1.4
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.55
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-ASIQ [Trj] | 20191227 | 18.4.3895.0 |
| Baidu | Win32.Trojan-Downloader.Small.az | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191227 | 2013.8.14.323 |
| McAfee | BackDoor-FBKE!42BC01D2AD62 | 20191227 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b8026d | 20191227 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'UPX1', 'virtual_address': '0x00007000', 'virtual_size': '0x00003000', 'size_of_data': '0x00002200', 'entropy': 7.244730641768269} | entropy | 7.244730641768269 | description | 发现高熵的节 | |||||||||
| entropy | 0.21794871794871795 | description | 此PE文件的整体熵值较高 | |||||||||||
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意
(50 out of 59 个事件)
| ALYac | Trojan.Downloader.JQDS |
| APEX | Malicious |
| AVG | Win32:Agent-ASIQ [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Downloader.JQDS |
| AhnLab-V3 | Spyware/Win32.Zbot.C3292276 |
| Antiy-AVL | Trojan[Spy]/Win32.Zbot |
| Arcabit | Trojan.Downloader.JQDS |
| Avast | Win32:Agent-ASIQ [Trj] |
| Avira | TR/Spy.Zbot.amoam |
| Baidu | Win32.Trojan-Downloader.Small.az |
| BitDefender | Trojan.Downloader.JQDS |
| BitDefenderTheta | Gen:NN.ZexaF.33558.dq2@a4EQq!p |
| Bkav | W32.AIDetectVM.malware1 |
| CMC | Trojan-Spy.Win32.Zbot!O |
| ClamAV | Win.Downloader.Upatre-5744087-0 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.2ad629 |
| Cyren | W32/S-107e7686!Eldorado |
| DrWeb | Trojan.Packed.24872 |
| ESET-NOD32 | Win32/TrojanDownloader.Small.AAB |
| Emsisoft | Trojan.Downloader.JQDS (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-107e7686!Eldorado |
| F-Secure | Trojan.TR/Spy.Zbot.amoam |
| FireEye | Generic.mg.42bc01d2ad6293be |
| Fortinet | W32/Zbot.AAB!tr |
| GData | Trojan.Downloader.JQDS |
| Ikarus | Trojan-Downloader.Win32.Small |
| Invincea | heuristic |
| Jiangmin | TrojanSpy.Zbot.dxoc |
| K7AntiVirus | Trojan-Downloader ( 00457c511 ) |
| K7GW | Trojan-Downloader ( 00457c511 ) |
| Kaspersky | Trojan-Spy.Win32.Zbot.qntr |
| MAX | malware (ai score=81) |
| Malwarebytes | Backdoor.Bot |
| McAfee | BackDoor-FBKE!42BC01D2AD62 |
| McAfee-GW-Edition | BehavesLike.Win32.Cutwail.qt |
| MicroWorld-eScan | Trojan.Downloader.JQDS |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.Zbot.cmktgr |
| Panda | Trj/Downloader.WLX |
| Qihoo-360 | HEUR/QVM19.1.28E7.Malware.Gen |
| Rising | Trojan.Waski!1.A489 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-BCMS |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b8026d |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-10-13 11:27:30
PE Imphash
c2343dd84ed5ff77d987b94d6bc90ce0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00006000 | 0x00005c00 | 3.4925752955674856 |
| UPX1 | 0x00007000 | 0x00003000 | 0x00002200 | 7.244730641768269 |
| .rsrc | 0x0000a000 | 0x00002000 | 0x00001800 | 4.701766952012845 |
| .imports | 0x0000c000 | 0x00001000 | 0x00000600 | 3.800056145706608 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0000a17c | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x00006020 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0000b028 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000b040 | 0x00000318 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_MANIFEST | 0x0000b35c | 0x00000193 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.DLL:
• 0x404110 GetModuleHandleA
• 0x404114 CreateSemaphoreW
• 0x404118 GetProcAddress
• 0x40411c HeapCreate
• 0x404120 HeapAlloc
• 0x404124 ExitProcess
• 0x404128 FreeLibrary
Library GDI32.dll:
• 0x4043b4 CreateBitmap
• 0x4043b8 IntersectClipRect
• 0x4043bc ExcludeClipRect
• 0x4043c0 UpdateColors
• 0x4043c4 DeleteDC
• 0x4043c8 GetTextExtentPoint32A
• 0x4043cc CreateCompatibleDC
• 0x4043d0 DeleteObject
• 0x4043d4 TextOutA
• 0x4043d8 SetBkColor
• 0x4043dc SetTextColor
• 0x4043e0 Rectangle
• 0x4043e4 CreateSolidBrush
• 0x4043e8 GetStockObject
• 0x4043ec SelectObject
• 0x4043f0 CreateFontIndirectA
• 0x4043f4 GetTextExtentExPointA
• 0x4043f8 SetMapMode
• 0x4043fc GetDeviceCaps
• 0x404400 GetTextMetricsA
• 0x404404 CreateFontA
• 0x404408 RealizePalette
Library IMM32.dll:
• 0x4045a0 ImmGetCompositionStringW
• 0x4045a4 ImmSetCompositionFontA
• 0x4045a8 ImmGetContext
• 0x4045ac ImmSetCompositionWindow
Library Msacm32.dll:
• 0x404674 acmStreamOpen
Library user32.dll:
• 0x4041e8 CreateWindowExA
• 0x4041ec GetMessageA
• 0x4041f0 DispatchMessageA
• 0x4041f4 DefWindowProcA
• 0x4041f8 PostQuitMessage
• 0x4041fc GetForegroundWindow
• 0x404200 SetForegroundWindow
• 0x404204 CreateMenu
• 0x404208 GetSystemMenu
• 0x40420c GetDoubleClickTime
• 0x404210 UpdateWindow
• 0x404214 GetQueueStatus
• 0x404218 GetClipboardOwner
• 0x40421c FindWindowA
• 0x404220 LoadIconA
• 0x404224 LoadCursorA
• 0x404228 RegisterClassA
Library Winmm.dll:
• 0x404694 mciSendStringA
L!This program cannot be run in DOS mode.
.imports
E%)E%-
2Q?@HGGQ
g@N[vf
X=g;QFvZVCy
LoadLibraryExA
save recsound aaa
TranslateMessage
user32.dll
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
acmStreamOpen
CoUninitialize
CoInitialize
CoCreateInstance
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
mciSendStringA
.idata
sz42(u
ka*cn@X_`a
Aa0iV=
LoadLibraryExA
save recsound a
nslateMes ge
use{r32.dllNLSS TPRU3t
*'$LUWsj1
l#&!O2
P`Sg$L2
EK$L6Y
dd@~dd@Fn@F
o,Yi05
N?7{}#5_;
R?'H7i
N"Y)/^
]7!od-
Gl-K57
iWG!*EaH
!?c}[cw
Yym9}/W# 2V
Kb/_+@
0ADiXjxA <l
0B4MBPdvM4MY6
,8FC E`G
D 4FV4M4bz4M
E":HXUajxE[
EQa+lE
le4FFVF
I/DlE\
1GetModul
meHand
Semapho
W#ProcAdd
Exi'#F eY
rsectClipR/
Cclude
Upd1Co[marUDe
DCText/
32b[%.mp
4ObjP5Out+`/
ol-GidBrushStkPSgCv^ct/FoB
~e"Mvic
sAWAa6
_5mnImm9osdi-
W>dowb
ac!tmOp
o$3Unin
1;ef,k
cRQui3?Fgfr*
z8nuh5yI
D*a|ATime
mci<AnhyPEL#l
XPTPSWXaD$j
#######
###;KK>
26;2+##########
#########
#####+bEXL
+######+
#####3
######3#
PD[>J22Ib|tLx63
#######3#>>
vDDP>2
########3+ug
DW[[FvV####
########3#J~~3#5gJIk#
3333333333+g +zT
##++++######
3333333333#J%Tz+33#3333######
33333333333+
#33############
33333333333@II#333###########
33333333333@+333333#########
33333333@?a
+233333#3#######
33@j+23333333#######
j@33333333#######
+jj23333333333####
+I@3333333333##
2+@2333333333#
al233333333
$$$2333
C&SCCCSCS&&&&
&&&&$$
7:::::::****************ss****@$$$$$
788888881;111n;;;11p;11111111;
))))))
o,,,,,,,L6,6Lr66rq6,,,,,,,E
)f/HHHH/
8(((((,Lx|>>Eq6,(,((,EM&/-999N/
K((((((XmV#R?DlV((((((EMC/N9<<<<<
,444444X|JJVT
DRmXF4444F4VMC-9<UUU
(444444X3?
DPIDP#F04440tM
4000000y2WIWRIuRI
0000050
5y{kkJ0? D~`f9f
0%%%%%%_
3^%%%%%y`f\f#
%%%%%%%%^_a%G_a%%G=%%%%%%^`f\f#
%%%%%%%%%BB%%%BB%GG%BB%GGGGG%G`f
G.......'''''''''''''''''''''.
-----------------d-)/
&&&&$$$&
$$$$$$$
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
GDI32.dll
IMM32.dll
KERNEL32.DLL
Msacm32.dll
OLE32.dll
user32.dll
Winmm.dll
DeleteDC
ImmGetContext
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
acmStreamOpen
CoInitialize
LoadIconA
mciSendStringA
KERNEL32.DLL
GetModuleHandleA
CreateSemaphoreW
GetProcAddress
HeapCreate
HeapAlloc
ExitProcess
FreeLibrary
GDI32.dll
CreateBitmap
IntersectClipRect
ExcludeClipRect
UpdateColors
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
TextOutA
SetBkColor
SetTextColor
Rectangle
CreateSolidBrush
GetStockObject
SelectObject
CreateFontIndirectA
GetTextExtentExPointA
SetMapMode
GetDeviceCaps
GetTextMetricsA
CreateFontA
RealizePalette
IMM32.dll
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow
Msacm32.dll
acmStreamOpen
OLE32.dll
CoUninitialize
CoInitialize
CoCreateInstance
user32.dll
CreateWindowExA
GetMessageA
DispatchMessageA
DefWindowProcA
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
CreateMenu
GetSystemMenu
GetDoubleClickTime
UpdateWindow
GetQueueStatus
GetClipboardOwner
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
Winmm.dll
mciSendStringA
�A�b�o�u�t�
M�S� �S�a�n�s� �S�e�r�i�f�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�0�0�0�2�5�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
M�S�F�T� �C�o�r�p�
F�i�l�e�D�e�s�c�r�s�i�p�t�i�o�n�
c�a�l�c�.�e�x�e�
F�i�l�e�V�e�r�s�i�o�n�
2�.�1�.�1�.�2�
I�n�t�e�r�n�a�l�N�a�m�e�
c�a�l�c�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�1�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
c�a�l�c�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
3�.�1�.�1�.�3�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
C�:�\�u�n�z�i�p�p�e�d�\�V�o�d�a�f�o�n�e�_�S�t�a�t�e�m�e�n�t�_�3�0�1�0�1�3�\�V�o�d�a�f�o�n�e�_�S�t�a�t�e�m�e�n�t�_�3�0�1�0�1�3�.�e�x�e�
C�:�\�g�X�v�2�h�P�q�l�.�e�x�e�
C�:�\�Y�f�C�D�_�0�K�e�.�e�x�e�
C�:�\�h�A�Q�y�8�V�U�v�.�e�x�e�
C�:�\�M�2�s�0�D�Y�Q�Y�.�e�x�e�
C�:�\�R�f�n�6�Z�i�R�I�.�e�x�e�
C�:�\�i�g�8�m�c�B�w�9�.�e�x�e�
C�:�\�K�u�F�g�C�x�r�s�.�e�x�e�
C�:�\�8�V�3�O�S�v�j�c�.�e�x�e�
C�:�\�p�M�t�T�8�X�a�x�.�e�x�e�
C�:�\�Q�2�O�c�2�j�e�t�.�e�x�e�
C�:�\�F�a�7�6�e�T�e�X�.�e�x�e�
C�:�\�x�K�w�l�g�v�c�z�.�e�x�e�
C�:�\�P�0�o�P�J�Q�y�P�.�e�x�e�
C�:�\�y�y�u�h�q�I�D�T�.�e�x�e�
C�:�\�S�x�2�O�T�j�N�s�.�e�x�e�
C�:�\�0�7�o�6�w�E�u�8�.�e�x�e�
C�:�\�B�g�o�r�l�g�n�Y�.�e�x�e�
C�:�\�4�Y�d�t�s�s�Q�0�.�e�x�e�
C�:�\�W�W�Y�C�V�l�S�g�.�e�x�e�
C�:�\�C�F�0�Q�l�x�P�E�.�e�x�e�
C�:�\�t�u�7�E�Y�U�M�m�.�e�x�e�
C�:�\�M�7�y�F�O�g�h�H�.�e�x�e�
C�:�\�L�T�t�w�K�C�A�l�.�e�x�e�
C�:�\�1�1�0�e�4�1�0�4�7�7�c�d�8�7�4�1�1�3�2�a�9�2�7�d�c�7�2�d�1�c�2�e�0�0�a�e�f�8�3�e�f�2�a�2�7�8�5�1�0�1�1�e�8�e�1�d�7�d�7�b�c�c�7�4�
C�:�\�3�e�8�m�0�O�Z�W�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�6�7�6�f�4�d�9�7�d�f�6�4�b�1�3�7�1�b�b�3�3�a�0�a�0�6�9�7�1�2�c�3�0�a�a�a�4�5�0�a�7�c�d�a�5�4�9�5�8�f�e�4�b�d�3�5�d�8�d�0�3�f�e�.�e�x�e�
C�:�\�1�0�4�b�f�c�4�3�4�4�2�a�5�e�9�7�8�0�f�e�c�4�b�6�5�7�4�3�7�7�f�a�e�0�4�a�9�8�0�c�6�7�a�3�9�5�9�b�8�e�f�2�e�b�1�d�f�2�6�7�d�8�7�6�
C�:�\�8�d�e�d�f�5�e�7�3�d�f�5�9�d�9�5�f�d�e�d�4�1�d�5�0�7�9�e�6�3�d�9�3�c�b�6�8�2�d�b�6�3�1�f�6�b�7�e�9�1�4�b�0�4�d�0�8�c�5�1�7�a�0�f�
C�:�\�2�5�2�d�3�0�a�b�5�2�6�9�3�1�f�8�6�7�e�8�6�6�7�6�a�9�2�a�e�e�7�8�1�4�0�1�8�4�b�b�a�3�0�b�c�5�a�e�d�e�d�b�7�6�2�4�1�b�9�5�8�d�7�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�w�a�q�n�y�U�3�F�.�e�x�e�
C�:�\�Q�j�o�q�I�P�Q�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�f�5�W�u�W�R�A�d�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�h�n�n�y� �C�a�g�e�\�D�e�s�k�t�o�p�\�7�5�D�u�O�K�C�J�G�T�.�e�x�e�
C�:�\�2�6�2�c�8�6�4�4�7�7�8�d�1�7�6�3�b�b�d�c�f�e�3�6�c�6�9�2�8�e�d�c�d�7�0�8�9�7�0�4�6�6�9�0�2�2�0�1�3�7�b�b�8�d�3�9�4�5�3�3�a�6�f�c�
c�:�\�a�n�a�l�y�s�e�\�1�5�5�4�5�7�0�6�8�4�.�8�9�2�5�5�8�3�_�d�6�9�6�f�e�1�1�-�b�a�f�5�-�4�6�5�0�-�b�6�9�7�-�7�9�3�c�3�8�e�a�e�b�b�2�
C�:�\�T�X�T�8�m�b�t�7�.�e�x�e�
C�:�\�6�2�2�b�8�e�c�5�f�9�3�9�6�5�0�c�6�8�b�c�4�f�2�f�e�a�5�e�0�e�1�b�4�4�c�e�d�2�0�6�0�d�d�c�8�f�a�0�f�0�f�d�2�e�c�4�9�e�2�c�7�b�9�e�
C�:�\�4�a�7�f�f�f�1�9�4�c�b�3�d�4�5�6�7�a�9�c�4�8�9�3�f�5�1�d�a�c�c�6�6�c�0�8�a�0�9�6�a�b�9�d�f�f�d�2�3�4�4�0�b�f�b�7�f�d�5�6�e�4�8�9�
C�:�\�e�e�7�4�7�d�4�1�2�5�4�f�7�d�8�3�4�3�8�0�a�5�2�2�6�d�3�9�c�9�6�1�b�0�0�9�9�0�6�4�6�7�b�5�f�4�c�d�0�2�9�9�7�4�2�1�4�d�a�c�3�2�f�6�
C�:�\�4�c�2�8�5�0�c�5�e�e�9�1�9�b�a�a�2�c�9�c�f�7�3�5�1�f�f�8�a�1�8�1�5�0�a�d�e�3�3�d�5�6�7�a�5�3�1�7�9�5�f�9�c�3�0�8�2�e�2�5�8�0�4�a�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�1�8�2�a�e�0�1�e�3�9�a�6�1�9�c�b�2�0�2�a�3�b�5�7�f�5�e�5�b�5�0�6�4�5�a�a�6�f�2�5�9�1�7�7�e�6�7�3�0�6�b�4�b�4�a�7�a�5�d�f�2�1�c�8�.�e�x�e�
C�:�\�9�d�3�4�2�3�6�7�f�9�4�2�c�1�0�1�2�8�c�b�4�a�1�5�f�b�7�7�d�c�7�e�7�4�7�0�0�0�0�4�1�9�c�a�9�5�8�b�d�c�8�5�5�c�9�5�6�e�0�f�c�0�e�1�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�a�2�5�b�4�4�5�f�b�8�f�b�b�6�1�1�6�c�d�2�5�c�0�7�1�8�e�5�1�5�2�d�7�c�7�d�7�1�d�2�5�0�2�1�8�b�e�1�6�a�4�c�5�c�4�9�5�3�7�5�7�1�c�2�
C�:�\�5�4�e�9�7�c�5�4�8�e�a�2�3�b�8�6�f�e�2�5�2�3�9�9�0�5�d�6�4�1�1�2�7�2�1�0�0�5�5�4�d�a�5�8�4�6�c�f�7�f�2�b�7�2�5�9�7�1�a�6�7�9�0�3�
C�:�\�d�b�c�1�5�1�3�3�7�d�6�6�8�4�6�d�8�9�b�c�f�8�d�2�9�b�b�1�2�1�f�c�1�7�b�6�2�e�1�c�b�7�c�5�5�e�1�3�3�8�1�9�0�a�f�d�f�9�e�e�1�3�9�b�
C�:�\�E�5�X�J�9�G�P�T�.�e�x�e�
C�:�\�a�0�c�7�a�1�2�b�f�a�a�d�4�8�3�a�f�1�0�c�4�2�f�3�2�f�3�b�6�f�1�6�0�0�d�3�9�6�5�7�c�8�2�7�0�4�4�2�1�4�2�4�2�2�4�6�8�4�9�3�b�d�b�2�
C�:�\�k�l�9�W�U�Y�Y�W�.�e�x�e�
C�:�\�1�1�7�a�4�2�1�6�c�a�7�e�0�b�5�8�8�4�0�6�b�3�e�d�c�3�5�a�7�0�2�4�1�0�8�6�9�4�a�1�2�8�d�e�6�3�9�1�8�1�d�8�7�e�9�0�d�9�8�6�f�1�a�f�
C�:�\�d�3�9�f�1�d�6�f�7�0�8�1�9�4�7�0�6�8�3�a�e�e�6�6�1�1�0�8�d�f�b�0�1�0�4�e�d�f�7�1�a�5�8�9�e�3�e�2�f�9�c�2�8�f�d�b�b�6�d�b�9�d�8�c�
C�:�\�6�a�3�3�d�2�b�0�d�b�2�6�2�d�f�f�3�1�7�f�2�3�8�b�8�5�0�5�1�7�8�4�7�f�1�4�6�f�8�b�8�4�3�0�8�f�2�8�2�4�8�8�a�c�9�b�6�3�3�8�1�6�f�2�
C�:�\�U�u�G�z�2�m�6�M�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�O�N�Q�A�S�o�u�D�.�e�x�e�
C�:�\�1�5�u�V�r�F�l�b�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�j�2�W�U�z�7�x�n�.�e�x�e�
C�:�\�8�4�4�b�0�1�0�2�a�6�4�6�7�2�e�2�9�b�1�a�f�3�7�6�1�b�0�7�d�e�0�2�c�d�1�9�b�7�e�9�6�6�0�2�a�0�0�d�b�6�5�e�9�9�c�0�f�9�c�5�4�5�1�9�
C�:�\�3�f�5�b�6�c�4�d�f�2�b�2�8�6�f�c�b�f�4�b�f�7�d�8�a�9�7�5�6�0�3�5�6�6�a�e�4�2�d�d�a�a�5�c�e�f�5�d�c�5�7�1�c�9�3�5�4�3�4�c�2�0�8�5�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�b�A�7�d�u�d�U�F�.�e�x�e�
C�:�\�c�c�2�9�1�8�c�2�4�2�8�8�1�3�b�2�9�a�b�e�f�1�8�8�4�9�b�a�0�b�0�7�a�a�5�b�4�7�c�8�5�8�d�1�6�9�5�4�a�b�1�0�0�a�2�1�4�d�0�0�e�1�a�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�T�c�m�N�e�C�j�1�.�e�x�e�
C�:�\�d�5�5�b�8�3�c�9�3�3�8�c�f�3�1�e�b�2�2�d�5�a�8�4�1�d�f�7�6�1�b�4�a�7�9�d�f�b�9�5�f�b�4�a�4�e�1�2�b�6�f�3�a�5�8�b�5�2�f�5�5�8�4�e�
C�:�\�4�5�f�8�1�a�f�c�4�7�5�b�b�e�c�9�2�f�0�3�a�8�6�4�1�f�e�7�a�a�2�a�0�7�4�6�a�7�7�e�d�7�8�0�b�6�2�d�b�5�6�c�8�e�a�e�4�f�d�7�d�1�0�d�
C�:�\�0�F�A�y�k�C�R�V�.�e�x�e�
C�:�\�8�c�1�4�3�a�b�5�f�8�1�3�e�9�8�b�3�3�d�c�4�d�7�0�3�1�4�1�e�b�0�1�c�7�3�2�c�9�4�8�4�6�e�b�4�5�d�f�5�4�d�f�7�9�5�9�5�e�c�5�2�7�3�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�e�4�4�b�1�1�5�8�b�c�6�f�1�d�6�b�7�3�3�4�d�5�4�4�7�d�d�9�0�5�3�3�1�c�4�a�6�d�9�7�1�2�b�1�2�6�d�b�1�c�2�b�b�8�5�0�c�4�9�3�0�0�7�d�
C�:�\�0�q�l�r�N�b�P�7�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�0�8�e�a�e�7�0�2�d�4�6�4�2�2�1�b�f�d�0�d�8�7�c�9�2�2�5�6�e�c�c�b�b�9�4�5�8�5�9�e�b�8�4�9�f�c�8�9�4�5�a�7�4�8�4�b�e�b�7�a�2�c�2�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�c�t�u�r�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�m�p�o�r�t�a�n�t�_�d�o�c�u�m�e�n�t�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�j�Y�z�7�u�u�5�f�.�e�x�e�
C�:�\�1�7�u�i�o�W�O�1�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�A�W�j�H�n�q�u�w�.�e�x�e�
C�:�\�6�8�6�6�c�w�G�w�.�e�x�e�
C�:�\�0�c�9�d�8�2�a�4�3�d�5�2�4�6�0�c�1�a�9�2�8�7�f�9�9�d�9�0�f�1�b�4�e�3�6�5�7�5�3�1�9�3�2�8�0�9�7�c�f�b�5�e�c�5�2�4�9�1�6�7�d�1�d�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�9�7�d�f�3�0�7�5�2�b�a�0�7�2�2�b�2�5�f�b�4�c�3�f�7�4�a�3�b�5�c�f�4�5�c�1�0�e�4�5�e�f�0�7�3�6�f�a�6�6�a�5�e�a�6�2�7�d�d�a�a�7�c�0�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�F�f�G�a�z�g�t�s�V�i�.�e�x�e�
C�:�\�0�9�1�7�7�f�3�3�8�9�8�3�6�6�c�4�e�d�1�1�8�c�1�5�6�7�2�9�3�2�7�f�a�c�9�8�3�4�3�0�1�a�b�9�8�4�c�0�c�6�0�1�7�e�d�1�0�e�e�e�1�7�e�d�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�b�6�d�5�8�d�1�8�8�d�f�a�9�e�6�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�9�4�a�3�a�f�2�8�0�d�8�f�7�6�3�c�a�8�1�2�6�0�d�0�c�7�3�d�7�3�8�5�f�4�0�2�0�9�1�d�5�4�5�b�1�7�0�3�a�2�d�e�2�0�2�4�b�b�f�f�9�d�2�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�8�a�0�f�2�9�3�e�6�7�2�8�7�9�9�6�2�b�1�9�7�5�b�1�0�a�e�d�2�9�2�5�3�7�2�0�b�7�a�5�c�8�5�e�0�5�7�c�c�8�7�1�f�d�c�c�4�7�7�f�0�e�9�5�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�m�Q�G�8�P�m�0�c�.�e�x�e�
C�:�\�4�3�4�6�7�a�5�3�6�f�d�2�d�7�5�1�f�f�2�7�2�a�2�5�b�0�6�9�2�9�6�1�1�a�3�d�3�3�9�2�6�c�8�7�4�2�6�6�4�7�c�7�e�1�a�b�5�f�0�f�3�d�5�2�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�3�3�p�2�b�1�e�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�5�d�f�d�b�b�7�0�1�4�e�d�f�6�6�e�b�b�1�0�b�6�0�1�5�2�0�6�7�d�b�5�b�9�3�7�e�9�f�d�6�4�7�9�9�c�5�1�8�f�9�5�d�a�7�4�e�1�5�0�c�6�c�f�.�e�x�e�
C�:�\�0�d�e�8�3�0�3�2�1�0�4�2�d�a�1�8�3�3�6�3�5�9�c�7�8�3�2�5�8�7�b�f�5�6�9�8�0�1�a�e�6�1�e�f�8�8�4�2�4�b�7�a�e�c�9�4�1�3�2�7�3�e�4�4�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�t�l�U�W�e�I�N�m�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�8�a�6�c�2�b�4�a�2�3�7�8�5�2�d�1�7�0�7�1�c�6�0�d�1�8�8�d�3�c�3�d�3�3�b�b�7�a�1�d�c�6�9�c�8�2�4�6�c�b�4�6�d�8�d�0�8�7�3�6�f�4�2�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�M�A�c�E�K�V�P�k�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�b�7�f�0�1�d�8�6�5�e�d�5�1�7�a�f�0�b�b�a�b�9�d�8�0�b�2�d�b�b�c�6�8�6�0�f�0�5�8�7�3�0�c�f�2�5�c�c�3�9�e�0�0�f�2�3�c�d�3�d�9�a�d�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�I�V�1�O�l�1�k�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�9�4�d�2�f�a�c�0�6�a�a�b�0�f�b�6�c�7�1�9�c�9�a�3�7�f�6�b�7�3�3�7�8�8�3�a�6�6�2�4�1�f�4�f�a�1�2�1�7�a�d�b�9�9�2�3�f�0�d�0�4�b�3�.�e�x�e�
C�:�\�2�b�8�6�1�5�6�c�a�9�a�0�e�6�0�b�1�3�8�f�e�0�d�d�f�6�1�6�2�9�d�b�d�8�e�6�6�3�d�9�a�3�d�1�3�c�2�a�9�c�0�d�5�c�7�1�f�7�e�d�f�a�c�5�
C�:�\�b�d�a�6�e�b�1�1�b�1�5�3�1�c�f�a�7�2�a�f�d�1�3�5�d�c�9�1�6�2�b�f�1�4�7�2�3�6�3�3�4�0�7�f�6�a�8�c�4�d�9�6�1�3�e�5�9�a�f�f�5�6�8�8�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�a�a�b�e�3�3�3�d�4�d�6�a�6�0�3�e�c�c�e�9�1�d�b�5�6�f�b�8�1�8�f�7�9�3�7�4�6�5�1�6�4�2�8�0�6�7�d�7�d�2�e�9�d�6�8�3�a�6�3�d�e�e�a�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�e�4�6�1�5�b�3�5�f�4�b�d�8�c�a�8�a�f�4�c�d�e�7�7�d�5�8�7�7�5�2�7�4�e�c�c�b�7�a�6�9�3�e�7�6�2�7�d�a�7�d�6�d�9�1�a�b�0�4�1�7�5�6�.�e�x�e�
C�:�\�e�e�1�9�5�b�2�9�4�1�c�1�7�5�1�7�3�0�3�d�f�9�e�0�2�9�e�b�d�c�9�2�8�8�a�b�d�b�7�8�3�1�2�7�5�b�d�a�7�f�8�5�f�d�1�4�c�0�a�4�8�8�f�b�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�9�9�d�3�6�a�0�d�e�7�3�4�5�8�4�e�1�7�a�e�e�f�9�b�6�a�5�c�d�4�2�b�1�7�8�a�8�e�2�b�7�6�e�3�6�d�f�5�2�b�7�b�2�7�7�1�0�d�7�c�d�f�5�7�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�b�d�b�7�9�4�f�4�6�5�1�7�3�3�b�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�5�3�7�d�7�2�6�0�1�b�e�2�9�a�5�9�e�0�1�b�5�7�3�d�6�8�e�e�f�4�f�f�2�2�1�d�e�1�c�4�6�8�f�1�0�0�3�e�e�f�1�3�1�5�b�0�3�2�b�e�8�3�5�a�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�6�a�e�c�7�9�8�0�6�a�6�f�8�6�9�4�c�6�6�1�2�f�b�7�e�7�3�5�b�7�5�9�d�0�3�9�8�3�8�5�4�8�5�7�b�d�b�b�6�3�7�4�7�4�6�3�d�a�9�3�d�8�6�9�
C�:�\�8�5�8�d�4�b�5�8�2�c�e�1�b�2�d�1�8�1�6�7�d�4�0�4�e�4�a�a�9�3�5�b�f�5�2�a�9�3�7�f�6�7�3�7�a�f�4�5�e�c�5�1�8�b�6�8�3�1�2�6�6�8�b�4�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�c�9�1�2�4�7�0�c�b�4�0�1�6�6�e�d�2�3�d�6�1�6�b�4�f�3�d�4�0�b�c�e�1�1�a�2�6�f�7�c�2�b�5�4�8�a�6�a�2�2�2�e�f�8�0�4�c�4�5�4�1�b�b�4�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�r�d�a�h�c�5�7�w�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�5�c�5�5�3�9�a�6�9�a�2�e�8�5�d�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�F�o�e�Z�R�H�6�q�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�5�1�2�8�d�4�b�b�e�6�c�4�9�7�d�c�1�a�f�d�d�3�0�2�c�f�5�e�d�a�e�7�5�b�c�4�c�7�d�e�1�8�5�5�c�6�1�5�1�d�9�6�5�5�1�5�c�d�7�a�4�5�d�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�8�3�d�7�0�1�9�c�9�c�c�7�6�8�8�d�1�0�f�4�a�e�e�d�5�e�5�3�d�3�7�a�2�3�7�6�4�f�2�b�5�f�8�9�e�6�d�0�d�5�1�1�5�b�b�8�1�8�c�2�6�a�9�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�3�9�0�4�e�8�f�c�7�4�f�b�2�3�1�d�0�9�9�7�d�0�8�8�8�9�5�3�3�d�1�7�7�5�0�0�6�5�a�5�e�e�f�0�2�0�8�4�5�9�1�9�2�6�8�0�0�5�6�1�f�3�1�9�
C�:�\�2�a�1�9�a�1�d�5�3�8�5�d�5�5�b�2�d�9�2�9�3�0�0�7�4�9�8�8�8�e�2�e�5�a�8�4�6�9�2�1�3�3�1�c�a�2�3�0�4�0�b�9�9�d�a�1�2�b�f�3�7�c�4�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�Q�I�0�4�n�M�V�W�.�e�x�e�
C�:�\�U�s�e�r�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�f�b�x�f�c�H�Y�y�.�e�x�e�
C�:�\�5�3�7�2�2�c�9�a�0�f�1�3�7�9�8�b�c�4�a�8�7�6�1�b�7�5�c�5�6�3�6�9�7�4�a�2�a�6�6�8�1�c�5�2�f�6�7�f�1�7�9�5�8�1�c�3�7�0�e�4�c�4�3�f�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�d�7�b�c�9�b�e�7�1�0�7�1�7�8�f�d�5�4�5�e�d�c�b�3�7�9�9�2�d�0�4�9�9�f�e�1�1�2�7�b�9�d�1�7�e�8�a�f�c�0�1�8�7�6�e�4�f�3�e�8�7�0�8�1�
