From 6766ac618c554a9bf537a653f4ce0d75b31ba485 Mon Sep 17 00:00:00 2001
From: Joshua Wright <jwright@hasborg.com>
Date: Tue, 30 Apr 2019 14:38:43 -0400
Subject: [PATCH] Add Event ID 4673 Sensitive Privilege Use detection for
 Mimikatz

---
 DeepBlue.ps1                        |  20 +++++++++++++++++++-
 evtx/mimikatz-privesc-hashdump.evtx | Bin 0 -> 69632 bytes
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 evtx/mimikatz-privesc-hashdump.evtx

diff --git a/DeepBlue.ps1 b/DeepBlue.ps1
index 23900c2..a8cfd9a 100644
--- a/DeepBlue.ps1
+++ b/DeepBlue.ps1
@@ -50,6 +50,9 @@ function Main {
     $failedlogons=@{}   # HashTable of failed logons per user
     $totalfailedlogons=0 # Total number of failed logons (for all accounts)
     $totalfailedaccounts=0 # Total number of accounts with a failed logon
+    # Track total Sensitive Privilege Use occurrences
+    $totalsensprivuse=0
+    $maxtotalsensprivuse=4
     # Admin logon variables:
     $totaladminlogons=0  # Total number of logons with SeDebugPrivilege
     $maxadminlogons=10   # Alert after this many admin logons
@@ -172,7 +175,22 @@ function Main {
                     $totalfailedaccounts+=1   
                 }
             }
+            ElseIf($event.id -eq 4673){
+                # Sensitive Privilege Use (Mimikatz)
+                $totalsensprivuse+=1
+                # use -eq here to avoid multiple log notices
+                if ($totalsensprivuse -eq $maxtotalsensprivuse) {
+                    $obj.Message = "Sensititive Privilege Use Exceeds Threshold"
+                    $obj.Results = "Potentially indicative of Mimikatz, multiple sensitive privilege calls have been made.`n"
 
+                    $username=$eventXML.Event.EventData.Data[1]."#text"
+                    $domainname=$eventXML.Event.EventData.Data[2]."#text"
+
+                    $obj.Results += "Username: $username`n"
+                    $obj.Results += "Domain Name: $domainname`n"
+                    Write-Output $obj
+                }
+            }
         }
         ElseIf ($logname -eq "System"){
             if ($event.id -eq 7045){
@@ -457,7 +475,7 @@ function Create-Filter($file, $logname)
     # Return the Get-Winevent filter 
     #
     $sys_events="7030,7036,7045,7040"
-    $sec_events="4688,4672,4720,4728,4732,4756,4625"
+    $sec_events="4688,4672,4720,4728,4732,4756,4625,4673"
     $app_events="2"
     $applocker_events="8003,8004,8006,8007"
     $powershell_events="4103,4104"
diff --git a/evtx/mimikatz-privesc-hashdump.evtx b/evtx/mimikatz-privesc-hashdump.evtx
new file mode 100644
index 0000000000000000000000000000000000000000..f82f01d16bc8cae33d20f96d0ea31519c08e2989
GIT binary patch
literal 69632
zcmeI53wRvWb;s|n9$w4VO17*7Y``+Mz{a&KS(cHpF_!hf23vl~FDx8nOO|ZQl96QD
z)VL@-N&<oUYrtt*C{7E3FAsl(64F8vC=~h?LMX-wk3dQZ0h0hJw0s5Hp#J}N?$OS!
zW~B9^o%JWp=v&R~yv~_BzkANP_nw)pZrxt9qqRxJPGPg62lIeRQz|zQyUXYP{@j{B
zt^3?3@lW8FfL{WB3HT-8mw;aaehK&`;Fo}30)7ejCE%BUUjl=cKy~Z(%9gfWXyaQ`
zwwcF%@4@=h&Q)sq45eys?XESuB|PK#>$3l_Sxzu@v{H9wD%A!BIx%m_kS*5yFxFp)
zZV0#On>appdN%}J(_`00f1fnU`hKU8x6kaq$gJnqNm%!mS${sx$>~vi|2SwZPmIy4
z$#(1vTnnca*tZ@!UJ!F#+;*`PI=>_^on!QfJv7(ox;`ti<=_`1%Un9|Jf(`UpWN?X
zPdfV0HND3JIe~y08+i1c_dDh6Tz>G`ZEK!x>`uS>g(rT#3|GRvDtdb_#3C<{)5Bvk
zRJH0>O{z_G;rosFWbQN@f0UD<_N(2h6&pLTAtO+xTCiJ}+M_N|v+>udwqZ>Z_G!R!
z5#~FvrbD&kTf5qhJ&W+Y9qVVSec0B9`5aY@zqwc{R^|BL)F-|(>RT|-+q>O%-`eXk
z)mn8G&fKLXDiy@VybQhMj(%_;q*iI^-H_FYy*jY<A$)2C#!GKcSG7=fH#YKuCaM+v
zRGy_aXjL1b_&$i6Wh<dptZP=8Uo#BN$WK=ntG!wpPj`+wfUDl7=BYBs=U+JvZ^ZW|
zte=Ieo{!}@SSnYgSYL)EZY#qv+cBSyd6O!^e&y<*N~=hNdP;q2q<z#d%BIRPRfTQm
z;*&|_snU#Bveas*(|}vH11H>plXc(<lnSS-%wRZ8Wu^zlsI##`YT9X|N2&E@w;i~+
zHf#%q$EfslFm@KcNEK`RS%zAU9mz_o-brz%pgIFz?tlWEst=^AI?ci^d<%wy6c|ti
z_`)j4>F8ORY9#<77Q98=Ex<EnsA>2jHFxK8A$2J>Uxi!Hj*Dp2mk|tSsQh%?_Ep$*
z9608*;MOq^x<lX7O6=MM1&Bx^w&~(wEhf_o4`f9VBnP2*GS#@WKo)3?*s_|mY+Grs
z!3n7{HL*%Q7|v2z)a3>oBnIhkJ{+Se^={OoRcj)}T95r|o-#^jeUPOpaK<huPFlNg
zrPg`Fqf}1jd)SS)z3j<xilVJE@tRx?8n1HFpv!K^5F_>vKNyV**sm4es|8uNcPaI#
zg{7k|Suc(@b%x}1;?HOiQlU(mcHY_>=7&(iEv9Ux0K%hHC@s+2JBQbA4Ci$~v=VzZ
z0HijpH|}pnAcS&f`R&CitZPljfs1h9FK{4l<bt-4F1X!5gUVWU7l&q>L(8<$Sc^@2
zQ3{s5V(BlzNyIH2De5mssma(QQ#{1><(X<7u9D|BS2|YZrKJb*G=6jjEc>#mP~UD<
z`Ytx$EWvP|nv$NbCSV!N>JJcC{BR1Xe0;{~<#a6Z6H-}vKfTiB-?ZQq?Ay{;DGL_Q
zu6*VJ8ulZoh4+m?wP2m)WLf(9BU^qT{({SkPya<-=<!|OT6)8qFWrShjHUlN7R3dA
zuOf{4OY2pGThNLEsMP-(^j&3LxdtC?`!fOypp4zl)4sRiFxn{E-$ZS_<pad9+HJpO
zSZVW%p$20CPA`rP<M!`WTh&fTW^Ivsw-(w^=^(su9$_MdQ%zX$_+RC?92T+t!R&wv
z@W6REkiMQIKC)$8%z;%XGG0A>m;K<Nbug8cVCLAESY@s9X02Ohlud*AO2@rcFq?U5
zEXbIM54nN;<CKw)f4TDy-hX?|y+@z^x6b+#umV=)ks45qJ15I^D3B`D@><l-*M5!L
zt*5hiPR0q07nb6>VEpv7>r8vRaOFdPa;-!gT>fR%<CmXy^Iy)}byIEWheFXf^%fQx
zFVK$|KD>?twm=2OZ}j++pawnuc+9n54~JDid*pBqjbNH$&_v@&8nkbW@_r1j=>7V<
z99PiG1u=@IJsMZg?DhFCuAu+w^Hf|xPu1s-s0_`R7D<029))`{I_~opRG;2Lt4|Bu
zXYa$=mJR0~wBdRW+Uc;^V$0&@!lGCfHyF;fFr0=J<Tnm`$+Oa4YE5Ys!`l9Z$HB5`
zk%=0%8bFt;a_|YL`Ds%iMwM1j8m8PHiBwT&st20BEe0)~_$$_V%z_uB7oaO)#cWoE
zhp(^OUw7NGdmdi2AZ_{+*|A4hX7jS=Yt~5k&gBy~K2U%3)e9zGxaN${ihvjQf<-tR
zi)`6&s=Ag=ltB*zWSc7hiPhN7mJaXHP3`Hnt%cZ<$(S=E5Ni{n4VY!VaIP|QE*-E~
zM-FDgEDMHX=bK|^Mx@4L#)8>2VmQ9k96x~8(UvTjO*@7oXPYB=x6SpAMRXT2*SrrM
zy7)R^s^Kwt6y>noSWnGSqqL3Vo@_ugVc!gE-x9O$)X2WsI$*KFCi<~ve3s)lI;LQD
zrghv5a~vy^k<mZUX~h1cR4#RzW%k#>f>r)wVge&E|H14KWTfjF6l=u^KS~wW-LmQn
zF&{e19!vEsU21hGv8@heavxm@rb;x{>fs;S@z;t{s)s{kw7f&@f@AAaf9$ZP2xZF1
z5q5(9gMQ>=*kBN?r_&3Z{0J-iP*{)uQnA)U{FYdc6RETww4B5LzE|^p%YA3LbDHV#
zeHYH;zQ5z&_a@ZjWY%|G&*i>nShrnuZtgx7>1UF-F?sb}IFtMSTmQZ%`@Z)|ecy;e
zhsoE|gxcF)Kl%I4DA29>YmX8yvZBO!KQU2aL62~@AaB8@Gkf80CUAZ{(29uc4t#!>
z3J%K7JakYxV!3>1QPG-=#g)$;dNn_j-K{2SoQOq6jclVhMpWz=>(J3kq!}BDDd0L8
zhn$acXKcjy#l$VSsPT~_of@Qlk)UJLV?WwzHZ$_eqclf72WoIL^3z8q6t9~2FX4FA
z#DsBZ9UHG^TJfr*)|DvTR^1oU5fkyT)!r8&I%@5HY~;>HqD5)%GkS=PAlL^m58;y)
z<4OD8t*t*$OgYfD_|7gp3ICjHnE@+;jP4b$ho+Iv_)>IgGp^hX-xP@*ufm|jv$QAl
zC+vhkb5l>_pL;q1yTU``u`3_-iyy^~(VtuoYx8a@?1;2J<B1;^4N1FU$(xAbFr8ex
z;W%y-r+DvrCt7VB2I8O(2YjUEAZ-$yj`u$obJMM-);)PFf%_k?U-`tk|2DrOyt(<6
z_fo-w_!aUnm}MwBMJ$65^;5VgPR@*wfIYCN94=w|Kf(k?qsW2qz)R<J_}?=>OkSMP
zp9kU3iHFzGfB(MELwug%^YQ>MB0QW1F4(cj>Fs&<Wc2inYscH(h}S*@0=j>}W*>w<
zHy(a}s`D`1A_t`okq5C87y;AMIi1HclgCAWJ0To8al!V;f1c`G3>UwFK7PBM7;AWV
z@6ZF`<nhqoP6&TaJbVSC!XKRKJPbEGfph}9oiI^}p+iQ?huVMiw-dsl8y6p*>Rb#L
zJAtT$b^<Y{m1d%lU}d#`+<Hxw8mjh=vhv1+N6sgk`(80=_Kh`B@eDhTocd3xyrhw^
z^&L-p_YZyTU8}jr@m7%-OC(#sXiM~I7FYgT|Mug_j=zo#u=V?-8Fyyi2L|o?M#;uw
znb|ZtZvp)vi?JMUF9z?fTQ7-H5}(Fifwx@f-aFyq1a5J`*}M%(eLrh%LR`exzxsSY
z$GIiB<AsZY9+4Q!1$$UIU?`dey&0Du8+h)4eOF9{Kj%O#G7&TbWP_D}-?=O~GOP?_
zWdc6r#R~Xk$dS2L`D%&T#_c?obNR@5IS*K6lEF&oPSCWNt!SE<G0^DaH{l$0;BW=@
zXD&_wG8EQfz7(V3Ymog@r#4}W9Lr&q3iK^@qvvrCEL8#icpS&F+tG)z1M8UrXHkk-
z)I^KM52t$EHcrm%@cun?ow_|PqwGxMlHM9QYoRJc0xHu}+080zIhQSS^%hFy6j?h*
zf3GFqjN4l<pK`WdrxxcVlk=5<DG-xYl4s*wB)V}fnt5jb{%PmtmIJ6@3|-^lTnztL
