2.8
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.57
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | TrojanDownloader:Win32/Upatre.38e596a9 | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200425 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200426 | 2013.8.14.323 |
| McAfee | Artemis!4F4E960123B1 | 20200426 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0d6dc | 20200426 | 1.0.0.1 |
静态指标
检查进程是否被调试器调试
(2 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545317.46825 IsDebuggerPresent |
failed | 0 | 0 | |
|
1727545318.03125 IsDebuggerPresent |
failed | 0 | 0 |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | |
| section | petite |
动态指标
提取了一个或多个潜在有趣的缓冲区,这些缓冲区通常包含注入的代码、配置数据等。
分配可读-可写-可执行内存(通常用于自解压)
(12 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\budha.exe |
投放一个二进制文件并执行它
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\budha.exe |
将可执行文件投放到用户的 AppData 文件夹
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\budha.exe |
一个进程创建了一个隐藏窗口
(1 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '', 'virtual_address': '0x00001000', 'virtual_size': '0x00006000', 'size_of_data': '0x00001800', 'entropy': 7.754578126919519} | entropy | 7.754578126919519 | description | 发现高熵的节 | |||||||||
| entropy | 0.42944013420004196 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
一个或多个缓冲区包含嵌入的PE文件
(1 个事件)
| buffer | Buffer with sha1: 319dd4240773f62bdc5b71355adb489b32ef4f83 |
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意
(50 out of 62 个事件)
| ALYac | Trojan.Ppatre.Gen.1 |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.Ppatre.Gen.1 |
| AhnLab-V3 | Trojan/Win32.Zbot.R88085 |
| Alibaba | TrojanDownloader:Win32/Upatre.38e596a9 |
| Antiy-AVL | Trojan[Downloader]/Win32.Upatre |
| Arcabit | Trojan.Ppatre.Gen.1 |
| Avast | Win32:Trojan-gen |
| Avira | TR/Crypt.XPACK.Gen |
| BitDefender | Trojan.Ppatre.Gen.1 |
| BitDefenderTheta | AI:Packer.EF1142061E |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.GenericCS.S9578543 |
| Comodo | TrojWare.Win32.TrojanDownloader.Waski.AOP@6axqm9 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.123b16 |
| Cylance | Unsafe |
| Cyren | W32/S-bcd3fc6e!Eldorado |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | a variant of Win32/Packed.Petite.H |
| Emsisoft | Trojan.Ppatre.Gen.1 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-bcd3fc6e!Eldorado |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| FireEye | Generic.mg.4f4e960123b16d71 |
| Fortinet | W32/Agent.AEUD!tr |
| GData | Trojan.Ppatre.Gen.1 |
| Ikarus | Trojan.Crypt |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dbdtj |
| K7AntiVirus | Trojan ( 00547ee11 ) |
| K7GW | Trojan ( 00547ee11 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Lionic | Trojan.Win32.Generic.4!e |
| MAX | malware (ai score=82) |
| Malwarebytes | Trojan.Upatre.Generic |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Artemis!4F4E960123B1 |
| McAfee-GW-Edition | BehavesLike.Win32.Cutwail.nm |
| MicroWorld-eScan | Trojan.Ppatre.Gen.1 |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| Paloalto | generic.ml |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Generic/Trojan.d26 |
| Rising | Downloader.Upatre!8.B5 (TFE:dGZlOgW/RLIGvs4ihw) |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Troj/Mdrop-FOC |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2004-09-05 11:09:05
PE Imphash
ce9b1ffa22c0b845796ca13f37b537eb
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| 0x00001000 | 0x00006000 | 0x00001800 | 7.754578126919519 | |
| .rsrc | 0x00007000 | 0x00003000 | 0x00001e00 | 5.764596076871455 |
| petite | 0x0000a000 | 0x000001e3 | 0x000001e3 | 3.821885380271766 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x000084f0 | 0x00000368 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00007648 | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00007634 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0000730c | 0x00000328 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_MANIFEST | 0x00007178 | 0x00000193 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library kernel32.dll:
• 0x40a15e ExitProcess
• 0x40a162 GetModuleHandleA
• 0x40a166 GetProcAddress
• 0x40a16a VirtualProtect
• 0x40a16e VirtualAlloc
• 0x40a172 VirtualFree
• 0x40a176 LoadLibraryA
Library GDI32.dll:
• 0x40a17e TextOutA
Library Msacm32.dll:
• 0x40a186 acmMetrics
Library ADVAPI32.dll:
• 0x40a18e CopySid
Library IMM32.dll:
• 0x40a196 ImmGetContext
L!This program cannot be run in DOS mode.
`.rsrc
@petite
[%>%$9
yQV"4>HuMD%BJ^`Fe$V
ny"~)+J
CU',$4
'/CZ6q
xn7O41
)/|a;&WH`FFG\4}Y
S7WeKx4pJ
W&oo@tbn*rpq
0,=TB/
D)p8qb1&aP
y +v*{9K^*v
@4!9y7%
GofqA*>5+
s\n'k ;Ba:l
"GC]N8
D#xpr<p?F]`<ZpwNi
I\q},(2M
6GF/eY#bH_
2NJk}b(U
`1u%O71
B}Kcdt
$qEQs(~,">
Y}9,+6XQ
<.(@j-ko`R
>nf c1
3,u"@=y(2("~EPt3HSPdPduzPdPdld$c"e
.HU$TA
9>&$;_
k^w2("
7*&o/.$6$$$
&:<d(R
S"1*Bd
YC72MP
BK*g&|}d_,r^]H^G RU
vt&.6y
<u>DO";\
;ghWV+bQ^qWR#QWxeo&/}I
W" 8P7|
t^ y3f*o
vsb9&kf'
ZdwqDMYU8v
XA<0tYB{:M`l
j?qwVQ?
f:yvld(-Q/~9J
B4%D>8qu?%%X.}3q.Zu}6rnm\}.)"k
;"'iJi
bhU|\**rR
k>YW&5)
86@d-Z
L $}$R
FRS:)c
q_.~nya6
&Hl[F9iQ^0A!D%e
&/H=i;8_'
b1H#@z%0X0
C~J68H"
E,tg`D
!BH#-DX
4wIPyfJS+ 0A
%UP"0A
Y|$@Lea!