C�:�\�0�d�b�4�1�2�9�7�1�b�8�7�4�5�9�d�e�6�3�0�6�3�f�2�a�5�e�6�2�f�f�8�5�1�f�f�3�2�4�3�d�0�b�a�7�2�5�8�3�d�3�5�4�5�c�a�8�7�c�a�5�0�d�6�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�e�1�b�d�e�2�1�8�4�e�d�7�a�8�5�6�7�9�7�d�e�9�8�5�5�3�1�c�7�b�9�1�0�8�e�5�3�3�7�e�d�0�3�d�7�e�9�c�c�d�1�4�4�3�3�a�3�a�5�8�b�c�0�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�V�4�d�f�O�x�p�t�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�c�8�5�a�0�1�c�3�2�7�e�4�1�4�2�d�_�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�8�8�1�7�6�a�1�0�a�5�4�6�6�1�e�7�5�f�6�0�7�6�9�d�d�1�c�9�7�8�7�a�d�9�3�b�b�6�b�9�3�8�e�b�e�a�3�c�b�1�0�5�a�f�2�7�2�b�3�1�7�7�1�8�
C�:�\�0�8�e�2�c�b�3�6�5�5�9�d�c�6�1�7�7�6�f�1�7�0�7�2�a�8�5�d�3�5�3�0�8�2�7�0�2�0�b�c�b�1�0�7�2�1�4�1�7�2�b�c�f�d�1�4�2�0�1�f�c�4�c�2�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�n�U�8�S�a�Z�M�W�.�e�x�e�
C�:�\�2�b�c�4�7�4�7�d�c�0�7�5�9�7�5�a�b�e�d�d�0�c�5�c�8�6�3�0�f�b�5�f�1�c�b�2�a�f�4�6�8�e�f�d�1�d�9�e�1�1�4�c�5�6�7�e�0�b�b�7�9�7�8�2�
C�:�\�4�9�4�a�3�8�9�e�3�9�0�8�1�9�9�2�c�4�f�f�c�8�9�b�3�e�3�e�5�b�b�d�5�7�e�0�a�9�c�3�2�8�2�1�0�5�a�2�b�f�1�2�0�d�8�8�7�4�5�f�d�b�a�5�
C�:�\�8�3�f�0�c�6�5�0�3�0�e�2�e�8�8�0�d�a�0�3�d�0�2�e�0�9�d�e�4�e�4�c�d�9�2�e�0�8�6�7�6�0�c�8�5�a�f�f�3�2�5�4�9�9�c�6�8�d�1�c�d�8�3�f�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�H�q�t�q�t�n�8�G�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�e�3�a�5�8�e�9�d�1�c�d�3�d�0�f�d�f�c�5�6�2�8�2�8�7�7�4�9�2�7�9�4�2�c�8�9�7�8�4�c�3�3�4�9�0�f�2�2�9�4�8�1�d�b�a�2�c�e�1�e�1�4�e�.�e�x�e�
C�:�\�1�c�9�f�d�2�f�5�a�6�0�e�c�3�e�9�7�c�c�5�3�0�d�8�1�2�2�3�1�3�0�2�e�a�f�1�3�f�9�3�3�3�4�5�1�4�e�c�0�d�d�2�c�c�d�4�8�e�7�9�c�5�0�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�f�3�2�9�3�d�9�4�9�d�6�e�a�7�7�a�9�2�0�3�c�4�9�5�5�9�1�c�9�9�a�b�4�1�4�9�a�a�c�5�0�5�e�2�7�4�1�0�c�2�d�7�4�b�8�4�5�0�a�2�4�9�f�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�l�W�J�f�o�i�z�B�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�f�a�4�0�6�8�d�7�d�2�1�e�b�f�6�b�5�d�8�c�0�6�c�0�2�0�7�a�a�4�8�e�f�c�a�5�8�c�4�3�4�d�d�a�e�6�2�6�c�0�2�a�5�8�6�3�7�1�9�b�f�f�8�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�h�h�c�b�r�n�a�f�f�.�p�e�3�2�
C�:�\�6�f�c�3�0�4�c�3�7�b�d�e�4�a�a�7�3�7�c�7�5�a�1�5�d�d�0�3�6�c�f�1�c�e�c�1�b�9�c�1�0�7�d�d�e�c�4�a�e�f�f�f�3�5�f�0�0�0�a�8�e�9�2�8�
C�:�\�e�9�3�8�b�a�4�a�f�2�f�d�8�c�4�7�2�2�b�4�6�8�d�b�2�7�2�e�c�b�2�1�0�5�5�1�2�f�0�4�e�c�2�5�3�2�e�b�4�c�3�0�9�7�9�3�4�4�3�6�3�a�5�5�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
C�:�\�c�9�b�0�c�9�7�3�6�2�e�2�d�b�6�7�3�0�9�0�d�d�8�b�a�a�e�7�5�f�1�3�5�4�e�8�1�0�e�5�4�e�7�2�a�2�1�6�2�2�a�c�b�d�e�b�a�5�3�9�9�8�0�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�h�h�c�b�r�n�a�f�f�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.