zP61W}(3ziXG|)%muMla@Yr#edK1^X|?=P3;;_sm2Ufi?TWgE{>f<Lz-=jrY9Af;TN
zABu1kg?y2-k5M7dHk@_jC6lxN2$Hk(lEpU8M4}sKqM2u$J^T9pb&pI$<`GnlwV&4p
zW9{C_*)4j}3iR@J!a_A8A&SZN%p{?Iy9ze09T_D|l(N>-%1C~WkTV+GxQ}E;?-lE_
z2S00rmcJ4y<86?_%=Z@PuxC(xI9k*Idt9Zjhsj>nNKkZ+QM7hTaKtvq+Z)IEnZeDz
zajQRcu<NM8-dl0r=0Ww2L}7!S)9wkXQ98Ugd`zPach5>~8|)0ru;(6KGJLe74OdSO
zHP}(S7K;IEf8JAzAD%;U;o?0vYyLZ|@2vM%p#D!a_5SB)-u6`T;_FK7Uzp8EBgiSY
zM<mA9d&bv4LQjBb=2^XuC%!I*6=#gpMW15jb_|+tJWzBLPke2EBI9B`Ca@Lkv^tQZ
z)ZLa&aYr-JBa*AY<vva5TGV@T*NQR8Zg`d=_?~*uE8A%otnHEbM@da4SLBQF`ZUAW
z!Q1!$OY-<~YQKp@C%)*5MYB_iui@H$L!GYCJdle+;G)oQ@#EEt-bo%8o&D@iL61mu
z;^OY?h-N9_A~vqw2~y|cBV6cgSj&bc-0rekSM=E1v>hqX5rzHHBDTHw2oXo5r5~sO
zj}}JOTON;@#`H?o^I6t;A{odEImMmWPT$>(edxa#7eq2k==-RJ<<X|=l%0X18>QID
z<`i#hjoG?<u+rX6!{JuH5jhkd&oMl1e{;FVJc>j&9z`>s$6?E38CrfNs#tiW|2)_5
z_{M{~lE`EKxU8T@B)ah^nx%wCw|>u|kIN*3E4B?4>GwRDxU2<^g;TtCYiQ##(@!jM
z8RydtU)Ozg->1p*zfOFKL?^x&_lsseU+|9dB=%r&e`@(M{#5v4+&{zc)o|T!Ll=8G
zZX*(%_+s2Inw?U7Nqjfl#%=VgEM(kf51RJp87_Xe^!<dmh;Q6xL)sKtTjVEMv9eMH
zJt8rd3mLZ&%{=3R*^6JVp`LhJe&DS5cQNcIS@9E)0$PYeOm2G^y@rw8cIgj_<W8gC
zS+e4JB=g%7%ZlgGQO^R}<vL`=_tP`(tau)IQcrPWbc)x={Bj<9(ob>Pvf>BPI?{Hr
zGTUug@%^-R&us6P72i*5_hTb>Hj)+3(KtRYDOvII-5LhZSC?R$6~|av@dNir4b-nS
z(6;y`$e8kN){7qEj*8Zz$CJI$9P#5b%ko5~y$=fg3);?@{->G7-rRHE?-Q~&iRTZ9
z#8`VH`2(VvXZ9wZ{>|a)hxAkR;)gi@Bf~{_@+G4aiBID5L%n@@^btQK5@WfbA7VzN
zXyzFg;)j?@E|$a1lCYf>e?1?_S`4%;ehFep63wQ^181sRxF|;H&oW$``~1VD$>ZYm
zK>zqeBsy`yyb{sul;mP0d6*D6k@1Zp!%JxT>Z!G!wsS;cEHCsgN09C<nt8^{NcJzd
z^9%CCj&MHPaPf_w)_Kf@NOa>uH1oN@$b&p#XV0`4%6!)O$hj#NE>3`pV#7tn-)>Hb
zi}>OWr@Tdx7|VsUe?>DtZ&BwTPJ<b>XEjE05B<DF6b+`>yhTO6=@(ltFEN}ycy}^6
zcgkB7iEf;WW}ewUKW}j;^A^>MQ^*%NV;<8S!&%!s$>hu_Z&4(=aVDC1#+jeD=;tl+
zO>WUymcu7+QP+3Y`*PI(Qd945|KZ^~lGpB<WVO?y@)kuRI@bT^G2N{*;Umu3?&A2R
zXy#eHx3{~PKg6D3dEP^w3*xvEdxJTb_$3btFUQjrmB{v4u9&@3ja;4ec-Ep4O9MTH
z@f-65ht*FLc_ndVY~0H1;rp|hyUNi4_SbSbI_IZ<_AAoEbPs9#W94pd&%h0`o?9d@
z!p&U6&FdSB@AQ@%k?6*aXy$XH-@BelZgf=%X*)x1*nTTB-1MF|^F;Evamr&AiB8<G
zpGP!H2{&%}IKy=uLBH==+Vh;xGhE!z^v?HIdfNXd5}ml99}>-cE<EVx(eKa|F4zt}
z-*A!kS?wc<aFKXFk4SWCmvDSZH1qp;{C*xpc_;sTYLmU6r`!|Ho%(qO<6JcJ%>McP
zJVV*fgXdlC{XFwM;moO@XE4r0GtW5l`+59+p5ffj(<INQ($8FA>it(k8$FJrM50?9
zC7SthlpjYW6h}pkmn|@yzd1UYoIAx)BGHX=(abad=EqS(8%LGf<EVv(v-`7>$(d6e
zB@*2@6U{v1%#Wk|IBGb@QGMfO?3cRG)ce`lr<bkrw4YKW#@2foFB8o?tM~TtvXRz*
zt;gT&{gjIg7qvUjNQjHX`zb|YEEmj2YyE;!qM09G`|))`@pXf}pYkHZ`GnSFa_$sg
zi$pihMKjOrpC4ZjWqgfaBC^NViw$R=B$YF#_*x{oaVDC1#+e^q`|<T~j;}XJKPBU-
z3RCa9F1_zcZ{ur`7+dcdU-NxdqM2v)ek8}&`guf&ugk&362ry4`<{L&d0aT<DT+i#
zF7T|UXqFN#{5(bbGwbF(Y2-!n6e|rkSAVDRWpB9=iEiA8W<ED5&r>w->=SNicd86G
zw^nbTx7yQw9+BwC4g8R3mJ)78T0f7@$tDkyzglg$xMpSH|9Z=XNOa>uH1oOeAWu<0
z(P-zQ#&EIj(A$r$@zh?3M5p{!#;u~6&xHqEwBx<cox(*q?8e20i=X`CXA{;YjSHu^
zRU|rcfw)yPO9>Z#+-i?o%`c0S7l~V!8g6d+@GtVc<whjBaU+`f+@w5i<u9P%*)idU
zc4wL4=D#of_Vvl*#_9PQk?6<`{E%pt5^hFX+}f-P4_{9nByPRLa546~TbI=(%?~+o
zArhUq;PW-2na_m>@rizqr=5#S4HuOcO%1Q}lnasQ#)W9+bKwCO`n~?bMLF!oa>GT*
z&q`M(j|-=`RU|rb!S;-3mJ%-fxYZuFn%`d|FA}$|Fx;GR_*sv+5s7Zxh-N-Fr$pR}
z$W^$Z-KjO)EL`%;Gs&|zPVtFIbmHbQyxT!EO9?k4EpFAnzeXM;Ze3}(_$YAK*VcO)
zpNK>^E<`h*3lHKG{X4dHE>;;XUj6Rnt2cPcg-CSbg7JxH=5yfz7c<YoZ;J{S<**y8
z4HtiRe#<S%<H9L!6^Tw<u$?QKrGyJVZnej)jd+g|er=7sNZh){aC5vjaI3f6h(tGT
zL^Ge8l*g^sZ%&UEZfJMb8g4=>Cx2n1r+!Ezx^W|#rG%T27Ps;@(#MkriCgOo7su{@
z?G<mi5Q%PFh-N+)9>gaB{yu@7i*<&JZR_v2Ym=w;LL@qI!MIg4^SSVVi>UXX(Vwh0
zTpak;EB7Ri3#YhMBsy`y{twYCC0zJ%t37V*#(O_I)GG2Kaq9-d%^O8~zwIqIBGHW-
z(ah&2<#B6FehK~2M#Ih3TQ)Ub=BXbNiEiA8W+~xjq{Xcu;gc!$_+*pe;-iNA8Jj)j
zLL@qI!T3Zp^SSUKK0(wPTp?VPgObY(7mwYQ{YLV*aEebvq7xU4PeiknaN)-%_V{ED
zuu-b7e}vp@Hr(8J)4d*ZBNE-X5zTyVQXZd_;q9p<s)W2q|4F^!=KsF@!h6ZHH%{Zh
zBGHW-(JUq0jI{Wq3BGQx_#w_OH(Z>)_|G4x_cT5ciEdnoW<D2Q#3y1WWWL34am%k(
z@4MVnE<~ae7mQm)GoK4DxcCemu3|6fPrhWhIPz%4SzD6Eg;U%r5}ml%h~JwK%~HaJ
zAGg}$R{WSxx(fFFP6@fW!f><y$G`NL8<FV7jcDd`lk&J#b7TFEmiVCt!_BgP-8U<F
z_Qol06^U-#h-N9_W~9ZfXa?8x`62qFt%i%oez^O6Z@CbOZd{0FJ{MlZCpjuNii>TA
zi`$OR{QEB@Ek1Fw7b4M#i^UmAiDo_*9&izrC&2il(Qq+uY4>GUB#jHFxK$)NalyD%
zG)oB=e%xx0TMN-^R<26P3*!&Yn+!MS&dS~FEjJ?3jT_O-=O*QGYnhshzk|ZfY2aqN
z;imcd_xB}_8z(;`65Y5F%~Hb6NQ+zbuO5>J+7rI_x7l#9E9a#zC&ESI@3j_*vF|(L
zd#$g}iD>4(*V=!tHJV$qY@b49dB(Y_6l-OQthL4|qkcE0#c+ORelj_Cdat!ebmLq!
z^UVJF@3kJv_gaHK`+Kc-7|x#gVlp{%dat!ebmL4k^Nch9z1IGFt%vh_t^0mA<`5#5
zou=OJ{p;5filY=pC_?%ZQdy?o*>Y?(_?D~KuM|+7x*tK6R_OP<aC<?INQ|xbe6RIm
zHqAV%_xAT%vpvt>I1l3!Qu%5p=5z6p-#uT5<v>7RXvTQV^m`XonJUI!YgL_Er>a!-
zAn{Kv_A5}!RXh4|8dNKm@y;wP>vwzNIl!y1rUKu(R15a$(9Z^P-E7<XCe_9#2K5;@
zZ^w7*JRPcAuWy2O=KaGsdo$K`;t1wzQ*yIDVimqoizaOARMXWAeML>sZ=2exxOIm<
zTdO_;&&XhxQ>D5<)vFEI-liIH4!mU$-`7HSOUiCUI&-k572g~1(eHCn`*9vlU8)FW
zR80<LoMM;Z@y<y{7d9lVf61x6ClZ}_WWS?mmJ%LET6<4(FYP_fTMZYV?%WyJ>M0i@
z(TNM%DbdX5!qr+FM=^1V*IIPK+HBKSk5<Iqvxt*q<O>(&IPGr3#apw#b2xciIQ2)1
zL?<q2FGRDHaN+ky+o@q11wQ0O`lH(nH$5AxzTqu5BGHW-(ah&2<^9pxXsH##4ed_5
z;pXNGr$3cEZk*y1k?6z?^Z7)xlyEcB;u9E@NIoCA*kiZ|JpP-Tws{(#h(sqY=!Zlz
zp9>G-6a6L*@*wS*D-9P<yme${qo-VmM5pm9av_@eTzJ4muTp6fgo|?U(P6l_q5W6K
zlE;Np+$s{?xDd@!!i68V+T&IgRGIjY7l~Ut4L3)>x&H-kxe<wO+=ymAHz|)>O@Etk
zL%Y*uxLLX2iV01g`XQ0%#0~pTM6;A|Gt%N#-LFC(BtF?|xVU-c<d?nWLL@qI!T3Zp
z^SSUKKGA*mb}qUN7q>25@MqgSwHG4Mi3{2b(ah(<11@%8<fciuC`ak<6ML~ZFQ++a
zTsXz8Hyep=T!>~V;lhtw?QyFa4J0oTx9&IGj4JuQ$J~fSH*Q2TpPQ7&t!CVZ+{BFg
b=s1mb2>tjRj~~zee0++{_b$v8$C3XZPI)DW

literal 0
HcmV?d00001