VxxD,t
mA%rQF
FlX( 5L{(G!j
[SDL~]cXP
=@A%9 H
BrR'l"0A\<
(H ,AH
$pykP[
$4yr8pfm
zL@\)`0
!sXyv"u
%!`ZylZZ&
a<#mPO|S
:L/*|(E
/h(tfM
&H $>E
?Y{KVN
&[{;"Bh
A(gms0A
m`s{\R
`I3=S
3&JR0`3S
)+_8w
T:N%A
A9ny!S/B'
w<Lpws:B?.w
p @+3j*wDf6[LQ
*{~WwwGfPc|
`qFPB]4J'4Ii
0D3(J"4
l_QzBpuj$:K!coZ"
Z*:syyA7
[o%KUY*RV
q|F65\DGh&<Sb
3-[b~r{j@
!^|kDJ
x^+!rL
!9XcB[ l!s
.EPmOZg
>CJE{;ljV./z"lK
v0oCEY`B
T]dA#4<|zvfck
!ec`jm
W,VA&J
|0vVCp
]MC,Ka
V48^XXXX]
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
###;KK>
26;2+#####
#######
#####+bEXL
+######+
#####3
######3#
PD[>J22Ib|tLx63
333#3##3#>>
vDDP>2
333333333+ug
DW[[FvV####
333333333#J~~3#5gJIk#
3333333333+g +zT
##++++######
3333333333#J%Tz+3333333######
33333333333+
#33333333######
33333333333@II#33333333######
33333333333@+3333333333#####
333333333@?a
+23333333333####
33@j+233333333333###
j@3333333333333##
+jj23333333333333#
+I@3333333333333
2+$333333333333
al$2$33333333
$$$$233333
$$$$$$$$$$&&&
&&&&$$$$
7:::::::****************ss****@$$$$$
788888881;111n;;;11p;11111111;
))))))
o,,,,,,,L6,6Lr66rq6,,,,,,,E
)f/HHHH/
8(((((,Lx|>>Eq6,(,((,EM&/-999N/
K((((((XmV#R?DlV((((((EMC/N9<<<<<
,444444X|JJVT
DRmXF4444F4VMC-9<UUU
(444444X3?
DPIDP#F04440tM
4000000y2WIWRIuRI
0000050
5y{kkJ0? D~`f9f
0%%%%%%_
3^%%%%%y`f\f#
%%%%%%%%^_a%G_a%%G=%%%%%%^`f\f#
%%%%%%%%%BB%%%BB%GG%BB%GGGGG%G`f
G.......'''''''''''''''''''''.
-----------------d-)/
$$$$$$$$$$$$$$$$$$$$$h
mp.R>.kc;
Y5J $
K5$6Mu
RQ>S`j
8SYHwkBX
3%TDjPR1p
PAcjPL
#&0H'm
imX*-0Kz#
AAa/OV
mPP0]C"(0}U;DRy
&m3g'|
37.LptoH
]Q&el3q6'ouQ
$ptQj7rs4
mR(NU?@A
`+'8Al
$P<%/9034
R*<%2R|AmAf
* %#6E
z( OBZ
MessageBoxA
wsprintfA
ExitProcess
GetModuleHandleA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
LoadLibraryA
TextOutA
acmMetrics
CopySid
ImmGetContext
user32.dll
kernel32.dll
GDI32.dll
Msacm32.dll
ADVAPI32.dll
IMM32.dll
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�0�0�0�2�5�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
H�P� �C�o�r�p�
F�i�l�e�D�e�s�c�r�s�i�p�t�i�o�n�
c�a�l�c�.�e�x�e�
F�i�l�e�V�e�r�s�i�o�n�
6�.�3�.�3�.�1�
I�n�t�e�r�n�a�l�N�a�m�e�
c�a�l�c�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �(�C�)� �2�0�1�1�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
c�a�l�c�.�e�x�e�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
c�a�l�c�.�e�x�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
6�.�3�.�3�.�1�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
l�C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�S�M�N�z�e�w�A�t�.�e�x�e�
C�:�\�J�S�U�3�T�h�O�e�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�O�W�J�d�o�i�6�w�.�e�x�e�
C�:�\�O�r�k�0�D�J�h�u�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�5�N�x�0�X�u�L�5�.�e�x�e�
C�:�\�D�B�X�t�Y�o�2�U�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�Z�3�d�F�w�5�s�9�.�e�x�e�
C�:�\�e�d�5�1�b�b�2�8�0�0�1�f�f�c�9�a�9�a�3�e�1�d�2�4�3�2�6�d�a�8�8�2�8�c�2�1�4�d�a�f�7�6�b�8�2�5�0�7�2�8�7�2�2�a�7�c�8�6�f�d�b�3�d�f�
C�:�\�b�9�c�4�4�c�7�9�b�1�5�2�5�2�9�2�d�7�9�1�6�c�a�6�d�1�5�3�2�3�c�3�5�3�0�4�8�4�1�6�3�c�8�e�4�2�9�e�c�e�a�f�2�3�6�3�8�c�3�7�d�f�e�9�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�c�5�a�1�5�9�1�e�9�0�6�1�4�a�c�a�b�2�3�0�a�4�9�e�1�5�a�9�2�e�6�8�e�7�c�f�3�0�2�6�8�c�5�8�0�7�d�1�c�0�e�8�e�a�3�9�2�a�f�6�c�4�5�d�.�e�x�e�
