ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:

Size: px

Start display at page:

Download "ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:"

Shannon Morrison
5 years ago
Views:

1 ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:

2 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Networking: System Summary: Hooking and other Techniques for Hiding and Protection: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshot Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets ICMP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets Code Manipulations Statistics Table of Contents Copyright Joe Security LLC 2018 Page 2 of

3 Behavior System Behavior Analysis Process: iexplore.exe PID: 3228 Parent PID: 548 General File Activities Registry Activities Analysis Process: iexplore.exe PID: 3280 Parent PID: 3228 General File Activities Registry Activities Analysis Process: ssvagent.exe PID: 3340 Parent PID: 3280 General Registry Activities Disassembly Code Analysis Copyright Joe Security LLC 2018 Page 3 of 33

Analysis Report Overview General Information Joe Sandbox Version: 21.0.0 Analysis ID: 46703 Start time: 13:47:53 Joe Sandbox Product: CloudBasic Start date: 16.02.

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start time: 13:47:53 Joe Sandbox Product: CloudBasic Start date: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 5m 0s light browseurl.jbs nk/css3-mediaqueries.js Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 6 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Detection: Classification: HCA enabled EGA enabled HDC enabled CLEAN clean1.win@5/35@9/4 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Cookbook Comments: Warnings: Failed Failed Adjust boot time Browsing link: Show All Exclude process from analysis (whitelisted): WmiApSrv.exe, dllhost.exe Execution Graph export aborted for target iexplore.exe, PID 3280 because it is empty Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Copyright Joe Security LLC 2018 Page 4 of 33

5 Confidence Strategy Score Range Further Analysis Required? Threshold true Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample HTTP request are all non existing, likely the sample is no longer working Copyright Joe Security LLC 2018 Page 5 of 33

6 Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis Signature Overview Networking System Summary Hooking and other Techniques for Hiding and Protection Click to jump to signature section Networking: Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Tries to download non-existing http data (HTTP/ Not Found) Urls found in memory or binary data Uses HTTPS Social media urls found in memory data System Summary: Found graphical window changes (likely an installer) Uses new MSVCR Dlls Binary contains paths to debug symbols Classification label Creates files inside the user directory Creates temporary files Reads ini files Reads software policies Spawns processes Uses an in-process (OLE) Automation server Searches the installation path of Mozilla Firefox Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 33

Behavior Graph ID: 46703 URL: http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3.

7 Behavior Graph ID: URL: Startdate: 16/02/2018 Architecture: WINDOWS Score: 1 Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Hide Legend css3-mediaqueries-js.googlecode.com clients1.google.com started Number of created Registry Values Number of created Files Visual Basic iexplore.exe started Delphi Java.Net C# or VB.NET C, C++ or other language Is malicious iexplore.exe 29 clients1.google.com , 443, 49167, GOOGLE-GoogleIncUS , 49179, 80 GOOGLE-GoogleIncUS 2 other IPs or domains started United States United States ssvagent.exe 6 Simulations Behavior and APIs Time Type Description 13:48:48 API Interceptor 602x Sleep call for process: iexplore.exe modified from: 60000ms to: 100ms Antivirus Detection Initial Sample No Antivirus matches Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Copyright Joe Security LLC 2018 Page 7 of 33

8 Domains Detection Scanner Label Link clients1.google.com 0% virustotal Browse 0% virustotal Browse css3-mediaqueries-js.googlecode.com 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshot Copyright Joe Security LLC 2018 Page 8 of 33

9 Startup System is w7 cleanup iexplore.exe (PID: 3228 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3280 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' SCODEF:3228 CREDAT: /prefetch:2 CA1F703CD665867E8132D2946FB55750) ssvagent.exe (PID: 3340 cmdline: 'C:\PROGRA~1\Java\JRE18~1.0_1\bin\ssvagent.exe' -new 0953A FD1E655B75B63B9083B7) Created / dropped Files C:\Users\HERBBL~1\AppData\Local\Temp\Cab2BD8.tmp Size (bytes): Entropy (8bit): Microsoft Cabinet archive data, bytes, 1 file true 06ED9A39AC55EB00DD78E416E1A804F D D86FF89184BA5ED45708D38BD9 298BBA62CAA0B61A402F715BB5B8D1D28ECD0B58D9A9B6B8AE7947B39DA8B1EB 6A3A747BB754D9BFB78D18E37CD E00EEE85C59E16E3FCB B422BE94A83D4FD447912CC516A77B 2D17A A40B75C2831A6548D63287 Copyright Joe Security LLC 2018 Page 9 of 33

