enigma0x3.net
Open in
urlscan Pro
192.0.78.25
Public Scan
Submission: On September 06 via api from ES — Scanned from ES
Summary
TLS certificate: Issued by R3 on August 4th 2023. Valid for: 3 months.
This is the only time enigma0x3.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 192.0.78.25 192.0.78.25 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
20 | 192.0.77.32 192.0.77.32 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
7 | 192.0.72.22 192.0.72.22 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
3 | 2a04:fa87:fff... 2a04:fa87:fffe::c000:4902 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
4 | 192.0.76.3 192.0.76.3 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
1 | 192.0.78.19 192.0.78.19 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
1 | 192.0.78.22 192.0.78.22 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
40 | 8 |
ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
s0.wp.com | |
widgets.wp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
wp.com
s0.wp.com — Cisco Umbrella Rank: 7672 stats.wp.com — Cisco Umbrella Rank: 2664 widgets.wp.com — Cisco Umbrella Rank: 11387 pixel.wp.com — Cisco Umbrella Rank: 2601 |
210 KB |
9 |
wordpress.com
enigma0x3.files.wordpress.com r-login.wordpress.com — Cisco Umbrella Rank: 26608 public-api.wordpress.com — Cisco Umbrella Rank: 9058 |
230 KB |
3 |
gravatar.com
1.gravatar.com — Cisco Umbrella Rank: 9286 0.gravatar.com — Cisco Umbrella Rank: 8096 |
7 KB |
3 |
enigma0x3.net
enigma0x3.net |
32 KB |
40 | 4 |
Domain | Requested by | |
---|---|---|
19 | s0.wp.com |
enigma0x3.net
s0.wp.com widgets.wp.com public-api.wordpress.com |
7 | enigma0x3.files.wordpress.com |
enigma0x3.net
|
3 | pixel.wp.com |
enigma0x3.net
|
3 | enigma0x3.net |
s0.wp.com
|
2 | 0.gravatar.com |
enigma0x3.net
0.gravatar.com |
1 | public-api.wordpress.com |
s0.wp.com
|
1 | r-login.wordpress.com |
enigma0x3.net
|
1 | widgets.wp.com |
enigma0x3.net
|
1 | stats.wp.com |
enigma0x3.net
|
1 | 1.gravatar.com |
enigma0x3.net
|
40 | 10 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tls.automattic.com R3 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
*.wp.com Sectigo ECC Domain Validation Secure Server CA |
2022-11-14 - 2023-12-15 |
a year | crt.sh |
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA |
2022-11-23 - 2023-12-24 |
a year | crt.sh |
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA |
2022-11-23 - 2023-12-24 |
a year | crt.sh |
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA |
2022-11-23 - 2023-12-24 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
Frame ID: 9C94B0CC2FD02B3BE88B76CD458E04F4
Requests: 35 HTTP requests in this frame
Frame:
https://widgets.wp.com/likes/master.html?ver=20230309
Frame ID: 036EA95259DEC1AC56F173F821C5B91F
Requests: 3 HTTP requests in this frame
Frame:
https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9lbmlnbWEweDMubmV0&wpcomid=62662083&time=1693985550
Frame ID: 8CF43CCF0165DB89EF218B76026E6581
Requests: 1 HTTP requests in this frame
Frame:
https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 8273B323D84C676173E9418308692993
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
“Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking | enigma0x3Detected technologies
WordPress (CMS) ExpandDetected patterns
- <link[^>]+s\d+\.wp\.com
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
41 Outgoing links
These are links going to different origins than the main page.
Title: here
Search URL Search Domain Scan URL
Title: @hfiref0x
Search URL Search Domain Scan URL
Title: SysInternals Process Monitor
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: sigcheck
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: @mattifestation
Search URL Search Domain Scan URL
Title: https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1
Search URL Search Domain Scan URL
Title: Latest Windows UAC Bypass Permits Code Execution | Threatpost | The first stop for security news
Search URL Search Domain Scan URL
Title: enigma0x3
Search URL Search Domain Scan URL
Title: Windows Event Viewer Used for Malicious Code Execution – HOTforSecurity
Search URL Search Domain Scan URL
Title: jdrch
Search URL Search Domain Scan URL
Title: https://bugs.chromium.org/p/project-zero/issues/detail?id=156
Search URL Search Domain Scan URL
Title: https://bugs.chromium.org/p/project-zero/issues/detail?id=156&can=1&q=uac
Search URL Search Domain Scan URL
Title: minxomat
Search URL Search Domain Scan URL
Title: https://github.com/minxomat/zero2hero
Search URL Search Domain Scan URL
Title: CS-Cart.com
Search URL Search Domain Scan URL
Title: Another example of maldoc string obfuscation, with extra bonus: UAC bypass, (Sun, Mar 5th) – sec.uno
Search URL Search Domain Scan URL
Title: Another example of maldoc string obfuscation, with extra bonus: UAC bypass, (Sun, Mar 5th) « CyberSafe NV
Search URL Search Domain Scan URL
Title: Another example of maldoc string obfuscation, with extra bonus: UAC bypass, (Sun, Mar 5th) | Jeremy Murtishaw, Inc.
Search URL Search Domain Scan URL
Title: NexusLogger: A New Cloud-based Keylogger Enters the Market - Palo Alto Networks Blog
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: Log in
Search URL Search Domain Scan URL
Title: WordPress.com
Search URL Search Domain Scan URL
Title: Blog at WordPress.com.
Search URL Search Domain Scan URL
Title: Log in now.
Search URL Search Domain Scan URL
Title: Customize
Search URL Search Domain Scan URL
Title: Sign up
Search URL Search Domain Scan URL
Title: Copy shortlink
Search URL Search Domain Scan URL
Title: Report this content
Search URL Search Domain Scan URL
Title: View post in Reader
Search URL Search Domain Scan URL
Title: Manage subscriptions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
40 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ |
152 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
179 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
369 B 463 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
29 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
global-print.css
s0.wp.com/wp-content/mu-plugins/global-print/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
8ded672c-f828-46a4-b51d-709a27aedfee
https://enigma0x3.net/ |
1 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
123 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
s0.wp.com/wp-content/mu-plugins/highlander-comments/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eventvwr_manifest.png
enigma0x3.files.wordpress.com/2016/08/ |
50 KB 50 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hkcr_mscfile_query.png
enigma0x3.files.wordpress.com/2016/08/ |
41 KB 41 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
registry_queries.png
enigma0x3.files.wordpress.com/2016/08/ |
37 KB 38 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mscfile_key_hijack.png
enigma0x3.files.wordpress.com/2016/08/ |
35 KB 35 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hijack_query.png
enigma0x3.files.wordpress.com/2016/08/ |
37 KB 37 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
powershell_load.png
enigma0x3.files.wordpress.com/2016/08/ |
15 KB 15 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
powershell_procexp.png
enigma0x3.files.wordpress.com/2016/08/ |
11 KB 11 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ad516503a11cd5ca435acc9bb6523536
1.gravatar.com/avatar/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hovercards.min.js
0.gravatar.com/js/hovercards/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wpgroho.js
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ |
655 B 450 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
41 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wpcom-gray-white.png
s0.wp.com/i/logo/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
32 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ |
113 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w.js
stats.wp.com/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LeagueGothic-Regular-webfont.woff
s0.wp.com/wp-content/themes/pub/trvl/fonts/ |
30 KB 30 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 7 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
master.html
widgets.wp.com/likes/ Frame 036E |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g.gif
pixel.wp.com/ |
50 B 75 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g.gif
pixel.wp.com/ |
50 B 93 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g.gif
pixel.wp.com/ |
50 B 75 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-emoji-release.min.js
s0.wp.com/wp-includes/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ |
4 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hovercards.min.css
0.gravatar.com/js/hovercards/ |
3 KB 858 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
remote-login.php
r-login.wordpress.com/ Frame 8CF4 |
123 B 293 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rlt-proxy.js
s0.wp.com/wp-content/js/ Frame 036E |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
s0.wp.com/_static/ Frame 036E |
81 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 8273 |
8 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rlt-proxy.js
s0.wp.com/wp-content/js/ Frame 8273 |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actionbar.js
s0.wp.com/wp-content/mu-plugins/actionbar/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
admin-ajax.php
enigma0x3.net/wp-admin/ |
0 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
63 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture string| wpcom_remote_login_extra_auth function| wpcom_remote_login_remove_dom_node_id function| wpcom_remote_login_remove_dom_node_classes function| wpcom_remote_login_final_cleanup function| addLoadEvent object| _wpemojiSettings object| related_posts_js_options object| actionbardata object| wpcom_mobile_user_agent_info function| rltInvalidateToken function| rltInjectToken function| rltIsAuthenticated function| rltGetToken function| rltAddInitializationListener function| rltStoreToken function| rltInitialize undefined| $ function| jQuery function| highlander_expando_javascript object| Gravatar object| WPGroHo object| HighlanderComments function| textarea_autosize object| WPCOM_sharing_counts object| jetpackSwiperLibraryPath object| jetpackCarouselStrings object| sharing_js_options object| wpcom_img_zoomer object| jetpackLikesWidgetBatch boolean| jetpackLikesMasterReady number| jetpackLikesLookAhead object| jetpackCommentLikesLoadedWidgets object| jetpackLikesDocReadyPromise function| JetpackLikesPostMessage function| JetpackLikesBatchHandler function| JetpackLikesMessageListener function| JetpackLikesWidgetQueueHandler function| jetpackLoadLikeWidgetIframe function| jetpackGetUnloadedWidgetsInView function| jetpackIsScrolledIntoView function| jetpackUnloadScrolledOutWidgets function| jetpackWidgetsDelayedExec function| jetpackOnScrollStopped object| detectZoom object| addComment function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| wpcom object| WPCOMSharing undefined| windowOpen object| _tkq object| _stq string| mobileStatsQueryString object| twemoji object| wp0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0.gravatar.com
1.gravatar.com
enigma0x3.files.wordpress.com
enigma0x3.net
pixel.wp.com
public-api.wordpress.com
r-login.wordpress.com
s0.wp.com
stats.wp.com
widgets.wp.com
192.0.72.22
192.0.76.3
192.0.77.32
192.0.78.19
192.0.78.22
192.0.78.25
2a04:fa87:fffe::c000:4902
08049155425170644473fbebdaebcba11c6358913cf6dbe0c739a7c7c05ad04c
0ac1e569486e182712d9597135f6463eb8cc63ecc0f6fb621cf70f2ea4191e11
0b6f77482086b3f7d666143e403b8a1c0994671c04e4b10ac9c3f9520d9f9cb7
10e1d5be200976ab3c32ddb7076abe7c8c7ffe002556c5954d146319420e0580
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730
25ee8903d79dafe188d9b51dcf4de5e43d8bfdb39c3cbd19d725fd15a5cb3000
263a796c2f548e72c6fb259c0cf362e8349366291fc3ccc377eb46ebaf39c1fd
3086aaa2e8d2138d1ef45b3747e966b8f0056f2edb6786616da1a8928cf1c018
32cf39fdd1cd09157852ef8193ff69bc05364c447e0fbbf2271bd963b30ebd7c
38cb9f8c73cfe56498780d4d84037dba94d63292c6652e3ef70b8aee7b786689
4036cebd171599f88c56f4c9de9f5e2d56e3bb72889d64301a7ce332ab2699d4
439567273e01cbd23d398e715a459261b18756b1eb9e5d5a362c5dcbc4f29c34
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
486b694c4933bf0e1a51c429bdbd97e80ac818f4005c89885800230da524d4de
4ce9e8a1f2338d8dc638e514ab2b5ca00683ebf13cca9e80c065a3f2ffe64f8b
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
55453ebd247510fae564fd214b6693ea2f85de95e304376b5fb0ae4f0e9e9caf
5bb603b51c889acc89bda21939a04cd22836f3e48a521af8d00166de1d36c31e
5f7fd3df3d68a3e951a6b1f9c3c2c67ae9bd2ab1493b0abac2e5c411eddd9195
822183b6912f8ef43349d897aa66f65f840a059a488c1dae834f2e1b4d847c1c
922f7310455a01a1cc789155c95eed771508f7cf31cf38b176a934147e26c7af
9398eb3737a99ee7929995d320c3385f8374ff399152fcad64a47b55a985e5d4
999931bd091d6dcf6c5f2bed505c4502508926748a82671769161325824e3870
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
a38aca823bb17c7335f249bb6194adbc333694c11ffa76563b4cba3a033cd99c
aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
b91f865f1d193bd8771dc80a28790ad724c5249385f8405a3eb96e77d599f5d8
c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8
c129c4f7d997625184b3991f0e237703d892cdfc5d8e9a4b2b093feed795fcd1
c59758aba315041f99301a6120932ecaf751fb3a0b35b55b65eea138912c86ea
cb3334fb252ab83ec5c48f3e3b78082a9bc0c2d4c0a6b28c9028d80b471ffe6a
d288b2ef9a00f34e96b689b3edd67dc2ae3dfb8613d0ad1135641c73f1e46591
ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c
fcc336606f0d687cb2aa232a532210c94f33b6e4fcaa0b054679b478a0c12d32