D57F8927A59CD6E23676C E6495D8B61AE6F41A44B7 74AAD7D14C933AA48BB1F57499CE545F76687 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\it[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 876 Entropy (8bit): C0F57D88A761AAEAB39F5EF3ED C7B976D CEA2A7C3B539CAEEBF D76688BF726FB1C071BB477F0209E553811FB8D702D05D278E3D57EBB9F3FB1E 8181D8BED359A4F9ACD747EAA6D485BE772844E1A8447BF50A97DFAE71117B9A264EC129895EFDC7C76517CF F2062C8D4616DA52C3C705A4E6A764DE5 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\known_providers_download_v1[1].xml XML document text Size (bytes): Entropy (8bit): Copyright Joe Security LLC 2018 Page 16 of 56

17 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\known_providers_download_v1[1].xml 002D D31D1E7C57990CC A28EC731F9106C252F313CCA349A68EF94EE3DE9 1E2E25BF730FF20C89D57AA38F7F34BE E8279B20127D0014DD27B743F 689E90E7D83EEF054A168B98BA2B8D05AB6FF8564E199D AD3FE E687AA9AD7D94468F9F57A4C C19842D53A9CD2F17758BDADF0503DF63629C6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I429C6Y\nl[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 121 Entropy (8bit): A7B31D353D27001A34899B580B06C2 376C7AA48A18CECBF59C90A A B D2BABF3D524ACF8AD4A4629A713F7C B1CA5257 D820770AA D22729CA33862FC D201B1BA244CE9ADAC3AA5B3E220CD098DA150D864DA55 636F99609A442D492B021AB504FFE46A72503 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\btnTemplate[1].gif GIF image data, version 89a, 1 x 22 Size (bytes): 823 Entropy (8bit): FD531651FEDC62623D5F03AA310EF79 DE38EC7AB043612D32FD1957AE9AD4D1EEC4CB2A 7B57A756DD2B1C F26B837C7BD43DF24F7747F1B7673B870B6288F2 93FFDE100B7EB46BAC E35BE78353E8BF939D8FFDC3A58EAAE6DCE8EAEAC7B86A5F629497A0DA6BDB 8674F85E5AAA5583E41FD506942A7CC587962E5A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\favicon[1].ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\fr[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 130 Entropy (8bit): EFA1EE3925D49076C A 733BD1B91B3E E6D619AB325B5FCEBFED B ABB0BF089ABD072124EE5B1A98CE4C53BD2DC420AF55A71ADBAF2B42 9EF6A650EFCE53CD81F951BE7D0936FCAD81B76523D52881B3C7D5E939A7B8BA8F667F FBC41B70753 C5F21B95F3A3B265544B0575FB25B7B151B76E C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\navigation[1].gif GIF image data, version 89a, 1 x 22 Size (bytes): 823 Entropy (8bit): Copyright Joe Security LLC 2018 Page 17 of 56

18 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\navigation[1].gif 1FD531651FEDC62623D5F03AA310EF79 DE38EC7AB043612D32FD1957AE9AD4D1EEC4CB2A 7B57A756DD2B1C F26B837C7BD43DF24F7747F1B7673B870B6288F2 93FFDE100B7EB46BAC E35BE78353E8BF939D8FFDC3A58EAAE6DCE8EAEAC7B86A5F629497A0DA6BDB 8674F85E5AAA5583E41FD506942A7CC587962E5A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FBI2I3W\urlblockindex[1].bin Size (bytes): 16 Entropy (8bit): data FA518E3DFAE8CA3A0E495460FD60C791 E4F30E D37267C0162FD4A C C4B4E5F883F9FD5A278E61C471B3EE B6D129499AA7 D21667F3FB081D39B579178E74E9BB1B6E9A97F C165729A58F1787DC0ADADD980CD026C7A601D416665A 81AC13A69E49A6A2FE2FDD AA645C07 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\de[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 864 Entropy (8bit): B28B1FB16C2C6C84E E2565 7AB367E2C26EE4C7AAC2115D8A B4CB9CA 901CBEA D46661D78C5BE EBE9B9ECBD57C17A6E0960AC2 AC09BC61E6B308FA009AE868BA319FDE9E25F01DAC5D65043DC7B45B09FB117F111280E7C69215C4703B5BEC7 C81D52D3E31391A900BFE189AA3E71A904D4D91 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\drop[1].gif GIF image data, version 89a, 18 x 14 Size (bytes): 856 Entropy (8bit): D11D18E173962CD3A7B5770CA EEDF C208FE91B7F902404B6CF6A9209 CEB5FEE7D03C3FACDD9DA98DD3BF0FC4D6B6271DA405F D F598C A3D92B0FB C4EE6EF5E57E35D5632F4FD B391F878959E3DA FB5C3DC A0E44BEDB46DA F56F840C2F0EFB98 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\en[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 953 Entropy (8bit): FFB58C7A2B044709DCCD9A7F44667EEA 90E5B09E5A F7B037EF788DB C A E431A0FFCE5D3C7CBF742DFA2A3966C300C87F65 CDF B5C68FD E1BB53D3EBD90BED8EADECFDD4BD5F574A80CD4B82F8D0BEEB13859E59D2AA ABC D079F9A1C541662E41 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\es[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 895 Entropy (8bit): ADB5C FE777C7293E6E38F928D Copyright Joe Security LLC 2018 Page 18 of 56

19 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\es[1].gif 5A157B3EC B5B C841580C3 461DACDDACE8FE109AC31BD1A96B8F ED C547F3B23B98FA EED0A B54109B42D8EAD169D831ADAABB71767A73E234F7C3ADF38A2E66C00C2D48F84D8583CE 5AE8974D72265A28ABCD427B51C21FA07D8D7C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\header[1].gif GIF image data, version 89a, 980 x 74 Size (bytes): 3526 Entropy (8bit): A5F1B96CD479B50FA1E793F3A4284E3F DBCE3102C74B479ACFD188A633782E57F9DB9EC0 A6D43677EC96486CE66EEEA A13BEE711BDD65E92082C7CCEEE47C74 A04B7539BD7949A1441EADEA8DC7355DAE287E732D84BE55CB8073AF6AA194DB591F76FEDCC15A0837BC0A2D6 228C325C6B047C748D618BB7176AAC6231D9EA0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD4VIIT2\suggestions[1].en-US data Size (bytes): Entropy (8bit): A34CB996293FDE2CB7A4AC A 3C96C D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D F E70F68B1BE6FD0CA65DCCF4FF D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\footer[1].gif GIF image data, version 89a, 980 x 15 Size (bytes): 296 Entropy (8bit): EA988BE2B04ECAECAADCDA87B52A A7E7D8807EEA5B46485C4CCF1FDB7535D355426F 379F1C7C812A4FB10F8C8612A26BBAF99D1C53DCB3A145399FCB063ADC B9F436DF98FF3CF971A28F3DEB88B D3E89E2F6444E6F9B9A8BA45E E C08 632B FD D8BD409AE6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\ja[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 881 Entropy (8bit): CAA36E6103C9E50BDA47B0E504DBDD5 9F12A1847C93B16E7AC963331F4A3D033E291DD7 CAFD73D7BA FD2F3303C4B225357A60F2B010D8F3FB33EF0AD177662DE 5604E3A6A00D32C0DE4A0D6E853F54594AA4AD47FCC8AE06DA61FD8C36D81C5EAACCA4B6C0C7B5E5C4664D91 AFC14526E20C383F897AAEC3D3FE3568D4E36B9B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\pt[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 904 Entropy (8bit): B3E34233EB C0D6FD7A5C4D2 1D00113EF745B77A B4FA30E9FFCD33D3 Copyright Joe Security LLC 2018 Page 19 of 56

20 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\pt[1].gif A62E E908E24B81BC361A4FC42F83FA2B65186F45B2AB1A02C37EF38 71D552C5D3D179D D773EA29EDF2A3FF6D4DAE367E113EA3BAE0A9F22F67E228919EF1F3BB AC78505E84CC3784E72A412AFF3B6B7BD715 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\ru[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 864 Entropy (8bit): D727A7CF04579FD22B86C7E3F71878BE C0548ED4BF8C49D263C6419AA2FE09E F98A8A43E92453CA516E2B5A68CDB884FE4664C2D0DF7925E D6F5C5 B0BE893AC903A9A7EE28ED7E4EA617562F632A3CD8F41EEC6BEC30E EB03221AE73F034F F 3259C03CB2EC706F172750D314001C17EA5ED0 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOUXUMGP\zh[1].gif GIF image data, version 89a, 20 x 14 Size (bytes): 886 Entropy (8bit): FCE012EDD66D00E09B781E8F1175BC D3E798240E43AD6E89B2ADC3A0B D2BFE554861FC018FED36CC51B19BA482CF93A8BB61C509604F89F3AC57EF C645D6FECA3369A8D72F6EBD124EDABCAC0F6587EB32B197BCA6EA53D756C95584F38DEE5C84FDDBBD6CE CFC941A7086BD94071BE836808E445D22FAD C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Size (bytes): 1407 Entropy (8bit): MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=mon Aug 7 12:48: , mtime=mon Aug 7 12:48: , atime=wed May 31 03:32: , length=815312, window=hide E8C5D71E084A7B05EA6 D97A ECC5E920A5630D997DCDBA34C05BD 11A9ED40CEA2A1F9716DC07C2DB34E7A0019DEB63A983A7BFBB7AD489923D F1F A C627EF0A6781B62D1009B682952C0FF4487D808AD3B28BFD607BAE073ACD118AE E1FD9A83AF1DAB440DBB14D489C395BD0826 C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini Size (bytes): 75 ASCII text, with CRLF line terminators Entropy (8bit): C1977B70FA9244BFFE AC51D D2A086ADADB0874F9460DD7F16B4C6343AC80AD3 DC9CE3CEF1E4D274CA5F61B9B9C41889BA08095B3E5847FDF8BF72AFFB68AB0F 0432F57DB605CC413BC3380BAA2EB12955CB760E736D25B2FC6B269F98B427EE7D79406EC F6A16B446C A A42FCDD497700ADB C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UOJ45UWX.txt ASCII text Size (bytes): 199 Entropy (8bit): ABA64192EED09030B2223CA485433DA D6A26E2B03C927E85484D8577B130964D Copyright Joe Security LLC 2018 Page 20 of 56

21 C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\UOJ45UWX.txt EC57BBDC73E849A9CB04DDEFD871E858870B8F4C0746D2658AC8542F7F 4C ABF87EF4F6DE12A32F3BB7E9E090C80161A05CD4BB5A DA0BCC816F3AE7775E239A DE35B283E9829FA512135F4A38ED72065BCC C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\V6HGYFVC.txt Size (bytes): 282 ASCII text Entropy (8bit): DB2902BE1C8F29CCF26C15CBBD41E50F FBA02CC40BDBCFB24FC7374C82C F08786B9D2E8B84AD521F57C874016C2142FB32B3D9633FE01E85B8CC9DA8D34 5A16BED723BB7CC AA498AF45D6D34C5B DB6BEAC1F78BCF97030E D3C89C95317F18A DC37FD A4768D2B992608FC3F98FF55A C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VNGEIBZO.txt Size (bytes): 78 ASCII text Entropy (8bit): A7FC4C049C041C8854E408E4C B09980E0ED28B0697CF1DC423006D1898DAF0 3CE5AF9E31B5007DD70FCFC1A6F0CE511F31F13C13658C27C660C6E62A5DEB86 62B477ED31DCA1BB899A722E88559E1811F163E11B4C0ABEC88E9A768B9915B84CAA76366B4047C3126FF5D9E5 1693F26B9262ED1882C7B148A45DF5CA0C8784 C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ADLZH1TBPUMDOLXEBP8Q.temp data Size (bytes): 3358 Entropy (8bit): CAC01A99BB552C9AA90E81BE7FBA82A0 6803CF8DE A503A7659FBA465ECEF0 62C D6C8F41BB27C00D7E70DB6AF658BBB6094A0E371C7C0B8D872E16A E700EA13FF878FD94C650D8A27E E718B07482EE9C70CE0F5142C11331C9BB55293B2853DE1F3A480A DA A48BEDB61E61D3E0AF42852D C:\Users\user\Favorites\Links\Suggested Sites.url Size (bytes): 1078 ASCII text, with CRLF line terminators Entropy (8bit): D736C3274F6BB146316A6A86370B 9C195AF1AEC4E764A1DC2994F293C1C DD A7F CD4C03A AA DA80BE098E432BFC78E95D973 C61B11C8C827E29B9690A081051C4CEDF47BF583B03C3974BE50FBFC63583CBF7F11C6F16F9B88952B2A7412DD 7B F6CF4E8E7B5733D46D839689C2609 C:\Users\user\Favorites\Links\Suggested Sites.url:favicon PNG image data, 16 x 16, 4-bit colormap, non-interlaced Size (bytes): 474 Entropy (8bit): B296C9568BE4B40F DA56A3CE F4B7D1E31B78D81A F951E27745CE921CB 27D67BA98E8641B6A8B5BB9CCDA13FAB5B0E0C8D231311BD39C4915DC71B3159 Copyright Joe Security LLC 2018 Page 21 of 56

22 C:\Users\user\Favorites\Links\Suggested Sites.url:favicon AF25BC3A74CF1B4F914BB54D65A834020CF81DF369B6892E546EF51DB5A58769B44BA2E33C7B29C3D4B23454F7 5007E9EB88F454CF51459DB2099F361E3272A9 \samr Size (bytes): 116 Entropy (8bit): Hitachi SH big-endian COFF object, not stripped 080E701E8B8E2E9C68203C150AC7C6B7 4EF B805758AE1D3B122F9D FE129AE2A7C F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D C11D88B8E355B7B922B B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719 D892B4C0D22BB67BE0D57EAB368BA1BC057E79 Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection licensecentral-bbio.bruker.de true Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States GOOGLE-GoogleIncUS Germany 5400 BTGB Static File Info Copyright Joe Security LLC 2018 Page 22 of 56

23 No static file info Network Behavior Network Port Distribution Total Packets: (HTTP) 53 (DNS) TCP Packets Timestamp Source Port Dest Port Source IP Dest IP 16:56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET Copyright Joe Security LLC 2018 Page 23 of 56

24 Timestamp Source Port Dest Port Source IP Dest IP 16:56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET Copyright Joe Security LLC 2018 Page 24 of 56

25 Timestamp Source Port Dest Port Source IP Dest IP 16:56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :56: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET Copyright Joe Security LLC 2018 Page 25 of 56

26 Timestamp Source Port Dest Port Source IP Dest IP 16:57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET Copyright Joe Security LLC 2018 Page 26 of 56

27 Timestamp Source Port Dest Port Source IP Dest IP 16:57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET :57: CET Copyright Joe Security LLC 2018 Page 27 of 56