10 C:\Users\HERBBL~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): F22CC BF78A48754B387937B FEF5557B4B4A5DF7C DDE6957C7B995F 4C870CC74AD6E448C1427BC41F7FD EE69E2F22A142ED34A7B998B2 D2ADBF01E89CA8765B49BE1B3A7FFE070D4C499A5C E36D6AF6A8D4D58AF06180CE8961BDB667456BF DC519188C0CC8A4EF8738D3EB928D5FEC74409F C:\Users\HERBBL~1\AppData\Local\Temp\Tar2BD9.tmp data Size (bytes): Entropy (8bit): DFE86C61A543B557903B5EEF1E4FFFD A67A046CBACFF99F A34B7672BE70C0E 96E552C153DCFCCF832A868A F96C64108DF9D A9C9A3008A4F09F0D9677EB1EECFF7FCE88438EF8321D0E A6E3846A943FA AADC18A3D94 D1CCA8F8D752D9D93B239904D56AAF04AE9A3A C:\Users\HERBBL~1\AppData\Local\Temp\~DF2D2BE9B625F1B5A6.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): DEEAB1EC28AF7BD69AD4856A29DF6 4ACA730A5AF22B4074E670B145F4A38A52FB413B AD8BA9F9F011AF514205B6E0306FE6397C575FDA4BF8CD80190A212E45 262BB042B3B902F4A0E1EB006CC8698C5F4C72DBDCE691ABFFAD1E D69260A0F34A7C26ADA4B2FA22E D0914AADDE880D99E26DEA3C77729DB714C00D2 C:\Users\HERBBL~1\AppData\Local\Temp\~DF2F8830B CE.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): A7AAC08EEB69D06A3071E4F8EE8A383C 26B17C740DB58C718FDFC71EE6FA901BA8B335ED BC3CC3C65A18327FB1D44652FF8CC97AB DD7D105F982E2BCB2AB5CD7E 0D9F20A4CA50B0713FE21E9F049E73A4944AF7EA8925FE2DF338E97689D53DF5CAF36C13A128CA292DBC13B8F4 56C8E23B40A B6BE7A2D9E26DDA35F C:\Users\HERBBL~1\AppData\Local\Temp\~DFD88E553DF301C4CF.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): A991CE5ACF536C869D4EBD47C0D1A3CA 274F80E349C5A3C163AFEA380A3D60629CA1405D D647C0E B7F5BD5A58D ED92F2D0D E88E A3815B1D424A31BA36839ED10D164D94C621DB8BD7F4BDFBFA4DD35E0957E020E7FEA C9D7D6D2C3 D028CBB6200DA067B9DC1F88FB3A0A C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D data Copyright Joe Security LLC 2018 Page 10 of 33

11 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D Size (bytes): 325 Entropy (8bit): CDD088A94C227A78E789CA0102D5 54EAA010E35DA4F9D71E B33C00A9C18F2 CFBBEC92D9EE7EBE50C4DB7B65F067CF199E6B1A09FB6DF6C533ECD CAE9DDFC3E969AEBF177EC76C884871E8521F952CB475864EE7C1AD5B3BA8F346B1D57359D42C7FC6D263BAF8 FB2B65BFD3AFBA704D7C6CF3EC7A C5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E0 4 data Size (bytes): 471 Entropy (8bit): B93B055F18ED02AC BFA E49C843005A144BE3DE9485B1F9BC4E5A9126D A2649B55B45DF55AC2A B428AD312A749BDA88AA21B6C800DCE6AD4CED 1A7E8C92A1516E9B2E224E239C29EA395C615585A429B5FDF66B794DBBE6336C2BCE435ACD4F145563E5ACB4E DDBE001566E1BB345BF9F6F5EAE0341B9AAB2A6 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F Size (bytes): Entropy (8bit): Microsoft Cabinet archive data, bytes, 1 file true 06ED9A39AC55EB00DD78E416E1A804F D D86FF89184BA5ED45708D38BD9 298BBA62CAA0B61A402F715BB5B8D1D28ECD0B58D9A9B6B8AE7947B39DA8B1EB 6A3A747BB754D9BFB78D18E37CD E00EEE85C59E16E3FCB B422BE94A83D4FD447912CC516A77B 2D17A A40B75C2831A6548D63287 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_041DE71A1638F371C5273F77C40E70BF data Size (bytes): 463 Entropy (8bit): A645052EA6939DB6EF931BE4267B10F9 A612115C24FCD8DDF0EE6A4646C39A8A4675BE64 9A483E45B63D97A96A0C55045C339B4FCC875BF53F739EBF8EE9CBE78FA3DFC0 A29C4D697EF3D16B283E75A17BE C8FF7365F1A8642E66AD3A E77CA51293D9E00E0E2DCD0AD 15EDA5A46A175827E4CD4D24E4E0C341A890AE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ EA C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56 data Size (bytes): 1391 Entropy (8bit): A1E1FA02464E4BCC836CCDF C AF5E3D57E CE77AB652A B015FB67A59C7485B3AAB9AC9F7AD5A9199D0D67B FC0BF3F761 14F707C D32A80D39B6AE6B3A932396EEFABFA CF460FC88BBEC928F230D19F1A A776A4701ECC7ED37D5A2E207DA56659BDB15 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D data Copyright Joe Security LLC 2018 Page 11 of 33

12 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D Size (bytes): 584 Entropy (8bit): B1B105E3EA41E263C3FFA7E5625AC59 F45B59C3BCFE891F18F71AAF04ADBC0D25A0B16D C1A7AED78E009EDC75A9EBCAEB57354A75CFFD91B662C39D581789E745A32F80 C0577DA9698E87132F9A3E2ACFF317242DA4C57F237964C1FCDD1682A5910B8AABCC35B51036D37954A7718E6E D1CD2C725ECDDD71ED7BD3398BDB223C3E97A5 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 340 Entropy (8bit): B79176B973AEFB99E034848E04DD EEF83CEB3D291794C2117B7F3CEAFBEFD60 BF195D93E3A79258B2772CD73A51DCA446F3BAAAB EAE5E545DE4D E2FBC0F4EFC2098B55B56854B3DB4DF8BE BCFD5C3261E52F685155B F69EDCB2FE6234AE A91F53785C14F688F5560A66C272DC80B6E23E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF B E04 data Size (bytes): 868 Entropy (8bit): F19BE FCD6E78ABB0ACF52A 625AD9240DCD0EA4F75AFE077F13BB1E84653CB C85B56BB8B330764A94A3A6AD64BE0A112F4B6C212C ACA F704E3AA73FDA0CD89A57FFB7CC00597A303BDDF04FC7AB7DCC2066CC0957DF0A32952A979ABE B4B 4B313529E287BEBBBBD6C741AD3F00835DD6C10 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F data Size (bytes): 330 Entropy (8bit): FE6CEE5F98C2AA95FE0A5FE285DED9 90A8898EFA877095EDF5FBD697A5A6BBFFD7834A DDADFAC4EB155AD2052CFAC442F114B7049D77BACEEB078AA6D71C5B1E026FB0 762F18EC98E80E808F626A796023B4F89D4E77F1BB561251A70567CE4B8D1B21F5188C5C3CBF552B858CC DF8B2923F62FDC324E4CE41A B98E C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_041DE71A1638F371C5273F77C40E70 BF data Size (bytes): 772 Entropy (8bit): F1DB0DFF7E560682C8C648D6109DF 4BEA07EC34B7554C21FE6A61E4913EBD29D97A6C 0A5E3DC458164C0B32BE5911D4CB65171CDDEC66E D069231B4176D4C3 0232C DCE626029BA36ED100C9FA9060E22E3B5BFC446C2E489BCA97C03719AE2F94802B80C4E794B647 CD2767CFF7FBD24BA39D86B4DD566AAC70B232 Copyright Joe Security LLC 2018 Page 12 of 33

13 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ EA C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D 56 data Size (bytes): 768 Entropy (8bit): BC2F7EB8FDB35AA2EB0DEF DF32BC3B279E61F33A7AB8C7ACBEA465297A9DFB 9EA9953ACD78C3E4AACEF8FA7B186E73A18BBF827C509AB2D86CB7E4C DCE9F511A61D64AE1090ADD0B85D5C777C390388ECD63AD F77080C7DF5DF9106AAD818FF6187C6 46B3BCC47C CFA90D92D985EE29A0 C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D f-A0FF-E1416B8B2E3A}.ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml Size (bytes): Entropy (8bit): XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators 89D7FDB3DE0C78F96B EFB616 EAEF E918FD73AFDDF27DB2D5446CD1884 0E0F38D35FC640DBDE485A53B6EC2EE1ADB25C5602DCF9EC77EA272E9B3F611B 63971D6FB7958B69E20BC08091CF D5AEE285027D B4BD3292E5A94C232A4FD0CE62F B86A933E717E9BD7AEBDE01307DE876 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BAE6A E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): ACC1A905A57D A68D8542B3634 AFE41C70B450A5E9DD8BD10C6D32C9F4B631E14C CB8AC C832C B861E6716EA428A2FA4BB62A9BDBECCFD6C5 AE234658F6C23B0D1DCA A4CF1D4B21491CEF39DF98F3F125AA F82F0BE9428B6DBD77D1 DE71B560C A1BAD573C02232DF14035 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BAE6A E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): DA2679FF5611DA497D80F62FE037FE64 DC66359C921EC8CEAC0E B E E3D20C3C87B6DB8E43B29EE235FDC919540DFAFAC C2FF4FF8DCC8E974 94A B60614B3C38CA2565F74B73615F00B8C9E2FA74845C1E4BCBC93F8A2DE48A4A6CD E7B AEBACEE5D6799FC37624B558F5F1 Copyright Joe Security LLC 2018 Page 13 of 33

14 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7370E E8-B7AC-B2C276BF9C88}.dat Size (bytes): Microsoft Word Document Entropy (8bit): D28E1F F351A1EE8BA0D3DAE 762B9E3E04CD89AB71006A66BBB99CFB200A D9CE1A02E0488AC86630AA3DC2260E73F87A2E2824ED137A6D63420ABF255 1D9FB7B FE91B0FA35AB513BBBA45F8C56ADFCE4205B5643AE1BB3D9ED429C55787B45B46E2E22 D0E2F37A4AE6F15DCD2CF1B4CDCC46D19B3AC9E C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver1FDF.tmp Size (bytes): Entropy (8bit): XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators A37D5835A4A14C9BFAD7898C3B719F3C F21CF355B4515C09174F5D5E5BADBF3319DD70F0 F0B53707B CA2C39C782DD32BCB60DF970313A029D605B719AC1BF9 079F412666F02FE93F2AA4DEC7CBC22B91BE70B71037C B66EA5A680590C8E92DDEE64D2DD934858B44A 4C97A8CE53660F FD31047E4ED08A25C C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver206B.tmp Size (bytes): Entropy (8bit): XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators A37D5835A4A14C9BFAD7898C3B719F3C F21CF355B4515C09174F5D5E5BADBF3319DD70F0 F0B53707B CA2C39C782DD32BCB60DF970313A029D605B719AC1BF9 079F412666F02FE93F2AA4DEC7CBC22B91BE70B71037C B66EA5A680590C8E92DDEE64D2DD934858B44A 4C97A8CE53660F FD31047E4ED08A25C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\NewErrorPageTemplate[1] Size (bytes): 1310 Entropy (8bit): UTF-8 Unicode (with BOM) text, with CRLF line terminators CDF81E591D9CBFB47A7F97A2BCDB70B9 8F12010DFAACDECAD77B70A3E781C707CF D95C6FB161368C795BB63E538FE0B11F9E406494BB5758B3B0D60C5F651BD 977DCC2C6488ACAF0E5970CEF1A7A72C9F9DC6BB82DA54F057E0853C8E939E4AB01B163EB7A5058E093A8BC44 ECAD9D06880FDC883E67E28AC67FEE4D070A4CC C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0316J1PS\googlelogo_color_150x54dp[1].png Size (bytes): 3170 Entropy (8bit): PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced 9D73B3AA30BCE9D8F166DE5178AE4338 D0CBC46850D8ED54625A3B2B01A2C31F37977E75 DBEF5E B7233E944856C23D A2D3568CDFD2BEAF2166E9CA9139 8E55D1677CDBFE9DB C815329A57DF69E303ADC1F994757C64100FE4A3A17E86EF4613F4243E DEBFBCEE58DAB9FC56C81DD147FDC058 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\errorPageStrings[1] UTF-8 Unicode (with BOM) text, with CRLF line terminators Copyright Joe Security LLC 2018 Page 14 of 33

15 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\errorPageStrings[1] Size (bytes): 3470 Entropy (8bit): B26ECFA58E37D4B5EC861FCDD3F04FA B69CD71F68FE35A9CE0D7EA17B5F1B2BAD9EA8FA 7F7D1069CA8A852C1C8EB36E1D988FE6A9C17ECB8EFF1F66FC5EBFEB A 1676D43B977C07A3F6A5473F12FD16E A1CB9771D0F189B EE79480C33A010F08DC521E57332EC4 C4D888D693C6A2323C97750E C3F4 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\urlblockindex[1].bin Size (bytes): 16 Entropy (8bit): data FA518E3DFAE8CA3A0E495460FD60C791 E4F30E D37267C0162FD4A C C4B4E5F883F9FD5A278E61C471B3EE B6D129499AA7 D21667F3FB081D39B579178E74E9BB1B6E9A97F C165729A58F1787DC0ADADD980CD026C7A601D416665A 81AC13A69E49A6A2FE2FDD AA645C07 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\httpErrorPagesScripts[1] Size (bytes): 8714 Entropy (8bit): UTF-8 Unicode (with BOM) text, with CRLF line terminators 3F57B781CB3EF114DD0B B7B CE6A63F996DF3A1CCCB81720E21204B825E0238C 46E019FA34465F4ED096A9665D1827B AD82E98BE01EDB1DDBC94D3AD 8CBF4EF582332AE7EA605F910AD6F8A4BC FA84F08943A72CAC2CF0FA32B6AF4C20C697E1FAC2C5 BA16B5A64A23AF0C11EEFBF69625B8F9F90C8FA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\iecompatviewlist[1].xml Size (bytes): Entropy (8bit): XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators 89D7FDB3DE0C78F96B EFB616 EAEF E918FD73AFDDF27DB2D5446CD1884 0E0F38D35FC640DBDE485A53B6EC2EE1ADB25C5602DCF9EC77EA272E9B3F611B 63971D6FB7958B69E20BC08091CF D5AEE285027D B4BD3292E5A94C232A4FD0CE62F B86A933E717E9BD7AEBDE01307DE876 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77PTX9DT\robot[1].png Size (bytes): 6327 Entropy (8bit): PNG image data, 171 x 213, 8-bit colormap, non-interlaced 4C9ACF280B47CEF7DEF3FC91A34C7FFE C32BB847DAF52117AB93B723D7C57D8B1E75D36B 5F9FC5B3FBDDF0E72C5C56CDCFC81C6E10C617D70B1B93FBE1E4679A8797BFF7 369D5888E0D19B46CB998EA166D421F98703AEC7D82A02DC7AE10409AEC253A7CE099D208500B4E C66C2FD59FE92170B324E70CF63CE2B429C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\dnserror[1] HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators Size (bytes): 1857 Copyright Joe Security LLC 2018 Page 15 of 33

16 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\dnserror[1] Entropy (8bit): C70B34B5F8F158D38A94B9D E9EAA065BD6585A1B176E13615FD7E6EF96230A9 3EBD34328A4386B4EBA1F3D5F1252E7BD13744A B4689C13FCF4 927DCD4A8CFDEB0F970CB4EE3F059168B37E1E4E04733ED3356F77CA0448D2145E1ABDD4F7CE1C6CA23C1E B17987CC56C84C78E73F60E08FC0D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEWWYACU\favicon[1].ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B8L0RYVE.txt Size (bytes): 276 ASCII text Entropy (8bit): AE788D3DFB87A3C242FF365E811DD4F 28BC977A697B6F921F1B82E805A32907EDECC9FD 0D1FBB9604D191539C2C4B7DE8299BF431D594F2DF07B6B2D42B358ADE3D7DBB B42E68B87D4516EB6F6CD1B5F5387E1B0A5A6B0ED5BCD62E202173B687F3732F95425EDF2C13A02A667E0CB9FA 7C89BBF9C960CBEFDD6CF94FD13E5C D C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZK0VJ9HJ.txt Size (bytes): 80 ASCII text Entropy (8bit): B2C75E17C731997B3E535D52D DC64B43939C1EBF212B4EDD30D8C826CF9CE8C F5D170097F27C0D49B CF0E37CB6EFEEDA B3F0680B A2B7DAD034E1F5A9CBD943CC78634F33B0268BDF E4323AA22259F92E8ECCE6B7F992BA6612DFAAD382 1E6F6690ECE2A3CB2A48B6CCBA13BB259DBDDE Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection clients1.google.com true 0%, virustotal, Browse true 0%, virustotal, Browse css3-mediaqueries-js.googlecode.com true 0%, virustotal, Browse Contacted IPs Copyright Joe Security LLC 2018 Page 16 of 33

17 No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs IP Country Flag ASN ASN Name Malicious United States GOOGLE-GoogleIncUS United States GOOGLE-GoogleIncUS United States GOOGLE-GoogleIncUS United States GOOGLE-GoogleIncUS Static File Info No static file info Network Behavior Network Port Distribution Total Packets: (HTTPS) 80 (HTTP) 53 (DNS) TCP Packets Copyright Joe Security LLC 2018 Page 17 of 33

18 Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Copyright Joe Security LLC 2018 Page 18 of 33

19 Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Copyright Joe Security LLC 2018 Page 19 of 33

20 Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET UDP Packets Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Copyright Joe Security LLC 2018 Page 20 of 33

21 Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Copyright Joe Security LLC 2018 Page 21 of 33

22 Timestamp Port Dest Port IP Dest IP Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :48: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET Feb 16, :49: CET ICMP Packets Timestamp IP Dest IP Checksum Code Type Feb 16, :48: CET d015 (Port unreachable) Feb 16, :48: CET d015 (Port unreachable) Feb 16, :48: CET cffe (Port unreachable) Feb 16, :48: CET cffe (Port unreachable) Feb 16, :48: CET cffe (Port unreachable) Feb 16, :48: CET cffe (Port unreachable) Feb 16, :48: CET cffe (Port unreachable) Destination Unreachable Destination Unreachable Destination Unreachable Destination Unreachable Destination Unreachable Destination Unreachable Destination Unreachable Copyright Joe Security LLC 2018 Page 22 of 33

23 DNS Queries Timestamp IP Dest IP Trans ID OP Code Name Type Class Feb 16, :48: CET xf0bd Standard query (0) Feb 16, :48: CET xf0bd Standard query (0) Feb 16, :48: CET xf0bd Standard query (0) Feb 16, :48: CET xf0bd Standard query (0) Feb 16, :48: CET x8285 Standard query (0) Feb 16, :48: CET x8285 Standard query (0) Feb 16, :48: CET x8285 Standard query (0) Feb 16, :49: CET xd181 Standard query (0) Feb 16, :49: CET x2ffc Standard query (0) css3-media queries-js.googlecode.com css3-media queries-js.googlecode.com css3-media queries-js.googlecode.com css3-media queries-js.googlecode.com A (IP address) A (IP address) A (IP address) A (IP address) IN (0x0001) IN (0x0001) IN (0x0001) IN (0x0001) A (IP address) IN (0x0001) A (IP address) IN (0x0001) A (IP address) IN (0x0001) clients1.g oogle.com clients1.g oogle.com A (IP address) A (IP address) IN (0x0001) IN (0x0001) DNS Answers Timestamp IP Dest IP Trans ID Replay Code Name CName Address Type Class Feb 16, xf0bd No error (0) css3-media 13:48: queries-js CET.googlecode.com Feb 16, xf0bd No error (0) css3-media 13:48: queries-js CET.googlecode.com Feb 16, xf0bd No error (0) css3-media 13:48: queries-js CET.googlecode.com Feb 16, xf0bd No error (0) css3-media 13:48: queries-js CET.googlecode.com A (IP address) IN (0x0001) A (IP address) IN (0x0001) A (IP address) IN (0x0001) A (IP address) IN (0x0001) Feb 16, x8285 No error (0) A (IP address) IN (0x0001) 13:48: CET Feb 16, x8285 No error (0) A (IP address) IN (0x0001) 13:48: CET Feb 16, x8285 No error (0) A (IP address) IN (0x0001) 13:48: CET Feb 16, xd181 No error (0) clients1.g 13:49: oogle.com CET Feb 16, x2ffc No error (0) clients1.g 13:49: oogle.com CET A (IP address) IN (0x0001) A (IP address) IN (0x0001) HTTP Request Dependency Graph css3-mediaqueries-js.googlecode.com clients1.google.com HTTP Packets Session ID IP Port Destination IP Destination Port Process C:\Program Files\Internet Explorer\iexplore.exe Timestamp kbytes transferred Direction Data Copyright Joe Security LLC 2018 Page 23 of 33

24 Timestamp Feb 16, :48: CET Feb 16, :48: CET kbytes transferred Direction Data 3 OUT GET /svn/trunk/css3-mediaqueries.js HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: css3-mediaqueries-js.googlecode.com DNT: 1 Connection: Keep-Alive 5 IN HTTP/ Not Found Content-Type: text/html; charset=utf-8 Referrer-Policy: no-referrer Content-Length: 1591 Date: Fri, 16 Feb :48:46 GMT Data Raw: 3c f d 6c 3e 0a 3c d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a c 6d d d 38 3e 0a c 6d e 61 6d 65 3d f f 6e e 74 3d e c 2d c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d c 65 3d 31 2c d d e 0a c c 65 3e f e 6f f 75 6e c 2f c 65 3e 0a c c 65 3e 0a a 7b 6d e 3a 30 3b e 67 3a 30 7d d 6c 2c 63 6f b 66 6f 6e 74 3a f c 2c e 73 2d d d 6c 7b b f 75 6e 64 3a b 63 6f 6c 6f 72 3a b e 67 3a d 62 6f b 6d e 3a f b 6d d a b 6d 69 6e 2d a b e 67 3a d 2a 20 3e f b b f 75 6e 64 3a c 28 2f 2f e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d f f f 72 6f 62 6f 74 2e 70 6e e 6f 2d b e 67 2d a d 70 7b 6d e 3a b 6f c 6f 77 3a e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a b d f f 6e 3a 6e 6f 6e 65 7d d 67 7b 62 6f a 30 7d 40 6d e e d d a b 62 6f b b f 75 6e 64 3a 6e 6f 6e 65 3b 6d e 2d 74 6f 70 3a 30 3b 6d d a 6e 6f 6e 65 3b e 67 2d a 30 7d 7d 23 6c 6f 67 6f 7b b f 75 6e 64 3a c 28 2f 2f e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d f e e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f e 70 6e e 6f 2d b 6d e 2d 6c a 2d d 40 6d f 6e 6c e e d 69 6e 2d f 6c f 6e 3a b 23 6c 6f 67 6f 7b b f 75 6e 64 3a c 28 2f 2f e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d f e e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f e 70 6e e 6f 2d f b 2d 6d 6f 7a 2d 62 6f d 69 6d a c 28 2f 2f e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d f e e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f e 70 6e d 7d 40 6d f 6e 6c e e d b d 6d 69 6e 2d d c 2d f 3a b 23 6c 6f 67 6f 7b b f 75 6e 64 3a c 28 2f 2f e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d f e e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f e 70 6e e 6f 2d b 2d b d b f 75 6e 64 2d a 65 3a d 7d 23 6c 6f 67 6f 7b c a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,co de{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-widt h:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(// 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overf:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;paddingright:0}}#logo{background:url(// norepeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(// /images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url( // 0}}@media only screen and (-webkitmin-device-pixel-ratio:2){#logo{background:url(// lor_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;h Session ID IP Port Destination IP Destination Port Process C:\Program Files\Internet Explorer\iexplore.exe Timestamp Feb 16, :48: CET kbytes transferred Direction Data 10 OUT GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: DNT: 1 Connection: Keep-Alive Copyright Joe Security LLC 2018 Page 24 of 33

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version: ID: 50646 Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/201 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis