 Today, I want to give you a quick demo of utility to extract files and analyze files that are stored in McAfee quarantine files, so the files that end with the BUP extension. And the tool is called PUNBUP, PUNBUP, HELP, there are several options, calculate the hash, do a dump of the files, XDump, ASCIIDump, extract the files. So when you have a quarantine file, the first thing you will do with PUNBUP is look at the details, because every quarantine file comes with the details files that contains details of the malware that was detected here, it is the ACAR test file and the original name of the file. Here there is only one file, but when McAfee cleans up several files at the same time, they will be included in one quarantine file, so quarantine file can contain more than one file. To calculate the hash, MD5 hash, show the following command and here you have the hash of file 0, so now you can for example look this up in VirusTotal, and also do a hex dump like this, and this is the hex dump of the first file, that is in PUNBUP, so in the quarantine file, hex dump with ASCII, like this, and here you can recognize the ACAR test file definition, and also extract the first file to standard out, like this, and you can pipe that 10 into another command, like here, for example clip, now it is on the clipboard, and if I do a paste, and you can see here that the file was directed to standard out, and captured on the clipboard.