2.7
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.59
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200328 | 18.4.3895.0 |
| Baidu | Win32.Trojan-Downloader.Small.c | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200328 | 2013.8.14.323 |
| McAfee | Downloader-FUD | 20200326 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b8a072 | 20200328 | 1.0.0.1 |
静态指标
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(4 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\gewos.exe |
投放一个二进制文件并执行它
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\gewos.exe |
将可执行文件投放到用户的 AppData 文件夹
(1 个事件)
| file | C:\Users\Administrator\AppData\Local\Temp\gewos.exe |
一个进程创建了一个隐藏窗口
(1 个事件)
将读写内存保护更改为可读执行(可能是为了避免在同时设置所有 RWX 标志时被检测)
(8 个事件)
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 35.212.119.5:443 |
文件已被 VirusTotal 上 63 个反病毒引擎识别为恶意
(50 out of 63 个事件)
| ALYac | Trojan.GenericKD.1325139 |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.1325139 |
| AhnLab-V3 | Trojan/Win32.Bublik.R84216 |
| Antiy-AVL | Trojan/Win32.Bublik |
| Arcabit | Trojan.Generic.D143853 |
| Avast | Win32:Trojan-gen |
| Avira | TR/Agent.ZRFI |
| Baidu | Win32.Trojan-Downloader.Small.c |
| BitDefender | Trojan.GenericKD.1325139 |
| BitDefenderTheta | AI:Packer.F12A153020 |
| Bkav | W32.DownloadUpatre.Trojan |
| CAT-QuickHeal | Downloader.Upatre.27317 |
| ClamAV | Win.Trojan.Upatre-3341 |
| Comodo | TrojWare.Win32.TrojanDownloader.Upatre.MAUA@5rueuc |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.da5d66 |
| Cylance | Unsafe |
| Cyren | W32/Trojan.QDER-6676 |
| DrWeb | Trojan.DownLoad3.28161 |
| ESET-NOD32 | Win32/TrojanDownloader.Small.AAB |
| Emsisoft | Trojan.GenericKD.1325139 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan3.GDT |
| F-Secure | Trojan.TR/Agent.ZRFI |
| FireEye | Generic.mg.b77da5dda5d66220 |
| Fortinet | W32/Agent.ABI!tr |
| GData | Trojan.GenericKD.1325139 |
| Ikarus | Backdoor.Win32.Androm |
| Invincea | heuristic |
| Jiangmin | Trojan/Bublik.gbn |
| K7AntiVirus | Trojan ( 0001140e1 ) |
| K7GW | Trojan ( 0001140e1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=88) |
| MaxSecure | Trojan.Upatre.Gen |
| McAfee | Downloader-FUD |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.pm |
| MicroWorld-eScan | Trojan.GenericKD.1325139 |
| Microsoft | TrojanDownloader:Win32/Upatre.A |
| NANO-Antivirus | Trojan.Win32.DownLoad3.cjebpc |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.2E61.Malware.Gen |
| Rising | Downloader.Small!8.B41 (TFE:dGZlOgIZhyqGyFCLPw) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Zbot-GOA |
| Symantec | Downloader.Upatre |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-04-04 22:40:43
PE Imphash
a2bfa209044e11b72a41f731968fdff2
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00002a34 | 0x00002c00 | 6.120370252187977 |
| .data | 0x00004000 | 0x00000d2c | 0x00000e00 | 4.107523237538056 |
| .rsrc | 0x00005000 | 0x00002840 | 0x00002a00 | 5.040049616306608 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_BITMAP | 0x00007780 | 0x000000ba | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00005618 | 0x00001c10 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MENU | 0x00007240 | 0x000000d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x00007318 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00007228 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x00005480 | 0x00000198 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x00005320 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library user32.dll:
• 0x404030 BeginPaint
• 0x404034 DispatchMessageA
• 0x404038 DrawTextA
• 0x40403c EndPaint
• 0x404040 TranslateMessage
• 0x404044 PostQuitMessage
• 0x404048 ShowWindow
• 0x40404c UpdateWindow
• 0x404050 CreateWindowExA
• 0x404054 RegisterClassExA
• 0x404058 DefWindowProcA
• 0x40405c MessageBoxA
• 0x404060 SendMessageA
• 0x404064 DestroyWindow
• 0x404068 LoadIconA
• 0x40406c LoadCursorA
• 0x404070 SetWindowPos
• 0x404074 GetWindowRect
• 0x404078 GetMessageA
• 0x40407c DialogBoxParamA
Library kernel32.dll:
• 0x404008 GetLastError
• 0x40400c lstrcpyA
• 0x404010 GetModuleHandleA
• 0x404014 GetCommandLineA
• 0x404018 GetCurrentDirectoryA
• 0x40401c CloseHandle
• 0x404020 GetCurrentProcessId
• 0x404024 GetCurrentProcess
• 0x404028 CreateFileA
Library gdi32.dll:
• 0x404000 CreateFontIndirectA
L!This program cannot be run in DOS mode.
`.data
@@ 31c
@Lmcnu
EcloP3-l
x@tci<
lWh2-e
+u]UuM
GFu;uu_+
u!M9MEvh
E;Es%N
h%` :@
dTsa*|
j8 ~#e
@hV-ieX
@wcfOak
hJx i@
* h^Rh@
51h%pG
hb u\
Bklheh
hzi*zs
e3Rf F
h*d}r>f:
2lcl<
moEA02x
mE.|1e
ur j`1Zd
@td`'0Xe
FGIu5NA@
FFFF=F@
@;sy;s
FGIu=F@
\Nouh@0/I
Ndju@}
` t0W
FG3@_^]
(onEu
@XDoD G+
@WEASn% EVPP
/c^xd<e
'S'oMu8/
@%Wr$uT)fe
8|nQ"jU
EM+PEM+X+Pj
GV+=F@
QRRhF@
u~BA@
GGGGBBBBIuj j
S,tCCjp!ei
_Oh:iS
EP$9,s'"L
j9e2e"P
H"| Ve
hd@$"e
(.otCE
) aur#
lul vee
eeelt#PrbLen
rpC+"B
l#;; e
#sTiiMfr!rr)
tepV_a
lotader
Consolas
state.ini
static
kilasdg
button
asdlkjalsdj ai8
DialogBoxParamA
SetWindowPos
GetWindowRect
LoadCursorA
LoadIconA
DestroyWindow
SendMessageA
MessageBoxA
DefWindowProcA
RegisterClassExA
CreateWindowExA
TranslateMessage
BeginPaint
DispatchMessageA
DrawTextA
EndPaint
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
user32.dll
GetCurrentProcess
GetCurrentProcessId
CloseHandle
GetCurrentDirectoryA
GetCommandLineA
GetModuleHandleA
lstrcpyA
GetLastError
CreateFileA
kernel32.dll
CreateFontIndirectA
gdi32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
xxxyyy
- - - - - - - - - F:- - SH- - - - - - - - - - - - *
. . . . . . . . F:. F:yq. . ,
- . . . . . . . ,
. 0!0!0!0!0!0!0!0!~t0!yq1"0!0!dX0!0!0!0!0!0!0!.
0!1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"1"0!
2#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#3#2#
4$I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;I;4$
"""""""
"""#"""
"""DB""
"""BB""
""$BD""
""$"$""
""$"$""
"""""""
"""""""
"""""""
#33""""
"""""""
DDDDDDD
F"RRR%d
FVfffRd
F&DDD%d
DDFfdDD
DDDDDDD
""""""""""!
""""""
""""!!
""""" @"""""""2""""""$D""""""$$""""""D$B"""""B"B"""""B"B"""""B"B""""""""""
"""""""""""""""""""
22"""#
3""""#332""""""""""""
I�D�R�_�V�E�R�S�I�O�N�1�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
F�i�l�e�I�n�f�o�
F�F�F�F�0�4�E�3�
F�i�l�e�V�e�r�s�i�o�n�
2�.�0�.�1�.�7�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
2�.�0�.�1�.�0�
C�o�m�p�a�n�y�N�a�m�e�
S�a�n�n�y� �L�t�d�.�
P�r�o�d�u�c�t�N�a�m�e�
L�o�o�k�F�o�r�
V�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
&�A�b�o�u�t�
�A�b�o�u�t�
M�S� �S�a�n�s� �S�e�r�i�f�
C�:�\�U�s�e�r�s�\�h�o�s�s�a�m�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�R�a�r�$�E�X�a�0�.�6�3�9�\�V�A�T�_�0�8�1�0�2�0�1�3�.�e�x�e�
C�:�\�O�w�U�l�3�K�7�y�.�e�x�e�
C�:�\�7�d�S�A�l�N�7�y�.�e�x�e�
C�:�\�l�d�Z�o�3�6�m�Q�.�e�x�e�
C�:�\�_�8�V�Y�h�a�p�r�.�e�x�e�
C�:�\�l�F�j�V�S�R�k�A�.�e�x�e�
C�:�\�H�S�r�i�s�g�R�C�.�e�x�e�
C�:�\�q�4�s�l�o�0�f�L�.�e�x�e�
C�:�\�z�Q�T�u�H�I�Y�g�.�e�x�e�
C�:�\�B�l�L�p�6�6�U�V�.�e�x�e�
C�:�\�a�c�7�1�b�0�3�1�0�6�a�4�b�f�8�b�4�4�b�9�7�1�d�4�f�2�6�a�1�0�0�c�c�3�6�4�9�a�3�8�d�1�9�f�c�c�e�0�7�7�5�7�e�e�2�1�2�0�8�2�b�5�e�2�
C�:�\�i�i�T�F�J�b�W�P�.�e�x�e�
C�:�\�j�b�0�q�C�U�6�n�.�e�x�e�
C�:�\�P�u�h�K�9�Y�T�2�.�e�x�e�
C�:�\�O�X�z�a�7�a�q�C�.�e�x�e�
C�:�\�o�3�q�w�G�e�J�l�.�e�x�e�
C�:�\�y�o�N�B�G�m�K�P�.�e�x�e�
C�:�\�c�3�2�b�f�a�9�2�e�8�2�3�3�8�e�2�d�1�9�e�9�4�3�0�2�9�6�9�6�e�c�3�a�3�6�7�3�0�7�c�5�2�9�9�0�2�5�3�8�9�5�a�7�7�c�4�8�2�0�8�9�b�2�c�
C�:�\�X�S�E�l�V�o�5�N�.�e�x�e�
C�:�\�1�R�1�d�O�d�H�I�.�e�x�e�
C�:�\�d�z�v�W�U�n�6�b�.�e�x�e�
C�:�\�6�C�a�A�D�a�z�d�.�e�x�e�
C�:�\�q�Z�r�r�w�4�s�O�.�e�x�e�
C�:�\�o�J�c�n�N�w�o�E�.�e�x�e�
C�:�\�2�6�3�3�1�d�7�b�e�8�4�c�b�3�e�3�7�a�7�2�3�5�e�9�d�4�3�2�4�a�8�0�a�3�4�3�f�7�6�0�6�3�c�b�4�8�9�e�2�e�d�0�1�1�e�6�9�2�d�c�e�8�f�9�
C�:�\�b�c�7�1�0�d�c�4�a�1�4�0�3�f�a�1�1�8�4�9�0�0�f�2�1�9�4�1�5�b�2�a�8�6�6�d�b�d�9�3�c�3�7�6�1�4�e�b�c�a�5�0�9�3�e�a�5�c�a�0�7�b�e�5�
C�:�\�1�7�0�1�e�1�0�0�2�6�3�0�3�8�e�c�e�3�e�7�7�c�2�a�e�d�3�7�0�8�3�a�f�2�8�4�2�e�6�a�5�9�5�f�f�6�8�7�6�3�b�9�4�b�2�0�8�d�8�e�9�b�7�c�
C�:�\�7�5�a�2�b�0�5�9�5�3�5�6�5�d�4�b�a�6�9�f�9�f�4�7�6�4�0�4�6�b�7�3�e�b�b�b�f�8�c�4�b�f�1�6�2�3�f�6�4�5�5�4�f�f�3�5�8�9�2�5�a�d�3�2�
C�:�\�N�N�U�I�Y�n�l�K�.�e�x�e�
C�:�\�1�p�j�n�m�6�z�B�.�e�x�e�
C�:�\�r�C�7�H�h�4�j�Z�.�e�x�e�
C�:�\�S�E�I�L�8�J�d�j�.�e�x�e�
C�:�\�a�9�C�Y�N�4�U�W�.�e�x�e�
C�:�\�d�V�J�H�e�I�u�_�.�e�x�e�
C�:�\�Y�N�C�D�a�N�Y�0�.�e�x�e�
C�:�\�u�s�R�r�q�K�T�t�.�e�x�e�
C�:�\�Z�Q�1�a�K�e�u�5�.�e�x�e�
C�:�\�X�i�E�2�P�r�9�3�.�e�x�e�
C�:�\�A�L�I�r�8�0�I�g�.�e�x�e�
C�:�\�0�e�0�2�0�8�e�2�7�8�2�9�a�f�1�6�f�2�d�6�7�9�6�1�6�8�3�b�5�8�b�5�2�5�0�9�c�a�d�c�7�e�f�5�1�e�d�d�0�7�4�b�4�5�1�5�9�5�7�7�7�2�0�f�
C�:�\�1�f�d�7�f�a�2�9�0�4�c�5�d�e�2�4�f�1�0�2�3�f�9�4�e�3�a�5�0�8�f�6�0�b�c�8�a�c�5�7�5�3�5�3�0�a�c�e�1�5�1�1�3�9�c�7�f�5�e�9�c�7�c�b�
C�:�\�k�i�D�I�Q�Q�E�K�.�e�x�e�
C�:�\�b�h�2�k�W�R�Z�D�.�e�x�e�
C�:�\�2�o�f�b�v�X�z�M�.�e�x�e�
C�:�\�Z�t�l�p�1�6�D�J�.�e�x�e�
C�:�\�9�w�Z�E�t�V�3�S�.�e�x�e�
C�:�\�Z�D�B�f�f�s�3�V�.�e�x�e�
C�:�\�_�G�P�l�i�G�J�U�.�e�x�e�
C�:�\�e�a�d�b�8�8�8�f�3�e�a�e�4�c�f�e�2�3�3�c�e�8�4�1�7�b�c�c�8�0�8�4�4�8�a�9�1�1�2�7�f�3�7�1�2�2�8�0�3�a�8�b�f�6�7�7�d�5�4�7�a�c�5�d�
C�:�\�5�3�9�4�1�8�b�3�2�2�1�4�9�7�0�8�4�8�f�4�7�e�a�b�3�2�f�d�2�f�d�6�c�1�e�3�8�1�e�4�6�7�1�4�2�8�b�2�f�c�a�2�0�3�1�8�b�7�0�a�0�e�2�4�
C�:�\�d�2�0�0�f�f�f�9�6�3�4�8�d�7�b�9�3�6�e�2�3�b�7�9�d�8�a�6�d�a�d�1�b�b�e�4�7�b�b�5�5�4�e�2�7�8�2�3�e�e�7�8�5�e�d�c�4�b�6�7�2�3�e�f�
C�:�\�8�2�e�6�e�7�c�1�7�e�0�1�c�5�f�f�f�9�c�5�9�0�5�1�b�8�d�3�b�9�f�a�9�a�8�b�0�1�5�d�c�f�7�8�6�2�e�4�6�5�f�f�2�2�3�d�e�7�6�0�2�8�3�0�
C�:�\�Q�0�_�c�m�8�1�9�.�e�x�e�
C�:�\�L�1�Z�j�R�y�t�k�.�e�x�e�
C�:�\�n�4�r�e�S�W�I�Q�.�e�x�e�
C�:�\�8�c�3�7�c�d�6�5�f�0�f�0�5�b�c�7�a�9�4�7�f�c�e�4�1�3�e�a�2�b�4�4�8�d�0�6�9�9�d�f�e�5�8�e�b�d�5�9�4�0�a�7�8�3�6�7�8�1�9�5�3�2�b�6�
C�:�\�6�9�0�4�0�c�f�8�9�7�2�a�6�3�3�1�c�2�0�8�5�1�4�3�0�9�d�6�3�2�b�3�c�2�a�f�7�5�3�e�b�7�2�8�6�c�2�c�a�6�7�d�f�1�e�2�b�a�9�8�c�9�8�b�
C�:�\�4�5�f�1�8�5�8�8�c�4�1�b�1�a�c�5�c�9�e�2�c�f�9�6�2�4�8�4�a�7�e�7�4�8�f�4�c�e�f�7�0�5�c�a�e�9�b�1�e�6�5�c�a�0�2�1�8�6�1�7�c�8�9�6�
C�:�\�m�9�r�T�1�P�4�i�.�e�x�e�
C�:�\�p�l�d�b�a�v�K�Y�.�e�x�e�
C�:�\�W�G�I�8�k�K�X�e�.�e�x�e�
C�:�\�C�F�g�q�_�V�J�J�.�e�x�e�
C�:�\�c�o�F�X�H�y�e�J�.�e�x�e�
C�:�\�8�8�d�S�2�8�W�6�.�e�x�e�
C�:�\�U�Z�U�L�p�T�X�t�.�e�x�e�
C�:�\�3�N�L�Q�M�C�t�a�.�e�x�e�
C�:�\�q�V�z�X�e�p�d�U�.�e�x�e�
C�:�\�L�l�x�S�h�0�R�v�.�e�x�e�
C�:�\�b�M�u�w�C�j�o�S�.�e�x�e�
C�:�\�s�V�h�J�Q�x�L�T�.�e�x�e�
C�:�\�z�z�_�R�l�X�H�E�.�e�x�e�
C�:�\�2�d�d�W�g�e�i�5�.�e�x�e�
C�:�\�1�d�S�i�U�J�h�T�.�e�x�e�
C�:�\�_�k�T�r�u�N�o�8�.�e�x�e�
C�:�\�l�v�P�X�5�a�P�u�.�e�x�e�
C�:�\�Z�t�K�R�q�1�1�X�.�e�x�e�
C�:�\�y�a�8�r�w�T�L�x�.�e�x�e�
C�:�\�W�u�H�l�I�9�C�M�.�e�x�e�
C�:�\�7�c�4�3�b�c�f�2�4�e�d�a�2�7�5�7�c�d�2�8�5�0�1�8�2�6�8�3�b�b�8�1�f�2�b�8�c�0�e�a�0�e�d�7�d�4�8�b�1�b�8�4�a�9�0�f�1�d�a�1�3�8�d�9�
C�:�\�e�3�6�5�9�6�f�3�6�9�c�5�c�0�9�3�3�9�e�a�a�3�8�c�1�2�d�d�0�d�6�2�6�7�1�1�3�e�a�5�9�7�0�2�8�b�0�a�9�0�4�9�4�6�a�6�e�2�1�3�4�7�4�8�
C�:�\�a�8�7�0�f�e�a�4�8�8�b�4�2�6�f�b�9�d�7�8�1�f�0�9�a�9�0�e�d�4�d�b�c�9�5�b�9�d�5�2�b�5�d�5�b�a�1�d�6�8�d�7�4�6�8�0�a�a�a�c�f�c�c�f�
C�:�\�d�7�6�e�0�b�6�3�1�f�0�9�7�d�1�2�6�3�9�a�7�0�4�5�8�7�0�6�7�4�5�0�f�0�a�0�a�a�f�1�8�b�7�0�b�e�0�7�8�3�8�0�5�e�4�8�4�7�b�f�b�8�a�a�
C�:�\�T�w�v�c�d�H�M�Y�.�e�x�e�
C�:�\�y�w�a�P�X�O�v�d�.�e�x�e�
C�:�\�5�t�r�q�c�k�Z�x�.�e�x�e�
C�:�\�1�6�d�f�0�9�0�1�a�0�9�5�3�7�4�9�9�0�e�9�e�1�f�1�f�6�c�d�0�2�2�5�8�2�f�c�1�3�3�5�a�4�8�a�c�e�3�c�a�2�d�c�b�4�9�d�6�c�3�4�f�2�1�7�
C�:�\�0�5�a�d�4�4�1�e�2�7�d�1�8�b�3�f�6�0�5�2�c�b�4�7�4�5�9�9�f�4�8�a�b�b�0�5�5�3�7�b�b�a�8�6�9�b�7�5�5�2�5�f�5�3�f�6�d�0�4�1�1�e�e�d�
C�:�\�6�1�5�9�4�b�7�b�3�0�7�5�2�2�c�4�1�8�2�3�a�c�9�e�2�3�6�c�5�2�5�1�1�e�6�6�6�0�b�2�0�c�2�7�2�0�3�c�f�d�1�e�c�5�a�3�8�9�e�4�5�9�9�8�
C�:�\�6�b�a�a�f�a�3�e�7�0�1�6�a�8�b�9�f�e�d�f�9�d�8�8�e�5�7�0�b�c�e�8�7�8�8�3�9�b�b�0�d�d�0�2�7�c�8�a�d�8�d�5�b�f�b�8�4�4�2�1�2�3�6�7�
C�:�\�a�p�R�0�n�T�n�z�.�e�x�e�
C�:�\�V�I�D�6�5�9�8�1�9�4�6�9�.�e�x�e�
C�:�\�f�3�7�f�b�0�6�8�0�c�c�a�5�a�3�0�6�d�3�0�d�9�5�a�c�0�4�c�0�6�2�9�c�e�f�8�0�7�5�c�5�c�1�f�a�a�a�1�0�e�1�c�2�e�d�b�2�7�6�9�5�d�1�4�
C�:�\�8�1�8�f�9�2�f�1�8�b�f�0�6�d�2�a�7�c�b�d�e�a�6�4�a�1�3�9�0�f�8�f�4�3�2�6�e�0�0�7�0�6�5�b�a�5�6�a�9�8�d�6�3�9�d�e�2�c�c�3�d�1�7�2�
C�:�\�a�f�b�7�2�4�b�7�1�f�9�5�c�8�5�d�4�a�9�4�c�6�a�5�3�f�d�6�3�e�0�f�5�a�0�5�3�0�6�b�5�b�0�d�5�b�0�7�6�6�4�2�2�b�3�6�4�3�2�c�a�9�1�3�
C�:�\�V�A�1�Q�s�m�o�L�.�e�x�e�
C�:�\�9�1�f�f�9�8�1�b�5�5�7�f�c�3�e�c�5�a�4�c�8�0�6�5�d�5�5�b�0�2�5�8�6�0�4�0�f�7�6�9�2�3�8�7�f�6�3�4�c�1�b�f�3�9�1�0�0�2�a�b�d�2�5�3�
C�:�\�P�f�l�M�u�D�Y�s�.�e�x�e�
C�:�\�7�d�0�0�7�2�9�b�5�7�1�c�6�4�0�d�b�4�e�8�e�1�e�c�8�5�b�2�b�7�c�9�f�b�b�b�c�5�4�c�8�9�2�e�2�a�7�1�0�8�5�5�2�1�9�8�4�c�a�2�f�0�d�0�
C�:�\�e�3�3�4�3�5�9�f�c�7�c�e�4�2�b�d�7�5�5�9�1�9�8�2�c�4�c�1�b�2�b�a�3�d�8�b�8�b�f�a�8�5�2�6�0�3�e�f�4�e�7�d�e�b�7�4�9�2�8�2�8�0�0�d�
C�:�\�7�0�7�4�b�2�5�6�e�6�5�7�7�7�9�5�f�f�8�a�d�e�d�c�d�3�4�1�6�f�6�e�f�9�4�2�a�f�7�9�0�b�1�d�b�f�f�d�2�5�8�8�a�f�0�1�6�e�f�2�5�9�b�d�
C�:�\�6�A�8�s�7�7�w�v�.�e�x�e�
C�:�\�f�a�5�b�1�9�8�7�d�9�f�9�b�c�8�7�9�4�8�0�5�3�8�2�c�5�f�a�d�d�6�c�9�2�5�b�0�1�0�1�d�c�d�7�a�2�b�3�9�6�c�e�4�b�1�f�e�c�8�9�1�a�c�d�
C�:�\�b�c�b�c�d�f�0�6�8�3�4�3�4�7�4�e�7�2�e�7�e�5�2�b�3�4�e�5�f�c�c�2�7�6�b�b�a�0�0�1�5�7�5�d�8�f�8�f�a�2�3�4�1�6�f�d�2�e�d�a�1�9�d�1�
C�:�\�1�7�8�f�f�f�0�1�1�6�a�7�1�6�f�1�0�4�1�a�2�0�3�7�b�5�f�5�9�5�b�a�8�c�3�9�a�4�c�e�e�7�a�4�8�3�3�d�1�b�6�7�4�6�e�4�d�e�0�d�c�a�a�5�
C�:�\�u�A�f�b�J�R�j�Q�.�e�x�e�
C�:�\�9�6�1�b�f�2�e�7�7�2�0�1�3�7�b�5�b�2�a�5�b�2�5�f�2�c�3�e�5�0�1�5�1�9�2�0�5�d�8�6�d�c�e�a�7�0�0�3�b�7�1�d�8�2�1�8�a�2�a�2�0�c�4�e�
C�:�\�U�s�e�r�s�\�V�i�r�t�u�a�l�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�4�a�1�9�f�3�3�0�e�4�6�1�9�f�8�a�0�f�4�8�a�c�4�d�1�7�8�a�9�f�9�d�6�7�0�f�7�f�9�0�f�1�b�a�b�3�d�c�d�f�2�f�9�a�9�e�c�2�9�4�4�4�1�2�.�e�x�e�
C�:�\�d�W�w�J�r�A�M�C�.�e�x�e�
C�:�\�8�1�2�6�1�1�6�6�1�d�a�2�3�b�2�4�c�e�6�7�2�7�6�4�3�3�9�7�e�2�d�b�6�e�d�1�d�c�e�c�1�a�f�b�e�a�a�b�a�2�7�e�0�1�2�9�3�e�2�2�7�d�5�e�
C�:�\�x�C�0�Q�E�r�k�f�.�e�x�e�
C�:�\�U�s�e�r�s�\�J�o�e� �C�a�g�e�\�D�e�s�k�t�o�p�\�m�d�h�m�w�a�p�H�o�e�.�e�x�e�
C�:�\�c�0�e�2�1�3�e�b�9�4�f�7�b�e�3�b�2�a�5�1�4�f�2�8�4�2�a�4�5�4�3�c�8�2�b�2�5�c�0�5�d�4�8�4�9�7�5�a�8�d�e�a�2�4�a�2�b�9�d�1�0�f�0�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�f�f�c�2�f�3�0�4�0�c�e�a�e�2�5�6�0�b�3�3�5�a�f�0�1�1�5�b�e�7�4�0�a�d�a�6�3�d�4�4�6�f�9�0�6�d�2�3�1�6�0�9�7�7�8�2�1�1�7�d�a�1�b�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�F�i�z�r�Y�a�Q�b�.�e�x�e�
C�:�\�6�2�d�1�3�7�1�9�c�4�0�5�0�e�7�6�5�5�c�6�7�7�9�c�5�9�8�9�8�3�2�9�d�8�0�4�4�c�f�a�d�b�b�d�4�b�f�c�3�2�0�f�1�c�6�a�d�4�5�b�7�5�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�f�0�0�f�b�c�6�0�8�4�d�b�8�0�5�7�e�a�6�c�6�e�2�d�8�0�b�7�2�c�0�d�2�c�8�9�e�c�e�f�3�9�d�5�6�1�d�a�6�7�a�d�3�c�a�a�6�c�9�d�3�e�9�a�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�1�4�4�f�5�f�a�f�8�b�c�9�7�7�2�6�e�b�9�d�2�d�8�a�4�e�0�4�c�0�a�1�6�2�b�9�0�a�3�4�6�e�3�5�2�8�9�a�a�e�5�d�9�a�e�a�4�e�a�9�e�6�b�4�
C�:�\�4�2�e�0�3�b�0�8�b�8�3�a�6�f�a�5�b�a�4�e�9�3�4�0�8�5�c�a�b�b�0�4�2�4�c�0�b�4�b�a�3�3�1�7�c�e�0�0�a�9�7�5�5�e�6�a�d�7�4�0�3�2�e�8�
C�:�\�d�8�6�6�f�5�4�3�1�4�6�2�f�b�6�e�c�d�9�1�d�d�d�a�8�c�e�9�f�8�1�e�c�7�7�c�b�c�f�a�6�3�d�0�5�f�8�1�e�6�3�f�8�b�7�5�f�c�a�c�e�7�d�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�G�R�Y�Y�j�0�7�9�.�e�x�e�
C�:�\�c�d�5�3�f�9�7�3�1�3�9�e�c�3�9�d�0�9�c�3�8�0�d�3�a�4�d�5�1�1�9�7�8�8�3�4�e�0�5�f�5�9�b�6�d�6�b�5�7�2�a�3�1�e�6�9�2�4�8�2�9�f�2�a�
C�:�\�f�9�7�6�1�0�1�c�c�6�f�d�d�6�2�0�2�2�8�f�8�7�f�3�4�9�8�c�2�4�3�1�a�0�3�2�9�5�d�7�5�3�b�d�7�7�e�c�b�6�c�f�b�6�b�e�d�c�c�f�2�6�0�0�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�v�F�N�p�X�y�8�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�b�4�4�9�b�b�e�3�3�5�5�2�5�e�f�b�4�f�7�b�6�7�f�a�0�f�3�e�a�f�2�6�.�e�x�e�
C�:�\�z�d�t�2�4�b�I�J�.�e�x�e�
C�:�\�0�1�1�7�a�4�f�8�b�f�8�5�7�b�8�b�f�b�2�e�8�a�7�7�6�c�3�f�9�7�1�c�c�3�4�3�1�f�7�2�a�4�f�7�5�b�6�c�2�2�1�3�2�4�3�1�6�a�c�e�4�d�5�4�
C�:�\�5�b�c�2�b�8�5�2�8�0�2�2�f�a�a�c�e�1�7�2�f�1�9�3�3�2�9�1�f�0�e�8�4�4�8�d�7�6�6�5�6�a�9�e�5�8�9�1�2�c�b�b�c�9�2�2�b�7�e�1�e�e�8�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�a�d�0�8�9�9�2�9�8�9�b�3�f�7�1�4�d�5�2�2�7�f�0�b�f�f�4�a�9�d�f�9�1�1�e�7�9�1�3�6�9�c�c�5�a�3�4�f�b�2�3�3�c�8�2�9�1�1�c�9�7�8�0�a�
C�:�\�1�b�d�d�0�9�f�6�d�a�7�0�b�e�9�f�7�2�7�a�6�9�7�b�5�b�8�4�d�e�0�7�3�2�e�b�0�c�5�6�d�3�d�6�2�0�3�9�2�1�9�6�9�4�1�3�b�b�a�8�b�3�4�c�
C�:�\�f�3�1�9�5�f�2�3�a�6�4�7�2�1�5�6�1�4�8�4�c�c�6�2�3�d�d�9�e�3�9�3�e�6�b�e�4�3�4�8�5�d�0�c�e�8�4�3�5�5�3�6�a�a�5�2�1�a�3�6�4�c�c�7�
C�:�\�9�b�3�4�b�a�c�1�7�b�b�a�8�3�9�e�7�4�d�d�3�7�7�9�5�d�7�5�3�4�9�2�4�3�3�5�9�5�2�5�0�d�e�a�2�6�4�2�c�2�2�9�8�0�5�5�5�f�1�c�b�2�3�9�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�5�1�b�2�6�5�9�9�e�6�9�0�6�4�8�0�5�1�5�4�5�7�2�6�f�b�a�6�6�2�0�7�2�c�d�4�a�4�f�8�7�1�2�4�8�9�b�9�0�8�8�2�d�9�a�8�8�3�2�6�4�6�7�4�
C�:�\�3�5�8�1�9�7�e�8�c�3�8�6�3�a�7�f�9�1�5�a�f�5�9�2�8�b�e�7�c�4�2�e�d�8�1�a�9�a�3�2�e�5�5�5�0�2�1�7�5�4�f�5�2�0�6�b�c�2�3�7�d�9�4�4�
C�:�\�f�f�0�5�9�d�4�9�4�0�c�b�8�9�a�1�b�c�c�b�8�0�8�c�1�d�c�3�a�7�c�e�2�e�c�5�2�1�f�3�c�1�e�c�5�3�a�6�d�b�4�6�6�4�2�b�3�c�7�d�d�3�b�9�
C�:�\�1�9�0�b�0�b�9�3�a�3�e�6�4�e�f�4�e�0�1�6�3�2�a�8�a�e�2�a�c�a�e�6�d�a�0�8�9�c�5�8�e�3�f�b�b�1�0�d�e�c�1�9�1�c�f�5�7�7�b�d�6�c�d�0�
C�:�\�b�c�c�7�e�9�b�f�c�a�1�2�1�3�8�9�3�5�1�2�e�e�7�6�9�b�6�7�1�a�2�4�3�0�7�1�8�c�1�7�a�2�d�3�0�f�3�d�e�2�4�6�0�7�d�5�0�e�5�6�8�4�4�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�1�8�5�f�8�0�8�e�7�2�f�e�8�8�8�8�1�8�3�e�3�e�4�8�e�e�7�1�a�f�d�6�2�8�0�4�9�5�1�2�7�6�e�b�1�b�a�9�7�f�d�6�2�0�1�c�e�e�2�7�7�1�8�0�
C�:�\�c�a�e�d�1�2�a�9�b�a�6�3�2�2�d�c�c�1�2�e�4�0�4�3�0�4�c�8�a�8�a�d�8�0�9�7�b�b�a�b�3�6�d�9�d�4�1�4�a�9�2�6�6�d�d�4�a�d�5�7�8�0�4�d�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�1�f�3�e�0�f�2�c�d�9�7�c�c�7�9�d�8�3�9�9�4�4�7�d�6�2�4�9�7�f�1�c�2�f�f�4�0�0�c�e�3�b�a�f�4�e�a�5�f�6�d�8�7�1�7�d�9�f�d�9�4�2�9�c�
C�:�\�2�f�1�b�c�1�f�4�a�9�d�1�6�a�4�3�1�9�7�c�f�7�3�8�5�1�5�0�e�f�5�1�1�c�a�5�d�a�9�8�5�e�8�f�e�d�f�3�3�a�0�0�9�e�e�9�c�c�e�c�6�5�3�9�
C�:�\�7�0�8�6�1�f�0�f�2�f�d�1�8�3�9�e�d�9�b�a�6�5�7�e�3�8�d�5�5�8�6�2�2�9�5�9�e�e�3�1�f�7�b�b�a�1�e�3�6�3�f�1�3�c�5�f�e�8�c�5�0�b�9�3�
C�:�\�b�d�1�f�7�c�b�b�f�b�6�4�f�a�9�e�5�1�7�b�7�1�1�2�2�8�0�7�b�2�b�2�f�9�a�0�c�d�5�6�d�e�5�0�8�3�8�5�3�4�4�1�8�1�2�1�2�9�1�b�b�0�e�b�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�7�4�5�d�6�5�7�a�e�6�c�6�6�0�4�a�a�e�e�b�9�3�d�4�d�b�b�2�9�6�9�1�4�5�8�3�c�5�0�1�4�7�a�b�6�2�4�a�6�f�e�4�7�e�5�4�f�d�4�6�9�d�5�3�
C�:�\�2�1�d�a�c�6�2�0�d�d�f�4�4�1�4�1�a�6�d�1�3�6�a�c�8�e�5�4�e�7�e�d�6�0�3�f�8�e�e�0�b�a�3�3�e�c�f�e�6�c�3�f�0�8�e�3�5�2�1�8�d�e�1�4�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�a�1�f�d�d�3�8�0�1�f�c�5�d�b�4�b�9�b�2�d�9�c�e�6�0�7�b�3�3�c�c�b�f�1�6�c�6�e�0�5�8�7�0�9�d�f�9�4�8�c�1�c�3�4�3�7�7�8�1�0�2�a�b�e�
C�:�\�c�b�d�1�1�0�2�f�0�1�7�7�2�2�c�4�2�9�8�5�d�6�7�c�a�8�5�7�e�b�5�9�3�e�8�4�9�4�f�6�c�3�c�f�7�b�e�6�0�8�d�a�d�b�5�9�c�3�d�1�d�d�2�7�
C�:�\�e�0�2�9�c�3�2�4�d�a�d�d�9�d�3�9�0�9�a�7�8�8�f�5�c�1�1�0�2�0�1�3�5�6�9�c�6�5�1�7�f�5�4�f�8�3�d�6�b�9�3�9�f�d�e�7�a�1�e�7�b�c�f�f�
C�:�\�e�5�6�4�5�f�4�3�d�b�8�8�a�c�0�a�7�9�7�1�3�1�d�d�b�2�c�0�d�2�c�7�6�b�3�4�3�8�b�5�1�1�a�8�5�3�b�0�f�f�9�e�b�2�3�5�a�5�6�f�a�9�f�8�
C�:�\�a�2�7�f�a�7�d�6�3�3�5�4�b�3�3�d�f�3�b�5�e�5�c�2�7�1�b�b�c�5�6�6�0�c�2�e�e�0�d�f�4�6�c�b�5�e�7�6�f�8�4�1�a�5�7�e�9�c�d�9�1�f�a�e�
C�:�\�4�a�6�9�7�6�7�3�a�7�8�2�3�3�c�1�5�b�3�0�9�c�f�0�5�9�7�4�7�b�9�7�9�1�8�2�d�a�0�5�1�d�2�c�4�a�f�f�e�c�c�1�4�e�b�2�4�8�7�4�e�4�a�3�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�t�Y�I�o�R�j�0�6�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�a�3�7�2�d�5�3�d�7�2�5�e�9�5�b�0�5�8�3�5�3�5�6�c�e�4�4�a�b�5�f�6�.�e�x�e�
C�:�\�e�a�d�6�f�c�2�4�c�0�9�1�6�d�0�6�3�6�e�3�5�9�9�b�8�d�1�4�c�f�5�2�1�b�b�3�a�5�7�9�4�c�e�4�7�7�6�9�f�6�7�8�1�1�c�e�2�f�8�0�b�b�9�7�
C�:�\�V�W�c�z�f�s�5�n�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�d�a�6�6�6�8�8�2�4�6�5�4�a�9�1�b�8�c�e�e�5�2�e�0�8�7�8�d�c�9�9�1�.�v�i�r�u�s�.�e�x�e�
C�:�\�b�5�0�d�6�b�c�4�2�b�2�4�0�7�3�5�7�7�4�7�2�4�2�4�8�9�4�f�0�3�8�6�a�f�1�c�c�a�6�b�4�6�2�9�d�9�5�5�8�1�c�2�f�e�5�2�8�f�c�6�d�a�4�b�
C�:�\�T�U�m�P�N�I�N�e�.�e�x�e�
C�:�\�U�s�e�r�s�\�w�i�n�7�u�s�e�r�\�a�9�a�5�f�7�b�e�b�a�7�f�3�c�4�8�2�c�1�1�d�9�c�7�1�c�8�9�c�b�2�2�c�c�4�b�8�c�1�8�8�5�c�8�c�f�7�3�7�7�f�7�e�8�8�2�f�4�d�5�5�8�9�2�.�e�x�e�
C�:�\�a�2�0�c�2�d�c�6�c�c�a�1�4�8�7�c�3�f�4�1�f�1�a�4�2�d�c�c�b�c�d�3�b�4�5�e�1�5�8�1�5�3�3�3�c�3�1�a�8�2�b�9�7�0�b�f�2�a�0�1�d�a�d�5�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�g�e�w�o�s�.�p�e�3�2�
C�:�\�f�c�2�6�9�0�5�e�c�b�3�5�b�5�9�e�4�3�8�2�c�9�7�6�e�7�0�6�2�2�3�9�d�0�9�e�b�f�3�f�6�3�d�e�4�f�6�c�e�1�3�e�4�d�0�0�e�5�e�2�3�2�4�e�
c�:�\�t�a�s�k�\�C�8�A�3�0�7�7�3�E�8�9�8�4�3�1�C�0�C�7�F�A�7�1�A�E�0�3�F�7�3�F�1�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�7�c�4�4�5�e�b�d�4�4�a�b�3�b�8�2�2�f�a�6�6�2�b�7�b�5�7�1�f�6�1�6�.�v�i�r�u�s�.�e�x�e�
C�:�\�6�1�4�e�1�5�d�8�e�0�1�7�8�8�d�4�9�e�6�a�3�1�a�4�9�f�9�b�b�5�4�c�7�4�c�7�8�0�e�a�2�5�6�f�6�5�9�1�b�9�5�1�6�9�a�5�f�d�b�0�1�7�a�1�
C�:�\�4�0�1�7�c�8�f�e�4�7�a�e�4�6�a�1�0�9�c�0�9�2�1�a�0�0�c�d�a�c�a�b�b�7�a�b�6�f�8�d�e�d�d�d�d�2�e�2�6�c�3�6�1�2�b�c�f�8�2�0�5�6�1�6�
C�:�\�U�s�e�r�s�\�R�A�4�9�1�~�1�.�V�U�L�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�2�9�c�5�4�0�d�3�d�1�a�7�2�8�c�b�8�4�5�b�7�c�a�0�3�f�9�6�0�2�4�8�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�g�e�w�o�s�.�e�x�e�
C�:�\�U�s�e�r�s�\�P�e�t�r�a�\�A�p�p�D�a�t�a�\�L�o�c�a�l�\�T�e�m�p�\�g�e�w�o�s�.�p�e�3�2�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�4�e�7�b�b�4�9�3�a�c�e�6�9�b�6�d�_�g�e�w�o�s�.�e�x�e�
C�:�\�U�s�e�r�s�\�a�d�m�i�n�\�D�o�w�n�l�o�a�d�s�\�4�4�6�6�8�7�6�7�4�c�c�8�6�1�0�2�5�4�7�d�a�1�8�e�c�2�9�9�1�0�f�3�9�7�c�c�4�0�b�3�6�f�8�3�8�6�e�2�c�4�9�c�5�1�c�5�7�9�b�2�3�8�8�d�.�e�x�e�
c�:�\�t�a�s�k�\�5�3�E�C�B�8�C�A�4�9�A�4�E�F�D�F�F�3�7�0�F�0�E�D�E�D�E�C�2�C�E�5�.�e�x�e�
C�:�\�L�J�Z�L�m�S�P�S�.�e�x�e�
C�:�\�0�a�d�b�c�d�1�2�e�a�8�7�a�7�9�6�1�6�0�b�7�e�2�8�1�b�9�7�6�1�1�8�0�3�c�c�7�b�b�a�8�b�4�d�6�e�f�4�f�9�e�7�d�e�1�5�c�f�e�b�a�4�b�4�
Process Tree
-
047886cdd58a3032aeac72c457bf6707a819967a5ff15acb53dd0c36e2b8f205.exe (3028)
"C:\Users\Administrator\AppData\Local\Temp\047886cdd58a3032aeac72c457bf6707a819967a5ff15acb53dd0c36e2b8f205.exe"
- gewos.exe (628) "C:\Users\ADMINI~1\AppData\Local\Temp\gewos.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 35.212.119.5 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| nasap.net | A 35.212.119.5 | 35.212.119.5 |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49164 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49165 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49166 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49168 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49169 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49170 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49172 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49173 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49174 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49176 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49177 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49178 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49180 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49181 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49182 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49184 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49185 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49186 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49188 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49189 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49190 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49192 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49193 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49194 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49196 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49197 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49198 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49200 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49201 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49202 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49204 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49205 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49206 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49208 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49209 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49210 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49212 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49213 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49214 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49216 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49217 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49218 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49220 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49221 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49222 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49224 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49225 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49226 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49228 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49229 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49230 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49232 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49233 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49234 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49236 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49237 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49238 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49240 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49241 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49242 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49244 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49245 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49246 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49248 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49249 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49250 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49252 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49253 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49254 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49256 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49257 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49258 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49260 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49261 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49262 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49264 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49265 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49266 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49268 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49269 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49270 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49272 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49273 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49274 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49276 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49277 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49278 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49280 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49281 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49282 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49284 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49285 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49286 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49288 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49289 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49290 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49292 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49293 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49294 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49296 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49297 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49298 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49300 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49301 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49302 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49304 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49305 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49306 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49308 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49309 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49310 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49312 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49313 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49314 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49316 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49317 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49318 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49320 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49321 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49322 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49324 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49325 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49326 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49328 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49329 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49330 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49332 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49333 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49334 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49336 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49337 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49338 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49340 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49341 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49342 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49344 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49345 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49346 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49348 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49349 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49350 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49352 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49353 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49354 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49356 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49357 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49358 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49360 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49361 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49362 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49364 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49365 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49366 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49368 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49369 | 35.212.119.5 nasap.net | 443 |
| 192.168.56.101 | 49370 | 35.212.119.5 nasap.net | 443 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | abe5492610de6796_gewos.exe |
|---|---|
| Filepath | C:\Users\Administrator\AppData\Local\Temp\gewos.exe |
| Size | 42.0KB |
| Processes | 3028 (047886cdd58a3032aeac72c457bf6707a819967a5ff15acb53dd0c36e2b8f205.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9c0718d44bc7ab456332e513aee2d5e7 |
| SHA1 | 89391aa4059a041b522062c044e4d8748ef791bb |
| SHA256 | abe5492610de6796d9f39ab3f47a4bc40f67500bbcf89459983fc9bc02b03168 |
| CRC32 | ED677DF3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.