C�:�\�f�0�3�4�d�f�9�3�a�3�4�3�d�0�7�3�c�a�5�b�f�7�4�f�4�3�2�d�0�d�5�7�7�e�6�f�c�8�b�e�a�4�5�1�4�9�8�5�9�9�0�5�0�f�d�f�3�1�0�8�4�c�4�b�
C�:�\�b�0�5�a�7�f�b�5�b�8�d�b�7�2�7�7�2�8�f�3�3�e�d�a�9�5�6�1�b�b�1�c�4�a�1�0�7�5�2�7�f�a�6�9�6�6�3�c�8�2�2�9�b�1�7�3�6�8�f�a�2�8�3�6�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�w�h�J�q�n�i�v�I�.�e�x�e�
C�:�\�x�c�2�t�i�I�e�_�.�e�x�e�
C�:�\�1�b�c�2�b�b�2�a�4�6�8�7�a�2�3�5�f�c�6�b�d�e�a�a�0�8�b�9�c�8�4�a�a�a�e�b�f�0�6�5�f�f�8�a�9�1�f�c�1�7�5�a�e�0�e�5�6�4�9�c�f�5�3�9�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�s�V�I�J�6�3�c�N�.�e�x�e�
C�:�\�f�V�d�x�G�E�X�I�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�n�a�P�Y�F�1�v�h�.�e�x�e�
C�:�\�_�P�R�n�7�7�f�b�.�e�x�e�
C�:�\�5�9�1�e�5�1�5�c�5�d�f�2�a�e�d�3�9�8�7�3�5�c�b�2�1�7�8�6�1�3�3�e�e�d�5�d�2�8�7�6�0�1�7�2�f�e�f�e�e�a�0�9�2�7�b�b�7�3�e�6�6�a�5�7�
C�:�\�a�3�2�3�3�7�a�6�5�8�6�7�8�6�c�2�4�7�9�9�b�8�9�a�0�8�7�c�2�f�e�e�3�4�e�c�b�d�7�1�e�a�9�e�c�2�4�7�d�5�7�d�8�b�3�7�a�6�2�f�7�0�6�8�
C�:�\�0�5�7�5�b�d�5�b�d�4�8�7�1�3�3�f�6�9�1�8�7�c�9�e�9�f�0�9�2�6�d�9�3�3�b�7�5�9�0�1�3�3�8�7�9�f�c�9�e�f�4�4�7�6�4�8�5�0�6�6�7�a�7�e�
C�:�\�5�7�1�0�6�8�9�f�7�8�6�7�c�3�8�8�b�4�3�d�d�6�5�f�6�8�e�1�2�0�b�3�8�4�b�1�0�2�a�e�c�4�6�6�d�2�0�4�3�f�4�c�0�2�5�5�7�f�6�2�f�d�2�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�6�7�U�W�s�7�N�w�.�e�x�e�
C�:�\�5�d�a�8�4�0�6�7�4�3�6�c�1�6�1�d�7�4�0�3�9�7�c�1�0�d�a�c�7�7�2�7�9�3�0�f�a�6�4�8�e�6�f�6�a�e�8�c�9�b�d�6�c�e�1�0�9�2�d�e�d�3�7�9�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�F�n�d�A�d�D�C�9�.�e�x�e�
C�:�\�z�G�O�J�k�F�y�9�.�e�x�e�
C�:�\�0�1�0�6�8�6�5�5�5�6�0�d�8�3�6�e�1�3�b�2�2�8�a�6�f�9�0�3�c�e�8�f�c�4�1�7�9�d�e�f�b�4�7�8�2�d�d�9�a�1�4�8�3�0�c�7�2�c�d�d�6�9�5�8�
C�:�\�b�1�1�6�e�d�5�8�a�4�6�4�5�d�5�6�2�b�f�1�9�9�d�8�2�2�a�0�c�9�3�d�0�4�7�e�6�a�2�4�4�1�6�e�c�2�5�b�0�6�7�6�d�0�1�9�2�a�6�0�a�0�8�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�e�A�Q�R�r�8�B�S�.�e�x�e�
C�:�\�B�U�r�O�u�8�H�O�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�q�h�y�J�1�I�n�E�.�e�x�e�
C�:�\�7�0�2�d�a�2�4�0�b�d�3�b�2�9�7�9�a�6�e�4�0�c�c�2�a�b�8�5�1�0�1�f�7�f�2�d�e�a�e�8�9�4�4�f�5�4�1�1�f�6�9�5�9�f�0�6�c�6�1�6�e�f�8�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�y�a�L�N�Z�f�Y�0�.�e�x�e�
C�:�\�G�Q�W�i�F�0�q�k�.�e�x�e�
C�:�\�e�3�7�2�e�3�b�c�6�a�f�3�0�0�9�8�2�5�2�6�0�8�a�4�8�1�5�3�e�c�4�3�4�9�a�8�f�0�1�8�0�5�0�7�7�e�c�3�e�2�2�c�7�0�5�d�b�5�9�e�5�7�c�a�
C�:�\�c�f�c�7�0�a�9�c�4�3�e�1�7�b�6�5�d�2�f�8�3�7�3�3�1�7�9�7�e�5�0�0�5�4�d�a�6�4�b�0�9�6�c�0�9�e�e�8�5�8�b�0�6�5�b�2�3�8�3�7�f�b�c�8�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�y�p�3�F�f�Q�K�U�.�e�x�e�
C�:�\�9�e�c�a�4�0�4�c�d�e�1�9�a�d�0�3�1�6�f�a�8�5�9�6�5�1�b�a�f�6�7�d�2�e�4�f�3�6�f�2�9�2�d�c�2�7�3�6�8�f�d�7�a�9�a�b�9�7�0�d�3�d�6�b�
C�:�\�d�2�2�f�3�7�8�1�2�f�c�4�3�f�0�c�1�6�e�6�0�9�2�d�9�2�f�f�c�6�5�6�6�d�8�2�c�5�4�8�2�f�4�c�7�f�7�3�4�5�2�7�b�1�8�9�f�0�8�b�2�e�8�b�
