malware.news
Open in
urlscan Pro
104.26.6.105
Public Scan
Submission: On October 26 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.
This is the only time malware.news was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
33 | 104.26.6.105 104.26.6.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.184.206 142.250.184.206 | 15169 (GOOGLE) (GOOGLE) | |
7 | 143.204.98.22 143.204.98.22 | 16509 (AMAZON-02) (AMAZON-02) | |
42 | 4 |
ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-22.fra50.r.cloudfront.net
media.kasperskycontenthub.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
malware.news
malware.news |
1 MB |
7 |
kasperskycontenthub.com
media.kasperskycontenthub.com |
263 KB |
2 |
google-analytics.com
www.google-analytics.com |
20 KB |
42 | 3 |
Domain | Requested by | |
---|---|---|
33 | malware.news |
malware.news
|
7 | media.kasperskycontenthub.com |
malware.news
|
2 | www.google-analytics.com |
malware.news
www.google-analytics.com |
42 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
media.kasperskycontenthub.com |
encyclopedia.kaspersky.com |
securelist.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-15 - 2022-06-14 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-10-04 - 2021-12-27 |
3 months | crt.sh |
media.kasperskycontenthub.com Amazon |
2021-02-01 - 2022-03-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://malware.news/t/qakbot-technical-analysis/52399
Frame ID: 238BDCD3A72F19416A4F42F4948A9BBC
Requests: 43 HTTP requests in this frame
Screenshot
Page Title
QakBot technical analysis - Malware Analysis - Malware Analysis, News and IndicatorsDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
24 Outgoing links
These are links going to different origins than the main page.
Title: 990×400
Search URL Search Domain Scan URL
Title: OSINT
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: *
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 1
Search URL Search Domain Scan URL
Title: 1
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 4
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 1
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: download
Search URL Search Domain Scan URL
Title: Technical analysis of the QakBot banking Trojan | Securelist 9
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
42 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
52399
malware.news/t/qakbot-technical-analysis/ |
144 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
malware.news/assets/ |
247 B 548 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
malware.news/assets/locales/ |
256 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
372 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
1 KB 854 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
153 B 660 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
malware.news/stylesheets/ |
90 B 547 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
malware.news/assets/ |
557 KB 157 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
malware.news/assets/ |
173 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
malware.news/assets/ |
150 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
malware.news/assets/ |
3 MB 506 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
malware.news/assets/plugins/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
malware.news/assets/plugins/ |
32 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
malware.news/assets/plugins/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
malware.news/assets/plugins/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
malware.news/assets/plugins/ |
2 KB 964 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
malware.news/assets/plugins/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
malware.news/assets/plugins/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
malware.news/assets/ |
725 B 808 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
malware.news/assets/ |
135 B 383 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
malware.news/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js
malware.news/svg-sprite/malware.news/ |
114 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.magnific-popup.min.js
malware.news/javascripts/magnific-popup/1.1.0/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js
malware.news/highlight-js/malware.news/ |
202 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
24_2.png
malware.news/user_avatar/malware.news/malbot/45/ |
4 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_02.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145926/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_04.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151656/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_05.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151717/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_08.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151829/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_11.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01151946/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sl_abstract_binary_wave-990x400.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/03/30083524/ |
60 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Qakbot_technical_analysis_01-1024x350.png
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/01145837/ |
166 KB 166 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 205 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
poll
malware.news/message-bus/92f79336aea04fd799592fbc6a86e209/ |
266 B 0 |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| I18n object| MessageFormat function| moment function| define function| requirejs object| ENV object| EmberENV function| $ function| jQuery object| mainContext object| Ember object| Em function| require function| requireModule object| Markdown object| bootbox object| clone object| Logster object| Handlebars object| MessageBus object| Popper function| _ function| Mousetrap object| RSVP object| BufferedProxy string| __INDIVIDUAL_ONE_VERSION_ev-store_ENFORCE_SINGLETON undefined| __INDIVIDUAL_ONE_VERSION_ev-store object| virtualDom function| filterCSS function| filterXSS function| __t object| __DISCOURSE_RAW_TEMPLATES object| Discourse object| __widget_helpers string| GoogleAnalyticsObject function| ga undefined| $bu object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| hljs3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.malware.news/ | Name: _ga Value: GA1.2.1605960722.1635243724 |
|
.malware.news/ | Name: _gid Value: GA1.2.285321649.1635243724 |
|
.malware.news/ | Name: _gat Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/ |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
malware.news
media.kasperskycontenthub.com
www.google-analytics.com
104.26.6.105
142.250.184.206
143.204.98.22
003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1
038cfdb78afdfb5feb4e5dbd924e2f7a87c90f3a0a5314ba2ec23c6b26172a1d
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d
0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac
180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715
19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045
1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c
1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f
36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b
3ad7fbc07473d4c53beeb81e5f53fd8ebb179f2aed593f1fe51540bb34f80e69
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3
40eceea96af900b9d1b73d8859a9919d9e3bc2a16916072701ea98e3d4642ba6
430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce
439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9
46b9cee37dcb843ffd1954731ea194ff6690cb591481015de367901eaec8df9d
5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa
5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e
6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9
70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856
70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436
7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7
7eedbeb43c93c8d82301cb78609a457a55cec956398be4b7dd6d12f0fac1d516
8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa
8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046
92229df29a090ec2792749556e41deeeaec5d1167056f4f0bbfb9deaa2397235
9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5
9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778
a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442
aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1
b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c2726a744cb41e1f88bf2cc8365389ebbaa6f5beef6d55241fd685c2bd6b3fa5
cf5e9c54650bf4326d3a8caa3bcf484b5785dfff38f9cc52a5d3e5ec5daeb2f8
d2750757e1fe13b6523dafa5f06363ade310cb51b53a7da9fd9d9253fc859850
dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf
dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7
f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3