tag:blogger.com,1999:blog-84634917906306428172024-03-06T03:19:27.349+01:00prowling - NSM fooNetwork security with a twist of Incident Response tidbits and other IT-security related topics.Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.comBlogger24125tag:blogger.com,1999:blog-8463491790630642817.post-10225700250201550812021-10-25T14:31:00.000+02:002021-10-25T14:31:12.786+02:00LOKI Bot<p> It's been a few years since I used this blog. I thought I should, going forward write some semi recurring posts about random things that I spend about an hour on (mostly because that's about the time I have for random things)</p><p>I do learn rather easy, but I "forget" as easily as well, at least if I don't use the knowledge on a more day today basis. </p><p>During the days "reversing" mostly stops with C2 info and some characteristics as that's what needed and because there is tons of other things to be looked at.... Hopefully, given a few "hours" I will refresh some knowledge at least...</p><p><br />I picked a random sample to look at for my first post.</p><p><br /></p><p>- Sample Name: vbc.exe</p><p>- SHA1: 5a4a29b0980ea0b5b42da76d878102bf7a00807e</p><p>-Icon: <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLZCTtqJCDYyGnQEUb4JRzcoUH_lLAF2_G5WWesAJ7eFVGi0gRok49yhbuGdkx9ruypZ35U4URK4kAhyphenhyphen2Vn6CVmBngaCuIr0qpl-k-mBZoWMmui3XdDWvApV1wdXsr7FZZDqGxLQMGNaEC/s236/icon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="168" data-original-width="236" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLZCTtqJCDYyGnQEUb4JRzcoUH_lLAF2_G5WWesAJ7eFVGi0gRok49yhbuGdkx9ruypZ35U4URK4kAhyphenhyphen2Vn6CVmBngaCuIr0qpl-k-mBZoWMmui3XdDWvApV1wdXsr7FZZDqGxLQMGNaEC/w76-h63/icon.png" width="76" /></a></p><p><br /></p><p>If we start off with running the sample in a controlled environment. Tracking all the changes made to the filesystem and traffic generated, we can quickly see that it (the sample) tries to reach out to the following domain: </p><p>http://secure01-redirect.net/ (http://secure01-redirect.net/ga13/fre.php)</p><p>This domain is also later visible during debugging.</p><p>During execution the original sample is deleted and move to a hidden folder under the users %APPDATA%\Roaming\<"random named catalogue, six characters"> folder, more on that later on.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3XHDPlUwBSwViIvFkF2jmj2_qadv3Pupcs-kFaiqNE_dMKa6iU7snwotnx1-qsw5NYu_xSYbxqRF74qyKZmig9ZnT-e6jZY6e2Sd7z5pmvUvkl7o3f4gsVmK9jWZONngNnzhL9rFdMWBD/s636/app_data.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="45" data-original-width="636" height="23" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3XHDPlUwBSwViIvFkF2jmj2_qadv3Pupcs-kFaiqNE_dMKa6iU7snwotnx1-qsw5NYu_xSYbxqRF74qyKZmig9ZnT-e6jZY6e2Sd7z5pmvUvkl7o3f4gsVmK9jWZONngNnzhL9rFdMWBD/s320/app_data.png" width="320" /></a></div><p>By looking at the API imports we could have guessed that something like that was able to happen:</p><p><span style="font-size: x-small;">MoveFileA and DeleteFileW<span> </span></span></p><p>The sample was not stripped of it's debug information so we can learn the following:</p><p><span style="font-size: small;">Age: 19</span></p><p style="text-align: left;"><span style="font-size: x-small;">Timestamp: Sun Sep 26 22:56:51 2021 (For reference the compiler timestamp says: Mon Jan 25 04:24:02 2021, so possible time stomping in play</span><span style="font-size: small;">)</span></p><p style="text-align: left;"><span style="font-size: x-small;"> PDB path: c:\vobevipusilolo59.pdb</span></p><p style="text-align: left;">This sample applies a variety of anti debugging measures, like:</p><p style="text-align: left;"><span style="font-size: x-small;">RaiseException, GetTickCount, IsDebuggerPresent, UnhandledExceptionFilter etc</span></p><p style="text-align: left;">The value from which the "moved" sample and directory got it's name from (it's most likely derived from the infected host)</p><p style="text-align: left;"><span style="font-size: small;"><span> </span>"37FAB5D71BC2B23EAF4E28C0"</span></p><p style="text-align: left;">Although visible in the traffic from the malware infection, performed earlier it's also rather easy find the same User Agent information during debugging:</p><p style="text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbG2zVVbiuaPCmllQW-bGv6h-QjOzyY_QdYvv0z6O1taa888zgKDeZ3GYZVi5dlBxYqHJxcCtiUM7uW6RXiKrCTbVcwA0cf-He9wXTyG6C-YL9VdwM65kXPbW2gJ8trpw2TP2FheY2Y4R-/s768/UA.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="118" data-original-width="768" height="49" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbG2zVVbiuaPCmllQW-bGv6h-QjOzyY_QdYvv0z6O1taa888zgKDeZ3GYZVi5dlBxYqHJxcCtiUM7uW6RXiKrCTbVcwA0cf-He9wXTyG6C-YL9VdwM65kXPbW2gJ8trpw2TP2FheY2Y4R-/s320/UA.png" width="320" /></a> </p><p style="text-align: left;">And given the UA, it point's to this sample being LOKI.</p><p style="text-align: left;">Besides the above, here is a long list of software that is being targeted, probably corresponds to all possible variants of certain software types found on download.com =)</p><p style="text-align: left;"><b>Browsers:</b></p><p style="text-align: left;"></p><ul style="text-align: left;"><li>Comodo IceDragon</li><li>Maple Studio Chrome Plus</li><li>Google Chrome</li><li>Nichrome</li><li>RockMelt</li><li>Spark</li><li>Chromiu</li><li>Titan Browser</li><li>Torch</li><li>YandexBrowser</li><li>Epic Privacy Browser</li><li>CocCoc Browser</li><li>Vivaldi</li><li>Chromodo</li><li>Superbird</li><li>Coowon</li><li>Mustang Browser</li><li>360Browser</li><li>Citrio</li><li>Chrome SxS</li><li>Orbitum</li><li>Iridium</li><li>Opera Next</li><li>Sleipnir</li><li>Firefox</li><li>SeaMonkey</li><li>Flock</li><li>K-Meleon</li><li>BlackHawk</li><li>Cyberfox</li><li>Pale Moon</li><li>Lunascape</li></ul><p></p><p style="text-align: left;"><b>Mail clients:</b></p><p style="text-align: left;"></p><ul style="text-align: left;"><li>Thunderbird</li><li>PostBox</li><li>FossaMail</li><li>Foxmail</li><li>IncrediMail</li><li>Outlook </li></ul><p></p><p style="text-align: left;"><b>FTP/SCP/SSH Clients:</b></p><p style="text-align: left;"></p><ul style="text-align: left;"><li>32-Bit-FTP</li><li>ALFTP</li><li>BitKinex</li><li>BlazeFtp</li><li>ClassicFTP</li><li>Cyberduck</li><li>EasyFTP</li><li>ExpanDrive</li><li>Far</li><li>FileZilla</li><li>FlashFXP</li><li>Fling</li><li>FreshFTP</li><li>FTPBox</li><li>FTPGetter</li><li>FTPInfo</li><li>FTP Navigator</li><li>FTP Now</li><li>FTPShell</li><li>DeluxeFTP</li><li>GoFTP</li><li>AbleFTP</li><li>JaSFtp</li><li>LinasFTP</li><li>MyFTP</li><li>NetDrive</li><li>NETFile</li><li>NexusFile</li><li>NovaFTP</li><li>Notepad++</li><li>Odin Secure FTP Expert</li><li>KiTTY</li><li>PuTTY</li><li>SecureFX</li><li>SftpNetDrive</li><li>sherrod FTP</li><li>SmartFTP</li><li>Staff-FTP</li><li>Syncovery</li><li>Total Commander</li><li>UltraFXP</li><li>WinFtp Client</li><li>WS_FTP</li><li>Xftp</li></ul><p></p><p style="text-align: left;">This was about all I was able to get out of the sample during my "hour", obviously LOKI does a lot more.</p><p style="text-align: left;">/Mikael</p><p style="text-align: left;"><br /></p>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-83587265790157172152016-06-17T19:29:00.000+02:002016-09-21T09:50:46.754+02:00Cuckoo with Microsoft Enhanced Mitigation Experience Toolkit (EMET) I have been toying with the idea to retrieve Microsoft event log messages from my Cuckoo instances for a while. But I did not have any chance to make anything out of the idea, until now. <br />
<br />
To get this to work, Cuckoo requires an extra auxiliary module for this purpose. Along with the Python WMI module installed on the guest, or at least I ended up using the WMI module, but you could easily use pywin32.<br />
<br />
As you already have Python installed on the guest, you can use <b>pip</b> to install it.<br />
<br />
Cuckoo runs any auxiliary module that is available in the directory:<br />
<b><br /></b>
<br />
<div style="text-align: center;">
<b>cuckoo/analyzer/windows/modules/auxiliary</b></div>
<br />
So this got me thinking (I know, crazy times!), as I have been doing some other work with EMET or rather logs from EMET. Why not combine the code above with EMET on the guest?<br />
<div>
<br /></div>
<div>
Obviously you need to install EMET (on the guest), do that and make sure it's active. Configure it after your specific needs. As your main goal might not be block, but to only catch EMET in action, you will need to configure EMET from the default blocking to audit mode. This will allow the malicious code to continue running even if it's detected by EMET. </div>
<div>
<br /></div>
With the following lines of code, you will be able to retrieve what you need from the event log. Save the content in a file, in the above mentioned directory and you are good to go:<br />
<br />
-------------------<br />
<span style="font-size: x-small;">import logging</span><br />
<span style="font-size: x-small;">import wmi</span><br />
<span style="font-size: x-small;">import sys</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">reload(sys)</span><br />
<span style="font-size: x-small;">sys.setdefaultencoding('utf-8')</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">from lib.common.abstracts import Auxiliary</span><br />
<span style="font-size: x-small;">from lib.common.results import NetlogFile</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">log = logging.getLogger(__name__)</span><br />
<span style="font-size: x-small;">dadada = []</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">class EMET(Auxiliary):</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"> def start(self):</span><br />
<span style="font-size: x-small;"> log.info("Starting EMET auxilary module")</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"> def stop(self):</span><br />
<span style="font-size: x-small;"> log.info("Collecting EMET events...")</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"> c = wmi.WMI(privileges=['Security'])</span><br />
<span style="font-size: x-small;"> for event in c._raw_query('SELECT * FROM Win32_NTLogEvent'):</span><br />
<span style="font-size: x-small;"> if event.SourceName == "EMET":</span><br />
<span style="font-size: x-small;"> #https://msdn.microsoft.com/en-us/library/aa394226(v=vs.85).aspx maybe add more values?</span><br />
<span style="font-size: x-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span> dadada.append([event.SourceName, event.Category, event.Type, event.ComputerName, event.User, event.Message])</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"> bleekscheet = "\n".join(str(x) for x in dadada)</span><br />
<span style="font-size: x-small;"> nf = NetlogFile()</span><br />
<span style="font-size: x-small;"> nf.init("logs/emet_events.log")</span><br />
<span style="font-size: x-small;"> nf.send(bleekscheet)</span><br />
<span style="font-size: x-small;"> nf.close()</span><br />
<span style="font-size: x-small;"> return True</span><br />
-----------------<br />
<br />
<b>Example of EMET events retrieved from the guest:</b><br />
<br />
<span style="font-size: x-small;">[u'EMET', 0, u'Error', u'<COMPUTERNAME>', None, u'EMET version 5.5.5871.31892\nEMET detected MemProt mitigation in iexplore.exe\r\n\r\nMemProt check failed:\n Application \t: C:\\Program Files\\Internet Explorer\\iexplore.exe\n User Name \t: <COMPUTERNAME>\\<USER>\n Session ID \t: 1\n PID \t\t: 0x474 (1140)\n TID \t\t: 0x81C (2076)\n API Name \t: kernel32.VirtualProtect\n ReturnAddress \t: 0x0000000000446E60\n CalledAddress \t: 0x000007FEFDA031E0\n StackPtr \t: 0x00000000029AF4D0\n']</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">[u'EMET', 0, u'Error', u'<COMPUTERNAME>', None, u'EMET version 5.5.5871.31892\nEMET detected StackPivot mitigation in iexplore.exe\r\n\r\nStackPivot check failed:\n Application \t: C:\\Program Files\\Internet Explorer\\iexplore.exe\n User Name \t: <COMPUTERNAME>\\<USER>\n Session ID \t: 1\n PID \t\t: 0x71C (1820)\n TID \t\t: 0x46C (1132)\n API name \t: kernel32.WinExec\n ReturnAddress \t: 0x000000007775C8FF\n CalledAddress \t: 0x00000000775B8D80\n Thread stack area range: [0x3172000..0x3180000]\n StackPtr \t: 0x000000000543FB30\n']</span><br />
<br />
Please note that the coding style is not officially approved by @skier_t =)(but I'm as always very grateful for his help!) Hopefully there will be a better way of doing this in the future, natively in Cuckoo. <br />
<br />
<b>/Mikael</b>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-55246440819163735592016-02-12T10:35:00.003+01:002016-04-07T14:21:26.645+02:00Defeating WMI detection of VirtualBox take 2 My previous attempt to twart WMI detection of VirtualBox, by disabling the Plug and Play service, had the mildly obnoxious side effect of disallowing the OS to check if it was registered or not.<br />
<br />
This resulted in that, already registered installations became unlicensed (The same issue applied to MS Office installations) <br />
<span style="color: #999999;"><span style="background-color: white; font-family: "consolas" , "liberation mono" , "menlo" , "courier" , monospace; font-size: 12px; line-height: 16.8px; white-space: pre;"><span style="color: #969896;"><br /></span></span>
</span><br />
<div style="text-align: center;">
<span style="background-color: white; font-family: "consolas" , "liberation mono" , "menlo" , "courier" , monospace; font-size: 12px; line-height: 16.8px; white-space: pre;"><span style="color: #999999; line-height: 16.8px;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay</span></span></div>
<br />
<br />
Being that It is always hard to find time for fun/interesting research. I had to put this issue back into my ToDo list, until now. And I guess leaving a problem to fend for itself for a while makes you look at it in a more logical way then you previously did, at least this was true for this issue at this time.<br />
<br />
So enters my second attempt to solve this issue.<br />
<br />
The remaining culprit that enables one to detect the presence of VirtualBox through WMI(1) is the<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaMj_vwYjaa65ejX6npTc5WuYeCGOr8faSbVvGfs45LYe00YZ5IdFzzx_dgZffkuxMESZFbdrtVUHhOm8LjSv0cWRK6zOY1tXnD1-usTtGPqTf1ucVU4ESDCPWaN1toGTIO1ikdGGZJ6Ve/s1600/WMI1.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaMj_vwYjaa65ejX6npTc5WuYeCGOr8faSbVvGfs45LYe00YZ5IdFzzx_dgZffkuxMESZFbdrtVUHhOm8LjSv0cWRK6zOY1tXnD1-usTtGPqTf1ucVU4ESDCPWaN1toGTIO1ikdGGZJ6Ve/s1600/WMI1.png" /></a><br />
<br />
<br />
<br />
<br class="Apple-interchange-newline" />
As we have chosen not install VirtualBox Guest Additions, the device is missing it's driver (Error 28, I will come back to this one later). It is that device that is detected, DEV_CAFE. <span style="font-family: "segoe ui" , "lucida grande" , "verdana" , "arial" , "helvetica" , sans-serif; font-size: 14px; line-height: 20.006px;">(If you need a quick fix goto 2.</span><span style="color: #454545; font-family: "segoe ui" , "lucida grande" , "verdana" , "arial" , "helvetica" , sans-serif; font-size: 14px; line-height: 20.006px;">) </span><br />
<br />
My first thought was to ty to replace corresponding values in the registry, but that one did not work out either.<br />
<br />
Microsoft Windows does not supply you with a command line option to install/remove/uninstall devices by default. They have however an application that is available in their <span style="font-family: "segoe ui" , "lucida grande" , "verdana" , "arial" , "helvetica" , sans-serif; font-size: 14px; line-height: 20.006px;">Windows Driver Kit (WDK), called DevCon. </span><br />
<br />
DevCon sounded like the way to go, given the fact that I had to use a none pre-installed application anyway.<br />
<br />
But once again, reality came repelling down the ceiling and smacked me in the head. DevCon was not able to remove a device that was not fully installed, remember the Error 28. <br />
<br />
DevManView from Nirsoft(3) to the rescue! While DevCon was not able to remove the device, DevManView were!<br />
<br />
So now that we have a working solution that we can script, it was time to figure out how to make it user friendly given that we have to use a 3rd party application.<br />
<br />
The easiest way would have been to leave the "user" to move the application to the VM guest themselves... but why miss the opportunity to do something hideous?<br />
<br />
So I decided to embed the binary in the batch script by Base64 encode DevManView.exe. The Base64 encoded part is then in the guest decoded, up on execution of the batch script.<br />
<br />
I guess I could try to sugar coat this by pointing to the fact that it is a bit more user friendly..<br />
<br />
Please remember to pick the version of DevManView corresponding to the guests O architecture. <br />
<br />
An updated version of the script can be found at: https://github.com/nsmfoo/antivmdetection/<br />
<br />
As always any kind of feedback is welcomed<br />
<br />
/Mikael<br />
<br />
(1) If you use previous versions of the antivmdetction script<br />
<div>
(2) just right-click on the Base System Device and choose uninstall ;)</div>
<div>
(3) http://www.nirsoft.net/utils/device_manager_view.html</div>
Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com10tag:blogger.com,1999:blog-8463491790630642817.post-28121320936807856772015-11-13T11:10:00.001+01:002015-11-13T11:10:36.071+01:00Cuckoo Sandbox API with Apache for Cuckoo 2.0 As Cuckoo 2.0 is soon (hopefully) moving from dev to stable, there is one change that is need to be performed in order to keep on using the API via Apache.<br />
<br />
The change is only in the in api.wsgi. For the Apache configuration see previous post on the same subject.<br />
<br />
----------<br />
<br />
import os<br />
import sys<br />
<br />
sys.path.append('<PATH>/cuckoo/utils')<br />
<br />
from api import app as application<br />
<br />
---------<br />
<br />
All you need to do is to change the path to match your cuckoo installation<br />
<br />
/MikaelMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-51033662779831181232015-03-06T16:20:00.000+01:002015-03-08T23:20:44.450+01:00Modifying VirtualBox settings for malware analysis 2015 edI decided to update my script which has been previously published in blog format here.<br />
<br />
Now it's located on <a href="https://github.com/nsmfoo/antivmdetection" target="_blank">Github</a> which makes updates and usage much easier.<br />
<br />
<br />
<br />
/MikaelMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-73975455919900236912014-10-31T10:42:00.002+01:002014-10-31T10:43:47.244+01:00Cuckoo Sandbox API with ApacheThis is yet another short Cuckoo post.<br />
<br />
If you would like to quickly get the Cuckoo API to work with Apache this one is for you.<br />
<br />
You can have both the API and the Web Interface configuration in the same webserver config.<br />
<br />
Add the following to your chosen Apache virtualhost configuration (default, ssl)<br />
<br />
<span style="font-size: x-small;"> # Cuckoo API </span><br />
<span style="font-size: x-small;"> WSGIDaemonProcess api user=<USER> group=<GROUP> processes=1 threads=5</span><br />
<span style="font-size: x-small;"> WSGIScriptAlias /api <PATH>/cuckoo/utils/api.wsgi process-group=api</span><br />
<span style="font-size: x-small;"> <Directory <PATH>/cuckoo/utils/></span><br />
<span style="font-size: x-small;"> WSGIApplicationGroup %{GLOBAL}</span><br />
<span style="font-size: x-small;"> <Files api.wsgi></span><br />
<span style="font-size: x-small;"> Require all granted</span><br />
<span style="font-size: x-small;"> </Files></span><br />
<span style="font-size: x-small;"> </Directory></span><br />
<br />
<br />
In the Cuckoo utils directory create the file api.wsgi<br />
<br />
<span style="font-size: x-small;"># make api.py wsgi enabled</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">import os</span><br />
<span style="font-size: x-small;">import sys</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">cur_dir = os.path.dirname(__file__)</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">os.chdir(cur_dir)</span><br />
<span style="font-size: x-small;">sys.path.append(cur_dir)</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">import bottle</span><br />
<span style="font-size: x-small;">import api</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">application = bottle.default_app()</span><br />
<span style="font-size: x-small;"><br /></span>
<br />
/Mikael @nsmfoo<br />
<span style="font-size: x-small;"><br /></span>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-44361153588973691552014-08-06T10:34:00.002+02:002014-08-06T10:40:53.140+02:00Cuckoo Sandbox web interface with ApacheThis is a short write-up of how you get the new Django web interface, that ships with current Cuckoo Sandbox working behind Apache.<br />
<br />
As the documentation is thin and required some tweaking to get it to work, you might find it useful<br />
<br />
The Django interface can be run as a standalone process, using the manage.py script, that one is well documented: <a href="http://docs.cuckoosandbox.org/en/latest/usage/web/">http://docs.cuckoosandbox.org/en/latest/usage/web/</a><br />
<br />
So to get it to work behind Apache I had to do the following:<br />
<br />
<i>Please note that this might not be the best way or if you plan to publish the web interface directly on the Internet it might also not suit your needs, that being said:</i><br />
<br />
Begin with editing the file<i> <b>local_settings.py</b></i> which can be found in <i><b>cuckoo/web/web</b> </i>directory<br />
Set the variable <b>CUCKOO_PATH = "<path to cuckoo></b> (e.g: /home/user/cuckoo)"<br />
<br />
Then continue to edit the file <i><b>wsgi.py</b></i> which also can be found in the <i><b>cuckoo/web/web</b></i> directory<br />
<br />
From this:<br />
<div style="text-align: left;">
<i><br /></i></div>
<div style="text-align: left;">
<b> <span style="font-size: x-small;">"</span></b><span style="font-size: x-small;">import os</span></div>
<div style="text-align: left;">
<span style="font-size: x-small;"><br /></span></div>
<br />
<div style="text-align: left;">
<span style="font-size: x-small;"> os.environ.setdefault("DJANGO_SETTINGS_MODULE", "web.settings")"</span></div>
<div>
<br /></div>
<i>To look like this:</i><br />
<i><br /></i>
<i><span style="font-size: x-small;"> import os, sys</span></i><br />
<i><span style="font-size: x-small;"><br /></span></i>
<i><span style="font-size: x-small;"> sys.path.append('<path to cuckoo>)</span></i><br />
<i><span style="font-size: x-small;"> sys.path.append('<path to cuckoo>/web')</span></i><br />
<i><span style="font-size: x-small;"> os.chdir('<path to cuckoo>/web/')</span></i><br />
<i><span style="font-size: x-small;"><br /></span></i>
<span style="font-size: x-small;"><i></i></span><br />
<i><span style="font-size: x-small;"> os.environ.setdefault("DJANGO_SETTINGS_MODULE", "web.settings")</span></i><br />
<i><span style="font-size: x-small;"><br /></span></i>
<i><span style="font-size: x-small;"><br /></span></i>
Over to Apache.<br />
<br />
Add the following lines to your chosen Apache virtualhost configuration (default, ssl)<br />
<br />
<span style="font-size: x-small;"><i> WSGIScriptAlias / <path to cuckoo>/web/web/wsgi.py</i></span><br />
<span style="font-size: x-small;"><i> <Directory <path to cuckoo>/web/web></i></span><br />
<span style="font-size: x-small;"><i> <Files wsgi.py></i></span><br />
<span style="font-size: x-small;"><i> Require all granted</i></span><br />
<span style="font-size: x-small;"><i> </Files></i></span><br />
<span style="font-size: x-small;"><i> </Directory></i></span><br />
<span style="font-size: x-small;"><i><br /></i></span>
<span style="font-size: x-small;"><i> Alias /static /<path to cuckoo>/web/static</i></span><br />
<span style="font-size: x-small;"><i> <Directory <path to cuckoo>web/static/></i></span><br />
<span style="font-size: x-small;"><i> Require all granted</i></span><br />
<span style="font-size: x-small;"><i> </Directory> </i></span><br />
<span style="font-size: x-small;"><i><br /></i></span>
You will also need to change the user which Apache run as, this is to enabled the web interface to have access to temporary files created by Cuckoo. This is done in the file <i>envvars (/etc/apache2/)</i><br />
<i><br /></i>
The variables to change are:<br />
<i><br /></i>
<i>From:</i><br />
<i><br /></i>
<span style="font-size: x-small;">export APACHE_RUN_USER=www-data</span><br />
<span style="font-size: x-small;">export APACHE_RUN_GROUP=www-data</span><br />
<div>
<br /></div>
To:<br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">export APACHE_RUN_USER=<cuckoo user></span><br />
<span style="font-size: x-small;">export APACHE_RUN_GROUP=<cuckoo user group></span><br />
<br />
The above changes should not be needed if you choose to change the path for the tmp files created by Cuckoo and give the default Apache user access to that directory. This change will have to be made both in <i style="font-weight: bold;">cuckoo.conf </i>and in the <b style="font-style: italic;">local_settings.py </b>if you choose to do so.<br />
<br />
/Micke<br />
<div>
<br /></div>
<br />
<i><span style="font-size: x-small;"><br /></span></i>
<i><span style="font-size: x-small;"><br /></span></i>
<i><span style="font-size: x-small;"><br /></span></i>
<i><span style="font-size: x-small;"><br /></span></i>
Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-84031721941911867312014-05-08T15:59:00.001+02:002014-08-27T16:01:32.762+02:00Installing HoneyproxyJust a few quick notes on howto install Honeyproxy.<br />
<br />
Honeyproxy which is based on mitmproxy is being re-integrated back into mitmproxy, currently there is no really good installation documentation, so here goes ..<br />
<br />
This was tested on a Ubuntu 14.04 Desktop 64-bit.<br />
<br />
apt-get install python-dev libxml2-dev libxslt1-dev lib32z1-dev python-pip git<br />
git clone https://github.com/mitmproxy/mitmproxy.git<br />
cd mitmproxy<br />
git checkout integrate_honeyproxy<br />
git submodule update --init --recursive<br />
pip install -r requirements.txt<br />
pip install pyamf protobuf<br />
python setup.py install <br />
If everything worked out fine, you can start honeyproxy by running: mitmproxy-gui<br />
<br />
/MickeMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-37021272998596434442013-08-08T09:10:00.001+02:002015-02-26T12:03:00.159+01:00Modifying VirtualBox settings for malware analysis 2013 edI had gotten a few comments regarding missing settings and comments regarding trouble applying these settings.<br />
<br />
So here is an updated version of the previous posts regarding, on how to make VirtualBox more like the hardware it's run up on. 2013 edition.
<br />
<br />
First some hints:
<br />
<br />
* After you have created the guest, but before you do a first run to install the guest OS. Run the script to apply these settings.
<br />
<br />
This will keep the guest free of any leftover settings that can occur if you set them afterwards.
<br />
<br />
* Be sure to compare the scripts setting with those in the VirtualBox manager, for example:
<br />
<i><br /> VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber </i><-- Verify that the hdd is set to Primary master
<br />
<br />
<i>VBoxInternal/Devices/piix3ide/0/Config/PrimarySlave/ATAPIVendorId</i> <-- For the CD-ROM, be sure that the device is set to Primary Slave, otherwise change the script or the guest settings from within the VboxManager (or from command line) to reflect the environment you are trying to change.
<br />
<br />
* Also note the occurrences of piix3ide in the script (for IDE controllers PIIX4 seems to be the default now days in VBox), change the VBox settings for the guest to use PIIX3 (controller: IDE -> Attributes).
<br />
<br />
* Don't forget to add the DSDT (not covered in the script) but it's applied using the following command:
<br />
<br />
<i> VBoxManage setextradata "<vm>" "VBoxInternal/Devices/acpi/0/Config/CustomTable" /home/<user>/VirtualBox\ VMs/<vm>/DSDT.bin
</i><br />
How to create the DSDT image can be found in previous posts<br />
<br />
* The script should be run with the guest powered off and the VirtualBox GUI closed, otherwise settings can/will be overwritten. This also applies if you would like to change any of the settings by re-running the script or perform changes by hand.
<br />
<br />
* Don't install VirtualBox Guest Additions
<br />
<br />
* Change the MAC address for the guest
<br />
<br />
* Use dmidecode -t0, -t1, t2, -t3, -t4 and -t11 to gather the information need for the script below
<br />
<br />
There is almost nothing that prevents you from being creative, e.g most setting can be set to a value of your choice.
<br />
<br />
--- updated script to be run from the host OS ----------
<br />
* ./script.sh <vm>
<br />
<br />
<span style="font-size: x-small;">#!/bin/bash
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber" "xxxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "xxxxx"
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimarySlave/ATAPIVendorId" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimarySlave/ATAPIProductId" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/piix3ide/0/Config/PrimarySlave/ATAPIRevision" "xxxxx"
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor" x
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor" x
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" x
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" x
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" "xxxxx"
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardType" ""
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag" "xxxxx"
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiProcManufacturer" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiProcVersion" "xxxxx"
<br /><br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxVer" "xxxxx"
<br />VBoxManage setextradata "$1" "VBoxInternal/Devices/pcbios/0/Config/DmiOEMVBoxRev" " " <- note space
</span><br />
--------------------------------------------------------
<br />
<br />
--- script to be run from inside the guest OS -------<br />
<br />
* These settings have to be re-applied after each boot, if you are using Cuckoo this only have to be run once due to fact that you are working with snapshots.<br />
<br />
* To be able to set the "correct" values, please copy the information from a native installation, i.e. from a none VM installation)<br />
<br />
- Replace <VENDOR>, <V1> and <V2><br />
<br />
<VENDOR> = BIOS VENDOR, egg: LENOVO
<br />
<V1> = e.g. TP-GX__ *
<br />
<V2> = on the limited machines I have looked at, the values is the same for all three categories. In VBox the values differs hence the change
<br />
<V3> = <version string> (<version number>)
<br />
<br />
*) If you find the above statements to be incorrect please let me know, I have limited access to none VM Windows machines, XP in particular
<br />
<br />
<span style="font-size: x-small;">-----------------<br />@reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\<VENDOR> /s /f
<br />@reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\<VENDOR>\VBOXBIOS HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\<VENDOR>\<V1>__ /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\LENOVO\VBOXBIOS /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\LENOVO\<V1>__\00000002 HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\LENOVO\<V1>__\<V2> /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\LENOVO\V1>__\00000002 /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\VBOXFACP HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\<V1>__ /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\VBOXFACP /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\<V1>__\00000001 HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\<V1>__\<V2> /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\LENOVO\<V1>__\00000001 /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\VBOXRSDT HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\<V1>__ /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\VBOXRSDT /f
<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\<V1>__\00000001 HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\<V1>__\<V2> /s /f
<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\LENOVO\<V1>__\00000001 /f
<br /><br />@reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v VideoBiosVersion /t REG_MULTI_SZ /d "<V3>" /f
</span><br />
------------<br />
<br />
/Micke - @nsmfooMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com3tag:blogger.com,1999:blog-8463491790630642817.post-36466420458571574892013-08-06T11:23:00.000+02:002013-08-06T11:23:13.776+02:00VirtualBox IBM/Lenovo and the missing VPDWhile having a go at writing an updated post regarding how to configure Virtualbox to avoid VM detection, new versions of VBox has been released since I wrote my previous posts.<br />
<br />
I found something that could potentially give away the Virtual guest, especially if you pretend or use IBM/Lenovo hardware. For those of us that don't use Apple hardware, Lenovo seems still to be a favourite, I guess because of their Linux compatibility and their stylish black color. So this case might not be that far fetched.<br />
<br />
Anyway almost all IBM/Lenovo hardware has something called Vital Product Data, VPD for short. It's information like:<br />
<br />
BIOS Build ID<br />
Box Serial Number<br />
Motherboard Serial Number<br />
Machine Type/Model<br />
<br />
Information you can get from running dmidecode. But it's the lack of VPD information that could be a tell tell sign that something is fishy.<br />
<br />
In the dmidecode package (there is a windows build out there as well) it ships with tools like biosdecode and vpddecode. <br />
<br />
Below is part of the output from these two commands on a Linux host OS:<br />
<br />
# biosdecode 2.11<br />
VPD present.<br />
BIOS Build ID: XXXX <br />
Box Serial Number: XXXX<br />
Motherboard Serial Number: XXXX<br />
Machine Type/Model: XXXX<br />
<br />
<br />
# vpddecode 2.11<br />
BIOS Build ID: XXXX <br />
Box Serial Number: XXXX<br />
Motherboard Serial Number: XXXX<br />
Machine Type/Model: XXXX<br />
<br />
The same command, only this time from inside the guest OS (VirtualBox with XP)<br />
<br />
# biosdecode 2.10<br />
... no VPD in the output<br />
<br />
# vppdecode 2.10<br />
# No VPD stucture found, sorry.<br />
<br />
<br />
The guest is set to present LENOVO as the BIOS vendor. This could be used to check if vendor is IBM/Lenovo and there is no VPD present if so that would/could mean that the system is not native.<br />
<br />
Just a thought ..<br />
<br />
/Micke<br />
<br />
<br />
<br />
<br />Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-85855496125199298242012-10-18T14:53:00.000+02:002012-10-18T14:53:46.569+02:00Detect changes in Virtual guest after manual malware executionWhen working with manual testing/execution of malware. I quickly find myself missing the sandbox reports of changes made to the system which you get if you are using Cuckoo for example. <br />
<br />
Sandboxes like Cuckoo are very useful, but I prefer manual work for certain kinds of tests. It's nice to have several methods available. <br />
<br />
First of I would like to give some credit to a <span class="short_text" id="result_box" lang="en"><span class="hps">colleague of mine, for inspiring me to solve my need in the way described below, he did something similar in his setup.</span></span> So thanks! =)<br />
<br />
The script included in this post will mount a virtual image be it Virtualbox or KVM/QEMU images using qemu-tools. <br />
<br />
After the image is mounted, Aide which is a file and directory integrity checker<br />
(http://aide.sourceforge.net/). Will identify changes made to the file system. If you like to use Samhain or Tripwire it will most likely work fine as long as you adjust the syntax in the script. <br />
<br />
At first run the script will check if the aide.db exist, if not one will be created and this will be the baseline for further checks. You should of course do this on a clean system.<br />
<br />
When you have a baseline db and you have executed your malware sample and are happy with the results. Run the script against the image to see which files has been created and/or modified. Changes are also saved in a log file.<br />
<br />
Please install the prerequisite and change paths to fit your environment.<br />
<br />
--- script start ---<br />
<br />
<span style="font-size: x-small;">#!/bin/sh<br /># Detect which files has been changed and/or added to a vm image. <span style="font-size: x-small;">Useful</span> for manual malware </span><br />
<span style="font-size: x-small;"># detection in a sandbox environment<br /># v1.0 - mikael keri / @nsmfoo<br /># </span><span style="font-size: x-small;">prerequisites: qemu-utils, aide and root access<br /><br />usage () {<br /> echo "usage: $0 -i image_name (inkl path) -m mount_dir -a <check|update>"<br />}<br /><br />image_name=""<br />mount_dir=""<br />while getopts ":i:m:h:a:" option; do<br /> case $option in<br /> i) image_name="$OPTARG" ;;<br /> m) mount_dir="$OPTARG" ;;<br /> a) aide="$OPTARG" ;;<br /> h) usage<br /> exit 0<br /> ;;<br /> :) echo "Error: requires an argument: $options" <br /> usage<br /> exit 1<br /> ;;<br /> ?) echo "Error: unknown option: $options" <br /> usage<br /> exit 1<br /> ;;<br /> esac<br />done<br /><br />if [ -z "$image_name" ]; then<br /> echo "No image defined"<br /> usage<br /> exit 1if [ -z "$mount_dir" ]; then<br /> echo "No mount directory defined"<br /> usage<br /> exit 1<br />fi<br /><br />if [ -z "$aide" ]; then<br /> echo "No Aide command defined - valid values are check or update"<br /> usage<br /> exit 1<br />fi<br /><br />if [ $aide != "update" -a $aide != "check" ]; then<br /> echo "Valid Aide arguments are either update or check"<br /> usage<br /> exit 1<br />fi<br /><br /># remove trailing slash<br />mount_dir="${mount_dir%/}"<br /><br /># only load the module once<br />if [ -z "$(lsmod | grep nbd)" ]; then<br /> echo -n "Loading kernel module.."<br /> modprobe nbd<br /> sleep 5<br /> echo "finished!"<br />fi<br /># mount image<br />echo -n "Mounting image.."<br />qemu-nbd -c /dev/nbd0 "$image_name"<br />sleep 5<br />mount --read-only /dev/nbd0p1 "$mount_dir"<br />echo "finished!"<br /><br /># init the aide db if it does not exsist<br /> if [ ! -f /usr/local/etc/aide.db ]; then<br /> echo -n "Aide db does not exist. First run it will take some time .."<br /> aide -c /usr/local/etc/kvm_aide.conf --init<br /> cp /usr/local/etc/aide.db.new /usr/local/etc/aide.db<br />echo "finished!"<br /> fi<br /><br /> if [ "$aide" = "check" ]; then<br /># check for changes<br /> echo -n "Check for changes.."<br /> aide -c /usr/local/etc/kvm_aide.conf --check > changes.log<br /> cat changes.log<br /> echo "finished!"<br /> elif [ "$aide" = "update" ]; then<br /> echo -n "Updating Aide db.."<br /> aide -c /usr/local/etc/kvm_aide.conf --update</span><br />
<span style="font-size: x-small;"> cp /usr/local/etc/aide.db.new /usr/local/etc/aide.db<br /> echo "finished!" <br /> fi<br /><br /># umount and unload<br /> echo -n "Cleaning.." <br /> umount "$mount_dir"<br /> qemu-nbd -d /dev/nbd0<br /> echo "finished!"<br /> </span><br />
<span style="font-size: x-small;">fi</span><br />
<br />
--- script end ---<br />
<br />
<b>Example syntax:</b><span style="font-size: x-small;"> <span style="font-size: x-small;">./h</span>ash_vm.sh -i /var/lib/libvirt/images/<span style="font-size: x-small;">johndoe</span>.qcow2 -m /mnt -a check</span><br /><br />
<br />
/Micke @nsmfooMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-52503087532334782132012-10-02T15:15:00.000+02:002015-02-26T12:04:48.849+01:00Modifying VirtualBox settings for malware analysis part 3 Follow up on my two previous post regarding preparing Virtualbox for malware analysis. <br />
<br />
I hope this third post, concludes this research for a while at least ..<br />
<br />
<i>Please review the two earlier post before apply the settings below.</i><br />
<br />
<br />
<b>Modify the BIOS</b>.<br />
<br />
By adding your own DSDT image, you will be able to close a couple of more ways to detect the presence of a virtual machine. And it also makes the guest look a bit more "natural"<br />
<br />
Start with generating a DSDT image <br />
<br />
<span style="font-size: x-small;"> sudo dd if=/sys/firmware/acpi/tables/DSDT of=DSDT.bin</span><br />
<br />
Move the DSDT.bin to somewhere you see fit<br />
<br />
<span style="font-size: x-small;"> mv DSDT.bin ../VirtualBox VMs <vm name><br /> sudo chown <vbox users>.<vbox user> DSDT.bin</span><br />
<br />
Then run the following command to update the config for your guest<br />
<br />
<span style="font-size: x-small;"> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/acpi/0/Config/CustomTable" <path to DSDT.bin></span><br />
<br />
Virtualbox 4.2 also enables the guest to retrieve a few more values from the host. If not set they will contain strings like "Oracle" and "Virtualbox/VBOX"<br />
<br />
Start with retrieving some more information from your physical host:<br />
<span style="font-size: x-small;">sudo dmidecode -t2</span><br />
<br />
Sample output:<br />
<br />
<span style="font-size: x-small;">Base Board Information<br /> Manufacturer: <Vendor><br /> Product Name: <Product><br /> Version: Not Available<br /> Serial Number: <Serial><br /> Asset Tag: Not Specified<br /> Features: None<br /> Location In Chassis: Not Specified<br /> Chassis Handle: <Value><br /> Type: Unknown <br /> Contained Object Handles: 0</span><br />
<br />
Set the values using the output above<br />
<br />
<span style="font-size: x-small;">VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVendor" "<Vendor>"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardProduct" "<Product>"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardVersion" "Not Available"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardSerial" "<Serial>"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardAssetTag" "Not Specified"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBoardLocInChass" "Not Specified"</span><br />
<br />
Then run dmidecode once more:<br />
<br />
<span style="font-size: x-small;"> sudo dmidecode -t3</span><br />
<br />
<span style="font-size: x-small;">Chassis Information<br /> Manufacturer: <Vendor><br /> Type: Notebook<br /> Lock: Not Present<br /> Version: Not Available<br /> Serial Number: <Serial><br /> Asset Tag: No Asset Information<br /> Boot-up State: Unknown<br /> Power Supply State: Unknown<br /> Thermal State: Unknown<br /> Security Status: Unknown<br /> OEM Information: 0x00000000<br /> Height: Unspecified<br /> Number Of Power Cords: Unspecified<br /> Contained Elements: 0</span><br />
<br />
<br />
Set the values using the output above<br />
<br />
<span style="font-size: x-small;"> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVendor" "<Vendor>"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisVersion" "Not Availible"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisSerial" "<Serial>"<br /> VBoxManage setextradata "<VM name>" "VBoxInternal/Devices/pcbios/0/Config/DmiChassisAssetTag" "No Asset Information"</span><br />
<br />
The above settings means that you will have to update the batch script described in previous posts<br />
<br />
The script will now look like: <br />
<br />
Replace: VENDOR with your hw vendor<br />
<br />
--- start script -------<br />
<br />
<span style="font-size: x-small;">@reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\WOOT__ /s /f<br />@reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\WOOTBIOS /s /f<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS /f<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<b><VENDOR></b>\VBOXFACP HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<VENDOR>\WOOTFACP /s /f<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\<b><VENDOR></b>\VBOXFACP /f<br /><br />@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<b><VENDOR></b>\VBOXRSDT HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<b><VENDOR></b>\WOOTRSDT /s /f<br />@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\<b><VENDOR></b>\VBOXRSDT /f<br /><br />@reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v VideoBiosVersion /t REG_MULTI_SZ /d "VGA BIOS v1.14" /f<br /><br />---- end of script ---</span><br />
<br />Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-9117523535607026392012-09-20T21:06:00.004+02:002012-09-24T23:26:08.899+02:00Modifying KVM (qemu-kvm) settings for malware analysisThis post is long overdue, but here it is. <br />
<br />
How to make qemu-kvm a bit harder to detect for malware and pentesters alike (ex: fool Metasploit checkvm). <br />
<br />
I have found that using libvirt and virsh edit is a simple way to change the settings for the guest OS.<br />
<br />
<b>General guidelines:</b> <br />
<br />
* Don't install guest additions<br />
<br />
* Change MAC address<br />
<span style="font-size: x-small;"><interface type='network'><br /> <mac address='<b>xx:xx:xx:xx:xx:xx</b>'/><br /> <source network='default'/><br /> <model type='rtl8139'/><br /> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/><br /> </interface></span><br />
<br />
<br />
*
Copy the host CPU info into the guest. (can be done in the XML file or
via virt-manager)<br />
<b> </b><br />
<b> Processor -> configuration -> Copy host CPU
configuration</b><br />
<br />
* Change BIOS information<br />
<br />
Start by retrieving the dmidecode information for your host.<br />
<br />
<span style="font-size: x-small;"> <os><br /> <smbios mode='sysinfo'/><br /> ...<br /> </os><br /> </span><br />
<span style="font-size: x-small;"> <sysinfo type='smbios'><br /> <bios><br /> <entry name='vendor'><b>XXXX</b></entry><br /> <entry name='version'><b>XXXXXX</b></entry><br /> <entry name='date'><b>XXXXX</b></entry><br /> <entry name='release'><b>XXXXX</b></entry></span><br />
<span style="font-size: x-small;"> </bios><br /> <system><br /> <entry name='manufacturer'><b>XXXXX</b></entry><br /> <entry name='product'><b>XXXXX</b></entry><br /> <entry name='version'><b>XXXXX</b></entry><br /> <entry name='serial'><b>XXXXX</b></entry><br /> <entry name='uuid'><b>XXXXXXXX</b></entry> <-- This values has to be the same as the other UUID variable found in the xml file<br /> <entry name='sku'><b>XXXXXX<</b>/entry> <br /> <entry name='family'><b>XXXXXX</b></entry> <br /> </system><br /> </sysinfo></span><br />
<br />
* Change Harddrive model<br />
<br />
In my quest to find an easy way to change the harddrive model number from QEMU HARDDISK to something else, I stumble up on this patch:<br />
<br />
https://lists.gnu.org/archive/html/qemu-devel/2012-03/msg02272.html.<br />
<br />
But the stock qemu-kvm shipped with Ubuntu does not support the "<b>model=</b>" setting. So I downloaded the latest qemu-kvm source, as I thought that the patch would be incorporated in that release. Sadly I did not get it to work quickly (adding it as a qdev option might have worked)<br />
<br />
It could have been that libvirt version which is shipped with Ubuntu did not support
me adding the setting via virsh ..anyway a quick fix to the problem was to edit
<b>core.c</b> and replace "QEMU HARDDISK" with something else as I already had the source.<br />
<br />
Edit file: qemu-kvm-1.2.0-rc2/hw/ide/core.c<b><br /></b> Org: strcpy(s->drive_model_str, "<b>QEMU HARDDISK</b>");<br />
Change: strcpy(s->drive_model_str, "<b>XXXXXXX</b>");<b><br /> </b><br />
* Registry edit <b><br /></b><br />
<b> </b>Change "WOOT" to something more suitable. As with Virtualbox, if you are using Cuckoo this script has to be run only once. If you need to reboot, add the script to auto execute after reboot to change those pesky registry values that are reset after each reboot. <b> </b><br />
<b><br /></b>
-- start of script ---<b><br /></b><br />
<br />
<span style="font-size: x-small;">@reg copy HKLM\HARDWARE\ACPI\DSDT\BXPC HKLM\HARDWARE\ACPI\DSDT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\DSDT\BXPC /f<br /><br />@reg copy HKLM\HARDWARE\ACPI\DSDT\WOOT\BXDSDT HKLM\HARDWARE\ACPI\DSDT\WOOT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\DSDT\WOOT\BXDSDT /f<br /><br />@reg copy HKLM\HARDWARE\ACPI\FADT\BOCHS_ HKLM\HARDWARE\ACPI\FADT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\FADT\BOCHS_ /f<br /><br />@reg copy HKLM\HARDWARE\ACPI\FADT\WOOT\BXPCFACP HKLM\HARDWARE\ACPI\FADT\WOOT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\FADT\WOOT\BXPCFACP /f<br /><br />@reg copy HKLM\HARDWARE\ACPI\RSDT\BOCHS_ HKLM\HARDWARE\ACPI\RSDT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\RSDT\BOCHS_ /f<br /><br />@reg copy HKLM\HARDWARE\ACPI\RSDT\WOOT\BXPCRSDT HKLM\HARDWARE\ACPI\RSDT\WOOT\WOOT /s /f<br />@reg delete HKLM\HARDWARE\ACPI\RSDT\WOOT\BXPCRSDT /f<br /><br />@reg add HKLM\HARDWARE\DESCRIPTION\System /v SystemBiosVersion /t REG_MULTI_SZ /d "WOOT -1" /f </span><br />
<br />
--- end of script ----<br />
<br />
<b>Update 1:</b> Modify the BIOS.<br />
<br />
At the moment my blog posts reflects my research, sporadic and a bit chaotic. Anyway I just noticed (it quite obvious really) that the BIOS would reveal the presences of a virtual guest so here is a way to make it less obvious.<br />
<br />
Download the BIOS (seabios) source:<br /><br />
<span style="font-size: x-small;"> git clone git://git.seabios.org/seabios.git </span><br />
<br />
<span style="font-size: x-small;"><span style="font-size: small;">Edit the following file:</span></span><br />
<br />
<span style="font-size: x-small;"><span style="font-size: small;"> <span style="font-size: x-small;">seabios/src/config.h </span></span></span><br />
<br />
Locate the following part: <br />
<br />
<span style="font-size: x-small;">#define CONFIG_APPNAME "Bochs"<br />#define CONFIG_CPUNAME8 "BOCHSCPU"<br />#define CONFIG_APPNAME6 "BOCHS "<br />#define CONFIG_APPNAME4 "BXPC"</span><br />
<br />
And change it to something appropriate <br />
<br /><span style="font-size: x-small;">#define CONFIG_APPNAME "DELL"<br />#define CONFIG_CPUNAME8 "DELLCPU"<br />#define CONFIG_APPNAME6 "DELL "<br />#define CONFIG_APPNAME4 "DELLS" (I don't know just change it to something..)</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"><span style="font-size: small;">Run</span></span> make and then replace the current one with the new one found in the "out" directory.<br /><br />You can verify the change by using the Windows port of dmidecode, which contains a application called biosdecode.exe. <br /><br />
The value to look for is the OEM identifier. The change will also have some positive effect on the reg settings, in the sense that they will look more "natural"(?)<br /><br />
<br />
/Micke<br />
@nsmfoo<br />
<br />Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com5tag:blogger.com,1999:blog-8463491790630642817.post-39032464938222253572012-09-02T22:33:00.001+02:002012-09-03T21:54:55.833+02:00Modifying VirtualBox settings for malware analysis part 2I did some more research and noted that my previous post lacked some information/fixes.<br />
If you apply the previously mentioned setting you will still be able to detected the guest, for example by using the Metasploit script checkvm.. but this can be fixed.<br />
<br />
1) Start off with applying the previous setting for the virtualbox guest.<br />
<br />
2) Then login to the guest and delete registry keys that is called something<br />
like "VBOX".<br />
<br />
On one of my guests I found the following. But you milage may vary depending on if you<br />
added the virtualbox setting before booting the guest for the first time or not<br />
<br />
I had VBOX related reg keys in the following locations:<br />
<br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\IDE\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\IDE\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE\</span><br />
<br />
There are a few keys that will be reset on reboot.<br />
<br />
Reboot the guest and search once again in the registry to identify them. <br />
<br />
If you are using cuckoo this will not be a problem as you don't restart the guest between tests. However if you do manually test you could add a script that performes the changes at boot.<br />
<br />
The batch script below is based in information bluntly stolen from:<br />
<span style="font-size: x-small;">https://itsultra.wordpress.com/2011/12/07/how-to-play-maplestory-using-virtualbox-4-1-x/</span><br />
<br />
I have added some more keys that the original script did not cover<br />
<br />
Note: replace the string <b>"WOOT"</b> and "<b>VGA BIOS v1.54</b>" with a string of your choice.<br />
<br />
<span style="font-size: x-small;">-- start of script --- </span><br />
<br />
<span style="font-size: x-small;">@reg copy HKLM\HARDWARE\ACPI\DSDT\VBOX__ HKLM\HARDWARE\ACPI\DSDT\WOOT__ /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKLM\HARDWARE\ACPI\DSDT\VBOX__ /f</span><br />
<span style="font-size: x-small;">@reg copy HKLM\HARDWARE\ACPI\RSDT\VBOX__ HKLM\HARDWARE\ACPI\RSDT\WOOT__ /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKLM\HARDWARE\ACPI\RSDT\VBOX__ /f</span><br />
<span style="font-size: x-small;">@reg copy HKLM\HARDWARE\ACPI\FADT\VBOX__ HKLM\HARDWARE\ACPI\FADT\WOOT__ /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKLM\HARDWARE\ACPI\FADT\VBOX__ /f</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\WOOTBIOS /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\WOOT__\VBOXBIOS /f</span><br />
<span style="font-size: x-small;">@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\VBOXFACP</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\WOOTFACP /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\WOOT__\VBOXFACP /f</span><br />
<span style="font-size: x-small;">@reg copy HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\VBOXRSDT</span><br />
<span style="font-size: x-small;">HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\WOOTRSDT /s /f</span><br />
<span style="font-size: x-small;">@reg delete HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\WOOT__\VBOXRSDT /f</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">@reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v</span><br />
<span style="font-size: x-small;">SystemBiosVersion /t REG_MULTI_SZ /d "WOOT -1" /f</span><br />
<span style="font-size: x-small;">@reg add HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System /v</span><br />
<span style="font-size: x-small;">VideoBiosVersion /t REG_MULTI_SZ /d "VGA BIOS v1.54" /f</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">--- end of script ---</span><br />
<br />
There are of course other ways to identify a Virtualbox instance (or a Cuckoo sandbox in VBox or KVM). Some can be fixed other may not be so easily solved. I will update this post with some more fixed soon. <br />
<br />
<br />
/Micke @nsmfooMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-9860778969623854282012-08-23T21:07:00.002+02:002012-08-23T22:12:40.091+02:00Modifying VirtualBox settings for malware analysis If you are using VirtualBox for malware analysis, either with a sandbox like Cuckoo or stand alone. You probably would like to be able to run modern malware even those samples that are VM aware.<br />
<br />
Here are a few tips to make your VirtualBox guest somewhat harder to detect. <br />
<br />
First run dmidecode on your host (I assume it's a Linux based one, but this can be performed on other OSes as well)<br />
<br />
#dmidecode -t0<br />
#dmidecode -t1<br />
<br />
You will get an output that looks something like this:<br />
<br />
<b>BIOS Information</b><br />
<ul>
<li> Vendor: <vendor></li>
<li> Version: <BIOS version></li>
<li> Release Date: <BIOS date></li>
</ul>
<b>System Information</b><br />
<ul>
<li> Manufacturer: <vendor></li>
<li> Product Name: <product></li>
<li> Version: <hw "version"></li>
<li> Serial Number: <S/N></li>
<li> UUID: <UUID></li>
<li> Wake-up Type: Power Switch</li>
<li> SKU Number: Not Specified</li>
<li> Family: <"hw "version"> </li>
</ul>
To make it easier to apply these settings on several guest's, create a script that<br />
contains the following commands:<br />
(Populate the values with information from the Dmidecode output above)<br />
<span style="font-size: x-small;"></span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVendor" "<vendor>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSVersion" "<BIOS version>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseDate" "<BIOS date"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMajor" <value from BIOS date></span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSReleaseMinor" <value from BIOS date></span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMajor" <value from BIOS date></span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiBIOSFirmwareMinor" <value from BIOS date></span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVendor" "<vendor>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemProduct" "<product>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemVersion" "<product>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSerial" "<S/N>"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemSKU" "Not Specified"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemFamily" "<"hw version">"</span><br />
<span style="font-size: x-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/pcbios/0/Config/DmiSystemUuid" "<UUID>"</span><br />
<br />
<br />
<b>Also:</b><br />
<ul>
<li>Change MAC address: <span style="font-size: x-small;"> </span><span style="font-size: x-small;"> </span></li>
</ul>
<span style="font-size: x-small;"> VBoxManage modifyvm "<vm name>" --macaddressX <MAC></span><br />
<ul>
<li><span style="font-size: x-small;"> <span style="font-size: small;">Change disk settings:</span></span></li>
</ul>
<span style="font-size: xx-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/SerialNumber" "<serial>"</span><br />
<span style="font-size: x-small;"><span style="font-size: small;"><span style="font-size: xx-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/FirmwareRevision" "<firmware>"</span></span></span><br />
<span style="font-size: x-small;"><span style="font-size: small;"><span style="font-size: xx-small;">VBoxManage setextradata "<vm name>" "VBoxInternal/Devices/piix3ide/0/Config/PrimaryMaster/ModelNumber" "<model>"</span> </span></span><br />
<br />
<ul>
<li>Detach CDROM (or change settings for the CD-ROM)</li>
<li>Don't install vbox tools! </li>
</ul>
Use:" <span style="font-size: x-small;">VBoxManage getextradata "<vm name>" enumerate</span> " to review your settings.<b> </b><br />
<br />
<b>/Micke </b><br />
<br />
<b>Update1:</b><br />
<br />
Untested but might be useful..<br />
<span style="font-size: x-small;">VBoxManage setextradata "VM name" "VBoxInternal/TM/TSCTiedToExecution" 1</span>
<br />
<br />
<br />Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com23tag:blogger.com,1999:blog-8463491790630642817.post-66643661493149625912012-07-04T19:43:00.000+02:002012-07-04T20:50:21.482+02:00Perl script to push samples to Virustotal (93% stolen code =))<span style="font-size: small;">Just a quick post for a quick fix. I added a few lines to the Perl script originally made by cfrenz to make it more useful for my needs and hopefully for a few others as well. Looping through a JSON file can be tricky and the original script lacked the more verbose output which is now included.</span><br />
<span style="font-size: x-small;"> </span><br />
<span style="font-size: x-small;">/Micke </span><br />
<br />
<span style="font-size: x-small;"># vtupload.pl </span><br />
<span style="font-size: x-small;">#!/usr/bin/perl<br /><br /># This script is heavily based (to say the least) on the work done by cfrenz (http://perlgems.blogspot.se/2012/05/using-virustotal-api-v20.html My aim was to add some functionality to the original script. </span><br />
<span style="font-size: x-small;"># Usage: vtupload.pl <sample> or just do a loop through your sample repository and pipe the result to a file(s) for later </span><br />
<span style="font-size: x-small;"># analyses. Which makes it easy to push loads of samples to VT.<br /># /Micke @nsmfoo <br /><br /># Org comments:<br /># Copyright 2012- Christopher M. Frenz<br /># This script is free software - it may be used, copied, redistributed, and/or modified<br /># under the terms laid forth in the Perl Artistic License<br /><br />use LWP::UserAgent;<br />use JSON;<br /><br />#Code to submit a file to Virus Total<br />my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 1 });<br />my $url='https://www.virustotal.com/vtapi/v2/file/scan';<br /><br />my $key='VT-API KEY';<br /><br />my $response = $ua->post( $url,<br /> Content_Type => 'multipart/form-data',<br /> Content => ['apikey' => $key,<br /> 'file' => [$ARGV[0]]]<br /> );<br />die "$url error: ", $response->status_line<br /> unless $response->is_success;<br />my $results=$response->content;<br /><br />#pulls the sha256 value out of the JSON response<br />my $json = JSON->new->allow_nonref; <br />my $decjson = $json->decode( $results);<br />my $sha256=$decjson->{"sha256"};<br /><br />#Code to retrieve the results that pertain to a submitted file by hash value<br />$url='https://www.virustotal.com/vtapi/v2/file/report';<br /><br />$response = $ua->post( $url,<br /> ['apikey' => $key,<br /> 'resource' => $sha256]<br /> );<br />die "$url error: ", $response->status_line<br /> unless $response->is_success;<br />$results=$response->content;<br /><br />$json = JSON->new->allow_nonref; <br />$decjson = $json->decode($results);<br /><br /># print selected values from the json file<br />print "-----------------------------------------------------------------------\n";<br />print "Sample name: ". $ARGV[0]."\n";<br />print "Scan ID: ".$decjson->{"scan_id"}."\n";<br />print "Scan Date: ".$decjson->{"scan_date"}."\n";<br />print "SHA256: ".$decjson->{"sha256"}."\n";<br />print "MD5: ".$decjson->{"md5"}."\n";<br />print "Detection rate: ".$decjson->{"positives"}. "/".$decjson->{"total"}."\n";<br />print "Verbose Message: ".$decjson->{"verbose_msg"}."\n";<br /><br />print "-----------------------------------------------------------------------\n";<br /># print AV engines status per vendor<br />print "Scan results: \n";<br />for my $key1 ( sort keys %$decjson ) {<br /> for my $key2 ( sort keys %{$decjson->{ $key1 }} ) {<br /> print "\t$key2\n";<br /> <br /> for my $key3 ( sort keys %{$decjson->{ $key1 }->{ $key2 }} ) {<br /> print "\t\t$key3 => $decjson->{ $key1 }->{ $key2 }->{ $key3 }\n";<br /> }<br /> }<br /><br /> }<br /><br />print "\nURL: ".$decjson->{"permalink"}."\n";</span>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-65090267231787866862012-06-25T23:01:00.004+02:002012-06-25T23:11:44.307+02:00Optimizing malware sample detection<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073743103 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Cambria;
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-GB;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:Cambria;
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<span lang="EN-GB" style="font-size: small;">S<span style="font-family: inherit;">ubmittin</span>g a sample </span><span style="font-family: Helvetica; font-size: small;">to Virustotal (usually) means that it will trickle</span>
<br />
<div class="MsoNormal">
<span style="font-family: Helvetica; font-size: small;">down to the various AV vendors for detection</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">Depending on your organizations needs, you
might have to struggle with</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">not only internal clients but also the
dreaded external clients. </span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Helvetica;">External clients are tricky as in most cases you are
not able to control them at all or you most likely don’t know which kind of AV
protection they have (if they have any that is) </span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">Enters Virustotal, which enables you to
spread knowledge and hopefully detection to “all” AV vendors at least that is
the idea.</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">I was told that samples sent to VT would not
propagate to the vendors if less then two vendors
detected the sample, this was a couple of years ago mind you.</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">So armed with the knowledge that you need
some kind of "basic detection" to be able to get the attention of the AV
vendors (I will leave out Flame which everyone jumped on ;)).</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">The solutions for this, has been to utilize the
in-house AV vendors to “kick start” the detection.</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">Most companies big and small have at least
one subscription/contract with an AV vendor, many have several different vendors
(client/server, mail, proxy etc). These are companies that are present (most
likely) on Virustotal. But VT is not the place to start if you need
detection fast! </span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">If you need detection in a timely fashion,
you should use the SLA you pay for from your
AV vendor(s). </span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">This is how I usually do:</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">You begin with having “your” AV vendor(s)
create detection for your sample and then you push it to Virustotal for the rest
to pick up. </span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">I also usually make direct submits to different
AV vendors, using the different methods they offer on their websites as they
seems to have different priorities for the different channels the receive
samples from and VT seems not always to be prioritized..</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">So to be successful in you detection
campaign, start off with the</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">services you pay for then continue with the
free to get better coverage.</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">I double checked my VT fact just a couple of
days ago and the current</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">situation is that you need at least one
vendor to detect the sample for it to “spread”, but there are differences between
vendors and vendors. </span><br />
<br />
<span style="font-family: Helvetica;">Lesser know ones would not trigger the bigger players
to react (this is my own interpretation of what I was told) and even
then it's finally up to the</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">receiving AV company to decide if they would
like to react on the sample or not.</span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<span style="font-family: Helvetica;">If you have another recipe for success,
please let me know. I’m always interested in how others are doing their “AV
submit optimizing” </span></div>
<div class="MsoNormal" style="mso-layout-grid-align: none; mso-pagination: none; text-autospace: none;">
<br /></div>
<div class="MsoNormal">
<span style="font-family: Helvetica;">/Micke </span></div>
<div class="MsoNormal">
<br /></div>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-30661383502208671732012-05-07T21:01:00.002+02:002012-06-27T23:33:34.323+02:00Online malware site checks. Part 2<b>Part 2</b><br />
<br />
A couple of years back I had the opportunity to have a
mail conversation with a person working for Bluecoats webfilter team.<br />
<br />
I had raised a question
regarding why all their checks was done from a IP range registered to
them (truthfully is was a range belonging to Cerberian which was a
webfilter company acquired by BC).<br />
<br />
Their answer was not satisfying as
they told me that they had not seen any reason or attempts to block
their check based on their IP range. This was a
round the time of the Storm botnet and my experience at that time was
clearly different.<br />
<br />
I'm in no aspect a professional malware "hunter", but I do basic malware analyses quite regularly. And I was forced quite early to start using multiple user agents and or IP addresses to be able to download a sample. So the use of a static IP range was strange to say the least. <br />
<br />
As this was a couple of years ago
and I have not really given it any thought on how the different commercial
webfilter and online scanners, like then ones different AV vendors and
security researcher make public works since then. Many whom I tend to use quite regularly. How they solve
the challenges with malicious sites only serving content to
specific user agents, geographic location etc. <br />
<br />
Bottom line is
that you now a days only get one shot to retrieve content from a
malicious site from a single IP (OK not every time but to often to be ignored) also you must be using the right components (OS, Web browser, plugin etc) to be able to "access" the malware<br />
<br />
So I decided to check how a handful of different online resources did when they verified the content
of a site. I installed a basic web site on a server that I had to
my disposal.<br />
<br />
The next step was to scan the site from the different
resources(14 different) and then verify the result using the web logs. <br />
<br />
I did multiple scans with the same solution to see if I would get different results. And the result reviled that it would <b>not</b> require all that much work to assemble a working blacklist to prevents these solutions from looking at the content of my site. Against webfilters this could also be used in a less malicious way for site owners to display false content to them, thus circumventing their category blocking.<br />
<br />
<b>Result:</b><br />
* Most used IP ranges registered to the company in question<br />
* The solutions that was using Google infrastructure had appIDs that made them easy to fingerprint. <br />
* Some had the service name in their user agent<br />
* Most only used one user agent variant.<br />
<br />
The problem as I see it, based on the result was that it was quite trivial to build an effective blacklist to prevent the companies from looking at your content. I did not see any evidence of a really efficient analyze with multiple IPs and multiple user agents to maximize the likelihood of being served malware.<br />
<br />
This might this be a case of me wishing that these service would be something they aren't? Not sure<br />
, but quite
a lot of people(myself included) look to these services to either protect us
(webfilter) or to give us a verdict if the site is OK or not.<br />
<br />
My initial
thought was that I might be missing something(this would not have been the first time..),<br />
As a prof of concept I modified the site to show different content to different visitors (applying the blacklist I had created), this would be what I would have done if I was trying to increase the life span of my malicious site. <br />
<br />
<i><b>The longer it takes for me to get detected the more
installs I get</b></i><br />
<br />
And with the exception of bonus visitors from Virustotal "partners" I was able to apply the blacklist successfully. <i><b> </b></i><br />
<br />
<b>Note</b>: If you think that this is me giving malware
distributors a nice manual on how to evade detection. Then you are "flattering" me. But this is hardly something "they" have not thought of
before. In fact here is a nice write-up of a exploit kit that does exactly this: http://t.co/KRfPGQHh.<br />
<br />
<b>Tested services:</b><br />
<br />
<b>- vscan.novirusthanks.org</b><br />
<ul>
<li><b>IP:</b> static</li>
<li><b>User agent:</b> "-"</li>
<li><b>Note:</b> Seems <span class="short_text" id="result_box" lang="en"><span class="hps">specialized</span></span> to scan a direct file and not a whole "site" ..</li>
</ul>
<br />
<b>- vurldissect.co.uk</b><br />
<ul>
<li><b>IP:</b> The user can choose between a number of location from where the scan can be performed. Which is great, but in the end it only delays the blacklist creation as they are static</li>
<li><b>User agent:</b><br />
<span style="font-size: x-small;">Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)</span><br />
</li>
<li><b>Note: </b>Even thought you chose one location there will also be requests from "the main location" followed by request from the location you chose. Also some request will include "http://vurldissect.co.uk" in the referrer field.</li>
</ul>
<b>- siteinspector.comodo.com</b><br />
<ul>
<li><b>IP:</b> static (registered to Comodo)</li>
<li><b>User agent:</b> <span style="font-size: x-small;"> </span></li>
</ul>
<span style="font-size: x-small;"> Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US</span><b><br /></b><br />
<b>- onlinelinkscan.com</b><br />
<ul>
<li><b>IP:</b> static</li>
<li><b>User agent:</b> "-"</li>
</ul>
<b>- virustotal.com</b><br />
<ul>
<li><b>IP</b>: Somewhat static (registered to Google)</li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17 AppEngine-Google; (+http://code.google.com/appengine; appid: virustotalstorage)</span><br />
<ul>
<li><b>Note:</b> The appID is a tell tell sign =). As a bonus, if you check your "malicious" site with Virustotal you do attract the attention of others. For example Panda AV(Pandasecurity) who also likes to scan from their own IP range. But there are others who use dialups and changing user agents, so that was positive. I even got one who seemed to be using SUSE which is novel(phun intended) and the person/script behind those requests did a full scan which was <span class="short_text" id="result_box" lang="en"><span class="hps">admirable!(but the result should be a bit limited due to the "lack" of Linux malware) but would catch a injected iframe or similar.</span></span></li>
</ul>
<br />
<b>- zulu.zscaler.com/ (zscaler.com)</b><br />
<ul>
<li><b>IP:</b> Multiple (one registered to zscaler.com) - but the IP addresses are static</li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;"> "-"</span><br />
<span style="font-size: x-small;"> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</span><br />
<br />
<b>- www.unmaskparasites.com</b><br />
<ul>
<li><b>IP:</b> uses Google services</li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">"Mozilla/5.0 (compatible; Windows) AppEngine-Google; (+http://code.google.com/appengine; appid: unmask-parasites)"</span> <br />
<ul>
<li><b>Note:</b> The appID is yet again a give away.</li>
</ul>
<br />
<b>- Webpawet</b><br />
<ul>
<li><b>IP:</b> Random /24 address registered to the University that hosts the solution </li>
<li><b>User agent:</b><span style="font-size: x-small;"> </span></li>
</ul>
<span style="font-size: x-small;"> "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)</span><br />
<ul>
<li><span style="font-size: x-small;"><span style="font-size: small;"><b>Note: </b>You are able to set not only referer but also headers</span> </span></li>
</ul>
<br />
<b>- URLQUERY.net</b><br />
<ul>
<li><b>IP: </b>static and registered to a security company</li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13"</span><br />
<ul>
<li><span style="font-size: x-small;"><b><span style="font-size: small;">Note: </span></b><span style="font-size: small;">URLquery allows you to set referer and change user agent</span> </span></li>
</ul>
<br />
<b>- Sucuri</b><br />
<ul>
<li><b>IP:</b> Multiple IPs(2). IP number one, is most used (points to the scanning service). IP number 2 could be a manual verification attempt. </li>
</ul>
<ul>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 MSIE 7.0"</span><br />
<span style="font-size: small;">or via google</span><br />
<span style="font-size: x-small;">"googlebot" </span><br />
<br />
<ul>
<li><b>Note:</b> The referrer field includes the name of the scanning service used.</li>
</ul>
<br />
<b>- aceinsight.websense.com (Websense)</b><br />
<ul>
<li><b>IP:</b> Multiple IP's (one more frequently used then the other, could be a manual verification that generated hits from IP number two)</li>
</ul>
<ul>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727)"</span><br />
<br />
<b>- Bluecoat</b><br />
<ul>
<li><b>IP: </b>static (static net) Registered to Bluecoat </li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" </span> <br />
<br />
<b>- gred.jp</b><br />
<ul>
<li><b>IP:</b> Static IP</li>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;">"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"</span><b> </b><br />
<ul>
<li><b>Note:</b> Has a option to scan all links which is great.</li>
</ul>
<br />
<b>- Trend Micro</b><br />
<ul>
<li><b>IP:</b> Multiple IP addresses from a /16 registered to Trendmicro</li>
</ul>
<ul>
<li><b>User agent:</b></li>
</ul>
<span style="font-size: x-small;"> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) </span><br />
<br />
<b>- Misc</b><br />
<ul>
<li>The people at Bitdefender does site checks from IP's registered to their company.. </li>
<li>The same goes for AVG</li>
</ul>
<br />
<b>So what can be done?</b> <b> </b><br />
<br />
<b>As a provider of services: </b><br />
<br />
* Balance your checks between multiple IP addresses. Get your self a "large" amount of cheap connection (ones with dynamic IP addresses would be preferred, VPN services, TOR. The bottom line is to make creating a blacklist to hard/costly/ineffective.<br />
<br />
* Be as compliant regarding user agents settings as possible, as the purpose is mimic regular user visits. Mix and shake well!<br />
<br />
<b>As a users:</b><br />
<b>* </b>(Try to) Download the malware yourself and then use services like Webpawet or Virustotal<b> </b>to learn more.<br />
<br />
<b>Update 1:</b> I was rightfully informed that webpawet allows you to set referer and headers. URLquery also allows you to set referar and change user agent (thanks @c_APT_ure for pointing this out)<br />
<br />
<br />
/MickeMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-38405843409857997022012-04-30T23:15:00.001+02:002012-05-05T21:45:41.501+02:00Online malware site checks. Part 1<b>Part 1 </b><br />
<br />
If a company would ask me for advice on how to increase their client security, my answer would be to install a webfilter!<br />
<br />
With a webfilter, I mean a filter that is able to blacklists malicious sites, thus preventing users access to those resources.<br />
<br />
Removing common vulnerable client application is also a effective way to achieve higher client security. But removing Flash, Java or Reader in a corporate environment even thought it would dramatically decrease the exposure to malicious code. Is in most environments not a feasible solution due to <span class="short_text" id="result_box" lang="en"><span class="hps">dependencies</span></span> and users expectations (at least in my experience).<br />
<br />
A webfilter blocking users from accessing know malicious sites is in most cases transparent to the end user, except when his/her favorite blog is blocked due to infection. <br />
<br />
When installed as a perimeter protection, it's trumps a gateway antivirus solution (yet again in my experience) the reason being, that instead of having to detect each and every one of the malicious samples found in a exploitkit on a given site. Simply denying access to that site, enables you to focus on other things than worrying about if something slipped pass your gateway AV installation(and sadly maybe even your client AV).<br />
<br />
One could argue that a webfilter suffers from the same problem as signature based antivirus, that the malicious site has to be known in order for it to be added to the blacklist.<br />
<br />
While this is true, I would argue that the effort to determine if a site is malicious would in most cases be much quicker than understanding a malicious sample and write a efficient signature for it (also one has to take into consideration that malware could be using polymorphic functions to evade signature based detection, which would make the effort greater for the AV analyst).<br />
<br />
Also as mentioned above, the AV have to catch them all, if one slips <span class="short_text" id="result_box" lang="en"><span class="hps">through</span></span> the cracks it is game over!<br />
<br />
So .. are webfilters and oneline site checks flawless? Of course not! In reality there is a lot of things one could wish for in these solutions. <br />
<br />
Stay tuned for part 2, where my praise for webfilter will suffer a blow =)<br />
<br />
(but I still think that the above analyze has some merit)<br />
<br />
/MickeMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-85189655445817412442012-04-07T10:54:00.000+02:002012-04-15T21:00:41.525+02:00Detecting honeypots using unique binariesMost of us use online services like Virustotal, Threatexpert etc to get a quick analyze of newly "acquired" malware, it's fast and can quickly help us distinguish known malware from the not so known ones.<br />
<br />
Virustotal had a functions, back in the day to enable the uploader to disallow VT to spread the sample to the connected AV vendors. This functions was abused by malware authors and thus removed.<br />
<br />
The current situation is that all malware uploaded to VT is easily searchable for both security researchers and malware creators/distributors alike.<br />
<br />
My idea or rather my thought (This might not be so novel and yes others have come to the same conclusions before) was that this creates a "great" way for an attacker to learn when he/she is discovered or a way to detect honeypots using unique binaries.<br />
<br />
If malware authors starts to uses unique binaries(if they have not already..) not only as today to lure AV vendors but to pinpoint infections points and adversaries, this could have a very harming effect on security research as a whole. SPAM distributors have been using uniqueness as a way to verify email accounts for years.<br />
<br />
This method could be extended to web applications attacks as well, using unique strings and data mine reports from the security community. And then it's just a matter of remembering which binary or web request was sent to which host. <br />
<br />
A simple PoC has been developed that can detect the Dionaea honeypot (with VT submit enabled, it queries VT for verification) or other SMB honeypots.<br />
<br />
The use of Dionaea was mostly because I have a couple of installations running, but this can be used against any kind of honeypot (as long as it(or the admin) shares information that you can data mine).<br />
<br />
I hope this gives you some idea, about the pitfalls with information sharing. Which is a wonderful "tool" for researcher to gain knowledge from systems besides their own, but it can also tip of a attacker that you are on to them. So if you get compromised, uploading the malware to VT might not be the help you where looking for.<br />
<br />
<i>The script below will most certainly not make it into the Nmap NSE script library as it uses a couple of shell functions, but it will work under most *nix variants. It also required a valid VT API key which you can get from the VT site. </i><br />
<br />
<i>You will also have to configure the script to use a binary of your choice. And one last thing I somewhat deliberately did not create this script for speed. Default sleep time for the script before checking with virustotal is 20 min, this should be enough time for the honeypot to upload the binary and for virustotal to process it. </i><br />
<br />
<i>Script output (if successful):</i><br />
<i>-<span style="font-size: x-small;">-Host script results: ---|_honeydetect: Binary detected by Virustotal, host most likely a Honeypot!</span></i><br />
<br />
The script creates a file called hash.log, which contains the hostname of the host you scanned and the current hash. This can be useful if you scan multiple hosts or is the 20 min is not enough. This way you can manually check with VT afterwards. <br />
<br />
<i><span style="font-size: x-small;">cat hash.log <br />localhost: 8ddf5b6c575cec55c5f1b1f8b984b178 </span></i><br />
<br />
<br />
<a href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9wAAAEWCAYAAACUvJ/mAAAACXBIWXMAAAsTAAALEwEAmpwYAAAgAElEQVR4nOzdf1zUZb7//wc62GAjQmECha0KWRjZZrlWamDp1hq5pdWKZ7NtVzuGdcz1pJzdcNPviSyXPB3Nwq1FW7EfWh+XWl1rdVdt87hSGooVCCU2UKKgTDLC6Hz/mBl+zrxnQEbFnvfbbW+b8/5xXe/rel/DvN7Xj3eI0+l0IiIiIiIiIiKdqtvZzoCIiIiIiIjI+UgBt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERERkSBQwC0iIiIiIiISBAq4RURERERERIJAAbeIiIiIiIhIECjgFhEREREREQkCBdwiIiIiIiIiQaCAW0RERERERCQIFHCLiIiIiIiIBIECbhEREREREZEgUMAtIiIiIiIiEgQKuEVERERERESCQAG3iIiIiIiISBAo4BYREREREREJAtPZSjjiib916Lhxg/swYkAk00fGtdn23t5DFFpr2VZaQ6G1lqN1DgB6h5kYMSCScYP7kHZ9DACF1lpGLt7R4vgRAyN59+HrOpSvYKqorKSy4huf2xMSBmKxWM5gjs5veTsryCuo8Lk9KzWBpNheZzBHnSMj/wsKrTaf28/Fe9+j0FpLRn6xz+1pQ2Ma27aIiIiIyLnirAXcgeodZmLc4D6NgXbvsKYsH61z8N7eQ7y39xDbSqsbA+zWmu+XV1DBqgeuISm2FyMGRrJtf/WZupQOs9fZqa6p8bm9weH9uqVjDlTXGd4Xvu6zc12h1dYl7ndvjtY5DPM+YkDEGcyNiIiIiEhgzsmA2xUMR5A2NKZNT2KhtZZt+2vIK6ig0Frb7nNv21/NnS9/zLsPX8fc2/pzZxcNQEREREREROTcds4E3CMGRjIusQ/jru5Dv0hzi23b9lfzXtEh3ttziAPV9tNOq9BayzMflJKVegVJsb06FLiLiIiIiIiIGDlrAbdnqLhnbrW3oeLbSqt5b++hoAzhXba1nH4RYS3SFREREREREeksZy3a/OqpW1r8+0C1nff2HOK9okNnbJ5pRv4XZyQdERERERER+f45J7p3l20tV/ArIiIiIiIi55VzIuCePjKOcVf3Ydm2A+TtrOiyq0AHiznMTGSE71WYQ03nRDWKiIiIiIhIM+dMpNYv0kxW6hXMvW0Ay7YdYNm2cgXebjHR0cRER5/tbIiIiIiIiEg7nDMBt0fvMBNzxwxg7pgB5O2s4Jn3SztlZXLxzuFwUF1Tg63WBrh60xXcnx2F1to2D5n6XRTWZtV+ERERERHpGs65gLu5tOtjSLs+hvf2HmLZtvIztpiaR3n5QaqqDhvuc1ncpfSJigra+X/Q/3LsdjuVFd/43CchYSAWi6Xx3598stvnvpZeFhLiBwJQVvYlZV9+1WafmOhobDYbxcX7fZ4nOqZvwIF5RWVlu/Lf2qGqKmpqjjY+FOgMzdO88+WPW2w7cKTO8NiM/GKfq9unDXXds/54FgncVlpNobXW70Mlz7vpPav6+1NorSUjv7jNZ0Zal0NzWakJJMX2MtynPXqbTSTFWhg3uA9Jsb065ZwiIiIiIueasxZwP/JmEXPHDAio927c4D6MG9yHbfurySuoIG9nxRnIIURGRlBc4jvoBGhwODoecB/8Grvdd6BlNrvmbpeVfUl1TY1hHpoz2tdj377PqaisNDyn0XkiInr7TcPDXmdvV/49qmtq2Lfvc8My6qjmabb3QY5R4DpigO+59p60lm0r5729h9qdZqG11vU6u0gzc8cMMAzsj9Y52n1dRvt7et4786HXe3sP8cz7ZfSLNPPifYmMGBjZaecWERERETkXdDtbCeftrOCarA955M2igH/EjxgYyYv3JfJpxs0B9SKeLovFYtjzCmCz2ToUEFZUVvo9Lu6yS9t93kCUlX1pGGyfCyoqK/nkk91BCbbPhqN1Diav+JQ7X/643cF2aweq7TzyZhHXZH3ot9e6KzhQbefOlz/WmwpERERE5Lxz1gJuj7ydFdz58sftCkQ8PWJfPXULc8f09zm8tzPExfkPessPft3u8xoNsQYwmUzExHT+XOoGh6ND+T2TbDYb+/Z9fraz0WkKrbVc88yHpx1ot3ag2s7IxTvO2IiPYFu2tZxH3iw629kQEREREek0Zz3g9ti2v5rJKz7lmqwPAw4gPAusfTr3Zl68LzEoi0vFREdj8vParYqK9vUW2+3GQ6wBYmL8p9sRNpsNh48h3OcKo7njXc17ew9x58sfB3XF/UfeLDpvgu68nWduyoiIiIiISLCdc4umeYbLZuR/wfQRcUwf0c9vD3bvMFPjAmt5OyvIK6jo1LmmcZdd6nVxMQ+Hw0FFZWXAi4gF0sMcrOHk57pAHkb0iYrCYrnwtNIJMwd/5e9Cay2PvFkUcLA9YmBkiznghVYb20qrAzr+kTeL6BdpPi/mQT/zfukZmTIiIiIiIhJs51zA7XG0zsEz75exbFs54wb3CXiBtbTrY+gXaebOTgy4Y2KiDQNugKpDhwNftdtPj3hMdDTmIAWEFouFhISBQTl3Z6i1Ga9EHhMdzVVXDerUNGuevbXFv595v5Rn3i/zuf+7D18XUGD7yJv7AgqW547p7/PB0tE6h+v1eB+U+j3XI28W8WnGzYAreG99XXe+/LHhg6jW+3vz7sPX+d3Hl6N2B9tKq8nbWWF4LQeq7by391BAq7GLiIiIiJzLztmA28MTcOTtrHD1Yg+N8RvsdPY8ULPZTJ+oKA5VVfnc51BVFXa73W+gXFFZ6XdId3RM3w7lMxChJhOREcYraZ9N/l791b//5WcoJ6cnb2eF3wXNeoeZePG+RMPAsneYiekj4xgxMMLv0PQD1XaWbS1n+si4Dufbn9PtQR83uA9zbxvAnS9/bFg+20qrFXCLiIiISJd3zszhDkQgC6w9836p33cad8RlASyeFshcbn+LpUVGRJzTAfHZFqye/872zPulfvfJSr0i4KAyKbZXQL3Ly7YdCOh8Z1PvMJPfaym0dt4710VEREREzpYuFXB7NF9grXngXWitNRwKfDoiIyIC6L02DqYDmZ8czN7trsDfQnGBvGP8bCu01vp96DNiYGS75yknxfbye8yBanuXeFVY7zCTYW/5gSN1ZzA3IiIiIiLB0SUDbo8D1XYOHGkKbB55c19Q0/M3nNlutxsOOy8rM54HbjabA54Hfr6KjDTu3S8s3IvNzzzvsy2Q139NH9GxYd9zxwzolPTPdcEYpSIiIiIicqad83O4jYwYGNk4X3XZ1vKg9+z1iYqi2LTfcA521aHD9ImKavO5w+EwDMbh+7syeXMWiwWz2Yzd7j3gcjgc7PhXARaLhdAAX5tm6WUhIqK313oJhkCCxY7OT+4XaSYptpef+c9nZhTAgWo72/ZXc6C6Y73R6sUWERERkfNdlw64X7wvEXD98H/mA/9zZk+XyWSiT1QUFZW+52pXVFaSkDCwzdDoQ1VVhoG6yWQiJub73bvtkZAwkMLCvYb7tKeXu7qmhvLyg5jNZhISBgY98A5kOPnpSIq1GAbcwQ5kPa/u68xX74mIiIiInI+67JDyuWP6N74mrD3vOj5dgayS7W3xtPJy43dvx8RE+52//H3RJyoqKEPr7XY7hYV72bfv804/95nk7/V4wRyOXWitZeTi/1OwLSIiIiISgC4ZcCfF9mqcy5q3s+KM/vg3m81+VxEvP9gyuLbZbH57ZDWcvKWrrhoUtPnsFZWVlJcfDMq5z2cHqu1+X00mIiIiIiJNumTA/eJ9VwGud3Rn5H9xxtP394owu93eIsD227sdHd1lXnd1Jl111SCSkgYHpWyKS/b7nCcebF01YD2TI0lERERERM4HXW4M8/SRcSTF9gLOXgDQJyrKcGEvcAXZV101KKDF0r7vrwIz0icqij5RUdjtduoCDJBttTYqKr/xO6qg/ODXJMQP7IxstuBvyPfpLu53Nt5RXWitDWgkSb9IM/0uCgv4nArgRUREROR81qUC7n6RZube5hpK/t7eQ2f19Ucx0X0p+9L3a74OVVWR4Bjod7G0yIgIv0PUxTWUP9Ce7siICOLiLqO4ZL/h0HFbbXACV38BN7ju346uVO4vYD/dRdm8CaStvXhfYrveLX7nyx9rLriIiIiInNe61JDyF+9LpHeYyTWU/M+dO5S8d5iJtKGBBwtxcZcZbvf0bPsbTq7e7eBJiG+7Wnxz1TXBeX3WiAH+A96OPixyvYbLuKc/kIC/vfz1qs8d079dwbaIiIiIyPdBlwm4p4+Ma+y5e+aD0k5diTnt+hg+nXtzuwIGk8nkd1Gv4uL9hsOazWZz0BYGCzab7buznYWA9LJYOv2cgbz2q3eY8eCRji7298wHZX73CSTg98bouo7ajYd+dzRNEREREZHzWZcIuHuHmRqHkm/bX82yreWnfc6k2F5kpV7BV0/d0thz3l5xfhZPMxpKDl17ZfJDVVWG7yM/VzT4qYOOyMj/wu+w7kCGi09e+Wm75jAHEqT3DjN1eKj65BXty09z20o1NFxEREREpLUuMYe7eUD8yJtFHT7PiIGRjEvsw7ir+3TKsFuLxYLFYvG7OJc3JpOJmJhzt3c7kHnl+/Z9Tk31UaL6XGw4dNtuP9GZWQtYdU2NYd34usZ+kcaLfh2tczBy8Q7Sro9hxIDIFvdSv4vCXGsNjBlA3s6KAM7zf6yack3jQoC+LNtaHtCK/NNHxPl8eBTIYm7XPPNh43X1Njedx9+xz7xfRqHVRtr1MS2OM6IF00RERETkfHfOB9zjBvdp7LF75v32DSX39PaNGBDJuMF9OtSL7U9c3KXs2/d5u4+LiYk2DFLPBYE8TKiorDznerodDgfl5QfbvA+9tYiI3l4/D3TRsbydFW2C6rlj+jN3zAB30N2fZ943HgJ+oNreGLx77lXPfVporaXQagv4vu8XaWb6iH4+t48YEBnQQ4BlW8vbjCKZPjLOb/pneyFDEREREZFzzTkd8fUOM/HifYmAK/jwF7yAK+gYd3UfxiX2afdqzYXWWr89ja3FREdTXLzf7/Dx1rrCcPKOPkw4XZ98sjtoC5p5mEwmnwvf9Ys0M2Jg5GmvoD13zAAOVNv9BrngPXhvj95hJlZNucbwoZLnoVNHepbHJfbhvT2HOnXtBBERERGR8905PYd77m0Dmg0l3+dzP8987K0zh/Fpxs1kpV4RULDtCYYmr/iUiCf+RkZ+cYfy2d7gOSY6OuBXXJ1NMdHR5+0ryxISjFcwz0pN6JR02vuqrI7oHWbi3Yev8/uwqPlaCB3hefglIiIiIiKBOWd7uEcMjGwcxrpsa3mLRap6h5kah4m3d6h4obXWPfS1yu/CV4GKiYk2fCd3a13pVWBJSYMpLt5/zg0bPx1xcZf5XR0+KbYXL96XeFprBni8eF8iSTG9ApqD3V4jBkby4n2JAa9JMH1kHIUVtR3qTfek1RllIiIiIiLyfXBOBtzNh5IfqLbzzAeljUPFPYF2e7y39xDbSquDNiTWbDbTJyqKQ1VVfveNjIjoUr3GJpOJq64aRHRMX/bt+xy7vesOKfZcS5+oqID29/RMd0aAOX1kHOOu7sMz75ee1tBxD8/CbB3pPfe0rY7kI+36GJJiLTzy5r5Oe2AlIiIiInK+OmsBt9GQ77ShMY09dkfrGgIaLutN3s4K3tt7qPEdwv0uCqPfRb5XoE6K7fg7my+LuzSgedyX+XmVmDfmMLNhkB7aami00b6WXh27xsiICG668UfYbDYOHarCcfIkttr2r87uTev8dzSPvlh6WbBYLuzQO8/Tro9hxMBI3tvjemjj733URiuc94s08+J9icwdM4D39hwir6CiXUGrZ25584UEO+rF+xKZPiLO/TDK/3z55qNIkmJ7sXXmMLbtr2ZbaXVAx5+u3mEmw+8MfyvLi4iIiIicDSFOp9N5tjMh8n22bb8rkPcWfCfF9qK32eT6/yCssi8iIiIiIsGjgFtEREREREQkCM7pVcpFREREREREuioF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERERkSBQwC0iIiIiIiISBAq4RURERERERIJAAbeIiIiIiIhIECjgFhEREREREQkCBdwiIiIiIiIiQaCAW0RERERERCQIFHCLiIiIiIiIBIECbhEREREREZEgUMAtIiIiIiIiEgQKuEVERERERESCQAG3iIiIiIiISBAo4BYREREREREJAgXcIiIiIiIiIkGggFtEREREREQkCBRwi4iIiIiIiASBAm4RERERERGRIFDALSIiIiIiIhIECrhFREREREREgkABt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAhMZyqh+vp6Dh8+jN1ux+l0nqlkRURERERERBqFhIRgNpu55JJL6N69e3DTcp6B6PfkyZN89dVXREZG0rt3b7p1U8e6iIiIiIiInHmnTp3i8OHD1NbWctlll9GjR4+gpXVGAu6KigpMJhN9+vQJdlIiIiIiIiIiflVXV2O324mJiQlaGmekq9lut3PxxRefiaRERERERERE/Orduzd2uz2oaZyRgNvpdGoYuYiIiIiIiJwzunXrFvT1xRQFi4iIiIiIiASBAm4RERERERGRIFDALSIiIiIiIhIECrhFREREREREgkABt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERGRLuqTTz4521kQAwq4RUREREREuqDKykrGjBlDZWXl2c6K+KCAW0REREREpAt69tlnOXz4MM8+++zZzor4oIBbRERERESki6msrOSll14C4KWXXlIv9zlKAbeIiIiIiEgX8+yzz1JXVwdAXV2dernPUQq4RUREREREupDmvdse6uU+NyngFhERERER6UKa9257qJf73KSAW0REREREpIvw1rvtoV7uc48CbhERERERkS7CW++2h3q5zz0hTqfTGexESktLGTBgQLCTacXO7g1v8PZftrHrq+Nccnk8I356P5NHJ2IC7OVbefGtb0l7bALRpqajHDW7eXnZLn7y+BT6m5s+L96wgjVFMHHaFBIsrVKqKubv//gn39RbGJA4jBuHxOE6pYOygp0cPA6hoUBDAw09L+PGof3xJFm5eyubd5VS3+MibkhJITG61cnFL3vZVl7bHsrPJw3HjIOygo842BBKaPOdGhq4OOlGEiIwrhNHFds/+Aeff1PPRXFXcOOooUSZvCbbgqOmjI8KDxIaGupOroGe0VcxNCHK35GUFWxh+55ysPRlyM0jGu+B8q0r+PO31/LwhCH4ykJVcQEf7dzDESxcff0tAaTXXCVrV+zilim34znKX5r+rtNWuZvNm3dxBAuDhgxjeGJcO/LTJjU/dWkCRw0FW7ayp9zWrvqyl2/nlT+8w67qfjzxbDoJzdp60YYV7IsYzYThcQFds39tyxnAVlnEts3/4pv6HsRdPZxRzb4XOl6ONoq2b2P359/ARQMYkXIjcZYACqSZlu0pkOswyqtRfmzs3rqZXaVH6HHRAEakjCSu8evPd7sw3tbmati64kVK4+5myugYti5/hYbbfsno/mYf+wdWfm3LyEHx1rf4w1ub6DvmCWalJvgsXxyVbPjjH/nLjgrGPPE0qQnmxuvpcVEc19xwEwnRnvw5DLZ1Akcl+as+5MoJE0iw+Gn/jioKPtpHQ2iL1khDQyhX3diq3bU6r/ekt/Ny/nF+OXV0y/ssgGPdOxp+P/SnnJ2FB91f9I0baQiN5sahCT6/U8FfmzeuE6P24Pu3QrO0y7fyVnE0k0Yb3EMi8r1WWVnJgAEDfAbcAGFhYZSWlhIdHX0Gc9Z1BTtWbd8vsS6kYPmjzM4rIX7URB645SK++sfr5C7YwrbyxSyfMgTHkc/Iz3+XW6ZNoPlvNftXO1iz8V2GPzqF/p4PHcX8YWEuOwB74mieur3ZH9DitdwxbQkQS3ysldwcCB87hzcybsds38tvZ2dgbZ6x+AfJX94fC7B7xWPMzC2E+CRiSwrJzclm1sr3SY07b6slCMp4/qFMNoanca874P54RSZLCtvumbroHWYN/sp3nTjKyZ7wAPnHIDY+FmuJFRhLzvqMFgGZN7b9fyEzc02Lz+LTFrPcMChzsDV7Cpn5VsLj46GkhJwlC5mRk8+EBAtHPtvImrx6Jk8YQoSXo4vz5zEtewuExxNPCbk5S5i46C3ShwYSCNrZvuJpluR+xQ8m3E6Uuw34S9PoOu3Fa0lt1RZiJ2axKn14APnxxk9dDqn1Ul/DWJy/kCGGP9TtvDc/gzXfJjHxnoFENqtbW9Fq0hfmEjvx2saAu2N125SWt3KuKljBvbNzgVjiw62U5OYQn7aI5VOHnkY51rD6sbvJKYTY+HisJbnkZAdSHs21bk/G12GcV6P82Fg7J5UlOyA2KR5roWtbzvqFJJiN2oXZsM205aD07XzeHnsrU0b34bO8NdReN9lHwB1o+XkpI/tefpeZgy1pFNdGGH9/V330RxbmbWRUahqxkWYKlk9ndl4JxMYTbi3hGDBt8TtMGhJhuK0zbH/5SbLXlDDx6ltJGBph3P4d3/JSZiYlbc4SzqL8dY33hLfzemP/poA1eTC5VcAdyLHuDBl+P9y+52kyctvmlvgZrF9uHHAbtXmjOjFqD4a/FTxXZCvmhbmZ5NvSuGN0gtfvYBERo95tD08vd3Z29hnKlRhyngH79+8/E8k0aSh1ZiYnO5Of3tL8Q+efn0h2Jif/3nnI6XTW7s11JienOXfVtjzU2+eHtvzemZyc5nzi0WRn8l05zurGLXXuc2Y6v6hzfbIz91FncnKac2et09lw4M+uc9V5yWP1R867kpOdj+btcmfvC+ejycnOtNy9nVEC3xsf/T7NmZyc7ExOy3XW+tznLmdy8tPO0gbjOqneleNMTk52rvnCdaa6L9Y4k5OTnUt2VrfduZW9uWnO5EfXOBvakfeGA+udycnJzkfz3HXe8IXz6eRkZ/IT650NnnOm5TnrnE6ns6Gh1bmrnTl3JTuTn/iza7uz1pn3q2Rn8qNrnN5ut+ZK1z/tKrPkZGdy8q9a3OvGaRpdZ11j+zrg3rhzSZozOfmJxrbRGZrXpatdJjtz3fVTt9dVX0/8udTPWeqceWnJzrTcL1p+7PneSE52/ip3V+PHHalbp9OonGudeWnJzuS0Jc5D7k+2/D7NmZz8K+fO2o6XY12p6/qf/tsB1weHtjjvSk52/v6jQ8YHNuOtPfm+DuO8GuXH1Q6TnZnuumoo/XNj3Rm1izo/baZJg7OhwfX/eWnJzrtydjmdzlpnzl3Jzpy9roJsaGh5RKDl5/U7p2GvMy35LufOAO51TxtzJbrX+avkZGdazkfurQecv09Odt61ZKfxtk5QuzevsV5zd1W3yJuv9t+Cu73cteSjFh97O2+Lw9zl3vBFjjM5OafF97a/Y/1p/v3Qmutve7Izb6+vvxRNfLZ5wzoxag/GvxWcdXudmXclN7WzX/n+eyYi32+VlZXO8PBwZ2hoaOP/QkJCnIAzJCSkxefh4eHOysrKs53lLiHYser5OYfbcczVg1nzHY7GD02MTJvBqNTLW+wa2qqjwxzao9XJbLy/Mh/G/jsZj8+AY3n8rczuSYjKHcDYOxp7QAdfO8idGti+PQDcRF/s1FTVYG/KDFWf/ZNjJPHovUPA4cBh6k/mq0v5zahYAIrXzmP81OWUNztGWqrZvZyM/J7MmjMRbPVe97EXryYj/xgzch6nv8m4TqpLSiA8jVvdPWXmuHhim5/MUcnarKmkpKSQkpLCY0s3UONKhf1FVmKTfoDDbqOqxtYyD+XbyX5sfONxk+csp8wO9iPlQCxTUhNdO5oSGDsxHHZsxnWL9QTr62TNmUzKmDGMSUlh3oqt2JudOzy+n7t3xEL/q4CvbO573sHutdmMd6eZMnkOG4pduTVd+ANSJ6YxcVS8lxIzStPoOh3UH4HYB2/HM0Djkn6XAUc47gAcVWxYOqexDFLGP0b+7ir3oQbbDOry60/zgVTGuXvBzIm3MjEcPjtwxH1AGavnNdXX1HmrKaspYs74O8ixgjV3GuOzNjSW59bnHmJLUipjY+F44+3Usbo1LGf7fjZZYdjPftI4NHtk2s+BEj7ef9i4HIGyTSuY6imrlPFkrd6OHTCZXN9dP7rGPQLHEg7A0ePup+A+718XX+3J9/1iXOdG+an6cg8Qzz1jXOOITP1TeDAWdhR/Y9guPq/012bsbF+dRUrKGMaMSWHqvOfYZAVP52sPCxRufo0541MYM2YMKeMfY22Ba2EZv+Xno4xsRasZPyYdK8eYf0cKc1YXeb/37FC0eg7puVaw5pCSMofd3zUA8PPU690p9OHixi8do234aTe+279rczEL0nMYNW0a8UBTbfv/zvEoeHkmWxjLkuYjL3yeF6qK8nnMU+6T57Hq74UQTgDHOijasLTpWqZmUVDZ9g9j6++Hlsp5Lj2X2LRFTEp03w0d+j43qhOj9mD8WwF6ceXYiaQ9mMaoeOB4q+z7absi8v3Rt29fjh49Sn19PfX19Rw5cgSne3aw0+nkyJEjjduOHj1K3759z3KOBc7XIeXmwUwaG86CjQsZM/4vpN5zCzdcfQ1JQybw1BDXLq4/oVY+XL+Jwxe6/4yGhlL96SagZ9O5KneQUwIT//2HRPSvZhSw8p1dTJg1HLAw6a2V3FbXq3H3vTt2uY43gXXP50Ahk+5oGpo28clXSR/dn68/3wcc50+/mcyWHa4BzvGps3huluuHZEO9nWMlhRyx02xeozSyF5E5M49R89/ijsveI/uYt4C7ilem5cDY+Uxw/8oxqpP+ExayeYJr/t7W7R+z7bUlWBnFTwZHADZWT59ETskw5ixaSszRf5G5YCFTTlc2FU0AACAASURBVESwblY8lQfBumM2d+S5Txo+jKyX/5vh0RVkPZDBlviJLMr5CWGHP+a/M5bw2zdu5uVrAawcqnaAe57o8WMARzjmgDDCgGNsqbuTRTnJHN/5JzJzMrHimhZx8wPDyFsyk3lM40o+IycfJmaNwwKU5f+GmUt2MGrafP5teDg7c2eycNoULnxrHSNHTmLWSHAU92DNlo2tyswozUsNrtPChOWbmQDYK4v4++bNLMvZQWxqFkMsULT8lyxcAzOylnLdxXX85dnZZGe+w8h1U7H+0fe2piGVbety8JTVrLzL3Bi02ov/xppjMPaqS4EaVjz6ELkl8czIWso1YQf435kLeajkFyzOmAVZ2Xx2ZRr/kTIQgJqCpWRujGVx/jRKHs9nT2O6tg7V7aopicT5KmdTOLGAtfJY0+18pNr9XxcalqO9eAUPLchl2INPkjMqjvItf2BBThYjxqxjZNyNPBgPC+59jPIZt2DbsZJjJHHPsDg/9+9ww/bk8zowrnMsvvPzzeo9ED6Wgeamc90wNpbctws5eqvvdlF70rjNFK+dR0aO675/cHg4Hzw/kzzA86igR08oXJPHqGnzefX6nnzwv7NZMnsSPVauJ9Ww/PBZRuZLruc/Ztn4n+x3uXPWdJIGmn3ce/Cn/+9u0nZ9Rt6OK5nx5H1c2nsIyzdvBqB891Y2/e0tcq3w4IjLwRzlextQZNBuqo3af5SDTQumsSN+FuvvvZJHc3Ka1anxd46Hozyf2WuOkbZ4Ok0TrHyf11G5iXvTsyEpjUWPes5bCLFD/R5bvmEB6Qu3kDpjPrdfBRuez2T2JDuvvv9Us8C67fdDc0Ur5rOFYeT8wpNeR7/PDerLsD1YGGjwWwFzHJPS0wEo7rGDLa83z72ftisiIue88zPgxsTojHX0H7uBv2zczMbcJeS7twx7MIunpjT9kcrLXuDl+KaenKK/rgaSGDHQDPThttRwtuTnUfTIcBLNYImKc/WeOCrJf+HXZOdbGTvnVYaY7WywHiY8KY2szEkMMB3inednkrPgIQYmvE8/woAStvAgS18dRd3nf2H2wmzSL+jDqvThJE5ayOZJQSugLs7Bhqx0CofNYfPIKBxFrh++rW/m8g3/yxpiyZo+0v2JnQMGdXK7p1uitoyVy1ZScgygmoOH7MQ5NpNTAmOf/HdGDIrEwXgyHyxgdm4eRQ/9OyVWGPXgfB6//wYc5f9k/rQFZPx6Fe+sGs9dc+Zw//W3kRjhoMp8KfFASX0DlkHJDCOPhQ/8hoas+7iw7M8s2HgMuMR9LXXAKF7Nnur6YZnwFPO/TCHz7R3UTBnEsSOuntwt775LiXtW+rdffw2Y2fL6Dhj1JE9Ncl17wpMr4eVNhONoLCl7g7eyNUjz/psNrnNKY3Bc/uEbLHt9C8eAY0e/pga45ObZPDksgdFDorHVlGMJAyw9MPnZ5rsuwWSJdj+MclC86Y9MW5AHSdOYPjoae1k+uSWQtug5JgyNABJ5OqcHq3eGMnD4DVxryeZg4s2MHp4A9iKemL2G1Ky3GGIxU3Qc8CzDZP+2Q3XbXJtyNvXnttRwMvNmkn3RfG659FteynAFGM3H13grR0ufm5gzaxDDU4djsdfAgHhgB599XcNISy2HjwMU8vbbhzlmPQZ8RcUhG4MPGdy/j1zPgQDak/f7xXdeI+y+89OvR8+mbucWetB70E0+20WvBKM2Y+Ofb7e876e+sJKqlAcaH6DUHwfGttx+MOUBXt/wOak/D/eZ3yEWs8/vHFNUAqPvaOCV7L8z7I7bGVSeT4aPe693/+EkJ15C3meJjBs9tNncZRu73l5J7hbXnOPDh2uh8VGS922+243NsP1XbX+ZBVviWbw+FbOpyFXqjUO9jL5zPPO6baybnw3xM/h5s7nkRuf94q+rgWHkZE8lwX3eRbbJzH7X37E2Nr22BZJm8MCPf4jJAQ88Po389Bw+2FvDVHf63r4fGtVs579zSxg1Z6UrbcBR1tHv8ymNZeC7vny0B5+/FVpmt6G+Zfe2YV7dv0NE5PvpxHfHsB//rsVn9uO1mLo5Mffs5eMoORvOy4DbYavkiwpIHHo76UNvJz0D7DVlvPfq0yzJzeC1a/OZFAoQy+L1q1r8wbMXreCOdE8vTjnr3IuuzLx7TLMUCln3r0oSR7pW/qssWM3Ds3M4RjyzFr9F6hDXH97bM1Zxe+MxFiZlzOfdLTPZf8RGDHVAPIuenEKiBeifzqL9G5m9sZCa9OFaLMWAvfgtFm6BiXMi2L17N4d3lQBm/llQxHVDEnGtWVTDhte2wKg5XN9YmGbDOrFHmsBswRw3muXrRoOtiHmp6WT+6V/k/8Q17HTjgodo2SecRIMpkYXuXg8AEkaTmbWLezM2st82mfAe5fzu3jEtFmqLBzAnsPCtxSyd/yzZGbMhdhQPpg0jN+8gDiCU4xA7gD7NWukPf5IGG//O/q+uJCOvhGEzlrJwQiLgYPvyWWQseZaC5N9QYIVhP+vfdKApjknpUwIoXYM0HVMNr3MQdkxmCwkTnmLdBM/CYEtYtftWplwUyv/Nf5gFrqcYxDYbGmvu5Xubi7e69GwqIvs/08kvgVHTsshwL2JlO1YJxHPz4KYDLAmjmZoAYHMNV61vABxsykqnkHh+GvYtuws+ZZcVbAf/RUFRL4YkdrBu/Rg5axVP9nqO/1mSST6xpKalUpKXTz0ObDabz3JMH9SLhuI/cHdKRptzFr/zPPnWWJ5c+Qqj48xgLyb7/mksfPqv3DDD9XDG2/373eeBtCdvHNhsvut8bJHv/Dw77DjY6mk+MLjOBlCPw6hdXGCwzVFBUev7nj5cEQ/bPf+0QWrKdS22XxkLu/yU3/An6o3LyOF6GuGwg8Pw3oMG93hhh/sAmx0sFgupTy0nFTtbl/6SzAXPc/uwZ+mHj203vUA/X+3GfsB3+3cUMydjDYyaBqW7Kajc5VoEbfP73NBrJIbt3zaVoRagcgdLSmBi1i1NDwwcxTzn77wMI6bZeQcnj4W8euNje8RSZAWsS7g3dUmLu6/pkZzB9wNQ/Lc8rCTxm+Rmi50e6+D3ec39DDL5qpNs+jl8t4f0IRE+fysYMcyrppyJfC/UHT1C5b6P+eaz3dRYv+RoxQG+/PYznEC941SLfV+cPgp77+6EhIQQ3e9Koi75ARdf0o/LBlzD5fE/5MJeF52di/ieOz8D7gN/JT09l2lL1zPJ/fjXHNGfCbMe5+38dFr8zGv1B6v5P2sKNrARSMvKIfVSM3UOCDPVkjc3nfyVm3l05CQcBcuZNDuvsee88QeIvYzsR5/m4n/PYopn1WhHHZ7ZYBf1jQVKMJ2XNRBsFmIJZ+OyDNY0jcplwexqFue/QITF9WqVPCukPTG86Sb3Uyd/X5DKwrpZbH4h1Z3MFVyTBFtKD8KlVwIw69X1pLpXOLZX7ub9XQ6iKvKZ+rs9PP5KRmNvg6PmKHAx3b9cxbQFeaTNf5Wfj+yPGTsrJt/h+uHkqGTTPyq469lVpLuPK14xlVxu4nILfEtPsFqx0dQZuH/H34GbiPquFIARw9xzWTFxffJQyNsIF8SSFA7vFn8DnrX2HcVkTf9ffpT5rCuY8MkgTYPrDDuxm8kTZzM86x0yhrt+9UYNuYFYcoFvyXkgg43DZrB6/XiizSYqN8xh0jKASoNt7jS81SWAvYg5d6ezI34iOe+kk9D8x3ZoD6CEfeV2Et1DTG1Fq3l8RT0LFk5ofhKq7bGEh3/LgpnpTR9vyWW2FV5/4iJ+25G6NWRn94a/Enrbf7Ju6lOuj6o2kZ+XT5x5P5NT5/ooRyh649dk519M1sp8hsdZwF7A5DtmAyaO2w4DNzHMU7/mBG69M5b8d4/Q3eD+7dfT6rc9eWXbzeRUX3WOYX4uShoKec2COGr4eKOV8LHXEWHULsyVbPqrj20RMSTGQu6eg5DqCTZtVJaAZZj7nxbI/+dnzBo+vHF7hRWoN87vCaKNy6j5jWl477V86GXb+wqpMzeyeP0694NfMz8ckQxr/s6RPa+QnuF9W53DoN2YDdr/b6YRERtO+K7Xmbml6UJK1mTzvKUfjxu0/8vdHxS5e6vHXt8yWPR7Xg5S3ey85Tu3QfgwP8dmMSIWPrspi3WeueKOKrau/4iLL3W/fNPX9wMAleQvKYSxT7boCbZ08PvcWfwKqU/4qJOju5n8M9/tocbXbwU/jPJ6uaabiZyXnKdOUlHwT7Ytf5qaigM0nGqA1m9x7uV9GS5nCBASghOoOPAZFQc+a9wWEhKCvVcPLrm4Hz+dOJeEK35Et27dg3ch0ui8XDTNnPhjUoGc9F+yetNuKquqKC8rYOlj6ViBgRcF8lfKztY38yA8jXuHJxAdF0f//nFExyVy98+GQUkO28q/5NXZeRA7kSmjL6W8qIiioiKKioqxmWK4nBJyZ2ewYXc5VeW7Wf5fGRwjnhEDI4gbfgexWMnMWk1xZSVFm5Yze80x4u+5mQigOD+LyY8tx8vaMN975oRUVm1ex7p1m9m8eTPrl6YBaeRvfqHx9T0Ve3cCsQwb2CwKMxvXyeCUUVCYzdINu6mqqmT72udYUgjD7hqOJeoqJoZD9swstpdVUVNZxCu/nkn2wo+5MDKCb60bSZ+3gqLKKsoK8vn1wi0w7Cf84KR7LmyDA3tNJVtXzCPXCtQew0Edf12ykAfmraasqoay7SuYlltC0oyx7sGJYcBGfp21lrKqGoq3rmBmnpXw1Gu4/IqbSAKyn1vO7vIqKou3smB2LhDPReYIrhsby7H8DJZvLaamppz8F37HxpLD9O7l72eeQZoG13nFxYP4WTxszMhia3ElVZVFrPiN6/VrA3uf4iiAGRrsNsoK1vLrhTuAwxyosvneVuPwXZdA0RvPswOYNeMnmA4Vu9teEVV2sCSOZiywZLarvqrKtvNceg4lRyytRo9YmLBwFevWrWPz5s1s3pzPg+EQm7aUzcun0LfDdWt4B1P3yRIyH3qcTUWV1JQXkPXLBRCbxvBBg32X40VmGurddeSwU1W+m6W/nI0VqK+zcWnSUGANz63eSmVVFUWbljMzz0rs2OuIMLh/LwigPXllMajzi8yG+Rl45S3EYmX+c2spr6mhYO0y8o7BncMHgmG7MNpm4Yax8bAxk+wNu6mpqWTD0gzW0LQqR4+eQH4G2RuKGrfnA/ekXG6Y377tKKPA7z2wXHoN4Rzj2efXUlZVRdnuDfzXzDwIT+bKeN/bLjfXGbQbi+/2H3E1GavWNd3v65cSD6QtzXfP0fbd/l3fSTb+tbEEhqW0XJjMlGB43itG3wVsYUbzesspgUt6+Dl2ODeMjefYmgyWb3LV2fZV88nMzqbS4cqAr+8HV3a/oQCYOPa6lp938Pv82v4GddLXqD1U+f6t4O9vvEFeReT8Ur3/M7b//kne+ulwPvj1gxw+UELDyfq2wTYQcsrLCQBnSIjP8zu6Qf2pBg4e2s+SZVP5bWYyb761AKv1i866BPHhPO1fjeaxtxbD/ExyFsykafmVeGYszuL2OBO2ImixOFoLPeHE5/x5B4yac1ubH0n9R95NbPYO1q7f5frAuob0B5q/szOWRfmrmPDcUiozM1g48wH350nMWjrf/QNtOL9f9CAPz85h2hZXDuPHzuK5Ke5F046UYi3cw9f2qS3eEy5tOaDlardA7TdW14+gFmVnNq6T2/+TJ/dXs2DhTDy1mTTxSZ5095Y9/Moivv2P2WQ8tMW1MXwUWat/TkSUmZcXzeDJ2UtIn5Tr2jTsQV596nYizFXMGPV3liyYRh5A7ChSh8WSn5/JH2/N5/FF0/j17Bweutd9D6Q+ydMT3GNPe7gurOeeJTx075LG87782Egwwfyls/jP9GxmPuBe2Sd8GPNXZtDfBP3T/4cZ3/4HSzLd6RLOg1lLaPta21ZtwE+avq7TBEx6bjFfps8kc5pn8YFYHsxawu0/iGPQnFS2LFzCA1tc76EdNSoe65Z8Mt65lcW+tr11K+umDvFRlzb2Fbime2TPfKjFJUxc9A7pQ+N4fOV8amZkNtVX7FgWZ43H7HXNZQ8Tfa+kaTJ11MgO1+3UFpFYy3IePn0pqaXpLEh3l1X4WBYvdS0S57Mc48w4Uv+dpLxMMh66F4D4YcMIt+5gTVY+k9c9xqJpR5mdk4n7K4X4sTPISnctFOXz/m1VAt7ak/frsBjmlTjj/DwzP40HMj31Dklp8/nF0AggwrBdGG1LnPIcs6z/SfbCme51O2Jdl+Kuz/rjED92LAUL0xvX9Rg7YylTEiMA4/wGXkZG9567DD23RtRIXs56kF9nLOGhjUs8ibI46xdERZl8bzOZeNCo3QTc/t0T8z1jk43afzOxif38/HhoeV5TXCor51cyIzOHh9yFm5QUTuFh/8cmTnmOOYf/k4UL0huvZeKTrzI62pUD798PLvZDrtUtLGGtcxvVoe9zkxnfdYLJd3uIPMJa8PlbYWiLvLde38Agr96KT0S6FOfJk+x+6fdU7tnBt3s/abGt+0knp7p5D6BD2sbgrvP52gCcbNWZXVt7hK3bXmfrtte5fMC1/CBhKPfc/h/q9Q6CEKfTy2OTTlZaWsqAAQOCnYxXdlsNNrsDk9lChOXsrC7isNuwO0xYvKZvx2ZzgMmMxXyePv84BxnWid2OzeHAbLZ4HfJvt9lw4P1Yu82Gw0tdtkzPNffVbLG4f7S65u06MPu8R32d15Vd17HetjnsNux2MEVYAh7CGFCa/rZ5Kx+H3dUWLa682G0215x5k59tp8lus2HHdNrtv2N1G0DeHGCJaLu/7/vMlUbjd4bDhs1uxmIxtdhu8lF+RvdvRxmf0yg/nu8/C20PNWoXxm3GVScY1INRnozLrz0Cv/fcaZrMmNskarDNT7sJVvvvME9+O1C2njr1XGtn6cj3uXF9BaeNBfO8InJ2HNrxIduemkVtbdtXoQI4TCHUmb0H3HVhIThMIdQ7TjHv7ZLGz397XwInLd4D5uM9QzjpI4C3XxBCQ2gIERdezLT7F5I48EftvJquLdix6nkfcIuIiIiIiJwLbF+W8ulzT/HNR1s41R2+C/MxHxuwWbxvs1/QjYYetAm4f3N/AqcubBtwO0PAdqHved/fXRiCk6ZgPOmKEUweN5foqMvbcWVdV7Bj1fNyDreIiIiIiMi5wnnqJMWvLWfTz8bxzUdbCAG6nQTTSe99nyGA6aT3c7mWRfOSho8p3A6DUeL1PVoG24RA4RfbeHLJBDZ8uBKn08eEcQmYAm4REREREZEgOVKwg/Ujr2XP809zst61lownZL7ghO/juvkKxn3O4fb++UmT9w3OEGhovc197oaGE+T9dRFTfj+Cz7/SQo2nQwG3iIiIiIhIEFRv/4gdDz/AiTqb1+3dTjkxObxH0CYfbzLodspHD7ePOdqO7t4/rw8N8RmkO4HjYSF85/iOp96azt4DO73vKH4p4BYREREREelk5a/l8skvJhN6rI7uPoJkgB713rd1P+UkxNtrwXxEyae8DDU/2c17UO0MgfpQn1nCHtZ03AmHnaden8b6j1/3fYD4pIBbRERERESkE5X+z+/5YsE8nCddE7HD7E58TL2m+yno7mO+trd53N6CcIBTtI2sW78OzKMhNAR8vLe7PtS1CnqL85w6yR82ZvHGtmXeTyg+KeAWERERERHpDE4nn/3XHMqWvkBIswC42ykIO+G7l/uCeu+Lk3X3Mtw8xMc6Zt7ew+1t/rYTV1DtzclucOICH+PMgTe3vcTSv87H6evpgbShgFtERERERKQTfDLhp3y9xjX0unVQGupw0sPHfO3uJ733cptOAk5a9F2HuE7eVuse6xDvK5Q3+Jq7HeIaSu6lo7yRwxTC/yt+h1mvP+B7J2nBdLYzICIiIiIi0tUd+tMqbB9/Aj18R6zmE04c3UI45aXb84KGUxzv3nJDCNDd6eSkO5i+wNKbyLiBXHjyO06FXgA0vYe7/+VDcDrrMF3Yi0PW/dSeONY2kRDfvdv2C0I45WPhNYAGE9SZXdv3VO3hL0Xv8JPEu33uLy4hTqePSQCdKNgvExcRERERETlbjv5jC1/8/AGcDSepvyCEEwZB96luIXwX5r2X+XjPbpxsFnN3626iZ0ICEQMGkZiaRnTidY092TabjV69ejXuW1tbi8ViAcDpdPJlycf8c9sbHPymhIpv93PypIP6UDhxQdto32EKoS7Md57rQ0Owtxpqbupm4r9Tl3Bd3I98HtcVBDtWVcAtIiIiIiLSQfVff82eW3+M4+jRps96hBjOhfYWwII78DWHYArtwZBfzSJ+3L1cEB7h9RxGAXdr331Xw0fb1/LW5qWccDa02ObsBrYLQ/A1lvxEqO9rsZh7k/OzN+hj6et1e1cQ7FhVc7hFREREREQ6wHnyJPsfndki2AbXq77MdqfP6dA9GpyEepnP3euivgy+6+f8bP1uBk+a6jPYbq8LL4zgtlt/yZLfbWfMsJ8R0esSAEII4bi5Gz6D7QuMHxzY7Ed59oMncTp9rOQmCrhFREREREQ6ovTfHqL2o+1et4U2ODHbT/l8HZj5hBPPwuIhdCPhgamM+X+bGDr7d3Tr0SMo+Q019WDy+N/w7K/f4/YRUzhhDuGUj1eH2S8I4YSP+d7N/atyJ3M3zuzknJ4/FHCLiIiIiIi0k23bRxzevMlwH1OD+x3cXnRzQs86J6ZuJob+9mmunvlfdDeHBSOrbfQINfOzO2Yzddw8QkM8EXdTcF1n7kZ9aIjRguWcCgnheFg37OYQ/lHxIbsqCoKa565KAbeIiIiIiEg7Vb/wcoteal9MDic9jzuh2dJZIbg6vqNu+BFjN3xI3D33BzWvvqRcdw8vpb/P4H7X4+mKrzOH0OB+l5WvS6sPDeF4zxBONusdX1W0Kqh57aoUcIuIiIiIiLSDbeMmbOvfJ/SkkwuPn/I6H7u57iedXFjXFJw7gT5jfswP/7iKC6IuCX6GDURYLibz/pe44YoUjoeF0GDy3a99spsr0D5xQctV1kOAreX/YPvXHwU/w12MAm4REREREZFAOZ0c+l2W+78hxAlmu5OwulOEeNYO8xJ/dzsJPetOEeKEC6MvJWnxEkJMpjOWbSOm7qHMHv8cfXrFuD9pGXQ7Q1wrrx8PC+Gkl3d1ey73xYL/xemzX/z7SQG3iIiIiIhIgGzvb8ZeWNTmc9NJuPC4k9AGp69Fv+l2Ei4ZdC3D/voBIaHBWRito0zdQ8n5+dtc2fdqmj8xONkdjod1c71b3M8aal8c+Zz/Uy93Cwq4RUREREREAnT4+Rd9bgvBifmEk551Trp5eVPWBf3iuPJPK+gW1jOIOew4c2gY/526hL69YnCGuF4LdjysG6faETWuLMwNWv66IgXcIiIiIiIiAagr2MXxbf57cLufdNKz7hQXNDRbKC0EBjy/CFNE57xbO1jCzb359a3zOB7mWqm8vT6uLGBfVdsRAN9XCrhFREREREQC0C3MTPhPxxFi8vHy6mZCnNDjhJML607R/ST0HnIdvW666Qzk8vT98LIfcU1UUruPM3UzMfoHt9Gj+wVByFXXFOJ0OoM+q720tJQBAwYEOxkREREREZGgc1grqc5dRU3uKhwV3/jd3xTTlwE7NtG9E3u3bTYbvXr1avx3bW0tFoul085/zH6USevu5XDdYa/bPa82A4jq2YefXnEPP73ibqJ69um0PJwJwY5V1cMtIiIiIiLSDqbYaPr816+J37uDS1/L4cJbbjZcUKxP5pxODbbPhHBzbx7+4SMGe4RwfcwNPJ28kP838V1+de20Lhdsnwnnxjr0IiIiIiIiXUxIqInwn44j/KfjOPF5MTWvvEbNqjc4dczWuE9o3KX0vn/CWcxlx90RP44/7M7h2++aevEtoRZ+En8n91w5kR/07n8Wc9c1nKcBt4Pd+X/kbwfqaT574MSJY1x87c8YHbqFP302gMenjuTQ1hW8dfBqHps09HwtjPNWVXEBH+3cwxEsXH39LQxNiPKxp52tK16kNO5upoz29qVQRf7SlVz4k0cY3d+MvXw7r/zhHXZV9+OJZx/GtHcnB49DaCjQ0EBDz8u4cWh/TDW7WfrqLu56ZApxZl+5rKFg09/Ys99Gj7hBjLltOFEB3Gg1ZbspPHiM0NBQABoaGoi+6kb6m8rZWXjQnRmPBhpCo7lxaALUlPFR4cEWx/WMvsqgbE6PwzA9B2UFPsrOz3l9XX9ClKlV/aST4C57R/lW3iqOZtLoBPdJAqkfl6L81Ry+9m5GNtuxbTo2irZvY/fn38BFAxiRciNxFlNA6dgqi9i2+V98U9+DuKuHM6pFGfg4byv2sq28tj2Un08ajhk7W5e/QsNtv2R0f+OLa1MujioKPtpHQ4t7CBoaQrnqxqFEmdz1uvVjSo/U03fAEJJHJuKnCEVERL73LhiUQN9n59Pnd3M59sbbVP9hJfZP93JR+lRCQrtmpBHaLZRJiZP5n39lc8VFg7jnyon8eMAdhJnCznbWuoyuWfN+2dn1eh751liGDbus8dO6uiOcSHBQW/k2G/PGMn3qSI58tpH8vHoemjSUrjXI4/utOH8e07K3QHg88ZSQm7OEiYveIn2ot8DSQenb+bw99lamjPay2fYVf1iTz9gRDzEaeG9+Bmu+TWLiPQOJZC//MTsDa/P94x8kf3l/+GoHa/LfZfi0KcR5zWU5S8c/wJpjEJ8UT0leLjnLJvLWunSMw18H21+aycIdzT8LZ9arb9Cw5WkyckvaHhI/g/XLE7Dv/wuZmWtabkpbzPIgBdw2o/Tse/mtj7Iznl3k+/oTohwt68cTbNuKeWFuJvm2NO4YnUAEYPNbPy5Vu9eSnp3DxMV3NAu47a3SqWH1Y3eTUwix8fFYS3LJyR7G4vyFDPSTTlXBCu6dnQvEEh9upSQ3h/i0RSyfOhTwfd4hLQqpjOcfrt6XQAAAIABJREFUymRjeBr3ThqOGQef5a2h9rrJhgG3t3LB8S0vZWbS9i4KZ1H+OizVm/jlAwuwAvHx4ZTk5rBw1BzWP3W7gm4REZEAdOvZk4hf/BsRv/g36v5vJxdcNehsZ+m0pCaM5+o+V5N0yZCznZUu6TwNuF1iH/wNC6cketmyjvd/4bp4aw8gvMf5XRDnnRr+/octMGwW6xemYsbG6qmp5Kz4B78cOqFZUODA4TBhMpnpYQF6tDqNwwEmE5jDuKTZ5vrjEHvPo6RPScBRno+VWBavX8WQVtGGLbQHcAlh5uZpNW2v3PAH1hyDWa+uJ7W/mZqCpdw9ew07yx/m9jijO87G/h2QmvUOs4a3egzUfzmbpzTbs2gFqem5THv8x5iB0j3/hKQZvP/ChDNyT1sN0nMcOuCz7IwZXD/2FvWDvYh596ez5Zh7c3yztuynfuzFa7l/2hI8h7a+PZqnYy9bS04hjH1yJRmj46BqK+PvzeRve6oYGG6Ujo33s3MhdiJvrXI9aNmaPZnMvJcomLScwYf+5vO8Q4Y3PSTZnv1bNgJYml1fOPRyJYrD4cDU4uIMysWcyPLNm5v2dZQxb8xD7JqYwVAL7F79ClaSWPTOCwyNgLIN83ho4Wvstd3O0M5bh0VEROR7IexH15/tLJw2Sw+Lgu3T8L1cNK147TymPLcBe5stDoo2LGV8SgopKSmkTM2ioNLRZi978VomT57H6hVZrv1SUpialU+NZ3v5drIfG9+4bfKc5ZTZAWysnfMY2atX8Jh72/g5y9m+Pb/p31Oz2F3lTtNRydqsqY3neWzphsY0itfOY/zU5ZS3zd73Rnh8P3dwbaH/VcBXNlzFYWf76ixSUsYwZkwKU+c9xyYrTb2qtmKWz5lMypgxpKSMJ/vlda7evvrPmTP+DnKsYM2dxvisDRz+9gBwE32xU1NVg71NeZfwxgvzGO9Oa/Kc5RTbXHn41+YtMOpJUvubcdgdRAx9mJVLFzPIvZhkTfEG5kx232sp48leu9uVf/tX/BO4/GKw19Rga5uoWznPpecSm7aISYkWwM7+IiuxST/AYbdRVWNrtb+D3Wuzm+7vyXPYUFzTuM3nvW8vY/W8pvtw6rzV7vvZOD2bn7Jr9/Xbi9rUj51eXDl2ImkPpjEqHjgeaP0A5ksYmzqRtLSJxDY/xEs6DpMrHP/RNe4+bEs4AEeP1xmnY9/PJisM+9lPGkc1jEz7OVDCx/trMPk9L9TsXk5Gfk9mzZkItvrGz3tYoHDza8wZn8KYMWNIGf8Yawsq3Vv9lUuTgpdnsoWxLEkf3uzTH3C5+1lHTL8BQOt7SUREREQCcV537FqLPmTr1sM0NDQAUE9Prh81nAZbCdbtl7UJuMs3LCB94RZS/3/27j0+ivJe/PhnZmc3m7AJIdyDQS6JYpSiommqgoKKWptDKfBToAWKDdUGESk9ac4pWOGcpqmcSDWpbag0UAl6BJXGVhooKFilIAoiEZpAhMASIAlLsiST3dmZ3x+7uUESLjZHLt/3y5DsXJ/nmcmY7zy3WQt58AZY9/wC5k3SWbb+WQa2KCnD78Xt3kxe/lDmL8ml69FNzMvKZuWYEaQNryVzagab4yewOO+bhFd9zH9n5PCz1+5k5bT+eKt3U5i3m8nzl/CYfScLFuSTsQ0mpy/myZ5ufjUvmwWvfZO1aYNZ9cQk8kqTSF+cS99T21mwKItpDdGsnZuM36dTU7qbah3irrpap2junJpEQc4cnmEmQ9hLXiFMyHwYF8GXERl52xg5cyHTk6PY8PwcCoB4ACpZ+sOZFLjjmZWZy9fs+/nVvGwAHI4B/CBjLmRms3fIZJ4aNRj3Z38BdjPpoeZm0xPmLyOtRV/wzYWlrY41c4qP19dOo/owEPFXZo9dxO4agCgmz19CaqIGlVuYNjOLmqTJLP75Pfg/LSQjZw5fOJbxq5sO4QZyZo4jJ3SO2DGzyM0Y36rbQ/HyhWwmibzvDw8t8VJxGNzb5vFQQWhRVBKZv/tvkvtolBX+J3NyguXy3eQoPsqfQ9bMaXR5fS0DPmrv3n+azU/OIL80VF7hh3hxThYzSqFw5f0dns/92b72y+6i8v/wWdcHZxyT0tIAKHFsY/OrZ98tbV+fNHrEjSBt7gjAwPH26uaQ0jnorPNocd2YHg+LJs6mfNbdeLetoIahfCcpDg51cJ413yQWcFfUNKVHrz7Z9LMW9432jwugF7NgTgEjF77OQ9f8meyaFgF3BOxeXcDImQtZdlsEG16cR868SThWvENK3LnLBcAoL2Te6homL3miqTn8jSmPEVWwiMfSw5ia5GJdTj6MTOfGq+45I4QQQgjx5V2xAbcjAthWwIJW/UCHsqQwmeBQQWc2I/ey8Y+bYegspj5wC5oBU5+eSWFaHhv2eEgddmbT1ijmr3qB0X2AYYOY/sfVvPHxQdKGX8u/pafzyG33kRhtUOnsRzxQ6gsG/dTB0FnLSB09ELieR2PzefWOxaQ+OBwYzqwJv2cBYJRtIq8Uxsx/nLuu74bBWBZM38G8/AKKf5RM4qQsNk3qhIK7LOjUVFcDsPnttykN9RI+fuQI4OSDN7bByPk8O2kEAKkvrKBy1FQ+A6j8lAI3TF78HOOHRwOJvLTMx/0zcvARRkLy/dzsyuZw4p2MTo5j3aYqooZOJnPBJAZpJ3jz+TnkLZrB4IT13BVKzfQlv2P8MBeQyIu5Xh5Ky+O9skeD92DpNvrOyuTppO58/MrPyVk0g5iB73DD5hXUkETef6eSoAEJs1lMJO7YcIx6LxDPrMULePjGbuxbn8ec7Bwyb7qVrJRQoO/Zyn/nlzIyfUVwfwD9OKVuGDl9IU8/cjtG+QcsnLmIjB+v5M2V49n8autySZi/An63kSg87d7769bfwP+Wti6vX+Q5WPWR/Rzne4RD7vbLrv/Gi81/y+uT0Oqu8PvarsZt+/o8xviBzf21fa32cJ5xHySAXkZVHcBu3nijihp3DXCQoye8DO7oPOWPcV9KFAsK5pAds5C7+x3ntxl5QKgJu17b7nGHuZysy0xjd1I6m0b0wCgOprLxcvvqgDGt7/PDo6by6rp9pKQ2N/tqr1zAy9qF2RA/i++1eL55q08Gm9lvK+KNwwR/u9zlnNA55+BzQgghhBCitSs24PbVQezkXFamnt2Hu7itHfSjFLsBdw4TU3JarWq7h7eL7k01PkZoSfDfKEc5P594f6vBouIb0+WF6+N7Nu3nA1yO5uPbHS7wgV4TbBpatGhGsO9mk6H4r+Jm5ABUbiejoJSkWblkjU8EDLYunUtGzq/Yce/PKXZD0qMtRyPvyXXxsBXwHtkPxHPnjc0BhhZ3Q9P1abwm+PyAkwczVvJg0zoXkzIW8vbmOeyv9nKXHSCe269vrvpzJiaTRB4VNTquUECUMT7YVHdgxi/5tGgqb2zYx89dQGwizV25NYaPTyVYVz2JTS3epgxL+REz/1RI3vv7IBRwl/ytADdD+c97WgzT5Uwkq2Xf3ITRLMjcycSMIvZX3c6OM8tFi2NS2jTQSyho5963na46q7xcCaNJDcW67Z7PO63DshvsuNj892xxfc5H+9eHDocAM1qdp+TN5yl0xzJ/xcuMjnOCXkL2IzPJ+sVfuf3pjs8zfu5K5kc+x69zFlBILCmTUygtKMR3juMm/7uPrM0wIT2aXbt2UbWzFHDywY5ibh3WH7yQMurWFmnuyZBY2HmeJUPFNnJKYULm3S1KwsvajByIn86qpdPoA3h2rWLcnDxe3zmOucmdM/ieEEIIIcSV6grvw32+f5QDzr4kxkLUhEw2bdoU/Fr/OgvnzuX2fuf/XkIvWcnMRQXcs3AZ72zaxKZN7zA99swulO1HzI0pdvUbAgQH3GpMzzurljA3fRrXXuVNO73HDwBwV1LjyxSN2+4JNavWgtdx22eHW+5BRWnwhYiz92CglO0HWvRJrTzUxojNgF5Gdmoqy3dUNi8z6s/ozVrK5+XNnROM8s/YBsTYtdAgXK2nXgLoHhNFnbcO3O6mPvlgsCU3nczCEkoKM0nNXNfiLjGCtZnRjcN6VVCYsxvGfJvEFjGjt6SQ1CmZFLfoK2F4TgHdCe8Sy9Ao2FtyrMXKEjJTZ7PxREy79/6tsc6z8ugtXkVq+nL2d3Q+o+Oy+3L5vxDtX58LUeetAu4gqbGK15nAvd+KhePVoa4p7Z0nwK51f8V+309Yu2kTmzatZO64mwGIi3F1eNwGXMQSRdFLGcyZM4dF+duAzSya91sO6oALCj/Y2yKVXo664Yzq+nYV/3UVkMSY284OomPvuoM+oZ+jh93GUODzsuPnd2AhhBBCCNHkCg+4L4SL28fEU7M6g6Ubi/F4Kti6ciELsrOpMNr+47ytsNmoC/216zfQPRVsWf4M+W6gtqaDMLsNPW5gQhRkz8lka1klnopiXv7xHLKzPgagpDCTKbOX0saYblc813V3MBTIfm4pu8orqSjZwqJ5+UA8Mc7gdaRoAdnrduHxVLAuN4PVQASg9fkaE6IgP20RG0sqqCzfQeYPs9o+kbMv11JK/rwM1u0qp7J8F0v/I4Ma4rlrcHONb87MZ9hSVkll+Q6em5UNjCT5ut7c9b2RwXQU7qCisozC7J+yGfhmUhzX3/MtoIj52euo8Hgo2fgHFqzeht7FiYaH0qIsnluzlYrKcrYsf458N6TcFXrB4D3GDmDCmFtbJdfVLZrj7iLSnllOcUUlZTsK+XHWZkj6Jtc5o7l1TCw1hRks3VKCx1NO4Qs/p6i0iq6R3du992sG3csYIGde8D6sLNvKc2l5lFa76NfR+aI7Lrsvlf8L1Pb1ubC3Vv2GDgdW89yqLVRUVlK8cSlzCtzEjrmVrh2epzv1n+SwYMbTbCyuwFO+g8zHFkHsZJLjtA6P2zshhZWb1rJ2beiFW+5kYDKFm15gmCvUbaYwg+x1xU33eSHwnVHXnkeOvGwvKoWkUa3GpwAnvYeAO/9XFO4oo7KyjMLsX7Eb+LfkQRdUZkIIIYQQ4gpuUt4RuyOizZ8Tpz1HetVPyFqURnAMqCgmzF/G6D6ti0mzO4CIVlMMNXING8eske+Ss2hm8BixI0lJiqWwcAF/uPdVHHRcAdVcH9qDH768mONPzSNjxubgoqiRZK76HtGAu/oA7t2fcURPpc/VVuOtJbAwdy4/SctmztTQaF1RSSxckREMHqY9x1z3T8jOmkMhALFEQajTbKhcH5vHopnBZstRsVFQU3PWtFDgZPxzuVQsyCBrztTQsqHMzV3IMFfzuM1JSdUsmDGxaf38ZT8JpuPBDObvP8mi7HmhdATvp+CUYJPISz/KzKwsJhWG9pwwn5+MjsPFfBZWP8eCnAyKQi28x8xczOwRwTpH/USw17or/IwbsMcIfrd4FvPn5ZA2KT9ULNNZ9uyDaMDwtF8z6/hT5CyY2XR/T8/MYXh0sMzavvcHcMeKhXhmLWi+D2PHsCRzLM4eWofn66jsSLjY/Hc0WnYEbU3w3e71aeFcv5c9kmezeOYp5uUtYHOwCzbxY2aRmTYcij/r8DwDn8gl5UAai9JCzeSjxrAkNzU4AF5Hxz2DAQRv5CBfHcSPGcOOrLTQ/QVjZuUyLfHM8SbaLheA2MT+Z/xPQOPBZ5dR/swcsufNCC2LYkJ6HikdzPcthBBCCCHapliWZXX2SQ4cOMCgQZdP7Yihe9EN0FyuDnt5nvsYGi6XEzDwenWcLtdFveHQvV4MGo8lWtJ1LwZOXM6zS7bxOrZX7hdSrq2vZ3vr2z6XoXvxhtadtbeh4/Xq4HSdnQdDx6sbaE4XbWSvQ7rXi6F1UC46aNFnp6eje1/3etHRiG6jDM55vvbKrpPy33Ya2r8XLuBIeL16u2nq6Dy6N7jOFd1WGjo+7pdJ00UzdIKXxnl1vpkVQgghLnENDQ1ERkbi9/ux2+3U1tYSFhb2VSfrstPZsaoE3EIIIYQQQghxGUpPT+eFF15g9uzZZGW1001SdEgCbiGEEEIIIYQQohN0dqwqg6YJIYQQQgghhBCdQAJuIYQQQgghhBCiE0jALYQQQgghhBBCdAIJuIUQQgghhBBCiE4gs70IIYQQQgghxNXOAp/VwCfln+D1eenf7VoSeiSABShN38QFkoBbCCGEEEIIIa5ilgWKAq/uXs3zO3+PpvnoTle+c8Oj/OCW76KiIiH3xZGAWwghhBBCCCGuUhbBYPtQzWFWlbyFq4sdu9IFLw3k7cujwfQx65YfoCihqFxcEOnDLYQQQgghhBBXqcYQ+sjJcqp8HuyKHQUTBw4iHBG8vvd/2V7+ESiNtdziQkjALYQQQgghhLj6WI3fLCwLLOv8gkkrtE/ovyvGsZoK/GpDq2Uadk6rXrYd+zi0RGq4L5Q0KRdCCCGEEEJcfZSWQbbVKpb0n66jvvwwvrrTWATApuHs2g1X/zgUVcVCIfQflmWhKMpl38PZY5wioARQLLBCGbGwMG12FFP/ahN3GZOAWwghhBBCCHHVsRrrp0P9kusqq6jZ9He8f9tI3a49OI4fQ60/jU8xMG0O1MhuNAyMo8vXb6ff/XcTPvxmNHs4KAqWBSiXW8htETADVNVWUlt3EvfpQzhUB1bjiwQsTMVCxUJTA5Qd/ZyIiGiiI2MIU8NkDLXzJAG3EEIIIYQQ4uoRChQVFCwF6o8e4VBOHsr6d9H2H8BhC6A6w3HgQHGAEzsBRcNeU4W54zj1/3ifY79fjjn0JlwzHiV23Lhg/2YrFMSHjt3iVJcYi4Dp44SnAnetG9304tDAZ9aiWmqwelsJvo4wDJNEx7UMih3ICb0Cn36E8FNh9IuKo3fXa5vyKdonAbcQQgghhBDiqmDR3PwboOqvGzjxX1mwdwdORyQ2VzgBRUFDxbQUTMWBzQTNUjA1B6amEE44mCbmR9vw/ONDajdsIW5+OhF9+wbn17KC9cMoFxCOGiep3bCOU0Vb8JUdD6bP5cL+tTuIfPBBoof2/xeFthYNvlN8UVnGiYZKUC3sig1TsVNj+EEBmwWmAgoW4WiMGTCaaCsGJaDi0EwChs7BylJO1p9iUI8EwuwRF50az4mdrC8tYmvFAaoCpwGICEvg9v53c9/1dxLnvPzDVcU639EBvoQDBw4waNCgzj6NEEIIIYQQQrSpsbY5gIVqwcEXfof+7Hw0y4IwFwHNAsVEBWyWiomJErCjOeyAH9MXwGYqBGwaFiaKZeII+NENC2/CEPq/+Au6JSU39wtXQGlsn92BwN5Cvrj9cYyONrrvp/Rf9SThzi9XBqcaqjhQ8U98/joCDosAGi4rjGqzipd2vsJRqogIhBFQTfymn5tcg5l+06OofgVTMVGwUCwFEwu/ZeJSw7m+9zDCw11NfdnPj5d3Nj7Bs4eKO9xq8tdfZ/YNnRtHdnasevm/MhBCCCGEEEKIc7GCzaRVReHQ//wPdf+1iMhbhhF+19cwwyKw7BqqqqCoGqYFpmrhUFWq9+6n/sBhnBERKJaFEproyVQ0fFYA68gxokv2UjErHeu3S+h26y2YloUt1GS9oxDUOljI/tsfP/do5xt+yaHkBgbsnEfYRWbf6z/NFxWl1Jt1aJqdLn4LLUzjiL+SP+19mwrzOJrNjmXZMRSdesvkxq6DcaDgUwNN5YdioQJhioJu1VJ6vJgbrhmOZrOdZ0oMNhR9m2fdJ8+5ZcE/JoJjHbMH97zIXH/1JOAWQgghhBBCXNGaAlpF4ejrb+HN/BXK0CF0f2o6Wq8oDMtAseyhgdQUAgrYbBYBdxV1Bw8R/6PvYo+KwGdTUE0FxQoG06qiYBw5zrHnC7CX7aX88Z+grf49kf0HnEeNr5cTP2sdbIctfoXYySNwRGoE3Ls5lj6D2rfcwZX7n+fomnEMGD/4wvNvWRw4XkJtwIOmaqBZnLLp7Kvez3tlH3BQr8AWpmEz7QRsBja/QR97DD279sMImPgsMzSQWrDFvGaBAxuq6qQmcIp97t0kXjPsvGq49YpX+VnLYFt7gKz7nubOPj3RAl72/PMVfvyPpXhCqwu2PM+3BvyCQecbz19iJOAWQgghhBBCXLEsrNBUVwo1n+zhxE9/SlRXJ91nTCLQIwbqfCiYmPixFAubqaChoDjg1IkTxH3tBrTukeh+H7aAAqEm1Yqp0GADbWAsYXfcSv3hw7j27+RY7m+IzMoi2AvaandgMcu9iZNvNX8Oe3EdA6YPbfpsix1K7B//QsW4mzm1IbisYdGb+MbPw3GeOW+sXz/qOUSNXoXDFoamWeyvLeNPB7ZQdvowlmYG+2EbgGriU3wM0Hrw9cFf493DH/Bn/TSqGjqiYmKioPhN+rpi+Fb8N7FpEVQZFVScjKJvzLmaZhu8/0l+i88jefmRX3CjvTHTLm684XFeDYcH310aWvhX1ux/mp9cd3nWcqtfdQKEEEIIIYQQorMERyMP1s9W/e9rOKvcRNyVjCPhGtSGOkwlQEAJBkaqBQEV/DYL1VLQHHaMqlMoqh2bPRxFC0OxO1DtDmx2O5rdAQED/wk3YShoXbpSv3INx9ZvajVaeVv0D99p8WkSvVsE28160ivzF80f97+G191hb++zGKbBiZojqKqdMEXj0xN7WfbZm5TWlePQNMJwAAaWGsDCxG6Y9IqO5ZPyUnZ4iin1udmvH2F/wxHK6o5yoP4o+8xjbDq+kw+P/IMw1URTFI7UnsBv+DpOTGA/7x5rrt2+85Ynm4PtFqIHTOfHXZs//+2LnR33cb+ESQ23EEIIIYQQ4oplWcERw0/s2kbdquWEh7lQb4zHUABLRW0aSs3EsIFqWmiGghWuEt67O0dWv0vDUQ/OAX0IWGZTv2zFslBUBW/xF9Ru/ogIAtgIJ0YPcOI3S+l97z1YqtpuyN1QXNr0szL7YcLb2U6NvwsnoAPgRq/QIdZ1fnnH4kh1OfV+H2H2MA6e/oLX/vkOVc4GXAE7AUBrakgfbNxuC5iYqsKpgI6qQpiiYoaOpqompqKgqSo+BTyBWhQM7FicDtRxxONmQI8B7SeoroJ9TR+68VC7g5U5GT7oAfjkrwB4qsvRgfPL9aVFariFEEIIIYQQV7Bg7fbxVwvpUuvHcrogJgbFVFGxsIINxFGsYP9s1VJQHHb0ksNUv/sRXe+9HVtsV+oDDZgBP/j9WIaPQMCPzzAIH3wN18x7jKgZE/H17kHAoWD/+CNqP9/bQf32SfR39zR9Ckvu337ytX6Ef7v5o/5p2XnnO2AG8JyuDI68rhlsqfyEKupwBVQULGyNwbYVTGkAC48NTtVUc9/AW0iI6Eu0PZLujii6O6LpZo+hlxZNXzOSpOgE7htwJwouGmx27KpFdX0FHU2C5fV8TnnTp5EM6mBGsdjeiS0yvZuD/vPM9iVGariFEEIIIYQQVy4F6r1ezC1bUR1O/JFh2Lu7IBBotVlABSVU320YDRz7eDf9RtyKek1vFNNsNbiZGpqr2hZQ8NlVbKYCmopjwDUcy85DO1ZJ3a6dRN2YSNvsKFHNn8IG9O4gA04i7rqfk2+tB8CqOf/I87S/lgarHkVT8AbqOFx7lDA1OM65gRVqTK6Gmr4bBDC5pesA+kX0wjTh5l43ovv8KEqwHC1ULEsByyLCEU7picNE2+qI7dEXBwp6oI5a3ymiwqLbTI+mtqijdl1Drw4GQnN2v4lbgY8BqKQ+ALTR/PxSJwG3EEIIIYQQ4oqlAOahClxH3QRUBVtUJI5wJ6bVOKhYMJRWrGCz6oANLF1H01RsvWLwG6AaoFoWVqh9sGkF9wughJpgW6iqHWffnmjhLhpsx6n/+zasyZPbruU2jqFvaP5o+jun+tbvb8Cw/ITZ7FTXezh5+iSaTcPCjw0IvnKwMBUF1TTpY+vC9T0HsL2smOPlO8HuJ6CqTWXUOFa5iooPEzNgEOm3c3fcndw34C5Uw6TB8NPe3GXuyhbzbl9gp+zLNXC9XNN9Dga7Cv/A3w75gte6oYGGsEgSk+/jnuEDOZ/54g1DRzc0XM4vV0RnHqd8y3Je2TuIp1NHnFc6OoOu62hOJxqgl2/hN68cYNzT0xj4VSXoIlUe+YBNh/bi1VwMHTCG23q2/SatkbfiFSZsqOIP332Kvu1ss+ezZRSH38/EwXFNy8rL32Pz4f0QEcfN147gxujLrKCEEEIIIa5yAc9JzPpaUMNQIhwoqg3FsoDWzZ8VywITbOGRuHr14tCm9+n7tWGozjCUxhHHLSs4IFqolttSwFItGr7wUP3OZqyqk9idkdR/cQTT78dmb6Natv7U/8kgYIZhNA1WXlt/Ct2qR1G6tHoJEBxLPUDAtIjp0oP9x46wL3CMbmFObGYYiqUQUIKzj9uwABOwCMeGptqojfDxvnsHSb2HEeOIxOdvf+C0+rrqzs3wJegKDbh1dr5aQKE7lqSkawCoPlxI4eoCsmJTyHt5LgnniJn2/OER5hR8izc3pdJxGHdhx6nd+wZFBWN44isLuL388ZEU3n00l5WTEkE/TGFRPnc/OY2BX0l6Lk75579i4j9eAy2RIUYxv9uTxffvWccPB7Q3XYDB1u3P44l9sd1g23vkFR77KJe4gbc2Bdwfffg4s/ZtB2ci0XoxL34Ck0e8zezB7R1FCCGEEEJccmprg03IVTMYANtswUi5JSUUfFsaPstGdPIt1L31DvtfWI79mh7B0c5Dm1lN21pYCpiYKAcqCN9/GHtEODY0PCdraDhVS0SPmLPTY6eD/t3/OgEzgBWaEq3O8BFQTDTO7GMd7Lfu1zSOBxpI7jmQyvrjHPbXYrNsqJhYSrCne+sXFAqnFQ2n4uAbvW8iOiwSI2AF+7m3IyZ6ELC9E3J66bpCA+6g2On/Sda05n4TFVuWMmlBAfN+cwdr5yZ3uG+EoxdEOb50UHzmcRJT17L++19lwWu4XOD1Bj85Eyaxaf3Ey+xOOMGbO16Drk+zbtx3ieYoL7zyLf6w9a9MGfAd1NkHAAAgAElEQVTdtkcv1D9hcRVk3JnU9iEDB/jl+ucB6NI4saF/D8v2bSc69pe8PeZ+NMp57tVvU7B9LTMGP35ZjpIohBBCCHE1MhvqwFRRMMEMVk0rof7DTSGkpWACimISEbA4/M5mwvr1ZtB93wg2S28RbFqhf23Bym4CmorNb1Ff8gXVBWsJr6jFZlqhIcna4D+zbr2zmKBYwVpsSyU4ZrbZoiF98HtAUbFjUOU7zp7jTu4d8jDOBp1TRh2mEmxOD62nOTOxcCgacZED6R7Rk4DpC76ACI1p3pZjVbs7K6OXrCt7lHJf67crfUZ8n/SRUFP4JiU6YFSwJjOVUaNGMWrUKGbnrsMDFK9KZ2Z+KdTk89CodHZ5AQyK1+UyNrTtqNRMdlQ0NgQx2LUmu3ndlHTWlXjaPE7JmmeY9ty64LD+ejlrMmc3nX9Kei7FnuAx9ZI1TJnyDKuWZzatT80sxNNGNkvWPEP68o2sWzqbUaPGssMLZRuXk9qYnlFjyVy1FV0vJn3sQ+S5oaYgjbHpa6gqWcPY8YsoDgXg3rKNPDNlVNM5n1m+BW+L84xNXUr5Vz0Jnv8IWwwY/7VvhVof9GXczQ+A/n67oxce2PcyHi2Ne2PafrPw3t8msqHrIzzshNOh8TOM2oN8DDyRNCr0PiKO+/sChuOynQdQCCGEEOJqYwFqFxeGTcFmWdhO+7GMQKgpdUvB+boV1SJwyoPaRaPnnbfgcHXF5opEi+yK5gp+2V3R2F3d0Fwx2FzdsEd0RekaTdg9t9Pl1pvB50O1q6j2dkYFixxIeDv1QP9KNtWGooSCa1UhQGO43cwMdl7HwsKmWFwbEY73VAU7vAf5Z3UZpdUH2Osp458ny9jrOcDnngPs9Rxg38n9HKg5SoW3AiVwGs0yQAmg2dofCW3ANXdeQOovwxHS2nBlB9xn0Uj+t8nAYWoML6uemEROUQzpi3NZMn86B1dnMS17K7HJ45icFAUkMWv+/6OfE8rXLSItazV3z1pIbu5CUihi3qRFlBlQVvifzMkp5OaZC8lbtoSZ8dvImjmNg9effRy/txT31nJ0vKx6cio5RQeZPn8xSzLn0n3batLGPUeZAYbfi9u9mbz8o8xfksvi9AmUFmWzcsfZIbff62Zb/iKyCmDyrKfoU76cGYvyiZk+n7xlecyfPoSivEy2e3rx/56aRTwQNXIyT437Gvi91NSUUg9QuYUpMxaxmRQWLlnC/Jlj2Jy/gCm5W4Pn8enUlO6mWv+/u2Jt0as+oxy4qXtzHXPPbvHA8eDohWc5wZpPtnPf8IfarJX2fPFr0t3X8tuHfsSQFvG4FnkHr//b2zwQHVoYKGd9OeB0fWX974UQQgghxIVRACUqAuwq2DT8NXUYfh+orUOhYDNxC8UEHGH4PbUEqquwwjRUuwNFs6HYbaiaDdUOih0sR/DLdChYYTY0r49AlRcfOlHde+GM6tpOquzYolp/bp+B75C7OZ0XkHe73UFwiHGLMLsdG6EAsMVBbJaCZprUqQp9tF6ozgjeOriFTw7vZndNGTtP7WeXp5RPTpWy07OfT08eYNfJA+w5eZC/n9hNbukr/OP4JzjUcBTLTri9/b+UNbujxYeO026cdnOgVSlcni6rhsT/Cs6o4EVWDm4irxTGzH+cu67vhsFYFkzfwbz8Atw/eoF7EntRsDeRh0cPx4mX5X/cDENnMfWBW9AMmPr0TArT8tiw5wiOV7fByPk8O2kEAAnzV8DvNhLb/zbiWx0HjgPgIFD2V/JKIWXhy0wb0QMYTvYKO/dPzWLDnieYZAeIYv6qFxjdBxg2iOl/XM0bHx8kbXhbvcqTyH0ni0QnGJ4S0udeT3JKMi7dA4PigW3sPaaROvphRr+cw9uD7mR0cgLe4g+A4I1Q/OcV1JBE7stzSXQCw4bRh6Ok5b3MrmnJDJuUxaZJnXp5zo/NBSTSt0vz7dv4C9jWDa1X/JU1JPJyfBv9rv17+I93VzB+xDpudjrZY0DTA88eTVxMsKy91R/wyz89yQYSyXrgOxJwCyGEEEJcJizA6tWDcGcMNNRi1nrxn/SgxHTFFmiOPVUz2K3bVBSsqC7EJCZQvmUr9m49cFkODKeKpYJiqqF+3MG+0ZZp4rRMAqfrOLVrP9YnewED7cZ4FKWDntotaoLqt5fBrUPb2VDHV9w8Z7fzpj7nnXenPRLQwFKIsIcTpmgYVuOo48EvCxVLUdHMAIpm4TMDBFQfqmrDFrBhqUqow7kKKNisUJNxFTQUMDS8/gCmYsOhKrjCurWbHo0WAbd3Gwf9M7ixnXcN+uny5ta92m30u0z/AL/qAu6je4uBCHy1FQAULZpBUasthuI3AOqAUCCnH6XYDbhzmJiS02prh+8oO9yQ9GiLIce0OCalTQOguOVxWjJ8QCz33t6jebduZwbSLporcY3QkrbUQexoBoVuQs0Zib/k94wbldHGtgY+OKu5fdNxSKJ/i5t50G3fgLy3L7E3Sj6gmIO1OjfHBBPbeCO3lc5/fPI89H+xjV9mgw0bpvIxiXzHcZydX+zkYx1qa//BR0eiuLlfHBpe3nt/Huml26FrKiseeJzrIjovZ0IIIYQQ4l/NIrLfAA4nDKDLJx/jrG/APFyBljAg2GfbAlMN9lMOKKBaKrYGi8jrB2Ef0IvDy9ZixUQSlZiAXzVRTBuWEqwdVxXw13g5+uf3cPzzC1RHGKbTjoMIXHd11GbcRZe7voHnrQ8BMN7/jMAPh9JmY+zaPZxuMYWY1jOqra3aFGGPwGXrQn2glq5hXYjSIqk2dEwb0DQMXLA/tk2xcUw/yU0xg7gv9huU1RzHsnRsigLYAAsFkwAWlmJD8QUI2G3cGHENd/S7Db9h0kUJR7O1X1vv7HUTQ4C9AGxnZ5WXG/u0HeHsLdvUYsfuRJ53ri8tV3jAfcbF9u7it9nbYOgsbo7vBcDcZe+QEpoPS6/YxfqdBte6oLHRhgbg7EtiLOy9I5O1aaHB1oxKtrzzId0HxuGLgrdLjkHjON9GCZlPvMjXF/yKPi2PcxY32/Z5GTYsdJPpfqIIhpMXwu+DqDsSm2pdi1/7MdmF3clcUUhynAv0HUx5aN4ZqTj7FyE4gv9hTtAc2B/du/cCU9P5nNE3MgT4tLKWsaGA231sG9CL8DOfUvpOco7Bjx++tY0j6Zw0riVaO8rP/ja1efGxXGZ9CBsmTGVr0bf5mTuKH9+7jolx7Y2ALoQQQgghLlkWKJqNiJQH8X/4IYZLpf69j+h6+zCsMAeWEayyMVWwWcEdGuwWqk3Df7yWbsMS6XFPEg2mQQRqaDoxBVCwmRZmmEL0tbFU/GIpYTX1WD6F0z370mtoYgeJgrCbk4FgwM1b86jaP5Feg8+OGrwFL7WoVLqfLgnnP3Svoih0D+/JkZo6ohxdiXRFc7z6KA5bMHxuDrotVEvFsJlsKN/GTT2HMj7xQY6cKKXO0LEpwYDbVAIYikq4GcGQHgNxOSLpYoVhGSa6qdOtW7+Oa/Xt/fiGE/aGuqi+uH0Dj6R8++xYyb+TZaXNc3YP6XfLZTtg8RXdh9t9eBc7du1ix46tbFyzlCkpc9hGFHOffhhnjxuYEAXZczLZWlaJp6KYl388h+ysj4FQ8FlTzAe7yvAaLm4fE0/N6gyWbizG46lg68qFLMjOpsLozq1jYqkpzGDplhI8nnIKX/g5RaVVdI10nnGc5rSFJdzPhCgomPMfrNtVRkXZVjKfWkANQxl1fXNN98XULAcD53AwdCrLd5H72DzcgK/e23RE9+FdlFR4aRneX3/fo8Bm5jyzipLyCoq3LGdO9mYY+T2GuaCkMJMps5dS8VVXd9sH83BX+PMHv+C9Eyc4WvEXFn66HWLHn1WLXV66nHItlft7ttUGxcXElDdY990NbJ2+g63T3+OHGsTFr2DrhBloJ97gZ+6T3HrjPJK7VLPnyJ7gV8XRS6zGXwghhBBCtKcxAOyZ8jD+6wahWE6UPWW43yhENQ0awtVg2Gmpwfm18eMIWNgthYDeAFFO/KqB6jNQfAEswwK/BT4L02+hB0zUrlFYXcIhAL66epQx9xDRL67D/tb2YQ8Q1uLzyfG/5HRt6238u1fhnre+eUHqeFzn2bS6cUi4vt3jcNic2E0714bFoSs+NAzsJjTOwq1ioaKiKBY+zYcjcJr1+zaxqvQ9Cg99yFuH3uONQ1v40xdb+csX7/Pm/nWs/ec6HAENw1Sos/kId0QS263/OVLVk1HXjWz+WLWIzM/2nbGNh9fXzePjFkvGXX/9+WX6EnTF1nA7IoDNeczb3Lxs6MjJzP3B9xge5wSc/PDlxRx/ah4ZM0IbRY0kc9X3iAac932P2IIsFs05zOLClQyf9hzpVT8ha1EaBcGNmTB/GaP7aJD2a2Ydf4qcBTOb1k3PzGF4NOhnHCfK0dgeuQdpLy+h5qk5ZM2ZETr/UNKX/YJEJ+h2BxCBdh5X6My66htTHmdowQIyZkwEID4piSj3NlZnFjJlbSo3j0mC/Dxm7vTy+pLmPiDOgSmsyKzmpxl5zNycB0Bs0kxy5j+IBvirD+De/RlH9FTaafnxf8TJxAd+y643Hif9z6Fr53qEFaPuP2M7D29+tJk7b5t7nnOpa/TpCo1tefTT1QB8vOdJJu5psZkzjQ2Pzrhs37IJIYQQQlxNLCwUFFzXXEPXxx6jIf2n2KJjsN7awjGfRsyE0dijo7Hq/RiWgqFq2AMKActHRM9oSoo+xhnTjYgePfApfhRLQQ1NfqUCdl2hauM21COV2AMW1ddcw7WzU2kaHry9Cl/nUHr+biyHf7g2+Hn/SxyOXUuXxT+lS4KD+r+tofaF9a12iXnqofOev1tpzLui0iO6D+7qLxgaM4h3Kz6gVglgV+3YQmVjEZxLXDUVbKaGK7wrpcf3EojwoxkOCIbjoe8mps3g4OkT1PjqiY6IQGnQ6Nv9GlS1/RHKG1039Afc+elm/h76/OePJvP3kkd4YsjXcdR/TmHxUj5uWbvVexEPtzPT0OVAsSyr06eAO3DgAIMGDers01w03evFQMN1Hq+LDN2LboDmOnukakP3ouugRV/YKNYXcv7zZ+D16qA5cTk1MLx4dScu1/ncrGfsewnT9VDZOdsuO2/tCbTInjLImRBCCCHE1SoU7VgK+GtqKRv/PSI+2UEgKhKzrg7/tf3oev9wuo64DV9kBLa64PzaFgHsqkJDdQ0ntmwn8HEJNpsNmwkBFSxVwWYpGP4GrMMnsCsWtacq6bH4f+j92NRgwGuFBglv10mOPz6GkyvdHW0EQHjBZvqnDL64IrAC7Du6h9rAMTaXb+X1Lzaj2gl2YKdxfu3g9GCKz+RrvW5ADZh8UrmPgN3CZgWC21oqATWAaVgM65rI1JsmEeaDqPBeXNf3RtSOM9vEe+R/uW991rk31May4pEFXNeJM4R1dqwqAbcQQgghhBDiqmABNbs/o+L7j+Fwu9GcLky/ie4/jXrrEHo88iBhAwZgBAKhJtcmRmQ4gW17qHz2JVSnA82iuX7bgoBNxa460PXT+B+dyPXZWag2G1hWx/2Zm+jUrsnh2PTnaWuGW+W+SXRfmE73oV9uPCEj4GdfxWfU+o7zfsXHHD3lRlcVdMuHaZmAhREwsAjQRe1KUp/rqdXr0E0TRQlgAVogWGsfZnNwXe8EomzdcGkR3BA7rMPB0tpMj2cnv9nyPxRUFbexthv3xc9lzje+SY9zV5p/KRJwCyGEEEIIIcSXYoVqm4PNp09s3MDhx5+k+6k66OIE00ZAP0197+70+9kThPXsTiDgx2YG8IXbofwYh57JJarBBEUFgt8VE0wlQIOnEnXcROJffglU9bybfbdm4D/hxqiqIzjxlh177344uv3r2mrW+Wooq/gn9eZpLM0Cy4YF+JXgDEaBgIGiWMHp0QwTZ1gYdsuGaqpYjbODWYBi4vcHCLNFM7jvdbjsXWi/7XzHDL+Ho55q6gPBNGiOGGK79sTZyYF2o86OVS/t9sJCCCGEEEII8aU01y821jX2HH0f9pUrOTrvP7Hv/pguETHYw5z4Kqrw7j1Al949MAMWlqJibwhg9u1Ol1G3Yby1BYczHMMWDLrVBj8+E2xP/Tv9//1JFPXMMak76sR9Jg17z/7YO3FinAhHJPH9hnD4xCGqvCdQbAaoFg5C06JZNhQFVBRMJTgwnIERGtHcDObFAitgEhPVi4E9bsChOs5x1o5p9mjiep7fiEuXoyt6lHIhhBBCCCGEAKV1827LotvttxL3x99hzfgB1WEWdfW1OA0/2okTBBQjGCtbKiYWqqLQ5+H7MK8bgM3vw1Gv4zvtwXPdtYT96lkG/zwde5cuwYDean3eS4tCmM3FoD7X07/HYMJsXTEtDX/AwLACmKqJCRioWNgwUQg2NjcJWBamBeG2rsT3TOS6nje1CLY7vdH0ZUtquIUQQgghhBBXMKWNjwqWZeHq35+Exf+FZ9oEjuevwvO/f6L7sUqizWBtrhUaVMw0LGw9Yug64lYOf/o5zuHJhD/6MNdOGk9YZPfG8cYum7BTwUaf6Gvo3bUf1aerOOGtxNvgwW/qWFYglBclVLNt4VCdRIZF0SOqL9269Ai+vGgcjC60lWib9OEWQgghhBBCXCWsFv/SNCVWcKHFyb17aSj+FFcUqKEOy5YCKAo2VLynTlPn6EGfO+7E0a1b08BolhUa4fsyDT0twBfwUd9wKjhwmhWcLgxVQbUpOO3hRNgizzXk+mVJ+nALIYQQQgghxL+EEvq3deBNqA6y2w034O/fh4a/r8dSA9gsMC0NrABKoB5tQH/63zIqeJxQkB083uUdiCoERx4Pi+igA/nlUn1/iZE+3EIIIYQQQoirjEJjmByswA4FzJaFFuYCzYFqmgRnwVKCc1AHFByKo2lvlBaN1S/veFt0Igm4hRBCCCGEEFclq+X3UBSt2DSMcBcGVrAJtWVhGRa604V94BCa68eVUD/nq4S8VLgoEnALIYQQQgghrkpKi+8KSrCLsqLg6NsHPxZagx+bz4ffHoZ92C3Yu3ZvitIVghXfylUTcYuLIX24hRBCCCGEEAJonDc7ov8NYIFecxJbhIsuffpjj4wJjUbeYlxuqfUV5yABtxBCCCGEEEIATcOfqTa6DLyprdUtvwlxTtKkXAghhBBCCCGE6AQScAshhBBCCCGEEJ1AAm4hhBBCCCGEEKITSMAthBBCCCGEEEJ0Agm4hRBCCCGEEEKITiABtxBCCCGEEEII0Qkk4BZCCCGEEEIIITqBBNxCCCGEEEIIIUQnkIBbCCGEEEIIIYToBBJwCyGEEEIIIYQQnUACbiGEEEIIIYQQohNIwC2EEEIIIYQQQnQC7atOQGfTy7bwm1e3kzB2BimJ0V/+eOVb+M0rBxj39DQGOi98//Ity3ll7yCeTh3BRezemAq2LP8NB+LGMW30wA63NAwd3dBwOa+8S12+awvv7zwAMXEMu/0OEvs0l6jhKWPz37ZS7vXRe9Dt3DMi8azyLi5cRdXN4xgR12KN4WHH5i18Vu4lJu46vjFyOD3OUXSVxVt5b/s+vA4XNyXfy/CBZ99netkW/rjVzvcmJXd43c8n3QDF65bzefRoxifHdZi2NvOIl11bNrHzQDWOmEHcNWoEca629/eU7WL34RrsdjsAfr+fPjd8g4QeWofrztbBOY1Ktm54j33HfB2XuV7O8udfJ+7RHzG61S9f4+/DNxlU/he2V4URFnbmzg00uG7nR9NG4MSgZMtaXnl9HTsPHsfV61rueHAyU8Yn0+4TwrOD2eN+y+TXl5Lc44ycVexi06adVOPi+mFJJCe2uCZNefPi6n09d9+XfM776Vy+7DOoKWmX4bPBqNjCE5Pe5ul3skj8EnkXQgghhPi/cvn8pXWRtr+6mMKiGjjQl1FLJ9FOXHHejOq9FBa9zd1PTqPjULdttXvfoKhgDE98qYDb4MAbhbwx5l6mje54yz1/eIQ5Bd/izU2p7QcTl6Edy2czL383xMYT5S4lD5iQuYq05D7g2coT4zIoBeLjoyjNz+elMfNZkzG66Yav3LWGtOw8Jix5qDkYNcrJHj+VwhqIjY/FXeoGklhSmMWwdm6c8o3ZTF1UCFHxxNeUkp+Xw+TFr5M6vGVUVsbzMxZQFDWZiR0F3OeRbgBv8SrSsvKJnXBzhwF3m3nEy5r0FHK2QezQeNy788nLTiLvnSwSzkqYwdbfziFrW8tlUcxd9hoJPehg3ZmPlQ7OqbVV5mPIeyfj7PQY1RQVFXLHN2cwulUpNv4+3EOG4xSff3GSmPBwqvduo7QmiqFJQwivr6e+bwIGOhuzH2NRoZuooSk8+oMH8X62joKcDFa/MZlVK1Pp00ZZbl02j91D53LbGcG2XrKGlJk5QCzxsW7y8yB2QiYr05JBL+aZh9LYDMTHx1Jamk/OSymsWDOXuC/z5NUPU1iUf9HPoEaX47NB6zOCSSMXkPabrWyam/xVJ0cIIYQQ4pyu7IDbu4sVRTXEJw2ldFse71dM5ME+XzLLdgfguuiCS0xdy/rvX2zBGxiGhqY5cbgAx7n3iHD0gijHlwjuL0F6McvzdxPVFIyWkz1lKqtfLGRaciqH1r5MKbEsXLWSEX1g1/LZzMn/NR89MZqbT6zhkZk51IQO1bIIKz98ncIamL74TaYNj0YvXsNDaTkUbCpjWEpboU0lf/p1IQydyZsvTCKaCnLHTqIgez2TVja/3Nma/TOKAFyODq97cQfpTm6MiIwynkvLAyCinZcAekn7eTTKN5GzDUbOXcazKQMxygq5f0Y2v19fRtZZefSyfxukZL7J3OQzQzJPB+ta6+icGf03UFgDs/IKGZ/gQi9Zw0Mzcyja8wQJw884rnZ2fpq4wOWwkZz6LI1hWMnyVGa+cRe/yprWdP/rJatYVOgmfnImS1NDW6aMJ+Xr2UxaVEDB1nHMPbMKWy/m5UKYvGTUGddPZ/3vc4AUVqwPBtE7cqcwb/WblDyWDG/+ls1Ekb5iDQ/GaXh2LWfcnHxe/3Ayc0e0FdafH2fCJDatn/iln96X67Phju/OhJkvs2tmcrsvwoQQQgghLhVXdB/u8vffoJSh/Pv8nzAG+GPhnqZ1JWueYXbuGpY/M5ZRo0YxatRYcjeWNa0v27ic1FGjmtZlrtqK3uLYvoOFTBmVyrqy5qXe4lWMHfsMJTqUbWm5fypLN5Y0nXfac+vQAb1iB9mpjecfxezsQirbzInO1lWZjBp1P/ffP4rUZ55jo5vm2nqjknW56U3HGTV2NoW7Kilelc7M/FKoyeehUens8gIYFK/LZWzjtqmZ7KgwgmcpWcPYUamsK9fbTMWlwjhxiN3AD74/MhRzxHHvHYDXgYGXXe+XwsjHaIxpho2dTBQ17D7oAWcvxqRMYPLkCcSecdwjnxYCKTwcCvScifcyIQr2HqpuOyH6ET6ogZTJD4VqCPvwb0+MBPeHHAoVoWfXUjIKI5ibPgG8vg5ydY50h2x5bgabh6YwJhbq2jtcB3ms/OIzIJ7v3B8MrrWBo5geC9tKjgHB+3Ns6lLKDUA/yAfAtd1B93jw6kaLvHew7ozjdHTOk6WlEDWZexOCd7MzLv6sNF8sP3XBpDYtMdi++lUgif/4fuva0T6jJzNz5FA4cfKs45S/+xqlJHHPjWdGdwa+aoid/mBTjXWv/tcA1dQZ4PdVQdR3uCu0MnrYWCZHwXt7j511jsbn0dL0xufBbNZs3cryps9TWL6lPJifkjWMHb+IYm/Hz7Hg7/MzFHsbz+JlTfoUsjeWt/1sMCpYk5na/DzKXUfjndfe8+xMevlWsmc3P9OmpC+l6RHpLWP5M1Oa07lqKbNTsykzgmVZXJjLlBbPsDU7Kto8hzMhmSRK+dtnbT8thRBCCCEuJVdwwO1h3UubYeS3SXDFMWZCLO6CN0J/3IHf62b36hyKeJQlebnMTXGxetEv2KWDXrKcGYvyiZk+n7xlecyfPoSivEy2t/j7znHtzdxEKS+9uTO0xGDba3nUuAbR17ORGQvyCZ88n2Ur8pibUkfBopmsqzDwe0txby1Hx8trP55H4fG7WbJsGUvmT2Z3YTZPLS8+Kycla54hI6+IkTMXsmzZEpJOFlEKRITWF//hMbJW72VWZi7L8hYzoddushe8SZfkcUxOigKSmDX//9HPCeXrFpGWtZq7Zy0kN3chKRQxb9Iiygww/D5qKOVYtXFWGi4lWs9kVqxYxf2NrRWMcv5WBPRy4QR8dRB7TffmHVzdGRL60Rk3grS5aaSm/pAxUdAyZr1x2ipWrJhBY/2mXvI3VtdA8g392kyHXl6MG0gc0ByI9ew/CKii3gD0YhbMKWDkwkweut5FU5VzOzpKN4BnRy4LimJZ8ouZXBdx1u5NOsrjsb2fQdRdDG6q1nRx+5hYeG83HsDv06kp3U21DvrRQ7iBnJnjeGjcOFIeup8pmWvw0PE6zjhOR+fsNj6LTWtTcXnK2LJuDZmPzcHNSL5547+ukXNzRbDOgc9qYOQDbTTp7sOkZ19gbkrCWftXl5dCfFIb+7gYv3QTK6clolcUs25VLrOytxGb8hjDXOD3ATVVLQL+WiproKb0EGe+0mp8Hr3b+wfk5mWSErubnIwM3u/9A3LzljA9yU3+goUU62D4vdTUlFJPx88xw++lhuB2jbyH3bz3eTWxZz0bvKx6YhI5RTGkL85lyfzpHFydxbTsrVDR/vOstXIyp2ZQWD+GxXnLyM2cBdsK+NlrxYCH5T+cQf7mCOYuziN34Xcoyitgd+nnVOtQVriItOzVdJ8wlyW5i5k+5CA58yaxqvltQQtxPDASCjd93sY6IYQQQohLyxUbcBtlWyiogZSHEgEYfNcYYDN/2eVpsVUKv352EsMSEkmZ+SRQh2GA1vMO0udmkjFtNAP79iRuUDxQw94j/7+9+49u6jzMOP7lRDDho3gCl9YAABGmSURBVOi4mBBHqZMBouncek7qxmNJcRPauslalVDMaSHFZmQ4bU1SQs2Y0uEkdk9VBx+VMXs5MW0GrDbJMON46gpzd1Bm0paRusV1oibYxhmmqgI2KOYWbo2A/SEZZFv+QVcRhT6ffzjcq3vfe3Wv36Pnve/73vhtsyhak8OAbw+dEcA8ws5WcD32GayxiNPf9zbneB8PfrWO+s2b+dDlwBHrWmwAA2/TPwBz71nBjrrNPL3wthFnYvCTfzsEBRt5ZtkCZs/OZfWWHRRC7PkdzLq3nI2bn2fJ/GxuumkWtumAbRoZs+dzX/YssGfzmYV5zLQY7P+XVshZQ/Gn78LhuIviJ0qBVv7r9TC27GX4/X5KUr2fpjWdrKxMrIDRe5CnPlWMb8BJpWdR4u6xllvIdsChw8G4hSYjHxBbbJlkZaUDETr3b+XB0lrIKeUrCzMhYtDZ3k4gECAQaKe9s5eIxQY4uSX9ShIbiiAWIuzzlNGRv4FnFsyEc4Ox5dFPhToDtAcCBAIB2ts7CSdq44g/bjNARXkTLs8/kGuzMngWYOoEX9Toc5w6LY3EExlE78nsZdX4/VvItUHknAE4WVOzg717fWxe5yLYUovH1zPuOkbsZ6IyATjTw47ndtASBDjN8ZPJ62XhmJN5Fb2xDQ6/HMSR7xy363Xvj1/iuRebGACC7/yaMHB7/n2Aj689tZ229oNsfbw4OrTgeGhU4I4qom6di+x581n6xXyggIp1LrLn5fKFv1kJnI025MRcOYfE9djoz0XZpkH6iLohvddPfRcUbvwyH7vDwe35i6hYmcOAr5GO301Unw25kc9t2ECd51HyZt/CrFtvxQkweB5CP2dbEFZu/g6uvHlkLyjh+Y2FseMzaH2xFQo24C1zkZudR0n18xQC9c2HRhYCWMic44SDbxBOsFZEREQklVy3Y7h/9sMXAfC5l+GLW970rwd4JM8FnAV7xpUf0Zbpl7uyWqw3cr7zuyy+3z1uGfM+XYKjtpyW1w1uieyji3ye/OhMLJYHqK98m3+sqaesJTre1llYSsX63LitbXzh+Rr6v+Wlau2q6CJHARuffoJhz9givyEQhPwvxo+vvYkPOOFg7H/WG6fyP5WPUtUVfYTqiOuTO9StNgJgRvdFsJalrtph5zL+6OJUZHBg65NUNHZAznLqK1czL/6h6LS4MGp280oQ8u8c2ZiRQDiAd30Zvi4oKPXgHprkzOzm6bVruRzZHStp+qYN6OLYSZPc2KRkQ9/i2e5dVLdC0YZ02tvb6T/cBVj5SVuAj+Texn8+Xca2Kzujxvf8OMftYL9nMR04eWj6CdrbfsnhIBjHX6UtcCO52VmTvnrnB8+CMUh8vj9nAAxfBsQaYJZd/n+u66uU/ruP+lfexOYaex0jxoKPV+ZvDQOL1YY1ayFbmxeCEeApVxkV338Vv3tB4pOYOvJsIwwa0faryQi+0o5ZMnL2d4N9nif5xYcfw53gKXdiEQzDxGK1MW/JMzQvgb627Swtr6Wh/ROU5a5mh8dGpaee8lbIKSyi4H+b6LrnIwkmKTsL9itzQ9w01wl2eN9QSeej/46+zmPXY4nEj3+PrxsiA9Hu2y1Vq6KNApflcDFjMvUZgA37tF6eXvop4pu2nIDxdjfg5O47rrS8pGf9KfAa/O4YbUHI+ezcuPPLpLDITktLN2EWJv6+3oO1loiIiPzxuT5/r0Q62dMUxOHayLeXzyNyPoJlqoW3fJVUNH6XV/tcZIyzeeClr+P1ZeDZ4WN+lg3MNh5+sJxRX5ctl0cKoKpxJ9PO+bAX1TDbAhi9DEy9m2ebS7CaYToP7+Vpdz1/NzObb1z+xWtw9C1Y+mwD66wmfT2v89J3yqkqfz8faY6bNTj2lHPba8fjgoxBqAts+QAh6ovdtOSvYefeRWRaLYT2bWDZc8MP1QJgje7rjXs8NJfFxrBG+jiw96dk3PpeuhUi7Pc8TFWLjTWbd7EkN36SKwu2DAi2dRMpyY71JBjgRGy7cZkBNiwu45CziPo9ZcMDvC2XBr9/1OedwGtvGbhigfs3v2oDMph+gw0Hdlqec9MU15W8qvw0m31bKGnwUzJ8Z7w15nH/ltOmA7v9BFVry65s0rqN8iD4tpZMevb9W3PyoPFluo3V5NkAwvy8JYi9cHQI7PR5ePa1u3jO/cDlJ/ODZ4E508ZddzVl/qLKRfW5dfi3uKIftn2AP8+B1qPHMRjxYDx2+bq6T0J23JrwG/xgAG6fMU4/++jOubPQCdte5OXepTwQ30e89xWqWzoo+IurmELMaOdhVznzPXtwxyaOm5l7Nw62AdDXvp/D5+eztXmoYcJg66ImgjOmT7jrCEw4BGFC5weBtLj2CZPfBEd/zAJYb40OXlj3wl5csXeNmaF2fnQ4wu300j1Gfdaw+kroNjsbKK1qZHnlC6xYMBsrJtsffpAWwHpzFtDIq0cNsmPX7uQbbwBp8CcOcuzQ+FYILjc3hjnYMgB3Zo1xb6eRqJFIREREJNVcl13K+37q4xCwYnkBWZlZzM6aTVZmFgsWF2NngF0/GhonnfgH2/lBgOkQMenrbafukXKCwOA5g+EjYi3c86XoOMXGDvjKkuiPT/PYPsrdZXh2HiRkgtUefU6VZovvAnyS7e5yiv92K4FeA8uN9ss/LIdHXxt3FzqhpQLvvnbC4RD76tw0ERvDHTnHOwBWOG8a9LTt5uvVh4B+joUjsXGkAX7S3oMRie5roMnN1v0BwuEQBxsqqfB6CUUsmJ0+Vi96fNhEcKnI7GmmqmWAnNLHyJ9xOtbNO0CgM0QEK/c+VAgdXp7fHyDc18P2ygoGyOe+O8YfFxx46TscAtat+SssJzsv77dvrK/DOocHcqClYhMHevoIde7jW7UdUPgQd37YRYO/meZmP36/n711y4Hl+GLdrBPsbJzjvpUl1Q00Nzfj9/vx+32stINjeR3+qwjbADM/+HEcBKnctJvecJi23c/ROACfnT8XiIbshx/fSigCFsJ0tVSzafdBQn29HNi+iW1BcH0se9x1I/czXpkfur8AOrzU7Wunry/Ewd2bqO2A/M/NH31ettv5bA4c8q6iztdGKBymr6cN73o3A9h56OOJnkwP71Sfu+QJchiguvgr7DwQoC/cR0+bj8eLqwEnn88f+Zo1G3fe5yD48uHRT9Btd/BFJ7S4PRzoDNEXCrD9G26CwNwZVmxTe/FWrMLja6MvHGKf91EaB2DZ/R8Y4+pMHCAjCc5prO1sN88FunjpP9ro6+tln/dr+Lgy98OwuiH9zyiyg3eth4M9fYRDAb739bV4q3/O7yZVn0FkaBa/8xHMcIgD25+K9uI4MwCZd1Jkh21lVewP9BA4sJ013tbYlunc+/kcaKnAs7uNUKiHfXUVNA1A0ec+mqBVOMKxQBfM/+B75nVmIiIi8sfrvfRYc5JM/nuXD5ylfGzkK8Bm3kVxDtT+4MecKUyD2zMTjsv8kOvL5DRW4F61FABnfj724CGaPD6+sHn463ys8z6Oi1p8ceVZs1fgWXkcd72b1mgPTBwFK6lYmo25a+jn7mzcdetYX+alrLgxusiew4aapaOCRnbJJtYF1+OtXhvrHu/ADtH+oZbZrNzgorW6luLW6PuACwqcBFt9uHd9gpc+uQJHYzVVa49T42sgr2QTG/rXU11VRrRUO0UbX2BhpgXj1Cm6BjroHTAhhV8WZJ6KzhreUe+muD5uhWMlvoYSMhc+xobDR6muKqMpuoLSzetHvdd5GvHRxeBXbV0AeIe6+McU1eyhbOQrqgCwsqSyhl+WlFMRu1dwuqh/YvTL0SNA9KKNbbLHDRZu/iCTei3c8HME0vP4duVyiiuG7hfIWV7JX8fO7/ypowQ7XuPX5mryXBupPLWJilo3LbERCIWlNTy+IBMLY68buZ/Mccq0sJ6N3aepql4bO2fIKdrIxoSvYUtn2bMvMOj5e7Z5y2nyDi13sqamioUzR34+DWwj/pps2Xh31bDFXUl9RRmXbx9nITUVTyRsDJl7byE0vsIxs4TsYdfCxrJNm3mrbC0VpUNPsR2s9NTyQJYVWELl8gAV3nJaYse60rOThQlfTZigPhp1v2Qw3QLW6fF10Nj1GJn3UFnkpKK2nGjVkIOd4OX75o4RdcOj36vhxNfKca+KBWF7AZ6dK7g5kzHrs2HfRu5i1hS8TG1VabRucRTgynfg81Xwz5/wUdZQD0+UU1W2CrCTn2PnUEd02+ySb7HReJKq2vIr99OazZTljbqoEOnFfwjy170/0VmLiIiIpJQply5dupTsQo4ePcqcOXOSXcwfWHR8JhYrNqsFIgaGacVmG/Fj2Qzw+INl3FK5E/fId+tGTAwzgsVixWodu23DNAwiWLDZxg+5EdPAjIDVluA94ENl2aIzdZuGAVYbYxU7tK+hz1+Pxv2+/sAmew0n49oct4lhRMBiY8JDHrq3Et1P4627mjJNEyMSwWq1YZnESUeMMGEz2jCUPjP99/qeTCP2OjOLlZnp4/UTCOG9fxnvVO7kmTHenz3u9Y+YhA0TizV94u86CSKGgXkV9+aY5zLJ+ix6/w5tH61HrZaTNPzTD7lj6SPMjw2/6Nm9gVW156jbu+VKQ4ZpYEQY934Kt9exeO2b1P9oC/OuwyZjERERubaSnVUVuP8fOn1eyr0+Bihgh/8ZRnZGFZHrQ98BD0srYKffTeLILeMLs/3hxWwLQuHyUhxnfso2XwfO5TVsXZ13VfvZumgxL3++joaS7Ik/LiIiIjIBBe4U1ntgO99/ZZDCL60gL+t6fU4sImBycPceuHcx8zP1t/77CXPQ14z/Z0cJYyX/k0UsWjDv6nonmL349rzOXy57gASdzUVERESumgK3iIiIiIiISBIkO6tel7OUi4iIiIiIiLzbFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFRERSTH9/Px0dHZw9e3bS20QiEd58802OHTuWxCMTERGRq6HALSIikkL6+/vp7e3lwoULdHd3Typ0RyIRuru7OXfuHKdOnVLoFhERSREK3CIiIiliKGwPmUzojg/bQxS6RUREUoMCt4iISIoIBoOjll24cIEjR47Q398/al2isD3k1KlTSTlGERERmTwFbhERkRQxd+5cbrjhhoTrent7h4Xu8cI2wIwZM5JyjCIiIjJ5CtwiIiIpIi0tbVKhezJh+7bbbkvmoYqIiMgkKHCLiIikkMmE7iNHjowZth0Oh8K2iIhIilDgFhERSTEThe7BwcGEy7Oyspg1a1YyD01ERESuggK3iIhICpoodI+UlZVFRkZGko9KREREroYCt4iISIqabOhW2BYREUlNCtwiIiIpbKLQrbAtIiKSuhS4RUREUtxYoVthW0REJLUpcIuIiLwHjAzdCtsiIiKpz/JuH4CIiIhMTlpaGjk5Oe/2YYiIiMgk6Qm3iIiIiIiISBIocIuIiIiIiIgkgQK3iIiIiIiISBIocIuIiIiIiIgkgQK3iIiIiIiISBIocIuIiIiIiIgkwTUJ3FOmTOHixYvXoigRERERERGRCV28eJEpU6YktYxrEritVivvvPPOtShKREREREREZEL9/f1YrdaklnFNAndGRganT5/m5MmTetItIiIiIiIi75qLFy9y+vRpzpw5w6xZs5Ja1pRLly5dSmoJMRcuXODEiROYpsk1KlJERERERERkmClTpmC1WsnIyGDatGnJLetaBW4RERERERGRPyaapVxEREREREQkCRS4RURERERERJJAgVtEREREREQkCRS4RURERERERJJAgVtEREREREQkCRS4RURERERERJJAgVtEREREREQkCf4PcSdXkcDWcn0AAAAASUVORK5CYII=" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="" border="0" height="177" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9wAAAEWCAYAAACUvJ/mAAAACXBIWXMAAAsTAAALEwEAmpwYAAAgAElEQVR4nOzdf1zUZb7//wc62GAjQmECha0KWRjZZrlWamDp1hq5pdWKZ7NtVzuGdcz1pJzdcNPviSyXPB3Nwq1FW7EfWh+XWl1rdVdt87hSGooVCCU2UKKgTDLC6Hz/mBl+zrxnQEbFnvfbbW+b8/5xXe/rel/DvN7Xj3eI0+l0IiIiIiIiIiKdqtvZzoCIiIiIiIjI+UgBt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERERkSBQwC0iIiIiIiISBAq4RURERERERIJAAbeIiIiIiIhIECjgFhEREREREQkCBdwiIiIiIiIiQaCAW0RERERERCQIFHCLiIiIiIiIBIECbhEREREREZEgUMAtIiIiIiIiEgQKuEVERERERESCQAG3iIiIiIiISBAo4BYREREREREJAtPZSjjiib916Lhxg/swYkAk00fGtdn23t5DFFpr2VZaQ6G1lqN1DgB6h5kYMSCScYP7kHZ9DACF1lpGLt7R4vgRAyN59+HrOpSvYKqorKSy4huf2xMSBmKxWM5gjs5veTsryCuo8Lk9KzWBpNheZzBHnSMj/wsKrTaf28/Fe9+j0FpLRn6xz+1pQ2Ma27aIiIiIyLnirAXcgeodZmLc4D6NgXbvsKYsH61z8N7eQ7y39xDbSqsbA+zWmu+XV1DBqgeuISm2FyMGRrJtf/WZupQOs9fZqa6p8bm9weH9uqVjDlTXGd4Xvu6zc12h1dYl7ndvjtY5DPM+YkDEGcyNiIiIiEhgzsmA2xUMR5A2NKZNT2KhtZZt+2vIK6ig0Frb7nNv21/NnS9/zLsPX8fc2/pzZxcNQEREREREROTcds4E3CMGRjIusQ/jru5Dv0hzi23b9lfzXtEh3ttziAPV9tNOq9BayzMflJKVegVJsb06FLiLiIiIiIiIGDlrAbdnqLhnbrW3oeLbSqt5b++hoAzhXba1nH4RYS3SFREREREREeksZy3a/OqpW1r8+0C1nff2HOK9okNnbJ5pRv4XZyQdERERERER+f45J7p3l20tV/ArIiIiIiIi55VzIuCePjKOcVf3Ydm2A+TtrOiyq0AHiznMTGSE71WYQ03nRDWKiIiIiIhIM+dMpNYv0kxW6hXMvW0Ay7YdYNm2cgXebjHR0cRER5/tbIiIiIiIiEg7nDMBt0fvMBNzxwxg7pgB5O2s4Jn3SztlZXLxzuFwUF1Tg63WBrh60xXcnx2F1to2D5n6XRTWZtV+ERERERHpGs65gLu5tOtjSLs+hvf2HmLZtvIztpiaR3n5QaqqDhvuc1ncpfSJigra+X/Q/3LsdjuVFd/43CchYSAWi6Xx3598stvnvpZeFhLiBwJQVvYlZV9+1WafmOhobDYbxcX7fZ4nOqZvwIF5RWVlu/Lf2qGqKmpqjjY+FOgMzdO88+WPW2w7cKTO8NiM/GKfq9unDXXds/54FgncVlpNobXW70Mlz7vpPav6+1NorSUjv7jNZ0Zal0NzWakJJMX2MtynPXqbTSTFWhg3uA9Jsb065ZwiIiIiIueasxZwP/JmEXPHDAio927c4D6MG9yHbfurySuoIG9nxRnIIURGRlBc4jvoBGhwODoecB/8Grvdd6BlNrvmbpeVfUl1TY1hHpoz2tdj377PqaisNDyn0XkiInr7TcPDXmdvV/49qmtq2Lfvc8My6qjmabb3QY5R4DpigO+59p60lm0r5729h9qdZqG11vU6u0gzc8cMMAzsj9Y52n1dRvt7et4786HXe3sP8cz7ZfSLNPPifYmMGBjZaecWERERETkXdDtbCeftrOCarA955M2igH/EjxgYyYv3JfJpxs0B9SKeLovFYtjzCmCz2ToUEFZUVvo9Lu6yS9t93kCUlX1pGGyfCyoqK/nkk91BCbbPhqN1Diav+JQ7X/643cF2aweq7TzyZhHXZH3ot9e6KzhQbefOlz/WmwpERERE5Lxz1gJuj7ydFdz58sftCkQ8PWJfPXULc8f09zm8tzPExfkPessPft3u8xoNsQYwmUzExHT+XOoGh6ND+T2TbDYb+/Z9fraz0WkKrbVc88yHpx1ot3ag2s7IxTvO2IiPYFu2tZxH3iw629kQEREREek0Zz3g9ti2v5rJKz7lmqwPAw4gPAusfTr3Zl68LzEoi0vFREdj8vParYqK9vUW2+3GQ6wBYmL8p9sRNpsNh48h3OcKo7njXc17ew9x58sfB3XF/UfeLDpvgu68nWduyoiIiIiISLCdc4umeYbLZuR/wfQRcUwf0c9vD3bvMFPjAmt5OyvIK6jo1LmmcZdd6nVxMQ+Hw0FFZWXAi4gF0sMcrOHk57pAHkb0iYrCYrnwtNIJMwd/5e9Cay2PvFkUcLA9YmBkiznghVYb20qrAzr+kTeL6BdpPi/mQT/zfukZmTIiIiIiIhJs51zA7XG0zsEz75exbFs54wb3CXiBtbTrY+gXaebOTgy4Y2KiDQNugKpDhwNftdtPj3hMdDTmIAWEFouFhISBQTl3Z6i1Ga9EHhMdzVVXDerUNGuevbXFv595v5Rn3i/zuf+7D18XUGD7yJv7AgqW547p7/PB0tE6h+v1eB+U+j3XI28W8WnGzYAreG99XXe+/LHhg6jW+3vz7sPX+d3Hl6N2B9tKq8nbWWF4LQeq7by391BAq7GLiIiIiJzLztmA28MTcOTtrHD1Yg+N8RvsdPY8ULPZTJ+oKA5VVfnc51BVFXa73W+gXFFZ6XdId3RM3w7lMxChJhOREcYraZ9N/l791b//5WcoJ6cnb2eF3wXNeoeZePG+RMPAsneYiekj4xgxMMLv0PQD1XaWbS1n+si4Dufbn9PtQR83uA9zbxvAnS9/bFg+20qrFXCLiIiISJd3zszhDkQgC6w9836p33cad8RlASyeFshcbn+LpUVGRJzTAfHZFqye/872zPulfvfJSr0i4KAyKbZXQL3Ly7YdCOh8Z1PvMJPfaym0dt4710VEREREzpYuFXB7NF9grXngXWitNRwKfDoiIyIC6L02DqYDmZ8czN7trsDfQnGBvGP8bCu01vp96DNiYGS75yknxfbye8yBanuXeFVY7zCTYW/5gSN1ZzA3IiIiIiLB0SUDbo8D1XYOHGkKbB55c19Q0/M3nNlutxsOOy8rM54HbjabA54Hfr6KjDTu3S8s3IvNzzzvsy2Q139NH9GxYd9zxwzolPTPdcEYpSIiIiIicqad83O4jYwYGNk4X3XZ1vKg9+z1iYqi2LTfcA521aHD9ImKavO5w+EwDMbh+7syeXMWiwWz2Yzd7j3gcjgc7PhXARaLhdAAX5tm6WUhIqK313oJhkCCxY7OT+4XaSYptpef+c9nZhTAgWo72/ZXc6C6Y73R6sUWERERkfNdlw64X7wvEXD98H/mA/9zZk+XyWSiT1QUFZW+52pXVFaSkDCwzdDoQ1VVhoG6yWQiJub73bvtkZAwkMLCvYb7tKeXu7qmhvLyg5jNZhISBgY98A5kOPnpSIq1GAbcwQ5kPa/u68xX74mIiIiInI+67JDyuWP6N74mrD3vOj5dgayS7W3xtPJy43dvx8RE+52//H3RJyoqKEPr7XY7hYV72bfv804/95nk7/V4wRyOXWitZeTi/1OwLSIiIiISgC4ZcCfF9mqcy5q3s+KM/vg3m81+VxEvP9gyuLbZbH57ZDWcvKWrrhoUtPnsFZWVlJcfDMq5z2cHqu1+X00mIiIiIiJNumTA/eJ9VwGud3Rn5H9xxtP394owu93eIsD227sdHd1lXnd1Jl111SCSkgYHpWyKS/b7nCcebF01YD2TI0lERERERM4HXW4M8/SRcSTF9gLOXgDQJyrKcGEvcAXZV101KKDF0r7vrwIz0icqij5RUdjtduoCDJBttTYqKr/xO6qg/ODXJMQP7IxstuBvyPfpLu53Nt5RXWitDWgkSb9IM/0uCgv4nArgRUREROR81qUC7n6RZube5hpK/t7eQ2f19Ucx0X0p+9L3a74OVVWR4Bjod7G0yIgIv0PUxTWUP9Ce7siICOLiLqO4ZL/h0HFbbXACV38BN7ju346uVO4vYD/dRdm8CaStvXhfYrveLX7nyx9rLriIiIiInNe61JDyF+9LpHeYyTWU/M+dO5S8d5iJtKGBBwtxcZcZbvf0bPsbTq7e7eBJiG+7Wnxz1TXBeX3WiAH+A96OPixyvYbLuKc/kIC/vfz1qs8d079dwbaIiIiIyPdBlwm4p4+Ma+y5e+aD0k5diTnt+hg+nXtzuwIGk8nkd1Gv4uL9hsOazWZz0BYGCzab7buznYWA9LJYOv2cgbz2q3eY8eCRji7298wHZX73CSTg98bouo7ajYd+dzRNEREREZHzWZcIuHuHmRqHkm/bX82yreWnfc6k2F5kpV7BV0/d0thz3l5xfhZPMxpKDl17ZfJDVVWG7yM/VzT4qYOOyMj/wu+w7kCGi09e+Wm75jAHEqT3DjN1eKj65BXty09z20o1NFxEREREpLUuMYe7eUD8yJtFHT7PiIGRjEvsw7ir+3TKsFuLxYLFYvG7OJc3JpOJmJhzt3c7kHnl+/Z9Tk31UaL6XGw4dNtuP9GZWQtYdU2NYd34usZ+kcaLfh2tczBy8Q7Sro9hxIDIFvdSv4vCXGsNjBlA3s6KAM7zf6yack3jQoC+LNtaHtCK/NNHxPl8eBTIYm7XPPNh43X1Njedx9+xz7xfRqHVRtr1MS2OM6IF00RERETkfHfOB9zjBvdp7LF75v32DSX39PaNGBDJuMF9OtSL7U9c3KXs2/d5u4+LiYk2DFLPBYE8TKiorDznerodDgfl5QfbvA+9tYiI3l4/D3TRsbydFW2C6rlj+jN3zAB30N2fZ943HgJ+oNreGLx77lXPfVporaXQagv4vu8XaWb6iH4+t48YEBnQQ4BlW8vbjCKZPjLOb/pneyFDEREREZFzzTkd8fUOM/HifYmAK/jwF7yAK+gYd3UfxiX2afdqzYXWWr89ja3FREdTXLzf7/Dx1rrCcPKOPkw4XZ98sjtoC5p5mEwmnwvf9Ys0M2Jg5GmvoD13zAAOVNv9BrngPXhvj95hJlZNucbwoZLnoVNHepbHJfbhvT2HOnXtBBERERGR8905PYd77m0Dmg0l3+dzP8987K0zh/Fpxs1kpV4RULDtCYYmr/iUiCf+RkZ+cYfy2d7gOSY6OuBXXJ1NMdHR5+0ryxISjFcwz0pN6JR02vuqrI7oHWbi3Yev8/uwqPlaCB3hefglIiIiIiKBOWd7uEcMjGwcxrpsa3mLRap6h5kah4m3d6h4obXWPfS1yu/CV4GKiYk2fCd3a13pVWBJSYMpLt5/zg0bPx1xcZf5XR0+KbYXL96XeFprBni8eF8iSTG9ApqD3V4jBkby4n2JAa9JMH1kHIUVtR3qTfek1RllIiIiIiLyfXBOBtzNh5IfqLbzzAeljUPFPYF2e7y39xDbSquDNiTWbDbTJyqKQ1VVfveNjIjoUr3GJpOJq64aRHRMX/bt+xy7vesOKfZcS5+oqID29/RMd0aAOX1kHOOu7sMz75ee1tBxD8/CbB3pPfe0rY7kI+36GJJiLTzy5r5Oe2AlIiIiInK+OmsBt9GQ77ShMY09dkfrGgIaLutN3s4K3tt7qPEdwv0uCqPfRb5XoE6K7fg7my+LuzSgedyX+XmVmDfmMLNhkB7aami00b6WXh27xsiICG668UfYbDYOHarCcfIkttr2r87uTev8dzSPvlh6WbBYLuzQO8/Tro9hxMBI3tvjemjj733URiuc94s08+J9icwdM4D39hwir6CiXUGrZ25584UEO+rF+xKZPiLO/TDK/3z55qNIkmJ7sXXmMLbtr2ZbaXVAx5+u3mEmw+8MfyvLi4iIiIicDSFOp9N5tjMh8n22bb8rkPcWfCfF9qK32eT6/yCssi8iIiIiIsGjgFtEREREREQkCM7pVcpFREREREREuioF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERERkSBQwC0iIiIiIiISBAq4RURERERERIJAAbeIiIiIiIhIECjgFhEREREREQkCBdwiIiIiIiIiQaCAW0RERERERCQIFHCLiIiIiIiIBIECbhEREREREZEgUMAtIiIiIiIiEgQKuEVERERERESCQAG3iIiIiIiISBAo4BYREREREREJAgXcIiIiIiIiIkGggFtEREREREQkCBRwi4iIiIiIiASBAm4RERERERGRIFDALSIiIiIiIhIECrhFREREREREgkABt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAhMZyqh+vp6Dh8+jN1ux+l0nqlkRURERERERBqFhIRgNpu55JJL6N69e3DTcp6B6PfkyZN89dVXREZG0rt3b7p1U8e6iIiIiIiInHmnTp3i8OHD1NbWctlll9GjR4+gpXVGAu6KigpMJhN9+vQJdlIiIiIiIiIiflVXV2O324mJiQlaGmekq9lut3PxxRefiaRERERERERE/Orduzd2uz2oaZyRgNvpdGoYuYiIiIiIiJwzunXrFvT1xRQFi4iIiIiIiASBAm4RERERERGRIFDALSIiIiIiIhIECrhFREREREREgkABt4iIiIiIiEgQKOAWERERERERCQIF3CIiIiIiIiJBoIBbREREREREJAgUcIuIiIiIiIgEgQJuERERERGRLuqTTz4521kQAwq4RUREREREuqDKykrGjBlDZWXl2c6K+KCAW0REREREpAt69tlnOXz4MM8+++zZzor4oIBbRERERESki6msrOSll14C4KWXXlIv9zlKAbeIiIiIiEgX8+yzz1JXVwdAXV2dernPUQq4RUREREREupDmvdse6uU+NyngFhERERER6UKa9257qJf73KSAW0REREREpIvw1rvtoV7uc48CbhERERERkS7CW++2h3q5zz0hTqfTGexESktLGTBgQLCTacXO7g1v8PZftrHrq+Nccnk8I356P5NHJ2IC7OVbefGtb0l7bALRpqajHDW7eXnZLn7y+BT6m5s+L96wgjVFMHHaFBIsrVKqKubv//gn39RbGJA4jBuHxOE6pYOygp0cPA6hoUBDAw09L+PGof3xJFm5eyubd5VS3+MibkhJITG61cnFL3vZVl7bHsrPJw3HjIOygo842BBKaPOdGhq4OOlGEiIwrhNHFds/+Aeff1PPRXFXcOOooUSZvCbbgqOmjI8KDxIaGupOroGe0VcxNCHK35GUFWxh+55ysPRlyM0jGu+B8q0r+PO31/LwhCH4ykJVcQEf7dzDESxcff0tAaTXXCVrV+zilim34znKX5r+rtNWuZvNm3dxBAuDhgxjeGJcO/LTJjU/dWkCRw0FW7ayp9zWrvqyl2/nlT+8w67qfjzxbDoJzdp60YYV7IsYzYThcQFds39tyxnAVlnEts3/4pv6HsRdPZxRzb4XOl6ONoq2b2P359/ARQMYkXIjcZYACqSZlu0pkOswyqtRfmzs3rqZXaVH6HHRAEakjCSu8evPd7sw3tbmati64kVK4+5myugYti5/hYbbfsno/mYf+wdWfm3LyEHx1rf4w1ub6DvmCWalJvgsXxyVbPjjH/nLjgrGPPE0qQnmxuvpcVEc19xwEwnRnvw5DLZ1Akcl+as+5MoJE0iw+Gn/jioKPtpHQ2iL1khDQyhX3diq3bU6r/ekt/Ny/nF+OXV0y/ssgGPdOxp+P/SnnJ2FB91f9I0baQiN5sahCT6/U8FfmzeuE6P24Pu3QrO0y7fyVnE0k0Yb3EMi8r1WWVnJgAEDfAbcAGFhYZSWlhIdHX0Gc9Z1BTtWbd8vsS6kYPmjzM4rIX7URB645SK++sfr5C7YwrbyxSyfMgTHkc/Iz3+XW6ZNoPlvNftXO1iz8V2GPzqF/p4PHcX8YWEuOwB74mieur3ZH9DitdwxbQkQS3ysldwcCB87hzcybsds38tvZ2dgbZ6x+AfJX94fC7B7xWPMzC2E+CRiSwrJzclm1sr3SY07b6slCMp4/qFMNoanca874P54RSZLCtvumbroHWYN/sp3nTjKyZ7wAPnHIDY+FmuJFRhLzvqMFgGZN7b9fyEzc02Lz+LTFrPcMChzsDV7Cpn5VsLj46GkhJwlC5mRk8+EBAtHPtvImrx6Jk8YQoSXo4vz5zEtewuExxNPCbk5S5i46C3ShwYSCNrZvuJpluR+xQ8m3E6Uuw34S9PoOu3Fa0lt1RZiJ2axKn14APnxxk9dDqn1Ul/DWJy/kCGGP9TtvDc/gzXfJjHxnoFENqtbW9Fq0hfmEjvx2saAu2N125SWt3KuKljBvbNzgVjiw62U5OYQn7aI5VOHnkY51rD6sbvJKYTY+HisJbnkZAdSHs21bk/G12GcV6P82Fg7J5UlOyA2KR5roWtbzvqFJJiN2oXZsM205aD07XzeHnsrU0b34bO8NdReN9lHwB1o+XkpI/tefpeZgy1pFNdGGH9/V330RxbmbWRUahqxkWYKlk9ndl4JxMYTbi3hGDBt8TtMGhJhuK0zbH/5SbLXlDDx6ltJGBph3P4d3/JSZiYlbc4SzqL8dY33hLfzemP/poA1eTC5VcAdyLHuDBl+P9y+52kyctvmlvgZrF9uHHAbtXmjOjFqD4a/FTxXZCvmhbmZ5NvSuGN0gtfvYBERo95tD08vd3Z29hnKlRhyngH79+8/E8k0aSh1ZiYnO5Of3tL8Q+efn0h2Jif/3nnI6XTW7s11JienOXfVtjzU2+eHtvzemZyc5nzi0WRn8l05zurGLXXuc2Y6v6hzfbIz91FncnKac2et09lw4M+uc9V5yWP1R867kpOdj+btcmfvC+ejycnOtNy9nVEC3xsf/T7NmZyc7ExOy3XW+tznLmdy8tPO0gbjOqneleNMTk52rvnCdaa6L9Y4k5OTnUt2VrfduZW9uWnO5EfXOBvakfeGA+udycnJzkfz3HXe8IXz6eRkZ/IT650NnnOm5TnrnE6ns6Gh1bmrnTl3JTuTn/iza7uz1pn3q2Rn8qNrnN5ut+ZK1z/tKrPkZGdy8q9a3OvGaRpdZ11j+zrg3rhzSZozOfmJxrbRGZrXpatdJjtz3fVTt9dVX0/8udTPWeqceWnJzrTcL1p+7PneSE52/ip3V+PHHalbp9OonGudeWnJzuS0Jc5D7k+2/D7NmZz8K+fO2o6XY12p6/qf/tsB1weHtjjvSk52/v6jQ8YHNuOtPfm+DuO8GuXH1Q6TnZnuumoo/XNj3Rm1izo/baZJg7OhwfX/eWnJzrtydjmdzlpnzl3Jzpy9roJsaGh5RKDl5/U7p2GvMy35LufOAO51TxtzJbrX+avkZGdazkfurQecv09Odt61ZKfxtk5QuzevsV5zd1W3yJuv9t+Cu73cteSjFh97O2+Lw9zl3vBFjjM5OafF97a/Y/1p/v3Qmutve7Izb6+vvxRNfLZ5wzoxag/GvxWcdXudmXclN7WzX/n+eyYi32+VlZXO8PBwZ2hoaOP/QkJCnIAzJCSkxefh4eHOysrKs53lLiHYser5OYfbcczVg1nzHY7GD02MTJvBqNTLW+wa2qqjwxzao9XJbLy/Mh/G/jsZj8+AY3n8rczuSYjKHcDYOxp7QAdfO8idGti+PQDcRF/s1FTVYG/KDFWf/ZNjJPHovUPA4cBh6k/mq0v5zahYAIrXzmP81OWUNztGWqrZvZyM/J7MmjMRbPVe97EXryYj/xgzch6nv8m4TqpLSiA8jVvdPWXmuHhim5/MUcnarKmkpKSQkpLCY0s3UONKhf1FVmKTfoDDbqOqxtYyD+XbyX5sfONxk+csp8wO9iPlQCxTUhNdO5oSGDsxHHZsxnWL9QTr62TNmUzKmDGMSUlh3oqt2JudOzy+n7t3xEL/q4CvbO573sHutdmMd6eZMnkOG4pduTVd+ANSJ6YxcVS8lxIzStPoOh3UH4HYB2/HM0Djkn6XAUc47gAcVWxYOqexDFLGP0b+7ir3oQbbDOry60/zgVTGuXvBzIm3MjEcPjtwxH1AGavnNdXX1HmrKaspYs74O8ixgjV3GuOzNjSW59bnHmJLUipjY+F44+3Usbo1LGf7fjZZYdjPftI4NHtk2s+BEj7ef9i4HIGyTSuY6imrlPFkrd6OHTCZXN9dP7rGPQLHEg7A0ePup+A+718XX+3J9/1iXOdG+an6cg8Qzz1jXOOITP1TeDAWdhR/Y9guPq/012bsbF+dRUrKGMaMSWHqvOfYZAVP52sPCxRufo0541MYM2YMKeMfY22Ba2EZv+Xno4xsRasZPyYdK8eYf0cKc1YXeb/37FC0eg7puVaw5pCSMofd3zUA8PPU690p9OHixi8do234aTe+279rczEL0nMYNW0a8UBTbfv/zvEoeHkmWxjLkuYjL3yeF6qK8nnMU+6T57Hq74UQTgDHOijasLTpWqZmUVDZ9g9j6++Hlsp5Lj2X2LRFTEp03w0d+j43qhOj9mD8WwF6ceXYiaQ9mMaoeOB4q+z7absi8v3Rt29fjh49Sn19PfX19Rw5cgSne3aw0+nkyJEjjduOHj1K3759z3KOBc7XIeXmwUwaG86CjQsZM/4vpN5zCzdcfQ1JQybw1BDXLq4/oVY+XL+Jwxe6/4yGhlL96SagZ9O5KneQUwIT//2HRPSvZhSw8p1dTJg1HLAw6a2V3FbXq3H3vTt2uY43gXXP50Ahk+5oGpo28clXSR/dn68/3wcc50+/mcyWHa4BzvGps3huluuHZEO9nWMlhRyx02xeozSyF5E5M49R89/ijsveI/uYt4C7ilem5cDY+Uxw/8oxqpP+ExayeYJr/t7W7R+z7bUlWBnFTwZHADZWT59ETskw5ixaSszRf5G5YCFTTlc2FU0AACAASURBVESwblY8lQfBumM2d+S5Txo+jKyX/5vh0RVkPZDBlviJLMr5CWGHP+a/M5bw2zdu5uVrAawcqnaAe57o8WMARzjmgDDCgGNsqbuTRTnJHN/5JzJzMrHimhZx8wPDyFsyk3lM40o+IycfJmaNwwKU5f+GmUt2MGrafP5teDg7c2eycNoULnxrHSNHTmLWSHAU92DNlo2tyswozUsNrtPChOWbmQDYK4v4++bNLMvZQWxqFkMsULT8lyxcAzOylnLdxXX85dnZZGe+w8h1U7H+0fe2piGVbety8JTVrLzL3Bi02ov/xppjMPaqS4EaVjz6ELkl8czIWso1YQf435kLeajkFyzOmAVZ2Xx2ZRr/kTIQgJqCpWRujGVx/jRKHs9nT2O6tg7V7aopicT5KmdTOLGAtfJY0+18pNr9XxcalqO9eAUPLchl2INPkjMqjvItf2BBThYjxqxjZNyNPBgPC+59jPIZt2DbsZJjJHHPsDg/9+9ww/bk8zowrnMsvvPzzeo9ED6Wgeamc90wNpbctws5eqvvdlF70rjNFK+dR0aO675/cHg4Hzw/kzzA86igR08oXJPHqGnzefX6nnzwv7NZMnsSPVauJ9Ww/PBZRuZLruc/Ztn4n+x3uXPWdJIGmn3ce/Cn/+9u0nZ9Rt6OK5nx5H1c2nsIyzdvBqB891Y2/e0tcq3w4IjLwRzlextQZNBuqo3af5SDTQumsSN+FuvvvZJHc3Ka1anxd46Hozyf2WuOkbZ4Ok0TrHyf11G5iXvTsyEpjUWPes5bCLFD/R5bvmEB6Qu3kDpjPrdfBRuez2T2JDuvvv9Us8C67fdDc0Ur5rOFYeT8wpNeR7/PDerLsD1YGGjwWwFzHJPS0wEo7rGDLa83z72ftisiIue88zPgxsTojHX0H7uBv2zczMbcJeS7twx7MIunpjT9kcrLXuDl+KaenKK/rgaSGDHQDPThttRwtuTnUfTIcBLNYImKc/WeOCrJf+HXZOdbGTvnVYaY7WywHiY8KY2szEkMMB3inednkrPgIQYmvE8/woAStvAgS18dRd3nf2H2wmzSL+jDqvThJE5ayOZJQSugLs7Bhqx0CofNYfPIKBxFrh++rW/m8g3/yxpiyZo+0v2JnQMGdXK7p1uitoyVy1ZScgygmoOH7MQ5NpNTAmOf/HdGDIrEwXgyHyxgdm4eRQ/9OyVWGPXgfB6//wYc5f9k/rQFZPx6Fe+sGs9dc+Zw//W3kRjhoMp8KfFASX0DlkHJDCOPhQ/8hoas+7iw7M8s2HgMuMR9LXXAKF7Nnur6YZnwFPO/TCHz7R3UTBnEsSOuntwt775LiXtW+rdffw2Y2fL6Dhj1JE9Ncl17wpMr4eVNhONoLCl7g7eyNUjz/psNrnNKY3Bc/uEbLHt9C8eAY0e/pga45ObZPDksgdFDorHVlGMJAyw9MPnZ5rsuwWSJdj+MclC86Y9MW5AHSdOYPjoae1k+uSWQtug5JgyNABJ5OqcHq3eGMnD4DVxryeZg4s2MHp4A9iKemL2G1Ky3GGIxU3Qc8CzDZP+2Q3XbXJtyNvXnttRwMvNmkn3RfG659FteynAFGM3H13grR0ufm5gzaxDDU4djsdfAgHhgB599XcNISy2HjwMU8vbbhzlmPQZ8RcUhG4MPGdy/j1zPgQDak/f7xXdeI+y+89OvR8+mbucWetB70E0+20WvBKM2Y+Ofb7e876e+sJKqlAcaH6DUHwfGttx+MOUBXt/wOak/D/eZ3yEWs8/vHFNUAqPvaOCV7L8z7I7bGVSeT4aPe693/+EkJ15C3meJjBs9tNncZRu73l5J7hbXnOPDh2uh8VGS922+243NsP1XbX+ZBVviWbw+FbOpyFXqjUO9jL5zPPO6baybnw3xM/h5s7nkRuf94q+rgWHkZE8lwX3eRbbJzH7X37E2Nr22BZJm8MCPf4jJAQ88Po389Bw+2FvDVHf63r4fGtVs579zSxg1Z6UrbcBR1tHv8ymNZeC7vny0B5+/FVpmt6G+Zfe2YV7dv0NE5PvpxHfHsB//rsVn9uO1mLo5Mffs5eMoORvOy4DbYavkiwpIHHo76UNvJz0D7DVlvPfq0yzJzeC1a/OZFAoQy+L1q1r8wbMXreCOdE8vTjnr3IuuzLx7TLMUCln3r0oSR7pW/qssWM3Ds3M4RjyzFr9F6hDXH97bM1Zxe+MxFiZlzOfdLTPZf8RGDHVAPIuenEKiBeifzqL9G5m9sZCa9OFaLMWAvfgtFm6BiXMi2L17N4d3lQBm/llQxHVDEnGtWVTDhte2wKg5XN9YmGbDOrFHmsBswRw3muXrRoOtiHmp6WT+6V/k/8Q17HTjgodo2SecRIMpkYXuXg8AEkaTmbWLezM2st82mfAe5fzu3jEtFmqLBzAnsPCtxSyd/yzZGbMhdhQPpg0jN+8gDiCU4xA7gD7NWukPf5IGG//O/q+uJCOvhGEzlrJwQiLgYPvyWWQseZaC5N9QYIVhP+vfdKApjknpUwIoXYM0HVMNr3MQdkxmCwkTnmLdBM/CYEtYtftWplwUyv/Nf5gFrqcYxDYbGmvu5Xubi7e69GwqIvs/08kvgVHTsshwL2JlO1YJxHPz4KYDLAmjmZoAYHMNV61vABxsykqnkHh+GvYtuws+ZZcVbAf/RUFRL4YkdrBu/Rg5axVP9nqO/1mSST6xpKalUpKXTz0ObDabz3JMH9SLhuI/cHdKRptzFr/zPPnWWJ5c+Qqj48xgLyb7/mksfPqv3DDD9XDG2/373eeBtCdvHNhsvut8bJHv/Dw77DjY6mk+MLjOBlCPw6hdXGCwzVFBUev7nj5cEQ/bPf+0QWrKdS22XxkLu/yU3/An6o3LyOF6GuGwg8Pw3oMG93hhh/sAmx0sFgupTy0nFTtbl/6SzAXPc/uwZ+mHj203vUA/X+3GfsB3+3cUMydjDYyaBqW7Kajc5VoEbfP73NBrJIbt3zaVoRagcgdLSmBi1i1NDwwcxTzn77wMI6bZeQcnj4W8euNje8RSZAWsS7g3dUmLu6/pkZzB9wNQ/Lc8rCTxm+Rmi50e6+D3ec39DDL5qpNs+jl8t4f0IRE+fysYMcyrppyJfC/UHT1C5b6P+eaz3dRYv+RoxQG+/PYznEC941SLfV+cPgp77+6EhIQQ3e9Koi75ARdf0o/LBlzD5fE/5MJeF52di/ieOz8D7gN/JT09l2lL1zPJ/fjXHNGfCbMe5+38dFr8zGv1B6v5P2sKNrARSMvKIfVSM3UOCDPVkjc3nfyVm3l05CQcBcuZNDuvsee88QeIvYzsR5/m4n/PYopn1WhHHZ7ZYBf1jQVKMJ2XNRBsFmIJZ+OyDNY0jcplwexqFue/QITF9WqVPCukPTG86Sb3Uyd/X5DKwrpZbH4h1Z3MFVyTBFtKD8KlVwIw69X1pLpXOLZX7ub9XQ6iKvKZ+rs9PP5KRmNvg6PmKHAx3b9cxbQFeaTNf5Wfj+yPGTsrJt/h+uHkqGTTPyq469lVpLuPK14xlVxu4nILfEtPsFqx0dQZuH/H34GbiPquFIARw9xzWTFxffJQyNsIF8SSFA7vFn8DnrX2HcVkTf9ffpT5rCuY8MkgTYPrDDuxm8kTZzM86x0yhrt+9UYNuYFYcoFvyXkgg43DZrB6/XiizSYqN8xh0jKASoNt7jS81SWAvYg5d6ezI34iOe+kk9D8x3ZoD6CEfeV2Et1DTG1Fq3l8RT0LFk5ofhKq7bGEh3/LgpnpTR9vyWW2FV5/4iJ+25G6NWRn94a/Enrbf7Ju6lOuj6o2kZ+XT5x5P5NT5/ooRyh649dk519M1sp8hsdZwF7A5DtmAyaO2w4DNzHMU7/mBG69M5b8d4/Q3eD+7dfT6rc9eWXbzeRUX3WOYX4uShoKec2COGr4eKOV8LHXEWHULsyVbPqrj20RMSTGQu6eg5DqCTZtVJaAZZj7nxbI/+dnzBo+vHF7hRWoN87vCaKNy6j5jWl477V86GXb+wqpMzeyeP0694NfMz8ckQxr/s6RPa+QnuF9W53DoN2YDdr/b6YRERtO+K7Xmbml6UJK1mTzvKUfjxu0/8vdHxS5e6vHXt8yWPR7Xg5S3ey85Tu3QfgwP8dmMSIWPrspi3WeueKOKrau/4iLL3W/fNPX9wMAleQvKYSxT7boCbZ08PvcWfwKqU/4qJOju5n8M9/tocbXbwU/jPJ6uaabiZyXnKdOUlHwT7Ytf5qaigM0nGqA1m9x7uV9GS5nCBASghOoOPAZFQc+a9wWEhKCvVcPLrm4Hz+dOJeEK35Et27dg3ch0ui8XDTNnPhjUoGc9F+yetNuKquqKC8rYOlj6ViBgRcF8lfKztY38yA8jXuHJxAdF0f//nFExyVy98+GQUkO28q/5NXZeRA7kSmjL6W8qIiioiKKioqxmWK4nBJyZ2ewYXc5VeW7Wf5fGRwjnhEDI4gbfgexWMnMWk1xZSVFm5Yze80x4u+5mQigOD+LyY8tx8vaMN975oRUVm1ex7p1m9m8eTPrl6YBaeRvfqHx9T0Ve3cCsQwb2CwKMxvXyeCUUVCYzdINu6mqqmT72udYUgjD7hqOJeoqJoZD9swstpdVUVNZxCu/nkn2wo+5MDKCb60bSZ+3gqLKKsoK8vn1wi0w7Cf84KR7LmyDA3tNJVtXzCPXCtQew0Edf12ykAfmraasqoay7SuYlltC0oyx7sGJYcBGfp21lrKqGoq3rmBmnpXw1Gu4/IqbSAKyn1vO7vIqKou3smB2LhDPReYIrhsby7H8DJZvLaamppz8F37HxpLD9O7l72eeQZoG13nFxYP4WTxszMhia3ElVZVFrPiN6/VrA3uf4iiAGRrsNsoK1vLrhTuAwxyosvneVuPwXZdA0RvPswOYNeMnmA4Vu9teEVV2sCSOZiywZLarvqrKtvNceg4lRyytRo9YmLBwFevWrWPz5s1s3pzPg+EQm7aUzcun0LfDdWt4B1P3yRIyH3qcTUWV1JQXkPXLBRCbxvBBg32X40VmGurddeSwU1W+m6W/nI0VqK+zcWnSUGANz63eSmVVFUWbljMzz0rs2OuIMLh/LwigPXllMajzi8yG+Rl45S3EYmX+c2spr6mhYO0y8o7BncMHgmG7MNpm4Yax8bAxk+wNu6mpqWTD0gzW0LQqR4+eQH4G2RuKGrfnA/ekXG6Y377tKKPA7z2wXHoN4Rzj2efXUlZVRdnuDfzXzDwIT+bKeN/bLjfXGbQbi+/2H3E1GavWNd3v65cSD6QtzXfP0fbd/l3fSTb+tbEEhqW0XJjMlGB43itG3wVsYUbzesspgUt6+Dl2ODeMjefYmgyWb3LV2fZV88nMzqbS4cqAr+8HV3a/oQCYOPa6lp938Pv82v4GddLXqD1U+f6t4O9vvEFeReT8Ur3/M7b//kne+ulwPvj1gxw+UELDyfq2wTYQcsrLCQBnSIjP8zu6Qf2pBg4e2s+SZVP5bWYyb761AKv1i866BPHhPO1fjeaxtxbD/ExyFsykafmVeGYszuL2OBO2ImixOFoLPeHE5/x5B4yac1ubH0n9R95NbPYO1q7f5frAuob0B5q/szOWRfmrmPDcUiozM1g48wH350nMWjrf/QNtOL9f9CAPz85h2hZXDuPHzuK5Ke5F046UYi3cw9f2qS3eEy5tOaDlardA7TdW14+gFmVnNq6T2/+TJ/dXs2DhTDy1mTTxSZ5095Y9/Moivv2P2WQ8tMW1MXwUWat/TkSUmZcXzeDJ2UtIn5Tr2jTsQV596nYizFXMGPV3liyYRh5A7ChSh8WSn5/JH2/N5/FF0/j17Bweutd9D6Q+ydMT3GNPe7gurOeeJTx075LG87782Egwwfyls/jP9GxmPuBe2Sd8GPNXZtDfBP3T/4cZ3/4HSzLd6RLOg1lLaPta21ZtwE+avq7TBEx6bjFfps8kc5pn8YFYHsxawu0/iGPQnFS2LFzCA1tc76EdNSoe65Z8Mt65lcW+tr11K+umDvFRlzb2Fbime2TPfKjFJUxc9A7pQ+N4fOV8amZkNtVX7FgWZ43H7HXNZQ8Tfa+kaTJ11MgO1+3UFpFYy3IePn0pqaXpLEh3l1X4WBYvdS0S57Mc48w4Uv+dpLxMMh66F4D4YcMIt+5gTVY+k9c9xqJpR5mdk4n7K4X4sTPISnctFOXz/m1VAt7ak/frsBjmlTjj/DwzP40HMj31Dklp8/nF0AggwrBdGG1LnPIcs6z/SfbCme51O2Jdl+Kuz/rjED92LAUL0xvX9Rg7YylTEiMA4/wGXkZG9567DD23RtRIXs56kF9nLOGhjUs8ibI46xdERZl8bzOZeNCo3QTc/t0T8z1jk43afzOxif38/HhoeV5TXCor51cyIzOHh9yFm5QUTuFh/8cmTnmOOYf/k4UL0huvZeKTrzI62pUD798PLvZDrtUtLGGtcxvVoe9zkxnfdYLJd3uIPMJa8PlbYWiLvLde38Agr96KT0S6FOfJk+x+6fdU7tnBt3s/abGt+0knp7p5D6BD2sbgrvP52gCcbNWZXVt7hK3bXmfrtte5fMC1/CBhKPfc/h/q9Q6CEKfTy2OTTlZaWsqAAQOCnYxXdlsNNrsDk9lChOXsrC7isNuwO0xYvKZvx2ZzgMmMxXyePv84BxnWid2OzeHAbLZ4HfJvt9lw4P1Yu82Gw0tdtkzPNffVbLG4f7S65u06MPu8R32d15Vd17HetjnsNux2MEVYAh7CGFCa/rZ5Kx+H3dUWLa682G0215x5k59tp8lus2HHdNrtv2N1G0DeHGCJaLu/7/vMlUbjd4bDhs1uxmIxtdhu8lF+RvdvRxmf0yg/nu8/C20PNWoXxm3GVScY1INRnozLrz0Cv/fcaZrMmNskarDNT7sJVvvvME9+O1C2njr1XGtn6cj3uXF9BaeNBfO8InJ2HNrxIduemkVtbdtXoQI4TCHUmb0H3HVhIThMIdQ7TjHv7ZLGz397XwInLd4D5uM9QzjpI4C3XxBCQ2gIERdezLT7F5I48EftvJquLdix6nkfcIuIiIiIiJwLbF+W8ulzT/HNR1s41R2+C/MxHxuwWbxvs1/QjYYetAm4f3N/AqcubBtwO0PAdqHved/fXRiCk6ZgPOmKEUweN5foqMvbcWVdV7Bj1fNyDreIiIiIiMi5wnnqJMWvLWfTz8bxzUdbCAG6nQTTSe99nyGA6aT3c7mWRfOSho8p3A6DUeL1PVoG24RA4RfbeHLJBDZ8uBKn08eEcQmYAm4REREREZEgOVKwg/Ujr2XP809zst61lownZL7ghO/juvkKxn3O4fb++UmT9w3OEGhovc197oaGE+T9dRFTfj+Cz7/SQo2nQwG3iIiIiIhIEFRv/4gdDz/AiTqb1+3dTjkxObxH0CYfbzLodspHD7ePOdqO7t4/rw8N8RmkO4HjYSF85/iOp96azt4DO73vKH4p4BYREREREelk5a/l8skvJhN6rI7uPoJkgB713rd1P+UkxNtrwXxEyae8DDU/2c17UO0MgfpQn1nCHtZ03AmHnaden8b6j1/3fYD4pIBbRERERESkE5X+z+/5YsE8nCddE7HD7E58TL2m+yno7mO+trd53N6CcIBTtI2sW78OzKMhNAR8vLe7PtS1CnqL85w6yR82ZvHGtmXeTyg+KeAWERERERHpDE4nn/3XHMqWvkBIswC42ykIO+G7l/uCeu+Lk3X3Mtw8xMc6Zt7ew+1t/rYTV1DtzclucOICH+PMgTe3vcTSv87H6evpgbShgFtERERERKQTfDLhp3y9xjX0unVQGupw0sPHfO3uJ733cptOAk5a9F2HuE7eVuse6xDvK5Q3+Jq7HeIaSu6lo7yRwxTC/yt+h1mvP+B7J2nBdLYzICIiIiIi0tUd+tMqbB9/Aj18R6zmE04c3UI45aXb84KGUxzv3nJDCNDd6eSkO5i+wNKbyLiBXHjyO06FXgA0vYe7/+VDcDrrMF3Yi0PW/dSeONY2kRDfvdv2C0I45WPhNYAGE9SZXdv3VO3hL0Xv8JPEu33uLy4hTqePSQCdKNgvExcRERERETlbjv5jC1/8/AGcDSepvyCEEwZB96luIXwX5r2X+XjPbpxsFnN3626iZ0ICEQMGkZiaRnTidY092TabjV69ejXuW1tbi8ViAcDpdPJlycf8c9sbHPymhIpv93PypIP6UDhxQdto32EKoS7Md57rQ0Owtxpqbupm4r9Tl3Bd3I98HtcVBDtWVcAtIiIiIiLSQfVff82eW3+M4+jRps96hBjOhfYWwII78DWHYArtwZBfzSJ+3L1cEB7h9RxGAXdr331Xw0fb1/LW5qWccDa02ObsBrYLQ/A1lvxEqO9rsZh7k/OzN+hj6et1e1cQ7FhVc7hFREREREQ6wHnyJPsfndki2AbXq77MdqfP6dA9GpyEepnP3euivgy+6+f8bP1uBk+a6jPYbq8LL4zgtlt/yZLfbWfMsJ8R0esSAEII4bi5Gz6D7QuMHxzY7Ed59oMncTp9rOQmCrhFREREREQ6ovTfHqL2o+1et4U2ODHbT/l8HZj5hBPPwuIhdCPhgamM+X+bGDr7d3Tr0SMo+Q019WDy+N/w7K/f4/YRUzhhDuGUj1eH2S8I4YSP+d7N/atyJ3M3zuzknJ4/FHCLiIiIiIi0k23bRxzevMlwH1OD+x3cXnRzQs86J6ZuJob+9mmunvlfdDeHBSOrbfQINfOzO2Yzddw8QkM8EXdTcF1n7kZ9aIjRguWcCgnheFg37OYQ/lHxIbsqCoKa565KAbeIiIiIiEg7Vb/wcoteal9MDic9jzuh2dJZIbg6vqNu+BFjN3xI3D33BzWvvqRcdw8vpb/P4H7X4+mKrzOH0OB+l5WvS6sPDeF4zxBONusdX1W0Kqh57aoUcIuIiIiIiLSDbeMmbOvfJ/SkkwuPn/I6H7u57iedXFjXFJw7gT5jfswP/7iKC6IuCX6GDURYLibz/pe44YoUjoeF0GDy3a99spsr0D5xQctV1kOAreX/YPvXHwU/w12MAm4REREREZFAOZ0c+l2W+78hxAlmu5OwulOEeNYO8xJ/dzsJPetOEeKEC6MvJWnxEkJMpjOWbSOm7qHMHv8cfXrFuD9pGXQ7Q1wrrx8PC+Gkl3d1ey73xYL/xemzX/z7SQG3iIiIiIhIgGzvb8ZeWNTmc9NJuPC4k9AGp69Fv+l2Ei4ZdC3D/voBIaHBWRito0zdQ8n5+dtc2fdqmj8xONkdjod1c71b3M8aal8c+Zz/Uy93Cwq4RUREREREAnT4+Rd9bgvBifmEk551Trp5eVPWBf3iuPJPK+gW1jOIOew4c2gY/526hL69YnCGuF4LdjysG6faETWuLMwNWv66IgXcIiIiIiIiAagr2MXxbf57cLufdNKz7hQXNDRbKC0EBjy/CFNE57xbO1jCzb359a3zOB7mWqm8vT6uLGBfVdsRAN9XCrhFREREREQC0C3MTPhPxxFi8vHy6mZCnNDjhJML607R/ST0HnIdvW666Qzk8vT98LIfcU1UUruPM3UzMfoHt9Gj+wVByFXXFOJ0OoM+q720tJQBAwYEOxkREREREZGgc1grqc5dRU3uKhwV3/jd3xTTlwE7NtG9E3u3bTYbvXr1avx3bW0tFoul085/zH6USevu5XDdYa/bPa82A4jq2YefXnEPP73ibqJ69um0PJwJwY5V1cMtIiIiIiLSDqbYaPr816+J37uDS1/L4cJbbjZcUKxP5pxODbbPhHBzbx7+4SMGe4RwfcwNPJ28kP838V1+de20Lhdsnwnnxjr0IiIiIiIiXUxIqInwn44j/KfjOPF5MTWvvEbNqjc4dczWuE9o3KX0vn/CWcxlx90RP44/7M7h2++aevEtoRZ+En8n91w5kR/07n8Wc9c1nKcBt4Pd+X/kbwfqaT574MSJY1x87c8YHbqFP302gMenjuTQ1hW8dfBqHps09HwtjPNWVXEBH+3cwxEsXH39LQxNiPKxp52tK16kNO5upoz29qVQRf7SlVz4k0cY3d+MvXw7r/zhHXZV9+OJZx/GtHcnB49DaCjQ0EBDz8u4cWh/TDW7WfrqLu56ZApxZl+5rKFg09/Ys99Gj7hBjLltOFEB3Gg1ZbspPHiM0NBQABoaGoi+6kb6m8rZWXjQnRmPBhpCo7lxaALUlPFR4cEWx/WMvsqgbE6PwzA9B2UFPsrOz3l9XX9ClKlV/aST4C57R/lW3iqOZtLoBPdJAqkfl6L81Ry+9m5GNtuxbTo2irZvY/fn38BFAxiRciNxFlNA6dgqi9i2+V98U9+DuKuHM6pFGfg4byv2sq28tj2Un08ajhk7W5e/QsNtv2R0f+OLa1MujioKPtpHQ4t7CBoaQrnqxqFEmdz1uvVjSo/U03fAEJJHJuKnCEVERL73LhiUQN9n59Pnd3M59sbbVP9hJfZP93JR+lRCQrtmpBHaLZRJiZP5n39lc8VFg7jnyon8eMAdhJnCznbWuoyuWfN+2dn1eh751liGDbus8dO6uiOcSHBQW/k2G/PGMn3qSI58tpH8vHoemjSUrjXI4/utOH8e07K3QHg88ZSQm7OEiYveIn2ot8DSQenb+bw99lamjPay2fYVf1iTz9gRDzEaeG9+Bmu+TWLiPQOJZC//MTsDa/P94x8kf3l/+GoHa/LfZfi0KcR5zWU5S8c/wJpjEJ8UT0leLjnLJvLWunSMw18H21+aycIdzT8LZ9arb9Cw5WkyckvaHhI/g/XLE7Dv/wuZmWtabkpbzPIgBdw2o/Tse/mtj7Iznl3k+/oTohwt68cTbNuKeWFuJvm2NO4YnUAEYPNbPy5Vu9eSnp3DxMV3NAu47a3SqWH1Y3eTUwix8fFYS3LJyR7G4vyFDPSTTlXBCu6dnQvEEh9upSQ3h/i0RSyfOhTwfd4hLQqpjOcfrt6XQAAAIABJREFUymRjeBr3ThqOGQef5a2h9rrJhgG3t3LB8S0vZWbS9i4KZ1H+OizVm/jlAwuwAvHx4ZTk5rBw1BzWP3W7gm4REZEAdOvZk4hf/BsRv/g36v5vJxdcNehsZ+m0pCaM5+o+V5N0yZCznZUu6TwNuF1iH/wNC6cketmyjvd/4bp4aw8gvMf5XRDnnRr+/octMGwW6xemYsbG6qmp5Kz4B78cOqFZUODA4TBhMpnpYQF6tDqNwwEmE5jDuKTZ5vrjEHvPo6RPScBRno+VWBavX8WQVtGGLbQHcAlh5uZpNW2v3PAH1hyDWa+uJ7W/mZqCpdw9ew07yx/m9jijO87G/h2QmvUOs4a3egzUfzmbpzTbs2gFqem5THv8x5iB0j3/hKQZvP/ChDNyT1sN0nMcOuCz7IwZXD/2FvWDvYh596ez5Zh7c3yztuynfuzFa7l/2hI8h7a+PZqnYy9bS04hjH1yJRmj46BqK+PvzeRve6oYGG6Ujo33s3MhdiJvrXI9aNmaPZnMvJcomLScwYf+5vO8Q4Y3PSTZnv1bNgJYml1fOPRyJYrD4cDU4uIMysWcyPLNm5v2dZQxb8xD7JqYwVAL7F79ClaSWPTOCwyNgLIN83ho4Wvstd3O0M5bh0VEROR7IexH15/tLJw2Sw+Lgu3T8L1cNK147TymPLcBe5stDoo2LGV8SgopKSmkTM2ioNLRZi978VomT57H6hVZrv1SUpialU+NZ3v5drIfG9+4bfKc5ZTZAWysnfMY2atX8Jh72/g5y9m+Pb/p31Oz2F3lTtNRydqsqY3neWzphsY0itfOY/zU5ZS3zd73Rnh8P3dwbaH/VcBXNlzFYWf76ixSUsYwZkwKU+c9xyYrTb2qtmKWz5lMypgxpKSMJ/vlda7evvrPmTP+DnKsYM2dxvisDRz+9gBwE32xU1NVg71NeZfwxgvzGO9Oa/Kc5RTbXHn41+YtMOpJUvubcdgdRAx9mJVLFzPIvZhkTfEG5kx232sp48leu9uVf/tX/BO4/GKw19Rga5uoWznPpecSm7aISYkWwM7+IiuxST/AYbdRVWNrtb+D3Wuzm+7vyXPYUFzTuM3nvW8vY/W8pvtw6rzV7vvZOD2bn7Jr9/Xbi9rUj51eXDl2ImkPpjEqHjgeaP0A5ksYmzqRtLSJxDY/xEs6DpMrHP/RNe4+bEs4AEeP1xmnY9/PJisM+9lPGkc1jEz7OVDCx/trMPk9L9TsXk5Gfk9mzZkItvrGz3tYoHDza8wZn8KYMWNIGf8Yawsq3Vv9lUuTgpdnsoWxLEkf3uzTH3C5+1lHTL8BQOt7SUREREQCcV537FqLPmTr1sM0NDQAUE9Prh81nAZbCdbtl7UJuMs3LCB94RZS/3/27j0+ivJe/PhnZmc3m7AJIdyDQS6JYpSiommqgoKKWptDKfBToAWKDdUGESk9ac4pWOGcpqmcSDWpbag0UAl6BJXGVhooKFilIAoiEZpAhMASIAlLsiST3dmZ3x+7uUESLjZHLt/3y5DsXJ/nmcmY7zy3WQt58AZY9/wC5k3SWbb+WQa2KCnD78Xt3kxe/lDmL8ml69FNzMvKZuWYEaQNryVzagab4yewOO+bhFd9zH9n5PCz1+5k5bT+eKt3U5i3m8nzl/CYfScLFuSTsQ0mpy/myZ5ufjUvmwWvfZO1aYNZ9cQk8kqTSF+cS99T21mwKItpDdGsnZuM36dTU7qbah3irrpap2junJpEQc4cnmEmQ9hLXiFMyHwYF8GXERl52xg5cyHTk6PY8PwcCoB4ACpZ+sOZFLjjmZWZy9fs+/nVvGwAHI4B/CBjLmRms3fIZJ4aNRj3Z38BdjPpoeZm0xPmLyOtRV/wzYWlrY41c4qP19dOo/owEPFXZo9dxO4agCgmz19CaqIGlVuYNjOLmqTJLP75Pfg/LSQjZw5fOJbxq5sO4QZyZo4jJ3SO2DGzyM0Y36rbQ/HyhWwmibzvDw8t8VJxGNzb5vFQQWhRVBKZv/tvkvtolBX+J3NyguXy3eQoPsqfQ9bMaXR5fS0DPmrv3n+azU/OIL80VF7hh3hxThYzSqFw5f0dns/92b72y+6i8v/wWdcHZxyT0tIAKHFsY/OrZ98tbV+fNHrEjSBt7gjAwPH26uaQ0jnorPNocd2YHg+LJs6mfNbdeLetoIahfCcpDg51cJ413yQWcFfUNKVHrz7Z9LMW9432jwugF7NgTgEjF77OQ9f8meyaFgF3BOxeXcDImQtZdlsEG16cR868SThWvENK3LnLBcAoL2Te6homL3miqTn8jSmPEVWwiMfSw5ia5GJdTj6MTOfGq+45I4QQQgjx5V2xAbcjAthWwIJW/UCHsqQwmeBQQWc2I/ey8Y+bYegspj5wC5oBU5+eSWFaHhv2eEgddmbT1ijmr3qB0X2AYYOY/sfVvPHxQdKGX8u/pafzyG33kRhtUOnsRzxQ6gsG/dTB0FnLSB09ELieR2PzefWOxaQ+OBwYzqwJv2cBYJRtIq8Uxsx/nLuu74bBWBZM38G8/AKKf5RM4qQsNk3qhIK7LOjUVFcDsPnttykN9RI+fuQI4OSDN7bByPk8O2kEAKkvrKBy1FQ+A6j8lAI3TF78HOOHRwOJvLTMx/0zcvARRkLy/dzsyuZw4p2MTo5j3aYqooZOJnPBJAZpJ3jz+TnkLZrB4IT13BVKzfQlv2P8MBeQyIu5Xh5Ky+O9skeD92DpNvrOyuTppO58/MrPyVk0g5iB73DD5hXUkETef6eSoAEJs1lMJO7YcIx6LxDPrMULePjGbuxbn8ec7Bwyb7qVrJRQoO/Zyn/nlzIyfUVwfwD9OKVuGDl9IU8/cjtG+QcsnLmIjB+v5M2V49n8autySZi/An63kSg87d7769bfwP+Wti6vX+Q5WPWR/Rzne4RD7vbLrv/Gi81/y+uT0Oqu8PvarsZt+/o8xviBzf21fa32cJ5xHySAXkZVHcBu3nijihp3DXCQoye8DO7oPOWPcV9KFAsK5pAds5C7+x3ntxl5QKgJu17b7nGHuZysy0xjd1I6m0b0wCgOprLxcvvqgDGt7/PDo6by6rp9pKQ2N/tqr1zAy9qF2RA/i++1eL55q08Gm9lvK+KNwwR/u9zlnNA55+BzQgghhBCitSs24PbVQezkXFamnt2Hu7itHfSjFLsBdw4TU3JarWq7h7eL7k01PkZoSfDfKEc5P594f6vBouIb0+WF6+N7Nu3nA1yO5uPbHS7wgV4TbBpatGhGsO9mk6H4r+Jm5ABUbiejoJSkWblkjU8EDLYunUtGzq/Yce/PKXZD0qMtRyPvyXXxsBXwHtkPxHPnjc0BhhZ3Q9P1abwm+PyAkwczVvJg0zoXkzIW8vbmOeyv9nKXHSCe269vrvpzJiaTRB4VNTquUECUMT7YVHdgxi/5tGgqb2zYx89dQGwizV25NYaPTyVYVz2JTS3epgxL+REz/1RI3vv7IBRwl/ytADdD+c97WgzT5Uwkq2Xf3ITRLMjcycSMIvZX3c6OM8tFi2NS2jTQSyho5963na46q7xcCaNJDcW67Z7PO63DshvsuNj892xxfc5H+9eHDocAM1qdp+TN5yl0xzJ/xcuMjnOCXkL2IzPJ+sVfuf3pjs8zfu5K5kc+x69zFlBILCmTUygtKMR3juMm/7uPrM0wIT2aXbt2UbWzFHDywY5ibh3WH7yQMurWFmnuyZBY2HmeJUPFNnJKYULm3S1KwsvajByIn86qpdPoA3h2rWLcnDxe3zmOucmdM/ieEEIIIcSV6grvw32+f5QDzr4kxkLUhEw2bdoU/Fr/OgvnzuX2fuf/XkIvWcnMRQXcs3AZ72zaxKZN7zA99swulO1HzI0pdvUbAgQH3GpMzzurljA3fRrXXuVNO73HDwBwV1LjyxSN2+4JNavWgtdx22eHW+5BRWnwhYiz92CglO0HWvRJrTzUxojNgF5Gdmoqy3dUNi8z6s/ozVrK5+XNnROM8s/YBsTYtdAgXK2nXgLoHhNFnbcO3O6mPvlgsCU3nczCEkoKM0nNXNfiLjGCtZnRjcN6VVCYsxvGfJvEFjGjt6SQ1CmZFLfoK2F4TgHdCe8Sy9Ao2FtyrMXKEjJTZ7PxREy79/6tsc6z8ugtXkVq+nL2d3Q+o+Oy+3L5vxDtX58LUeetAu4gqbGK15nAvd+KhePVoa4p7Z0nwK51f8V+309Yu2kTmzatZO64mwGIi3F1eNwGXMQSRdFLGcyZM4dF+duAzSya91sO6oALCj/Y2yKVXo664Yzq+nYV/3UVkMSY284OomPvuoM+oZ+jh93GUODzsuPnd2AhhBBCCNHkCg+4L4SL28fEU7M6g6Ubi/F4Kti6ciELsrOpMNr+47ytsNmoC/216zfQPRVsWf4M+W6gtqaDMLsNPW5gQhRkz8lka1klnopiXv7xHLKzPgagpDCTKbOX0saYblc813V3MBTIfm4pu8orqSjZwqJ5+UA8Mc7gdaRoAdnrduHxVLAuN4PVQASg9fkaE6IgP20RG0sqqCzfQeYPs9o+kbMv11JK/rwM1u0qp7J8F0v/I4Ma4rlrcHONb87MZ9hSVkll+Q6em5UNjCT5ut7c9b2RwXQU7qCisozC7J+yGfhmUhzX3/MtoIj52euo8Hgo2fgHFqzeht7FiYaH0qIsnluzlYrKcrYsf458N6TcFXrB4D3GDmDCmFtbJdfVLZrj7iLSnllOcUUlZTsK+XHWZkj6Jtc5o7l1TCw1hRks3VKCx1NO4Qs/p6i0iq6R3du992sG3csYIGde8D6sLNvKc2l5lFa76NfR+aI7Lrsvlf8L1Pb1ubC3Vv2GDgdW89yqLVRUVlK8cSlzCtzEjrmVrh2epzv1n+SwYMbTbCyuwFO+g8zHFkHsZJLjtA6P2zshhZWb1rJ2beiFW+5kYDKFm15gmCvUbaYwg+x1xU33eSHwnVHXnkeOvGwvKoWkUa3GpwAnvYeAO/9XFO4oo7KyjMLsX7Eb+LfkQRdUZkIIIYQQ4gpuUt4RuyOizZ8Tpz1HetVPyFqURnAMqCgmzF/G6D6ti0mzO4CIVlMMNXING8eske+Ss2hm8BixI0lJiqWwcAF/uPdVHHRcAdVcH9qDH768mONPzSNjxubgoqiRZK76HtGAu/oA7t2fcURPpc/VVuOtJbAwdy4/SctmztTQaF1RSSxckREMHqY9x1z3T8jOmkMhALFEQajTbKhcH5vHopnBZstRsVFQU3PWtFDgZPxzuVQsyCBrztTQsqHMzV3IMFfzuM1JSdUsmDGxaf38ZT8JpuPBDObvP8mi7HmhdATvp+CUYJPISz/KzKwsJhWG9pwwn5+MjsPFfBZWP8eCnAyKQi28x8xczOwRwTpH/USw17or/IwbsMcIfrd4FvPn5ZA2KT9ULNNZ9uyDaMDwtF8z6/hT5CyY2XR/T8/MYXh0sMzavvcHcMeKhXhmLWi+D2PHsCRzLM4eWofn66jsSLjY/Hc0WnYEbU3w3e71aeFcv5c9kmezeOYp5uUtYHOwCzbxY2aRmTYcij/r8DwDn8gl5UAai9JCzeSjxrAkNzU4AF5Hxz2DAQRv5CBfHcSPGcOOrLTQ/QVjZuUyLfHM8SbaLheA2MT+Z/xPQOPBZ5dR/swcsufNCC2LYkJ6HikdzPcthBBCCCHapliWZXX2SQ4cOMCgQZdP7Yihe9EN0FyuDnt5nvsYGi6XEzDwenWcLtdFveHQvV4MGo8lWtJ1LwZOXM6zS7bxOrZX7hdSrq2vZ3vr2z6XoXvxhtadtbeh4/Xq4HSdnQdDx6sbaE4XbWSvQ7rXi6F1UC46aNFnp6eje1/3etHRiG6jDM55vvbKrpPy33Ya2r8XLuBIeL16u2nq6Dy6N7jOFd1WGjo+7pdJ00UzdIKXxnl1vpkVQgghLnENDQ1ERkbi9/ux2+3U1tYSFhb2VSfrstPZsaoE3EIIIYQQQghxGUpPT+eFF15g9uzZZGW1001SdEgCbiGEEEIIIYQQohN0dqwqg6YJIYQQQgghhBCdQAJuIYQQQgghhBCiE0jALYQQQgghhBBCdAIJuIUQQgghhBBCiE4gs70IIYQQQgghxNXOAp/VwCfln+D1eenf7VoSeiSABShN38QFkoBbCCGEEEIIIa5ilgWKAq/uXs3zO3+PpvnoTle+c8Oj/OCW76KiIiH3xZGAWwghhBBCCCGuUhbBYPtQzWFWlbyFq4sdu9IFLw3k7cujwfQx65YfoCihqFxcEOnDLYQQQgghhBBXqcYQ+sjJcqp8HuyKHQUTBw4iHBG8vvd/2V7+ESiNtdziQkjALYQQQgghhLj6WI3fLCwLLOv8gkkrtE/ovyvGsZoK/GpDq2Uadk6rXrYd+zi0RGq4L5Q0KRdCCCGEEEJcfZSWQbbVKpb0n66jvvwwvrrTWATApuHs2g1X/zgUVcVCIfQflmWhKMpl38PZY5wioARQLLBCGbGwMG12FFP/ahN3GZOAWwghhBBCCHHVsRrrp0P9kusqq6jZ9He8f9tI3a49OI4fQ60/jU8xMG0O1MhuNAyMo8vXb6ff/XcTPvxmNHs4KAqWBSiXW8htETADVNVWUlt3EvfpQzhUB1bjiwQsTMVCxUJTA5Qd/ZyIiGiiI2MIU8NkDLXzJAG3EEIIIYQQ4uoRChQVFCwF6o8e4VBOHsr6d9H2H8BhC6A6w3HgQHGAEzsBRcNeU4W54zj1/3ifY79fjjn0JlwzHiV23Lhg/2YrFMSHjt3iVJcYi4Dp44SnAnetG9304tDAZ9aiWmqwelsJvo4wDJNEx7UMih3ICb0Cn36E8FNh9IuKo3fXa5vyKdonAbcQQgghhBDiqmDR3PwboOqvGzjxX1mwdwdORyQ2VzgBRUFDxbQUTMWBzQTNUjA1B6amEE44mCbmR9vw/ONDajdsIW5+OhF9+wbn17KC9cMoFxCOGiep3bCOU0Vb8JUdD6bP5cL+tTuIfPBBoof2/xeFthYNvlN8UVnGiYZKUC3sig1TsVNj+EEBmwWmAgoW4WiMGTCaaCsGJaDi0EwChs7BylJO1p9iUI8EwuwRF50az4mdrC8tYmvFAaoCpwGICEvg9v53c9/1dxLnvPzDVcU639EBvoQDBw4waNCgzj6NEEIIIYQQQrSpsbY5gIVqwcEXfof+7Hw0y4IwFwHNAsVEBWyWiomJErCjOeyAH9MXwGYqBGwaFiaKZeII+NENC2/CEPq/+Au6JSU39wtXQGlsn92BwN5Cvrj9cYyONrrvp/Rf9SThzi9XBqcaqjhQ8U98/joCDosAGi4rjGqzipd2vsJRqogIhBFQTfymn5tcg5l+06OofgVTMVGwUCwFEwu/ZeJSw7m+9zDCw11NfdnPj5d3Nj7Bs4eKO9xq8tdfZ/YNnRtHdnasevm/MhBCCCGEEEKIc7GCzaRVReHQ//wPdf+1iMhbhhF+19cwwyKw7BqqqqCoGqYFpmrhUFWq9+6n/sBhnBERKJaFEproyVQ0fFYA68gxokv2UjErHeu3S+h26y2YloUt1GS9oxDUOljI/tsfP/do5xt+yaHkBgbsnEfYRWbf6z/NFxWl1Jt1aJqdLn4LLUzjiL+SP+19mwrzOJrNjmXZMRSdesvkxq6DcaDgUwNN5YdioQJhioJu1VJ6vJgbrhmOZrOdZ0oMNhR9m2fdJ8+5ZcE/JoJjHbMH97zIXH/1JOAWQgghhBBCXNGaAlpF4ejrb+HN/BXK0CF0f2o6Wq8oDMtAseyhgdQUAgrYbBYBdxV1Bw8R/6PvYo+KwGdTUE0FxQoG06qiYBw5zrHnC7CX7aX88Z+grf49kf0HnEeNr5cTP2sdbIctfoXYySNwRGoE3Ls5lj6D2rfcwZX7n+fomnEMGD/4wvNvWRw4XkJtwIOmaqBZnLLp7Kvez3tlH3BQr8AWpmEz7QRsBja/QR97DD279sMImPgsMzSQWrDFvGaBAxuq6qQmcIp97t0kXjPsvGq49YpX+VnLYFt7gKz7nubOPj3RAl72/PMVfvyPpXhCqwu2PM+3BvyCQecbz19iJOAWQgghhBBCXLEsrNBUVwo1n+zhxE9/SlRXJ91nTCLQIwbqfCiYmPixFAubqaChoDjg1IkTxH3tBrTukeh+H7aAAqEm1Yqp0GADbWAsYXfcSv3hw7j27+RY7m+IzMoi2AvaandgMcu9iZNvNX8Oe3EdA6YPbfpsix1K7B//QsW4mzm1IbisYdGb+MbPw3GeOW+sXz/qOUSNXoXDFoamWeyvLeNPB7ZQdvowlmYG+2EbgGriU3wM0Hrw9cFf493DH/Bn/TSqGjqiYmKioPhN+rpi+Fb8N7FpEVQZFVScjKJvzLmaZhu8/0l+i88jefmRX3CjvTHTLm684XFeDYcH310aWvhX1ux/mp9cd3nWcqtfdQKEEEIIIYQQorMERyMP1s9W/e9rOKvcRNyVjCPhGtSGOkwlQEAJBkaqBQEV/DYL1VLQHHaMqlMoqh2bPRxFC0OxO1DtDmx2O5rdAQED/wk3YShoXbpSv3INx9ZvajVaeVv0D99p8WkSvVsE28160ivzF80f97+G191hb++zGKbBiZojqKqdMEXj0xN7WfbZm5TWlePQNMJwAAaWGsDCxG6Y9IqO5ZPyUnZ4iin1udmvH2F/wxHK6o5yoP4o+8xjbDq+kw+P/IMw1URTFI7UnsBv+DpOTGA/7x5rrt2+85Ynm4PtFqIHTOfHXZs//+2LnR33cb+ESQ23EEIIIYQQ4oplWcERw0/s2kbdquWEh7lQb4zHUABLRW0aSs3EsIFqWmiGghWuEt67O0dWv0vDUQ/OAX0IWGZTv2zFslBUBW/xF9Ru/ogIAtgIJ0YPcOI3S+l97z1YqtpuyN1QXNr0szL7YcLb2U6NvwsnoAPgRq/QIdZ1fnnH4kh1OfV+H2H2MA6e/oLX/vkOVc4GXAE7AUBrakgfbNxuC5iYqsKpgI6qQpiiYoaOpqompqKgqSo+BTyBWhQM7FicDtRxxONmQI8B7SeoroJ9TR+68VC7g5U5GT7oAfjkrwB4qsvRgfPL9aVFariFEEIIIYQQV7Bg7fbxVwvpUuvHcrogJgbFVFGxsIINxFGsYP9s1VJQHHb0ksNUv/sRXe+9HVtsV+oDDZgBP/j9WIaPQMCPzzAIH3wN18x7jKgZE/H17kHAoWD/+CNqP9/bQf32SfR39zR9Ckvu337ytX6Ef7v5o/5p2XnnO2AG8JyuDI68rhlsqfyEKupwBVQULGyNwbYVTGkAC48NTtVUc9/AW0iI6Eu0PZLujii6O6LpZo+hlxZNXzOSpOgE7htwJwouGmx27KpFdX0FHU2C5fV8TnnTp5EM6mBGsdjeiS0yvZuD/vPM9iVGariFEEIIIYQQVy4F6r1ezC1bUR1O/JFh2Lu7IBBotVlABSVU320YDRz7eDf9RtyKek1vFNNsNbiZGpqr2hZQ8NlVbKYCmopjwDUcy85DO1ZJ3a6dRN2YSNvsKFHNn8IG9O4gA04i7rqfk2+tB8CqOf/I87S/lgarHkVT8AbqOFx7lDA1OM65gRVqTK6Gmr4bBDC5pesA+kX0wjTh5l43ovv8KEqwHC1ULEsByyLCEU7picNE2+qI7dEXBwp6oI5a3ymiwqLbTI+mtqijdl1Drw4GQnN2v4lbgY8BqKQ+ALTR/PxSJwG3EEIIIYQQ4oqlAOahClxH3QRUBVtUJI5wJ6bVOKhYMJRWrGCz6oANLF1H01RsvWLwG6AaoFoWVqh9sGkF9wughJpgW6iqHWffnmjhLhpsx6n/+zasyZPbruU2jqFvaP5o+jun+tbvb8Cw/ITZ7FTXezh5+iSaTcPCjw0IvnKwMBUF1TTpY+vC9T0HsL2smOPlO8HuJ6CqTWXUOFa5iooPEzNgEOm3c3fcndw34C5Uw6TB8NPe3GXuyhbzbl9gp+zLNXC9XNN9Dga7Cv/A3w75gte6oYGGsEgSk+/jnuEDOZ/54g1DRzc0XM4vV0RnHqd8y3Je2TuIp1NHnFc6OoOu62hOJxqgl2/hN68cYNzT0xj4VSXoIlUe+YBNh/bi1VwMHTCG23q2/SatkbfiFSZsqOIP332Kvu1ss+ezZRSH38/EwXFNy8rL32Pz4f0QEcfN147gxujLrKCEEEIIIa5yAc9JzPpaUMNQIhwoqg3FsoDWzZ8VywITbOGRuHr14tCm9+n7tWGozjCUxhHHLSs4IFqolttSwFItGr7wUP3OZqyqk9idkdR/cQTT78dmb6Natv7U/8kgYIZhNA1WXlt/Ct2qR1G6tHoJEBxLPUDAtIjp0oP9x46wL3CMbmFObGYYiqUQUIKzj9uwABOwCMeGptqojfDxvnsHSb2HEeOIxOdvf+C0+rrqzs3wJegKDbh1dr5aQKE7lqSkawCoPlxI4eoCsmJTyHt5LgnniJn2/OER5hR8izc3pdJxGHdhx6nd+wZFBWN44isLuL388ZEU3n00l5WTEkE/TGFRPnc/OY2BX0l6Lk75579i4j9eAy2RIUYxv9uTxffvWccPB7Q3XYDB1u3P44l9sd1g23vkFR77KJe4gbc2Bdwfffg4s/ZtB2ci0XoxL34Ck0e8zezB7R1FCCGEEEJccmprg03IVTMYANtswUi5JSUUfFsaPstGdPIt1L31DvtfWI79mh7B0c5Dm1lN21pYCpiYKAcqCN9/GHtEODY0PCdraDhVS0SPmLPTY6eD/t3/OgEzgBWaEq3O8BFQTDTO7GMd7Lfu1zSOBxpI7jmQyvrjHPbXYrNsqJhYSrCne+sXFAqnFQ2n4uAbvW8iOiwSI2AF+7m3IyZ6ELC9E3J66bpCA+6g2On/Sda05n4TFVuWMmlBAfN+cwdr5yZ3uG+EoxdEOb50UHzmcRJT17L++19lwWu4XOD1Bj85Eyaxaf3Ey+xOOMGbO16Drk+zbtx3ieYoL7zyLf6w9a9MGfAd1NkHAAAgAElEQVTdtkcv1D9hcRVk3JnU9iEDB/jl+ucB6NI4saF/D8v2bSc69pe8PeZ+NMp57tVvU7B9LTMGP35ZjpIohBBCCHE1MhvqwFRRMMEMVk0rof7DTSGkpWACimISEbA4/M5mwvr1ZtB93wg2S28RbFqhf23Bym4CmorNb1Ff8gXVBWsJr6jFZlqhIcna4D+zbr2zmKBYwVpsSyU4ZrbZoiF98HtAUbFjUOU7zp7jTu4d8jDOBp1TRh2mEmxOD62nOTOxcCgacZED6R7Rk4DpC76ACI1p3pZjVbs7K6OXrCt7lHJf67crfUZ8n/SRUFP4JiU6YFSwJjOVUaNGMWrUKGbnrsMDFK9KZ2Z+KdTk89CodHZ5AQyK1+UyNrTtqNRMdlQ0NgQx2LUmu3ndlHTWlXjaPE7JmmeY9ty64LD+ejlrMmc3nX9Kei7FnuAx9ZI1TJnyDKuWZzatT80sxNNGNkvWPEP68o2sWzqbUaPGssMLZRuXk9qYnlFjyVy1FV0vJn3sQ+S5oaYgjbHpa6gqWcPY8YsoDgXg3rKNPDNlVNM5n1m+BW+L84xNXUr5Vz0Jnv8IWwwY/7VvhVof9GXczQ+A/n67oxce2PcyHi2Ne2PafrPw3t8msqHrIzzshNOh8TOM2oN8DDyRNCr0PiKO+/sChuOynQdQCCGEEOJqYwFqFxeGTcFmWdhO+7GMQKgpdUvB+boV1SJwyoPaRaPnnbfgcHXF5opEi+yK5gp+2V3R2F3d0Fwx2FzdsEd0RekaTdg9t9Pl1pvB50O1q6j2dkYFixxIeDv1QP9KNtWGooSCa1UhQGO43cwMdl7HwsKmWFwbEY73VAU7vAf5Z3UZpdUH2Osp458ny9jrOcDnngPs9Rxg38n9HKg5SoW3AiVwGs0yQAmg2dofCW3ANXdeQOovwxHS2nBlB9xn0Uj+t8nAYWoML6uemEROUQzpi3NZMn86B1dnMS17K7HJ45icFAUkMWv+/6OfE8rXLSItazV3z1pIbu5CUihi3qRFlBlQVvifzMkp5OaZC8lbtoSZ8dvImjmNg9effRy/txT31nJ0vKx6cio5RQeZPn8xSzLn0n3batLGPUeZAYbfi9u9mbz8o8xfksvi9AmUFmWzcsfZIbff62Zb/iKyCmDyrKfoU76cGYvyiZk+n7xlecyfPoSivEy2e3rx/56aRTwQNXIyT437Gvi91NSUUg9QuYUpMxaxmRQWLlnC/Jlj2Jy/gCm5W4Pn8enUlO6mWv+/u2Jt0as+oxy4qXtzHXPPbvHA8eDohWc5wZpPtnPf8IfarJX2fPFr0t3X8tuHfsSQFvG4FnkHr//b2zwQHVoYKGd9OeB0fWX974UQQgghxIVRACUqAuwq2DT8NXUYfh+orUOhYDNxC8UEHGH4PbUEqquwwjRUuwNFs6HYbaiaDdUOih0sR/DLdChYYTY0r49AlRcfOlHde+GM6tpOquzYolp/bp+B75C7OZ0XkHe73UFwiHGLMLsdG6EAsMVBbJaCZprUqQp9tF6ozgjeOriFTw7vZndNGTtP7WeXp5RPTpWy07OfT08eYNfJA+w5eZC/n9hNbukr/OP4JzjUcBTLTri9/b+UNbujxYeO026cdnOgVSlcni6rhsT/Cs6o4EVWDm4irxTGzH+cu67vhsFYFkzfwbz8Atw/eoF7EntRsDeRh0cPx4mX5X/cDENnMfWBW9AMmPr0TArT8tiw5wiOV7fByPk8O2kEAAnzV8DvNhLb/zbiWx0HjgPgIFD2V/JKIWXhy0wb0QMYTvYKO/dPzWLDnieYZAeIYv6qFxjdBxg2iOl/XM0bHx8kbXhbvcqTyH0ni0QnGJ4S0udeT3JKMi7dA4PigW3sPaaROvphRr+cw9uD7mR0cgLe4g+A4I1Q/OcV1JBE7stzSXQCw4bRh6Ok5b3MrmnJDJuUxaZJnXp5zo/NBSTSt0vz7dv4C9jWDa1X/JU1JPJyfBv9rv17+I93VzB+xDpudjrZY0DTA88eTVxMsKy91R/wyz89yQYSyXrgOxJwCyGEEEJcJizA6tWDcGcMNNRi1nrxn/SgxHTFFmiOPVUz2K3bVBSsqC7EJCZQvmUr9m49cFkODKeKpYJiqqF+3MG+0ZZp4rRMAqfrOLVrP9YnewED7cZ4FKWDntotaoLqt5fBrUPb2VDHV9w8Z7fzpj7nnXenPRLQwFKIsIcTpmgYVuOo48EvCxVLUdHMAIpm4TMDBFQfqmrDFrBhqUqow7kKKNisUJNxFTQUMDS8/gCmYsOhKrjCurWbHo0WAbd3Gwf9M7ixnXcN+uny5ta92m30u0z/AL/qAu6je4uBCHy1FQAULZpBUasthuI3AOqAUCCnH6XYDbhzmJiS02prh+8oO9yQ9GiLIce0OCalTQOguOVxWjJ8QCz33t6jebduZwbSLporcY3QkrbUQexoBoVuQs0Zib/k94wbldHGtgY+OKu5fdNxSKJ/i5t50G3fgLy3L7E3Sj6gmIO1OjfHBBPbeCO3lc5/fPI89H+xjV9mgw0bpvIxiXzHcZydX+zkYx1qa//BR0eiuLlfHBpe3nt/Huml26FrKiseeJzrIjovZ0IIIYQQ4l/NIrLfAA4nDKDLJx/jrG/APFyBljAg2GfbAlMN9lMOKKBaKrYGi8jrB2Ef0IvDy9ZixUQSlZiAXzVRTBuWEqwdVxXw13g5+uf3cPzzC1RHGKbTjoMIXHd11GbcRZe7voHnrQ8BMN7/jMAPh9JmY+zaPZxuMYWY1jOqra3aFGGPwGXrQn2glq5hXYjSIqk2dEwb0DQMXLA/tk2xcUw/yU0xg7gv9huU1RzHsnRsigLYAAsFkwAWlmJD8QUI2G3cGHENd/S7Db9h0kUJR7O1X1vv7HUTQ4C9AGxnZ5WXG/u0HeHsLdvUYsfuRJ53ri8tV3jAfcbF9u7it9nbYOgsbo7vBcDcZe+QEpoPS6/YxfqdBte6oLHRhgbg7EtiLOy9I5O1aaHB1oxKtrzzId0HxuGLgrdLjkHjON9GCZlPvMjXF/yKPi2PcxY32/Z5GTYsdJPpfqIIhpMXwu+DqDsSm2pdi1/7MdmF3clcUUhynAv0HUx5aN4ZqTj7FyE4gv9hTtAc2B/du/cCU9P5nNE3MgT4tLKWsaGA231sG9CL8DOfUvpOco7Bjx++tY0j6Zw0riVaO8rP/ja1efGxXGZ9CBsmTGVr0bf5mTuKH9+7jolx7Y2ALoQQQgghLlkWKJqNiJQH8X/4IYZLpf69j+h6+zCsMAeWEayyMVWwWcEdGuwWqk3Df7yWbsMS6XFPEg2mQQRqaDoxBVCwmRZmmEL0tbFU/GIpYTX1WD6F0z370mtoYgeJgrCbk4FgwM1b86jaP5Feg8+OGrwFL7WoVLqfLgnnP3Svoih0D+/JkZo6ohxdiXRFc7z6KA5bMHxuDrotVEvFsJlsKN/GTT2HMj7xQY6cKKXO0LEpwYDbVAIYikq4GcGQHgNxOSLpYoVhGSa6qdOtW7+Oa/Xt/fiGE/aGuqi+uH0Dj6R8++xYyb+TZaXNc3YP6XfLZTtg8RXdh9t9eBc7du1ix46tbFyzlCkpc9hGFHOffhhnjxuYEAXZczLZWlaJp6KYl388h+ysj4FQ8FlTzAe7yvAaLm4fE0/N6gyWbizG46lg68qFLMjOpsLozq1jYqkpzGDplhI8nnIKX/g5RaVVdI10nnGc5rSFJdzPhCgomPMfrNtVRkXZVjKfWkANQxl1fXNN98XULAcD53AwdCrLd5H72DzcgK/e23RE9+FdlFR4aRneX3/fo8Bm5jyzipLyCoq3LGdO9mYY+T2GuaCkMJMps5dS8VVXd9sH83BX+PMHv+C9Eyc4WvEXFn66HWLHn1WLXV66nHItlft7ttUGxcXElDdY990NbJ2+g63T3+OHGsTFr2DrhBloJ97gZ+6T3HrjPJK7VLPnyJ7gV8XRS6zGXwghhBBCtKcxAOyZ8jD+6wahWE6UPWW43yhENQ0awtVg2Gmpwfm18eMIWNgthYDeAFFO/KqB6jNQfAEswwK/BT4L02+hB0zUrlFYXcIhAL66epQx9xDRL67D/tb2YQ8Q1uLzyfG/5HRt6238u1fhnre+eUHqeFzn2bS6cUi4vt3jcNic2E0714bFoSs+NAzsJjTOwq1ioaKiKBY+zYcjcJr1+zaxqvQ9Cg99yFuH3uONQ1v40xdb+csX7/Pm/nWs/ec6HAENw1Sos/kId0QS263/OVLVk1HXjWz+WLWIzM/2nbGNh9fXzePjFkvGXX/9+WX6EnTF1nA7IoDNeczb3Lxs6MjJzP3B9xge5wSc/PDlxRx/ah4ZM0IbRY0kc9X3iAac932P2IIsFs05zOLClQyf9hzpVT8ha1EaBcGNmTB/GaP7aJD2a2Ydf4qcBTOb1k3PzGF4NOhnHCfK0dgeuQdpLy+h5qk5ZM2ZETr/UNKX/YJEJ+h2BxCBdh5X6My66htTHmdowQIyZkwEID4piSj3NlZnFjJlbSo3j0mC/Dxm7vTy+pLmPiDOgSmsyKzmpxl5zNycB0Bs0kxy5j+IBvirD+De/RlH9FTaafnxf8TJxAd+y643Hif9z6Fr53qEFaPuP2M7D29+tJk7b5t7nnOpa/TpCo1tefTT1QB8vOdJJu5psZkzjQ2Pzrhs37IJIYQQQlxNLCwUFFzXXEPXxx6jIf2n2KJjsN7awjGfRsyE0dijo7Hq/RiWgqFq2AMKActHRM9oSoo+xhnTjYgePfApfhRLQQ1NfqUCdl2hauM21COV2AMW1ddcw7WzU2kaHry9Cl/nUHr+biyHf7g2+Hn/SxyOXUuXxT+lS4KD+r+tofaF9a12iXnqofOev1tpzLui0iO6D+7qLxgaM4h3Kz6gVglgV+3YQmVjEZxLXDUVbKaGK7wrpcf3EojwoxkOCIbjoe8mps3g4OkT1PjqiY6IQGnQ6Nv9GlS1/RHKG1039Afc+elm/h76/OePJvP3kkd4YsjXcdR/TmHxUj5uWbvVexEPtzPT0OVAsSyr06eAO3DgAIMGDers01w03evFQMN1Hq+LDN2LboDmOnukakP3ouugRV/YKNYXcv7zZ+D16qA5cTk1MLx4dScu1/ncrGfsewnT9VDZOdsuO2/tCbTInjLImRBCCCHE1SoU7VgK+GtqKRv/PSI+2UEgKhKzrg7/tf3oev9wuo64DV9kBLa64PzaFgHsqkJDdQ0ntmwn8HEJNpsNmwkBFSxVwWYpGP4GrMMnsCsWtacq6bH4f+j92NRgwGuFBglv10mOPz6GkyvdHW0EQHjBZvqnDL64IrAC7Du6h9rAMTaXb+X1Lzaj2gl2YKdxfu3g9GCKz+RrvW5ADZh8UrmPgN3CZgWC21oqATWAaVgM65rI1JsmEeaDqPBeXNf3RtSOM9vEe+R/uW991rk31May4pEFXNeJM4R1dqwqAbcQQgghhBDiqmABNbs/o+L7j+Fwu9GcLky/ie4/jXrrEHo88iBhAwZgBAKhJtcmRmQ4gW17qHz2JVSnA82iuX7bgoBNxa460PXT+B+dyPXZWag2G1hWx/2Zm+jUrsnh2PTnaWuGW+W+SXRfmE73oV9uPCEj4GdfxWfU+o7zfsXHHD3lRlcVdMuHaZmAhREwsAjQRe1KUp/rqdXr0E0TRQlgAVogWGsfZnNwXe8EomzdcGkR3BA7rMPB0tpMj2cnv9nyPxRUFbexthv3xc9lzje+SY9zV5p/KRJwCyGEEEIIIcSXYoVqm4PNp09s3MDhx5+k+6k66OIE00ZAP0197+70+9kThPXsTiDgx2YG8IXbofwYh57JJarBBEUFgt8VE0wlQIOnEnXcROJffglU9bybfbdm4D/hxqiqIzjxlh177344uv3r2mrW+Wooq/gn9eZpLM0Cy4YF+JXgDEaBgIGiWMHp0QwTZ1gYdsuGaqpYjbODWYBi4vcHCLNFM7jvdbjsXWi/7XzHDL+Ho55q6gPBNGiOGGK79sTZyYF2o86OVS/t9sJCCCGEEEII8aU01y821jX2HH0f9pUrOTrvP7Hv/pguETHYw5z4Kqrw7j1Al949MAMWlqJibwhg9u1Ol1G3Yby1BYczHMMWDLrVBj8+E2xP/Tv9//1JFPXMMak76sR9Jg17z/7YO3FinAhHJPH9hnD4xCGqvCdQbAaoFg5C06JZNhQFVBRMJTgwnIERGtHcDObFAitgEhPVi4E9bsChOs5x1o5p9mjiep7fiEuXoyt6lHIhhBBCCCGEAKV1827LotvttxL3x99hzfgB1WEWdfW1OA0/2okTBBQjGCtbKiYWqqLQ5+H7MK8bgM3vw1Gv4zvtwXPdtYT96lkG/zwde5cuwYDean3eS4tCmM3FoD7X07/HYMJsXTEtDX/AwLACmKqJCRioWNgwUQg2NjcJWBamBeG2rsT3TOS6nje1CLY7vdH0ZUtquIUQQgghhBBXMKWNjwqWZeHq35+Exf+FZ9oEjuevwvO/f6L7sUqizWBtrhUaVMw0LGw9Yug64lYOf/o5zuHJhD/6MNdOGk9YZPfG8cYum7BTwUaf6Gvo3bUf1aerOOGtxNvgwW/qWFYglBclVLNt4VCdRIZF0SOqL9269Ai+vGgcjC60lWib9OEWQgghhBBCXCWsFv/SNCVWcKHFyb17aSj+FFcUqKEOy5YCKAo2VLynTlPn6EGfO+7E0a1b08BolhUa4fsyDT0twBfwUd9wKjhwmhWcLgxVQbUpOO3hRNgizzXk+mVJ+nALIYQQQgghxL+EEvq3deBNqA6y2w034O/fh4a/r8dSA9gsMC0NrABKoB5tQH/63zIqeJxQkB083uUdiCoERx4Pi+igA/nlUn1/iZE+3EIIIYQQQoirjEJjmByswA4FzJaFFuYCzYFqmgRnwVKCc1AHFByKo2lvlBaN1S/veFt0Igm4hRBCCCGEEFclq+X3UBSt2DSMcBcGVrAJtWVhGRa604V94BCa68eVUD/nq4S8VLgoEnALIYQQQgghrkpKi+8KSrCLsqLg6NsHPxZagx+bz4ffHoZ92C3Yu3ZvitIVghXfylUTcYuLIX24hRBCCCGEEAJonDc7ov8NYIFecxJbhIsuffpjj4wJjUbeYlxuqfUV5yABtxBCCCGEEEIATcOfqTa6DLyprdUtvwlxTtKkXAghhBBCCCGE6AQScAshhBBCCCGEEJ1AAm4hhBBCCCGEEKITSMAthBBCCCGEEEJ0Agm4hRBCCCGEEEKITiABtxBCCCGEEEII0Qkk4BZCCCGEEEIIITqBBNxCCCGEEEIIIUQnkIBbCCGEEEIIIYToBBJwCyGEEEIIIYQQnUACbiGEEEIIIYQQohNIwC2EEEIIIYQQQnQC7atOQGfTy7bwm1e3kzB2BimJ0V/+eOVb+M0rBxj39DQGOi98//Ity3ll7yCeTh3BRezemAq2LP8NB+LGMW30wA63NAwd3dBwOa+8S12+awvv7zwAMXEMu/0OEvs0l6jhKWPz37ZS7vXRe9Dt3DMi8azyLi5cRdXN4xgR12KN4WHH5i18Vu4lJu46vjFyOD3OUXSVxVt5b/s+vA4XNyXfy/CBZ99netkW/rjVzvcmJXd43c8n3QDF65bzefRoxifHdZi2NvOIl11bNrHzQDWOmEHcNWoEca629/eU7WL34RrsdjsAfr+fPjd8g4QeWofrztbBOY1Ktm54j33HfB2XuV7O8udfJ+7RHzG61S9f4+/DNxlU/he2V4URFnbmzg00uG7nR9NG4MSgZMtaXnl9HTsPHsfV61rueHAyU8Yn0+4TwrOD2eN+y+TXl5Lc44ycVexi06adVOPi+mFJJCe2uCZNefPi6n09d9+XfM776Vy+7DOoKWmX4bPBqNjCE5Pe5ul3skj8EnkXQgghhPi/cvn8pXWRtr+6mMKiGjjQl1FLJ9FOXHHejOq9FBa9zd1PTqPjULdttXvfoKhgDE98qYDb4MAbhbwx5l6mje54yz1/eIQ5Bd/izU2p7QcTl6Edy2czL383xMYT5S4lD5iQuYq05D7g2coT4zIoBeLjoyjNz+elMfNZkzG66Yav3LWGtOw8Jix5qDkYNcrJHj+VwhqIjY/FXeoGklhSmMWwdm6c8o3ZTF1UCFHxxNeUkp+Xw+TFr5M6vGVUVsbzMxZQFDWZiR0F3OeRbgBv8SrSsvKJnXBzhwF3m3nEy5r0FHK2QezQeNy788nLTiLvnSwSzkqYwdbfziFrW8tlUcxd9hoJPehg3ZmPlQ7OqbVV5mPIeyfj7PQY1RQVFXLHN2cwulUpNv4+3EOG4xSff3GSmPBwqvduo7QmiqFJQwivr6e+bwIGOhuzH2NRoZuooSk8+oMH8X62joKcDFa/MZlVK1Pp00ZZbl02j91D53LbGcG2XrKGlJk5QCzxsW7y8yB2QiYr05JBL+aZh9LYDMTHx1Jamk/OSymsWDOXuC/z5NUPU1iUf9HPoEaX47NB6zOCSSMXkPabrWyam/xVJ0cIIYQQ4pyu7IDbu4sVRTXEJw2ldFse71dM5ME+XzLLdgfguuiCS0xdy/rvX2zBGxiGhqY5cbgAx7n3iHD0gijHlwjuL0F6McvzdxPVFIyWkz1lKqtfLGRaciqH1r5MKbEsXLWSEX1g1/LZzMn/NR89MZqbT6zhkZk51IQO1bIIKz98ncIamL74TaYNj0YvXsNDaTkUbCpjWEpboU0lf/p1IQydyZsvTCKaCnLHTqIgez2TVja/3Nma/TOKAFyODq97cQfpTm6MiIwynkvLAyCinZcAekn7eTTKN5GzDUbOXcazKQMxygq5f0Y2v19fRtZZefSyfxukZL7J3OQzQzJPB+ta6+icGf03UFgDs/IKGZ/gQi9Zw0Mzcyja8wQJw884rnZ2fpq4wOWwkZz6LI1hWMnyVGa+cRe/yprWdP/rJatYVOgmfnImS1NDW6aMJ+Xr2UxaVEDB1nHMPbMKWy/m5UKYvGTUGddPZ/3vc4AUVqwPBtE7cqcwb/WblDyWDG/+ls1Ekb5iDQ/GaXh2LWfcnHxe/3Ayc0e0FdafH2fCJDatn/iln96X67Phju/OhJkvs2tmcrsvwoQQQgghLhVXdB/u8vffoJSh/Pv8nzAG+GPhnqZ1JWueYXbuGpY/M5ZRo0YxatRYcjeWNa0v27ic1FGjmtZlrtqK3uLYvoOFTBmVyrqy5qXe4lWMHfsMJTqUbWm5fypLN5Y0nXfac+vQAb1iB9mpjecfxezsQirbzInO1lWZjBp1P/ffP4rUZ55jo5vm2nqjknW56U3HGTV2NoW7Kilelc7M/FKoyeehUens8gIYFK/LZWzjtqmZ7KgwgmcpWcPYUamsK9fbTMWlwjhxiN3AD74/MhRzxHHvHYDXgYGXXe+XwsjHaIxpho2dTBQ17D7oAWcvxqRMYPLkCcSecdwjnxYCKTwcCvScifcyIQr2HqpuOyH6ET6ogZTJD4VqCPvwb0+MBPeHHAoVoWfXUjIKI5ibPgG8vg5ydY50h2x5bgabh6YwJhbq2jtcB3ms/OIzIJ7v3B8MrrWBo5geC9tKjgHB+3Ns6lLKDUA/yAfAtd1B93jw6kaLvHew7ozjdHTOk6WlEDWZexOCd7MzLv6sNF8sP3XBpDYtMdi++lUgif/4fuva0T6jJzNz5FA4cfKs45S/+xqlJHHPjWdGdwa+aoid/mBTjXWv/tcA1dQZ4PdVQdR3uCu0MnrYWCZHwXt7j511jsbn0dL0xufBbNZs3cryps9TWL6lPJifkjWMHb+IYm/Hz7Hg7/MzFHsbz+JlTfoUsjeWt/1sMCpYk5na/DzKXUfjndfe8+xMevlWsmc3P9OmpC+l6RHpLWP5M1Oa07lqKbNTsykzgmVZXJjLlBbPsDU7Kto8hzMhmSRK+dtnbT8thRBCCCEuJVdwwO1h3UubYeS3SXDFMWZCLO6CN0J/3IHf62b36hyKeJQlebnMTXGxetEv2KWDXrKcGYvyiZk+n7xlecyfPoSivEy2t/j7znHtzdxEKS+9uTO0xGDba3nUuAbR17ORGQvyCZ88n2Ur8pibUkfBopmsqzDwe0txby1Hx8trP55H4fG7WbJsGUvmT2Z3YTZPLS8+Kycla54hI6+IkTMXsmzZEpJOFlEKRITWF//hMbJW72VWZi7L8hYzoddushe8SZfkcUxOigKSmDX//9HPCeXrFpGWtZq7Zy0kN3chKRQxb9Iiygww/D5qKOVYtXFWGi4lWs9kVqxYxf2NrRWMcv5WBPRy4QR8dRB7TffmHVzdGRL60Rk3grS5aaSm/pAxUdAyZr1x2ipWrJhBY/2mXvI3VtdA8g392kyHXl6MG0gc0ByI9ew/CKii3gD0YhbMKWDkwkweut5FU5VzOzpKN4BnRy4LimJZ8ouZXBdx1u5NOsrjsb2fQdRdDG6q1nRx+5hYeG83HsDv06kp3U21DvrRQ7iBnJnjeGjcOFIeup8pmWvw0PE6zjhOR+fsNj6LTWtTcXnK2LJuDZmPzcHNSL5547+ukXNzRbDOgc9qYOQDbTTp7sOkZ19gbkrCWftXl5dCfFIb+7gYv3QTK6clolcUs25VLrOytxGb8hjDXOD3ATVVLQL+WiproKb0EGe+0mp8Hr3b+wfk5mWSErubnIwM3u/9A3LzljA9yU3+goUU62D4vdTUlFJPx88xw++lhuB2jbyH3bz3eTWxZz0bvKx6YhI5RTGkL85lyfzpHFydxbTsrVDR/vOstXIyp2ZQWD+GxXnLyM2cBdsK+NlrxYCH5T+cQf7mCOYuziN34Xcoyitgd+nnVOtQVriItOzVdJ8wlyW5i5k+5CA58yaxqvltQQtxPDASCjd93sY6IYQQQohLyxUbcBtlWyiogZSHEgEYfNcYYDN/2eVpsVUKv352EsMSEkmZ+SRQh2GA1vMO0udmkjFtNAP79iRuUDxQw94j/7+9+49u6jzMOP7lRDDho3gCl9YAABGmSURBVOi4mBBHqZMBouncek7qxmNJcRPauslalVDMaSHFZmQ4bU1SQs2Y0uEkdk9VBx+VMXs5MW0GrDbJMON46gpzd1Bm0paRusV1oibYxhmmqgI2KOYWbo2A/SEZZFv+QVcRhT6ffzjcq3vfe3Wv36Pnve/73vhtsyhak8OAbw+dEcA8ws5WcD32GayxiNPf9zbneB8PfrWO+s2b+dDlwBHrWmwAA2/TPwBz71nBjrrNPL3wthFnYvCTfzsEBRt5ZtkCZs/OZfWWHRRC7PkdzLq3nI2bn2fJ/GxuumkWtumAbRoZs+dzX/YssGfzmYV5zLQY7P+XVshZQ/Gn78LhuIviJ0qBVv7r9TC27GX4/X5KUr2fpjWdrKxMrIDRe5CnPlWMb8BJpWdR4u6xllvIdsChw8G4hSYjHxBbbJlkZaUDETr3b+XB0lrIKeUrCzMhYtDZ3k4gECAQaKe9s5eIxQY4uSX9ShIbiiAWIuzzlNGRv4FnFsyEc4Ox5dFPhToDtAcCBAIB2ts7CSdq44g/bjNARXkTLs8/kGuzMngWYOoEX9Toc5w6LY3EExlE78nsZdX4/VvItUHknAE4WVOzg717fWxe5yLYUovH1zPuOkbsZ6IyATjTw47ndtASBDjN8ZPJ62XhmJN5Fb2xDQ6/HMSR7xy363Xvj1/iuRebGACC7/yaMHB7/n2Aj689tZ229oNsfbw4OrTgeGhU4I4qom6di+x581n6xXyggIp1LrLn5fKFv1kJnI025MRcOYfE9djoz0XZpkH6iLohvddPfRcUbvwyH7vDwe35i6hYmcOAr5GO301Unw25kc9t2ECd51HyZt/CrFtvxQkweB5CP2dbEFZu/g6uvHlkLyjh+Y2FseMzaH2xFQo24C1zkZudR0n18xQC9c2HRhYCWMic44SDbxBOsFZEREQklVy3Y7h/9sMXAfC5l+GLW970rwd4JM8FnAV7xpUf0Zbpl7uyWqw3cr7zuyy+3z1uGfM+XYKjtpyW1w1uieyji3ye/OhMLJYHqK98m3+sqaesJTre1llYSsX63LitbXzh+Rr6v+Wlau2q6CJHARuffoJhz9givyEQhPwvxo+vvYkPOOFg7H/WG6fyP5WPUtUVfYTqiOuTO9StNgJgRvdFsJalrtph5zL+6OJUZHBg65NUNHZAznLqK1czL/6h6LS4MGp280oQ8u8c2ZiRQDiAd30Zvi4oKPXgHprkzOzm6bVruRzZHStp+qYN6OLYSZPc2KRkQ9/i2e5dVLdC0YZ02tvb6T/cBVj5SVuAj+Texn8+Xca2Kzujxvf8OMftYL9nMR04eWj6CdrbfsnhIBjHX6UtcCO52VmTvnrnB8+CMUh8vj9nAAxfBsQaYJZd/n+u66uU/ruP+lfexOYaex0jxoKPV+ZvDQOL1YY1ayFbmxeCEeApVxkV338Vv3tB4pOYOvJsIwwa0faryQi+0o5ZMnL2d4N9nif5xYcfw53gKXdiEQzDxGK1MW/JMzQvgb627Swtr6Wh/ROU5a5mh8dGpaee8lbIKSyi4H+b6LrnIwkmKTsL9itzQ9w01wl2eN9QSeej/46+zmPXY4nEj3+PrxsiA9Hu2y1Vq6KNApflcDFjMvUZgA37tF6eXvop4pu2nIDxdjfg5O47rrS8pGf9KfAa/O4YbUHI+ezcuPPLpLDITktLN2EWJv6+3oO1loiIiPzxuT5/r0Q62dMUxOHayLeXzyNyPoJlqoW3fJVUNH6XV/tcZIyzeeClr+P1ZeDZ4WN+lg3MNh5+sJxRX5ctl0cKoKpxJ9PO+bAX1TDbAhi9DEy9m2ebS7CaYToP7+Vpdz1/NzObb1z+xWtw9C1Y+mwD66wmfT2v89J3yqkqfz8faY6bNTj2lHPba8fjgoxBqAts+QAh6ovdtOSvYefeRWRaLYT2bWDZc8MP1QJgje7rjXs8NJfFxrBG+jiw96dk3PpeuhUi7Pc8TFWLjTWbd7EkN36SKwu2DAi2dRMpyY71JBjgRGy7cZkBNiwu45CziPo9ZcMDvC2XBr9/1OedwGtvGbhigfs3v2oDMph+gw0Hdlqec9MU15W8qvw0m31bKGnwUzJ8Z7w15nH/ltOmA7v9BFVry65s0rqN8iD4tpZMevb9W3PyoPFluo3V5NkAwvy8JYi9cHQI7PR5ePa1u3jO/cDlJ/ODZ4E508ZddzVl/qLKRfW5dfi3uKIftn2AP8+B1qPHMRjxYDx2+bq6T0J23JrwG/xgAG6fMU4/++jOubPQCdte5OXepTwQ30e89xWqWzoo+IurmELMaOdhVznzPXtwxyaOm5l7Nw62AdDXvp/D5+eztXmoYcJg66ImgjOmT7jrCEw4BGFC5weBtLj2CZPfBEd/zAJYb40OXlj3wl5csXeNmaF2fnQ4wu300j1Gfdaw+kroNjsbKK1qZHnlC6xYMBsrJtsffpAWwHpzFtDIq0cNsmPX7uQbbwBp8CcOcuzQ+FYILjc3hjnYMgB3Zo1xb6eRqJFIREREJNVcl13K+37q4xCwYnkBWZlZzM6aTVZmFgsWF2NngF0/GhonnfgH2/lBgOkQMenrbafukXKCwOA5g+EjYi3c86XoOMXGDvjKkuiPT/PYPsrdZXh2HiRkgtUefU6VZovvAnyS7e5yiv92K4FeA8uN9ss/LIdHXxt3FzqhpQLvvnbC4RD76tw0ERvDHTnHOwBWOG8a9LTt5uvVh4B+joUjsXGkAX7S3oMRie5roMnN1v0BwuEQBxsqqfB6CUUsmJ0+Vi96fNhEcKnI7GmmqmWAnNLHyJ9xOtbNO0CgM0QEK/c+VAgdXp7fHyDc18P2ygoGyOe+O8YfFxx46TscAtat+SssJzsv77dvrK/DOocHcqClYhMHevoIde7jW7UdUPgQd37YRYO/meZmP36/n711y4Hl+GLdrBPsbJzjvpUl1Q00Nzfj9/vx+32stINjeR3+qwjbADM/+HEcBKnctJvecJi23c/ROACfnT8XiIbshx/fSigCFsJ0tVSzafdBQn29HNi+iW1BcH0se9x1I/czXpkfur8AOrzU7Wunry/Ewd2bqO2A/M/NH31ettv5bA4c8q6iztdGKBymr6cN73o3A9h56OOJnkwP71Sfu+QJchiguvgr7DwQoC/cR0+bj8eLqwEnn88f+Zo1G3fe5yD48uHRT9Btd/BFJ7S4PRzoDNEXCrD9G26CwNwZVmxTe/FWrMLja6MvHGKf91EaB2DZ/R8Y4+pMHCAjCc5prO1sN88FunjpP9ro6+tln/dr+Lgy98OwuiH9zyiyg3eth4M9fYRDAb739bV4q3/O7yZVn0FkaBa/8xHMcIgD25+K9uI4MwCZd1Jkh21lVewP9BA4sJ013tbYlunc+/kcaKnAs7uNUKiHfXUVNA1A0ec+mqBVOMKxQBfM/+B75nVmIiIi8sfrvfRYc5JM/nuXD5ylfGzkK8Bm3kVxDtT+4MecKUyD2zMTjsv8kOvL5DRW4F61FABnfj724CGaPD6+sHn463ys8z6Oi1p8ceVZs1fgWXkcd72b1mgPTBwFK6lYmo25a+jn7mzcdetYX+alrLgxusiew4aapaOCRnbJJtYF1+OtXhvrHu/ADtH+oZbZrNzgorW6luLW6PuACwqcBFt9uHd9gpc+uQJHYzVVa49T42sgr2QTG/rXU11VRrRUO0UbX2BhpgXj1Cm6BjroHTAhhV8WZJ6KzhreUe+muD5uhWMlvoYSMhc+xobDR6muKqMpuoLSzetHvdd5GvHRxeBXbV0AeIe6+McU1eyhbOQrqgCwsqSyhl+WlFMRu1dwuqh/YvTL0SNA9KKNbbLHDRZu/iCTei3c8HME0vP4duVyiiuG7hfIWV7JX8fO7/ypowQ7XuPX5mryXBupPLWJilo3LbERCIWlNTy+IBMLY68buZ/Mccq0sJ6N3aepql4bO2fIKdrIxoSvYUtn2bMvMOj5e7Z5y2nyDi13sqamioUzR34+DWwj/pps2Xh31bDFXUl9RRmXbx9nITUVTyRsDJl7byE0vsIxs4TsYdfCxrJNm3mrbC0VpUNPsR2s9NTyQJYVWELl8gAV3nJaYse60rOThQlfTZigPhp1v2Qw3QLW6fF10Nj1GJn3UFnkpKK2nGjVkIOd4OX75o4RdcOj36vhxNfKca+KBWF7AZ6dK7g5kzHrs2HfRu5i1hS8TG1VabRucRTgynfg81Xwz5/wUdZQD0+UU1W2CrCTn2PnUEd02+ySb7HReJKq2vIr99OazZTljbqoEOnFfwjy170/0VmLiIiIpJQply5dupTsQo4ePcqcOXOSXcwfWHR8JhYrNqsFIgaGacVmG/Fj2Qzw+INl3FK5E/fId+tGTAwzgsVixWodu23DNAwiWLDZxg+5EdPAjIDVluA94ENl2aIzdZuGAVYbYxU7tK+hz1+Pxv2+/sAmew0n49oct4lhRMBiY8JDHrq3Et1P4627mjJNEyMSwWq1YZnESUeMMGEz2jCUPjP99/qeTCP2OjOLlZnp4/UTCOG9fxnvVO7kmTHenz3u9Y+YhA0TizV94u86CSKGgXkV9+aY5zLJ+ix6/w5tH61HrZaTNPzTD7lj6SPMjw2/6Nm9gVW156jbu+VKQ4ZpYEQY934Kt9exeO2b1P9oC/OuwyZjERERubaSnVUVuP8fOn1eyr0+Bihgh/8ZRnZGFZHrQ98BD0srYKffTeLILeMLs/3hxWwLQuHyUhxnfso2XwfO5TVsXZ13VfvZumgxL3++joaS7Ik/LiIiIjIBBe4U1ntgO99/ZZDCL60gL+t6fU4sImBycPceuHcx8zP1t/77CXPQ14z/Z0cJYyX/k0UsWjDv6nonmL349rzOXy57gASdzUVERESumgK3iIiIiIiISBIkO6tel7OUi4iIiIiIiLzbFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFREREREREkkCBW0RERERERCQJFLhFRERSTH9/Px0dHZw9e3bS20QiEd58802OHTuWxCMTERGRq6HALSIikkL6+/vp7e3lwoULdHd3Typ0RyIRuru7OXfuHKdOnVLoFhERSREK3CIiIiliKGwPmUzojg/bQxS6RUREUoMCt4iISIoIBoOjll24cIEjR47Q398/al2isD3k1KlTSTlGERERmTwFbhERkRQxd+5cbrjhhoTrent7h4Xu8cI2wIwZM5JyjCIiIjJ5CtwiIiIpIi0tbVKhezJh+7bbbkvmoYqIiMgkKHCLiIikkMmE7iNHjowZth0Oh8K2iIhIilDgFhERSTEThe7BwcGEy7Oyspg1a1YyD01ERESuggK3iIhICpoodI+UlZVFRkZGko9KREREroYCt4iISIqabOhW2BYREUlNCtwiIiIpbKLQrbAtIiKSuhS4RUREUtxYoVthW0REJLUpcIuIiLwHjAzdCtsiIiKpz/JuH4CIiIhMTlpaGjk5Oe/2YYiIiMgk6Qm3iIiIiIiISBIocIuIiIiIiIgkgQK3iIiIiIiISBIocIuIiIiIiIgkgQK3iIiIiIiISBIocIuIiIiIiIgkwTUJ3FOmTOHixYvXoigRERERERGRCV28eJEpU6YktYxrEritVivvvPPOtShKREREREREZEL9/f1YrdaklnFNAndGRganT5/m5MmTetItIiIiIiIi75qLFy9y+vRpzpw5w6xZs5Ja1pRLly5dSmoJMRcuXODEiROYpsk1KlJERERERERkmClTpmC1WsnIyGDatGnJLetaBW4RERERERGRPyaapVxEREREREQkCRS4RURERERERJJAgVtEREREREQkCRS4RURERERERJJAgVtEREREREQkCRS4RURERERERJJAgVtEREREREQkCf4PcSdXkcDWcn0AAAAASUVORK5CYII=" width="640" /></a><br />
The script searches for MD5 sums but VT presents the findings with a sha254 checksum.<br />
<br />
<span style="font-size: x-small;">sha256sum nping.exe <br />4753e5a9b8c1b53aa72cf45a193a8e4138099db84fcf33ac4b74d4e77e53321e nping.exe</span><br />
<br />
As you can see the file sent to the honeypot is the same as the one uploaded to VT<br />
-----------<br />
<span style="font-size: x-small;">description = [[<br /><br />Detect honeypots (like Dionaea) targeting the smb service and using Virustotal hash search for verification.<br />This is to be considered a PoC of a method of mapping honeypots and not an attack against Dionaea itself.<br /><br />The code below could for example be extended to target other services(like FTP, HTTP etc) and also split the honeypot file upload and the Virustotal hash search to speed up detection for larger address ranges<br /><br />Detection of honeypots is a double edged sword, we rely on them to catch new vulnerabilities and malware targeting common used services. But the presence of a honeypot can be a sign of vigilant opponent and could be used against the organizations that hosts the honeypot.<br /><br />Please see my blog: blog.prowling.nu for more information.<br /><br />]]<br /><br />--- Output<br />--Host script results: ---|_honeydetect: Binary detected by Virustotal, host most likely a Honeypot!<br /><br />author = "Mikael Keri"<br />license = "Same as Nmap--See http://nmap.org/book/man-legal.html"<br />categories = {"default", "discovery", "safe"}<br /><br />require 'http'<br />require 'stdnse'<br />require 'smb'<br /><br />hostrule = function(host)<br /> return smb.get_port(host) ~= nil<br />end<br /><br />--- Get your VirusTotal API key from the virustotal.com<br /><b> local VTAPI = "XXX"</b><br /><br />--- Name of binary and path to it<br /><b>local BIN = "XXX"</b><br /><br />-- This just takes a binary of your choice and adds a random string at the end of the file, very low tech. The reason to use a "real" file was in case the honeypot uses PEID or similar to determine if the uploaded file really is a binary.<br /> math.randomseed(os.time())<br /> local RANDY = (math.random(10, 99999))<br /> file = io.output(io.open(BIN, "a+"))<br /> io.write(RANDY)<br /> io.close(file)</span><br />
<span style="font-size: x-small;"><br /></span><br />
<span style="font-size: x-small;">action = function(host)<br /><br /> name = stdnse.get_hostname(host)<br />-- Get the Hash of the binary<br />-- OSX change to "md5 -q"<br />local ET = ("md5sum " .. BIN)<br />local BINHASH = io.popen(ET .. "| awk {' print $1 '}"):read'*l'<br /><br />-- Write the hash to file .. just in case Virustotal is not able to process it during the 20 min this script waits..or if you would like to scan larger nets. Remove the sleep part<br />-- and process the hash.log file afterwards.<br />local hashf = io.output(io.open("hash.log", "a"))<br /> io.write(name ..": " .. BINHASH .."\n")<br /> io.close(hashf)<br /><br />--- Upload the file to the "honeypot"<br /> local UPLOAD = ("smbclient //localhost/test -N -c='put " .. BIN .. "'</span><span style="font-size: x-small;"> >/dev/null 2>&1</span><span style="font-size: x-small;">")<br /> os.execute(UPLOAD) </span><br />
<span style="font-size: x-small;"><br />--- Give the honeypot a chance to upload the file to Virustotal.com .. sleep 20 min<br /> stdnse.sleep(1200)<br /><br />--- Check with Virustotal to see what they say..<br /> local headers = {["Content-Type"] = "application/x-www-form-urlencoded"}<br /> local postdata = "resource=" .. BINHASH .. "&apikey=" .. VTAPI .. ""<br /> local body = http.post("www.virustotal.com", 443, "/vtapi/v2/file/report", {["header"]=headers}, nil, postdata).body<br /><br /> if string.find(body, 'response_code": 0') then<br /> return "Binary not uploaded to Virustotal"<br /> elseif string.find(body, 'response_code": 1') then<br /> return "Binary detected by Virustotal, host most likely a Honeypot!"<br /><br /> end<br /> end</span><br />
-------------<br />
<br />
This area of research is quite fascinating so I'm looking forward to comment or future research ideas.<br />
<i><br /></i><br />
<i>Thanks to @nevdull77 for his help!</i><br />
<i><br /></i><br />
<i>Update: fixed a syntax error in the script </i><br />
<i><br /></i><br />
<i>/Micke</i><br />
<br />
<br />
<br />Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-8120629162113444642012-04-03T10:56:00.000+02:002012-04-07T08:36:37.582+02:00Detecting Dionaea Honeypot using NmapWhile doing some research, which will be published later. I (with the help of @nevdull77) discovered that the low interaction honeypot Dionaea is easy to detect and using a few Nmap NSE scripts easy to discover.<br />
<br />
Honeypots are valuable tools for many of us doing security research, a way to follow trends and If lucky enable us to get hold of new samples and/or exploits.<br />
<br />
Low interaction honeypots are in most cases used to lure automatic scripted attacks, which seldom, if ever do background checks on the target system. This might be the reason why not so much attention has been devoted to avoid detection(fingerprinting).<br />
<br />
Organizations/individuals running these honeypots, would (I assume) not like to give away their presence at least, not this easy. Not to get to speculative.. but one could guess that if there is one type of honeypot other types maybe close by...<br />
<br />
Also it would most likely be bad if lists of know honeypots gets passed around as this could possibility affect the research and the insight for those running these honeypots. It would also be trivial to include these targets as a blacklist in new strains of malware or future tools.<br />
<br />
Three different scripts has been "developed" to target the following Dionaea services:<br />
<ul>
<li>SMB</li>
<li>SSL (used by HTTPS and SIP-TLS) </li>
<li>MySQL</li>
</ul>
There are most likely (judging by the Dionaea code) more ways to do a positive identification of the system so consider this a start for future research.<br />
<br />
As I have no intention of making research more difficult or disclosing installed systems, this information was send to the maintainer of Dionaea whom I had a good dialog with even thought I put him a "strange" position . Part of our conversation was forwarded to the Dionaea/Nepenthes mailing list: http://sourceforge.net/mailarchive/message.php?msg_id=29067712.<br />
<br />
<strike>At this time the scripts are not yet public, but as the mail above is public you should be able to do your own detection manually. </strike><br />
<br />
Scripts published below ..<br />
<br />
I would also like to say that I totally agree that trying to mimic a service 1:1 is hard, if not impossible to achieve. To get the functionality that is included in Dionaea today requires lot of work and understanding of the protocols being emulated. That is important to remember!<br />
<br />
It's a sad fact that it is so much simpler to find "flaws" in other peoples creations then trying to create something flawless yourself.<br />
<br />
But I like to compare this and similar research into honeypot detection to anti forensic research, research that might look as helping attackers but my view is that anything that I can find/think off has most likely already been done by someone else, someone that might not disclose it's finding to the developer/community ..<br />
<br />
I would also like to thank @lvdeijk for letting me "detect" his honeypot.<br />
--------------<br />
<b>dionaea-detect-mysql.nse</b><br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">description = [[</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">The low interaction honeypot Dionaea is remotely detectable using information in the response from the MySQL service.</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">Part of the script use code from another Nmap script created by: Patrik Karlsson </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">Although Dionaea is built for automatic attacks which would most likely not check the target before exploitation. </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">However having a honeypot that can be easily fingerprinted could attract unwanted attention to the organization running the service. </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">Thanks to Patrik Karlsson for his invaluable help during the research!</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">]]</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">author = "Mikael Keri"</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">license = "Same as Nmap--See http://nmap.org/book/man-legal.html"</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">categories = {"default", "discovery", "safe"}</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">require 'shortport'</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">require 'stdnse'</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">require 'mysql'</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">portrule = shortport.port_or_service(3306, "mysql")</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">action = function( host, port )</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> local socket = nmap.new_socket()</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> local result = {}</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"><br /></span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> socket:set_timeout(5000)</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> local status, response = socket:connect(host, port)</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> status, response = mysql.receiveGreeting( socket )</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, "root", nil, response.salt ) </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> if status and response.errorcode == 0 then</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> status, query_result = mysql.sqlQuery( socket, "SELECT @@version" )</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> end</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> socket:close()</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> if(query_result == "Learn SQL!") then</span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> findings = ("Dionaea MySQL service detected: " .. query_result) </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> end </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;"> return stdnse.format_output(true, findings) </span></div>
<div style="text-align: left;">
<span style="font-size: xx-small;">end</span></div>
<br />
----------<br />
<b>dionaea-detect-smb.nse:</b><br />
<span style="font-size: xx-small;"><br /></span><br />
<span style="font-size: xx-small;">description = [[<br />The low interaction honeypot Dionaea is remotely detectable using information from the SMB service.<br />The following two problems has been discovered:<br /><br />1) The NetBIOS name is "hardcode" into the installation. One can changed it but few if any users change settings outside the configuration file<br />2) The system times remains the same over time and is set to the date/time when the honeypot was started.<br /><br />Part of this script use code from other Nmap scripts created by: Thomas Buchanan and Ron Bowes<br /><br />Although Dionaea is built for automatic attacks which would most likely not check the target before exploitation. <br />However having a honeypot that can be easily finger printed could attract unwanted attention to the organization running the service. <br /><br />Thanks to Patrik Karlsson for his invaluable help during the research!<br /><br />]]<br /><br />--- Output:<br />--Host script results:<br />--| dionaea-detect-smb: <br />--| NetBIOS name indicates a Dionaea honeypot: HOMEUSER-3AF6FE<br />--| Time does not update between request - R1:2012-03-09 20:08:40: R2:2012-03-09 20:08:40<br />--|_ Dionaea daemon uptime: 0 days, 1:07:31.00<br /><br /><br />author = "Mikael Keri, Patrik Karlsson"<br />license = "Same as Nmap--See http://nmap.org/book/man-legal.html"<br />categories = {"default", "discovery", "safe"}<br /><br />require 'smb'<br />require 'stdnse'<br /><br />hostrule = function(host)<br /> return smb.get_port(host) ~= nil<br />end<br /><br />function add_to_output(output_table, label, value, value_if_nil)<br /> if (value == nil and value_if_nil ~= nil) then<br /> value = value_if_nil<br /> end<br /> <br /> if (value ~= nil) then<br /> table.insert(output_table, string.format("%s: %s", label, value) )<br /> end<br />end<br /><br />action = function(host)<br /> local response = {}<br /><br /> local status, result = smb.get_os(host)<br /> stdnse.sleep(2)<br /> local status, result2 = smb.get_os(host)<br /><br /> local os_string, time_string, time_string2<br /> <br /> if (result['server'] == "HOMEUSER-3AF6FE") then<br /> add_to_output( response, "NetBIOS name indicates a Dionaea honeypot", result[ "server" ] )<br /> end<br /> <br /> if (result['date']) then<br /> time_string = string.format("%s", result['date'])<br /> end<br /><br /> if (result2['date']) then<br /> time_string2 = string.format("%s", result2['date'])<br /> end<br /> <br /> if(time_string == time_string2) then<br /> add_to_output( response, "Time does not update between request - R1:" .. time_string, " R2:" ..time_string2 )<br /> end<br /><br /> local tm = {}<br /> tm.year, tm.month, tm.day, tm.hour, tm.min, tm.sec = (time_string):match("^(%d+)%-(%d+)%-(%d+) (%d+):(%d+):(%d+)$")<br /> local uptime = (os.time() - os.time(tm))<br /> <br /> local days, hours, minutes, seconds, htime, mtime, stime<br /> days = math.floor(uptime / 86400)<br /> htime = math.fmod(uptime, 86400)<br /> hours = math.floor(htime / 3600)<br /> mtime = math.fmod(htime, 3600)<br /> minutes = math.floor(mtime / 60)<br /> stime = math.fmod(mtime, 60)<br /> seconds = stime / 1<br /><br /> local dayLabel<br /><br /> if days == 1 then<br /> dayLabel = "day"<br /> else<br /> dayLabel = "days"<br /> end<br /><br /> uptime = string.format("%d %s, %d:%02d:%05.2f", days, dayLabel, hours, minutes, seconds)<br /> if(time_string == time_string2) then<br /> add_to_output( response, "Dionaea daemon uptime", uptime) <br /> end<br /> return stdnse.format_output(true, response)<br />end</span><br />
<br />
---------<br />
<b>dionaea-detect-ssl.nse:</b><br />
<br />
<span style="font-size: xx-small;">description = [[<br />The low interaction honeypot Dionaea is remotely detectable using information from the certificate used in the HTTPS and SIP-TLS services .<br />One can also calculate the uptime for Dionaea using the informaton in the certificate.<br /><br />To the defence of the Dionaea developer this issue has been noted and written about. Although I understand the usability perspective the issue is still there for anyone who looks. <br /><br />http://carnivore.it/2011/04/13/convenience<br /><br />Part of the script use code from another Nmap script created by: David Fifield<br />Although Dionaea is built for automatic attacks which would most likely not check the target before exploitation. <br />However having a honeypot that can be easily finger printed could attract unwanted attention to the organization running the service. <br /><br />Thanks to Patrik Karlsson for his invaluable help during the research!<br />]]<br /><br /><br />--- Output:<br />--Host script results:<br />--| dionaea-detect-ssl: <br />--| Standard Dionaea certificat detected : commonName=Nepenthes Development Team/organizationName=dionaea.carnivore.it/countryName=DE<br />--|_ Dionaea daemon uptime: 11 days, 16:36:39.00<br /><br />author = "Mikael Keri"</span><br />
<span style="font-size: xx-small;">license = "Same as Nmap--See http://nmap.org/book/man-legal.html"</span><br />
<span style="font-size: xx-small;">categories = { "default", "safe", "discovery" }<br /><br />require 'sslcert'<br />require 'shortport'<br />require 'stdnse'<br /><br />portrule = function(host, port)<br /> return shortport.ssl(host, port) or sslcert.isPortSupported(port)<br />end<br /><br />function add_to_output(output_table, label, value, value_if_nil)<br /> if (value == nil and value_if_nil ~= nil) then<br /> value = value_if_nil<br /> end<br /><br /> if (value ~= nil) then<br /> table.insert(output_table, string.format("%s: %s", label, value) )<br /> end<br />end<br /><br />function table_find(t, value)<br /> local i, v<br /> for i, v in ipairs(t) do<br /> if v == value then<br /> return i<br /> end<br /> end<br /> return nil<br />end<br /><br />local NON_VERBOSE_FIELDS = { "commonName", "organizationName",<br /> "stateOrProvinceName", "countryName" }<br /><br />function stringify_name(name)<br /> local fields = {}<br /> local _, k, v<br /> for _, k in ipairs(NON_VERBOSE_FIELDS) do<br /> v = name[k]<br /> if v then<br /> fields[#fields + 1] = string.format("%s=%s", k, v)<br /> end<br /> end<br /> return stdnse.strjoin("/", fields)<br />end<br /><br /> function date_to_string(date)<br /> return os.date("%Y-%m-%d %H:%M:%S", os.time(date))<br /> end<br /><br />action = function(host, port)<br />local response = {}<br /> <br /> local status, cert = sslcert.getCertificate(host, port)<br /> local tm = {}<br /> tm.year, tm.month, tm.day, tm.hour, tm.min, tm.sec = date_to_string(cert.validity.notBefore):match("^(%d+)%-(%d+)%-(%d+) (%d+):(%d+):(%d+)$")<br /> local uptime = (os.time() - os.time(tm))<br /><br /> local days, hours, minutes, seconds, htime, mtime, stime<br /> days = math.floor(uptime / 86400)<br /> htime = math.fmod(uptime, 86400)<br /> hours = math.floor(htime / 3600)<br /> mtime = math.fmod(htime, 3600)<br /> minutes = math.floor(mtime / 60)<br /> stime = math.fmod(mtime, 60)<br /> seconds = stime / 1<br /><br /> local dayLabel<br /><br /> if days == 1 then<br /> dayLabel = "day"<br /> else<br /> dayLabel = "days"<br /> end<br /> uptime = string.format("%d %s, %d:%02d:%05.2f", days, dayLabel, hours, minutes, seconds)<br /><br /> if(stringify_name(cert.subject) == "commonName=Nepenthes Development Team/organizationName=dionaea.carnivore.it/countryName=DE") then <br /> add_to_output( response, "Standard Dionaea certificat detected ",stringify_name(cert.subject)) <br /> add_to_output( response, "Dionaea daemon uptime",uptime) <br /> end<br /><br /> return stdnse.format_output(true, response)<br />end</span><br />
<br />
/MickeMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com3tag:blogger.com,1999:blog-8463491790630642817.post-53044906315327641992012-02-01T10:03:00.000+01:002012-02-14T11:52:41.903+01:00Local information leakage found in multiple iOS apps.<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1073743103 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:Cambria;
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-family:Cambria;
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;
mso-header-margin:35.4pt;
mso-footer-margin:35.4pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<div class="MsoNormal">
This post has been in the making for some time. There are
multiple reasons why it hasn't been finalized until now . </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
One of the reasons was because I don't know what to make of these findings, but some of the things I found got me thinking about how
much information we are carrying around with us on our everyday devices, that
insight isn't unique. But I would like to add my $2 cent to the insight and show how simple
it is to do application "snooping".</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>No (special) skills required ;)</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I decided to look at which information I was able to
view/access from apps installed on a non jailbreaked iDevice.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Using Ubuntu and the bundled Fuse driver, that enables you
to easily access your iDevice and it's content like stored pictures and applications which is what
the drivers was made for in the first place I guess.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The best way I found to analyze installed applications from
a running system, was to use the <b>ideviceinstaller</b> application.</div>
<div class="MsoNormal">
<br />
ideviceinstaller enables you to install (as the name
implies), remove and backup application.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-size: x-small;"> <i><b>$
ideviceinstaller -a com.goodiware.GoodReaderIPad -o copy=/tmp/ </b></i></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
This will create a local copy of the installed GoodReader
app. The app will be copied to the tmp directory as a zip archive. Which you can easily unzip to gain access to the application files
as if it was on the device it was archived from.
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Many of us handle these devices with "great" care,
to protect the information that are stored on them(locking the device, not
enabling SSO in apps etc). </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Sadly not everyone are doing this. It can be painfully
obvious if you look at your friends and families devices the next time you meet
up. I think this is especially true with "younger" users.<br />
<br />
This raises
the questions. should a unlocked device be fully open for information snooping?
As you will see further down, some apps store information locally that is not available
unless you are logged in to the application it self, why should that
information be available without a valid login and password?</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
A short note on something that got me of the track for a while,
the first time you connect a locked device, you will have to unlock it to be
able to have your Linux based system access the device. However the next time
you are able to connect and access the locked device even though it's locked.
It's seems that there is some "key exchange" during the first
"sync" which is then locally stored on the connected device (the
Linux box)</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>.config/libimobiledevice</b></i> should after a successful
connection contain files like </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: center;">
HostCertificate.pem</div>
<div class="MsoNormal" style="text-align: center;">
HostPrivateKey.pem</div>
<div class="MsoNormal" style="text-align: center;">
libimobiledevicerc</div>
<div class="MsoNormal" style="text-align: center;">
RootCertificate.pem</div>
<div class="MsoNormal" style="text-align: center;">
RootPrivateKey.pem<br />
and a file with a long random name.pem, that is unique for the connected device</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If you happen to see a error message that says that you are unable to mount your iDevice<br />
"<b>Unhandled Lockdown error (-15)</b>" (This is
usually because you have connected a locked device for the first time to the
Linux host)</div>
<div class="MsoNormal">
<br />
Then try wiping the content of the libimobiledevice directory to
be able to access your iDevice(unlocked this time).</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
On a locked device the attack vector ends up being quite
limited, as you will have to connect the device once, <i>unlocked</i> to be able
to retrieve information from the locked
device in the future. It's possible but still very limited. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Update:</b> Even if you take some measures to lock your device
to prevent a lost device from being data mined, there might be some occasion when you would let others have access to your locked device, two
examples that come to mind, if you have to get it look over by a support tech
or if you are told be customs or any other LE department to hand over your
device for inspection. This is the information that would possible be disclosed by doing so. You would most likly hand over it <i>unlocked</i>.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Findings:</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><Unnamed bank app>:</b> I was able to list all my previous
bank transactions (including amount,
date and information) from a well known "Nordic bank" app .<br />
<br />
Vendor was
informed during fall but has not yet solved the issue .. This is information
that requires a valid login to be displayed and one can question if this information should be stored in plain or rather if it should be stored locally at all ..</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Skype:</b> The Skype app stores "all" previous chat
conversations in clear text</div>
<div class="MsoNormal">
(<b>Container/Library/Application
Support/Skype/<i><username></i></b>)</div>
<div class="MsoNormal">
<b><br /></b></div>
<div class="MsoNormal">
<b>Apple mobilme:</b> The mobilme app has a feature that enables
you to track your iDevices and other Apple hardware(Macbook's etc)</div>
<div class="MsoNormal">
<br />
The application does not only store information about the device
it's installed on, but it also has information about the other devices that are been "tracking" enabled using the same
Apple-ID.<br />
<br />
The information includes, besides the devices, the name you have given
the device and</div>
<div class="MsoNormal">
which generation and/or model they are. It also contains a long
random sequence which is the same for all devices, most likely the unique ID
that connects all devices for that account.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Facebook: </b>Contains a list of all connected friends ..</div>
<div class="MsoNormal">
(<b> Container/Library/Caches/4100.0</b>).. nothing really secret I
guess ..</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Linkedin:</b> Contains amongst all connections private
email addresses, the one you only have access to if you are connected to that person or has configured your account to show(?). Also it contains a
value called "<b>accesTokenXmemberId</b>", "<b>SkeyVsecret</b>" and
"<b>WOATokenXNSObject</b>", these values could maybe be used for the apps
authentication(API?)? They could possible be used outside the apps for access as well
.. I have to look into it ..</div>
<div class="MsoNormal">
<br />
<b>More to look at</b><br />
<br /></div>
<div class="MsoNormal">
I tried to copy the Google
authentication app from one device to another to see if I was able to leverage the information stored in the
application. This did not go so well and will require more research as this
would be "bad" if one was able to copy a software token.</div>
<div class="MsoNormal">
<br />
This might require one to pick a part the application and rebuild
it as the application is most likely <b>bound</b> to the installed device. This was true with the google app, but there are more
softtoken apps on the marked to be looked at...</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
But to summarize this confusing post, I can say that I
learned a few new tricks and I found some interesting information and remembers
that even if you take care to not allow single sign on for your favorite apps,
the apps them self might store the very information that you would like to keep
private locally.<br />
<br />
/Mikael<br />
<br />
Update: The unnamed bank just released a new version fixing the above described problem. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-56662245566063067192011-11-14T22:47:00.000+01:002011-11-14T22:48:06.218+01:00dns-zeustracker.nse added to the NmapI got my dns-zeustracker.nse NSE script added to Nmap project. I looks a bit different than the one published here previously. Thanks to Patrik Karlsson for the help and pointers! Enjoy<br />
<br />
http://nmap.org/svn/scripts/dns-zeustracker.nse<br />
<br />
/MickeMikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0tag:blogger.com,1999:blog-8463491790630642817.post-52682804992984807662011-08-28T20:50:00.000+02:002011-08-28T23:16:10.562+02:00Nmap script to check if IP range is part of a Zeus botnetMy first shot at Nmap NSE scripting. Nothing fancy but it does what is says<br />
<br />
Roman Huessy was kind to give his OK to use his Zeustracker DNS service in this manner, *use* but not abuse.<br />
<br />
Let me know if you find it useful<br />
<br />
/M<br />
<br />
<br />
<pre><span style="font-size: x-small;">description = [[
Check if your IP-range is part of a Zeus botnet!
Information supplied by ZTDNS @ abuse.ch!
Please review the following information before you start to scan
https://zeustracker.abuse.ch/ztdns.php
]]
---
-- @usage
-- nmap --script=zeustracker.nse <target IP/IP-range>
-- @output
-- Host script results:
-- | zeustracker:
-- | IP: 208.87.242.18 : SBL: Not listed : ASN: 40676 Country: US
-- |_ Status: unknown Level: Unknown Files_online: 0 Dateadded: 2010-12-28
author = "Mikael Keri"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"safe", "discovery", "external", "malware"}
require "dns"
require "ipOps"
require "stdnse"
hostrule = function(host)
return not ipOps.isPrivate(host.ip)
end
action = function(host)
local dname = dns.reverse(host.ip)
dname = dname:gsub ("%.in%-addr%.arpa",".ipbl.zeustracker.abuse.ch")
result = dns.query(dname, {dtype='TXT'})
local fields = stdnse.strsplit("|", result)
local info = {}
local query = math.floor((# fields) / 9)
for i = 0, (query - 1) do
local start = i * 8
local ipaddress = fields[start + 2]
local sbl = fields[start + 3]
local asn = fields[start + 4]
local country = fields[start + 5]
local status = fields[start + 6]
local level = fields[start + 7]
if level == 5 then
level = "Hosted on a FastFlux botnet"
elseif level == 4 then
level = "Unknown"
elseif level == 3 then
level = "Free hosting service"
elseif level == 2 then
level = "Hacked webserver"
else
level = "Bulletproof hosted"
end
local files_online = fields[start + 8]
local dateadded = fields[start + 9]
local formatted = string.format("IP:%s: SBL:%s: ASN:%s Country:%s\n Status:%s Level:%s Files_online:%s Dateadded:%s", ipaddress, sbl, asn, country, status, level, files_online, dateadded)
table.insert(info, formatted)
end
return stdnse.format_output(true, info)
end
</span></pre><br />
<br />
Mikaelhttp://www.blogger.com/profile/17555357318307623181noreply@blogger.com0