C�:�\�1�8�9�5�a�5�b�3�b�0�e�b�c�b�2�9�6�0�3�8�d�0�f�c�1�2�2�d�5�2�8�2�5�d�b�8�8�8�d�1�c�1�c�8�9�3�1�5�6�e�f�4�c�f�4�f�7�d�4�6�c�c�4�5�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�d�E�N�B�K�h�P�A�.�e�x�e�
C�:�\�f�5�4�1�a�5�f�1�b�a�8�6�8�2�b�c�a�5�7�9�6�a�f�4�5�9�8�a�1�f�0�5�7�d�2�9�9�5�1�c�b�f�0�b�9�0�4�d�d�9�2�e�3�b�2�c�5�9�3�1�3�b�5�a�
C�:�\�E�U�w�_�W�P�j�U�.�e�x�e�
C�:�\�a�3�b�a�f�7�a�8�8�b�a�a�6�9�2�6�d�0�1�a�5�6�f�b�6�e�f�9�d�6�c�0�5�9�0�4�c�c�2�7�d�9�2�4�7�3�b�2�f�d�d�5�0�9�5�d�a�7�6�5�6�9�3�0�
C�:�\�3�5�c�8�6�5�e�5�6�2�1�3�d�f�2�e�7�d�9�c�f�1�0�8�0�b�b�0�b�f�0�b�e�f�6�2�e�5�6�e�2�f�a�e�e�3�8�7�0�9�d�1�1�7�5�8�f�a�c�b�f�b�a�2�
C�:�\�e�4�c�1�e�9�7�e�0�8�8�6�c�9�6�6�d�4�9�8�e�9�7�c�0�8�8�9�c�6�2�1�2�a�b�c�2�1�e�6�4�f�4�a�1�6�0�a�8�a�6�b�8�a�c�1�2�f�6�1�6�0�4�9�
C�:�\�8�d�3�5�3�4�d�9�7�1�3�6�7�e�1�7�1�6�3�1�4�3�2�7�e�5�0�8�3�c�e�0�1�e�2�8�2�2�f�4�4�d�a�2�2�0�b�8�f�f�7�4�6�a�5�b�8�2�4�7�5�f�7�d�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�P�9�b�x�M�z�p�3�.�e�x�e�
C�:�\�q�V�p�f�e�N�w�c�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�a�3�e�6�c�6�1�u�.�e�x�e�
C�:�\�1�m�F�C�V�_�T�h�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�h�2�x�d�R�8�h�6�.�e�x�e�
C�:�\�Q�m�3�L�q�o�_�W�.�e�x�e�
C�:�\�f�3�e�c�1�4�6�8�c�6�f�6�b�9�e�b�c�0�d�8�4�1�6�8�b�2�6�1�7�7�2�3�8�c�8�f�a�b�0�5�e�b�3�e�0�7�4�e�f�0�b�7�5�2�3�a�3�4�e�c�1�4�d�c�
C�:�\�5�b�d�6�0�7�6�b�8�f�2�0�0�6�8�8�0�a�b�f�1�1�e�0�2�8�e�2�7�0�3�2�d�f�4�3�a�5�1�e�a�6�e�3�0�3�1�f�3�6�0�f�8�f�7�3�9�2�6�5�f�a�2�3�
C�:�\�0�9�8�a�f�4�0�1�2�d�3�2�9�b�b�d�4�7�e�f�2�a�9�9�5�9�4�9�1�f�2�c�e�3�e�4�e�4�d�9�7�6�e�f�6�f�b�d�d�8�a�7�e�1�a�e�f�9�4�e�9�8�2�a�
C�:�\�b�d�c�a�2�3�2�4�1�9�9�6�1�9�8�e�1�8�0�0�d�b�3�d�0�0�e�d�d�c�0�8�2�c�f�5�d�a�2�5�e�f�8�5�5�2�e�7�e�b�0�c�4�b�d�5�5�d�0�4�8�3�6�b�
C�:�\�C�D�6�w�8�N�t�3�.�e�x�e�
C�:�\�9�2�2�4�9�8�c�d�a�a�e�8�f�b�9�e�a�0�b�0�c�9�1�f�d�5�b�a�e�b�c�9�4�6�8�8�5�e�1�4�2�9�a�d�1�6�4�b�1�7�9�1�0�4�5�c�1�4�3�a�8�d�e�e�
C�:�\�r�v�q�A�y�B�n�0�.�e�x�e�
C�:�\�a�3�5�2�d�7�d�5�0�6�4�9�2�c�4�2�0�5�4�a�2�2�7�6�1�3�0�0�4�0�c�2�3�5�6�d�1�d�8�5�f�f�8�4�1�e�a�6�f�6�b�b�e�2�b�1�8�3�3�7�1�4�d�f�
C�:�\�3�6�f�3�a�b�e�f�6�c�6�1�3�e�1�e�e�3�f�8�a�1�8�2�a�b�9�2�d�6�6�2�4�e�8�b�a�8�b�d�2�a�9�1�8�d�c�6�e�b�b�7�5�1�a�c�9�1�a�8�d�3�a�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�e�O�4�P�8�n�t�r�.�e�x�e�
C�:�\�9�0�6�0�e�c�8�7�0�9�0�7�b�5�0�3�d�6�f�9�1�1�0�9�7�5�8�4�e�1�4�a�2�d�f�4�3�f�6�a�d�2�e�a�f�6�9�1�a�0�d�2�2�1�e�8�4�e�3�d�3�b�6�b�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�T�i�q�0�b�I�r�4�.�e�x�e�
C�:�\�I�m�X�u�E�S�P�0�.�e�x�e�
C�:�\�4�d�0�a�a�3�7�9�9�7�4�9�4�a�8�5�2�1�a�4�6�8�3�7�4�8�a�6�1�e�8�7�f�4�7�3�5�3�6�0�3�1�b�c�b�d�e�c�9�2�c�0�9�0�8�4�1�d�2�c�b�4�b�2�
C�:�\�B�z�T�m�8�j�f�j�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�P�N�A�W�Q�w�8�N�.�e�x�e�
C�:�\�P�w�D�R�2�2�3�3�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�v�f�M�s�6�q�Y�B�v�j�.�e�x�e�
C�:�\�c�2�0�a�5�a�4�f�f�8�6�0�e�a�5�5�2�4�b�4�8�5�5�2�c�6�d�6�f�1�c�8�a�a�5�6�7�5�6�8�8�2�a�3�0�e�8�d�8�f�2�0�0�0�9�3�5�3�d�7�f�b�c�f�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�h�S�5�h�G�A�R�H�.�e�x�e�
C�:�\�2�4�5�5�8�a�2�d�5�5�c�f�e�7�7�7�1�2�e�6�4�6�d�4�1�e�c�d�2�0�c�5�1�e�5�c�c�f�8�8�f�1�2�2�5�e�e�e�7�2�a�3�8�d�e�d�5�9�e�9�0�b�9�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�U�B�I�P�V�p�R�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�c�a�l�c�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�x�P�E�Y�v�W�B�a�.�e�x�e�
C�:�\�i�D�B�5�s�C�1�h�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�8�5�7�c�f�5�a�7�b�3�b�0�9�2�9�7�7�1�6�3�1�4�f�4�5�f�1�1�9�1�2�f�7�2�5�9�b�4�4�4�0�2�d�4�c�5�d�6�5�f�7�f�e�b�1�5�1�3�4�9�4�c�6�8�.�e�x�e�
C�:�\�b�8�a�2�a�d�2�f�b�2�4�b�e�6�5�b�3�c�7�4�a�0�d�d�c�e�0�c�6�2�a�0�a�3�d�0�6�4�4�4�2�1�f�7�2�c�2�9�0�0�4�8�4�3�f�e�0�1�4�d�b�1�7�c�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�m�a�g�9�i�3�6�e�.�e�x�e�
C�:�\�1�c�8�b�e�f�7�f�b�f�b�6�1�e�f�5�6�3�e�e�7�6�4�9�e�0�b�2�6�1�3�7�e�b�5�0�8�7�b�9�8�9�e�a�5�7�b�c�7�1�2�2�e�4�0�4�8�0�6�5�d�2�e�0�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�8�5�5�9�1�9�d�d�b�f�4�d�f�7�b�a�a�4�c�9�7�c�8�b�4�f�f�5�f�e�9�a�b�1�a�8�f�b�4�4�a�3�a�7�d�6�f�f�8�0�8�8�3�c�7�7�8�d�4�7�0�6�6�0�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�o�q�G�Z�c�x�7�z�.�e�x�e�
C�:�\�U�e�W�p�D�u�Z�F�.�e�x�e�
C�:�\�e�f�c�f�e�9�7�9�8�e�f�5�e�8�6�1�d�0�3�9�c�5�f�8�b�6�a�4�f�7�4�f�4�7�5�4�2�6�d�a�6�3�2�5�3�c�b�9�a�f�4�6�9�d�8�6�9�e�d�b�b�d�9�9�
C�:�\�0�0�2�b�e�e�f�8�e�0�c�4�6�6�0�1�4�7�1�5�8�3�0�2�a�4�a�7�6�f�f�0�1�f�d�d�6�f�7�4�1�4�8�a�b�4�a�c�8�2�5�a�0�f�0�5�0�b�3�1�e�0�7�0�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�6�z�V�L�Y�v�K�s�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�b�1�d�4�5�5�8�e�d�6�0�7�5�c�f�9�3�3�d�5�0�b�5�6�9�c�1�7�e�2�b�e�8�b�0�9�0�f�0�3�a�0�b�7�5�9�b�c�6�a�9�b�3�8�2�1�4�3�5�a�6�2�5�7�
C�:�\�7�k�c�w�o�7�R�C�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�i�T�S�w�D�7�N�O�.�e�x�e�
C�:�\�P�x�R�t�Y�S�P�5�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�e�r�U�b�0�Q�9�Q�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�e�3�3�f�a�2�4�5�a�8�6�9�c�e�7�2�4�7�3�1�b�f�7�d�b�1�f�d�0�b�e�f�8�f�1�7�f�9�7�9�2�f�4�a�d�9�5�7�5�c�9�c�9�7�8�0�f�8�1�3�8�6�5�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�l�q�n�d�p�j�d�7�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�s�a�m�p�l�e�.�e�x�e�
C�:�\�l�L�R�j�v�0�c�T�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�i�n�v�o�i�c�e�.�e�x�e�
C�:�\�9�3�0�b�3�1�6�e�0�e�5�7�c�9�c�5�5�d�3�0�5�2�4�8�a�c�e�f�3�9�7�7�8�d�7�3�6�3�6�0�9�a�3�7�c�1�6�4�f�8�d�4�b�f�0�b�3�a�c�5�7�3�2�2�
C�:�\�6�X�x�s�Q�C�Q�h�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�D�N�L�X�g�3�L�L�.�e�x�e�
C�:�\�c�T�J�S�v�j�n�E�.�e�x�e�
C�:�\�8�a�2�6�6�8�7�b�f�6�2�7�7�8�5�e�e�4�a�e�2�d�5�2�1�5�e�9�0�b�c�0�8�7�1�6�5�3�d�d�0�f�a�8�0�f�f�8�b�1�e�d�c�9�b�8�1�0�1�5�9�7�5�1�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�K�Z�e�7�K�D�w�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�2�f�c�b�7�7�9�a�c�4�e�c�0�2�f�2�c�8�d�e�4�b�e�1�b�6�e�0�5�d�f�c�8�2�f�2�b�e�d�2�c�9�0�b�b�9�f�c�3�6�b�c�1�8�d�5�2�b�e�3�e�7�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�7�8�3�1�4�2�9�9�7�3�8�0�f�c�c�3�6�7�7�0�3�c�9�b�1�7�1�c�7�6�9�9�0�2�9�3�3�2�1�f�0�a�e�a�1�3�f�0�0�d�6�c�2�d�1�4�2�3�b�4�7�b�5�8�.�e�x�e�
C�:�\�2�1�4�e�f�8�f�6�1�e�7�0�e�6�7�a�5�1�b�8�9�3�2�0�0�a�8�1�b�9�c�4�2�a�b�2�3�5�7�2�c�6�e�c�2�9�2�7�d�b�0�6�8�9�7�4�9�3�3�3�6�8�1�7�
C�:�\�4�b�3�8�a�0�4�f�e�3�2�b�1�e�3�5�8�6�7�3�d�b�0�2�5�1�6�0�3�d�b�f�3�0�7�1�0�d�5�9�0�6�8�c�1�b�1�8�b�6�8�2�4�a�a�0�5�7�9�4�9�8�3�4�
C�:�\�6�9�1�e�9�6�0�3�7�f�b�6�7�0�4�f�d�9�f�5�a�b�b�9�d�5�3�f�2�c�2�d�2�0�0�e�f�c�5�0�a�1�e�e�7�9�8�a�e�1�3�e�5�7�0�0�f�3�1�f�2�e�3�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�s�e�5�W�u�q�n�C�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�3�4�f�e�5�9�f�6�3�0�b�0�b�d�f�c�8�7�4�7�9�0�1�7�f�f�2�6�d�0�7�a�0�c�4�0�4�c�5�6�e�a�9�a�6�6�b�3�b�8�6�9�c�a�9�e�f�5�c�9�e�b�6�.�e�x�e�
C�:�\�3�5�a�e�5�9�f�2�f�4�3�7�b�2�8�9�9�1�5�5�6�3�2�3�5�4�b�b�0�b�a�a�9�3�5�5�d�a�4�c�f�8�4�e�b�f�5�f�a�6�4�8�e�0�5�1�7�3�0�9�3�a�7�a�
C�:�\�2�0�b�6�f�8�c�e�6�a�0�a�e�3�3�6�7�c�f�3�e�c�3�4�6�f�5�d�6�a�6�b�2�1�1�6�2�4�1�5�3�4�2�f�b�7�4�2�5�3�b�d�1�7�8�3�5�8�a�e�4�b�8�8�
C�:�\�7�2�5�5�7�d�5�d�2�b�4�e�1�a�6�5�c�c�3�d�8�2�1�c�f�a�7�a�c�c�2�b�d�b�b�2�2�9�2�2�7�b�3�1�9�e�b�9�2�5�b�9�6�a�1�4�b�6�8�a�d�2�9�6�
C�:�\�9�5�a�9�b�e�d�4�4�8�c�0�9�c�6�d�c�2�5�d�1�8�9�d�0�f�f�7�a�e�0�b�a�5�c�c�7�e�a�6�a�c�8�4�7�8�c�6�d�9�9�b�2�e�a�c�8�4�5�d�8�d�5�8�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�d�1�4�9�f�c�d�9�b�0�0�c�3�c�d�6�0�6�d�1�c�d�3�2�e�b�4�d�0�5�4�5�3�b�2�e�c�a�b�2�3�8�a�f�d�2�d�b�c�8�6�f�b�8�c�c�9�6�6�d�c�8�2�6�.�e�x�e�
C�:�\�8�e�1�2�e�f�7�e�8�e�3�5�1�9�5�b�0�7�2�6�4�8�d�1�5�f�a�9�e�2�a�a�6�e�4�a�c�8�8�d�f�8�1�5�a�1�9�9�e�f�a�6�b�4�c�d�0�b�1�d�d�8�8�9�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�5�0�5�c�d�f�2�8�e�b�2�c�a�9�4�6�c�6�d�d�9�7�4�d�4�2�1�c�4�e�8�0�b�1�a�9�b�4�2�7�e�3�8�3�8�9�9�7�f�a�4�2�1�b�d�8�c�9�2�0�5�1�2�e�
C�:�\�3�7�1�1�b�d�7�2�e�3�7�1�b�7�4�4�0�d�8�4�f�8�4�4�2�a�f�3�9�8�a�3�f�e�c�6�f�5�d�6�d�1�4�7�c�3�7�8�4�c�b�3�7�e�e�a�6�0�7�a�4�f�6�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�b�5�7�5�6�c�8�4�1�4�d�9�9�d�8�4�d�5�b�a�3�d�a�c�3�2�4�e�5�e�d�0�e�b�3�7�b�6�8�2�5�d�7�d�8�9�7�d�8�e�5�b�1�f�2�b�5�b�1�f�0�8�e�2�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�h�r�R�3�Y�I�K�I�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�3�9�2�0�6�3�8�0�9�2�5�e�4�c�5�6�_�b�u�d�h�a�.�e�x�e�
C�:�\�f�b�6�7�e�b�a�0�b�5�0�c�5�9�a�8�2�3�a�9�c�a�6�d�a�5�5�6�e�4�f�2�f�0�0�f�5�5�f�0�8�e�c�f�f�8�b�8�7�6�2�8�2�9�e�b�2�e�9�a�9�e�9�c�
C�:�\�9�e�8�c�4�0�1�a�1�f�8�d�6�4�7�8�2�9�e�c�b�9�1�f�b�1�a�0�6�d�3�f�6�6�d�1�1�9�8�0�8�d�3�d�5�1�d�1�0�c�d�f�b�7�b�7�e�2�7�2�7�e�6�e�
C�:�\�e�a�3�0�5�d�3�f�e�c�b�6�3�e�b�c�8�a�0�3�f�f�8�b�1�0�1�c�b�d�c�f�6�0�c�8�1�4�b�0�5�6�2�c�8�b�7�a�7�5�f�c�7�0�9�e�3�9�d�0�c�e�f�9�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�6�1�8�b�f�a�2�3�b�b�8�c�a�7�7�1�_�b�u�d�h�a�.�e�x�e�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�l�u�s�e�r�\�D�e�s�k�t�o�p�\�v�8�a�3�n�O�V�O�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�4�e�b�4�6�f�9�c�c�9�6�b�1�3�7�b�a�9�4�7�c�5�7�f�6�3�1�6�9�4�d�0�4�7�8�7�a�c�c�4�2�7�f�0�9�9�d�0�3�e�6�4�0�f�8�9�0�7�d�6�e�e�3�7�
C�:�\�2�6�5�f�b�3�9�e�4�a�c�5�b�9�4�d�f�8�5�5�1�b�d�8�5�1�4�1�8�e�a�0�a�c�e�3�f�f�a�8�f�e�8�8�b�b�d�3�f�d�c�5�e�2�8�d�9�f�7�8�5�9�3�9�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�H�m�M�f�o�A�B�P�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�5�8�a�d�8�0�9�2�6�6�e�f�d�1�f�0�a�9�f�1�d�0�0�0�4�7�2�f�d�d�a�3�b�e�e�0�e�b�9�8�8�9�c�b�0�8�5�e�d�d�c�9�1�1�c�b�8�8�9�9�9�f�7�f�.�e�x�e�
C�:�\�8�d�1�c�8�4�e�6�f�c�3�2�3�4�6�3�9�7�3�d�a�b�b�7�5�a�0�9�b�d�7�8�9�7�6�b�a�5�c�1�6�b�1�c�d�2�0�8�4�2�1�f�5�c�5�4�0�f�5�0�6�2�b�1�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�u�d�h�a�.�e�x�e�
C�:�\�5�2�c�9�c�2�5�e�5�0�b�1�8�d�6�4�d�4�b�3�a�4�9�1�5�2�5�0�e�7�6�9�7�b�1�8�c�8�5�f�6�9�5�e�9�2�9�4�4�a�4�1�b�c�9�e�c�1�6�2�5�8�7�b�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�7�x�b�2�A�L�R�8�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�6�4�6�7�d�6�7�e�a�2�5�c�9�1�0�6�4�1�7�7�e�9�3�8�2�3�8�a�9�b�1�5�8�c�d�2�7�4�f�f�d�0�8�d�3�8�9�7�7�3�b�d�4�9�9�a�f�1�5�5�7�b�6�1�.�e�x�e�
C�:�\�6�f�b�d�b�4�9�0�7�5�c�0�0�f�f�c�a�9�c�f�2�0�0�f�f�0�8�3�f�7�e�f�1�a�4�a�6�1�1�3�7�3�5�8�c�c�8�d�7�c�6�3�6�0�6�f�1�9�b�7�c�5�5�7�
C�:�\�U�s�e�r�s�\�L�i�s�a�\�D�e�s�k�t�o�p�\�Q�q�R�2�o�6�a�k�.�e�x�e�
C�:�\�0�8�7�5�7�a�b�6�a�b�8�e�4�3�7�2�b�9�2�5�e�d�c�a�2�e�5�c�3�1�8�f�3�7�8�8�d�f�b�3�a�9�d�2�5�a�3�b�3�9�0�4�0�d�4�f�8�4�3�b�c�3�d�5�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�e�1�7�0�b�2�a�5�6�d�2�7�7�1�0�9�_�b�u�d�h�a�.�e�x�e�
C�:�\�f�6�2�7�a�b�d�4�4�6�7�f�d�a�6�d�d�f�4�3�e�0�f�3�a�a�e�c�a�b�e�5�2�5�7�7�0�3�3�9�4�3�1�3�b�e�7�b�d�4�3�2�a�9�5�a�7�5�0�9�9�f�b�c�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�c�6�b�8�4�e�5�6�c�f�1�f�2�b�9�d�f�c�c�b�5�7�e�f�0�d�d�c�e�d�a�1�9�0�9�c�0�3�f�a�8�c�6�b�0�3�2�d�6�e�e�5�5�4�f�8�8�0�f�f�4�3�b�7�
C�:�\�5�c�1�d�8�5�9�7�6�4�4�5�4�2�f�1�7�3�2�3�8�a�a�9�6�5�6�b�4�d�a�4�4�b�e�6�b�5�c�8�1�6�f�8�8�1�9�4�1�2�3�d�9�7�5�d�f�8�2�c�d�1�1�1�
C�:�\�b�7�3�6�9�4�a�a�5�8�c�a�e�4�a�f�1�5�7�f�e�7�c�7�e�1�4�8�3�1�8�7�6�b�f�2�7�8�a�a�1�e�c�4�2�e�8�d�9�6�a�d�5�8�c�0�9�4�6�5�3�2�7�1�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�X�R�9�j�t�O�j�q�.�e�x�e�
C�:�\�5�4�9�0�a�4�a�3�9�7�4�c�5�5�2�f�b�0�0�1�f�f�2�3�d�9�1�d�2�a�c�5�7�5�c�f�d�2�2�2�0�c�0�c�4�4�4�3�5�0�a�d�2�1�6�2�3�6�a�8�3�1�b�c�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�z�L�0�k�z�P�x�L�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�.�p�e�3�2�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�0�a�9�4�9�a�5�d�b�d�2�3�d�4�0�0�_�b�u�d�h�a�.�e�x�e�
C�:�\�0�0�4�a�e�4�6�4�c�8�6�3�e�4�8�e�8�1�0�7�9�d�f�9�5�8�3�4�2�d�8�0�6�a�6�f�b�d�d�e�f�1�8�a�5�4�3�1�b�f�1�4�0�e�4�9�d�c�6�8�a�c�3�a�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�e�9�8�2�b�8�1�4�a�7�6�0�c�f�1�_�b�u�d�h�a�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�z�D�T�M�N�j�K�F�F�E�.�e�x�e�
C�:�\�b�a�1�c�2�4�6�b�0�8�1�2�3�6�4�4�1�4�3�b�9�4�8�f�4�8�d�a�7�d�a�b�f�2�8�c�d�f�3�e�0�8�7�1�9�2�d�f�d�2�3�6�7�9�c�7�f�b�1�a�b�d�6�c�
C�:�\�9�e�2�4�e�e�8�8�2�1�1�4�c�7�0�9�b�4�4�9�7�0�d�0�0�4�4�4�e�8�9�9�c�8�1�d�5�f�7�e�1�1�d�4�4�e�7�f�c�5�8�f�8�5�8�e�d�d�3�c�6�3�9�1�
C�:�\�8�4�4�a�4�1�c�4�7�1�b�4�0�0�6�6�3�5�0�5�e�8�1�9�e�a�c�b�6�d�0�b�7�6�c�d�8�f�7�8�c�1�d�3�2�8�2�a�0�2�d�0�4�5�7�e�4�e�4�4�1�0�d�4�
C�:�\�8�1�9�3�f�1�0�0�1�c�f�8�3�8�f�a�b�4�f�5�b�f�1�4�d�5�f�d�c�0�7�c�8�1�0�4�1�7�a�9�2�9�e�1�7�e�1�5�1�8�4�d�0�a�8�0�5�5�9�0�0�e�e�f�
C�:�\�d�5�1�0�d�8�a�6�0�3�f�2�8�2�6�d�b�5�9�1�4�e�4�e�2�5�0�a�e�5�c�b�6�f�b�3�2�6�b�1�8�9�0�f�f�9�f�3�9�2�4�0�4�d�9�f�5�5�9�f�1�d�c�0�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�B�B�l�G�f�4�d�W�.�e�x�e�
C�:�\�0�e�6�9�1�6�7�9�e�e�7�1�6�8�b�a�8�3�3�d�2�5�8�6�e�b�c�b�f�9�9�6�3�2�e�3�4�4�3�9�2�9�0�e�f�d�a�f�1�3�3�b�3�7�f�c�9�c�b�f�c�c�9�3�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�l�B�V�Z�a�Z�a�5�.�e�x�e�
C�:�\�0�7�6�c�3�5�3�c�a�5�9�c�c�7�b�4�8�c�3�4�f�8�a�6�c�8�3�4�a�a�4�b�d�7�8�f�7�2�4�8�e�7�2�d�f�7�4�2�5�8�3�f�a�2�8�e�1�4�a�b�8�e�a�5�
C�:�\�e�4�3�1�b�7�2�c�8�e�f�0�9�3�3�7�6�8�4�4�c�4�7�f�5�6�2�8�5�a�c�b�6�b�6�3�a�8�d�8�6�9�f�8�7�6�f�f�e�f�f�c�a�b�9�7�6�c�8�a�6�5�b�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�b�u�d�h�a�.�p�e�3�2�
C�:�\�f�d�f�c�2�0�3�8�e�3�6�5�b�9�3�6�7�b�3�5�9�2�b�4�2�1�f�0�a�3�3�4�6�6�0�1�5�a�4�3�c�c�4�8�f�8�5�f�9�3�5�1�9�7�9�a�8�5�c�4�7�6�a�0�
C�:�\�7�9�e�b�4�a�a�f�f�1�1�6�5�4�9�a�e�5�f�5�8�b�d�4�9�8�c�b�3�8�9�f�0�4�6�8�a�b�0�5�b�c�2�4�6�7�4�8�8�0�e�0�6�b�c�8�9�f�9�1�2�d�9�c�
C�:�\�c�f�3�3�c�d�a�4�2�e�9�4�c�0�f�b�d�b�1�3�7�3�3�3�c�a�2�6�c�5�c�a�4�a�0�4�c�f�4�7�6�0�1�2�3�1�1�2�6�d�5�7�8�6�2�e�5�f�6�1�4�2�0�7�
C�:�\�D�o�c�u�m�e�n�t�s� �a�n�d� �S�e�t�t�i�n�g�s�\�A�d�m�i�n�i�s�t�r�a�t�o�r�\�D�e�s�k�t�o�p�\�N�M�3�M�B�X�L�u�.�e�x�e�
C�:�\�f�6�f�c�5�c�4�e�4�b�6�7�d�c�7�3�c�c�1�b�a�5�4�0�0�8�d�8�4�1�5�7�f�1�c�3�c�0�8�e�d�0�c�0�b�e�7�7�4�f�a�5�7�4�0�9�1�c�1�6�3�c�1�9�
Process Tree
-
08fddcbf10ba5587cf90f3eb4a7592d76b2a6f3e2d5b98b00cbd1527f2158a31.exe (3012)
"C:\Users\Administrator\AppData\Local\Temp\08fddcbf10ba5587cf90f3eb4a7592d76b2a6f3e2d5b98b00cbd1527f2158a31.exe"
- budha.exe (600) "C:\Users\ADMINI~1\AppData\Local\Temp\budha.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com | ||
| faithmentoringandmore.com | ||
| intarefc.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51758 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51758 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 49208342526ffe2c_budha.exe |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\budha.exe |
| Size | 34.3KB |
| Processes | 3012 (08fddcbf10ba5587cf90f3eb4a7592d76b2a6f3e2d5b98b00cbd1527f2158a31.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 204b4d5377f42a15c04593358c6113c2 |
| SHA1 | 4f43b8b883ae8174fb72c10640fa64adfbcdfe69 |
| SHA256 | 49208342526ffe2c14477031f6302a25a96f7181b0d15a81ce7d8a82cd9c2e76 |
| CRC32 | 0FE644BF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 319dd4240773f62bdc5b71355adb489b32ef4f83 |
|---|---|
| Size | 5.0KB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 43139668ec4e06ac6899697bc2d68a81 |
| SHA1 | 319dd4240773f62bdc5b71355adb489b32ef4f83 |
| SHA256 | b76caccec1e6b801262efde2f406382fe70531430f0818867a7eb97dc42a6d53 |
| CRC32 | 6D267C84 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |