0%

SUSCTF2022

简述:应该是第一次和syclover的师傅们一块参与到比赛中(tql就出一道签到,不算),本次做出了4道题,两道逆向,两道misc,只交了两道misc,逆向师傅太强了!!!

师傅们都太强了!!!!!

re

DigitalCircuits

给了一个exe的包,包上图片是python。在极客大挑战中就遇到过这种问题,我们首先将exe转成pyc文件:

1
python pyinstxtractor.py DigitalCircuits.exe

然后取出生成文件夹的struct和同名pyc文件,将struct文件前16字节覆盖到pyc文件上,然后反编译pyc文件。

1
uncompyle6 DigitalCircuits.pyc > DigitalCircuits.py

得到源码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import time


def f1(a, b):
if a == '1':
if b == '1':
return '1'
return '0'

def f2(a, b):
if a == '0':
if b == '0':
return '0'
return '1'

def f3(a):
if a == '1':
return '0'
if a == '0':
return '1'

def f4(a, b):
return f2(f1(a, f3(b)), f1(f3(a), b))

def f5(x, y, z):
s = f4(f4(x, y), z)
c = f2(f1(x, y), f1(z, f2(x, y)))
return (s, c)

def f6(a, b):
ans = ''
z = '0'
a = a[::-1]
b = b[::-1]
for i in range(32):
ans += f5(a[i], b[i], z)[0]
z = f5(a[i], b[i], z)[1]
return ans[::-1]

def f7(a, n):
return a[n:] + '0' * n

def f8(a, n):
return n * '0' + a[:-n]

def f9(a, b):
ans = ''
for i in range(32):
ans += f4(a[i], b[i])
return ans

def f10(v0, v1, k0, k1, k2, k3):
s = '00000000000000000000000000000000'
d = '10011110001101110111100110111001'#这是delta的值,老朋友了
for i in range(32):
s = f6(s, d)
v0 = f6(v0, f9(f9(f6(f7(v1, 4), k0), f6(v1, s)), f6(f8(v1, 5), k1))) #从常数猜测是tea加密,并没有&3,不是xtea
v1 = f6(v1, f9(f9(f6(f7(v0, 4), k2), f6(v0, s)), f6(f8(v0, 5), k3)))
return v0 + v1


k0 = '0100010001000101'.zfill(32) #密钥,zfill是将前面的数补成后面长度,前面加0
k1 = '0100000101000100'.zfill(32) #密钥
k2 = '0100001001000101'.zfill(32) #密钥
k3 = '0100010101000110'.zfill(32) #密钥
flag = input('please input flag:')
if flag[0:7] != 'SUSCTF{' or flag[(-1)] != '}':
print('Error!!!The formate of flag is SUSCTF{XXX}')
time.sleep(5)
exit(0)
flagstr = flag[7:-1]
if len(flagstr) != 24:
print('Error!!!The length of flag 24')
time.sleep(5)
exit(0)
else:
res = ''
for i in range(0, len(flagstr), 8):
v0 = flagstr[i:i + 4]
v0 = bin(ord(flagstr[i]))[2:].zfill(8) + bin(ord(flagstr[(i + 1)]))[2:].zfill(8) + bin(ord(flagstr[(i + 2)]))[2:].zfill(8) + bin(ord(flagstr[(i + 3)]))[2:].zfill(8)
v1 = bin(ord(flagstr[(i + 4)]))[2:].zfill(8) + bin(ord(flagstr[(i + 5)]))[2:].zfill(8) + bin(ord(flagstr[(i + 6)]))[2:].zfill(8) + bin(ord(flagstr[(i + 7)]))[2:].zfill(8)
res += f10(v0, v1, k0, k1, k2, k3)
if res == '00111110100010010100011111001011 11001100100101000100011000111001 00110001001101011000001110001000 00111011000010110110100010010011 11011010011000100111001101100001 00111011001011100110010000100111':
print('True')
else:
print('False')
time.sleep(5)
# okay decompiling DigitalCircuits.pyc

很显然从f10能看出这就是个tea加密,并且没有魔改:

但从res能看出是3组数组,不是4组,所以给出脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#include <stdio.h>
#include <stdint.h>
#define DELTA 0x9e3779b9
#define MX (((z>>5^y<<2) + (y>>3^z<<4)) ^ ((sum^y) + (key[(p&3)^e] ^ z)))

void btea (uint32_t* v,int n, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}


int main()
{
uint32_t v[2]= {0x3e8947cb,0xcc944639};
uint32_t w[2]= {0x31358388,0x3b0b6893};
uint32_t x[2]= {0xda627361,0x3b2e6427};
uint32_t k[4]= {17477,16708,16965,17734};
int n = 2; //n的绝对值表示v的长度,取正表示加密,取负表示解密
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
btea(v, -n, k);
printf("%x %x ",v[0],v[1]);
btea(w, -n, k);
printf("%x %x ",w[0],w[1]);
btea(x, -n, k);
printf("%x %x",x[0],x[1]);
return 0;
}

解出来,转换成字符串,然后套上壳。

hell_world

这个题听师傅说与西湖论剑的题是一样的。怪不得出那么快,我们来好好看一下这个题,有点像hgame里面那道虚拟机的题

这个题运行顺序是:0 – 1 – 2 – 3,在3出进行一次字符串判断,长度是44才能到4去,如果不是到5,然后输出wrong。

看内存发现输入数据存入了a1数组

然后转到9 – 10 – 11

其中case9是将输入转化为二进制,只是0和1使用2和3来替换,接着执行的case10是使用异或数组与输入进行异或操作且转化为二进制。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
case 9:
v17 = sub_7FF6554DEB56();
v41 = *(_QWORD *)(a1 + 344);
v42 = 0;
sub_7FF6554A3F60((__int64)&v41);
*(_QWORD *)(a1 + 344) = v41;
*(_BYTE *)(a1 + 368) = v42;
sub_7FF6554DEBD4(v17);
*(_DWORD *)(a1 + 372) = *(unsigned __int8 *)(a1 + 368);
v18 = sub_7FF6554DEB56();
v19 = *(_DWORD *)(a1 + 372);
if ( v19 < 0 )
sub_7FF6554F88D2("hello.vhdl", 48i64);
sub_7FF6554D0180(&v77, (unsigned int)v19, 8i64);
v55 = v77;
v56 = v38;
v38[0] = *(_DWORD *)v78;
v38[1] = *(_DWORD *)(v78 + 4);
v39 = *(_BYTE *)(v78 + 8);
v40 = *(_DWORD *)(v78 + 12);
if ( v40 != 8 )
sub_7FF6554F88D2("hello.vhdl", 48i64);
v23 = v55;
for ( i = 0i64; (unsigned int)i <= 7; ++i )
{
v25 = *(_BYTE **)(a1 + 8 * i + 16);
*(_BYTE *)(a1 + i + 392) = *(_BYTE *)(v23 + i);
v26 = 1;
if ( !v25[42] )
v26 = *v25 != *(_BYTE *)(a1 + i + 392);
if ( v26 )
sub_7FF6554E5B00();
}
sub_7FF6554DEBD4(v18);
result = sub_7FF6554DF80C(1000000i64, (__int64)"hello.vhdl", 0x31u);
*(_DWORD *)(a1 + 380) = 10;
return result;

我们看到case11处,我们能动调出比较函数,那么一定存在加密后的值,v71–》v6,所以找到了密文,我们输入经过加密就跟密文对比。

那么我们很容易就写出脚本了:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
data1 = [86,
218,
205,
58,
126,
134,
19,
181,
29,
157,
252,
151,
140,
49,
107,
201,
251,
26,
226,
45,
220,
211,
241,
244,
54,
9,
32,
66,
4,
106,
113,
83,
120,
164,
151,
143,
122,
114,
57,
232,
61,
250,
64,
61,
408,
0,
0,
0]
data2 = [5,
143,
158,
121,
42,
192,
104,
129,
45,
252,
207,
164,
181,
85,
95,
228,
157,
35,
214,
29,
241,
231,
151,
145,
6,
36,
66,
113,
60,
88,
92,
48,
25,
198,
245,
188,
75,
66,
93,
218,
88,
155,
36,
64]
flag = ''
for i in range(len(data2)):
flag += chr(data1[i] ^ data2[i])
print(flag)
#SUSCTF{40a339d4-f940-4fe0-b382-cabb310d2ead}

K.O

tttree

刚看的时候感觉是个二叉树,但无法反汇编,所以只能审代码。有点难度,复现一下:

misc

本次misc出了很快,这种感觉很不错,但我很烦题目都是英文,翻译根本翻不了。。。

ra2

红警游戏,让找旗子,说什么降落到了月球,设定是晚上很危险,白天安全,那直接把白天时间拉满不就行了。

找到目录\Romanovs-Vengeance\mods\rv\maps\ctf-01,找到ctf-01.lua文件,改几个数据

把时间无限延长,然后进去放几个狗,乱跑找flag

这个体验不错,就我在图书馆玩游戏,笑死。。

Tanner

这个题其实我第一天就有思路,而且差不多出来了,就是他这个英文翻译很不准确。。真服了,导致我虚拟机没写完呢,今天还要赶虚拟机。。

这个图,应该是lpdc的另一种表示,可以表示成矩阵,checknodes当成行,bitnodes当成列,得到(10,5)矩阵,题目给了这样一段提示

1
THE FLAG IS the sha256 of the sum ofthe proper codewords(binary plus)which satisfy the condition.(note: with no zeros front)

我纯纯文盲,应该是让求码字,note的意思应该是最后sum的和前面不能加0,而不是不能用码字求和。。。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import numpy as np
N=10
K=5 #这个值是列数-行数,而不是行数!!!这题比较巧

H=np.array([[ 1,1,1,1,0,0,0,0,0,0],
[1,0,0,0,1,1,1,0,0,0],
[0,1,0,0,1,0,0,1,1,0],
[0,0,1,0,0,1,0,1,0,1],
[0,0,0,1,0,0,1,0,1,1]])

b=[]
for i in range(2**N):
a=format(i,'b')
b.append("{:0>10s}".format(a))

v=np.zeros((2**N,N))
for i in range(2**N):
v[i]=b[i]
for j in range(N):
v[i][j]=b[i][j] #v是0000000~1111111

w=np.zeros((1,N-K))
for o in range(2**N):
if np.all(np.dot(v[o],H.T)%2==w):
print(v[o])

得到许多二进制,我们求和

1
2
3
4
5
a =
0b0000000000+0b0000000111+0b0000011001+0b0000011110+0b0000101010+0b0000101101+0b0000110011+0b0000110100+0b0011000001+0b0011000110+0b0011011000+0b0011011111+0b0011101011+0b0011101100+0b0011110010+0b0011110101+0b0101000010+0b0101000101+0b0101011011+0b0101011100+0b0101101000+0b0101101111+0b0101110001+0b0101110110+0b0110000011+0b0110000100+0b0110011010+0b0110011101+0b0110101001+0b0110101110+0b0110110000+0b0110110111+0b1001001000+0b1001001111+0b1001010001+0b1001010110+0b1001100010+0b1001100101+0b1001111011+0b1001111100+0b1010001001+0b1010001110+0b1010010000+0b1010010111+0b1010100011+0b1010100100+0b1010111010+0b1010111101+0b1100001010+0b1100001101+0b1100010011+0b1100010100+0b1100100000+0b1100100111+0b1100111001+0b1100111110+0b1111001011+0b1111001100+0b1111010010+0b1111010101+0b1111100001+0b1111100110+0b1111111000+0b1111111111
print(a)
#111111111100000
#c17019990bf57492cddf24f3cc3be588507b2d567934a101d4de2fa6d606b5c1

求得的值再sha256,用小写形式交了!!大写不行!!!

audio

如果给出了原音频和加密过的音频,要进行音频相消!

把两段音频同时拖进audacity里面,然后分别对音频进行标准化,然后分别截去静音,然后对fromfriends.wav进行反相操作,而后把两段音频叠起来即可

image-20220301172357554

读出摩斯密码!

misound

频谱图中有AnEWmuLTiPLyis_etimes_wiLLbEcomE_B,本以为是前一段flag,没想到是提示。

然后silenteye搞出来base64,翻出来是207 359 220 224 352 315 359 374 290 310 277 507 391 513 423 392 508 383 440 322 420 427 503 460 295 318 245 302 407 414 410 130 369 317

但这个最牛逼的是听起来像个摩斯密码,用sstv分析

image-20220301185258769

image-20220301185427312

用该网站https://www.dcode.fr/dotsies-writing解出来

我们用第一组数乘第二组数,然后除以26就基本确定flag长度了,26这个值可以试出来

或者我们观察第一组乘第二组除以第三组就是26的近似值!

D^3CTF

本次CTF终极被虐,太难了,但始终参与进程中,这两天把逆向题复现一下,这次逆向题的”外壳”很难搞定,学到的东西很多,师傅们太强了!

Reverse

D3MUG

这个题是unity3d游戏,而且是一个音游,应该是拿到perfect就会给flag,但被人修改了,用连点器都没用的。

第一次接触unity3d逆向,首先我们要用IL2CPP,来对libil2cpp.soglobal-metadata.dat进行操作

我们先把apk软件解压,找到下述文件,copy到Il2CppDumper.exe的文件夹下。

1
2
\lib\armeabi-v7a\libil2cpp.so`
`\assets\bin\Data\Managed\Metadata\global-metadata.dat

要新建两个文件夹,第一个是input,第二个是output

libil2cpp.soglobal-metadata.dat拷贝到input目录中。再在记事本下输入:

1
..\Il2CppDumper.exe libil2cpp.so global-metadata.dat ..\output

然后重命名成:

1
il2cpp_decompilation.bat

然后运行

发现output文件夹生成

在DummyDll中存在很多dll文件

dump.cs这个文件会把C#dll代码的类、方法、字段列出来

il2cpp.h生成cpp的头文件,从头文件里我们也可以看到相关的数据结构。

script.json以json格式显示类的方法信息:

stringliteral.json以json的格式显示所有的字符串信息:

我们在dump.cs文件中找到ScoreScene类,发现Start会check flag,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
public class GameManager : MonoBehaviour // TypeDefIndex: 4296
{
// Fields
public static GameManager instance; // 0x0
public TMP_Text GoodText; // 0xC
public TMP_Text PerfectText; // 0x10
public TMP_Text MissText; // 0x14
public BeatScroller beatScroller; // 0x18

// Methods

// RVA: 0x42CD60 Offset: 0x42CD60 VA: 0x42CD60
public static extern void update(uint msecs) { }

// RVA: 0x42CE00 Offset: 0x42CE00 VA: 0x42CE00
private void Start() { }

// RVA: 0x42CF24 Offset: 0x42CF24 VA: 0x42CF24
private void Update() { }

[IteratorStateMachine(typeof(GameManager.<loadBeatmap>d__8))]
// RVA: 0x42CE7C Offset: 0x42CE7C VA: 0x42CE7C
private IEnumerator loadBeatmap() { }

// RVA: 0x42CF50 Offset: 0x42CF50 VA: 0x42CF50
public void NoteHit(float preciseTime, int level) { }

// RVA: 0x42D0A0 Offset: 0x42D0A0 VA: 0x42D0A0
public void NoteMissed() { }

// RVA: 0x42D1B0 Offset: 0x42D1B0 VA: 0x42D1B0
public void .ctor() { }
}

GameManager这个类中的update就是d3mug.so中的update函数

如何恢复libil2cpp.so的字符串和函数:

1.先在ida打开libil2cpp.so文件

2.用Script file打开我们下载文件夹中的ida_with_struct.py脚本

3.然后会直接让选择下一个文件,我们找到output里的文件

4.继续选文件,我们选择il2cpp.h头文件

等待加载就行,但我一加载就卡死,可能这个太大了吧,320mb果然大的离谱

找到score_start函数,卡的要死。。。

在if函数中的就是要检测是否有D3CTF,如果没就会返回这句话,另一个重要的是这个

可知道这个是引用d3mug文件中的update函数

通过对GameManagerupdate进行交叉引用发现是GameManageNoteHit或GameManagerNoteMissed最后调用的GameManagerupdate,对GameManager__NoteHit进行交叉引用就可以得知是从MusicController上获取的时间,如下图

总之,逻辑如下:

玩游戏点击方块后,GameManagerNoteHit之前会从MusicController上获取preciseTime,点击后,GameManagerNoteHit在函数最后调用GameManagerupdate,传入preciseTime,然后update。接下来update检测server::instance,如果没有就初始化,初始化的值不变,若初始化,就再调用d3mug中server::run函数,这个函数会更新instance,最后check的地方也是d3mug中的get文件,拿到最后的instance然后比较是否是D3CTF开头

GameManagerloadBeatmap_d8__MoveNext函数中发现hintpoints很重要

使用AssetstdioGui来载入assets\bin\Data\data.unity3d

搜索hitpoints,发现有3个,通过运行可以得知总共会掉落1608个块,找到了恰好有1608个的hitpoints

1
2
3
4
5
6
7
8
9
10
11
12
13
hitpoints = """4,0 
3,0
1,0
3,146
......
2,140195
1,140195
4,140195
3,140195
"""
arr = []
for l in hitpoints.splitlines():
arr.append(eval(l[l.find(',')+1:]))

提取逗号后面的数,后面的数就是参数

方法一:对函数复原

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
__int64 __fastcall Server::run(__int64 this, char a2)
{
__int64 v2; // x9
__int64 v3; // x8
unsigned __int64 v4; // x13
unsigned __int64 *v5; // x12
unsigned __int64 v6; // x14
unsigned __int64 v7; // x14
__int64 v8; // x14
int *v9; // x12
unsigned __int64 v10; // x8
int v11; // w10
int v12; // w13
int v13; // w15
unsigned __int64 v14; // x8
unsigned __int64 v15; // t2

v2 = *(_QWORD *)(this + 5032);
v3 = this + 40;
v4 = (v2 + 1) % 0x270uLL;
v5 = (unsigned __int64 *)(this + 40 + 8 * v4);
*(_QWORD *)(this + 40 + 8 * v2) = (2567483615u * (*v5 & 1)) ^ *(_QWORD *)(this + 40 + 8 * ((v2 + 397) % 0x270uLL)) ^ ((*v5 & 0x7FFFFFFE | *(_QWORD *)(this + 40 + 8 * v2) & 0xFFFFFFFF80000000LL) >> 1);
v6 = *(_QWORD *)(this + 40 + 8LL * *(_QWORD *)(this + 5032));
*(_QWORD *)(this + 5032) = v4;
v7 = (((unsigned int)(v6 >> 11) ^ (unsigned int)v6) << 7) & 0x9D2C5680 ^ (unsigned int)(v6 >> 11) ^ v6;
if ( (((_DWORD)v7 << 15) & 0xEFC60000 ^ v7 ^ ((((_DWORD)v7 << 15) & 0xEFC60000 ^ v7) >> 18)) % 7 >= 3 )
{
v8 = (unsigned __int16)(v4 + 1) % 0x270u;
*v5 = (2567483615u * (*(_QWORD *)(v3 + 8LL * (unsigned int)v8) & 1LL)) ^ *(_QWORD *)(v3
+ 8LL
* ((unsigned __int16)(v4 + 397)
% 0x270u)) ^ ((*(_QWORD *)(v3 + 8LL * (unsigned int)v8) & 0x7FFFFFFELL | *v5 & 0xFFFFFFFF80000000LL) >> 1);
v9 = (int *)(this + (a2 & 0xF));
v10 = *(_QWORD *)(v3 + 8LL * *(_QWORD *)(this + 5032));
*(_QWORD *)(this + 5032) = v8;
v11 = *v9;
v12 = v9[1];
LODWORD(v8) = v9[2];
v13 = v9[3];
*v9 = v8;
v9[1] = v13;
v14 = (((((unsigned int)(v10 >> 11) ^ (unsigned int)v10) << 7) & 0x9D2C5680 ^ (unsigned int)(v10 >> 11) ^ (unsigned int)v10) << 15) & 0xEFC60000 ^ (((unsigned int)(v10 >> 11) ^ (unsigned int)v10) << 7) & 0x9D2C5680 ^ (unsigned int)(v10 >> 11) ^ v10;
HIDWORD(v15) = v8 ^ (v14 >> 18) ^ v14;
LODWORD(v15) = HIDWORD(v15);
LODWORD(v14) = v15 >> 19;
v9[2] = v14 ^ v11;
v9[3] = v12 ^ __ROR4__(v13, 18) ^ v14;
}
return this;
}

上面是要复原的函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#include <stdio.h>
#include <random>
#include <Windows.h>
using namespace std;

const DWORD hitp[] = { 0,0,0,146,292,292,439,512,585,585,658,731,804,878,1024,1170,1170,1317,1463,1463,1609,1682,1756,1756,1902,2048,2195,2341,2341,2487,2634,2634,2780,2853,2926,2926,3073,3146,3219,3219,3365,3439,3512,3512,3658,3804,3878,3951,4024,4097,4097,4243,4390,4682,4682,4682,4829,4975,4975,5121,5195,5268,5341,5414,5487,5560,5560,5853,5853,5999,6146,6146,6292,6365,6439,6439,6585,6731,6731,6731,7024,7024,7170,7317,7317,7463,7536,7609,7609,7682,7756,7829,7902,7902,7975,8048,8121,8195,8341,8487,8634,8780,9073,9073,9073,9219,9365,9365,9512,9658,9658,9804,9878,9951,9951,10097,10243,10243,10243,10390,10463,10536,10536,10682,10829,10829,10975,11121,11121,11268,11414,11414,11560,11707,11707,11853,11999,11999,11999,12146,12292,12292,12439,12439,12585,12585,12585,12731,12878,12951,13024,13097,13170,13170,13317,13463,13463,13463,13609,13756,13756,13756,13902,14048,14048,14195,14341,14487,14634,14634,14926,14926,14926,15219,15219,15219,15365,15365,15512,15512,15658,15804,15804,15951,16024,16097,16097,16170,16243,16317,16390,16390,16536,16682,16682,16829,16902,16975,16975,17121,17268,17268,17268,17414,17560,17634,17707,17780,17853,17926,17999,18073,18146,18146,18292,18439,18439,18731,18731,18731,18878,19024,19024,19024,19170,19243,19317,19463,19609,19609,19609,19756,19829,19902,20048,20195,20195,20341,20487,20487,20634,20780,20780,20926,21073,21073,21219,21365,21365,21365,21512,21585,21658,21658,21804,21951,21951,21951,22097,22243,22317,22390,22463,22536,22536,22609,22682,22756,22829,22829,22975,23121,23121,23268,23414,23560,23707,23780,23853,23926,23999,23999,24073,24146,24219,24292,24365,24439,24512,24585,24585,24731,24731,24878,24878,24878,25024,25170,25170,25317,25390,25463,25463,25609,25756,25756,25756,25902,25902,26048,26048,26195,26195,26341,26341,26414,26487,26487,26560,26634,26634,26780,26780,26926,27219,27512,27585,27658,27731,27804,27804,28097,28097,28390,28682,28682,28975,29268,29268,29560,29560,29853,29853,30146,30439,30439,30731,31024,31024,31317,31609,31609,31902,32195,32195,32487,32780,32780,32780,33365,33365,33365,33951,33951,34243,34536,34536,34829,35121,35121,35414,35707,35707,35707,35999,36292,36585,36878,36878,37024,37024,37170,37170,37463,37463,37463,37609,37756,37756,37902,38048,38048,38195,38341,38341,38487,38634,38634,38780,38926,39073,39219,39365,39512,39658,39804,39804,39951,40097,40097,40243,40390,40390,40536,40682,40829,40975,40975,41121,41268,41414,41560,41707,41853,41999,42146,42146,42292,42292,42439,42585,42731,42731,42878,42878,43024,43170,43317,43317,43463,43463,43609,43609,43682,43756,43756,43829,43902,43902,44048,44048,44195,44195,44341,44341,44487,44560,44634,44707,44780,44853,44926,44999,45073,45146,45219,45292,45365,45439,45512,45585,45658,45658,45804,45951,45951,46097,46243,46243,46536,46536,46536,46829,46829,46902,46975,47121,47121,47268,47414,47414,47560,47634,47707,47707,47853,47926,47999,47999,48146,48292,48292,48439,48585,48585,48731,48878,48878,49024,49170,49170,49243,49317,49463,49463,49609,49756,49756,49902,49975,50048,50048,50121,50195,50268,50341,50341,50487,50487,50707,50707,50926,50926,51073,51219,51365,51512,51512,51585,51658,51804,51804,51951,52097,52097,52170,52243,52317,52390,52390,52536,52609,52682,52682,52829,52975,52975,53121,53268,53268,53414,53560,53560,53707,53853,53853,53926,53999,54073,54146,54146,54219,54292,54365,54439,54439,54512,54585,54658,54731,54731,54878,54878,55024,55024,55024,55317,55317,55317,55609,55609,55609,55902,55902,55902,56195,56268,56341,56487,56487,56634,56780,56780,56926,56999,57073,57073,57219,57292,57365,57365,57512,57658,57658,57804,57951,57951,58097,58243,58243,58390,58536,58536,58609,58682,58829,58829,58975,59121,59121,59268,59341,59414,59414,59560,59634,59707,59707,59853,59926,59999,59999,60073,60292,60292,60439,60585,60585,60731,60878,60878,60951,61024,61024,61170,61170,61317,61317,61463,61463,61463,61536,61609,61609,61756,61756,61902,61902,62048,62048,62048,62121,62195,62195,62341,62341,62414,62487,62560,62634,62634,62780,62780,62926,62926,63073,63073,63219,63219,63292,63365,63439,63512,63512,63585,63658,63731,63804,63804,63878,63951,64024,64097,64097,64170,64243,64317,64390,64390,64536,64536,64609,64682,64829,64975,65121,65268,65414,65560,65560,65707,65853,65999,66146,66146,66439,66585,66878,67170,67317,67317,67609,67902,68048,68195,68341,68487,68487,68780,68926,69073,69219,69365,69512,69658,69658,69804,69951,70243,70390,70536,70682,70829,70829,71121,71268,71560,71853,71999,71999,72292,72585,72731,72878,73024,73170,73317,73463,73609,73609,73756,73975,74195,74341,74341,74634,74707,74780,74926,74926,75073,75073,75219,75219,75219,75365,75512,75512,75658,75658,75804,75804,75804,75951,76097,76097,76390,76390,76390,76536,76682,76682,76829,76829,76975,76975,76975,77268,77268,77414,77560,77560,77561,77707,77853,77853,77999,77999,78146,78146,78146,78292,78439,78439,78731,78732,78732,78878,79024,79024,79170,79171,79317,79317,79463,79609,79609,79756,79902,79902,80048,80195,80341,80341,80487,80487,80634,80780,80780,80926,80926,81073,81073,81073,81219,81365,81512,81512,81658,81658,81658,81951,81951,81951,82097,82243,82243,82390,82536,82682,82682,82829,82829,82829,82975,83121,83121,83268,83414,83414,83560,83707,83853,83853,83999,83999,83999,84292,84292,84365,84439,84512,84585,84585,84731,84804,84878,84878,84951,85024,85097,85170,85170,85317,85390,85463,85463,85536,85609,85682,85756,85756,85829,85902,85975,86048,86048,86121,86195,86268,86341,86341,86487,86634,86634,86707,86780,86853,86926,86926,87073,87146,87219,87219,87292,87365,87439,87512,87512,87658,87804,87804,87878,87951,88024,88097,88097,88170,88243,88317,88390,88390,88536,88609,88682,88682,88829,88975,88975,89121,89121,89268,89268,89414,89414,89560,89560,89707,89707,89853,89853,89999,89999,90146,90146,90292,90292,90439,90439,90585,90585,90731,90731,90878,90878,91024,91024,91170,91170,91317,91317,91390,91463,91536,91609,91682,91756,91829,91902,91975,92048,92121,92195,92268,92341,92634,92780,92926,93219,93365,93365,93365,93365,93658,93658,93804,93878,93951,93951,94097,94243,94317,94390,94463,94536,94536,94682,94829,94829,94975,95121,95121,95268,95414,95487,95560,95634,95707,95707,95853,95853,95999,95999,96146,96292,96292,96292,96439,96585,96585,96658,96731,96804,96878,96878,97024,97170,97170,97317,97390,97463,97463,97609,97756,97756,97829,97902,98048,98048,98048,98195,98341,98341,98487,98560,98634,98634,98780,98926,98926,99073,99219,99219,99365,99512,99512,99658,99804,99804,99951,100097,100170,100243,100317,100390,100390,100536,100682,100682,100829,100975,100975,100975,101121,101268,101268,101341,101414,101487,101560,101560,101707,101853,101853,101926,101999,102073,102146,102146,102292,102439,102439,102439,102585,102658,102731,102731,102878,103024,103024,103024,103170,103243,103317,103317,103317,103463,103609,103682,103756,103829,103902,103902,104048,104195,104195,104341,104487,104487,104487,104634,104780,104853,104926,104999,105073,105073,105219,105365,105365,105512,105658,105658,105658,105804,105951,105951,106097,106170,106243,106243,106317,106390,106536,106536,106682,106756,106829,106829,106829,106975,107121,107121,107268,107268,107414,107414,107414,107560,107707,107707,107707,107853,107999,107999,107999,108146,108292,108292,108439,108585,108585,108731,108878,108878,108878,109024,109170,109170,109317,109463,109463,109536,109609,109682,109756,109756,109902,110048,110048,110048,110195,110195,110341,110341,110341,110487,110487,110634,110634,110634,110780,110780,110926,110926,110926,111073,111073,111219,111219,111219,111365,111512,111658,111731,111804,111878,111951,112024,112097,112097,112097,112390,112390,112536,112682,112682,112682,112829,112975,112975,113121,113268,113268,113414,113560,113560,113707,113853,113853,113999,114146,114219,114292,114365,114439,114439,114585,114731,114731,114878,115024,115024,115024,115170,115317,115317,115463,115536,115609,115609,115756,115902,115902,115975,116048,116121,116195,116195,116268,116341,116414,116487,116487,116560,116634,116707,116780,116780,116926,117073,117073,117219,117365,117365,117512,117658,117658,117804,117878,117951,117951,118097,118243,118243,118390,118536,118536,118682,118829,118902,118975,119048,119121,119121,119268,119414,119414,119560,119707,119707,119853,119999,119999,120146,120292,120292,120439,120439,120731,121024,121170,121463,121536,121609,121682,121756,121756,121756,121902,122048,122048,122048,122195,122341,122341,122341,122487,122560,122634,122634,122634,122780,122926,122926,122926,123073,123219,123219,123219,123365,123512,123512,123512,123585,123658,123731,123804,123804,123804,123951,124097,124097,124097,124243,124390,124390,124390,124536,124682,124682,124682,124829,124975,124975,124975,125121,125268,125268,125268,125414,125487,125560,125560,125560,125707,125853,125853,125853,125999,126146,126146,126146,126292,126439,126439,126439,126585,126585,126731,126731,126878,126878,127024,127024,127024,127170,127170,127317,127317,127463,127463,127609,127609,127609,127756,127756,127902,127902,128048,128048,128195,128195,128268,128341,128341,128414,128487,128487,128560,128634,128707,128780,128780,128853,128926,128999,129073,129146,129219,129292,129365,129365,129439,129512,129585,129658,129731,129804,129878,129951,129951,130024,130097,130170,130243,130243,130317,130390,130463,130536,130536,130682,130756,130829,130829,130829,130975,130975,131121,131195,131268,131341,131560,131707,131707,131780,131853,131926,132146,132292,132365,132439,132512,132731,132878,132878,132951,133024,133097,133463,133463,133756,134048,134048,134048,134341,134634,134634,134926,134926,135219,135219,135219,135512,135512,135658,135658,135804,135804,135951,135951,136097,136097,136243,136243,136390,136390,136536,136536,136609,136682,136682,136829,136829,136902,136975,136975,137121,137121,137268,137268,137414,137414,137560,137560,137707,137707,137780,137853,137926,137999,137999,138073,138146,138146,138219,138292,138365,138439,138439,138512,138585,138658,138731,138731,138804,138878,138951,139024,139024,139097,139170,139243,139317,139317,139463,139463,139609,139609,139756,139756,139902,139902,140195,140195,140195,140195 };

DWORD __ROR4__(DWORD a1, char a2)
{
return (a1 >> a2) | (a1 << (32 - a2));
}



int rounds(uint8_t* bytes, unsigned int a2, int a3)
{
DWORD* v3; // r4
DWORD v4; // r12
DWORD v5[2]; // r5
DWORD v6; // r3
DWORD result; // r0

v3 = (DWORD*)((char*)bytes + a3);
v4 = *(DWORD*)((char*)bytes + a3);
*(DWORD64*)&v5[0] = *(DWORD64*)((char*)bytes + a3 + 4);
v6 = *(DWORD*)((char*)bytes + a3 + 12);
*(DWORD*)((char*)bytes + a3) = *(&v5[0] + 1);
result = v4 ^ __ROR4__(*(&v5[0] + 1) ^ a2, 19);
v3[3] = v5[0] ^ __ROR4__(v6, 18) ^ __ROR4__(*(&v5[0] + 1) ^ a2, 19);
v3[1] = v6;
v3[2] = result;
return result;
}



int main(int argc, char const* argv[])
{
unsigned char enc_bytes[] =
{
0x3C, 0xAC, 0x92, 0x6F, 0x44, 0xA1, 0xC1, 0x17, 0xFD, 0x62,
0x60, 0xDD, 0x63, 0xF8, 0xE3, 0x2A, 0x5E, 0x75, 0x78, 0xBE,
0x59, 0x46, 0x33, 0xF6, 0x2E, 0x64, 0x61, 0x8A, 0x27, 0x93,
0x21, 0x7D, 0x00
};
mt19937 rng(-196167794);
for (int i = 0; i < 1608; ++i)
{
if (rng() % 7 >= 3)
{
rounds(enc_bytes, rng(), hitp[i] & 0xF);
}
}
printf("%s\n", enc_bytes);
getchar();
return 0;
}
//D3CTF{Gb78e-7b04-4364-82d2-7f44}

我只能说写出这个脚本的人是神!

方法二:用frida

frida hook得到最后的server::instance,也就是flag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
function hooktest () { 
let i = 0;
var d3mug = Module.findBaseAddress("libd3mug.so");
Interceptor.attach(d3mug.add(0x0000780), {
onEnter: function (args) {
var real_time = arr[i++];
args[0] = new NativePointer(real_time);
},
onLeave: function (arg) {
console.log(hexdump(d3mug.add(0x0000000000002D18).readPointer()));
return arg;
}
});
}
setImmediate(function () {
setTimeout(hooktest, 100);
})

安卓机子到了再搞。

d3arm

这个题也是第一次见,给了一个bin文件,首先我们将bin转换成hex文件,然后用ida的arm小端来打开hex文件就行

上面是主函数

这个函数选择难度,我们必须选择hard难度 这样这个MEMORY[0x200028E4] == 450000才成立

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
int sub_5FA4()
{
sub_75C2(536880148);
sub_765E(536880148, 536871392, 6);
sub_75D0(536880148, (const char *)&unk_6068);
sub_75D0(536880148, " You get %2d points ", MEMORY[0x2000326C]);
sub_75D0(536880148, " Good! Try it again. ");
sub_75D0(536880148, " ");
sub_7610(536880148);
if ( MEMORY[0x2000326C] == 42 && MEMORY[0x200028E4] == 450000 )
{
sub_75C2(536880148);
sub_765E(536880148, 536871392, 6);
sub_75D0(536880148, (const char *)0x800E094);
sub_75D0(536880148, " flag is shown below ");
sub_75D0(536880148, (const char *)0x200022C8);
sub_7610(536880148);
}
return sub_7F48(1000000);
}

我们通过字符串找到主函数

我们发现对比是内存中*(0x2000326C)== 42 *(0x200028E4)== 45000

这个是对flag的生成

通过对异或的值交叉引用发现异或的值有一个生成过程

找到异或后的值的生成位置

直接写脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
xor_arr = [] 
for i in range(42):
v1 = i % 3
xor_arr.append((0x335E44 >> (8 * v1)) & 0xff)
cmp = [0x00000020, 0x0000006D, 0x00000050, 0x00000030, 0x00000038, 0x00000048,
0x00000020, 0x0000006C, 0x00000007, 0x0000007D, 0x0000006C, 0x00000055,
0x0000007D, 0x00000068, 0x00000003, 0x00000027, 0x00000066, 0x00000000,
0x00000022, 0x00000069, 0x00000002, 0x0000007D, 0x0000006D, 0x0000000B,
0x00000077, 0x0000003B, 0x00000002, 0x00000027, 0x0000003B, 0x00000050,
0x00000073, 0x00000038, 0x00000004, 0x00000071, 0x0000003B, 0x00000050,
0x0000007D, 0x0000006A, 0x00000052, 0x00000075, 0x0000006D, 0x0000004E]
for j in range(len(cmp)):
print(chr(cmp[j] ^ xor_arr[j]), end='')
# d3ctf{d2492f960c83f719383e1cec7f75ec94a13}

d3thon

第一次见这种题,给了三种文件,从未见过lbc文件,剩下也不知道是做什么用的,师傅们说是pyd文件,然后可以用python3.1跑起来,lbc包含了指令的逻辑,so文件是类似解释器的东西

这个lbc文件可用010打开

那只能硬猜是什么意思了,在一些函数中添加输出,发现start中循环16次,所以我们能猜测出

FLNPsiCIvICFtzpUAR:cnt1:1表示cnt +=1,那么FLNPsiCIvICFtzpUAR代表add

OuGFUKNGxNLeHOudCK:cnt1:0:1表示cnt1>0时准备jmp到下面的函数

ZOAmcoLkGlAXXqf就是定义函数吧

1
2
3
4
5
6
7
8
9
10
kZslMZYnvPBwgdCz print 
oGwDokoxZgoeViFcAF 赋值(如果赋值为KezJKhCxGRZnfLCGT, 则为输入
RDDDZUiIKbxCubJEN jmp
todeVDuRkYSIITaT 转为2进制
uPapnsSbmeJLjin 转为10进制
kuhisCvwaXWfqCs -flag - 1
IEKMEDdrPpzpdKy add
OcKUQCYqhwHXfAgGZH xor
FLNPsiCIvICFtzpUAR sub
OuGFUKNGxNLeHOudCK cmp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
fp = open('data.txt','r')
a = fp.read().strip().replace("'",'').split('\n')
fpout = open('data2.txt','w')
out_list = []
a = a[::-1]

for l in a:
l = l.split(':')
if l[0] =='kuhisCvwaXWfqCs':
fpout.write('flag = -flag\n')
elif l[0] == 'IEKMEDdrPpzpdKy':
fpout.write('flag -= ' + l[2] + '\n')
elif l[0] == 'FLNPsiCIvICFtzpUAR':
fpout.write('flag += ' + l[2] + '\n')
elif l[0] == 'OcKUQCYqhwHXfAgGZH':
fpout.write('flag ^= ' + l[2] + '\n')

我们可以按上面的逻辑进行字符串的替换,得到一个新的脚本,这个脚本就是完全逆向的。

整理输出flag

d3hotel

这个题哦其实没那么麻烦,我们在网站中点f12查看文件,这个网页上总共四个文件

这有3个还有数据包在url中

拿到数据包就导入assertstdiogui查看

其中main.lua是重点,我们取下来,然后进行反编译

如何进行lua的反编译,首先将lua文件和unluac.jar文件放在一个文件夹中

1
java -jar unlua.jar main.lua>main1.lua

main1.lua就是我们要的反编译后的程序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
local L0_1, L1_1, L2_1, L3_1, L4_1, L5_1, L6_1, L7_1, L8_1, L9_1, L10_1, L11_1
L0_1 = require
L1_1 = "matrix"
L0_1 = L0_1(L1_1)
matrix = L0_1
L0_1 = matrix
L1_1 = 5
L2_1 = 5
L3_1 = 0
L0_1 = L0_1(L1_1, L2_1, L3_1)
m = L0_1
L0_1 = matrix
L1_1 = {}
L2_1 = {}
L3_1 = 6422944
L4_1 = -7719232
L5_1 = 41640292
L6_1 = -1428488
L7_1 = -36954388
L2_1[1] = L3_1
L2_1[2] = L4_1
L2_1[3] = L5_1
L2_1[4] = L6_1
L2_1[5] = L7_1
L3_1 = {}
L4_1 = 43676120
L5_1 = -26534136
L6_1 = -31608964
L7_1 = -20570796
L8_1 = 22753040
L3_1[1] = L4_1
L3_1[2] = L5_1
L3_1[3] = L6_1
L3_1[4] = L7_1
L3_1[5] = L8_1
L4_1 = {}
L5_1 = -6066184
L6_1 = 30440152
L7_1 = 5229916
L8_1 = -16857572
L9_1 = -16335464
L4_1[1] = L5_1
L4_1[2] = L6_1
L4_1[3] = L7_1
L4_1[4] = L8_1
L4_1[5] = L9_1
L5_1 = {}
L6_1 = -8185648
L7_1 = -17254720
L8_1 = -22800152
L9_1 = -8484728
L10_1 = 44642816
L5_1[1] = L6_1
L5_1[2] = L7_1
L5_1[3] = L8_1
L5_1[4] = L9_1
L5_1[5] = L10_1
L6_1 = {}
L7_1 = -35858512
L8_1 = 10913104
L9_1 = -4165844
L10_1 = 37696936
L11_1 = -10061980
L6_1[1] = L7_1
L6_1[2] = L8_1
L6_1[3] = L9_1
L6_1[4] = L10_1
L6_1[5] = L11_1
L1_1[1] = L2_1
L1_1[2] = L3_1
L1_1[3] = L4_1
L1_1[4] = L5_1
L1_1[5] = L6_1
L0_1 = L0_1(L1_1)
n = L0_1
function L0_1(A0_2)
local L1_2, L2_2, L3_2, L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2
L1_2 = #A0_2
if L1_2 ~= 25 then//矩阵长度25
L1_2 = 0
return L1_2
end
L1_2 = 1
L2_2 = 5
L3_2 = 1
for L4_2 = L1_2, L2_2, L3_2 do
L5_2 = 1
L6_2 = 5
L7_2 = 1
for L8_2 = L5_2, L6_2, L7_2 do
L9_2 = m
L9_2 = L9_2[L4_2]
L10_2 = string
L10_2 = L10_2.byte
L11_2 = A0_2
L12_2 = L4_2 - 1
L12_2 = L12_2 * 5
L12_2 = L12_2 + L8_2
L10_2 = L10_2(L11_2, L12_2)
L9_2[L8_2] = L10_2
end
end
L1_2 = tonumber
L2_2 = string
L2_2 = L2_2.format
L3_2 = "%.5f"
L4_2 = matrix
L4_2 = L4_2.det
L5_2 = m
L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2 = L4_2(L5_2)
L2_2, L3_2, L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2 = L2_2(L3_2, L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2)
L1_2 = L1_2(L2_2, L3_2, L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2)
det = L1_2
L1_2 = matrix
L2_2 = 5
L3_2 = "I"
L1_2 = L1_2(L2_2, L3_2)
L2_2 = det
L1_2 = L1_2 * L2_2
L2_2 = m
L3_2 = n
L2_2 = L2_2 * L3_2
if L1_2 == L2_2 then//matrix(5, "I") * tonumber(L2_2, L3_2, L4_2, L5_2, L6_2, L7_2, L8_2, L9_2, L10_2, L11_2, L12_2) == m * n
L1_2 = 1
L1_2 = 1
return L1_2
else
L1_2 = 0
return L1_2
end
end
f = L0_1

https://github.com/davidm/lua-matrix/blob/master/lua/matrix.lua源码

我们可以推出单位矩阵xdet(m)== nm

所以只需要求m就行了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
import numpy as np 
det_n = np.linalg.det(n)
sq2 = np.sqrt(det_n)
sq4 = np.sqrt(sq2)
m = n.I * sq4
print(m)
[[-100. -51. -99. -116. -102.]
[-123. -87. -51. -98. -97.]
[ -53. -109. -95. -49. -115.]
[ -95. -65. -119. -101. -53.]
[-111. -111. -109. -51. -125.]]
m = [[-100, -51, -99, -116, -102],
[-123, -87, -51, -98, -97],
[ -53, -109, -95, -49, -115],
[ -95, -65, -119, -101, -53],
[-111, -111, -109, -51, -125]]
for l in m:
for x in l:
print(chr(-x),end='')
d3ctf{W3ba5m_1s_Awe5oom3}

交上去不对,然后找了许多地方,找到验证处

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
void unnamed_function_39846(int param1,undefined4 param2)

{
int iVar1;
undefined4 uVar2;
int param1_00;
int param2_00;
undefined4 *puVar3;

if (cRam002f65f4 == '\0') {
unnamed_function_432(0x24b40c);
unnamed_function_432(0x24b8dc);
unnamed_function_432(0x252bd4);
unnamed_function_432(0x251d78);
unnamed_function_432(0x24fac4);
cRam002f65f4 = '\x01';
}
iVar1 = unnamed_function_1598
(*(undefined4 *)(*(int *)(param1 + 0xc) + 0xc),uRam00252bd4,uRam0024b8dc);
uVar2 = unnamed_function_670(param1,0);
param1_00 = unnamed_function_702(uVar2,uRam0024b40c);
param2_00 = unnamed_function_4566(*(undefined4 *)(param1_00 + 0x110),0);
if (*(int *)(param2_00 + 0xc) == 0x19) { //长度比较
*(short *)(param2_00 + 0x22) = *(short *)(param2_00 + 0x22) + 0x21;
//这里对输入的某个字符进行了+0x21的操作
}
uVar2 = unnamed_function_4565(0,param2_00,0);
puVar3 = (undefined4 *)0x24fac4;
iVar1 = (**(code **)((longlong)*(int *)(iVar1 + 0xc) * 8))
(*(undefined4 *)(iVar1 + 0x20),uVar2,*(undefined4 *)(iVar1 + 0x14));
if (iVar1 != 1) { //1
puVar3 = (undefined4 *)0x251d78;
}
unnamed_function_6086(param1_00,*puVar3,0);
return;
}

也就是说我们在验证长度后,又对某个字符进行+33的操作,那么直接爆破试试就行了!

d3ctf{W3b@5m_1s_Awe5oom3}

d3wow

这个题是一道迷宫题,给了两个函数,第一个函数是要求输入1,2,3,4但都不能超范围,通过动调发现这个函数还在验证前几个字符是否是d3ctf{2,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
int __cdecl sub_401000(int a1, int a2)
{
int v3; // [esp+0h] [ebp-10h]
int v4; // [esp+8h] [ebp-8h]
int v5; // [esp+Ch] [ebp-4h]

v5 = 0;
v4 = 0;
v3 = 6;
if ( *(_DWORD *)a1 != 1952658276 )
return 1;
if ( *(_WORD *)(a1 + 4) != 31590 )
return 1;
if ( *(_BYTE *)(a1 + 6) != 50 )
return 1;
while ( *(_BYTE *)(v3 + a1) != 125 )
{
switch ( *(_BYTE *)(v3 + a1) )
{
case '1':
*(_DWORD *)(a2 + 24 * v5 + 4 * v4) |= 8u;
*(_DWORD *)(a2 + 24 * --v5 + 4 * v4) |= 2u;
goto LABEL_14;
case '2':
*(_DWORD *)(a2 + 24 * v5 + 4 * v4) |= 2u;
*(_DWORD *)(a2 + 24 * ++v5 + 4 * v4) |= 8u;
goto LABEL_14;
case '3':
*(_DWORD *)(a2 + 24 * v5 + 4 * v4) |= 4u;
*(_DWORD *)(a2 + 24 * v5 + 4 * v4-- - 4) |= 1u;
goto LABEL_14;
case '4':
*(_DWORD *)(a2 + 24 * v5 + 4 * v4) |= 1u;
*(_DWORD *)(a2 + 24 * v5 + 4 * v4++ + 4) |= 4u;
LABEL_14:
if ( v5 < 0 || v4 < 0 || v5 > 5 || v4 > 5 )
return 1;
++v3;
break;
default:
return 1;
}
}
return 0;
}

这个函数很好理解,下一个函数明显是64位的,但被嵌在32位中了,我们通过dump进行提取:

在32位里打开找到函数地址

dump出来再用64 位打开,进行创建函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
int64 sub_0()
{
_DWORD *v0; // rcx
int v2; // [rsp+0h] [rbp-A8h]
int v3; // [rsp+0h] [rbp-A8h]
int v4; // [rsp+0h] [rbp-A8h]
int v5; // [rsp+4h] [rbp-A4h]
int v6; // [rsp+4h] [rbp-A4h]
int v7; // [rsp+4h] [rbp-A4h]
int i; // [rsp+8h] [rbp-A0h]
int j; // [rsp+Ch] [rbp-9Ch]
int v10; // [rsp+10h] [rbp-98h]
int v11; // [rsp+14h] [rbp-94h]
int k; // [rsp+18h] [rbp-90h]
int m; // [rsp+1Ch] [rbp-8Ch]
unsigned int v14; // [rsp+20h] [rbp-88h]
unsigned int v15; // [rsp+24h] [rbp-84h]
unsigned int v16; // [rsp+28h] [rbp-80h]
unsigned int v17; // [rsp+2Ch] [rbp-7Ch]
unsigned int v18; // [rsp+30h] [rbp-78h]
unsigned int v19; // [rsp+34h] [rbp-74h]
int v20[4]; // [rsp+38h] [rbp-70h]
int v21[10]; // [rsp+48h] [rbp-60h]
__int64 v22; // [rsp+70h] [rbp-38h]
__int64 v23; // [rsp+78h] [rbp-30h]
__int64 v24; // [rsp+80h] [rbp-28h]
__int64 v25; // [rsp+88h] [rbp-20h]
__int64 v26; // [rsp+90h] [rbp-18h]
__int64 v27; // [rsp+98h] [rbp-10h]
_DWORD *retaddr; // [rsp+B0h] [rbp+8h]

MEMORY[0x12F0]((unsigned int)retaddr);
retaddr = v0;
v20[0] = 0;
v20[1] = 14;
v20[2] = 20;
v21[0] = 4;
v21[1] = 13;
v21[2] = 15;
v21[3] = 21;
v21[4] = 24;
v21[5] = 31;
v21[6] = 32;
v21[7] = 41;
v21[8] = 45;
v21[9] = 53;
for ( i = 0; i < 6; ++i )
{
for ( j = 0; j < 6; ++j )
{
if ( retaddr[6 * i + j] > 0xFu )
return MEMORY[0x1301]();
v14 = retaddr[6 * i + j] % 0x10u / 8;//得到的结果是0,1
v22 = j;
v15 = retaddr[6 * i + j] % 8u / 4 + v14;
v23 = j;
v16 = retaddr[6 * i + j] % 4u / 2 + v15;//这个加起来最大是4,代表4条路
v24 = j;
if ( retaddr[6 * i + j] % 2u + v16 > 2 || !j && retaddr[6 * i] % 8u / 4 )//前面代表路径不能超过2
return MEMORY[0x1301]();
if ( j == 5 && retaddr[6 * i + 5] % 2u || !i && retaddr[j] % 0x10u / 8 || i == 5 && retaddr[j + 30] % 4u / 2 )//能推出1,3是下或者2,3是右,直接猜出上下左右是3142
return MEMORY[0x1301]();//上述是检测是否到达边界
}
}
//特殊点1
for ( k = 0; (unsigned __int64)k < 3; ++k )
{
v2 = v20[k] / 10;//分别是0,1,2,代表列
v5 = v20[k] % 10;//分别是0,4,0,代表行
//平行的方向不能同时出现,也就是方向必须垂直
if ( retaddr[6 * v2 + v5] % 0x10u / 8 && retaddr[6 * v2 + v5] % 4u / 2 )
return MEMORY[0x1301]();
if ( retaddr[6 * v2 + v5] % 8u / 4 && retaddr[6 * v2 + v5] % 2u )
return MEMORY[0x1301]();
v17 = retaddr[6 * v2 + v5] % 0x10u / 8;
v25 = v5;
v18 = retaddr[6 * v2 + v5] % 4u / 2 + v17;
v26 = v5;
v19 = retaddr[6 * v2 + v5] % 2u + v18;
v27 = v5;
if ( retaddr[6 * v2 + v5] % 8u / 4 + v19 != 2 )//该点通道必须等于2
return MEMORY[0x1301]();
//下个点与该点方向相同
if ( retaddr[6 * v2 + v5] % 0x10u / 8 )
{
if ( !(retaddr[6 * v2 - 6 + v5] % 0x10u / 8) )
return MEMORY[0x1301]();
}
else if ( retaddr[6 * v2 + v5] % 4u / 2 )
{
if ( !(retaddr[6 * v2 + 6 + v5] % 4u / 2) )
return MEMORY[0x1301]();
}
else if ( retaddr[6 * v2 + v5] % 8u / 4 )
{
if ( !(retaddr[6 * v2 - 1 + v5] % 8u / 4) )
return MEMORY[0x1301]();
}
else if ( retaddr[6 * v2 + v5] % 2u && !(retaddr[6 * v2 + 1 + v5] % 2u) )
{
return MEMORY[0x1301]();
}
}
//特殊点2
for ( m = 0; (unsigned __int64)m < 0xA; ++m )
{
v3 = v21[m] / 10;//0,1,1,2,2,3,3,4,4,5列
v6 = v21[m] % 10;//4,3,5,1,4,1,2,1,5,3行
//方向平行
if ( (!(retaddr[6 * v3 + v6] % 0x10u / 8) || !(retaddr[6 * v3 + v6] % 4u / 2))
&& (!(retaddr[6 * v3 + v6] % 8u / 4) || !(retaddr[6 * v3 + v6] % 2u))
|| retaddr[6 * v3 + v6] % 0x10u / 8//必须有垂直该点的通道
&& retaddr[6 * v3 + v6] % 4u / 2
&& !(retaddr[6 * v3 - 6 + v6] % 8u / 4)
&& !(retaddr[6 * v3 - 6 + v6] % 2u)
&& !(retaddr[6 * v3 + 6 + v6] % 8u / 4)
&& !(retaddr[6 * v3 + 6 + v6] % 2u)
|| retaddr[6 * v3 + v6] % 8u / 4
&& retaddr[6 * v3 + v6] % 2u
&& !(retaddr[6 * v3 + 1 + v6] % 0x10u / 8)
&& !(retaddr[6 * v3 + 1 + v6] % 4u / 2)
&& !(retaddr[6 * v3 - 1 + v6] % 0x10u / 8)
&& !(retaddr[6 * v3 - 1 + v6] % 4u / 2) )
{
return MEMORY[0x1301]();
}
}
v10 = 0;
v11 = 0;
v4 = 0;
v7 = 0;
//自动寻路
if ( *retaddr % 0x10u / 8 )
{
v4 = -1;
while ( 1 )
{
LABEL_67:
if ( !(retaddr[6 * v4 + v7] % 0x10u / 8) || v4 - 1 == v10 && v7 == v11 )
{
if ( !(retaddr[6 * v4 + v7] % 4u / 2) || v4 + 1 == v10 && v7 == v11 )
{
if ( !(retaddr[6 * v4 + v7] % 8u / 4) || v4 == v10 && v7 - 1 == v11 )
{
if ( !(retaddr[6 * v4 + v7] % 2u) || v4 == v10 && v7 + 1 == v11 )
return MEMORY[0x1301]();
v10 = v4;
v11 = v7++;
}
else
{
v10 = v4;
v11 = v7--;
}
}
else
{
v10 = v4;
v11 = v7;
++v4;
}
}
else
{
v10 = v4;
v11 = v7;
--v4;
}
if ( !v4 && !v7 )
return MEMORY[0x1301]();
}
}
if ( *retaddr % 4u / 2 )
{
v4 = 1;
goto LABEL_67;
}
if ( *retaddr % 8u / 4 )
{
v7 = -1;
goto LABEL_67;
}
if ( *retaddr % 2u )
{
v7 = 1;
goto LABEL_67;
}
return MEMORY[0x1301]();
}

得到图:

实心图是特殊点1,空心是特殊点2,左上角出发!

d3ctf{22441442223133324424441111133333}

Misc

BadW3ter

image-20220314141125696

改一下image-20220314141139098

猜想CUY1nw31lai为deepsound的密码,然后解出一个图片,但图片是tif文件,我们用ps打开,发现该图片是叠加的

image-20220314141343566

我们使用油漆桶吧背景搞黑,二维码就变了

image-20220314141319681

D3CTF{M1r@9e_T@nK_1s_Om0sh1roiii1111!!!!!Isn’t_1t?}

反调试破解

最近很多题都碰到了很烦人的反调试,有些反调试并不好调试过去,所以有了学习的要求。

静态反调试技巧

要记住几个重要的点

一、PEB

在反调试中会遇到PEB结构体中的几个点

image-20220716143446427

1、BeingDebugged

在PEB结构体地址offset为0x2处,如果在调试的状态这个值会变成1,否则是0。检测的时候我们最常见到的是IsDebuggerPresent()api函数来判断是否处于调试阶段,其原理是先从TEB中找FS:[18],然后通过TEB.ProcessEnviromentBlock成员获取PEB地址然后找到偏移处就行。

2、Ldr

在偏移处0xc,PEB.Ldr是一个指向_PEB_LDR_DATA结构体的指针,其结构体是在堆内存创建的所以看该区域有无0xfeeefeee区域,有这个说明在调试状态,所以要将其改为NULL

3、Process Heap

PEB.ProcessHeap指向HEAP结构体的指针,偏移为0x18

image-20220716150628240

进程处于调试状态时Flags和ForceFlags会变成特定值,可以从GetProcessHeap()这个api来获取PEB.ProcessHeap,这个api原理也是从TEB开始找到PEB.ProcessHeap。在非调试状态下,Flags的值为0x2,ForceFlags成员的值为0x0.

4、NtGlobalFlag

偏移为0x68,这个值在调试的时候会变成0x70,改为0x00就行

eg:

遇到第一种情况直接F7进入查看下面hex dump中的eax值,改为0就行

image-20220716161942009

对于Ldr,call eax是为了调用ntdll.NtCurrentTeb()api,PEB地址是会存到EBX寄存器的,然后进行EEFEEEFE的初始化,再将Ldr的地址存到ESI寄存器

image-20220716162337412

二、NtQueryInformationProcess()

这是一个api,用来探测调试器的技术

image-20220717104125352

主要看第二个参数PROCESSINFOCLASS ProcessInformationClass指定特定值并调用该函数,相关信息被设置到PVOID ProcessInformation,其中PROCESSINFOCLASS是枚举类型

image-20220717104305767

image-20220717104312400

1、ProcessDebugPort

当进程处于调试状态,系统分配一个调试端口,ProcessDebugPort参数为7时,调用NtQueryInformationProcess()函数就能获取调试端口,若进程不在调试状态,其变量dwDebugPort值为0,若处于调试状态,其值为0xfffffff

image-20220717110648860

CheckRemoteDebuggerPresent()这个api和IsDebuggerPresent()api是差不多的,用来检测进程是否处于调试阶段,该api不仅可以检测当前进程还能检测其他进程是否处于调试状态

image-20220717111402914

3、ProcessDebugFlags(0x1F)

检测DebugFlags的值来判断是否处于调试状态,函数第二个参数设置为ProcessDebugFlags时,第三个值调取调试标志的值,若为0,则进程处于调试阶段,若为1,在非调试阶段

image-20220717111627367

三、NtQuerySystemInoformation()

这是基于调试环境检测的反调试技术

image-20220717163714735

四、NtQueryObject()

image-20220717164203400

五、ZwSetInformationThread()

找到栈前第二个参数值,改为0就行

六、ETC

image-20220717164336018

我们只要找到字符串魔改就行,把findwindows()api的第一个参数全改为null

Geek大挑战

恭喜!找到了这个地方,看来你已经完成了crackme环节,只剩最后一步就能拿到flag了。但是,下面的东西,究竟是什么呢?

1
NTAgNEIgMDMgMDQgMTQgMDAgMDAgMDAgMDggMDAgNEIgNDYgNTIgNTUgMTggQTEKNEUgQjYgQzYgREQgMDAgMDAgMTUgNjggQTMgMDAgMDggMDAgMDAgMDAgNjYgNkMKNjEgNjcgMkUgNzQgNzggNzQgRUMgQzggMzEgMEQgMDAgMDAgMDggMDMgQjAgOUYKMDQgMEYgRDMgNDAgODIgN0YgNkIgREMgNzggRTggRDMgQTMgQzkgRUMgRTYgRDkKMjUgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkKQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUKOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQKNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIKNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEKMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkKQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUKOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQKNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIKNEEgMjkgQTUgOTQgRjIgRDggOTEgNDMgMDIgMDAgMDAgMDAgMDAgMjAgRkYgNUYKM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgMTMgRkIgNzMgNkMgMDIgNDAgMDggMDMgNTAgNzQKMTUgNDcgMzggODUgNDMgREMgN0YgMzEgMkQgNDQgMkQgNkMgMkMgMkMgODQgRDcKN0MgQzIgNEIgMTEgMDIgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgRDMgMTggREIgMzAgREEgMzEgRkUgMjUgMkMgRUQgOTggNzIgNTgKN0EgMTEgNzcgRDcgRDMgRDcgQjYgQjMgQzcgNkYgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgQ0EKREUgMUQgREIgMzAgMDggNDMgNDEgMDAgNUQgRTUgOEYgNDAgMDggRDggQ0EgRkUKOEIgMjUgNTIgMkMgNDMgNDEgMDEgMDggMEIgMDEgQUYgRTAgRDAgQkQgQ0UgRUUKNEYgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKM0MgMTYgMUIgQ0MgNTQgNzMgMUYgMzUgRkUgRDIgNDUgRjkgQ0UgQUQgNjMgOEEKMUEgNEIgQzcgREYgN0UgN0IgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgOTcgQzYgMkUgQzcgMkMgRUYgM0QKMzUgNkQgNTcgNUYgMjkgNkEgNzggQzIgMTUgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNzcgQzAgRjcgMjcgNjYKRjkgRDggMTkgNjkgQkIgNkEgQTAgMEEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNkIgRTAgRDIgRUMgNzQgNEMKNTEgNjMgQ0QgQjIgNTIgREQgNUQgODcgREYgQkYgNDQgOTEgN0UgQzggMzEgQTUKNTEgMkEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgN0UgRDkgQkIgOTcgREMgMDYgNjEgMjgKMEEgQTAgNUIgNzkgNEIgODggRjkgOTYgRkQgNkYgQUMgOTUgOEEgOEMgQTkgNTAKNkIgMTQgNjggM0UgOUMgNDEgQUUgNzQgQ0YgMDggMjkgMTEgMTAgRjAgOTMgRUYKQzAgQUQgNkQgMDIgRDIgOTQgQTIgNDggMUIgMEEgNDAgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgQzIgQUIgQTMgNTEgRDMgMjcgQUUgNjkgMTggNjMgNDkgOEYKMkUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgRjAgREEgOTggRkEgNTggNzIgQzYgRDQgNEYgNTEgRTQgOEMgQ0QgMTgKNDUgQzIgRDcgQzYgRjUgNTcgNkMgMTggMEEgNDIgMDggMkIgNTcgQzEgOEQgNEQKRTQgQTggNTkgQUMgOTUgRUIgQzYgMjIgQkEgOEQgMEIgRjEgRkUgODMgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgODEgNjggOTIgRjQgNzUgRUEKRkEgODUgOTEgRDcgNDAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgRjggOEUgQjggOUUgNTIgMzkgNjQgMTYgNDYgM0QKQTkgRjYgNDMgRTQgRDggM0QgMUYgNUEgOEYgRUIgNDkgNTIgRDMgNEMgMTAgQzIKODcgRTMgRDAgNDUgOEUgOUEgQjMgRTUgQUUgREEgREQgMjIgQzcgN0MgMEMgREQKMTggNEIgNUEgMzQgMDUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggOUYKMTQgNEYgN0QgNkUgQTYgMUUgNTUgMEQgNjkgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgQUIgNjIgOUIgQTIgNDgKQTMgOTcgRUEgOUYgQjUgNkQgMjIgODcgN0QgM0YgMjEgODQgRjcgNjMgOUEgQTYKMjggQjIgRTYgNDQgNzQgNjAgNEQgQzMgMTggNEIgM0EgNTkgNDEgMDggRTEgMDkKNzggMUIgQTMgQzggQ0QgMUIgNDggNzcgOTUgMTAgNDIgMDggMjEgODQgMTAgQzIKRUIgNjIgM0IgNDUgOTEgNUUgRDMgNkMgRDYgOEYgOTggM0YgREYgMzUgQTUgMjYKOEEgRkMgNjUgQzIgNzEgMUEgMjIgRTYgRjggRUYgM0QgNDMgN0YgRkMgQzkgREQKRkQgQzMgODAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgNzggM0UgNkUgOEQgQjQgOTQgRDMgNzMgREUgREEgQUIgNDcKRDYgN0UgODggMUMgNTYgQ0IgNDMgMDggQkYgMzAgNzUgNkQgMTQgNTkgNzMgMjYKMzkgQjAgOTYgRDcgM0IgOUIgNUEgNDIgMDggNjEgMkQgOUUgQkYgRUUgQjcgQkMKNjkgQjQgQ0QgRkEgMjcgN0IgNzcgOTMgQUIgMzAgMDggMDQgMDAgRjggMkEgMUMKRTEgNjEgRkQgQkQgRkYgQzUgREUgQzYgMjggMTggMTYgNTAgREIgODIgRUQgQjcKOTkgNjQgQkUgQjggNTAgQTMgMTUgRUEgMEMgMDMgMjEgODQgMTAgNDIgMDggMjEKRkMgNUQgREMgRTUgREMgQzkgRDkgN0QgOEUgRjUgRjggRUQgMUUgMzAgQkYgQzUKQjcgQzEgM0YgNUYgQUYgRjcgQTQgNzggQUUgNjkgRjMgRjMgODcgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMzggMUIKRDcgMkYgNzUgOTYgNEEgMTcgNDkgNkIgMjcgNjAgRDYgN0YgRjggMjEgODQgNDMKNjIgOUMgMkUgMjEgODkgMzUgRDcgODcgRjUgRDIgOEYgNUUgQ0UgRDYgRDcgMDIKMjEgODQgN0IgQzMgNDIgQjUgNjcgREEgRDggQjggRkEgNTAgOEYgRjMgNUYgNzgKMDUgNEQgRUUgMTAgQzIgRkUgOTggRDcgRjAgMTcgMzcgQUEgQUQgN0QgMDEgMjMKQTIgMzEgQzEgMTAgNDIgMDggNjEgMzUgQzYgNDcgMEMgNDkgQUMgRDkgRTYgRjQKNEEgOTcgNkQgNzggRkMgQjYgQjcgQjEgMkIgMTYgQ0YgMTQgM0QgOUQgNDMgNzgKODYgMzkgNUQgQUUgOUYgNkYgRUYgRjUgMTYgREUgRDEgREEgMDkgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMzcgQzQKREUgRjUgQ0YgNTIgRTkgMUEgNjkgNUEgNTcgNUYgQUEgN0YgRDAgNjggMDkgRTEKRDAgMTggRUYgNTMgNzggQzcgQUQgQTcgNEYgNjYgNjkgNUUgMjggQTUgNEYgMDcKNDIgNzggMjAgQ0MgQjcgMDkgMUIgNEMgRTUgNjggNEEgRTMgRUQgMTIgREUgQjEKRkQgRDUgNDEgMDggNzcgODkgRjkgRDkgNTAgOEIgNzQgMzIgRUUgRjIgNjggQTkKRjQgOUUgNEYgNzMgQ0IgRTQgMkYgQjcgNDUgNDAgMDggMjEgM0MgMjIgOEUgQkQKQUYgRDEgNkQgQjcgMDAgRTYgMkIgQzAgRTIgNjEgNjggQzUgMDUgNEYgRjEgOTEKNjYgNDQgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggNjEgNjcgM0MgNEQgMjEgODkgODMgRkYgRDEgMkYgOTUgQUUgOTEKQTYgNDUgOUUgNEEgMzcgMjEgMUMgMDUgRjMgNUUgQzIgRDEgN0UgOUUgQ0MgOEUKODQgMTAgMUUgMDEgQUYgRTcgMTAgOUUgNjEgQ0UgNDQgOEMgRjUgRDIgQkMgM0MKNTUgQjkgMkYgODQgQkIgQzYgRDIgRDYgRUMgRkUgMTcgQzIgMzMgNTQgNUQgMzQKQTQgRjUgNjkgQkEgREUgMkUgNzUgM0IgM0EgMzIgMDggNDIgMDggNjEgMUYgMUMKRjYgRTQgMDEgOUQgODkgMTAgNDIgRDggOEMgRjkgQjggRjkgNDUgMEUgQTggRTkKOEMgQTYgRUEgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgRjAgRTAgQTggMzMgNTEgMkEgNkQgMUMgRTYgNjggRjggMUEgODQgREQgMzEKM0UgNjIgNDggNjMgNUUgMEMgNTYgRjMgRDUgNUUgMzAgMzUgQTIgMTEgNDIgQjgKMjcgRkMgOTggNkMgNTggNzMgMTkgRUMgOTUgNkEgOTYgODEgRjAgRTcgQjEgNzQKM0IgMjIgNEUgOTcgOTAgQzQgQkUgQ0IgM0MgQTkgQTYgNDUgMDggMjEgODQgRkYKRUMgREQgNEIgNkUgODMgMzAgMTAgMDAgRDAgQUIgRjggMDggMjUgMUYgMUEgRUUKN0YgQjEgNkUgMTIgNjIgOTAgRDUgOEMgRDUgMTQgNkMgRjIgMzYgMjMgQ0QgNUIKMTUgNDEgRUQgMTggM0MgRTMgMkQgNzAgNTkgQkIgMTEgOTkgOTUgRjYgNEEgMTUKMUUgNDIgMDggRTEgQ0IgMjMgNTAgOUIgQUQgMjUgQUYgNEEgQTMgQzcgRDYgQzcKMEIgMTUgMzUgNDQgODUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgOTYgNzggMUUgNTIgMTYgQkIgMkUgMTUgNUMgNzcgMEMgMUUgNEUKMjkgOEIgRDUgOUYgNzIgRTAgOUIgRjEgMkIgNjUgRjEgOEUgNjMgOUEgNDMgRTQKMTYgNEIgNkQgNEQgODEgQjAgN0QgNUMgOUQgNkYgMTggRjkgNzcgRkUgQkYgNzQKMzUgMTUgRDYgNUUgMEIgODQgMTAgNkUgODQgNUQgNzUgMkYgQzkgMTYgMUQgODUKRjUgNTQgRjUgQjUgNDMgMDggRkYgOEUgODUgMzEgQTQgQkMgMzkgRjMgNzIgNEIKOEYgQTAgRUEgRjAgMjAgQTkgMDIgNDYgMDggMjEgODQgNTUgRDggRDQgNEIgOUIKNzkgNjUgNjEgMEEgODMgMTAgQzIgMjAgOEUgOTcgMzQgODcgQzggNDggRkIgNjkKNjkgNzQgN0QgQTQgNkUgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMDUgMkMgMUMgOTkgRDQgRjUgMzcgOUEgNTUgMjUgODUgMEYKMjUgN0QgRTMgNzIgQjcgNzYgN0QgNDkgRTMgRkIgNzEgMUEgRDMgMjMgMUMgQTcKMjIgMzIgMkYgRjMgMkMgMzUgMDAgNTcgQkEgMDggRTEgMUUgNTggOTggOUEgRjMKNDMgMEYgQjcgOUUgOUEgRTcgM0QgNkYgNDYgMDkgMDggRTEgRkUgRDggNzMgMzUKQTIgMDYgMTEgMTAgNkUgODkgQUIgQzMgNTUgRDUgMTggNEEgNUYgQTYgRDEgRUQKQjggRTEgODcgMTAgNDIgMDggNjEgOEYgQjggN0MgMkQgQkMgRjMgRDkgODggNTYKMTAgMTAgNDIgRjggMTIgODcgNjkgNEEgNTkgOEMgOEMgQUUgRDIgNzggNkEgOTUKMDQgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNUUKMEEgQTkgQjQgRjkgODUgOEQgRTIgNzIgRUIgN0IgQjEgNDUgNzYgRDcgQzcgMzgKMkEgNEIgODQgQjAgNDEgNkMgQUEgMEYgN0YgREUgQTkgQTAgRjYgNDIgMjAgODQKMzAgOEEgOEEgMEQgMjEgODQgQjEgNEUgMzUgREYgQTcgRjQgMDggNkQgOEQgMEMKRDIgREUgRDMgQkMgNjQgQjUgMzggMzcgNTUgM0YgQzAgMTAgNDIgMDggOUIgQzEKN0QgMkIgMEQgNTcgQUQgMTQgNkIgRkYgNzggMDggMjEgRkMgNTggMUMgQUUgNDMKQ0EgNjIgNjQgQzggOTUgQkUgMkIgOEQgNTYgMjMgRkEgOUUgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgMzYgODIgRTcgMjkgNjUgQjEKQUYgQkQgNzYgMzYgRTUgQzIgNjMgNjIgRjggQUMgQzYgNUUgMkEgN0YgOTUgMUYKNDIgQjggMzMgMzYgNzYgMDAgRTIgOUMgOTYgOEUgMTMgQUEgQkYgM0EgMDggRTEKODcgNjMgNTcgNDUgODUgRjkgM0EgQUIgRjggQzMgQUYgRkEgRjIgMjEgODQgMDUKMkMgQUMgMzggMUEgMUYgMUMgQTQgQzcgNEUgRjMgMDcgQUYgRjQgRkIgREMgOEEKMTggNDIgMDggRkIgQzAgQUMgNzUgRDIgRDYgMkYgNTIgOTYgNkYgODYgNEQgMUMKMTAgNDIgMTggQzUgRTEgNzYgNEUgQ0YgQjggNzMgMEIgM0UgRTkgMkYgRTkgNzUKNEMgNzMgQjggREYgRDAgRTEgOUEgOUUgQjEgRkEgRDYgNDMgMDggRTEgMEYgN0IKRjcgOTYgREMgMkEgMEMgMDMgMDAgNzQgMkIgNUUgNDIgNjggMUUgMEQgRkIgREYKRDggRkQgQjkgMjEgMzYgRTMgNzYgNzAgMDIgNTggQTQgRTcgNDcgMzMgM0EgNUYKMjUgNkQgMjggNDYgOTYgMDUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgMEMgNUIgMDEgNkYgNEEgNjcgRTUgNzIgM0IgNkYgMjEgN0MgQTEgNDIgMUEKNzYgMTIgQTIgQUQgOTUgMTAgRjYgQzUgQjIgMTkgN0YgRUYgRjMgRjYgNzUgMUYKNDMgMDggNUYgQzEgNzIgMjEgMTAgQkMgNEIgNjggM0EgMDIgQzUgNkUgMjggMDgKNTcgNDMgMjMgMDggREYgNEUgQTcgNUIgNTMgNzUgMDQgNTIgRjUgNTUgQ0MgOTYKNzggNEEgNTkgMEMgQkUgODAgREQgMkQgMkQgRTcgQUEgNzggRUIgMDUgMjEgODQKRTEgNzAgMTggQzcgOTQgQzUgMjUgRjcgRjYgRUQgNTIgRkQgODYgMTAgNDIgRjgKMjIgMTYgRDUgMjggMDcgRDEgMUMgMjkgNTUgNEEgODAgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNTcgQzEgNTAgQjUgRUYgREYgRDMgRTEKN0MgNEQgQ0YgRDggN0MgQTUgMTAgQzIgOUYgRUYgMDMgNDMgQ0EgRTIgNkMgOTcKRTkgOTIgQUYgRTcgNkUgRTkgNzAgMzkgQTcgMkMgQjYgNUUgMjkgODQgRjAgN0QKOEMgNzMgMjIgODEgNkQgMDMgMTAgRkUgNjkgQUMgQjQgMTQgRTUgRTcgOTkgODcKRUUgNDAgMTkgQUUgNjMgQ0EgNjIgRjMgQjUgNDMgMDggOEYgMzYgOUYgNzQgQkIKRjQgNzIgNEEgNTMgNjggNkYgRTUgNUIgOEEgODcgRTkgODYgNUUgM0MgRUUgN0YKMzkgOEUgQjcgRjQgMDggQTEgRkYgQjMgRkMgOUEgQ0UgOUIgNDYgOUIgM0YgNTgKMDggMjEgODQgMUIgNjMgRjkgQzIgQjMgRjMgMDggMkQgRkQgODkgMTAgNDIgQjgKMjIgNTYgQUIgRjAgNUYgOTcgRjQgMDggOUQgNUYgQjAgNEIgNTUgMUYgMjAgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgMTUgMzEgNTQgRUQKRkIgQTcgNDMgRjggNEQgMzkgODQgNzAgN0YgOUMgNEQgNEUgMEMgRDUgQjQgQTgKMkMgMDggNjEgNjcgMkMgQkYgNzEgQTEgRUUgMEYgRjkgRUUgMEUgQ0YgMEYgMTAKN0UgMDggMUUgNkEgQzQgQTEgNTYgNDQgMDggRDcgNDcgQUQgODggQjUgQzkgODAKRTYgQzUgNzcgQzYgRjIgQ0YgRjIgNTggQ0QgOEMgOEUgRkQgODEgMTAgQzIgRTAKMzggRUIgMTAgNUMgNzIgNkYgREYgMkUgQjUgQTIgODEgMTAgQzIgQ0QgRjEgM0MKQTYgMkMgNTYgMUYgREEgNUIgMEYgNUEgRDkgMTEgOEQgQjAgNkYgNEUgRjMgQ0YKQTcgNzYgOEEgQUMgMTIgMDYgODQgMTAgNDIgMDggMjEgODQgRjAgMEYgNjMgQjkKMjEgQUQgQkEgNjggQjIgNTkgMTQgNDIgMDggMjEgODQgRjAgRTMgMzEgNTQgQzUKN0MgRDYgMUYgMzEgREMgQkUgRDMgMzMgN0EgMTAgODUgMzAgMEEgNDYgRUUgN0YKQ0MgQTYgOTAgRDggRjcgMEIgNjEgMDcgMkMgNzcgMzUgMkMgRkEgREEgRUUgOTYKRTYgRTMgMjMgNUIgQUYgMEIgNDIgRDggMUQgQkYgQkYgRDIgMjMgODQgNkUgNjgKQjIgMDcgMTggQzIgMzYgQUMgM0QgQUIgREYgRUYgRTkgMTEgM0EgMkYgMkUgQjYKNEIgRUYgQTcgMzQgODUgRUEgREQgQzMgNTkgMEQgMUYgODggQzEgRkEgMjIgQTcKMjUgN0MgRUQgQzcgRDMgRjkgMDggMjEgODQgRTEgQjAgNkYgMUQgQzcgNzEgOTQKMTAgNDIgMDggREYgQzUgMEQgODYgRTYgN0YgRjAgMjQgRkQgQTYgRjQgN0EgNEIKNTMgRjggRkYgNjkgMEYgRDcgRjQgOEMgRUQgQkYgMkMgMDggMjEgODQgMTAgNDIKMDggMjEgRUMgODIgRTUgMjkgNDAgQUIgNkMgMTQgQjEgNjIgODIgRkYgRDggQkIKOTcgREMgODQgNjEgMjAgMDAgQTAgNTcgRjEgMTUgRDIgNDIgMjkgRjcgQkYgNTgKNTcgODAgOTMgQkEgNkEgMUMgMzAgMzMgODQgQjcgQjEgRTQgQjcgMEEgNDggRjkKRDggOUUgMEYgODQgMTAgNDIgMDggNzcgODAgNzUgRkMgRkYgOUEgOEYgQzAgMDcKNEUgQUIgQkEgODUgQkUgMjcgMjEgREMgMDkgNjYgNEUgODcgOTQgNDYgMEQgRTEKNTMgNzEgOUUgQzIgOTAgQkMgMDcgRDMgM0MgM0EgQzIgRjMgMDEgQzIgMkMgMzgKOUQgQ0YgQTUgMUEgRDcgREMgQ0UgNTEgNTMgQTkgOEUgMTAgREUgOEYgRkIgODgKNEIgQUMgOTIgMTkgREIgNEQgRjQgRUMgN0UgQzAgRUQgMzggM0UgNkIgNzIgNTkKOEIgRUMgNzQgMkMgQjcgQjEgRkYgODIgMjEgODQgMTAgNDYgNjAgNkMgNzYgRTQKQTIgMTYgNTYgRUYgQzUgNDMgMDggMjEgODQgMjkgQjAgQjUgRjggOUEgOEUgNTMKQTkgQzYgMTEgMkIgQjIgMjQgRDMgM0EgODQgNDMgQzMgMTQgMDggMjEgODQgMTAKNDIgMDggRTEgNEIgRTAgRDAgMzAgRjggQkEgMDcgODcgQTMgNUUgMDggMjEgODQKMTAgQzIgNTQgOTggMkEgQzYgNTggMzIgMDIgODQgRUYgODMgOEIgQTggRTAgMzUKOEYgODggNzEgNTMgMEYgMUYgMDggQzMgNzEgM0EgNEYgQTUgMUEgNTMgMjUgNTMKNUYgQTcgQUQgNEIgRDUgRTkgMDAgQzIgQzEgMzggQUYgMEYgOUYgM0QgQjcgRkEKRjMgNTggNkUgNjMgRkYgOEYgODUgMTAgRkUgNEEgQkYgNUEgNzMgRUIgRTUgOUMKQ0EgOTIgODYgQTkgNzEgMUUgREMgREIgNUUgQTQgMkYgMzMgN0MgREIgQ0IgNjcKQzcgQkUgMTAgNDIgQjggMzMgOEMgQ0UgQTYgQjQgNDkgMEIgMjEgODQgRjAgRUQKNzEgN0MgMjUgOUMgQTggNjkgQkQgQTkgREIgQUEgQUIgRTkgRDUgMEYgMjEgODQKMTAgNDIgMDggMjEgN0MgMTIgQzYgODYgQ0QgRDcgRjkgOTUgMTYgNDcgMTAgNDIKMDggMjEgODQgNTEgMjggOUIgMDkgNDIgMTggODMgQ0QgMDUgRTAgQTEgNUMgODYKQzcgMTcgRjkgNTEgMjggMTUgQzIgOTcgQzMgQ0MgQ0QgNkEgRUIgNDMgRkYgREUKREYgMDUgMjEgRUMgQzIgRDMgNDcgQjkgMEMgQjkgMTIgMjcgQUYgOEYgQTMgNTYKRDYgQTcgM0MgNkIgMDggQjcgRTAgRTEgQkIgNUMgODYgRTAgMTcgN0QgRDcgRUQKMkYgNkIgMTIgNDIgMDggMjEgODQgN0IgNDIgRDkgOTQgMTAgNDIgMDggRTEgQ0IKRTAgRkEgM0EgMzkgMzkgMEUgNTYgRkUgOUEgMzYgQUYgQkMgRkIgREYgODAgMTAKNDIgMDggMjEgODQgMTAgQzIgNEQgOTggMkIgOEEgRkUgRUIgNTQgNkUgQTMgMEQKNTIgMDggMjEgODQgMTAgQzIgNjcgNjAgRUMgMTEgQjkgMEUgMEUgMTAgQzIgMUEKRTcgN0QgOUQgODIgRkIgRDEgRDQgQjUgODAgMzQgREQgODAgMzAgMDkgNjYgRUUKNUEgMzUgMkYgNUYgRTYgMzMgMDYgQzIgMkQgMTggNUIgMDYgQjAgMkYgOEIgQ0EKNTYgMzYgODQgNzcgNjMgRTYgRDcgRkEgNjIgM0EgNEQgMUYgQTUgMUEgQUQgMEUKMjAgODQgMTAgNDIgRjggMjYgMTggN0IgN0UgMjQgQzUgMTIgNDIgMDggMjEgMUMKODEgOTkgMEIgNUEgMkEgOEEgMEIgMjEgODQgMTAgNDIgMDggMjEgMEMgQzcgRDgKNEQgRDEgRkYgNDMgNTggQjUgQjMgODQgMTAgNDIgMDggMjEgMUMgODkgQTkgQkUKMDYgRTcgQzUgMTUgNTUgMjMgRkMgNjEgRUYgNUUgOTIgMTQgMDYgODEgMDAgODAKNUUgODUgMjMgMTggQzcgRUYgRkQgMkYgMzYgMkIgMjMgNDkgNjEgMTUgOEMgMTEKREEgQzkgREIgNzQgMTUgNkYgMjUgMEIgMzAgN0MgOUEgODYgNzAgNzcgQjggM0MKRDQgMUIgRkMgMEEgOTAgRTUgMkEgODQgRjEgNzEgOTkgRUYgMzAgQjggQTQgREQKMzIgNDkgQkMgQjkgMkYgMTAgRUUgMEUgMEIgNUYgRkUgNzkgNEQgRDggQzEgMjMKN0EgQkUgNTMgNjQgOUQgMDIgRTEgNjYgMTggN0IgRDQgN0IgMDAgMEEgNDIgMDgKMjEgODQgMzAgRTYgMjkgRDIgNzQgM0MgQTQgMkMgQjYgRkUgNzggMDggMjEgODQKMTAgRDYgQTMgRUMgNEIgMDggMjEgODQgMTAgNDIgMDggMjEgOEMgQjAgMjkgN0EKNTAgREQgMTIgNDIgMDggMjEgODQgNzAgMUMgODYgMkEgMUIgRTcgMUUgMjMgODQKN0IgQzcgNjUgREUgNjIgRjQgQUIgRDcgOTYgQUIgMTAgMEUgQzcgRDIgQTQgNzEKQkUgQTQgMzkgRDQgOEMgRTUgMEQgOUIgOEUgRjUgMjEgMkMgRTMgQ0YgOTQgQjIKRTggRkYgMUQgQzIgRkYgOEYgQjEgMTMgMkEgRTcgQ0IgODEgMzYgMjIgMjAgODQKMTAgNDIgMDggNkIgNzAgRUMgMjkgRDIgRjEgOTQgRTYgRTAgRUQgM0IgMDggMjEKODQgQjAgMzMgOTYgRjIgMkUgRjMgQTMgOTAgREUgQTcgMzAgOUUgQ0MgODUgMTAKNDIgMDggMjEgODQgMTAgRjYgQzEgQjEgOUIgQTIgQUYgOUEgQTUgMEMgNTAgMkIKMUQgMDggMjEgODQgMTAgQzIgOEQgMzEgNTQgRTUgMzggRkIgREUgMTAgQzIgMTUKNEUgRjcgMjkgNjUgMzEgRDQgQTMgQTkgQTYgMkMgMDggMDMgNjIgQTggM0QgQUUKRkMgMUUgNjAgMzEgRDcgQUMgQjUgNzcgMTAgN0UgMUQgNUUgNEUgNjkgMEUgMzUKQTMgQTYgNUIgRDMgOUUgMzMgODQgMUIgRTAgNzcgMjUgNTAgREYgRUYgRTkgMTkKQTUgNTIgNDIgMDggMjEgODQgMTAgNTYgRTEgNkEgNkYgQjYgRTYgQkIgRUIgNzMKQ0QgRTkgRjQgOTMgQjIgRDggREEgMTcgMDggMjEgODQgMTAgQkUgOEIgQTUgQkQKQTAgREIgMkQgM0QgQzIgRTAgNzMgNUIgOEYgRTkgNDEgMDggMjEgODQgMTAgNDIKMDggMzcgQzEgNTAgOTcgRUEgREQgNzUgODEgMTAgNDIgMDggMjEgRUMgOEEgQjEKNkIgQzYgMjkgMjcgMDEgMjEgQ0MgQjEgMzggMzMgRDQgNEMgMjYgREQgOUEgRDMKRjUgOUMgOUUgQjEgQjkgNkIgMTAgQzIgRjcgMzEgRjIgMzYgNTcgOUUgNkIgRDYKREEgMkYgMDggMjMgNjMgRTQgQkYgRTYgRjkgNTkgODYgNTIgNzEgM0QgMzcgNzIKMjEgRkMgMEIgNUUgOEYgRTkgMTEgMDYgRUYgMTggQUMgQzcgRkIgMjEgQ0QgQTEKQjUgNTMgMTAgNDIgMDggMjEgODQgRjAgRTUgQjEgRDEgRkEgMTUgQTkgREUgRUYKRTcgMjggNjQgMDkgMjEgODQgMTAgODYgQzMgNjAgNUYgMEIgNTkgNzMgOUQgRjUKRDkgREMgMzUgMDggMjEgODQgMTAgNDIgMDggRTEgNkUgMzEgRjggNzUgN0EgQzkKOTUgMTAgNDIgMDggMjEgODQgREQgNzEgRjUgOTQgNUYgQ0QgNjcgREIgRTcgOUEKQ0EgQzMgNDEgMDggMkQgNjMgMjEgODQgNkQgMTggN0IgOTYgMzAgNjkgRkMgQjIKNzcgMkYgMzkgMEQgQzMgNDAgMDAgNDAgQUYgMzIgNDcgQTggMUIgMDIgRjQgRkUKMTcgMDMgMDkgOTEgMUYgQTkgODggREIgMTAgNEYgRDAgNUIgNzQgMjQgQkYgNTUKQkQgNDggRDQgREEgRjMgODEgNjcgQzIgRUUgMTYgOTMgOTggQkMgQUUgNEEgN0YKNzIgMDggNzcgQzcgRjkgQ0MgQzcgREMgQTUgRDMgQTUgOEYgMzEgNTYgRUYgMTQKNDIgMDggMjEgODQgMTAgREUgQzMgQjUgRDkgOTEgOEQgOUIgNTkgNjkgNzAgMDcKMjEgODQgMTAgMjYgQzQgQjUgQjEgRDcgQzMgMDEgNEUgRTMgRDEgOTYgRjMgQjYKOUMgN0EgRUUgNDEgMDggMjEgODQgMTAgNDIgMDggQjcgNjIgQUEgNzQgN0EgMzkKNjYgMTAgNDIgMDggMjEgODQgMEQgMzAgNzcgNTUgODIgNEMgNjkgMDggQTEgN0YKQjIgMTAgQzIgMDcgMzAgRjMgRTUgRkUgQjAgNUMgRkQgQUEgQjUgM0IgODUgNzAKMkYgOUMgNEMgNUMgNkQgREMgNkYgREMgQzggN0IgMDggRkYgMUMgQkIgMTIgOTMKOTggRUQgMUMgQzAgNTMgMEYgMjEgODQgMTAgNDIgRDggMUUgOTMgOEQgQTkgMzIKOTcgMEEgNDIgMDggMjEgM0MgMDUgQ0UgNkIgMUIgNUIgNzcgNjkgNzggOEQgMjEKN0MgQzkgRjUgRjIgMTYgNjMgNzQgQUIgMEIgMjEgODQgMTAgNDIgMDggMjEgREMKN0EgMzQgREEgRjAgMzIgNUQgN0EgMkEgODQgMTAgNDIgMDggNjEgMTIgNTQgQzQKMDQgMjEgQ0MgOEUgRkUgQ0YgNDIgMDggMUYgQzUgQzUgNDUgN0YgQUEgMUEgQ0MKNjkgQ0EgQTIgQTEgREUgRjAgMDAgQ0MgM0MgQjcgNEUgQTUgMTUgODQgQzcgNjAKREEgNzkgQjUgOUUgN0EgMDggMjEgODQgMTAgQzIgQ0MgMzggM0YgMEUgNkQgN0QKOEIgNjQgNUUgMTUgODQgMTAgNDIgNzggMTIgNkMgNzggOTkgQkIgNTggQkUgNUMKNjIgMDggQUUgNjMgMjAgODQgMTAgNDIgMDggMjEgODQgMUIgQjEgNkQgNzYgQkQKM0IgNzQgMDggMjEgODQgMTAgQzIgMkMgOTggQUQgOUEgNDkgRTMgNDEgMDggRTEKMDYgMkMgNUQgMUYgOTMgQjggRTUgRjUgQjIgRTMgNTIgREQgMjUgODQgNjcgQzcKRjIgRDYgQzcgMTggOEYgN0UgODcgRkMgNzYgNjggNTYgNjIgOEMgMjYgNjAgQzIKMjcgQjAgQkIgQzUgMjQgMjYgOUYgNkIgRjkgN0UgODkgMjEgNTQgRUYgMTQgNDIKNzggQzIgNkEgNkIgQkYgQTggMjEgODQgMTAgNDIgMDggQ0YgODcgQTUgOEYgMzEKMzYgM0UgNEUgRDEgQ0MgMEEgNDIgMDggMjEgM0MgMDUgQjYgQ0QgNTIgQkUgQjcKNUMgRkIgNkUgN0UgM0MgNDAgMDggMjEgODQgMTAgNDIgMDggNTMgRTQgRDggMkYKQTYgMDkgNUMgQkIgMTIgNjMgOTQgNDggMDYgMjEgODQgMTAgNDIgOTggMEIgREIKOTYgMzUgRTkgNDAgMDggMjEgN0MgNjAgODYgNUQgRDUgOEIgRTUgOTkgQTUgNkUKNDIgMTAgRkUgNEIgMkMgRTUgMUEgNjMgREMgRkYgNjQgQUMgNkEgMzkgQUQgOEYKQUIgREQgMDggODQgOUYgMzEgN0IgQTEgNjUgN0MgN0YgNTYgRDIgNzcgQUIgQjcKMDkgMjEgRkMgNzkgRTEgNzIgQzAgOEQgNEYgRDUgNzIgRjkgRDQgNUYgQkIgMTgKQTMgMjkgNDUgRjAgODMgQkQgN0IgQzkgNzEgMTAgODYgMDEgMDAgN0EgOTUgMUMKNjEgNDIgM0YgMzAgRjcgQkYgRDggQUMgNEEgMDkgQTIgOUEgNTAgMjAgMDkgRTgKNkQgMkMgRjkgQTkgOEIgNTYgMkEgNjAgMjAgQjEgMjEgODQgMTAgNDIgNzggNTYKNkMgQTcgRTAgOEMgRjcgNUIgNzggNDcgMTUgMjYgODQgMTAgNDIgRDggMkUgMEUKNDMgMTggNDMgQ0UgNTUgRkUgQjggMzQgNzYgM0YgRTEgMUQgQjUgMDQgODQgMTAKNDIgMDggMjEgODQgMTAgRTYgRTIgQkMgMDcgRjIgQkMgNTkgREMgMzcgNEIgNzQKQzYgNTcgRUEgN0EgQzUgNDAgMDggMjEgODQgMTAgOUUgMTQgRUIgNkUgNzEgRDIKOEEgMTAgNDIgQTggQUQgMTAgODQgQjAgMzQgMkUgOUQgNUIgMUUgQ0YgMzAgODYKOUMgRDMgQzUgNzEgQTkgOTkgRTAgRjAgQkYgNjcgQkMgMzEgNEMgNjIgQ0UgOUYKQUEgNTYgQUEgOUIgMDEgODQgMDcgNjEgREYgODUgNTcgRDggQkYgMUUgREUgOTIKQkEgODUgODcgMTAgNDIgMDggMjEgQkMgMzAgMzYgMzUgRDYgMkEgM0UgQzMgMTgKM0MgNEUgODEgMTAgNDIgMDggREIgQzUgRjQgNEQgRUIgMkUgMkIgOTYgQjcgQTQKMjYgNkIgNDMgMDggMjEgODQgMTAgNDIgMDggNzcgQzMgREIgNkYgOTggQzYgQ0YKNEQgRTQgNjIgRDcgODcgNDkgNUMgRkMgQTQgRDUgQUEgMTAgNDIgMDggMjEgODQKOTcgQzIgRTIgREIgQTAgNTYgQTUgNjkgODEgRUEgQzEgMzggODQgNTAgMUIgMjIKMDggNjEgMTEgNEMgQzcgN0IgQTUgMjcgOEEgRDIgOEQgOUQgMkQgM0UgODQgQTcKOTggOTEgQTcgOEMgODcgQjAgMTAgMjYgOTcgODAgQ0EgQ0IgRTMgMUQgRjggMTAKNDIgMDggMjEgODQgQjAgRTUgRDkgNTggRDMgNUIgNjYgN0IgMzEgMjAgODQgMTAKQzIgNjYgMzEgRjYgOEYgMzAgODkgMzkgNTcgRjkgRTMgRDIgRjQgQ0IgQUMgRkUKMkQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNjEgMEUKQ0UgMDYgRjcgRDggQUQgMDAgMjEgM0MgMDEgRUEgNTkgMDQgMjEgQUMgODcgMTYKMjUgQzIgNDIgOTggNUUgRUMgNUEgOUIgMEYgRkIgQTkgMkIgQzIgRTIgODYgRTgKRDUgQkYgMUQgNDIgQjggOEMgRjMgM0EgMzYgRTcgRjAgM0MgMkUgNzUgRTAgNDMKMDggMjEgODQgMTAgQzIgQ0MgNEUgNDQgMUIgMUIgRjEgRUQgOTggQTYgMTUgQjUKQUEgMTUgNDIgMDggMjEgNkMgMDMgRDMgNTcgMUIgRDUgRUIgMDcgMkQgQ0IgMjAKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgRDYgQzIgRjQgMTkKNzUgRTUgOTEgMUYgNzYgMkIgNDAgMDggMjEgODQgQjAgMUQgNEMgMDcgRjggNTYKMkUgOTMgQUMgNEIgQkMgMDggQTYgRUIgNUQgMUIgREYgQkMgMzkgQTYgNDYgNUEKNDMgNTggMUUgRUYgNDMgNzggODUgQ0EgNUQgMDUgMUMgRkIgMTAgNDIgMDggMjEKODQgRjAgOEYgQkQgM0IgNDggNEUgMTggODYgMDEgMDAgRjggMTUgM0QgMjEgMEUKMEQgOTAgRkYgN0YgQUMgQTcgQzYgQzQgRTUgMTAgMEYgMzQgNTYgREIgQkQgNjgKNDYgN0IgMzMgQ0MgMTAgMTMgNUIgNTIgMTcgQTYgNkEgNEUgRjIgNTggMjEgRTIKRDQgMDkgNDIgMDggMjEgNEMgOEIgNjUgOUUgQTIgQzYgNDMgNEYgRjkgMzcgQTYKMUYgNTMgNkMgQzEgODYgMDEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgNjkgNTggRUUgOTcgQTggNzEgRjAgRjEgQkEgNkEgMDUgMDggMjEKODQgMTAgNjYgQzEgRkQgOTEgN0QgQkUgMTIgMUIgMTMgQ0YgNzMgNjMgM0IgQzMKQUUgNkQgNjAgNzIgRTQgNUIgM0UgMkQgNkQgMDYgRjAgOTUgNjUgOEQgODcgRDgKQkQgNzYgMDggNjEgMTcgRUUgN0UgQkQgMDcgMzcgMTAgMjggOTcgMjUgNkEgRUMKNUYgMEIgODQgMTAgNDIgMDggMjEgODQgRjkgQzYgNkYgMzkgNzggODIgMTAgNDIKMDggRjMgNjMgRjMgNTYgRUEgQzggMzMgRkQgRTcgNTIgMkQgQ0UgMjAgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgOUUgODEgRkIgQjMgRjUgNkMKQjcgQ0QgNTUgMkIgNDAgMDggMjEgODQgMzAgMEYgOTYgQjUgQzQgNDMgREMgNTcKQzMgQTkgRjEgRkMgOTcgQjggMUYgQkIgOTkgNkQgMkYgM0QgQjkgOTcgMDIgNjEKNkUgQ0MgMzUgQzAgQTggMkMgNTEgNjMgRjcgNUEgMjAgODQgMTAgNDIgMDggMjEKRkMgMTUgQUYgNTMgMEMgRUUgODQgMTAgNDIgMDggQjMgNjEgQUEgMjYgRTQgNjUKQkUgNDUgOEQgMzYgMDYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggQ0YgQzMgNTQgNjcgRUIgNEQgRkEgMzEgQzUgMTYgMUMgQjUgNDMgMDgKMjEgODQgNzAgMkMgMzYgRDcgMEMgNTIgRUQgOUEgQkUgMTcgMTUgQ0UgOTcgMzUKNkEgMzQgNzggQjEgMDcgOUYgRDUgQzYgMkUgRDcgRDggQzIgOTEgNkYgNjQgNTQKNkEgRTIgMUUgODQgRTMgMzEgNTkgRTkgRjcgN0QgOEEgMkQgNzQgQUYgMDUgNDIKMDggMjEgODQgMTAgQzIgOTcgMzEgNTUgNjMgMTMgMjMgM0IgMjEgODQgMTAgQzIKQzEgOTggQUMgMDMgQjkgOEEgNEUgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgQTkgMzAgNzMgQzEgNDIgNTkgRDYgQTggNTEgNzkgMDIgODQKMTAgNDIgMDggMDcgNjMgQUEgQUIgODkgNEQgQkEgNUUgNjMgMEIgQkQgRUIgRkEKODMgRjggQUMgQ0EgRjUgMzYgQzcgNTcgMzggRkIgQUUgQzggMkIgRTkgN0UgNjcKREUgNTYgOTAgNzUgN0YgMzIgMTAgQzIgOTcgMzEgQ0YgOEYgODkgQkYgQ0MgMTAKNDIgMDggMjEgODQgNzAgM0MgQjYgQzUgMUEgRUQgQjggQ0MgMjMgM0IgREIgMzcKQTYgMjYgNzUgNDIgMDggMjEgRkMgNjQgRUYgRUUgNzIgMTMgODYgNjEgMDAgMDAKNUYgQzUgNDcgMjAgNkMgRkMgRjQgRkUgMTcgREIgRDMgNDggNTMgNzUgOEMgNkMKQTIgNzUgQUEgRUYgQzUgNTIgQkUgQjcgMjAgMjEgODIgMTMgREIgNzAgNEYgNkMKOUEgMjggQUEgRTIgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggN0YgQzcgNTQgMTUgMEEgRTUgMUEgMzUgQUMgMjQgRkYgMjUgREIgMjEKODQgMTAgNDIgQjggMjEgMjYgN0IgOUQgRjggNkMgQjkgRUMgRDcgNzEgREMgMjEKMTQgNkQgQ0QgRTYgNTggRTMgMzUgOUYgRDcgNkMgOTYgRUIgMkQgNkEgNzQgRUUKODUgNzAgMEYgNkMgRkYgN0UgQkUgRjIgNDUgREUgNkMgNzkgMkUgOTcgQTggQjEKN0YgNkIgMTAgNDIgMDggMjEgODQgMTAgQkUgMDcgNzMgREQgMzEgREQgMkUgNTEKNjMgRjcgNUUgMjAgODQgMTAgNDIgQjggNjggMkQgOTggQUQgRDEgOTkgQ0EgNEQKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRTMgNjEgRUUKOTIgODQgNzkgODcgNDYgRkQgOTMgMjEgODQgMTAgNDIgQjggMkYgOTYgQTkgQzQKMkMgRTYgOUEgNjYgN0UgQjAgMEUgMTggMkEgMzQgMjEgODQgREIgNjIgOUUgMTcKNjggRjcgNTMgM0MgNDIgRUYgMkUgMjAgODQgMTAgNDIgMDggMjEgREMgMTQgOTMKNUQgMzAgOTUgRjMgMjkgNkEgNzQgOUMgODYgMTAgNDIgMDggQkIgOEIgMzQgNzcKMUMgQTAgRDkgQjUgNkMgN0IgNDcgMUMgQjcgOTUgMjUgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgQzIgQzMgNjEgRkIgOTIgM0MgRDcgOTAgMTEKRTkgNzcgMDggMjEgODQgMTAgQTYgQzIgQzUgOTggQ0IgNTQgODUgOUMgNjMgQjQKQkYgNjggNUYgODYgMEMgNUQgOUUgNTkgNEUgOUYgRDEgQzQgOTUgMEQgNzYgN0YKM0UgMTAgQzIgMzcgNjEgQTYgRDkgOUEgOEYgNUYgMEQgQjMgMzUgMjEgODQgMTAKNDIgMDggRTEgMzEgQjAgOUQgN0UgQjUgRjUgNzkgN0IgNUUgMzcgOUEgMzcgMUYKMDIgMjEgODQgMTAgNkUgOEMgNkQgMzYgNkMgQUMgNTQgRkMgMzIgN0IgNzYgRkUKODggMUEgM0QgMUEgODEgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMzggMEUgQjYgOTcgRDcgQzkgN0IgMkEgNUUgM0YgQTMgODYgQjUgQzEgNEMKREQgREIgODcgMTAgNDIgMDggMjEgRkMgMkIgRUEgN0QgRjEgMTMgOTYgNjkgOEEKNTkgNEMgN0UgQzIgRUMgN0IgMUYgQTIgMkEgMTMgQzIgNzEgMzAgQ0YgM0MgQ0QKRjYgMTEgQkIgNDcgRTMgMTAgNDIgMDggMjEgODQgRjAgMjAgNTggQTYgMTIgQjMKRjggQ0EgRDkgRjggN0QgQ0IgNzIgQkIgNDQgOEQgREQgN0IgODEgMTAgNDIgMDgKRjMgRTIgNUEgNTIgRkEgN0UgOEYgRUYgQjAgNzMgM0YgQzkgRkYgMkMgREIgNEIKMTYgNDkgMzMgMDggMjEgODQgNUYgRUMgREQgNEIgNkUgODMgMzAgMTAgMDAgRDAKQUIgRjggMDggNzUgMDIgNDkgN0EgRkYgOEIgNTUgQUEgMUEgMUMgQTggRDUgMUEKMDUgQjAgODEgQjcgMTkgNjkgREUgQTYgOUYgNDUgNzAgRjAgN0MgMjAgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMEYgODggOTMgOEIgRjUgQTYgOTYgNDYgNEQKRDIgRUUgMTEgODYgNjAgNjYgMzIgODQgMTAgNDIgMDggRUIgNjIgM0IgNzUgMTEKRjEgMTYgNTIgQzggNEMgRDIgOUUgN0YgNDYgMUEgNEYgQzYgNjggQUQgMDEgRUEKOUQgNzQgMzggRTUgMkEgMEIgODEgNzAgN0YgRDggRjIgQzYgNEMgMzMgRkYgMjEKODQgMTAgNDIgMDggRTEgMjEgNzEgN0EgMDUgMzMgREQgNkUgNTkgNzIgNzggNUUKMzAgMzUgMTEgMDUgNDIgMDggRTEgQ0UgMzAgRjcgM0EgMkIgQzYgNEIgNzggODkKRDUgMUYgQUYgMEIgQTYgQjEgRkYgMEMgMjkgOUEgQjkgMEQgMjEgODQgRUYgRTEKRjggMjEgOTIgRkQgQTQgQ0QgN0UgNTEgNkEgMDIgQzcgQkYgRTcgMzIgRjcgRDcKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgN0IgQzMgRjggQjggODYgOTcKRDggNzIgQzMgNjYgREQgOEQgNTEgMTAgNDIgMDggMjEgM0MgMzUgOEUgNjcgNTkKQjcgNTYgNDQgNTEgREEgQjMgOTkgRUIgQzQgRUMgNkYgNjEgMDggMjUgM0YgQUIKOTEgMzQgOUQgNTcgNzMgQjcgODEgRDYgNjIgNDIgNzggMEMgOUMgN0MgMDcgMkMKRjkgNzAgNTggMkYgOEQgRDcgM0UgQTQgMzggRkIgNkYgODEgMTAgNDIgMDggMjEKODQgNzAgRUYgMTggMkYgMUYgMjEgQzUgQTIgNTMgRjQgODIgQTkgNkUgNEQgMDgKMjEgODQgNEQgRTAgNzEgQjcgNUUgNkEgQzYgODQgMTAgQzIgNzcgQjEgQjggQzUKNzIgQTcgNjMgNzIgN0YgREYgMjkgNUYgNjIgMUYgNTIgOUMgRkYgMUYgODMgMTAKNDIgMDggRTcgM0UgNTggQzcgRkIgODkgQ0MgMDQgODAgMTAgNDIgMDggMjEgODQKQUIgNjIgNTMgRjUgQUIgRkYgMzYgMEUgNzggOEQgMEYgMjEgODQgMTAgQzIgNUEKRDggRjIgNTYgRjEgRUIgM0QgQTQgRjAgMkQgN0QgMTcgOUUgQTEgNzIgMkIgRTgKQUMgRDQgRkUgNEEgMDggNEYgOEIgMTUgQUIgMEIgMkMgQkIgODQgMTAgNDIgMDgKMjEgODQgMzAgRTEgQjQgQjEgNzEgRUIgREQgRjQgREEgMkEgMjEgODQgMTAgNkUKOEMgRjEgREUgODcgMTQgN0YgRjAgN0EgMDkgQ0YgQjAgRjUgQUIgQUEgRjUgRDIKRTEgMjUgOTggRDIgMEIgMDggMjEgMkMgRUMgRTkgQTggNzggNzMgNTEgMkIgMkQKMkQgRDUgRDMgRDggMDIgMjEgODQgMzAgMzMgRjUgN0QgOTkgQzEgMDIgMUEgRkMKMjEgODQgMTAgNDIgMDggRTEgQkIgRDggREQgQzMgNEIgNkMgNkQgQzUgRDIgREYKNjkgRjcgMTEgODYgRTAgM0MgMEMgMjEgODQgMTAgQzIgQ0QgQjAgRTUgNDEgMTMKQkIgNDggQjUgNDMgNDIgNzggNUUgMUMgNUQgOUQgNkYgNUQgNzEgOUQgRDIgREMKNTYgOUQgRDkgN0YgMEIgODQgMTAgNDIgMDggMjEgODQgNDcgQzQgREEgNkQgOTIKNEUgRTkgMTAgNDIgMDggMTcgQzAgNkMgRjMgNjMgRjcgMDggQ0YgNTAgNzkgRjIKRTEgN0EgRTkgRjAgRUUgNUQgRjkgMDQgODQgQUQgNjAgRjEgQTYgNDIgQ0QgNjgKMEIgRTMgMEEgNUQgMUIgMjcgNEYgMzUgQUQgNDAgMDggRTEgRDkgRjAgRDYgODUKNjcgNTggQkUgOEMgN0MgNTQgRkIgOUQgNzkgNzYgMUIgRTQgMDIgQkYgRDggQkIKOTcgREMgODQgNjEgMjAgMDAgQTAgNTcgRjEgMTEgNkEgMjIgNUEgQjggRkYgQzUKQUEgNzYgNDEgRUMgMzQgMkEgMDkgQzQgQjEgOUQgQkMgQ0QgNDggRjMgNTYgQzAKMDIgOEMgMzMgMUYgMDggMjEgODQgMTAgQzIgRDAgRUYgRjIgQTMgN0YgRDIgQzkKOUMgQzYgQjkgQkUgNEUgNzcgODAgMTAgNDIgMDggMjEgN0MgMUIgN0IgOUUgMUEKNTEgMkIgRDUgRTcgMDggMjEgNkMgQjYgNzkgM0MgN0YgMzEgRDYgNDEgNDIgMDgKMjEgODQgMTAgNDIgRjggODMgNzEgQjggODYgMjQgMkUgMzkgNUEgNkYgOTggQTYKRDcgMkMgOUUgRjUgNDAgMDggMjEgQ0MgRjAgMzIgODQgMzQgRkUgRTIgRkQgMzMKM0MgQzIgOTIgMUYgOUEgMDMgQTQgN0YgN0YgMkIgRTMgRkQgMUUgQzYgQTggNDgKMTggQzIgQzIgNTggQkUgQTUgNEUgOEIgRDkgRDMgRUUgRDEgRTQgMjMgM0EgQ0IKOTcgRkYgNkUgNjkgQkEgMjMgNTIgMDcgMkUgODQgMTAgRjYgOEIgOTMgRkYgMDgKNEIgN0UgMDIgMzYgNEMgRDMgQjEgMzMgRUUgRjcgMjAgODQgMTAgNDIgMDggRTEKMEIgMTggNkYgNDMgQzggRTIgRTQgRDYgQTIgRTkgMUIgQTEgQUMgQjcgNzEgNjYKRTggOTkgM0IgN0MgMDggMjEgODQgMTAgQkUgOEIgRkQgNEUgODEgMjggOTcgQ0UKQUUgN0IgQjggMEMgMzEgMjQgNzEgRUQgRTcgMEMgMjEgM0MgMjQgRDYgREQgMEUKMzMgN0UgNTcgQ0YgRDQgQzIgRTkgNkEgODQgMTAgNDIgMDggMjEgODQgNzAgRTYKREUgNjMgQzkgNDkgQkIgNUMgOUEgMkYgRTQgNUEgRkQgNUUgMjAgODQgMTAgMzYKOEUgQTcgNUQgQkMgRjggQkMgQzggMjEgNUUgNDIgMTIgQUQgMzggODEgQjAgMTEKMkMgQkEgRDggRTggRjkgOUUgQTMgQUUgREIgMDEgRjIgQ0UgQjggMTIgREQgQTAKRDIgOTcgRDMgQUMgMjYgNzAgRTYgNUYgQTEgODcgQkMgMTAgNDIgRDggMUMgOUEKMjQgMEMgMjEgODQgMTAgNDIgMDggOEYgODYgNzkgQzEgNzkgRDcgNUIgODcgRDIKNjcgMUMgRUUgRjYgMjEgODQgMTAgNDIgRjggMjYgRTYgRTMgMTEgRjYgMUUgNUYKQjYgNUIgRkEgNjggRjMgMzEgMTQgMDIgNDIgQjggMEUgMjcgRkYgMjUgQTcgNTUKNTggN0IgRDcgMjEgQzQgQ0IgNDcgNDggRTIgRUEgQjcgMDMgMjEgODQgMTAgNDIKMDggRTEgNzkgMzAgQUYgODggQUUgRkUgNjAgMjggOUYgN0YgRDIgNUIgODUgMzYKODQgMTAgOUUgMTYgRjMgREQgNjEgQTcgNkQgNTEgNDkgOUIgNDEgREMgQjEgNDMKRDggMUQgRDYgREQgNjQgRDQgQzEgNEMgOEYgRjIgQkIgMjkgQTUgNTUgNTIgMkIKNDEgMjEgODQgQjAgMTEgOEMgQzMgMzUgMjQgNzEgQzkgNzcgNzggQjkgMzQgQkQKMUIgM0MgQzIgNTAgMDUgMDggMjEgODQgMTAgNDIgRDggMDYgMUUgNjYgOTcgOTAKQTUgRTQgMTAgNDIgMDggMjEgN0MgMTEgRjMgMzMgNDMgRjUgQTYgOUIgMEQgRDMKNjkgMzcgRTIgRTcgNTcgMTggQTMgRDMgMTEgODQgNzAgMUQgQjYgNTMgODcgQTAKRUUgMEIgNDIgMDggMjEgODQgMTAgQzIgNzcgMzAgMUYgRjcgQjEgRTggMTAgQkUKNjEgQUEgM0YgMTEgNDIgMDggMUIgNDIgOEIgQjEgRDYgNkQgNDIgOEMgNjEgOEMKRjYgNTIgNDEgRDggMUYgQzYgNkIgMEMgNjMgQUMgQkQgNzMgQkMgQkQgNTMgRjEKOUUgOEIgMjYgQTUgNTUgRDIgQTMgRUQgRjcgODQgMTAgQzIgMUUgMzAgREUgODYKMzAgQzYgQ0EgM0IgMTMgMUYgQTkgMEEgMjIgMDggMjEgODQgMTAgNDIgNTggMTQKNjcgOEUgQzEgRjkgRjQgQkYgMjUgRTcgRDUgNDYgNTIgNzMgOUYgMjAgRkMgNjYKRUYgNUUgOTIgMUIgMDQgQzEgMDAgMDAgNUYgODUgMjMgRDQgOUEgNDcgQkQgRkYKQzUgQkEgNEEgMDQgODcgMDUgMjYgMEEgQTggREYgODYgMTkgQkUgNEQgNzUgOUEKNTEgODQgRkYgMDEgMjEgODQgRjAgMzMgM0MgNkUgREQgMDYgNzkgODggMTAgQzIKMkQgMzEgOEQgNEMgMkIgNzkgMEEgNTUgOUIgRkEgQjggODMgMTAgNDIgMDggMjEKODQgRjAgMUIgNEMgQTMgQTAgNkIgQUYgRjYgM0IgOEMgQzEgODYgMTAgQzIgMDMKNjMgQkEgODEgOTMgQUIgRTkgNzQgREQgRDYgNTcgRUYgMEQgNzMgQTUgQUUgMjAKODQgQkQgRTUgMDUgQjQgNUQgMTIgQTcgMjcgQTEgOEQgMzMgMzQgQUIgNEQgOTMKOTcgNDIgM0UgMDMgM0QgRkYgN0YgQzkgNjMgNUEgRUMgRTUgNDAgQTcgQzkgNTIKNTQgMjAgODQgQjAgMzEgRjYgNUQgMzggNUQgMEUgM0IgODQgMTAgNDIgMDggMjEKQUMgODcgQjkgNEEgODAgN0YgM0YgRTEgMzUgMTQgQUQgNjAgM0IgOTkgNUEgNDgKNDMgMDggMjEgODQgRjAgMzMgNUMgMUMgNUYgRjYgN0MgREUgMzQgM0UgQzMgN0IKOTAgRDEgMDMgMjEgRkMgMUUgODcgREIgMTggRTYgQjEgNzEgRkMgNDYgRkMgMjkKQkEgRjYgNDYgMjAgODQgMTAgNDIgMDggMjEgODQgOTIgMTYgMjEgODQgQjAgMTcKNEMgRjcgNkMgQjMgOTkgNzQgQjkgNDcgRTUgNzUgQkIgMUMgQUUgREUgMzIgQjIKMkIgMEUgMjEgRUMgM0UgMzUgMjAgRkUgRDMgM0IgODYgMzAgRkQgOEUgMjEgMUEKOUIgREYgRjUgODYgRDMgQTIgREMgQzMgRjQgODAgQTMgNzIgNEIgREMgMzMgRjUKMEIgODggMkYgM0IgNTcgMkQgNjEgQTMgOUYgMkIgODQgMTAgQzIgMDggODcgNjkKMEEgRDEgRjggNUEgMkQgODQgRDcgRDAgQjggRTUgQjEgNTIgMzAgMTAgNDIgMDgKMjEgODQgQjAgMkEgNzYgQjYgQjMgRjcgQ0QgMzQgQkUgNkMgQUIgNkIgMDggMjEKODQgMTAgOTYgRTMgNjIgQ0QgNTAgQjIgRjAgNjggMzUgNTUgQzkgMDEgNDIgRjgKMzEgQjYgMEQgNjkgN0UgMDcgMjEgMDggM0YgODMgMTAgNDIgMDggMjEgODQgNzAKMjcgNkMgQkIgRTYgOTcgQzYgMDggMjEgM0MgMzAgNkEgNzQgNTggNjUgOUEgQ0QKNDkgNDkgM0IgODUgRUQgOTggN0UgMDIgMjEgM0MgMjUgMEUgRTMgM0QgNDQgNjMKQzkgQjMgNjggQkYgRTkgMjIgQzkgNkUgRUQgQkQgMkMgRDIgRjEgMEUgMUQgQkUKQjUgQ0MgNDkgNEMgQkYgMTQgMkEgQTcgMUYgRUUgODIgRTkgQzUgOUYgQTMgOTkKNjMgNzQgMDYgQUQgOEMgMDAgODQgMTAgNTYgQzIgQUUgNUEgNDggMEIgNDYgODIKMTAgNDIgMDggMjEgODQgOEQgRjEgQkMgRjUgQkIgRUMgQkEgNDAgMDggMjEgODQKRjAgMzQgMjUgMUQgODYgRTcgM0QgQ0MgRTMgRkEgN0IgODcgMTAgNUUgMDYgMUIKODYgRDggMkQgRTIgRDMgRDYgNUUgMzkgODQgMTAgNDIgMDggMjEgODQgQjAgMTAKRTUgMzAgNDIgMDggNjEgODIgRTMgMTQgRTYgNTEgMTIgNjIgRDcgRDMgQzcgMkQKQ0MgNDMgRUUgQjUgMjIgRTEgMTEgQzIgQUIgNjEgNTcgMjEgRkQgNzEgOUIgQTQKQjUgMjEgRkQgNDcgNzkgRUYgOUMgM0YgRUIgQjAgMTYgMkUgN0UgQkEgM0QgMjcKMkQgNkEgQzggMDggMjEgODQgRkIgNjIgREYgOTEgNDggQzMgRTMgMTkgRTYgRDEKMzMgMUYgNDIgMDggMjEgODQgMTAgQjYgQzAgRjQgMTAgMjcgQjcgNTIgRUQgNkUKMjEgQkQgNkEgMUEgRUYgQkQgMzggRTMgODAgMTAgNDIgMDggRTEgMzAgNEQgMjEKMTkgOTcgQTcgOTAgMjUgMEIgOEMgNkEgNTMgNzEgODAgMTAgQzIgQzIgMUUgMDEKQUIgOUUgMkQgMUIgNEUgM0QgQTYgRkUgRDkgQkIgOTcgREMgODQgNjEgMjAgMDAKQTAgNTcgRjEgMTEgNkEgMDIgNDggREMgRkYgNjIgNUQgMjAgMUEgOUIgNjYgNjEKRjMgRjEgMjcgNzkgOUIgOTEgRTYgMkQgMkEgM0UgQzUgMDQgNjcgNjYgMEMgMjEKODQgMTAgNDIgMDggNjEgMUIgRDQgQTggMDggMjEgODQgMkIgNjYgQkQgNkYgNjMKRUQgRTggNEEgM0YgOTUgOTYgQjYgMzcgQkUgODkgRjkgQjEgOUIgMjYgMjEgNDMKRjggMzEgMUMgQkMgN0EgM0YgOUIgMTQgQkEgN0QgMDMgQjEgRTQgRUYgRjQgNEEKRkYgM0EgRTMgMzQgMjMgMzQgQzMgOEQgMTYgQzUgQkMgMjAgQUQgRTQgOEQgNkIKOTYgRUEgNTIgODQgMTAgQzIgQUYgNjIgRkUgQ0QgREIgN0EgOEYgQ0UgOTYgMUQKODQgMTAgNDIgMDggMjEgOUMgMTcgOUYgNUEgRjkgNDYgOUUgMDEgNTUgOTUgNUUKQUUgNjEgMEQgNUIgM0IgOEQgQjUgMkYgMTQgODQgMTAgNDIgMDggQTcgQzEgQ0QKRTEgMEMgRTcgMjUgMjQgRjEgOEUgRDcgMjUgM0MgNDIgRUIgMjEgQUUgRTkgRDkKRDAgQjUgNTMgNUIgMjEgODQgQkIgQzQgN0MgOTkgNkEgQkQgMjggQUQgRTkgRDYKODMgQTkgN0QgMkUgMTAgNDIgMDggMjEgODQgMTAgQzIgNDIgRDQgOTMgMDggMjEKM0MgMkMgNEUgRDQgMjQgMjIgOUQgMkUgNEQgM0IgQTQgQUEgNUIgMTcgRjUgNzcKNDAgMzggNTggMUQgNTEgRkMgMzkgODcgMjQgOEUgRDYgMDggNTkgNzQgODEgRUQKMDQgQzMgOTEgNzAgQTggN0YgNkYgNEQgODggMTAgNDIgRDggMDggMDcgOUIgQUIKOTAgOEUgNkEgQTkgN0UgMkUgMTAgNDIgMDggMjEgODQgMTAgRjYgQzYgQjkgQTYKM0MgQkQgOTMgQTYgNkQgODkgODYgMUYgNDIgMDggMjEgODQgODcgQzIgQjggNUMKNDIgMTIgNEIgQUUgMUMgQkUgOTcgMUEgNjQgMEEgRTEgQzEgQjEgNkYgOEQgRjEKRDMgOUQgRjQgRDMgNjkgMDkgNkIgRDQgNkMgMDggMjEgODQgMTAgNDIgMDggRTEKQjcgQjAgRUYgMEYgMDEgQ0QgODYgMTAgQzIgOEUgMTggMkYgMzEgMjQgQjEgNjQKRDUgOTIgNEEgMUIgQTQgNjkgRjEgODAgOUUgNDQgNzggNEMgOEMgQTcgOUYgQjAKQzYgQTIgMEYgQ0UgRUUgRDMgN0MgMUQgMzAgREIgN0MgNkUgQ0MgREYgQ0QgQTEKQzcgMUQgNjggMzYgODQgMTAgQzIgNEYgRTEgNTAgODcgMUIgNUEgQ0MgMjEgODQKMTAgNDIgMDggRTEgRjQgOTggMTcgOTcgNzYgOUYgRTYgRjEgQkQgRDQgRTYgMEMKODQgMTAgNDIgNzggMDQgQ0MgMDcgMjkgRjQgM0UgMzIgNEMgMkQgMUYgODQgQzcKQzYgREUgRTUgQzQgNTkgQUQgNDggRUQgODMgODcgMTAgNDIgMDggMjEgODQgMTAKQkUgODMgQkQgN0YgMEUgRDggOTEgODAgMTAgNzYgQzMgQTEgNzYgNjggQTUgRDIKRDcgRDIgQjQgMTUgNzEgRUIgOEMgNEUgMkQgNDggNzAgMDIgRUMgN0IgMzkgM0EKNDggRUEgQUEgNzggRkYgMzggRDggMDkgNTYgNTUgQTkgMzIgMzYgMDggMjEgN0MKMDUgRjMgOTUgQkYgRUYgQzEgQjUgRTkgMzcgQ0UgRDYgQzMgQjMgOTIgNDMgMDgKMjEgODQgMTAgQzIgMDkgNzEgODkgMjEgODkgNzcgQkMgNUQgQzMgMjMgRUMgRTcKMzQgQzMgRkYgM0IgMzMgRjEgMTYgNDMgMTIgQUIgNUYgM0EgMDggMjEgODQgMTAKRjYgQzUgQzEgRUUgMTkgQjkgNEQgMDkgRTEgQzEgQjEgNkYgQzEgODYgMjUgMDgKNDIgMDggMjEgODQgMTAgQzIgOEUgRTggRTcgMDAgRkMgNjUgRUYgREUgNzIgNUIKODUgODEgMDAgODAgNkUgQzUgNEIgMDggODIgQTQgNzQgRkYgMUIgQkIgNTcgQUEKMjggMzYgNDUgMkEgNTYgMjEgMzYgRjYgRjkgMTkgNjkgQ0UgNTcgMUUgQzggMzIKQzMgMEMgODYgQjAgNUYgQUMgQUMgNDggMkIgOTUgNUUgOTEgM0EgRkEgMTAgNTYKOEIgQzMgRjggMEMgNTEgM0MgNzIgM0QgMzcgOTAgQUUgNDMgMDQgN0IgQUYgNTUKQ0YgRkQgMEQgRTEgNEQgNzEgN0YgRUUgN0IgMEEgREYgRTEgQzggQjUgNTQgMkEKOUQgMUUgNjEgMEQgNUYgOUYgN0MgNzggODYgMzUgNjYgRkYgMUEgMTAgNDIgRDgKMDMgQ0UgNzMgNTggQzIgQkIgMDcgMDkgMzcgRTkgMzAgOEQgNjEgOEQgRjYgMUUKMTAgNDIgMDggMjEgODQgQjAgNjkgNEMgMkIgNkYgMEQgQ0YgMUIgQzYgNEYgMDEKOTQgNkIgMjAgODQgMTAgQzIgN0IgQTEgQjYgM0QgMDggNjEgNDEgQjQgMDQgNDEKMDggMjEgODQgMTAgNDIgRDggMkQgQkEgMUQgODAgMTAgQzIgRkIgRjYgRjYgQ0YKOEYgQjAgODYgQkQgNzUgQjUgMEUgN0MgODQgMzggNkUgOUYgNkIgQjcgRjMgQjAKQkUgRjMgNTQgQUYgMDIgQkMgMEUgMzcgRUYgRDkgM0UgNzIgNDEgMzYgOTAgMEUKQUYgOEYgQjAgNDYgRkIgNjQgRjggMDMgQzcgQ0YgMTAgQzUgREQgRjkgREMgQjIKNjcgNjAgNjUgMEYgMjQgM0EgMjEgMEIgNDIgMDggMjMgNEMgNzcgMDIgRUYgQUUKRDcgMjUgNjkgN0EgNDcgNkMgRDEgODYgMTAgNDIgMDggMjEgODQgRjAgM0YgMEUKRjMgMTggQTIgNTggNzMgMTEgMjYgMkIgOEQgQ0YgNDAgRjQgMTIgNDIgMDggMjEKODQgQjAgNUEgRDQgRUMgMDcgMjEgMkMgODggOTYgMjAgMDggMjEgODQgMTAgNDIKMDggQkIgNDUgQjcgMDMgMTAgNDIgRjggM0IgQTYgMUQgRkUgQkIgMDcgNDAgRTQKMEYgRTUgNUQgODAgRTkgNDcgRUEgNkIgMDQgMkMgNkQgN0YgREQgNkQgMDAgMzAKMjMgRDkgNDYgQUEgRkYgMDEgOUUgODMgRTkgQTIgNTEgRjkgQjAgRjkgNUYgRDIKNzQgMUUgMkQgRkYgODcgODIgQjAgOTUgNUUgQkIgRTEgRTMgMTkgRDYgOTggRkQKNEQgMjEgODQgQjAgMzUgREMgREIgMEIgNEQgNzMgNTggNDIgRTEgMzUgREMgQTIKMEQgMjEgODQgMTAgNDIgMDggRTEgQzEgM0EgNEMgNTQgMzAgQkYgRjEgODMgOEMKRjggNDUgNTUgQ0EgRkUgMTAgNDIgMDggNjEgMEQgQTggOUYgMTAgNDIgNTggMTAKMkQgNDEgMTAgNDIgMDggMjEgODQgMTAgNzYgOEIgRTkgNEMgQzcgQTEgM0QgRkMKODkgQTkgREIgMDEgMDggMjEgODQgMzcgQzMgOEMgNTEgNEEgNTMgOTMgMjUgNTMKODMgOTAgRjAgMTQgMkMgQkIgNTUgQkUgMkUgRUQgNjUgRjggMUQgRDYgODQgMzUKQ0YgNDIgQkEgMkQgODUgMTAgQzIgNUYgNzEgNzMgRTAgNzUgRDkgNjUgN0MgQjMKNDMgQ0IgRkQgMkUgMTAgNDIgMDggMjEgODQgMTAgNzYgODQgRTMgMTAgQTIgQjgKQkIgQTMgNkUgNjkgNTIgMzIgN0UgMDQgQTMgMTAgMEEgMjEgODQgMTAgNUUgODcKODYgOEYgMjAgODQgMDUgRDEgMTIgMDQgMjEgODQgMTAgNDIgMDggNjEgQjcgRjgKOUEgQzIgMTIgREUgN0QgOTAgOEQgRTMgNjYgMjAgODQgMTAgQzIgOUMgODEgQ0EKQzMgNjcgN0QgMUUgQzYgQ0YgNTcgNTggQzIgOEQgNUIgMUEgNEUgNEMgRTMgRjcKNDggRUYgRkQgNDEgNEEgOTcgQjAgQUUgRDIgRkEgODkgRTkgRkMgMDggNEIgMzAKNDQgMDAgRkYgQjEgNzcgMkYgNDkgMEUgODIgNDAgMDAgNDAgQUYgQzIgMTEgNjIKRkUgREUgRkYgNjIgQjMgOEEgMDEgQzcgMDUgQTQgNTAgNTAgREYgQTYgQUIgRkEKQUQgRTIgNTQgMjYgQTIgNzQgMzcgN0QgRTEgRjAgMTggNDMgMTQgNzMgQkUgQ0YKRUIgQTUgM0EgNkUgMjAgODQgRjAgMzcgNkMgQkIgNjQgOEEgNEYgRjEgQjYgQzgKODcgMTAgNDIgMDggMjEgODQgQjAgMDIgQTYgNkQgOTUgNDcgREEgNkUgODggRjYKMDggOEMgOTIgODMgMTAgNDIgMDggRUIgRTAgQUMgM0UgMzAgRTcgOEUgNUMgMzEKOEQgMEIgMjMgNEIgM0YgMzkgODQgNzAgRUYgRDggNzYgNkYgNDIgQTcgMjQgODQKMTAgNDIgMDggMjEgODQgMUIgNjEgNUEgMDUgRDQgNzggQTggN0IgM0EgNjEgQkUKRjggNUEgMjAgODQgMTAgNDIgQjggMDYgNUUgNkYgMjEgOEEgOUYgMkUgOTUgMjEKQzQgNzEgNUUgNkYgQkMgRjUgQjAgODUgNTYgQTkgMjkgRDMgQjAgREIgM0QgQkUKOEEgRTkgNzAgQkYgODUgMjggOTYgRkUgMUQgMjAgNUMgMTcgOTcgMUUgNjkgNkYKRDcgMzAgODUgOUMgMkYgNzkgQzUgNTQgRUIgMEQgODQgMTAgRkUgODAgQjMgNTcKODIgMzkgQkYgQjcgRUIgQTUgQzMgRUIgMTEgQkUgQjEgRjggNUEgMjAgODQgMTAKNDIgMDggMjEgODQgRkQgQkYgQzAgQTkgOTggRkUgM0YgNEYgRjMgN0EgNzkgODUKNkYgRjQgMkUgMDggNDIgMDggMjEgNUMgQzYgQzUgNzkgRDEgMzkgMzcgREYgRjUKRDIgNzQgRjIgODMgQzIgNDUgMDggOEYgOEMgRkEgMjUgMjEgODQgMTAgNDIgMDgKMjEgM0MgMDMgQjYgQUQgNDcgOUEgMUEgMzMgRDUgOTEgNDIgMDggMjEgODQgNDcKQzAgREIgMTggQTIgQjggREMgNjkgQjUgRkMgRjYgNkYgRjkgNzAgQUUgQjQgRDgKNjAgQzcgQTMgQTcgOTUgNEMgQzAgMEUgQjcgRkMgOEEgRDIgNjQgREQgM0UgNkYKQTMgRDYgNDEgMDkgNzcgODAgNjkgRjMgNEIgRTMgRkUgRTUgRTEgRjkgMEEgREYKRTggMTYgMDAgMjEgODQgQjkgRDUgRDQgMEQgQzcgQjMgQTggNUUgODAgMTAgNDIKMDggMjEgODQgNzAgMUIgMUMgQzYgMzEgNDQgQjEgRjkgQjMgNDAgQzUgRDQgMzYKMDEgODQgMTAgNDIgOTggOEIgNUQgOUQgRkUgRjAgMTggNDMgMTQgOEIgQUYgMDUKNDIgQjggMUYgRDQgNDQgMDkgMjEgODQgMTAgNDIgMDggRTEgMTkgMzAgRUQgNkIKRDggQkEgOTAgRkIgNzkgMEYgNTMgMjggRkQgRTQgMTAgNDIgMDggMjEgM0MgMEIKQTYgRDMgMUQgOEYgRDcgNzEgQTkgNzYgRTIgOEMgRDggRDMgREUgNUYgNTEgM0EKRkIgRDcgMkIgQkUgNzAgMDggM0IgQzEgQ0UgN0EgNzMgRUUgOTcgMzAgMDUgMjMKODYgMjAgODQgMzAgMTMgRDMgNjUgNDkgRDYgRUYgNkQgQzUgNTQgM0QgMDMgODQKMTAgNDIgMDggMjEgODQgMkQgMzEgN0IgQTIgRTMgNEUgOEYgQjYgQjQgNkIgMDAKMjEgODQgMTAgNjYgRTIgRkIgMUQgM0UgNjEgRUIgM0QgNTYgNkYgMDggMjEgM0MKMEYgRUEgQUYgODQgMTAgNDIgMDggMjEgODQgRjAgMEMgRDggN0EgRTUgQUYgM0MKMUIgNDIgMDggMjEgODQgNTUgNzEgQTEgMTkgNzMgNzkgQzEgMzMgM0UgQzMgMjcKNzQgREQgOEMgQTkgOEUgRTIgODQgRDggNzAgMUYgQjAgMjggNEQgMEIgOTYgMUMKNTUgMDkgMEYgODUgNkQgOUYgOTQgMUQgNkEgMDkgMjEgODQgQTUgRDggRjYgNzcKNUIgNkQgMDMgRkMgNjMgRUYgREUgNzIgMTQgODQgQTEgMzAgMDAgNkYgQTUgNEIKQjAgODMgMjYgQjIgRkYgOEQgQ0QgOTMgQjEgMjUgNjYgODAgODkgN0EgN0EgRjkKNUUgNEUgRDIgRUYgNDkgNEMgODAgRDIgREIgMEYgMjEgODQgMTAgNDIgMDggRkIKQzAgOUYgMjUgM0QgQUIgMEQgOTggMTAgNDIgMDggRTEgNjggNjggOTAgMTAgNDIKRjggMUQgRjQgQjQgODEgMTAgNDIgMDggMjEgODQgNzAgMDYgRDQgRjMgODcgMTAKNDIgMDggRTEgQTQgNTggMjcgODUgRjUgQjUgQjIgNDIgRjAgRDkgRDggMTggREIKNDUgRkYgQjMgNTkgNjcgNkUgNkUgNTcgMjggRDkgNzEgMDkgODcgQzIgN0MgNUYKNTIgNTEgOEYgREMgMjAgOUYgNkIgRkEgNzYgODYgMTAgQzIgNUQgQ0MgQ0IgMkQKMTUgRjUgQzggRDMgRjUgOEQgQ0QgRkIgMjUgM0QgOEEgMDMgRTUgMjAgODQgMTAKNDIgMDggMjEgRUMgMEEgRUIgMjMgMUMgRkIgM0EgQUQgNzEgN0YgRTIgMjAgREYKRDIgQjMgOUUgRkYgNzMgMjAgODQgMTAgQzIgQUUgMzAgNzYgOEUgRDUgNTQgMEUKODQgRjMgQTAgQTcgMEQgODQgMTAgNDIgMDggMjEgODQgMzMgNjAgQkUgNUMgNTMKNTEgOEYgNzQgRDcgREYgRDggRDQgRjMgODcgMTAgNDIgMDggNjEgNTMgOTggRDcKOUMgOEEgNUEgRUYgMkYgNkIgM0IgNjcgRjAgQjYgQTYgQTIgOUUgQkQgNzAgRDgKMTQgQzYgMEUgQ0UgNUYgQzQgRDMgNDMgRDggRjAgREUgN0MgMUYgRDEgMTAgNDIKQjggOEIgNzUgMjggRjAgQjcgQkIgNTIgNjUgQzQgQ0MgRDkgNUYgMEUgMjEgODQKMTAgNDIgMDggMjEgRUMgMDIgRjMgQkEgQTYgQTIgM0UgMDYgOTEgRDIgQTMgN0MKN0IgRDEgQzUgQTkgQTYgNTggNEMgMDggMjEgODQgRjMgNjAgRUMgOTQgQUIgMDkKMUQgMDggRTcgNDEgNEYgMUIgMDggMjEgODQgMTAgNDIgMDggNDcgQzMgRUEgOUMKQzYgRTAgREQgMDQgRkEgRkMgMTAgNDIgMDggMjEgNkMgMUYgQjcgNDkgNjcgREIKQzUgMDkgNkQgMUQgNzMgMkQgMDEgNzMgMTggOEMgMUQgOUMgRDcgOEQgODcgNzAKMTcgNjMgNkYgNTIgQjcgMjEgODQgMTAgRUUgNjMgOTUgQzcgMUQgMUMgNTggNkMKMjUgMzMgODQgMTAgNDIgMDggMjEgODQgNTMgRTAgQjIgQTYgQTIgQkUgMEMgRTUKOEYgNUQgQTEgNjEgNTcgMjYgODQgMTAgQzIgMDkgNzEgRjMgMkUgM0UgRjIgNEUKN0MgNjMgQjMgODggQ0YgNzYgNTAgMUIgODQgMjMgQTMgQjkgNjMgMDggMjEgODQKMTAgNDIgMDggMDcgQzMgRDggRjEgODQgNEQgMzMgNUYgOTcgNTQgRDQgQjMgRDcKMDIgMjEgODQgMTAgNDIgMTggODYgRjUgODkgMTYgMkYgMDMgMDEgOUIgNUEgNDQKNTEgQTcgRkYgMTggNkIgRUQgMDYgNjMgODcgRTggNzUgRTYgMjEgREMgQzUgRDgKOUIgRDQgOEUgN0IgMDggMjEgRkMgMDcgNDYgODYgMTcgNTcgMDMgQjMgQTcgN0YKMzkgODQgMTAgNDIgMDggMjEgODQgQkYgRUMgREQgNTEgOEUgODIgMzAgMTAgMDAKRDAgQUIgQ0MgMTEgNDQgNDUgRTUgRkUgMTcgREIgNjQgMEQgREEgOTIgNEQgMDAKMDUgNUEgRDggRjcgMzMgNDkgNUYgMzYgNTkgNEQgQTQgQzAgNEMgM0IgODUgMDcKQzMgNDEgRUYgQzcgQUEgNkEgMEEgRDkgMzAgN0YgOTMgOTIgODYgODIgMTAgNDIKQjggNDcgNkMgRUUgNkQgQkMgRTMgRDYgNkIgMjYgQUYgOEYgNzggODUgQjkgOUYKMUMgNDIgQjggMjMgMkMgNUIgM0IgQjYgMDcgMTMgNDIgMDggMjEgODQgMTAgQzIKQzUgRjEgRjEgODggM0UgNkMgOUQgQjQgQ0YgOEEgMDUgQzMgMkUgRjQgRDYgNkMKNDMgMDggMjEgODQgRjAgODAgRDggQjQgNUQgMjQgNzEgQ0EgMjMgRDMgN0EgNDMKRTkgRDYgOUQgNjIgRDkgMkMgQkQgNDcgN0EgMDggNDcgQjEgQUUgNEUgNDcgNzYKREMgNDMgMDggRTEgMDggQTYgM0QgRTcgQjcgM0UgQ0IgRkUgN0MgOEQgNTcgQjAKNjggMTkgNDIgMDggMjEgODQgMTAgNDIgNTggNzkgNEQgNDEgOEYgM0UgMDggMjEKODQgODcgQzIgQkMgQzcgRjIgOTQgOUIgREQgN0EgNDMgNTkgNDEgMDggMEYgODkKNjUgOTcgNzYgNTggMTEgMDQgMjEgODQgMTAgNDIgMDggRTEgRTIgOTggQjQgNTQKREEgN0EgMDMgQTYgMEMgM0MgODQgMTAgNDIgMDggRkYgMjkgRTYgMDUgOTQgRTIKODcgRUYgMzggMzQgNkQgOEYgNTggMzYgNTcgOUYgMEYgODcgRTcgQkQgQ0UgRkQKMkUgMTAgMUUgMTggMDcgMjcgMTcgNEMgQjkgQTAgRDYgMUIgQUEgQjIgNDEgMDgKRTEgMjggNTYgQjUgQjYgMzkgRUYgQzMgM0YgRkIgQkIgNDAgMDggMjEgODQgQjAKMzAgOUUgRUUgOTEgQzQgMjcgMzYgNUQgMTMgNDkgRkMgRUIgMkYgQkQgQUMgNDEKMDggNzcgNTMgNTkgMTggNkIgMEIgMTYgQUYgNjAgQkEgODMgMTAgNDIgQjggNEIKNEMgOUEgQTcgNEQgQjkgRjcgMkQgMzggNkMgQkEgMkUgOTIgMzggRkIgOTMgNDMKMDggQUIgQzQgQjIgNkIgM0MgNTQgOEEgMjEgODQgMTAgNDIgMDggMjEgNUMgMUMKRkIgMjMgNkMgQjYgREUgOEMgMjkgRDkgMEUgMjEgODQgMTAgNDIgNTggNDkgREUKRDUgQzIgRUYgREQgNjEgNUQgM0YgMTggNzkgN0IgMDggNzcgQjIgNDYgQ0UgRDUKMEEgMjEgODQgRTMgOTggNEYgREQgRTUgNTcgNUUgOTkgQkEgMjEgODQgMTAgQzIKMEEgRjEgRDIgNDUgMTIgOUYgNzggM0YgNDcgMUYgM0UgNzkgRDcgNkIgNkYgOTEKODQgREYgRkYgRDIgQjQgRjEgOEUgRjMgM0YgMjQgODQgRjAgODggMzggRDggOUEKNTEgRkMgODUgQzUgN0UgNEMgMDggMjEgODQgODcgQzEgQzcgMjkgRkEgMzAgRTkKMzYgQjcgRTAgRDAgNzkgMTYgMTAgMUUgMTIgQ0IgQUUgRTggNTAgNTkgODAgMTAKNDIgMDggMjEgODQgRjAgMkIgQ0MgOEIgNzQgNTMgMUUgQzIgRDcgMUIgM0EgNUYKMDkgNDIgMDggMjEgODQgRjAgODUgQ0QgQTUgOEQgNzcgMkMgRkMgOUMgMjYgMEQKNUIgM0YgOTYgNEQgRDQgRkIgQzEgNDAgRjggMEQgOTYgQkQgN0UgNUQgQjAgMTAKNDIgRjggMTkgRTYgMDcgN0YgNEYgOUEgNzIgMTcgMUMgOUEgQkQgMjEgODQgMTAKQzIgMEEgRjEgNzYgOEQgM0UgMkMgQkYgRDcgRTkgN0EgOEEgM0UgQTggQUIgNDIKMDggRTcgRUQgMDQgQ0YgNkIgMEQgODUgREIgNzEgOUIgREMgMjAgODQgMTAgRkUKQjAgNzcgMjcgQjkgMEEgQzMgMzAgMDAgNDAgQUYgOTIgMjMgMzQgQzAgODcgNzIKRkYgOEIgRkQgMDUgODIgMEUgNjIgRDEgMjEgRDQgODEgQkMgMDUgOTYgRjIgNTYKMjAgMjUgQUUgODkgREIgRTYgMkIgRDAgRDYgMUYgODQgQjAgMzggQzYgNzYgODQKMTUgREUgMTAgNDIgMDggMjEgODQgMTAgNkUgQzYgRTkgRTkgNDUgNDcgREYgQ0YKM0YgMkUgRTYgRDcgN0UgNzMgMDggMjEgODQgMTAgQzIgOUYgQzcgREMgOUYgRDMKMjggMkUgQTkgQUYgM0UgMzcgRDQgREYgQTkgMUYgNjMgMzcgRUEgNEQgMTggMDgKRjcgNjAgRUMgRkEgQjUgNjAgMjEgODQgNzAgMUIgQ0EgREUgMTAgNDIgMDggNjEKQ0IgMzggM0IgNjYgNkUgQzkgRTUgQkIgRTAgNzAgREEgRTEgNUQgRkQgRTUgMjEKODQgOEQgRTMgRjQgMjAgQUQgRTAgRDYgQzMgNkMgOTggQUYgQjcgMzQgNDQgRkYKNzQgMjAgODQgMTAgQzYgQTAgN0QgM0YgMDggNjEgNzEgQUMgRUIgRDUgRUIgQUEKNkUgMDggMjEgODQgMTAgNDIgMDggOTcgNjEgRUMgNzYgN0EgREYgQTUgNjcgRjAKRDAgMjUgODQgMTAgNDIgMDggRTEgMEMgREYgQkYgNUMgRUUgN0MgNEEgQUYgQjAKQTQgRTIgMkEgMzggRDQgREYgQTkgMUYgNjMgM0IgODAgMjYgMEMgODQgN0IgMzAKNzYgRkQgNUEgQjAgMTAgNDIgQjggMEQgNjUgNkYgMDggMjEgODQgQjAgNjUgOEMKNkQgQjMgQUEgMDQgMjAgODQgQkIgNzAgREEgN0QgNzggNjIgN0EgODYgRjIgODcKRjYgQUUgMUEgNEEgNzEgMTAgNDIgMDggNkIgNDAgNUIgN0YgMTAgQzIgRTIgRTgKRDUgRUIgMTAgNDIgMDggMjEgODQgMTAgN0UgMjMgNUUgRkEgRjQgMEEgNEIgOEEKRUQgODIgQzMgN0MgRUEgRDIgMTAgM0QgN0EgMDkgMjEgODQgMTAgNDIgQjggMDgKQjUgNzggNjAgQ0QgMzMgQzQgODQgODEgNzAgMEYgQzYgQUUgNUYgMEIgMTYgNDIKMDggQjcgQTEgRUMgMEQgMjEgODQgMTAgQjYgOEMgMkEgMDEgMDggRTEgOEYgNjEKQkUgRTcgMzQgOEEgMEYgRUMgRDMgRTMgNzMgRjQgMkQgMjUgOTcgMkUgQkQgQzIKQkIgMjcgNDYgRTUgM0QgMDggMjEgODQgMUYgNDcgMDUgM0YgODQgQjAgM0MgN0EKMDcgM0IgODQgMTAgNDIgMDggMjEgODQgRjUgNjMgNzcgNEIgNDMgM0MgN0EgNDMKNjAgMzYgQ0MgN0YgRjcgMzQgOEEgQUIgN0YgMEIgODQgMTAgNDIgMDggNjEgOTMKQTggQzUgMDMgNkIgOUUgMjEgMjYgMEMgODQgN0IgMzAgNzYgRkQgNUEgQjAgMTAKNDIgQjggMEQgNjUgNkYgMDggMjEgODQgQjAgNjUgOEMgQUQgMDQgM0MgOTcgMDQKMjEgM0MgMDAgNjMgMTMgREQgNkMgOTggQUYgQjcgMzQgNDQgNTkgMEUgNDIgMDgKRTEgQzcgMzEgRjYgM0EgNjggRUIgMEYgQzIgNzYgMzAgM0EgREIgMzggNDkgMDcKQzIgN0YgRjYgRUUgMkQgNTcgNDEgMTggOEEgMDIgRTggNTQgQ0UgMTAgMkMgODgKRTggRkMgMjcgNzYgNkYgNjIgNzggNDggRkMgRTAgRDkgNjIgNTggM0YgM0IgRTkKRkEgMjMgNjkgOEYgRDggMDcgODUgMTAgNDIgMDggMjEgOUMgNjIgQkEgRDcgMzEKNjQgRTEgNkIgRUIgQUIgRDQgQzQgOTAgOEIgOUYgMDUgNDIgMDggMjEgODQgRjAKOUEgNTggN0EgREUgRDUgMkEgQ0YgRDkgQjEgNkMgMEYgRDEgNjEgMjAgREMgODIKNjUgQzcgQUYgMDEgMEIgMjEgODQgRUIgNTAgRjUgODYgMTAgNDIgMDggQUYgOEMKQTkgNkUgNjIgOTQgNzMgN0UgQkUgOEYgNkIgM0EgOTcgMDQgMjEgREMgMUQgRDMKQjMgOEUgMjEgMEIgRUYgMzAgQjEgMkQgMUMgNDIgMDggNjEgNjYgMzQgRUYgMDcKMjEgQ0MgODMgNjUgRTcgMTYgQUEgN0IgRjQgRTEgRTMgNEUgMTAgNDIgMDggMjEKODQgMTAgRkUgNjMgNUIgNDUgMTcgQjkgQUYgQTcgN0YgREUgQTIgMEIgNzMgRTAKMTAgNDIgMDggMjEgODQgRUIgRDEgMTIgMEYgM0MgNzMgMEYgRDEgNjEgMjAgREMKODIgNjUgQzcgQUYgMDEgMEIgMjEgODQgRUIgNTAgRjUgODYgMTAgNDIgMDggQUYKOEMgMjcgM0IgOTQgRTQgQzUgMDAgNDIgQjggMzcgN0UgREIgNzQgNUQgNTcgRDEKNDUgRUUgNkQgMjcgRTkgMTEgN0QgQkMgQTUgQkEgQjUgMzEgQTQgRDIgMDcgMjEKODQgNzAgNEYgMzQgRUYgMDcgMjEgQ0MgODMgRTkgOTUgNjIgOTQgNzMgNEEgQzQKNzEgQ0QgRDQgMzYgMzEgRTQgRTIgNjcgODEgMTAgNDIgMDggMjEgODQgRjAgOTcKRjAgNjMgN0EgMzkgRjcgMUYgN0YgRjMgMDAgMTAgNDIgMDggMjEgODQgMDcgQTEKRjUgMUQgNzggRTYgMUUgQTIgQzMgNDAgQjggMDUgQ0IgOEUgNUYgMDMgMTYgNDIKMDggRDcgQTEgRUEgMEQgMjEgODQgMTAgNUUgMUEgNEYgNzYgMjIgRTkgRkUgOEMKM0UgNUMgNTQgMDEgMjEgM0MgMDggM0YgNzcgNjIgRTcgQkUgOTEgNjcgNUEgRjcKNkUgRDEgODcgQkEgMDcgMjEgODQgNzAgNDcgMzQgRTkgMDcgMjEgQ0MgODQgRDMKRDcgRDcgRTkgMzUgOTQgNzMgOEEgQzYgOEUgNEQgMTcgQ0QgNDMgMDggMjEgODQKMTAgQzIgOUYgQzcgNkYgQTcgMjkgNTMgRjMgOEEgNTEgQkUgQjEgNzkgNDQgMUYKNzMgREUgOTYgOEYgNkIgQTYgN0IgMUQgQTMgNUMgRkMgQzggMTAgNDIgMDggMjEKODQgRDAgRkEgMEUgOUMgODcgNjUgN0IgODggMEUgMDMgRTEgMTYgMkMgM0IgN0UKMEQgNTggMDggMjEgNUMgODcgNjUgQUIgQjcgMEQgQzYgMTAgNDIgMDggRTEgRDkKMzAgRDUgNEQgMEMgNTkgRjggMkMgNTIgNkEgNTIgOEMgNzIgRTkgQjMgNDAgMDgKRTEgRjkgRjcgODQgNEYgOUEgRTkgRDEgQzYgOTAgRkUgMTAgNDEgMDggMjEgNUMKODkgNjUgNjcgRkMgQUMgRDcgNDAgNzggNzEgMkMgNUIgODIgQzYgRUYgRjYgMTYKMUQgMjAgODQgMTAgNDIgMDggRTEgNTkgQjAgN0UgQzUgMjggREYgRDggNTYgRDEKNDUgRUUgOEYgQTAgRkUgQjEgNzcgMkYgQjkgMEQgODMgNDAgMDAgNDAgQUYgQzIKMTEgODIgOUQgQjQgRjYgRkQgMkYgRDYgNDUgRTUgREEgNDkgMjMgMTUgRTIgQ0YKRTAgRTYgMkQgM0EgRDIgQkMgNEQgODMgRTQgNjAgMDIgMDMgNTQgQTUgNDMgOUEKRkUgQkUgREIgRDIgRjUgNjkgOEUgRjYgNTcgNDIgMDggMjEgODQgMTAgQkUgOEUKMUYgRDcgMzQgODUgQTMgMEIgMTUgMkMgRTUgQjQgOEYgQjEgMzMgRUQgMUUgMTgKMDggRDcgNjAgRUMgRjcgRDcgRjYgMUMgMDggMjEgN0MgMDEgREIgREEgM0QgQTEKOEEgMTggNDIgMDggMjEgMEMgQzUgM0MgRjQgNjkgMTEgNEIgNUUgREYgRkIgQTUKQ0IgRjkgQzMgREEgODYgNDAgMDggNjEgMjEgREUgMUYgQjIgMUQgREMgRUYgOTkKOEIgODYgMTAgNDIgQjggMDkgQzYgQUUgRDQgNzggOUQgNDEgRjggRTYgOTggQzcKOUMgMTYgQjEgQTQgREYgRDggMkYgQkQgQkYgQzggQkUgQkEgMkQgMTAgNDIgMDgKMjEgODQgMTAgQUUgQzcgQzAgNkEgRjkgMzUgRTkgN0QgMjkgNTEgNzUgQUIgMjEKODQgMTAgNDIgMDggRTEgMEYgRTYgNzEgNEMgOEIgNTggMzIgMTggREIgMkYgQjUKODggRDMgM0UgQzYgMkUgRjMgNzkgNjAgMjAgNUMgODMgNzYgRTUgNDAgMDggRTEKQjkgQjAgQTkgNEQgMTMgQzYgNUQgMTAgNDIgMDggNjEgMzAgM0UgM0IgOTEgQTYKRUYgRDIgMTQgODIgOEYgQzkgRUQgRkEgOUMgRTYgRTggREEgNEEgMDggRTEgMTYKRDggRDggQjUgOTUgN0UgMTMgNDEgMDggMjEgREMgMDQgNjMgNTcgNUEgQkQgQ0UKMjAgN0MgNzcgMzQgQzYgODYgMTAgNDIgMDggMjEgODQgNkYgOEMgNEQgNTUgQ0IKNTcgQTUgRUUgQTMgODQgMTAgNDIgMDggMjEgREMgMDkgMUQgRjIgMEMgQUIgMzAKNzYgOTkgQ0YgMDMgMDMgRTEgMUEgQjQgMzEgMDcgNDIgMDggNEYgODYgOEQgRUQKOUIgRDAgNzUgNDMgMDggMjEgODQgMEQgRTIgQzMgRUQgMTIgMEYgRUIgQUEgMjUKQUYgRjggMEQgRDMgN0MgMUIgRDMgMjIgRDYgQjYgMDUgNDIgMDggMEIgMzEgRjYKRDAgMzAgNTcgRjQgNDIgMDggMjEgNUMgOEYgQjEgRUIgQUQgNjYgRjkgMjAgODQKQ0YgRkEgQTUgNEIgOUEgNjMgNTEgNjcgQjIgNjEgRkEgRjAgREYgNkIgM0YgM0MKODQgMTAgNDIgMDggMjEgODQgNTUgOTggNkYgMzkgQ0QgMzEgRjggRUEgRjYgQUEKRDQgQzggMTkgNDIgMDggMjEgODQgNzAgNTcgQkMgMEUgNjkgMEEgNDcgRDcgNUMKMjkgQzEgM0EgMUQgQzYgMTYgQUUgNTggRkIgODMgNzAgMTUgREEgQTQgMDMgMjEKODQgRkYgMDIgMTUgNUYgNDEgMDggMjEgODQgQjAgMDQgODcgMjEgNEQgRTEgRTgKMTkgM0YgMDMgMDYgMDggRTEgMzEgRDggRDQgNDkgNjIgREQgRTUgMzMgQ0QgNTEKRDcgMDcgMjEgODQgRjAgNkYgMzQgQ0IgMDcgMjEgNkMgMEQgNjMgQUIgNDEgN0UKREYgOUIgRDkgRTUgNUIgOUEgNjMgNzUgNzMgMjAgODQgMTAgNDIgMDggMjEgM0MKQzUgREMgNzIgNTUgQUEgQ0MgMUUgNDIgMDggMjEgODQgRjAgOEIgQkQgM0IgNEEKNEUgMTAgMDYgMDIgMDAgN0EgOTUgM0QgODIgMTEgNTEgQjkgRkYgQzUgRkEgQTUKNDQgNkIgM0IgNDkgMDUgMTIgRUEgRkIgRDkgOTkgQkMgMkYgMzMgMjMgNjEgQzkKMTIgNzYgMjkgRUMgQUEgOUIgRjkgNzMgODMgRjIgMjEgNDUgMTYgNkIgQTcgMDYKMzcgQzAgNzQgQkUgQzQgMUMgQjcgMkUgRjMgQTkgRkEgNDEgQjggMzggQUEgREQKNDMgMDggRTEgMUUgRDEgRUEgMEQgMjEgODQgMTAgQzIgMTIgNkMgOUIgMzMgOUMKMEUgMzEgODcgMTcgREYgRkMgOTEgNDUgNDAgMDggOTcgQzAgQzcgODUgQTUgNkQKMDMgNUYgRUIgMUUgODQgMTAgQzIgMkEgNkMgOUIgQUUgREIgRTIgODMgMTAgN0UKQzcgMzQgQTUgOTggNjMgRTMgMEUgM0UgQjIgNkIgMDggMjEgODQgMTAgNDIgQjgKMEEgNzYgRDYgOUYgQzIgM0IgRjYgMTAgNDIgMDggMjEgODQgQUIgRTMgNjMgMTIKRDUgNUIgMDYgRjggNzggNDYgQ0YgQjYgRTcgN0UgRjAgMzggQzQgMUMgMUIgN0YKQjAgNDUgRDUgMEYgQzIgRjcgNTEgRUQgMUUgNDIgMDggRjcgODggNTYgNkYgMDgKMjEgODQgMTAgOTYgNjAgREIgOUMgRTEgNjkgOTggMkUgNjMgQ0MgQjEgN0EgMkUKMTAgNDIgNTggODggMEQgRkIgRjYgMkEgODIgNDAgMDggMjEgMkMgQzcgQjYgQjkKQkEgRkQgM0QgMDggNjEgRTEgNEIgRTYgNzkgMzcgQzkgOTIgRTUgNjUgQkQgQTEKRUMgMUEgNDIgMDggMjEgODQgMTAgQUUgODQgNUQgNzUgOUMgRjEgRkMgMEUgMjEKODQgMTAgNDIgQjggMTIgNUUgOEUgNzEgMEIgOEQgNEYgNTMgNUUgMEYgNzEgMEYKQjUgQjMgODAgRkQgNjMgQzMgNzMgQkIgMUUgMUYgMjAgN0MgMUYgMTUgRjEgMjEKODQgNzAgOEYgNjggRjUgODYgMTAgNDIgMDggNjEgMDkgQTYgNjEgOEMgMkMgOTYKREMgRTggRDcgMUIgRTYgODcgOUUgNkEgMjcgMDIgMjEgODQgODUgRDggRDUgQ0IKMzAgMUUgOUQgMjAgODQgMTAgREEgREYgODMgMTAgRUUgMUQgREIgMkUgNTYgM0EKNUEgNDIgMDggMjEgODQgMTAgQzIgMkQgQjAgRUYgOEUgOTYgRDIgNjAgMDggMjEKODQgMTAgQzIgREYgNzAgOTggMjIgOEIgQkQgOUQgQTYgNTQgOUQgRjkgMzQgOUMKQ0UgNzEgMEYgMjUgN0YgODkgMDUgODcgRkUgNUQgMTAgQkUgOEYgNkQgOEIgNjIKQUUgNjIgMDggMjEgRkMgMUIgNUEgQkQgMjEgODQgMTAgNDIgNTggODIgRTkgM0EKNDQgMTYgNEIgNkUgRjQgOUIgMEQgOUYgN0UgNUIgRUQgRDQgMjAgODQgQjAgRjAKMzUgOTggRDMgMzUgNkUgNjEgRUIgOEUgOTYgMUUgOUQgMjAgODQgMTAgREEgREYKODMgMTAgRUUgMUQgQkIgREUgNTggMTggQTcgQzggNjIgRUQgRDQgMjAgODQgMTAKNDIgMDggMjEgRkMgMDkgRDMgMzQgNDUgMTYgQkIgNkIgRUYgMkUgMTMgODYgMTAKNDIgMDggRTEgNjcgRTIgQUIgQTMgOTQgRTMgMzkgNkUgNjEgRUIgRTMgNkMgNTUKNDMgMjkgREMgQkYgNDcgODUgM0YgMDggRjcgOEUgQUUgNjIgMDggQkYgRDggQkIKODMgREMgMDYgNjEgMjAgMDAgODAgNUYgRDkgMjcgQzQgQTQgNDAgRkEgRkYgOEYKNTUgQUEgNEEgMDEgMDkgQjUgMzggOTAgRDggMTYgNzMgQzggNEEgQ0MgMjkgMUMKMzAgQjYgRjEgRUUgNDIgRDggMjIgMUEgQkQgMjEgODQgMTAgNDIgQjggMEIgRUIKMkUgQjcgQkIgRkMgMEMgOUQgN0QgNkIgMTAgNDIgQjggMEYgQUQgOUUgMjAgODQKMTAgNTYgOEIgQTUgNUYgNTIgQjcgNTggQzQgREMgM0YgMEYgMjEgQkMgMTAgRDYKQkQgQjcgOTAgODYgOTggQzMgQjcgNzQgQjcgMzEgRTYgNjggMTIgMEUgMjEgODQKMTAgNDIgMDggNEYgQzMgMzQgOEMgMzEgQzcgNzcgMkYgRTQgMzUgQjUgODQgMTAKNDIgMDggMjEgMUMgM0UgNjIgMEEgODUgRUIgNUQgRkMgN0QgRjkgODggOUYgREYKOTQgMTYgOUEgNjIgMTEgNzMgRUYgMUEgRDYgOEYgQTUgM0YgRjkgMzkgOTcgMDIKRTEgNTEgRjQgMTQgNDMgMDggNjEgOEIgNjggRjQgODYgMTAgNDIgMDggRTEgRDMKQjggNTUgNkIgNzcgNzkgMTAgQjEgNzAgMTkgMzcgRUQgMkMgMjEgODQgQTcgQTMKMDUgMTQgODQgMTAgQzIgNkEgMzEgREQgRkIgNTggQzQgM0QgNkYgOTYgMTMgMkYKOTcgQTUgNEUgMUMgQzIgODQgMTAgNjYgNjEgRTUgN0QgN0MgMzYgMEUgOTkgQTcKM0UgRTYgOTggN0QgQkYgMTAgNDIgMDggMjEgODQgMTAgQjYgNTAgNzUgNjQgOEMKMzkgNUEgRDQgNDMgMDggMjEgODQgQjAgMUQgREMgRUEgNDcgMzkgNzYgMzEgODUKQzIgQjMgQUMgQUMgMjQgNEEgNTMgQjIgNkIgQTIgNDMgMjkgMTAgQjYgOEUgOUUKNjIgMDggMjEgNkMgMTEgOEQgREUgMTAgNDIgMDggMjEgM0MgMTcgQUIgQUEgQjIKQUIgREYgMDQgODQgRjAgNUMgQjQgODAgODIgMTAgNDIgNTggMkQgQTYgQ0YgMTQKOEIgQjggRTcgQ0QgRjIgQkEgQ0IgMzQgRjYgMzEgQzcgRUMgN0IgODEgMTAgNUUKMUMgQUIgREEgNTggRjggM0YgRDEgNTIgMjIgMzkgODQgMTAgNDIgMDggMjEgM0MKOEMgNTUgQ0QgODEgNkQgNDQgNDMgMDggMjEgODQgQjAgMDEgREMgQUEgN0UgRDYKMEYgMzEgODUgQzIgQTUgRTAgQjMgMzIgMjggQkIgRUUgMUUgNzMgNTQgMzcgRkUKRDIgRTggNDQgMEEgODQgQUQgQTMgQTcgMTggNDIgMDggNUIgNDQgQTMgMzcgODQKMTAgNDIgMDggREYgODAgOEYgNDcgRkMgODYgM0QgOTMgODQgRDcgNUQgNEEgQjQKODQgMTAgM0UgOEQgNTYgNEYgMTAgNDIgMDggRUIgQzUgNzUgNTIgNEYgRjEgNzYKNkYgNUUgNUIgMTAgQzIgNDMgNTggNzcgRUYgMUUgODkgRTQgRjAgNDIgQjggREUKMzQgREIgQUMgRTQgNjAgN0IgMEQgNDIgMDggMjEgM0MgMDcgMkIgOUIgMDMgNUIKRDcgNDMgMDggMjEgODQgQjAgMTggQUUgRjMgMjUgREIgRUEgMzggNzkgRDMgMTMKMUMgMUUgNDAgMjcgNTIgMjAgNkMgMUQgM0QgQzUgMTAgNDIgRDggMjIgMUEgQkQKMjEgODQgMTAgN0UgQjEgNzcgMkYgQjkgQUQgODMgNTAgMDAgNDAgQjcgNzIgOTcKNTAgRUEgMzggNEQgRjYgQkYgQjEgMzcgNEEgNEQgMjIgRUIgMTUgQjcgRDggNDAKN0MgMjYgNTcgRTIgQTggOTMgNTggRTUgN0YgMDEgMDggMEYgQzAgNzQgOUIgMjIKOEIgMjUgRTMgODQgQzMgOEEgOUUgOTkgODAgMTAgOTYgQTAgQTkgMTMgODQgMTAKQzIgQjEgMzAgN0QgN0UgQzQgMTIgOEIgQkEgOUIgOEEgNDUgM0QgMTcgODQgQjAKM0EgQUUgMUMgRTMgNUEgMkUgNzUgNkYgN0MgN0QgRDMgRTUgMTYgNEIgNTggNDkKRkQgREEgRkMgNjMgMjEgREMgMTcgQTcgN0IgNjQgQjEgNEEgNkEgNjIgRkUgMTIKODQgNUEgMDAgMjEgODQgMTAgNkUgQzUgQjYgOEIgQ0YgQjYgQzkgMjAgODQgMTAKNDIgNTggMTMgQTcgMTQgNTkgQUMgQjIgRUMgRDAgNDkgRjEgNzkgMjkgMzIgRDIKN0MgOEYgMkMgNkUgRkUgNTAgRjAgOTQgRDggNzYgRTQgNkYgRjMgMEUgQzIgQkYKQTMgNUEgMEMgMjEgODQgMjMgQTIgRDYgMUIgNDIgMDggMjEgODQgNDcgNjAgNjcKMzcgRTggNEEgRjQgODIgMTAgNkUgNDIgRjMgMjYgMDggMjEgODQgNjMgQTEgOUUKMEIgNDIgNzggMDYgN0MgNDkgNEMgMkEgNjkgQTAgMEUgMkIgQ0EgM0MgODcgREQKRTIgRjUgMTIgOEYgNTAgRkYgQTEgNkEgRkYgRjkgMTAgNDIgMDggNjEgMjEgQTYKNjkgOEUgMkMgOTYgRjQgQjMgRkIgMTUgQkQgODggMDQgMjEgODQgMTAgQzIgOTIKQjcgMjAgNUYgRDYgRTIgM0EgNEYgRkIgRDkgNTQgRkMgM0UgMEUgNjkgNzQgMDQKRUIgQTIgREQgM0EgMDggNDcgNDcgQjUgMTggNDIgMDggNDcgNDQgQUQgMzcgODQKMTAgNDIgMDggNUIgNjEgQ0YgQUYgNDIgRkMgOUMgRTIgRTUgRDQgMjQgODQgQTcKNDEgOTMgMjYgMDggMjEgODQgNjMgQTEgOUUgMEIgNDIgNzggMEEgMUMgRUEgMkUKMjYgODkgNTUgNzAgNUYgN0MgNUUgQTQgNkEgRkUgNjQgNDMgRkEgOUEgNjMgODkKREIgN0YgMEUgODQgMTAgNDIgRjggQTYgOTggNkUgNTMgNjQgQjEgQTQgNTcgREQKQUYgNjggRjIgMEUgMjEgODQgQkIgRTMgQzcgNTcgNjQgNzEgMzUgNDEgNjIgRUQKMkYgQjUgQzkgQjAgMzYgN0UgNEUgOTEgQzUgRTYgOEIgMDYgQUQgOEEgNTYgRTcKRTAgQUUgNjggNjMgMEUgQzIgRDEgQjEgNkQgMkQgNzYgRjcgMjAgODQgMTAgRkUKMDIgREIgMzYgREQgMDYgNjAgMTAgNDIgMDggMjEgMkMgRDkgMDggRUUgRjMgNzQKNjQgQkEgQzYgNzcgQjAgNDkgMDEgRTEgMUIgQTMgNDkgMTMgODQgMTAgQzIgQjEKNTAgQ0YgMDUgMjEgM0MgMkQgM0UgNjcgMzQgMUQgREQgMDAgNkUgREUgQzggNzYKQzMgMTIgRkMgM0YgNEUgMjkgQjIgRDggNzkgQTYgQTIgMDEgMDAgODQgMTAgNDIKMzggQzQgRjUgMUQgQkEgNkMgMDggMjEgRkMgMjUgNEUgRjcgQzggNjIgOTUgMDkKREEgN0MgOEQgNDcgOTAgNkMgNzAgMUEgMkMgN0UgODEgNzEgQjUgQ0IgQkUgREMKRTIgMTEgRkEgQ0EgOUMgRDkgQUYgQjggNjQgMEEgQUQgN0QgQUIgQ0QgREYgMUYKQzIgRUQgNjggQzcgMEQgQzIgRDEgMzEgNEQgNzMgNjQgQjEgQTQgRUEgRUQgNTcKNzQgMkEgMUYgNDIgMDggN0YgNDQgQTMgMkYgMDggMjEgODQgMTAgRjYgOEYgMkYKQUIgOTQgMjUgQzMgOEMgNTYgNDUgNjcgMUUgMjEgN0MgM0YgMzQgNjkgODIgRjAKMUYgN0IgRjcgOTIgREMgMjAgMEMgMDMgMDAgRjQgMkEgM0UgNDIgNDkgRDIgNjYKNzIgRkYgOEIgNzUgMDcgMzYgRTMgMzYgOTAgMDAgQjYgQzggREIgNzggNDYgNkYKRDcgOTQgOUYgNkQgQzkgODIgMTAgQzYgNDIgNkYgMkUgMDggRTEgRTcgNjIgNjcKRDkgRTMgNkIgMEIgMUUgODcgQzcgMjMgNEQgQTMgMUMgQUQgOEYgQzEgQjIgOEMKQjEgRjMgRUIgRDYgN0IgMUYgNDIgMDggMjEgN0MgMTkgQ0QgRDYgMjEgODQgMzAKMjIgRkUgREMgRDIgMzggMkMgNzkgREUgQkUgMTMgRTYgMzMgQzEgRUEgRDMgQkIKOEEgRDUgODQgMEEgMDcgMkIgQkQgOEIgOEIgRUIgMTAgREYgQUMgNzIgM0QgN0QKMzggRDYgMjcgMkEgRUIgODAgNUQgQTEgMkYgNzMgMDggQTMgRTMgQUMgN0QgQzYKOTIgNUIgNkYgQkYgRDAgNEQgMEQgMjEgODQgNEYgRDEgRDcgMTcgODQgMTAgNDIKMDggMDMgNjAgQTggQjQgNDMgNjUgOEMgMTAgOUUgMDkgQ0QgOTggMjAgODQgMTAKQzYgNDIgNkYgMkUgMDggMjEgQ0MgNzEgNzggMEMgMjkgMUIgQ0IgNzQgQTkgQUUKOEYgQUYgQ0YgNUIgMzMgNDggMzUgOEMgOEQgQjUgNTUgQTAgRkMgRkYgQkIgRTQKN0EgRTggMjQgMUMgNkUgRDcgOTQgOEQgQUIgN0YgMEEgMDggMjEgODQgRjAgOTMKRDAgRjQgMUMgNDIgMDggM0IgQzcgRjIgRTAgQTAgQUUgOEYgNEQgREUgQjEgRDQKRjEgNzQgQTggODQgNzAgNTUgMzggMkQgOTEgRDUgN0UgRDIgRUEgNTEgNEIgNkIKNkYgMzQgMDggNzcgQzUgQjYgQUQgRDYgN0MgNzIgNDMgQjggMDEgNzYgOTYgMTEKRUEgQkUgODYgMTAgQzIgQTcgNjggQ0QgMTMgNDIgMDggMjEgODQgNDEgMzEgNkUKMEUgQTEgODIgNDQgMDggQTMgQTAgRTkgMTIgODQgMTAgQzIgNTggRTggQ0QgMDUKMjEgODQgNEYgQjEgNzYgOTQgNkUgM0UgNEYgRUYgQkEgMTYgNEMgOUIgQzUgOEUKRjAgRkEgNDggRDMgNzggQUEgNDYgMDkgQjMgQjUgQjUgQ0IgRTUgOUEgQTYgNTEKQzkgMjEgODQgMTAgNDIgNjggNTYgMEUgMjEgODQgODEgQjEgM0MgNTMgQTUgNzEKN0IgMUQgQTEgRjAgQ0YgMzIgQzAgRTEgOTIgQjIgRDEgQjEgNTQgRjAgNEMgRDgKQjYgQ0QgNTkgRDkgRjkgRDQgNTIgMkEgODQgOUIgNjEgREIgQjkgNzAgQkUgNkYKNTIgQUIgNkEgMzQgM0IgODYgQ0IgQjAgRjggRDYgQUEgRTcgMjcgREIgOTggODMKNDEgQjEgRUQgNTMgREEgOEEgMjUgODQgMTAgNDIgMDggQjcgQzUgRDAgODkgN0YKMEEgMDkgMjEgRUMgMTAgQ0QgOTggMjAgODQgMTAgQzYgNDIgNkYgMkUgMDggMjEKN0MgMEQgODcgOUYgN0IgOUEgQzYgQTMgOUYgOUYgMUIgODYgNzkgMjMgQkMgNkEKMjYgOEMgMDUgODcgMTUgN0IgQzEgRTUgNEYgMTcgQkEgRDUgRTAgN0YgRTEgRkMKRkEgNzcgM0QgNDAgMDggMjEgODQgQUIgQjEgRUQgNjQgNUMgN0EgMjQgODQgMTAKRjYgREMgRDAgNEEgMjggNEMgRTkgNEIgMjUgMjAgODQgMEQgREIgOTMgOEQgMzUKQjkgQkEgNzAgNDIgQjggMkIgQjYgOUQgMTcgQ0YgQzIgRTEgRkUgOUQgQTYgNzEKRjUgREYgMDIgNEYgODUgM0IgMUMgRkYgOTggRUYgMTMgRjkgQTIgODMgNUQgNjEKREIgNDcgQjEgN0MgMjEgMDggMjEgODQgMTAgMUUgODAgRjUgMTMgM0MgNkUgNjkKMUMgOTYgN0MgQjcgQjQgMEEgMTUgMEMgNDIgRDggMTYgQ0QgOTggMjAgODQgMTAKQzYgNDIgNkYgMkUgMDggMjEgN0MgMTEgMEYgNEYgNEEgRTkgMjQgQ0MgNzcgMzAKQUIgMEYgRjMgNkQgRjAgQjAgRkEgQzQgNzIgRkIgNzUgOTMgNEQgREUgMTAgRTEKOTggRTMgRTQgNjggRjQgNUYgRjYgRUUgMjggMzkgNDEgMTggMDggMDAgRTggNTUKNzIgMDQgNTEgNkIgQzcgRkIgNUYgQUMgNUYgOEQgQzQgNDkgMkIgMjAgMjEgOEIKQkMgOUYgQ0MgRUMgMUIgN0YgMUMgMTEgRDggNjQgQjMgODEgMTAgNDIgMDggREIKNjEgREYgOEMgNUIgQTEgMjMgODQgMTAgQ0UgNkQgMjAgM0MgRUIgQkUgMkEgMTQKNEUgMEMgMjUgRTAgMTAgQkUgODMgMkQgQ0EgQjcgRjIgQkYgNTIgMEIgMkMgMDgKQjcgQzcgNTAgMUQgMTggQUMgNTMgQzMgRjMgRDcgMTYgQUIgNDIgQUEgNzkgNjEKMDQgRUMgM0IgNEIgRTkgN0UgMEIgMjEgODQgMTAgQzIgNkUgNTggQjYgRkUgQTgKNjcgQTYgRTUgN0MgRDEgOTQgRDcgOUIgQ0QgNDIgRDkgMDQgODQgNEQgQjAgQjgKMzMgRjQgM0YgRkQgNDEgQzYgMDQgMjEgODQgNzAgMkUgOUEgRUIgODMgMTAgQzIKMTUgQjEgNDUgNTEgQ0EgQzEgQzMgODkgNUIgMEUgOUIgQUUgQ0YgMDYgMDkgRjMKNzQgOTMgMzMgMDIgMjAgODQgMTAgQzIgMDggQTggNzAgMTEgNDIgMDggRTMgRTIKNTEgOUIgRjYgMDggRDcgMEEgQTcgMjQgRTAgNEYgMEYgNUYgNTkgMzkgODQgNkQKQjEgNUEgQUYgNzUgQkQgQTQgRDEgNTggRkQgNkYgNTYgM0YgRTkgRDQgM0YgMDgKODMgNjAgQTggOUUgMEMgRDIgRUEgODMgNjIgNTEgM0QgQkIgNzUgQTUgQzQgRjUKOTQgRjIgNTAgNEIgNjQgNUMgODcgNzAgNjUgNTQgMUEgMDQgMjEgODQgMTAgNDIKQjggMjAgNEIgREQgQ0IgREUgQzAgRTEgM0UgQTQgQzcgNjggQTYgMEIgQzIgM0YKNzMgRkYgRUUgM0IgRkUgRTQgNEEgMTAgNDIgMDggREYgNDQgQjMgN0MgMTAgNDIKRDggMUEgRUQgMEEgMTQgQ0UgMEQgRjMgRjQgOTEgMDIgNDIgMDggMjEgODQgMzAKMkMgQUEgNTQgODQgMTAgQzIgN0QgQTEgREMgNUMgNTggQzkgQkUgNEYgMjkgMEYKQjYgRjUgNDEgMDggMjEgODQgMjEgMzAgNTggMjcgMDcgQTcgRjcgMUUgMTMgOUYKN0UgRjcgMjkgOTcgNEEgQkIgRDAgNDUgMDggOUIgQTIgN0EgMjEgMDggMjEgODQKMTAgQzIgMDUgQjggQTMgQUQgODIgMkYgRkIgRjAgOUIgRkQgODYgMUYgODIgNjUKMDcgQjkgN0QgOUQgMjggRjEgRDQgQkYgNkUgRjYgNzcgODcgMTAgNDIgNzggM0MKMzQgQTcgMDcgMjEgODQgNUQgNTAgRjEgQTEgRjAgRTUgRDYgQkYgRTEgRjYgOUQKMUUgQTMgQTcgMjQgODQgMTAgNDIgMTggMTggQTMgRDUgMjggQ0EgQjUgMjEgODQKNzAgMTkgQkUgNzcgQzggRDQgRkQgOTYgN0UgODcgQ0UgMkQgNDMgODUgQjMgNEYKRjQgMkIgN0YgNjUgQzUgMEYgMTAgNDIgMDggRTEgMDcgRTAgRjYgQUIgMzAgRjkKQUQgQzMgNjEgQTMgNDcgQzYgNTggM0QgQTMgNDYgMjcgODMgRDQgQ0UgM0UgMzAKNjUgMDQgOTcgQTMgNDIgMjMgMDggMjEgODQgMTAgQzIgQjUgNzAgQkYgM0IgMEEKQzcgMjcgOUIgRDcgMzIgNzEgM0QgNEMgNjAgM0YgM0MgNUYgNTIgMzEgRDYgN0IKRUMgOTQgOTcgRjEgQTQgQ0IgQkUgNTcgOTggRUYgMDkgQjUgMkYgNjggREIgMjAKODQgMTAgQzIgRDcgNjggMzYgMEYgNDIgMDggMDMgRTEgRTQgMDIgQzUgQTYgNEIKREIgQzIgNkQgQzIgOUMgQ0QgNTUgOUYgODkgRUEgMEEgMjAgODQgMTAgQzIgNEYKNDUgNjkgMzggODQgMTAgQzIgN0YgNTcgMkQgODcgMzQgMUEgQUIgNzcgNkYgNUIKMTcgN0YgRDggQkIgOUIgREMgMDYgNjEgMjAgMEMgQTAgNTcgRjEgMTEgNDIgODQKRkEgNzMgRkYgOEIgNTUgQUEgNDQgMEEgQzggNTIgMDYgMTcgMUIgMDMgNkYgNjMKNjkgOUUgQkEgNjAgOTEgMjggQzUgRjYgMzcgNTMgNUMgODYgMjIgODQgQTYgMDcKNDIgMDggMjEgODQgMzAgODAgMzUgNjIgODkgNUEgMEIgQzIgQjMgNzQgQUMgNUEKOTQgQ0IgMjcgQzkgM0QgQjAgNEYgMkYgMEMgQTEgNUQgNTMgMDggMjEgODQgMTAKQzIgQUEgNzggREUgN0MgRTIgREIgMDEgODggQUIgMzggOTggQUUgMjkgQjcgQzYKQ0MgNjkgNEUgRjYgMTMgOTIgN0YgMDUgMTggQkYgRDIgQjQgOUMgRTkgNEIgNjEKMzQgMjEgODQgMTAgQzIgMDYgMzggM0MgQzYgRjQgQjcgOTYgOUMgODAgRkMgQTcKQjQgNzcgMDcgMjEgODQgNjUgNTggRTMgNDQgNUIgRDkgQTYgNzQgNzMgMDAgNDIKMDggMjEgODQgQUUgRDMgNDAgMDggMjEgM0MgMEMgMkIgQTQgMUQgNjEgMDQgNDUKMTcgMjEgODQgMTAgNDIgRDggMDIgQzMgRkQgMkQgRjMgRkYgQzYgMkMgRkYgNTIKODMgNDQgNTggOEMgQ0IgQzMgQUYgRDYgNUIgNUUgQUUgNUMgQzIgREQgRDEgMkUKMkUgODQgMTAgNDIgMDggNjEgN0IgQkMgNEMgNTIgNzIgNzMgOEUgRDIgRDggQzcKNjIgMEMgOEYgMjkgOEMgMUYgRUUgQzQgRjEgRjMgOTkgQTYgRTUgRTAgRUUgNDAKNDcgOTUgQUYgQUYgQTcgMEQgMjUgMDggMjEgODQgN0IgRTIgNzEgRTkgMTggM0IKQzkgMTAgNDIgQjggMjcgNkUgMzggQzUgN0UgQTQgQzUgRkEgOEIgMUYgNjkgNUEKQ0MgNjIgRDggQjkgMzQgNTEgMTEgNDIgMDggMjEgODQgMDUgRTggMTYgMEQgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgQkMgMUEgRjYgM0QgMzUgNzIgN0UKN0YgQzYgRDQgNDggMTggNDEgQkIgQjggMTAgNDIgMDggMjEgODQgOUQgRTAgNEQKMDIgOTIgRUYgRjMgOTIgRTEgODAgREUgRjUgRjAgOTIgNzMgMTIgM0IgMjkgQ0QKRjggODAgMTAgNDIgNTggMDMgNTcgN0QgMUUgMjIgM0YgNDkgRjUgNEEgMkQgQUMKMjEgODQgQjAgMjMgNUMgQzYgRUIgQjIgQUYgODEgRDIgOTEgMUIgREUgRTAgODYKNjcgOUEgQUQgMDYgM0EgNDAgMDggMjEgODQgQjAgMDYgQkEgM0MgMDMgMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRUYgODAgQzMgRjcgOTAgNjYgNkIgNTcKNzcgOTUgNzUgRjYgODYgNzYgNzEgMjEgODQgMTAgNDIgMDggQ0YgOEIgRjcgQ0MKNDUgMkEgRUYgNUMgQ0EgMkEgNDIgMDggMjEgNkMgODYgQUIgOEQgRDMgQzggRUYKRDQgOEUgRTUgRjggNDggQUYgNjUgRUIgOTMgNDMgMDggMjEgRUMgMUQgMzcgNDQKMjAgNkIgNjAgNUYgQjEgQ0EgNDggOUUgNTEgNzQgMTEgNDIgMDggMjEgODQgNDcKQTEgM0IgMzMgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgODcgQkQKM0IgQzggNDEgMTAgMDYgQTIgMDAgN0EgOTUgMUUgNDEgMzQgOEEgREMgRkYgNjIKQUUgMDQgMjQgNEQgMjggMTEgOTkgNUEgREUgNjYgOTIgNzkgNkIgOEMgRjAgMzMKRDMgOUUgMTYgQUIgMUEgNTEgNzYgMjkgMjQgMTQgRTQgNDIgMDggMjEgODQgMTAKQjYgODQgOEIgQ0YgOEQgRjAgMzkgNDYgQUQgNzYgOTcgRDYgREEgMjMgODQgMTAKQzIgNTggOEMgNEUgQzkgRTYgOEIgMkEgRDYgMjEgMjEgODQgMTAgRkUgMUUgODMKMzcgMzQgNEIgRDEgNUUgMjQgODQgMTAgNDIgMDggRUIgQzcgRTggNDggQzEgRTAKMEQgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgQUMgMEIgNjMgMEYgMjQKNzcgQUQgMjQgOTQgRTUgNDIgMDggMjEgODQgMTAgQjYgOEQgREQgMzAgQTQgOEYKQkEgM0MgNTAgQTUgRTQgRjUgNEMgQUIgM0QgQTAgMUQgOTcgMjUgQjMgMUYgMDUKRDkgNjkgREUgQUQgM0YgMDcgMDggMjEgODQgNzAgMTcgRUMgQUYgNjkgMkMgMjUKRkYgNzEgM0IgQjYgNDIgMzMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgNEYKRDEgMUMgMEUgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMzMgNUMKREUgMDUgMTkgM0UgRTEgRUMgQjYgNEEgMjggQ0IgODUgMTAgNDIgMDggMjEgNkMKMUUgMkQgNUEgNkEgMDMgREIgRTcgMjUgQkQgNEIgRkUgNzggMUYgRUIgOTMgMTAKNDIgMDggNkIgQzcgNEIgOUYgQTYgN0EgNzQgNkUgMjYgNDYgODMgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggREIgNDAgOTMgMzkgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgQUUgQTIgRUIgMkMgNjEgMzggQ0EgNzIgMjEgODQgMTAgNDIKMDggNEYgODcgQjcgMjEgQ0QgNkEgRjYgNzMgQzAgM0UgQTYgNzYgQjUgMkQgNUQKQTIgRUMgRUUgNjkgQUEgREIgMUYgNTcgMDggMjEgODQgQjAgNTYgMTQgRUQgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgN0IgMzQgQjcgMDMgMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggRTEgM0EgNTYgNzYgRkQgNjUgRjcgNDggNjMKQzkgMUQgRTcgMkUgNkEgNkIgMTAgRkIgNkIgMUEgNEIgQzkgNDMgQjIgNjMgMkIKQzggODUgMTAgQzIgMTcgN0IgNzcgOTQgOUIgMzAgMEMgMDMgMDAgRjQgMkEgM0UKMDIgNkQgRTkgQzYgRUUgN0YgQjEgNjkgOUIgOTQgQjYgMjggMUYgQzkgNTAgNDkKMDIgRUYgQTMgOTYgRkMgQkUgNUEgODEgNDQgQjEgRUMgMTggNDIgMDggQkIgQzYKRTIgNTEgQ0QgRTMgN0IgNUQgRkIgRkYgMzUgRDIgN0YgQTcgQjcgNDggRDcgNEYKM0EgNEQgNzMgRUMgQTIgNDEgNEIgMDggMjEgODQgQjAgMTYgREIgNzYgNTEgREUKRkQgQjIgQ0YgRjMgMTIgNUIgMzQgQTcgMDkgMjEgODQgMTAgNDIgMDggMjEgODQKMTAgMEUgODMgNkQgMkIgMEMgREEgN0IgMjAgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgQjggRDggRDUgMjkgRUIgQ0IgMUMgMjkgRTQgNjYgNEIgMTUgREYKQzYgQzEgQzMgQzggRUQgQjMgNkIgQjYgNEEgQjggMTAgNDIgMDggMjEgODQgNkYKODQgMTUgMDMgOUUgOTcgRDggNjIgRTYgRjQgOTggOTIgNzcgQ0IgNzcgNEIgNzcKMUIgMkEgRjMgNkYgRDcgNEYgNDYgMTMgOUEgMTAgNDIgMDggRTEgMTkgRDggQkEKRkQgRjIgRjAgOTIgNTYgN0IgRjMgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKRUMgMEEgREIgRDYgMTkgQUUgOTcgNDggNDEgRUYgMTkgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgMUMgMDkgM0IgNUIgRDAgOTkgRDIgNUMgNkYgQjYgMzMKREIgODcgQzEgODYgM0IgMzcgN0QgODUgMjAgODQgMTAgNDIgMDggNjEgMjkgMkUKNTMgRUMgNjIgRUQgQkMgMjEgMkMgNDIgQ0IgMzQgMjEgODQgMTAgNDIgRDggNTMKQUIgQTcgRTMgRTAgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNTcgQzIgQjYKNzUgODYgQkIgNzQgRkEgNUMgNjMgOEIgRDUgQ0YgMDIgMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggNjEgNDMgRUMgNkEgOTEgRTggN0UgODkgNEYgNkUgMUYKQTUgOUUgOUYgRDYgRDggRDMgN0EgRDAgNUIgQTQgRUIgRjcgREUgRTYgMjUgQjYKNjggOTggMTQgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgOTYgRDgKQjYgQzkgRDMgMzAgMjkgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggNEEgMzgKMkQgNkIgRUMgNjIgNDkgNzEgRTAgQkMgNTQgRDkgMDEgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgMEUgOEMgN0QgNkYgMkMgQkQgNUUgMjIgODUgREMgMEQKMkIgQzcgM0QgOEMgQjkgRjkgRDAgNjkgRkQgOEEgNUQgRkMgQzMgRjUgMjMgNTIKMjggRjkgRUMgQ0UgNEIgOEYgRjUgRTEgRkEgNDcgODYgMTAgNDIgMDggMjEgODQKMTAgN0UgQjMgNzcgMkYgMzkgMDggMDIgMzEgMTggODAgQUYgRDIgMjMgMzggOEEKMEYgRUUgN0YgMzEgMTcgMDYgNjQgQ0MgQzQgNDAgMDIgMEMgOEYgNkYgRDMgQTQKREYgNEUgNzcgMzQgRDMgRkUgMTAgNDIgMDggMjEgODQgMEIgQTMgNjUgNTIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQ0UgODUgRTkgNzUgOEIgNkYgQUQgMUQKOTcgNjAgRUMgMDAgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggOEYgODUKQTkgNEQgMzEgQUMgNzkgMTAgRTQgOTggQTEgRDkgNzIgNkQgMUUgQTUgMkEgODAKMzIgQ0EgOTggRUUgMzEgQTggMUYgN0MgNUUgQTMgMkYgNjMgRkUgRUEgNUEgQUQKQzggNTEgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRjcgODUgOEYKMjYgQkEgQjIgRjYgN0QgNDIgMEYgMzggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKQzIgNDMgNjEgMjkgNjggRTAgNzYgOEQgQUUgQUMgRkQgRUEgQzkgRTQgMDEgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgOUUgMDEgRjMgOUQgQ0QgQ0EgRjcKREMgRkEgQjYgMTAgOTEgNTkgRDggOUQgOUMgRkMgNjMgMjcgNjAgQkUgRDggNTgKQ0MgRjEgMkMgMEUgMTIgNjcgQzEgQkQgNkMgODMgQ0EgMTUgODUgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgNzAgRDcgOTggREEgMzYgMDYgNzUgQ0MgREMKNkYgQjkgRDYgQTMgNEQgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgRjAgRjgKRjMgRjkgM0YgNjYgNjIgMzAgNjMgNkIgRjggMDAgMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggNEYgODEgQkYgOTcgREMgM0UgMTggNUQgNTkgRkIgODYgRkMKRkYgQjYgQjkgNDQgNUYgQTYgQUUgNjEgMTYgQjEgNzkgNDUgNTcgMkEgQzcgQUQKNkUgQjMgOTUgMTAgMEEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEKQkUgNzAgNTMgNDcgMDIgQkQgQzMgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMEYgOEYgOTYgNDAgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgQUMKODIgRTkgRjEgOEMgNkYgNUQgN0IgMzQgQTcgQUQgRDIgRTYgNkYgQzMgMkMgNzgKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQkUgRDkgQkIgODMgRDQgMDgKODEgMjAgMEEgQTAgNTcgQTkgMjMgQTQgRUMgMTggRTIgRkQgMkYgOTYgQzUgODAKRDQgODggOTAgMTYgMDYgREEgQzYgQjcgRjkgNTAgNkYgQTUgRTggRUEgRDMgNDUKNDMgMzggMDcgOEUgM0QgNjkgNzkgMTggNzMgREQgQTIgRTQgRDUgNzcgODEgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggRTEgRkQgNzEgNkMgMTcgNjEgRUIgMTMgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgM0UgMTcgQ0YgRUUgMDMgNkQgNEIKRUMgRDEgRDMgQjAgMTkgRUYgM0YgMUUgNkYgRjYgNkMgMTkgMjUgMkYgRkYgMzYKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgMTEgMzggRjYgQjAKQTUgOUEgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgN0MgMUEgOEUgRUQgMjIKMkMgN0UgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNTggMzEgQjcKOEMgQjcgN0MgM0IgRDIgRDMgRDMgQjkgMTkgRUYgMzAgRUUgOUYgRUMgRUMgNkEKNTcgNDUgMjggODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTMgRTMKRTggNTMgOTcgNUYgNTEgRjIgRUEgQzMgNDMgMDggMjEgODQgMTAgNDIgMDggMjEKODQgNzAgNTIgMUMgREQgNDggRDggMDMgODUgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgRjAgMUYgQ0MgREYgMTYgMjUgMkQgODcgREUgNzYgQjQgRkUgMDkKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgQTMgMzAgREIgMUEgMjUKN0IgNUEgQzQgMEYgOEUgNEUgNjAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKQ0YgNDQgM0IgQTEgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQ0UKODggQTcgOEIgQTIgRjkgMTMgN0IgRjQgMTQgNzQgQzYgRkUgRjEgQjggRUYgOTkKNEIgRDQgN0MgRTEgNzcgOEIgOTIgMkYgNUMgNUEgNDYgQzkgQUIgMUYgMUEgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMzggMjMgMUUgMkEgREMgOUUKMTIgRjIgODMgNjMgQUUgNUIgOTQgQkMgRkEgRjAgMTAgQzIgM0YgRjYgRUUgMjQKODUgNDEgMjAgMEEgMDIgRTggNTUgRkUgMTEgRTIgMTQgRTMgRkQgMkYgOTYgODUKRDAgQjQgMjIgQzQgQzYgMDkgRTMgREIgMTQgRjQgQzMgNDUgODIgQkIgQzIgNTIKMDggMjEgODQgMTAgNDIgMDggMjEgQkMgMjkgOUEgOEIgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgRjggMzcgNTggMEQgNDMgRTQgMzkgNUUgRDkgNDYKOEEgMzUgQUQgREQgRDMgOEUgNzYgQTAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgQzIgRjMgQjAgRUQgMjMgQ0IgMTEgOUIgM0EgNTIgQUMgNjkgMzUKOEIgOEUgQTkgMDIgNTUgNkMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNEYKQzYgNkIgOTcgQTQgRUQgMkIgNTIgMkMgOTUgMjQgQjYgQTUgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNkUgQzIgNUIgNkYgNEIgM0YgQUYgQzggNjIKQTEgQ0YgM0MgMTkgRUIgQUEgOEIgNDggNTkgN0MgMkYgMjAgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgNzAgMTcgM0MgQTIgRjggOUQgQkYgNzMgRUYKREQgNDcgQTQgRjQgMzAgMjcgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggNjgKQkMgNzYgODUgM0EgM0IgNTYgN0QgMTcgOTEgQjIgRjggQkYgNDAgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggN0YgNjMgMzMgNDQgOTYgOEIgREYgRUIKMkMgOUQgNjcgOUUgODcgRDMgREYgNjkgMUMgMEEgMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgRkIgRTAgQzYgRUEgNzggN0EgQTUgNkYgQTcgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgNzAgMEQgNTYgNEQgMTcgNTkgQUUgNTkKQTEgMUUgNzcgOUMgOTYgMUUgREUgQ0EgMDUgMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgRjggNjUgREYgOEUgNEQgMDAgMDYgQTEgMjggOEEKQUUgRjIgNTcgNDggMEMgMjQgRkIgNEYgOTYgNDIgMTAgQjEgRkEgODUgMzYgN0EKOUEgMDcgRUYgRUMgNzAgMjEgODQgMTAgNDIgMDggMzcgQzQgRUIgMkIgRDEgNkQKQTYgNDIgNUQgNzcgRjUgQUQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRkIgRTMgRjMgNDYgQjcgMTUgQ0IKMUQgNkQgMzIgNUQgRUEgQzQgMkIgNzEgODUgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgMTMgODcgQ0UgMzQKOTMgQTYgNEUgQkMgMkEgNTcgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgMzMgNTEgRTUgMEEgMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgRkMgRDkgQjcgNjMKMUIgODAgNDEgMjggODYgODIgQUIgRkMgMTEgNDIgMjQgMTQgNjUgRkYgQzUgMjgKOTAgMTAgMTUgQTUgMUIgQUUgNzEgNzEgOTUgMTcgNzggMTAgNDIgMDggNjEgMUUKNTUgQUUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMzAgOEYgMkEgNTcgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgOTggNDcgOTUgMkIKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgQ0MgRTMgRDUgOTUgNkIgRUIgQjUgRUQgQzQgRDYgRkYgREEgRjYKODAgRUYgRjMgNTUgQUQgOEQgOUYgODcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMzggRDggQkIgODMgMTQgODYgNDEgMjAKMEEgQTAgNTcgOTkgMjMgMzQgMjYgRDYgRjYgRkUgMTcgRUIgNDIgMkEgODEgODYKMTAgNjkgNjkgMzAgQkMgQ0QgODcgNzkgODggQTggRkIgOEYgMTAgQzIgOTEgRjEKODIgMkQgRDcgNzkgOEEgNTUgNTYgMkMgMjkgNUEgMUMgMzkgRDggRkUgOTggRUYKRDEgNjIgQUIgMzAgREIgN0YgNjYgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgQ0IgRTEgRDggM0QgRDYgQUQKRjYgRTggOUMgRTIgMUQgM0YgQTggQUMgRUUgOEYgQ0IgMkQgNUEgNTQgNDkgNEIKODkgNjggRDkgN0YgMjMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgQzIgOTEgRjEgREMgRUUgRUEgNjcgRjcgNzMKQ0EgQ0YgNTggNjcgNUQgRjYgODggMTYgNDcgQjYgRkQgREIgMzggOTUgMUMgRDEKQjIgRkIgRjEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggODcgQzYgNzMgOUIgQUEgMjMgOEUgREYgRkUgMEMKMEIgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMzggMzIgQkUgRDggQkIgNjMgMUIgODYgNjEgMTggMDggODAgQUIKNzAgMDUgNTkgNzEgRUMgRUMgQkYgNTggMEEgMjMgMDEgQTEgNEEgODIgMkIgNEIKNTcgRjAgMDEgNUUgQzkgRkUgQzEgNTIgRjcgNDggRDkgNTMgQ0YgNUMgN0MgNkQKM0UgQkQgOEUgMUUgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgRjAgRDEgNTggQ0UgMUEgMjkgN0IgRUEgOTkKQUIgQUQgNjcgRkMgRTYgM0EgNjMgMkQgOTEgNzIgRjQgRTAgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgQ0YKQzYgRDcgMTEgMjkgMkYgQUMgNUIgRkMgQTMgQTcgQkYgMzkgREYgREEgMzQgNTIKQ0IgRkIgODggOTQgQzMgNDcgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgNUMgMDMgOUIgNTYgNjYgNEYgQUYKNzMgODIgQjUgNkMgNDcgQTQgRjQgMzIgMTUgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgMkUgQ0UgRkIgNzEKQjUgRkQgOUEgQkEgN0YgMjIgRTUgRjAgQTEgMjAgODQgNUYgRjYgRUUgMTggMDUKNDAgMTggODggQTIgRTAgNTUgRjYgMDggODYgQTAgOTggRkIgNUYgQ0MgNDIgRDQKMkQgNTQgNTQgMjQgRDUgMzQgMEYgMzIgNjUgRkEgQ0YgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNUYgQjEgQjQKMTYgQTkgREIgRDAgMzUgRjYgM0MgNTkgOEYgNzYgN0IgQ0UgNDMgQTQgNUMgREYKNTQgMkQgNjMgMUMgN0QgRkQgMjcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgQjAgMDcgRDYgMTYgQTkgMkIKOTYgM0EgNDYgRUUgOEEgNTMgRUMgNzkgMzIgNEEgN0QgNzcgNTkgRDUgNUUgMTUKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgREUgNjMgMkQgOTEgN0EgM0EgNTMgRkQgMDUgQUQgNUMgMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMTcgNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAgQzgKRkYgRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAgMDAKMDAgRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgRDggOTEgNDMgMDIgMDAgMDAKMDAgMDAgMjAgRkYgNUYgM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgMTMgM0IgNzIgNDggMDAKMDAgMDAgMDAgMDAgRTQgRkYgNkIgNDcgODggRTYgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNjIgNDcgMEUKMDkgMDAgMDAgMDAgMDAgODAgRkMgN0YgRUQgMDggRDEgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNEUgRUMKQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKODkgMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUgMjMgNDQgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUgQkYgNzYgODQgNjgKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgMjcgRjYgRTYgRDAgMDYgMDAgMTAgMDYgQTIgRTggMkEgMUQgODEKMkEgQzIgRkUgOEIgMjEgMzAgMTUgOTggOEEgQkEgNjcgQkUgNzggQjkgRTQgMjAKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgOUMgQzUgQjUgQTMgRjQgNjEgOUUgOEMgRDIKRUYgQjIgN0QgMDQgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgNjUKREYgREUgNTEgMjAgODQgQTEgMDAgOEEgNkUgRTUgMkQgQzEgRjggMEIgRDkgRkYKQzYgQTYgMDggOTggMTQgMTYgQ0EgMjggMEMgOTkgNTMgNzggMjEgMDcgQzQgNTQKMjEgODUgMEYgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggMEQgMUEgMDcgODMgMTAgMEUgODYKNEIgODkgQUUgMTUgRjMgMUMgNDcgQUEgNEMgMTEgRjUgQjkgQjIgREMgRjYgNjgKQTkgNUYgNDkgNUIgQjQgREUgREYgMjQgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgRkUgMEYgMUEgRkIgODIgMTAgOEUgOEUKRkIgMUEgNDcgQUUgMUMgNjIgQjcgOTYgRUIgMTQgMkQgNzUgMEYgNkIgOEUgNTYKQjMgRkYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgNjggRDQgMEIgNDIgMzggMDIgQTYgNTIgQTIgRUIgOTUgRDMgRTkgQzEKNjUgQ0EgNUIgQjQgREUgREUgM0MgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgMTUgOUMgNzIKNzQgQUQgOTggQjYgMTIgNUQgNEYgRjEgRUMgNzUgQkYgM0IgNDIgMDggMjEgODQKMTAgQzIgREYgQzYgRDMgREIgNkYgNDkgRDEgRDUgNDUgMTcgNDIgMDggRTEgREIKNjggQzggMEIgNDIgMzggMTggQTYgNzUgODkgQUUgNTcgQ0UgQTIgMDcgOTcgNjkKQ0UgRDEgRUEgRUEgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMUYgRjYgRUUgMjAgMDcgNDEgMTggODggMDIgRTggNTUgRTYgMDggNTYgOEEKODQgRkIgNUYgQ0MgMDUgRDEgMzYgQzYgOTggMjIgNTUgMjMgQkMgQ0QgNEYgRTYKNkQgODAgQ0QgNjQgMTYgMzMgMDEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgRkMKMjQgMEUgNzMgNTQgQjkgRTAgNzQgOEUgN0IgQjQgRUMgRkMgQkMgMkUgQzcgNEIKOTQgNTggMUUgOUEgQzYgMjggQjkgRkUgOUQgMjEgODQgMTAgNDIgMDggMjEgRkMKRTIgN0MgNkIgQTAgODUgMTAgNDIgQjggMUQgOUQgNkIgNDEgMDggNzcgODYgMEYKOEQgQTUgQTUgMTcgNzUgMkMgQjUgMzUgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQkYgODYgOTcKMUMgRjcgNjggNTkgRUYgRDkgNTIgRTYgNTMgOTQgNTggNUUgMjkgNEYgNTEgRDIKQjIgMTAgODQgMTAgNDIgMDggMjEgN0MgMDcgM0YgM0EgRDMgMUEgNjIgMjEgODQKMTAgQUUgNDIgNjcgNTkgMTAgQzIgOUQgQTEgQjYgMDYgMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEKN0YgRTMgOTAgQTIgQ0EgMkUgN0YgN0EgRUEgNTggQTYgNjkgOEMgOTIgRUIgQkYKMEUgNDIgMDggMjEgODQgMTAgMUUgMEMgRDMgM0MgNDcgOTUgMkQgMzMgNjcgQzcKRDIgRjggMEEgMjEgODQgRDAgMUQgMTYgODQgRjAgMzggQTggQUQgNDEgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgRjggMzcgRjggRUMgOTIgNzQgMzggQzcgMkQgN0UgN0MgNDkgNkEgM0IKMDggNDIgMDggMjEgODQgMTAgNkUgQzEgOTQgODcgQTggQjIgNjUgRTYgRUMgNTgKMUEgNUYgMjEgODQgMTAgQkEgQzAgODIgMTAgMUUgMDcgRDMgMjkgNDcgOTUgMkQKQkQgQTggNjMgQTkgQUQgNDEgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgQzIgMkIgN0IgRjcgOTIgRTMgMjAgMEMgNDQgMDEgRjAgMkEKN0QgODQgOTggRUYgNzAgRkYgOEIgQ0QgMDIgMDEgMUUgODQgMjIgQzggMDQgMDIKQTEgMTYgNzkgNTIgRDcgQ0EgREUgRDggNTIgRUMgQzYgMTAgNDIgMDggMjEgODQKNzAgM0QgMzYgNTUgMEMgNzEgRjQgNTUgOUYgNEQgNjUgQUEgQkIgQzggNzIgRUIKMzQgMjEgODQgMTAgNDIgMDggRTEgREQgNTAgQjcgMEUgODQgMTAgQzIgRDMgQTIKNEQgMEEgNDIgRjggNkQgNTggQzUgMTAgNDcgRkYgQzkgM0MgRkIgOTIgQ0MgRTYKOTEgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgMjIgQTYgM0EgQjIgRUMgMzEgNzUgMjkgQjIgMUMgQjAgOEIgMjkKNzUgQkIgNDAgMDggMjEgM0MgMTEgQTYgQjYgOEUgMkMgRDcgREMgQzYgRjkgNTQKRjkgMTMgQzMgNkYgRTkgMzUgRDUgQUQgMTMgODcgMTAgNDIgMDggMjEgODQgNzcKNDMgN0QgM0EgMTAgNDIgMDggNEYgOEIgMzYgMjkgMDggRTEgNzUgNzEgNzYgMEMKQkEgNjYgRDkgRDkgQUYgRkMgN0IgN0EgQkIgNzkgMkUgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgN0IgNjEgRDkgNDUKOTYgM0QgQjYgNDUgOEMgQjEgRTYgOTggNzIgNTYgRDYgNEQgOEMgRTEgMUMgMTMKNDIgMDggRTEgRUUgNTggOTQgOTEgNjUgOEYgNjUgMTEgNDMgQkMgQjIgOTcgRUQKNTcgQ0UgRkEgNDMgNTMgRDMgQzYgOTQgRUUgMkUgNDIgMDggMjEgODQgMTAgQzIKNTcgNTAgM0YgMEUgODQgMTAgQzIgRDMgQTIgNEQgMEEgNDIgNzggNUQgOUMgQkQKRjggQjkgNjYgRDkgNzkgNjMgNTkgM0QgNjIgOEMgQUQgMjMgODcgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgN0YgQjYKODggM0UgMkYgNTMgMTMgNTMgRjQgNjMgNzggQjQgMzEgQTUgNEIgMUEgMTAgNDIKMDggNTcgRTAgQTUgREEgNDIgRjMgQkQgNkYgRTkgQjUgNkUgMkYgODcgNDIgMDgKMjEgODQgMTAgQzIgQjcgQTEgNEUgMUMgMDggMjEgODQgQTcgNDUgOUIgMTQgODQKRjAgQkEgRjggRTkgMTUgRUMgMTEgNTMgRUEgMTggODUgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgM0UgQzEgNTkgQjcgRTYKRTEgRTcgOUIgQkEgNDcgMjEgRkMgNjUgRUYgNUUgNzIgMjMgODQgODEgMjggMDAKNUUgQTUgOEYgMTAgRjMgRTcgRkUgMTcgQ0IgMjIgOTIgRTUgMTAgQTIgMTggMjUKODAgOTkgRDQgNjIgOUUgRDQgMjUgQ0QgODIgOEQgNUIgMDIgQjcgMEQgMjEgRkMKMEUgRkIgMTQgNDUgMzYgM0UgMTMgQkEgQkMgNDUgMEUgMTcgNkEgNDMgMDggMjEKODQgMTAgQzIgRUIgRjEgRUUgMUQgRUMgNjYgNzAgMjAgODQgMTAgNkEgNTIgMTAKQzIgMTcgNDQgMkIgMTggODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgRjAgMjkgOTggQzYgMzUgOEEgQUMgRjkgMjggNzkgNUUKRjkgNzUgRkMgQTcgRUIgRDcgMjggRjIgRTggRDMgNDEgMDggMjEgN0MgMjIgNEUKNDMgRTQgQTggNjkgMUYgOTcgOTUgQzUgMzQgQTggQzMgREIgMjEgODQgMTAgNDIKMDggNjEgMkIgNjggRUYgM0EgODQgMTAgQzIgNjYgNTEgOTMgODIgMTAgM0UgMTcKQUQgNjAgMTAgNDIgRjggOTcgQjggM0QgMzAgN0MgN0YgQjMgQ0EgRkUgMDIgQjgKQzUgRkQgQkYgM0IgOTkgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgN0YgQzYgQjQgRjQgNTEgNjQgQ0QgNDcgQzkgQ0IgQ0EgNzUgOEEKMUMgNDcgOUYgMEIgNDIgMDggNjEgRTMgOTggRTYgMzEgOEEgQUMgRTkgMEIgOTcKOTUgNEIgQzQgQzcgQ0YgQUQgQTAgMTAgNDIgMDggMjEgODQgQjAgNjUgQjQgNkIKMUQgNDIgMDggNjEgQjMgQTggNDkgNDEgMDggOUYgOEIgNTYgMzAgMDggMjEgRkMKMTkgRjcgQ0UgRkEgOUUgQkIgQzggNTEgQjMgRTIgRkQgQTYgMUMgQTcgQzggNjEKNjIgMTQgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgMEIKRTIgMzAgNDcgOTkgREIgREIgMzkgNEYgN0YgMTUgN0YgQTggREMgMEMgQTggMUUKN0UgNTggMDggMjEgODQgQjcgNjAgRDcgNDcgOTEgQUQgRjcgOUEgNEYgNUYgODQKNUQgNDggMEQgMjEgODQgMTAgNDIgMDggOUIgNDYgREIgRDEgMjEgODQgMTAgMzYKOEIgOUEgMTQgODQgRjAgQjkgNzggRTUgRDQgOTIgRTUgMEIgNDIgRjggNDQgOUMKODYgQzggNTEgQjMgQjggREQgNTUgRDYgNEUgODYgM0EgRkQgMTUgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNjEgNEIgOTggRDYgMTQgNDUgNkUKQUUgMzYgQUIgNzkgNDMgN0UgNUUgRDkgMEQgOTEgNjMgRUYgQTAgNDggMzMgMzgKMTAgNDIgNzggMkIgRjYgMjkgOEEgMzQgQzUgMDkgRTEgM0IgN0IgNzcgOTAgREIKMjAgMEMgNDQgMDEgRjQgMkEgNzMgODQgMTggMDIgMDkgRjcgQkYgNTggMTcgNTEKMkQgMjcgNEQgMjUgNTMgMDEgMzYgRTkgREIgN0MgNjkgREUgMEEgMzYgODMgODQKM0QgMzYgODQgMTAgNDIgMDggRTEgQUUgNjggNkEgMDYgNDIgMDggNjEgQjcgRTgKMjMgMDUgMjEgM0MgMDcgM0UgNUQgRjQgNzYgNzQgQjMgRDIgQkIgMjAgODQgOUQKNjMgNUEgOTYgMjggQjIgQTYgOTUgOUQgQjEgMkMgOTcgMzIgQUQgMjEgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgNkMgOEIgMkYgMzcgNjMKNzYgMzUgRDcgQjkgQ0MgOTEgNjMgRUQgN0IgNDEgMDggMjEgREMgMTAgQ0IgNDMKNkUgNkIgMUEgRjggNjEgQTUgOTUgNTYgMDggMjEgODQgMTAgNDIgRjggOTEgNjgKM0EgMDYgNDIgMDggNjEgQjcgRTggMjMgMDUgMjEgM0MgMDUgQTYgRUIgMTggNDUKRDYgNzQgOTggRkQgQ0EgOTcgODcgNTkgRkIgMkUgMTAgNDIgQjggMzkgQTYgMjkKNDUgOTEgMzUgQUQgRUMgRjMgNEEgMDMgOUUgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggOUIgNjAgOUEgNkYgMTEgMzkgOEYgREUgNzcgRjEKNUIgRjkgNkUgQ0UgRDQgQ0EgMjYgODQgMTAgNkUgOEYgNjkgOUMgQTIgQzggOUEKRTYgN0MgNTggNzkgQkYgNDQgOEUgQjUgRUYgMDUgMjEgODQgMTAgNDIgMDggRTEKODkgRDAgNTAgMEMgODQgMTAgQzIgNkUgRDEgNDcgMEEgNDIgNzggMEEgNkMgREIKQUMgNUUgQ0UgQzggMUQgODYgMzEgMjIgQTcgRjUgNEQgMDggNjEgN0IgN0MgREUKNzcgRDEgNzggQkMgQkQgQ0YgRDIgNUMgMjcgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgQzIgQkQgRjEgN0UgOEYgRUYgNjggN0MgRjkgNjYgOUEKMjMgQzcgNDMgODYgQ0IgMkQgMjIgQTcgRUQgMTkgMTAgNDIgNTggOEQgNjkgOEEKMjIgQkIgQkEgNkEgMzkgM0YgQzYgQkIgNDcgNUQgRkYgQTYgMTAgNDIgMDggMjEKODQgMTAgOUUgMDcgREIgNkUgMkMgMzcgMDUgMDMgMjEgODQgRDAgNDcgMEEgNDIKNzggNzYgNkMgREQgQUMgMkUgMTEgMzkgMUQgM0MgMDggMjEgRUMgMTUgQUYgQjcKMjggRjIgRTcgODggNjIgNEQgQzcgRkIgRTcgNjUgRTUgNDQgNjcgNUEgOTYgODgKOUMgQzYgM0MgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKQzYgMzAgQTYgMjggRjMgODEgRDcgQzggNTEgRjMgOUIgN0EgQkYgRDIgRjAgMjYKODQgMTAgRkUgMDEgQTcgMzkgNzIgRDQgMzQgREIgQzMgNEEgQzcgRDIgNDIgMDgKMjEgODQgMTAgQzIgMkYgRjYgRUUgMjAgQjcgNDEgMTggODggMDIgRTggNTUgRTYKMDggMzUgRDAgMDQgRUUgN0YgQjEgMkUgMTAgOTYgRDUgNTAgMDkgMzcgMTEgQjEKQzkgNUIgRTQgNEIgN0UgQkIgODAgNjQgNEIgRjYgOEMgRjkgNzAgN0MgNzcgNjEKQjkgMkUgMTggMDggMjEgODQgMTYgMjkgMDggNjEgREYgNjggQjIgODIgMTAgQzIKRkYgRTEgQUYgQTYgQzIgRDYgMkEgNDMgMkUgMzAgN0MgN0MgOTggRTkgNkIgOEEKMzIgNTcgNUMgNTIgMTQgNTkgRkIgMUUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgRjYgODIgRTkgNzYgOEYgQzggNzkgRjYgQzkgQTYgODYKNEQgMDggMjEgM0MgRDggNEQgN0YgMUYgNjIgOEIgQjYgRUUgQkMgRDUgODYgMDkKMjEgODQgMTAgNDIgMDggQTEgNEEgNzIgMDggMjEgODQgMUQgQTEgNDUgMEEgNDIKRDggMDUgOUEgQUMgMjAgODQgRjAgOTUgMzggMkUgNTEgRTQgOEEgNjkgMUEgQTMKQzggREQgMDkgRjAgRUYgOEYgMEIgOTcgRTUgMUMgNkQgNUQgMjEgREIgQzUgNzAKOUEgMjMgQzcgMkEgQzMgMzAgNDYgOTEgRDUgQUYgMTggNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggNjEgN0IgMzggQ0YgOTEgRTMgQzggRUUgRjEKNjkgNDMgM0QgOUIgMTAgQzIgNEIgRTEgREUgNDEgREIgMzggQzQgMTYgOEQgNzUKNjIgQUEgNDggODEgMTAgNDIgMDggMjEgODQgRjAgMTggMkEgMjYgODcgMTAgNDIKRDggMkMgNUEgQTQgMjAgODQgNUQgQTAgQzkgMEEgNDIgMDggNUIgQzcgMzEgNDUKOTEgQkEgM0IgNUYgM0IgN0MgM0MgMkYgMUUgRDIgNzcgNDQgQ0UgRkEgRjcgMDUKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgQkQgQjggQjcKQUYgM0UgNEMgOTEgRTMgQzggRUUgRjEgNjkgQzMgOUQgNkQgRUEgRTkgMUUgOTEKRDMgMTEgMkEgODQgQjAgMDEgRUMgQUEgMkIgQjMgQkMgQkUgRDUgQkMgMEEgMjEKODQgMTAgNDIgMDggNjEgMTUgQUEgMkEgODcgMTAgNDIgRDggMkMgNUEgQTQgMjAKODQgNUQgQTAgQzkgMEEgNDIgMDggMkYgOEUgMTUgNkQgOUUgM0IgQjggREMgNjIKOEIgMEYgNkQgRjMgNzQgQzMgMzkgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNUUgMEMgRDMgOTIgQTIgQzggMTUgRTcgNTggN0YgOEQgN0QgODUKNzMgMUEgQTMgQzggREEgN0YgMEEgMjEgODQgNEYgNjEgNTcgRUQgOTkgNzkgMUEKNzcgQTIgMDcgMjEgODQgMTAgNDIgMDggRTEgRjMgQTggQkMgMUMgNDIgMDggNjEKQjMgRjggQzMgREUgMUQgRTQgMzggMDggQzMgNTAgMDAgQkQgOEEgOEYgNDAgRTgKRDAgNzYgRUUgN0YgQjEgOTEgQTYgNkEgMTQgNTEgMTYgNDQgMTUgNkQgMkMgREUKQzYgNTIgREUgOEUgMkMgNkMgMDkgRjIgODkgMjEgMDUgMjEgNEMgODEgOUEgMTUKODQgMTAgQzIgNkUgOUMgMkYgRDEgRDQgRDMgNDYgM0IgREIgMkMgRTcgRTYgMjEKOUYgRUUgOEQgODUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKRjggNTUgMkMgRjcgNEIgMzQgNzUgQTggMkMgNjcgN0IgMzcgQTggQUIgRTIgMjAKODQgNDcgNjEgQUEgOTAgRTYgNkEgNzkgOUYgQTIgOTYgRUUgMDcgODcgMTAgNDIKMDggMjEgODQgMTAgM0EgNjQgMEUgMjEgODQgMzAgMEYgMUEgNTIgMTAgQzIgMTQKQTggNTkgNDEgMDggMjEgM0MgMTAgMDUgM0MgRkYgOTcgQ0IgMzUgNkEgNzkgQzgKNUMgOTYgODggNUEgRkIgMzcgMTYgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggRTEgQTcgNzAgRTQgMkMgQTcgOEIgMzggMjEgODQgNkYgNjEgRTYKOTAgNjYgRjMgODcgNTUgMUYgRTAgMjAgODQgMTAgNDIgMDggMjEgM0MgMEEgOUQKMzMgODcgMTAgNDIgMzggMkMgMUEgNTIgMTAgQzIgMTQgQTggNTkgNDEgMDggMjEKMUMgMDIgQ0YgOUEgRjEgRkMgOTkgQTIgMTYgM0YgNDggODcgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNUMgMzggNTQgQTggNzMgMjMgQzQgMzQKREQgMjIgNkEgRjUgQzIgMTkgNDIgOTggM0UgQUQgQjkgNkEgQjAgRTUgQjcgNDQKNTMgQkIgQjcgMDIgNDIgMDggMjEgODQgMTAgNDIgQjggMEYgOUQgMzYgODcgMTAKNDIgMzggMkMgMUEgNTIgMTAgQzIgMTQgQTggNTkgNDEgMDggMjEgNEMgODYgNUIKREYgOTQgQ0IgNTIgQTIgQUQgMEYgOUMgQTcgNjggRUEgMzMgMUQgMTkgQjUgRUMKMTkgNTUgODMgMkMgQ0IgRjUgMTYgNTEgQUIgODkgMDkgMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgQzkgNzAgNzUgNDUgRTYgOUUgMzcgQzMgQzcKMkQgMjUgM0QgMjEgM0MgMzUgNjYgQ0UgNkYgQkUgRjQgRDIgRDcgMjcgNzIgMDcKMzEgODQgMTAgNDIgMDggMjEgODQgMUYgNDUgMDcgRDEgMjEgODQgMTAgMEUgOEIKODYgMTQgODQgMzAgMDUgNkEgNTYgMTAgRkUgQjEgNzcgQzcgMzggMEEgQzMgNDAKMTQgNDAgQUYgMzIgNTcgNzAgQUMgMDggN0MgRkYgOEIgNkQgQzEgQjIgRjIgMjIKOEEgMjAgODQgOTkgODEgNTcgRTQgNEIgNzkgNUQgMUEgOEYgOTQgRjggQzcgMTAKQzIgQUYgQzIgMzYgNDYgNEMgNTkgQUIgRUYgRTkgMUMgNEYgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgMkMgOEMgRkYgREYgRTggNjYgN0IgNDEKQUQgRUYgMDkgRTEgMDcgNjIgRTkgMTYgRTcgM0UgNjIgQ0EgODcgOUYgMUQgNDIKMDggMjEgODQgMTAgNDIgQjggMDQgNkQgNDQgODcgMTAgNDIgOTggMTYgMEQgMjkKMDggNjEgMDkgQjQgNTggNDEgMDggMjEgODQgNUIgMUYgMzEgRTUgMDUgNUIgREYKNjMgQ0EgMEIgOUUgRTMgRjcgM0EgMzIgRTYgOTYgREQgQjYgRDMgMUUgRjEgOTcKOEYgM0YgM0UgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIKQjcgNjIgQUEgMzMgM0QgNTUgM0UgMjEgQUMgOEEgQkQgQzUgOTQgOEEgOUMgMTAKNDIgMDggMjEgODQgMTAgQzIgMzUgNjggMkYgM0EgODQgMTAgQzIgQjQgNjggNDgKNDEgMDggNEIgQTAgQzUgMEEgNDIgMDggMjEgM0MgOEUgRUQgREMgNjMgQ0EgNTQKOTUgNEYgNTMgMTUgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKNkIgNjMgRUUgOTMgM0QgQjUgM0UgMjEgQ0MgOEYgQTcgMkQgQUUgQTEgQ0IgMDkKMjEgODQgMTAgNDIgMDggMjEgNUMgODcgQjYgQTMgNDMgMDggMjEgNEMgOEIgODYKMTQgODQgQjAgMDQgNUEgQUMgMjAgODQgMTAgQzIgMjcgRjEgRTYgMUIgRjQgOTEKMDkgRjggQkEgNUIgQjMgMTUgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggM0YgMEYgREIgNjggMzEgNjUgQUEgREYgMEYgMkEgN0UgNDIgQjggMDIKN0IgOEIgMjkgRDUgMzkgMjEgODQgMTAgNDIgMDggMjEgODQgRDkgRDAgOEUgNzQKMDggMjEgODQgNjkgRDEgOTAgODIgMTAgOTYgNDAgOEIgMTUgODQgMTAgNDIgRjgKMkMgREUgRkIgQUQgN0EgREYgRTIgMUEgQUIgQkYgQUEgMUIgQUYgRjAgODcgQkQKQkIgQzkgNDEgMTAgODggQzEgMDAgN0EgOTUgMUUgNDEgMTggNTQgQkMgRkYgQzUKNUMgODkgMjMgNzEgMDEgMDkgN0YgODUgQjcgRjkgOTIgNzkgMkIgMzUgQTEgOEQKQTEgMDUgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgNDUgQjAKRTkgNEIgNTQgNjkgRjcgMTMgQzIgOTMgRTAgQ0YgRDUgQjEgRkYgQkQgQTcgNTkKNDcgMUIgOUQgMTAgNDIgMDggMjEgODQgMTAgNUUgMTYgMEQgQTUgNDMgMDggMjEKM0MgMkMgNkEgNTIgMTAgQzIgMTQgQTggNTggNDEgMDggMjEgODQgNkIgNjAgNTMKRUUgNTEgRTUgOTQgQjYgQjggRTAgRjEgRDEgQzUgMTAgNzMgM0YgMzkgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgRDQgNjggRjcgMTMgQzIKODMgNjIgRTYgRDcgNzEgREEgRTUgODQgMTAgNDIgMDggMjEgODQgMTAgMUEgNDcKODcgMTAgNDIgOTggMTEgMzUgMjkgMDggNjEgMEEgNTQgQUMgMjAgODQgMTAgQzIKMzUgNzAgMzQgM0YgMzMgQTUgMkQgQUUgNzcgMUMgMEQgMEMgQ0MgRkQgMkUgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNTMgQTMgOTUgNEYKMDggMzcgQzUgQjYgNDQgOTUgQjkgREUgQzIgMzkgM0EgMzYgNUQgODkgMkEgNjcKRkYgMTQgMTAgNDIgMDggMjEgODQgMTAgQzIgMEIgQTAgNTkgNzQgMDggMjEgODQKODcgNDUgNEQgMEEgNDIgOTggMDIgMTUgMkIgMDggMjEgODQgNzAgMTUgRUMgOUUKNTEgRTUgQkUgQTMgMzIgMUUgQTEgMEMgMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgRDAgQ0EgMjcgODQgQ0IgRTMgODkgMTYgMzkgNDcgOTcgN0YKNUIgNUUgRjEgNEQgNzcgOTcgMjAgODQgMTAgNDIgMDggMjEgODQgQTYgRDAgMjEKODQgMTAgNjYgNDIgNEQgMEEgNDIgOTggMDIgRjcgMkQgNTYgREQgMkQgODYgRjgKQjcgMDUgQTMgN0MgNDEgMDggMjEgM0MgMEYgRjYgN0QgN0MgNjIgRUIgNzkgMTgKRkYgMEUgMjAgODQgMTAgNDIgMDggREYgRUMgREQgNDEgQUUgODIgMzAgMTAgMDYKRTAgQUIgQ0MgMTEgMkMgODggM0MgRUUgN0YgQjEgQjcgMjAgNDIgNDUgMTYgMTIKQTMgMzAgRjggNkQgRkUgQTQgREYgNEEgNjggNkMgRDMgMzAgOTMgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgN0MgMDUgMTMgMzUgN0IgRDYgQUQgNzMgREEgRDAgRTAKMzcgRjAgQjEgOUIgMzggNzUgMEIgRTcgNzMgQUYgNzQgMTkgNEEgNTQgQjkgRjkKRTUgNDAgMDggMjEgODQgMTAgNDIgMDggN0YgMTUgRjcgMkQgNDQgNTcgMTcgMDcKMjEgODQgRDAgMjYgMDUgMjEgQ0MgOEUgQTUgRUQgQTIgQ0EgNTcgNTYgOTggQ0YKMEQgQ0IgQUQgOEYgMzkgQUQgNUQgMTAgNDIgMDggQ0YgODMgNEUgMDcgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggOTMgNjIgQTIgN0UgQ0YKRTEgMTYgNTMgNkMgN0QgNEMgRjggQTMgRDggOTYgQTggNzIgQzQgQkUgODkgN0IKNjQgNkEgRDggNUMgMEMgRkYgMkUgMzEgQzUgMjggNEQgRTkgNjIgQ0UgRUQgRUYKMEEgNDIgMDggMjEgODQgMTAgNDIgMDggNTUgQzQgNDEgMDggMjEgQ0MgODAgMzYKMjkgMDggNjEgMEEgNUMgN0MgODAgN0IgNjUgODUgRjkgREMgRDAgREEgMDUgMjEKODQgRjAgQUMgRTggNzQgMDAgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgRjAgNEMgOTggQTggRDMgNzMgRjEgNTMgQjcgM0UgMjkgM0MgMTUgMzYKNkQgNTQgOTkgRkEgQ0UgQ0QgQzUgQjAgNzQgNDMgQ0MgRTkgQkUgNUEgMDggMjEKODQgMTAgNDIgMDggRTEgOTcgNTAgNUQgMUMgODQgMTAgQzIgQzMgQTIgNEQgMEEKNDIgOTggMDMgQUYgN0QgNTQgQjkgRkIgOTcgMEIgQ0IgMTcgODQgMTAgQzIgQjMKQTIgMDMgMDIgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNzcgRjEgRDIgNDcgOTUKQUIgMjUgREMgQUIgQzcgNDAgRjggM0QgNUMgNEMgQzcgQ0EgQzQgMzkgOTUgNDMKMDggMjEgM0MgMzkgMUUgQjkgRTUgQjMgQjkgQzYgMTQgQUIgNzcgMzUgNkUgN0QKNTggOTggMDAgMUYgQTcgNzggRjcgOEEgODggNzcgODYgRDMgRkYgNDggMkYgMjcKODQgMTAgNDIgMDggMjEgODQgRjAgNjggQTggMzQgMEUgNDIgMDggRTEgNjEgRDEKMjYgMDUgMjEgQ0MgOEIgNTYgMzAgMDggMjEgODQgRjAgMTMgNjggODcgODUgMTAKNDIgMDggMjEgODQgMTAgNDIgQjggOEUgRUQgMTAgNTUgOEUgRDggMzcgNzEgOEYKNEMgNjUgRTcgMjkgODYgREQgMkQgQTYgMTggQTUgMjkgNUQgQ0MgQjkgN0QgMDYKRTEgM0YgN0IgNzcgOTcgQTMgMjAgMEMgODUgMDEgNzQgMkIgNzcgMDkgNTYgNTEKNzAgRkYgMUIgOUIgODcgODkgNTAgMDkgMzEgOTAgMTkgQTAgQUQgRTcgQzEgMkYKQjkgRTcgOEQgNDggNUEgMEEgRkQgODEgMTAgNDIgNTggMkEgOTYgQkMgREMgRjIKRDEgQzUgMTggNUIgQUYgMEIgOTYgODUgRjMgNDUgOTQgRjMgMjcgQUUgMzUgRjcKNDMgMjEgNjUgNEEgRDcgQzggRDIgQjMgMjIgODQgMTAgNDIgMDggMjEgODQgQjAKMEEgMzQgMkQgMEQgNDIgMDggNjEgQjEgQTggOTMgODIgMTAgRDYgOEIgRTcgQjYKNjAgREQgMjUgQzYgNTggM0EgRTUgNTMgOUIgMDYgMjEgODQgQjAgNEEgM0MgQjcKN0IgMzUgNDAgODAgMTAgNDIgMDggMjEgODQgMTAgQzIgMjIgQjAgQTEgOTkgRTcKMEQgOTQgREUgNDUgNDMgMDggMjEgRkMgMUUgNEMgOEYgM0UgQTYgM0MgRkEgMDUKQjUgRDcgRDcgQjUgNjMgN0EgM0UgMjMgQ0IgQUEgQ0YgQTAgNzQgRTggMjQgODQKMTAgNDIgMDggMjEgODQgQjAgMTkgMzQgMUIgMEQgNDIgMDggNjEgQjEgQTggOTMKODIgMTAgRDYgOEIgRTkgNzYgOEYgMkMgRDcgMzQgM0IgRkIgOTUgRUYgMUYgRjgKMzQgNjggMTAgNDIgMDggQUIgQzQgNkUgODggNTcgMUMgQkQgMDcgQjggQTEgMDEKODQgMTAgNDIgMDggMjEgODQgMTAgMUUgOEQgRUYgMEIgMjcgQUIgOUUgNzMgREUKN0MgOTkgMkUgNUQgNjQgRjkgNjkgQTYgRkQgQTUgOEYgMjkgOEQgQUYgMjEgODQKMTAgNTYgODkgQzMgMTAgQUYgMzggRkEgNEQgRjUgRTcgMzIgM0QgNTMgNjQgQjkKRjUgQkEgRTAgMkEgNkMgRjcgOTAgNzQgQ0IgMjQgMjEgODQgMTAgNDIgMDggMjEKODQgNkQgQTMgNjUgMjkgMTAgNDIgMDggOEIgNDUgOUQgMTQgODQgQjAgNUUgNEMKQzMgMkQgQjIgNUMgRDMgRUMgRUMgNTcgNkEgRDAgMjAgODQgMTAgRDYgODUgQTkKQkYgQzcgOTQgNjcgNkYgNDEgNjAgQzIgMDAgODQgMTAgNDIgMDggMjEgODQgMTAKRUUgODcgRUYgRjMgQ0YgMUQgMkUgRDkgNkEgOTkgRkYgQTcgNEIgNDcgMzIgMTkKNkUgNDMgMDggMjEgMkMgMDkgOTcgRjYgNzAgQjggNzYgMzEgQzYgOUEgQkUgNkYKQkYgMzIgM0QgNjIgMEMgQkIgMTMgRkMgMTUgMUIgM0EgRTggN0MgODggRjggRkQKRjkgQjQgMDEgMjEgODQgMTAgNDIgMDggMjEgRkMgNUEgQjQgRjYgMDQgNDIgMDgKNjEgQjEgQTggOTMgODIgMTAgNTYgOEMgNUQgMUYgNTkgOUUgQkUgRjkgQjkgMzYKMEQgNDIgMDggNjEgQjkgNzggQkQgNDUgOTYgQTcgNzcgOUEgQjMgRjIgOUEgRUUKMzEgRTUgRjYgQUIgODMgMTAgNDIgMDggMjEgODQgMTAgNDIgRDggREMgRkMgNzMKRTUgN0YgOTUgRjkgMEQgNjAgMTggMEUgMjEgODQgQjAgMUMgMkMgNkEgMTMgQkYKQUMgOUMgMkYgRDUgNUMgN0EgQ0EgNzIgQUMgNjQgRTkgMUYgMUQgMzYgOTUgRjkKNjEgQTYgMUUgOTYgN0UgRDggQkIgODMgREMgNTYgNjEgMjAgMDAgQTAgNTcgOTkKMjMgQzQgMDkgMjUgQ0QgRkQgMkYgRjYgNTcgODAgQjEgNTAgNkIgN0UgOTMgNjAKOTMgQjcgMTkgNjkgOUUgNTQgQjUgQTQgMTEgMzYgNzggRUMgODEgMTAgNDIgMDgKMjEgODQgMTAgNDIgM0IgNEQgMjAgODQgMTAgNzYgODEgMDYgMjkgMDggRTEgQzkKRDAgNkQgMEQgNDIgMDggMjEgMkMgQ0EgNDggNUEgQUIgNDMgRjggQkUgQzQgMUMKRjYgNUUgMUEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgRjMgOTUgQTAgNEIgREYKOTMgMEUgOTcgOTggODIgRTMgODkgMjAgODQgMTAgMzYgODQgMjkgNUQgNjMgODkKNkQgQ0QgNjEgQzYgMjEgRTYgQjAgRjcgQkEgQkEgQzYgQTIgRUIgNzQgRDcgNTMKQ0QgQjkgQzkgQTMgOUQgQUQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggMkIgQUEKQzEgODYgMTAgNDIgRDggMkMgMUEgQTQgMjAgODQgMjcgNDMgQjcgMzUgMDggMjEKODQgQTcgQzUgREIgMjMgRjIgNTggRUUgMjUgQUMgMUEgQUEgOEUgNEEgQUYgOTcKN0IgMkMgRDEgMTAgMDkgMjEgODQgMTAgNDIgMDggMjEgODQgMTUgQjggQUUgQ0QKRUUgQkEgRUMgNUMgREEgNDIgQkEgQjEgRkYgNzEgQjggQzcgMTIgM0QgQUQgNDMKMDggMjEgN0MgM0QgQUUgODcgOUUgQzYgNUIgNTcgRjcgQkQgRjIgQkIgQjUgQTAKNzAgQkYgQzYgMTQgM0EgOUUgNDkgMTYgRkIgMTkgRDMgNzggOEYgMjUgRjYgRjYKNkYgODIgMTAgNDIgMDggMjEgODQgMTAgQzIgMjMgQjAgQzUgNDIgRUIgQUQgRDIKQjIgRjQgRjUgODggMkMgNkUgRkUgMzggRkMgMkIgQUUgM0YgNjQgOTUgN0UgMTAKQzIgQzMgQjEgQzUgNDEgQUEgRkEgOEYgODcgQTcgQzIgRjUgNDkgQzIgRUYgOUUKOUMgMTQgQkYgNjggRUIgREMgQzIgREQgNTcgMDQgMEYgQzIgNzQgRkIgOEEgMkMKRDYgREMgOEIgOUUgOTggN0UgRUMgMzkgOUYgMTAgNDIgMDggNUYgOEQgQkQgNkMKNjYgRDQgQzAgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggRjcgRTEgQkEgRkUgQkMKRjEgNTIgRkYgMUYgMkIgQ0MgQ0IgMEUgNEQgQkIgNUYgRDQgQzMgMzUgM0UgQzYKOTggNDIgRDMgNUYgODMgMkMgMkQgQkYgQkQgNUEgNDkgNDIgMDggMjEgM0MgMDYKQjcgN0EgNjEgQTcgMzEgQTYgRDAgRDYgQzAgOUEgMUUgMjkgOTYgRDggNkUgQ0YKQzEgN0MgMUQgQkMgRTYgQkEgREEgNEMgOEIgNDkgOTcgQjYgOEYgMTAgNDIgMDgKMjEgODQgMTAgNDIgRjggNDQgNEMgOTcgNUIgNjQgQjEgRTYgMzEgRUQgODkgRTkKNkQgOEMgMjkgQjQgRjUgRTAgREYgNDUgOUEgQkYgRDggREYgQkIgOTYgNTEgQkYKMzUgQzMgNjIgMDEgODQgMUYgOEUgNzYgMkYgN0UgMjggMUUgQkEgNTUgQjAgOUQKNzMgRkYgQUUgNDMgQ0MgNjEgOUEgMzggMEQgOTEgQzUgQkQgOTcgQjYgMDMgMEQKQ0EgMTUgOTggQkUgNkYgQjEgQzQgNzcgQ0YgNjMgRTcgRDQgOUEgMDUgODQgMTAKQzIgRkYgQzMgRTIgMjQgODQgOUEgRTEgRTYgQTggNzQgMkUgMzcgMzUgMjcgODEKMTAgNDIgMDggMjEgODQgMTAgQzIgREYgRjEgNDQgRkIgMEQgOEIgREEgRkUgREQKMUYgMDUgQUMgQzEgNzUgMkYgQUEgQUUgNUIgNkQgRTYgNEQgMUUgQkQgNDMgODAKMTAgNDIgNzggMDggMTYgMkIgQzggQzUgMEMgQTcgNjYgMzggN0IgNUQgOUEgOTcKMUYgQjQgRDAgMEQgQjkgQTMgNDUgOEEgOUYgQTYgQUMgNjUgNzEgODUgNzMgQTcKMjEgODQgMTAgNDIgMDggMjEgODQgRkYgRDggQkIgOUIgREMgODYgNDEgMjAgMEMKQTAgNTcgRTEgMDggNzUgOUQgMUYgRTcgRkUgMTcgRUIgMkEgODkgQjEgQUMgRDYKMzQgODkgNjEgRjAgREIgMjAgN0QgNkYgNTMgQTUgNzUgOEEgMDUgMzMgNzAgNjAKQ0MgOTcgRjQgOEIgRUIgRkYgRjMgMTMgMDggNDMgMkYgNTYgOEIgRkIgQzQgRDkKRTMgRjEgQTYgMjMgMkIgREQgMDggMDkgNjEgOTMgNTggQjkgQUYgMzAgNkIgN0UKMkYgOUYgREQgRTAgMDYgNkMgQTcgODkgQUYgRkIgQjggNzUgRUEgRUMgNkYgNDIKQ0MgNzcgNDMgRUEgRUUgREQgRDggNTMgODAgMTAgNDIgNTggOEEgNTEgQUUgMTgKMzAgQzcgNDEgMDggMjEgODQgMTAgNDIgMDggNjEgMjkgNDYgQjkgQkEgNjUgNTkKMzggN0QgQjkgQTYgRTcgMTggNkQgQjkgQjggM0IgNUMgMTYgRTQgMkYgQkIgMDYKOUEgN0UgQjQgNzQgMDUgNDIgMDggMjEgNkMgMEQgODcgRUIgMzkgQ0QgQzYgMkQKRjMgRDcgNkUgNzEgMzggOEQgRTkgMzkgN0UgRjIgQkMgODUgOEUgMEUgQTkgRjAKRTIgMEEgMjEgODQgMTAgNDIgMDggNjEgNjAgQ0MgRUIgOTYgRDUgRjAgQkYgODgKQTcgMjkgREQgODcgQkQgMEIgQTcgNDUgRjEgMkQgNzEgQkUgMzQgNjEgMDcgMDEKQzIgOEYgNjIgREQgMjYgM0UgNTEgNkMgM0MgQzYgOUQgOEYgQTYgMjkgREQgODcKQkQgREYgMDYgNUQgRkEgMDkgMjEgODQgNzAgRjUgMzAgQTIgNTggRjUgOTMgM0EKRTYgMjAgODQgMTAgNDIgMDggMjEgODQgQjAgQjQgRjAgMzggQ0EgODEgNzIgMEEKOEYgRkIgQzAgQ0UgN0IgRUIgQUEgNUUgMjQgMDQgMjEgODQgRjAgODAgOTggREYKMEUgNTAgRjkgNUQgNkUgOUYgMkIgRjYgQzIgRUMgNTYgQUMgNkUgQkUgOEYgNDMKOUEgOEQgQTUgOUYgMUQgNDIgMDggMjEgODQgMTAgNDIgQjggMTMgNDYgNUUgNDgKMTcgNDUgNzEgNEIgQjQgQkMgMEYgRTEgMjcgNTAgOEYgOUIgMjggNkUgOEYgMjEKNjYgQTIgQkEgNUYgNkEgMEQgNkUgMTAgNDIgNzggNDAgNUMgM0QgNTcgNzYgQjgKQTQgRkIgRDAgRDYgOTEgQUEgOEYgNTIgNDYgQkQgNkMgMTAgNDIgMDggMjEgODQKMTAgNDIgRjggM0YgMEMgNTMgMEYgRkMgNzUgNEEgQjMgNTEgM0QgRjAgNTEgNzAKNTEgMzcgQjIgNzYgRUYgNEMgQUMgODYgMzggNkQgOTggMTAgNDIgMDggRjcgQzYKN0MgMDcgQkMgQjUgNkIgRDQgNkUgOTcgRjQgMTggNEEgM0YgREEgQTIgNDcgN0UKQ0IgOEYgQUIgMTUgNkQgNUUgNDAgMDggMjEgODQgMTAgNDIgRDggMTkgNDYgNTkKNTcgMTcgNDUgRjEgRjUgOTggOTcgNTMgMTYgRkYgQkIgODAgMTAgNTYgRUYgODgKMTEgQzUgRDAgQjEgQzEgNjkgQTggRUUgMzcgNUEgOEYgMUIgODQgMTAgRjYgODMKRjkgMkUgNzYgODMgNDcgQjkgRkUgMUUgQzcgRUYgRjQgMTggNjIgNUQgQzYgMEEKMjEgODQgMTAgNDIgMDggMjEgODQgRUQgNjAgQTAgMzIgRTAgQzcgOTEgMjYgN0EKRDkgRTAgMTYgMUMgNkUgNDMgOUEgOEQgOEIgQTcgNjggQ0IgMjMgQjcgNUIgMEMKNzEgRjggMUUgODQgMTAgQzIgQ0UgRjEgN0IgNEMgQjMgQjEgQjUgOTMgRUUgODYKNjkgNEMgQjMgNzEgRjUgODMgMzQgN0UgNUQgQzIgMzAgOUUgRDMgNzMgMkMgRkYKMDMgNDEgMDggMjEgODQgMTAgNDIgMDggMUIgQzMgNDAgNEIgRUIgQTIgMjggQkUKM0QgQUEgQTUgODcgRjAgNzUgQUMgREIgMTEgMjMgOEEgQTEgNjMgODMgRDMgNTAKREQgNkYgNzQgODMgQkYgMTAgMDggMjEgODQgN0YgRTIgNkEgQ0IgRjYgNjkgNEEKRjcgQTEgQUQgQ0EgQUUgMUYgRjYgRUUgMkUgMzkgNDEgMTggMDggMDAgRjAgNTUKNzIgMDQgMjIgRjUgQTcgRjcgQkYgNTggOUYgNTQgNDIgQTkgODUgMTEgOTMgMDUKQkUgOTcgOUQgRDkgRUYgQTEgNTYgNDcgNUMgMEQgQkIgODkgNEEgMDQgMjEgODQKMTAgNDIgMDggMjEgODQgMTUgMzAgRUMgQTYgQjIgOEYgMjkgMjQgNDcgNUMgQzEKNzUgQjEgNkMgOEYgMEYgRDcgQkQgMUYgN0YgRkYgM0QgMDggMjEgODQgMDcgQzQKRDEgNDkgQTkgNzMgNEEgRDggRTcgRDIgREYgMjcgQjQgOUUgQkEgOUMgMDYgNzEKQ0UgMUYgQTkgOTYgREEgOUYgMDEgNDIgMDggMjEgODQgMTAgQzIgN0QgNjMgM0UKRTcgRjQgOEMgQjEgN0UgOEYgNDggQTUgRDIgNEYgQTcgMEUgNjcgODcgRjAgN0QKNkMgM0IgMTEgMjMgOTUgNkUgM0EgMEQgNTggODYgREEgNUUgRDEgMjYgMEIgMjAKODQgMzAgMEUgRUUgNjkgNzIgQ0QgQ0QgNUYgMDggMjEgODQgMTAgNDIgMDggMjEKNUMgMTcgMjMgRUYgMjIgNkIgOEEgMEQgMzYgQzcgRjEgMDUgMzIgRUUgOUMgNkYKM0MgRjggNjkgMUQgMUUgNDIgMDggNjEgMDggMkMgQ0YgMTUgOEQgNTYgMkUgRkIKNEIgQkEgODcgQzYgODMgRUEgQkUgREMgNDIgMDggMjEgODQgMTAgNDIgNzggNDAKMkMgMzcgRDQgNkEgQkMgMjUgODggMzQgN0UgM0EgRkUgRTUgOTggNEYgQTkgODgKMTMgQ0IgQzIgRkIgQzUgMkUgMEQgNjIgRjAgQ0QgRTggM0UgOTcgNkEgOEYgODQKNzAgNzUgNkMgM0IgNjIgMjMgMEQgOTggQkUgNTEgN0MgMjcgNEEgRDUgNTcgOTcKRUUgNjEgRDYgQTMgNkYgMzEgOEQgNUYgOUIgREEgNUUgRTYgRUUgRTAgNDMgMDgKRTEgOUEgRDggNUQgNTMgMTEgMjcgODYgQjggRjcgMzQgMUYgRjcgNTcgQ0QgMEQKM0IgQkQgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgNUIgQzQgQjAgQzcgQzAgNjkKMkEgODYgOTEgQjEgN0MgN0YgRDYgNUUgNzggMkYgRDIgRjIgNUUgQ0MgRDQgMkMKODMgQ0IgMDcgNDIgMDggNjEgMUIgRDQgMjkgNkEgNkUgMEUgNDIgMDggMjEgODQKMTAgNDIgRjggN0EgRkIgOTEgRkUgOTQgMUUgNjEgQ0UgNEYgMEMgRTkgRTYgRDIKNEIgOUYgMUUgNjEgRjEgMTAgNTkgNzkgMjYgN0IgRDggMzYgRjUgODggNTggQkUKNEEgOEIgNUYgRjkgRjcgRjAgRkIgOTIgRUUgQTEgRjEgQTAgOUYgNDUgMDkgMDgKRUIgNjAgREIgNjkgMUQgRTkgRkMgRjQgOEQgNTkgQjkgRjUgRjEgOTQgQ0YgRTkKMTkgMTcgQkYgRUIgMTYgRTAgRDQgMDMgRTUgRkUgOUMgMDYgNzEgRTkgM0YgM0YKMUYgNkIgRDYgQzQgOEQgNTYgQkQgQjYgMUYgMjAgQzYgRkQgMjAgODQgRjAgN0YKM0MgRjUgNjkgMTAgODMgMzcgNUIgN0UgMkUgQkQgNzUgRTkgMTEgNkEgN0YgOTkKODEgMTAgNDIgMDggMjEgODQgMTAgQzIgNUQgNjMgRTQgNDMgRjEgQ0EgOTUgRTQKQzUgNEYgMEQgQzIgMDYgMTggQkIgMkQgNjcgMkIgNzcgMkUgMjAgODQgMTAgMUUKMTAgNkYgQjcgNzQgMEYgRkIgRDkgQTggRjAgNjUgM0EgREUgMzMgNzkgRTkgMkIKMDYgMjEgODQgMTAgNDIgMDggMjEgM0MgMDIgOEUgMTYgRjAgQTMgOUQgNDIgQkUKODkgNzQgRDggNzUgQjYgQjQgMEIgM0QgNzcgN0QgN0EgQzYgREEgM0IgRDUgNjgKQjEgODYgQUYgOUIgNDggRjMgMzkgQTcgNjcgQUMgM0QgQjcgNjggRTAgMTQgQzIKRTYgRDggNzYgMEUgRTggOUEgRDMgM0QgNTQgRkYgRkMgODEgMzMgNTAgOEYgN0QKMkMgQUMgNTYgQzcgNzcgNTcgOUQgREIgN0UgRDAgRjkgMzYgMEUgMjEgODQgNDMKQ0MgRDcgNzMgMUEgQzQgRTMgOUMgNUMgRkYgN0IgMTUgMkUgN0YgRTcgRjQgOEMKMUIgQUIgQUQgMTAgNDIgMDggMjEgODQgMTAgNDIgQjggNDUgMkMgNTcgM0UgNkIKREYgQjUgRkYgNkIgNzMgQjkgMUQgMkMgQzAgQzIgMUYgRjYgRUUgMjUgQjcgNDEKMTggMDggMDAgRTggNTUgRTYgMDggMTAgOTIgMTIgRUUgN0YgQjEgQUEgNTIgNDkKRUMgMzQgQUEgQTAgRTUgNjMgRjAgNUIgNjQgQTQgNzkgM0IgMjIgNjEgODMgOTkKQjEgRTEgODggQUYgMEQgQkMgNTMgRUUgODUgRjUgNTIgODcgMUUgNDIgMDggMjEKMkMgMTQgRjMgMDcgQkYgN0EgNEEgNzkgREIgREIgMTAgNDkgOUMgRkQgQkYgNDEKMDggMjEgODQgMTAgNDIgMDggQUIgQzUgNkUgODggMjQgQkUgNUIgRjAgOUYgN0YKNzAgMUUgOUMgODIgRjkgOUYgQkMgNUUgNzMgODEgMzIgNkYgMDggMjEgODQgQzUKQTIgNDkgMEEgNDIgNTggMDMgMUEgRUIgMjAgODQgNzAgNzUgQ0MgOEIgRDYgREUKOUQgMzcgQkQgRjMgMTEgMDMgOUIgQTUgRTkgRjkgOTggNEEgNjcgMjEgODQgMTAKNDIgMDggMjEgODQgQjAgMUMgREMgNzcgOTEgMzAgNEYgNUYgNkIgMTUgRTYgNUUKMEIgODQgMjUgNjMgN0IgRUYgRTIgMTkgNzcgNkUgNzAgRDYgRUUgMDEgMjEgODQKRjAgMjggNTggRDQgQzMgRUEgODIgNjkgMUYgREYgM0YgNUYgNEMgMjAgODQgMTAKNDIgMDggMjEgODQgMTAgMTYgRkIgNUUgQUMgRDIgMUIgNDIgMDggQTEgNDkgMEEKNDIgNTggMzkgMUEgRUIgMjAgODQgRjAgOEYgRDggRjQgRjEgOEMgQkYgMzUgNTQKNzYgOTcgMTggNDMgMkQgMkQgOTYgODYgNzcgMDggMjEgODQgMTAgNDIgMDggMjEKM0MgMTYgRjYgOTcgMTggQzMgRDYgQUYgQUUgNEUgQjcgODQgMTUgNjEgQkUgM0QKNTcgNjkgMEIgNDcgMEUgQzEgODQgMTAgNDIgNTggMjYgOTYgQkMgNzEgQzEgN0YKRDIgQjYgODkgNDcgNzggRjcgRTEgQzkgQ0MgMEIgMjEgODQgMTAgNDIgMDggMjEKODQgNTAgQTUgMzcgODQgMTAgQzIgRDIgRDEgMjQgMDUgMjEgQUMgMDEgOEQgNzUKMTAgNDIgOTggNjIgREIgREYgMjIgOEIgNUYgNzggQkQgQzcgMjMgNEMgMTkgREMKQ0UgOTcgREUgOUIgMTggODMgMDIgMDAgMDggMjEgODQgMTAgNDIgMDggMjEgM0MKMjYgNjYgRUYgNzEgNUIgMkYgMDMgRkUgNTggMTUgNkMgMjIgODkgQjMgQUYgMDUKQzIgNTMgNjAgM0IgMEMgOTEgQzQgQjEgREIgMzEgMUUgNjEgQ0EgREQgQjQgNUUKOUEgQUYgOTIgQ0QgQkUgM0EgMDggMjEgODQgNzAgMTkgMkMgN0IgRTMgODIgMDUKNTMgN0IgMjAgNDAgMDggMjEgODQgMTAgNDIgMDggMjEgNTQgRTMgMEQgMjEgODQKRjAgNDAgNjggOTIgODIgMTAgRDYgODAgQzYgM0EgMDggNjEgMEQgQTggOTUgNTIKMkIgMjUgODQgMTAgNDIgMDggMjEgODQgMTAgNTYgOEUgMUYgRDcgMTggQzMgREUKOUQgNUMgRDcgMkUgOTIgMzggRjcgNDIgMjAgM0MgMzEgQjYgREQgMkQgOTIgMzgKRTUgODYgNUEgMkYgQjUgN0EgMEYgMjEgODQgQjAgNTggRkMgNjQgRUYgOEUgNzIKMTQgODQgODEgMDAgODAgNUUgNjUgOEUgQjAgMjAgMkEgREUgRkYgNjIgRkIgQjEKMjAgNjUgOTcgMTggNzAgMTEgMEEgN0QgMUYgNEMgRDIgOTcgOTggMDAgNEEgMUIKQzYgNEUgNUIgREQgRUUgMzEgQzQgQUQgRkYgRTAgREUgQUMgMzkgQkUgNEMgNjMKMzEgODQgMTAgNDIgMDggMjEgODQgMTAgOTYgODggRTYgNzggNDMgMDggMjEgQ0MKMTYgMEQgNTIgMTAgQzIgMTIgNTAgNUYgMDcgMjEgM0MgMkUgMkEgQTUgNTQgNEEKMDkgMjEgODQgMTAgNDIgMDggMjEgODQgNzAgRTYgRjYgNzkgOEIgNUUgMkQgNTcKNkMgQjYgRDEgMUQgREQgMDkgRDcgOTcgMTggQTIgOEEgNEIgMDggMDcgQUMgREEKNEIgMjQgNzEgQ0UgRjMgRjUgQjkgQTYgRDQgM0QgODQgMTAgQzIgN0MgQjEgOTgKQkQgMkYgMEQgQzcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQ0QgRjEgODYgMTAKNDIgOTggMkQgMUEgQTQgMjAgODQgMjUgQTAgQkUgMEUgNDIgQjggMTEgNTYgRDcKNDggRTIgOEIgRDUgRkIgRUYgNzUgMjQgMjEgOUQgOUYgNTkgNEEgMTEgNjUgREQKQzQgMzMgQkMgRDggMDQgNjQgN0MgNEIgOTcgN0YgMjMgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggNEYgOEEgRTMgQjcgQzggREQgNEIgQjcgQkUgMjIgODkgNEIgQUYKMDUgQzIgRTIgMzAgQjMgNDIgMTIgMzkgN0MgMDggMjEgODQgQzcgQzIgQjMgNkUKODIgNjkgNDQgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgNjggQkUgMzcgODQgMTAKQzIgNkMgRDEgMjAgMDUgMjEgMkMgMDEgRjUgNzUgMTAgMUUgMDkgQTcgMzYgODYKQTggQUUgOEYgNDggRTIgRTQgQzMgQjUgMzEgREUgOUEgNzggODYgMzkgNUQgNDEKNjkgQ0QgQkYgRjcgQTcgQkUgNTQgOTEgQzQgQzUgM0YgMEMgMDggMjEgODQgMTAKNDIgMDggMjEgODQgQzUgRTMgQkUgNTkgQkUgNzEgRjMgNzcgQjIgNjIgRTkgQjUKNDAgMDggNzcgN0YgQTggQTUgRUUgMjEgODQgMTAgMUUgMEMgMzMgNUIgQzEgNjAKQzUgQTYgRjUgNEMgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNEEgMTcgNDMgMDgKMjEgQ0MgMTYgMEQgNTIgMTAgQzIgMTIgNTAgNUYgMDcgRTEgMzIgMUMgRUYgMzYKRjggQjkgRTIgQzcgQTYgOEQgM0UgOTQgQjIgRTEgRTMgMjEgOUEgN0EgMkQgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgOUIgRTEgQkUgODkgQkIgMzYgQkEgQzMgQUEKNDEgMTAgQUUgODUgRkIgM0UgRDQgRjIgNUEgMTAgNDIgMDggNEYgODAgRDUgRTMKMTEgNDkgRUMgRUIgMkUgQTMgMEYgRUYgQUMgMDggREEgQzQgQ0YgRjEgQ0UgNjcKRkYgRDMgNEMgNEYgN0IgQUEgODAgRDQgNjAgMEQgMjEgODQgMTAgQzIgNkYgRjYKRUUgMjggMzcgNDEgMjAgMDggMDMgRjAgNTUgRTYgMDggMkUgOEIgQTIgRjcgQkYKNTggOTMgMUEgNjUgREIgQUUgMDYgNTIgMTEgNjQgQkYgOTcgM0YgOTkgMkYgN0QKQTggMDYgNTggMUQgNTkgMDYgNDIgMDggRTEgQ0UgNTEgQzcgMTggNDIgMDggRTEKNjYgRDEgMjIgMDUgMjEgNkMgMDEgNUQgRUIgMjAgN0MgNzQgNEYgRTAgRDAgQzUKMkQgM0UgRjggMDkgQjcgQ0EgMjcgRTUgRTUgMTQgNjMgRDQgMkUgNEEgRDUgMEQKQjMgQjUgOUYgRUMgNEQgRTUgODAgMTAgNDIgMDggMjEgODQgMTAgNDIgMzggMUIKRDcgRUUgQ0IgOTkgODkgMDMgRTEgMjIgQjggRjYgQTkgQUQgRTUgMEUgMjEgODQKNzAgQTcgOTggMkYgNTEgRTQgMTUgNTMgOUYgQTMgQzggRUEgNkEgRjggRUMgMkYKODcgMUMgNDUgNEUgNTkgNkEgOTcgMkIgRDMgNzAgOEMgMzEgRTcgQkYgM0YgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggM0YgMEEgNzUgOTIgMjEgODQgMTAgNkUgMTYKMkQgNTIgMTAgQzIgMTYgRDAgQjUgMEUgMzYgODcgNUQgOEUgMjIgQUYgOTggQkIKQjggODUgOEQgOTMgQ0EgRDkgOEYgMEIgNEUgODcgM0UgQzYgQkMgRTEgMzkgNDcKOTEgRDUgQzMgNkYgRjYgRDEgMEIgMjEgODQgMTAgNDIgMDggMjEgODQgRjAgQTMKNzAgQzUgMjcgMzUgNjkgQkIgNDEgQjggMTAgQUUgREIgNTEgRUYgMEYgNzEgMEYKNzMgQUMgMjAgODQgMTAgQzIgMkEgNTYgOTcgQzggOTcgMEMgQjIgRkMgNEYgRTkKRjMgMzkgODQgMTAgNDIgMDggMjEgODQgMTAgMzYgODUgRUIgNzYgOTIgN0QgMDkKODUgMTAgNDIgNjggOTEgODIgMTAgMzYgOEUgQUUgNzUgNzAgQ0YgRjggNzMgQTAKQTQgN0QgOTEgQ0EgRUQgOTQgN0YgOEYgQzMgNTMgMUYgRjcgMzAgMTkgMTMgNDIKMDggMjEgODQgMTAgNDIgMDggQjcgODIgODcgMjEgQzYgN0MgNzcgRUIgNEMgMjcKMEQgQzIgRjcgNjAgQ0EgQzcgMjggNzIgQ0EgRjkgQjggNUMgOTkgNEUgNDMgOEMKRTkgNEMgODcgMTAgNDIgMDggRUIgNTggMUIgQTcgM0UgNjkgQTkgN0QgNjEgNjkKOTggM0IgODQgMTAgNDIgMDggMjEgODQgMTAgMzYgODUgNkUgQjcgODYgMTAgNDIKQjggNTkgQjQgNDggNDEgMDggNUIgNDAgRDcgM0EgQjggNjMgNEMgQTkgOEIgMzEKRUQgNzYgNTQgRUUgQkYgOUMgM0EgQzggRDIgM0UgNEEgMDggMjEgODQgMTAgNDIKMDggMjEgRkMgQzYgRDQgRTcgMjggNzIgQ0EgMzcgQUYgRTUgQ0EgNUYgRkYgQ0MKREMgRDcgMDIgMjEgN0MgODQgRTkgOUMgNjMgQ0MgQjUgQ0YgNzQgMkQgNzEgMDgKMjEgODQgNzAgMzIgQUUgRkIgOEMgODIgRjIgMzcgMTcgMzMgOUEgMjEgODQgMTAKNDIgMDggMjEgODQgNzAgREYgRTggNTYgNkEgMDggRTEgMTcgN0IgRjcgOTYgOUIKMzAgMEMgNDQgMDEgNzQgMkIgQjMgMDQgOUMgRjAgNDggRjcgQkYgQjEgNEEgNEQKNDkgNUMgMTQgMjEgNDcgMjUgMjQgRDggRTcgODMgMkIgQ0QgRjkgMkEgMjggNzgKNTQgMUIgREIgMTAgMUUgMTYgMzUgMjkgMDggNjEgMEIgNjggQUMgODMgOTUgNjAKRDcgNDcgOTYgMjMgMEUgRjEgRkIgMkEgNzkgMUEgOTUgNEEgRTUgMEIgMzYgNDgKOTYgRTMgRDIgNTYgQ0EgMkUgNUQgNjIgQ0UgRjUgRTMgMDAgODQgMTAgNDIgMDgKMjEgODQgMTAgMUUgNjYgRDYgNkIgOUUgOTQgNTggOTggQjggQjAgNkYgMTEgQzIKRDcgRTEgRDIgMTYgODMgQkUgOEIgN0IgQkMgRkIgQjggMzMgMzMgREUgMTAgNDIKMDggNjEgMzkgQTYgQUYgMTQgNTkgOTYgQjQgREEgRUQgNEEgRDcgMkIgNDMgMDgKMjEgODQgMTAgNDIgMDggNjEgQUQgQjggRUYgODIgOTEgNDkgNjMgMDggMjEgODQKOUEgMTQgODQgQjAgNzEgMzQgRDYgQzEgM0EgRjAgNTAgMkIgOUIgNEEgQTUgQjIKQTQgQ0MgN0YgNDMgQjggN0EgODcgRTMgRTkgMTYgNzMgNkEgMUYgMTAgNDIgMDgKMjEgODQgMTAgMzYgODQgN0IgQ0YgNjUgOUQgMjIgQ0IgQjUgN0YgM0MgODQgRjAKRkYgQjggRUYgMjAgNzAgM0UgQzUgMTQgRUUgNjYgODIgMTAgNDIgMDggRDcgOUUKMkQgOTAgMUYgOUMgNTggRDIgNzkgNUYgNTggNkEgRTIgMTAgNDIgMDggMjEgODQKMTAgNDIgNTggMjUgRUUgM0IgNjMgRUMgMjcgRDAgMTAgNDIgMDggMzUgMjkgMDgKNjEgRTMgNjggQUMgODMgOTUgRTAgOUYgMEQgNEEgRUYgN0UgOTIgMkIgMjggQjcKQjggMkMgRUYgRDYgQzUgMTQgQkIgQUYgMzUgMkIgOUIgMkEgMkYgRDcgOTggQzIKMkQgOEQgMTAgNDIgMDggMjEgODQgMTAgNTYgODkgNjYgQjQgMjAgNkMgMUMgRjcKMUQgMDQgMUUgQ0EgNzQgQkIgQzQgOUMgQUIgREYgMEIgODQgMTAgNDIgRDggMTQKMUUgQUIgODkgQkIgM0YgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggM0YgMUYgRjcKRkQgNEYgRDMgOUEgMTEgODQgMTAgNDIgNEQgMEEgNDIgRDggMzggMUEgRUIgNjAKMjUgQjggNzQgOUMgRTkgNzkgODggMjkgNEEgMUUgQzggMEEgQ0EgNzQgOEQgMjkKNDYgQjkgOUUgNjMgOEUgMjcgRDcgM0EgNzQgN0QgNjQgQjkgRkEgRjMgREYgMDIKRkIgMTQgNTkgOEUgOTggODYgM0UgQjIgNUMgQkIgNTMgNzIgRTkgQkQgRTcgQTcKRTMgMTYgN0QgQzggQ0EgQTYgQ0EgRkMgM0IgRTUgOTYgNDYgMDggMjEgODQgMTAKNDIgMDggM0YgMUQgQ0QgODMgNDEgRDggMzggQTYgRkUgMTIgNTkgOTYgN0MgNzMKQjcgMkIgOEQgMDkgMTAgNDIgMDggNjEgMzkgM0UgMkMgMEYgOTUgQjQgREEgRUQKNEEgNEQgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggMkIgNDAgNkIgNDYgMTAgNDIKMDggMEYgOEIgOUEgMTQgODQgQjAgMDUgMzQgRDYgQzEgOUEgQjEgRUIgMjMgQ0IKQTMgNUQgRjMgMzcgQzQgRkQgRjUgNTMgQTYgRDQgNDUgOTYgQ0YgNzYgRTQgOUQKRkIgQzggNzMgQzQgNkYgRjYgRUUgMjAgNTcgNDEgMTggMDggMDMgRjAgNTUgRTYKMEEgQzAgNTMgNUUgRUYgN0YgMzEgMTcgMjYgRDggNjggMTcgMjUgMTAgNTIgREEKNkYgMzMgQzkgN0MgNEIgNDkgM0EgQjYgRkEgRDMgMzQgNDUgNTYgREYgMzggMkYKMjkgQjIgQkEgRkIgMDMgODQgMzUgMzggM0QgRTIgNTMgQ0IgN0YgOEQgMTMgQkEKRDQgMTYgREIgRkMgOTkgQkEgMEIgMTIgNDIgMDggMjEgODQgMTAgQzIgMUIgQTEKRjMgMzQgMDggMDcgNDcgNzkgMEEgMDggMjEgODQgRjAgQUUgNTggN0EgMzkgRUEKMzIgQzcgNTYgNkEgODYgRUYgODkgQUQgMzkgMEUgMjEgODQgMTAgNDIgMDggMjEKODQgMUQgQTAgOUYgOEQgMjAgODQgMTAgMzYgOEIgODYgMTQgODQgNzAgMDQgQjQKRDYgQzEgRTEgQjAgMTQgMTUgOUMgOUUgNkIgNjQgNzUgN0YgOEEgRUQgMjIgOTQKOTkgODIgQTcgNjEgNzUgOUMgNzMgOUQgNjMgMkIgQTUgOUIgNDMgRjMgOTAgRUYKMjggQjcgQTkgREUgQTIgNzUgM0QgMjUgODQgMTAgNDIgMDggMjEgODQgRUQgQTMKNzMgMzkgMDggNDcgNDcgRDEgMEMgMDggMjEgODQgQjAgMkYgRjQgMEQgMUYgNDIKMDggMjEgODQgMTAgNDIgMDggRTEgNDEgQjQgQjUgODQgMTAgNDIgRDggMkMgMUEKNTIgMTAgQzIgMTEgRDAgNUEgMDcgMjEgODQgRjAgNjIgOUMgNTIgOEEgQUMgMTYKNkYgNTAgMkQgMDYgM0YgREQgQ0UgNzkgNEQgMkIgQTEgMDkgMjEgODQgMTAgNDIKMDggNjEgNTMgRTggRjggMEUgNDIgNjggNjUgODAgMTAgNDIgMDggM0IgNDMgQTMKMUMgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgNDEgQjQgQjUgODQgMTAgNDIgRDgKMkMgMUEgNTIgMTAgQzIgMTEgRDAgNUEgMDcgMjEgODQgQjAgNUIgQUMgQkUgREMKRjMgNkIgMUUgMDkgN0UgRDYgQjcgQkYgRTEgQ0QgRTkgOTEgMjIgQUIgQkIgOUYKMUEgODQgMTAgNDIgMDggMjEgODQgQjAgMEUgMUQgRUIgNDEgMDggQUQgMEMgMTAKNDIgMDggNjEgNjcgNjggOTQgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgODgKRUIgMUMgNUIgQTkgRDkgMEMgOUUgRDggREEgNTcgNDIgMDggMjEgNzQgRjggMDkKMjEgMUMgMUMgQUQgNzUgMTAgNDIgMDggRTEgNTEgM0MgOUEgMDYgQUQgQzUgRjQKOEMgQUQgRDQgQ0MgRDkgNUIgQjQgN0YgRkYgQjEgOTUgQjcgQ0MgNEIgOEEgNEYKMTUgRjMgODQgMTAgQkUgRDggQkIgODMgNUMgMDUgNjEgMjggMEEgQTAgNUIgNzkKNEIgQTAgODAgMjIgRkIgREYgRDggMUYgMTAgQTEgRjIgMUQgNDAgOEMgMkQgRTAKMTkgNzggOTMgOUUgMzggRDAgQzkgNkIgNzkgMTQgMEEgMjEgODQgMTAgQzIgN0QKQTggREQgMDcgMjEgNTQgMTkgMjAgODQgMTAgQzIgOEIgQTEgQTkgMUMgNDIgMDgKMjEgODQgMTAgNDIgMDggRTEgMEUgNkMgODYgNTggQjIgRjQgNTUgQTQgOEIgNEEKMDggMjEgODQgREIgNTEgRTcgMTMgNDIgRjggMEIgQTggRDYgNDEgMDggMjEgODQKRTcgQzYgQjYgOEIgMkMgMjcgNEMgQjcgMTQgNTkgNEUgRDggQjUgRjEgOEMgRDIKMkYgNEYgRkIgNjQgRjggRTYgRDEgQ0UgN0UgODggMjUgQUQgMUYgMjAgODQgMTAKNDIgMDggMjEgRDQgRkEgODMgMTAgRUUgNDAgOTUgMDEgNDIgMDggMjEgM0MgMzUKRDYgOUQgQ0EgRkIgMjYgRTYgRDAgQjEgODcgMTAgNDIgMDggMjEgODQgMTAgQzIKODMgNjMgRUEgQkIgQzggNzIgQ0IgNzUgREYgRjcgODYgQUIgMUYgQjMgRjcgQkYKNDAgMDggMjEgQkMgMzYgRDYgNkQgN0IgQkEgODMgMDkgMjEgMkMgODMgNkEgMUQKODQgMTAgNDIgRjggMjMgOTggQzYgMzEgRjIgOUMgQkUgRDkgQzcgMUMgNUIgRTYKRUUgODMgMEMgRDMgQTMgOEIgMjUgRjUgRjQgMjAgODQgMTAgNDIgMDggMjEgRDQKRkQgODMgMTAgRUUgNDAgOTUgMDEgNDIgMDggMjEgM0MgMzUgQTYgRUUgMTYgNTkKNkUgOTkgN0YgQkYgMzcgNEMgRjcgMjEgOTYgMzQgQjMgNDMgMDggMjEgODQgMTAKNDIgMDggRTEgODEgQjAgNkUgMkIgRjggMTEgRjMgRTcgRkYgMzkgMDUgQjYgN0IKNDEgMDggMjEgQ0MgMzEgODYgMzYgOUUgNTEgRkEgOTAgMUEgRjcgMkUgMjEgODQKNjUgQjAgRUUgRTIgNUMgQUQgODMgMTAgNDIgMDggMkIgNjMgMzcgNDYgOTYgNkYKRjcgN0UgQUMgNUEgNkEgNUIgQTYgRjggNjIgQzMgNzQgOEYgMzkgMjYgNjkgOUIKMjEgOTYgQjQgQkEgODAgMTAgNDIgMDggMjEgODQgNTAgMEYgMTAgNDIgNzggQzQKQ0EgRTAgMDAgMkYgMDggMjEgODQgRjAgMTMgN0MgN0QgQzkgNjEgRUQgNTMgNTQKMkMgRjggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgQTggNTggQjcgMEYgOUMgREEKMjYgQjIgREMgRkIgRTMgMjEgODQgMTAgNUUgMUMgNUYgQjYgRkIgOTYgOUUgQTQKMzQgMzkgMjEgODQgNTUgQjAgRjYgRkEgNUMgQUQgODMgMTAgNDIgMDggQ0YgODEKQUIgM0QgMjEgMUUgRUQgODQgMTAgNDIgMDggMjEgODQgRjAgNDQgRjggQzcgREUKQkQgMjMgMzcgMDggMDMgMDEgMDAgQkQgQ0EgMUUgQzEgMDIgOUMgODQgRkIgNUYKMkMgOTUgNkQgODUgQTEgMTAgRTEgMjMgMDEgQUYgRDkgMTkgQkQgMEEgMEEgQUYKNjQgODkgNUQgRDkgMDMgODQgMTAgQkEgQzAgMEIgNDIgMDggMjEgQkMgMEUgQ0UKQjUgM0UgRTggQkIgNzggODUgRTMgREIgRDQgRkIgMjggMTcgNDIgMDggMjEgODQKMTAgNDIgMDggMUIgNDUgMjcgNDQgMTAgNDIgMDggOUIgQzUgMzQgRjQgRjEgODkKQjUgNUIgRDUgRkQgNzkgMTggQjcgNDUgNDMgMDggRjcgNDIgRUIgNzMgMDggMjEKODQgMTAgRkUgMUIgNjcgNEIgM0IgRjMgMjIgQ0EgOTIgRjUgQzAgNjEgNDMgRDUKOUQgMTAgNDIgMDggMjEgODQgRjAgQ0UgNjggMUIgMTAgNDIgNTggRjggQkYgN0UKRDEgQUYgN0IgQzMgQTEgNDQgMDEgMjEgODQgMTAgQUUgQzQgQkEgMkQgMUEgQkEKMjEgREUgQzEgNDUgREIgMTAgNDIgMDggMjEgODQgMTAgNDIgRDggMEUgM0EgMjEKODIgMTAgNDIgRDggMkMgRDYgOUQgQTQgMjYgMTcgRDkgNzQgNUQgMUYgOUYgQTgKOTAgMTMgNDIgQjggMTcgRDYgNEQgN0QgRDYgRTcgMTAgNDIgMDggRTEgMDUgQjEKNEYgOTEgQzUgRUEgOUQgQzAgNTUgNzcgNDIgMDggMjEgODQgMTAgNDIgNjggMUIKMTAgNDIgNzggOTIgQ0IgQkMgRTQgMEEgMDggMjEgODQgNzAgMTUgQTYgMzEgNDUKMTYgNEIgRTYgREYgRkQgODYgRTkgRkIgMTkgOUYgQjggRjggNUQgMjAgODQgMTAKNDIgMDggMjEgODQgMTAgNkUgODIgNEUgODggMjAgODQgMTAgMzYgOEIgQjUgMjcKQTkgNDcgNjQgNzEgRTkgQzMgNDMgMDggRTEgMUEgRkMgMUEgRTIgMUQgNEEgNTIKRDYgODYgNDMgNEIgNzQgMDggMjEgODQgRjAgMjYgMzggRjkgODAgNjQgRDIgRDAKQTYgNjQgRDkgNzAgRDggNzAgNzggQzQgM0IgRTggMUMgMEUgMjEgODQgMTAgNDIKMDggQUYgODEgQjUgNEYgNDAgRUMgMDEgNDIgNzggMUEgOTQgMkUgMjAgODQgMTAKQzIgNzMgRTMgRUMgNkUgRjYgMTAgQUYgRTAgN0IgMDAgMDggMjEgODQgMTAgNDIKMDggMjEgQkMgMjMgREEgRjggODUgMTAgNDIgRDggMkMgOUEgQTQgMjAgODQgNzcKQzAgMzQgOEUgOTEgQzUgOTIgMDQgQjUgREYgNTAgRUEgODMgMTAgNDIgMDggRUYKOEMgRTkgQTcgOEYgMkMgQjYgNUMgRTAgOTkgOUUgNjMgNjQgNzEgRTkgOUIgNDIKMDggMjEgODQgMTAgNDIgNTggMUQgOUQgODAgNDAgMDggMEIgQjEgNkUgQkEgRDAKNjEgMDkgQzIgNUYgRjYgRUUgMjAgNDcgNjEgMTggMDYgMDAgRTAgNTcgRkMgMDQKRDIgQjIgNDUgRkMgRkYgNjMgQUIgQkQgRDAgODIgRjYgOTAgNDIgQTkgMTMgNjUKMkUgOTYgMzIgMjcgMzggMzQgNEUgRTIgQzYgODUgMTAgQzIgQzMgRjEgQjkgQkQKN0MgNTUgNDYgM0UgNzAgNjggMkYgMDAgMjEgODQgMTAgNDIgMDggMjEgODQgMkQKNjAgRUUgQzEgQUYgQkQgMjEgODQgMTAgNDIgNDkgMEEgNDIgMzggMzggOTYgRUIKMUMgOUIgNTggMzMgNDEgN0QgNkYgNjggRUEgODMgMTAgNDIgMDggNjEgNDcgNzcKM0MgQ0IgMTIgOUIgRjAgMjcgRDMgRTUgMTYgNkIgQjQgOTggODEgMTAgNDIgMDgKMjEgODQgNEQgQTMgMjIgMDggODQgQjAgMTIgQ0IgRkMgMTMgOUIgNTggRjMgOEMKN0YgNkYgNTggOTYgNUIgQUMgRDEgRUMgMDEgMjEgODQgMTAgRUUgQzYgREMgOEQKODAgNUUgMEQgMTAgNDIgMDggMjEgODQgMTAgNDIgOTggOEUgQjkgMUIgNDMgMTUKMjIgMDggMjEgODQgOTIgMTQgODQgNzAgNzAgQ0MgOUQgRUIgN0MgRTUgMEEgNDIKMDggMjEgODQgNkYgQTAgMEIgOUUgMTAgNDIgMDggMjEgODQgMTAgN0UgOEUgQjkKMDcgODMgOEEgMjAgMTAgNzYgODQgQ0YgREIgNzAgM0QgMjEgMjEgODQgMTAgQzIKQkUgNTEgOTcgMDYgMDggMjEgODQgMTAgNDIgMDggMjEgMUMgMTkgOTUgODcgMjAKODQgMTAgMzYgOEIgQ0IgMzUgMUUgQTEgMjYgQUQgMUMgMzggOTQgQTEgMjAgODQKRTcgNjAgRUUgNkEgRkMgRTUgQjYgQzUgMzQgOTcgRDggQzQgQkQgRkYgMDUgNDIKMDggMjEgODQgMjMgRTMgNEIgM0IgODggOUEgQTUgQzggNjkgNDMgM0QgQzYgMjEKODQgMTAgNDIgMDggNjEgODMgOTggN0IgMzAgQTggMDggMDIgNjEgNEYgRjggREYKMUUgNzYgOUUgRTIgMTEgNkEgOUUgRkEgMDMgODcgMjYgMTAgMDggMjEgODQgRjAKNDMgRDQgQTIgMDEgNDIgMDggMjEgODQgMTAgNDIgMDggNDcgNDYgMTUgMjIgMDgKMjEgODQgMkQgNjAgQjkgREYgNjMgOEQgQzkgMkYgRkQgNEEgNEYgMTAgQzIgNzMKMzAgN0IgMjkgN0UgODkgNEQgREMgRkIgRTMgMjEgODQgMTAgNDIgMDggMUIgN0YKQjMgRDQgODcgQzggMjEgODQgMTAgNDIgMDggNjEgRTMgOTggN0QgM0MgQTggMTQKMDIgNjEgREYgNjggMEUgODEgMTAgNDIgMDggRkIgQzYgQzYgNEUgRDQgMjUgNzcKRjggQ0IgREUgQkQgMjQgMzEgMDggQzIgMDAgMDAgQkQgMEEgNDcgMjggQTUgREYKRkIgNUYgQUMgQkIgOTYgNzEgQkEgQzAgNTEgMEMgRUEgREIgNjQgODYgQjcgNkEKMzcgNDkgNDAgMzQgMTAgNDIgMDggMjEgODQgMTAgQzIgOEQgRDEgMTkgMkYgODQKMTAgQzIgMTEgMzAgREYgNEEgRkEgNDUgREYgOUQgODMgMTAgOUUgMDIgQjUgRTIKMTAgNDIgMDggMjEgM0MgM0MgRTYgNzcgNEUgNTUgOUMgQ0MgMDcgNkYgNjkgNUEKRkEgMkQgOEQgRUMgODQgMTAgNDIgMDggMjEgODQgQjEgRTggNzggMTAgNDIgQjgKMDQgRTUgMTAgMDggMjEgODQgRjAgNzggQTggQkUgNDMgMDggMjEgODQgMTAgNDIKMDggRTEgQTkgRDAgMzYgMTAgNDIgMDggRTEgMDggMTggNUIgOEYgOEMgNkIgODEKMTAgODYgNjAgNkMgRUEgRDMgOEEgNDMgMDggMjEgODQgMzAgMEEgRjMgQUIgQTQKMkEgMEUgRjUgQTYgNjcgN0UgM0MgRDMgMkYgRUEgOTEgMjAgODQgMTAgNDIgMDgKNjEgNUYgNzQgNDIgMDggMjEgNUMgODIgNzIgMDggODQgMTAgNDIgNzggM0MgNTQKREYgMjEgODQgMTAgNDIgMDggMjEgODQgRjAgNTQgNjggMUIgMDggMjEgODQgNzAKMDQgOEMgQUQgNDcgOTMgRkIgQzMgRDcgOTIgNTMgMTUgRTcgRkUgMTcgMDggMjEKNkMgQzQgRDggRDQgQTcgMTUgODcgMTAgNDIgMDggRTEgNTAgMzggRjkgQzAgNEUKNEIgM0YgRDMgNkYgQTkgNTMgODIgMTAgNDIgMDggMjEgODQgNUIgNjIgRUMgMzkKQTEgMjkgRjYgMTAgRUUgMUEgNjMgMTMgODggRUQgMzMgODQgMTAgNDIgRDggMDMKRDUgNzcgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgMTUgREEgMDYgNDIgMDggMjEKMUMgMDEgQTMgRUIgRDEgMjUgNTUgNzEgRUUgOEYgODcgMTAgQzIgMjUgMTggOUQKMDAgMzUgRTQgMTAgNDIgMDggMjEgMUMgMDkgRkYgREQgMjEgMkYgRDcgRjQgMEQKMkQgMUQgQ0UgOEEgNEIgQkIgNDUgMDggMjEgODQgMTAgNDIgQjggMjUgRTYgNzIKNEYgNTUgNkMgNjkgNTkgRkIgMkQgOEQgQjMgODcgNzAgNDcgMTggRkIgQTAgQzEKMUIgRTIgMTAgNDIgMDggRTEgRUEgMTggNUIgREMgREQgMjIgODAgMTAgNDIgMDgKMjEgRkMgQjAgNzcgMkYgMzkgMDggQzIgNDAgMDAgNDAgQUYgRDIgMjMgNTAgQzQKQTggRjcgQkYgOTggM0IgNjAgNjEgNEMgQzUgMDIgMkQgRjMgMzYgOTMgRjQgRUQKRDggQ0MgQTcgOTkgMDYgMDggMjEgM0MgMTggOEQgODEgMTAgNDIgMDggNUIgNDAKRjUgMDggNDIgMTggMTYgMjUgNDAgMDggMjEgODQgMTAgQzIgOTYgNTcgREMgQzcKMjkgQ0QgQzEgOTIgMkEgODQgMTAgNDIgMDggMjEgREMgMTUgRjMgRjMgOTYgNTYKQjEgQTQgNUYgREQgRUYgRTggRTYgMTAgQzIgOEUgRjAgREMgQzEgRDkgREIgNzAKMDggMjEgODQgQjAgMkUgNUEgMjEgODAgMTAgNDIgMDggMjEgODQgMTAgQzIgNTAKNjggMEMgODQgMTAgNDIgRDggMDIgQUEgNDcgMTAgQzIgQjAgMjggMDEgNDIgMDgKMjEgODQgMTAgN0UgQzcgRkMgQ0EgNjkgMTUgNEIgOUEgOUMgRkQgOEUgRjkgNzEKNEYgNEIgRkMgRjkgNUIgMjAgODQgMTAgNDIgMDggMjEgRUMgRTcgMkYgRjYgNkUKMEUgMjEgRUMgMDYgM0QgMEMgODcgMTAgNDIgMDggQUYgODQgNTYgMDggMjAgODQKMTAgNDIgMDggMjEgODQgMzAgMTQgMUEgMDMgMjEgODQgMTAgQjYgODAgRUEgMTEKODQgMzAgMkMgNEEgODAgMTAgNDIgMDggMjEgODQgMUIgNTYgREMgRDcgM0YgRDMKMkMgNjkgN0IgMkEgMUUgNzUgNTAgMTAgNDIgMDggMjEgODQgRjAgNDggNzQgN0YKMDggMjEgMkMgNDUgMkYgQzQgMjEgODQgMTAgQzIgNkIgQTEgNTkgMDAgNDIgMDgKMjEgODQgMTAgNDIgMDggNDMgQTEgMzEgMTAgNDIgMDggNjEgMEIgQTggMUUgNDEKMDggQzMgQTIgMDQgMDggMjEgODQgMTAgNDIgQjggMDEgRjMgMzggQTQgMjUgMTYKNzUgM0UgMTUgOEYgRDMgOTAgRTYgRjAgNjkgOTMgNTYgNUIgMDUgMjEgODQgMTAKNDIgMDggQUIgQTEgRkIgNDMgMDggRTEgM0YgMjggODcgNDAgMDggMjEgODQgNUQKQTMgNTIgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgQTEgRDAgMTggMDggREYgRUMKREMgMzkgMTIgQzIgMzAgMEMgMDUgRDAgQUIgRTggMEEgQ0UgQ0UgRkQgMkYgNDYKMDEgMTMgNUMgNTAgMjQgMjEgOEIgODMgNUYgODEgNjYgRkMgMkEgRDIgRTggNEIKQzkgOEMgMjEgODQgQjAgMDQgOTQgNDcgMTAgQzIgNkEgNTEgMDMgODQgMTAgNDIKMDggMjEgREMgODAgQTkgRUQgMjMgQUIgNEIgMjYgOUYgRTMgOEUgNjkgMTggRTMKNTMgQ0QgNTQgMTAgNDIgMDggMjEgODQgNzAgMzcgRjQgRjIgMTAgNDIgRjggMEIKRUEgMjEgMTAgNDIgMDggRTEgQUQgNTEgOTQgNDMgMDggMjEgODQgMTAgNDIgMDgKNjEgNTUgNjggMEQgODQgMTAgNDIgNTggMDIgQ0EgMjMgMDggNjEgQjUgQTggMDEKNDIgMDggMjEgODQgMTAgNkUgQzAgMzQgQjUgOTEgRDUgMjUgOTMgQ0YgNzEgNDcKMzMgMTUgODQgMTAgNDIgMDggMjEgM0MgMDggQUYgQkQgREIgNjQgRTggNjIgMkUKNkIgRkYgMzkgODQgRjAgNzIgRjQgRjUgMDEgNDIgMDggMjEgQkMgMzUgOEEgNzIKMDggMjEgODQgMTAgNDIgMDggMjEgQUMgMEEgQUQgODEgMTAgNDIgMDggNEIgNDAKNzkgMDQgMjEgQUMgMTYgMzUgNDAgMDggMjEgODQgMTAgQzIgMkQgRDggOEQgOTEKRDUgMTcgQjYgNEQgQ0MgNjUgQzkgMkMgQjQgRTMgRDEgNTggMDUgMjEgODQgMTAKNDIgMDggMEYgQzIgQTIgRUUgMzYgNjkgREEgMTQgNTkgNUQgRkIgMkMgMTAgQzIKMzMgRDEgRDcgMDcgMDggMjEgODQgRjAgRDYgMjggQ0EgMjEgODQgMTAgNDIgMDgKMjEgODQgQjAgMkEgQjQgMDYgNDIgMDggMjEgMkMgMDEgRTUgMTEgODQgQjAgNUEKRDQgMDAgMjEgODQgMTAgNDIgMDggRjcgNDIgOTMgMTUgODQgMTAgNDIgMDggMjEKRkMgNEYgRkMgNzYgQkQgQzkgMTQgRUYgREYgOTIgNjEgNzUgQzcgNjMgRUEgMUYKOTEgRDUgRDUgQ0YgMDIgMjEgM0MgMTEgQUQgQzkgMTAgNDIgMDggRTEgQUQgNTEKOTQgNDMgMDggMjEgODQgMTAgNDIgMDggNjEgNTUgNjggMEQgODQgMTAgNDIgNTgKMDIgQ0EgMjMgRjggNjQgREYgOEUgNzEgMTAgMDQgODIgMjggODAgNUUgNjUgOEUKMDAgMEEgMDEgRUUgN0YgMzEgMEIgQTIgNkUgNjEgODEgNzEgOTEgREQgQ0MgNkIKMjYgRjEgQzUgODYgODQgQ0MgRkYgNTMgMDAgNjEgNUEgQjQgMDAgMjEgODQgMTAKNDIgMDggNkIgQTEgNjYgMDUgMjEgODQgMTAgNDIgMDggRjMgRTAgQkEgQzYgNzMKRkMgRkQgMzMgNEYgRDUgMTcgQzIgN0UgRDAgQTUgMEMgMjEgODQgMTAgNzYgOEQKQTIgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggNTMgQTEgMzMgMTAgNDIgMDggNjEKMEIgMjggOEYgMjAgODQgNjkgRDEgMDIgODQgMTAgNDIgMDggMjEgQUMgODUgOUEKMTUgODQgMTAgNDIgMDggMjEgQ0MgODMgREEgMkYgODQgRjAgMjAgNUEgMTcgMTAKNDIgMDggNjEgRDcgMjggQ0EgMjEgODQgMTAgNDIgMDggMjEgODQgMzAgMTUgM0EKMDMgMjEgODQgMTAgQjYgODAgRjIgMDggNDIgOTggMTYgMkQgNDAgMDggMjEgODQKMTAgQzIgNUEgQTggNTkgNDEgMDggMjEgODQgMTAgQzIgM0MgNzggNkQgRkIgOUQKODYgNzggOEQgNUQgNkUgRDMgMTIgRUYgQTkgMEYgNDMgRDggMEEgNUUgQkIgMkIKNUMgQ0EgMTAgNDIgMDggRTEgOEYgMjggQ0EgMjEgODQgMTAgNDIgMDggMjEgODQKMzAgMTUgM0EgMDMgMjEgODQgMTAgQjYgODAgRjIgMDggNDIgOTggMTYgMkQgNDAKMDggMjEgODQgMTAgQzIgNUEgQTggNTkgNDEgMDggMjEgODQgMTAgQzIgM0MgMzgKREUgRTcgMjggRTYgOTEgQ0EgN0EgREUgQ0YgNzEgREUgQTIgOTggREYgM0UgMEIKODQgRjAgMjQgNzQgMjYgNDMgMDggMjEgODQgNUQgQTMgMjggODcgMTAgNDIgMDgKMjEgODQgMTAgQzIgNTQgRTggMEMgODQgNEQgRTMgQjAgNDQgMzEgNzcgMUMgQjcKMzEgOEEgRjkgRTkgOUYgREUgMjUgMDggRkIgNDMgNzkgMDQgMjEgNEMgOEIgMTYKMjAgODQgRjAgQzEgREUgREQgRTQgMkEgMDggNDMgNjEgMDAgREQgQ0EgNUQgQzIKQUIgMDggQ0EgRkUgMzcgRjYgMDYgNDQgRTAgMTkgMDcgODUgMDcgMTQgRUMgMTkKRjggMjUgRjcgOEMgMzQgMjEgRkQgOTUgMTYgNDIgMDggRTEgNTYgRDggNzYgMzEKNDYgQ0UgNTggNjggQzMgRDIgQjAgMEEgNDIgMDggMjEgODQgMTAgMUUgODkgRTkKRDkgQzQgMkMgNzMgODYgQUMgRkIgOTUgQUUgRjUgODQgRjAgODQgNjggRUIgMDEKNDIgMDggMjEgQkMgMzQgRUEgQ0EgMjEgODQgMTAgNDIgMDggMjEgODQgQjAgMkEKMzQgMEQgODQgMDUgQjAgRTkgNjMgOTYgMDMgM0UgNkUgMzEgNDYgQ0UgQzMgMzMKMkIgM0YgRkYgNzkgRUYgOTYgREEgOTggNzIgRjkgOTcgODQgMTAgRUUgODMgRkEKMUQgMDggNjEgQjUgQTggMDEgODQgMTAgNDIgMDggMjEgNUMgODEgNkYgQzcgN0MKRTUgOEMgN0MgRjYgMkIgOEQgQTkgMjAgODQgMTAgNDIgMDggRTEgQTEgRjggRTkKMUQgQzkgRTYgMTYgQUYgNTggQjMgQTkgQkEgNjEgRTkgRDYgNEUgMDggOEIgQTMKN0QgMDcgMDggMjEgODQgRjAgRDIgQTggMkIgODcgMTAgNDIgMDggMjEgODQgMTAKQzIgQUEgRDAgMzQgMTAgMUUgOEYgREQgM0QgQzYgQzggNzkgNEUgMTYgOTUgMEUKODAgODUgRjAgODQgQTggQUYgODEgMTAgNTYgOEIgMUEgNDAgMDggMjEgODQgMTAKQzIgMTUgOTggN0UgRUUgMzEgRTUgRjYgQ0IgNDcgOEIgNEEgNjMgMkEgMDggMjEKODQgMTAgNDIgNTggMUMgNTMgRjcgODggMjkgOEYgNUUgNjYgQjQgMUIgMEIgRTEKQTkgRDAgQkUgMDMgODQgMTAgNDIgNzggNjkgRDQgOTUgNDMgMDggMjEgODQgMTAKNDIgMDggNjEgNTUgNjggMUEgMDggNzcgQzUgRDQgRjcgMzEgQ0IgOUMgQTcgNjIKQzMgMzIgM0QgREEgOTggNzIgRjEgOTcgODcgMTAgRkUgMUYgRjUgMzIgMTAgQzIKNkEgNTEgMDMgMDggMjEgODQgMTAgNDIgQjggMDYgRUYgRjEgOEEgRDIgNkYgNkIKQkEgNDUgMDggNDIgMDggMjEgODQgMTAgMTYgQzcgOTMgREYgQkMgRjkgRTcgNjUKNTIgOEIgOTAgMTAgRUUgOEIgMzYgMUQgMjAgODQgMTAgQzIgNEIgQTMgQUUgMUMKNDIgMDggMjEgODQgMTAgNDIgMDggQUIgQzIgQjIgRDMgNDAgMjcgNzAgN0UgMEYKMzYgN0QgQ0MgNzIgQzAgQjYgOEIgMzEgNzIgOUUgODcgMEQgNEIgMkIgMEMgMTAKMTYgQzcgNUQgQUYgRDMgRDUgMDIgNDAgMDggNEYgOEIgNjUgNDcgRDcgMUEgNDAKMDggMjEgODQgMTAgOUUgMUYgQ0IgMUUgRUQgRjUgNTYgM0UgNjMgRkMgMEMgMEIKNUMgMjkgNjYgQjkgRjQgQTcgNDEgRjggQ0IgREUgQkQgRTQgMjYgMEMgMDMgMDEKMDAgQkQgQ0EgMUMgMDEgMTMgNTIgRTAgRkUgMTcgRUIgQTIgMkEgNzEgQTMgNDgKQzUgQ0EgNjcgREMgRTYgNkQgNDYgRjIgMTMgMTIgODkgOTAgOEQgM0YgNjMgMUIKNDIgMDggMjEgODQgNzAgMjcgRUMgRUEgOTIgNEQgOTMgOTAgMTAgMUUgODkgRjcKNkIgN0MgODcgQTMgMzcgNjggQUIgRUMgMTAgNDIgMDggRTEgNEEgOTQgM0MgMDAKMjEgODQgMTAgNDIgMDggMjEgODQgQTcgQzIgREMgNjEgQTAgREIgMEYgRkYgMDcKMjYgRUUgQzMgMzIgQjEgMDAgNjEgMjIgNzYgOTUgNTUgQUIgRkEgNDMgMDggMTMKMzEgQjcgNDcgQUQgMDEgODQgMTAgNDIgMDggNjEgRkYgOTggOTggNTAgRkEgREEKODMgRTkgQzYgMUYgMDggMjEgODQgMTAgNDIgRjggRjcgQjAgQjMgRkIgMzQgMUQKQkYgMEMgRTEgMkUgNzggQjkgQzcgMTQgOEYgNUUgNjIgQjAgRTIgMDAgMjEgODQKMTAgNkUgOEIgOTIgMDcgMjAgODQgMTAgNDIgMDggMjEgODQgRjAgNTQgNTggODYKMzEgQUEgRjggQ0UgRDggNkQgQkYgQTIgNTEgNjEgRkYgRDggRDUgQTEgQUMgQjMKNjIgQjkgMEQgNTEgQzUgRDYgNTcgODMgMTAgMzYgRTEgQUMgQzYgQkQgNTMgNDkKRjcgMkIgRkEgRkIgODAgMTAgMjYgNjIgNkUgNzcgNUEgMDMgMDggMjEgODQgMTAKQzIgQUUgQjAgQjMgRDMgN0IgMkUgNTEgQzUgRDYgNzcgODEgMTAgNDIgMDggMjEKODQgQjAgNEYgQ0MgNEQgRjMgNzYgRUEgMzIgODQgOUIgNjMgNUYgQUIgQUUgOTIKMkUgMjAgODQgMTAgQzIgNzUgOTggREIgNUQgOTcgM0YgMDAgMjEgODQgMTAgNDIKMDggMjEgODQgMDcgNjMgNzkgMEMgMzEgQzUgRUMgMDkgNUUgQTMgQzIgMkMgQkMKMEUgNTEgQzUgRjQgNUIgMEMgOUEgRUUgMzggRjggRjkgRjAgRDYgMDUgMjAgREMKMTcgNzMgMjcgMEYgNjcgQzUgMzIgM0UgQTMgOEEgQUQgRUYgMDIgMjEgODQgNkIKMzAgQjcgMTcgQUQgMDEgODQgMTAgQUUgQzIgQTUgRTMgRjcgQ0IgQjMgNDQgMTUKOTcgM0UgNjkgOTAgMEUgMjEgNUMgOTggODcgNDkgQkYgQUMgNDcgRkEgMjggODQKMTAgNDIgMDggMjEgM0MgMDMgRTYgMUUgMEQgNjcgNEQgMUYgQzIgQ0QgMzEgNzcKQzkgNTUgQzYgMDUgODQgMTAgNDIgQjggMkQgRTYgRkUgQjMgRUIgOUYgNDMgMDgKMjEgODQgMTAgNDIgMDggRTEgRDEgNzggQkIgNDcgMTUgRDMgQjMgQTcgNkUgOTcKNzggODUgQTUgMjcgMzQgNTQgNkMgQzAgQzUgRjMgNDggNkYgOEYgNzggODUgNzcKN0UgOTEgNEUgOEEgRjIgRTggMjAgNEMgQzcgREMgNTUgRkUgRjkgODIgRTAgNTAKQTIgOEEgQUQgRUYgMDIgMjEgODQgQUIgRjAgRjAgRkUgQjMgMzYgMTAgNDIgRjgKM0IgMEUgQ0YgQTggRTIgMjYgQTcgRUIgOEMgMUYgMzEgODUgQUYgNkYgMjkgNjMKNEMgQjEgRkQgMjEgMjEgODQgN0QgNjIgREYgM0IgMkIgNjUgODcgNDIgMDggMjEKODQgMTAgQzIgMzMgRTAgMjcgN0IgRjcgOTIgREIgMjAgMEMgMDQgMDAgRjQgMkEKM0UgNDIgNTAgMDkgODUgRkIgNUYgQUMgMkIgM0UgQjEgOUMgMEEgOTMgODAgNkQKRjQgMzYgMjMgQ0QgNTMgMTcgNEQgMjAgNjAgQjAgNjcgNUMgQjYgRUQgOUIgODUKREMgMTAgN0UgMUQgNEIgOTcgNjMgM0MgQzIgMjYgRTYgRkUgRjMgMTAgNDIgMDgKMjEgQUMgRjIgRkUgNkUgOTQgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgRTUgQjEKNkMgNEQgNEQgOTQgOEUgNjMgNTggNDMgRUEgRTEgMTEgN0UgQjggODYgQjYgOTIKNTQgMUQgMDEgODQgQjUgNjEgRDkgQzkgN0QgNDUgRDYgMTAgQzIgMjYgQjAgOUIKQTYgQjAgODkgNzMgM0QgNjYgNTggQzIgOUUgMkIgREUgRkYgODMgQTIgNkUgRjgKMEQgNkIgMzQgNkYgMDIgMjEgN0MgOEIgNDMgMUYgRTYgNzAgRTQgRTIgOTMgREQKMTkgQzkgOUUgOTggMTAgQjYgODMgNTEgM0YgQUUgREEgMEEgMkEgRDcgMzQgRjEKNUEgMzIgRkIgQzMgNDIgMDggMjEgODQgMTAgNDIgRDggMTIgNUUgREUgRDggQ0QKMTIgNkUgMDggQ0YgNDYgODUgMTggMTAgNDIgMDggRTEgRkQgRDAgRkQgMUQgNDIKMDggMjEgODQgMTAgNDIgMDggNjEgRDkgRTIgMUEgNjkgODUgQTkgMDUgRkYgMTAKQjYgODEgOTcgQ0YgQzggMkIgOTEgODYgMTAgREUgMDcgQTMgMkQgRTEgNTIgNDUKREYgQzkgODkgOEMgRTQgNUYgQkEgMkEgNDIgMDggQjMgMzAgQUEgREEgREUgMzMKMEMgM0IgMkYgREQgNkUgNjcgOTkgREIgMDUgMjggOEQgQ0YgMjkgNkMgQTIgM0EKNEQgMDggMTcgOEMgODYgMEEgNkQgNzUgRDMgQjIgREQgMjQgODQgMTAgNDIgMDgKMjEgODQgOTYgNUUgNDMgNzggMjcgMkMgRjggM0MgRUUgMjcgMEMgMjEgODQgMTAKOUUgODEgODYgRTggMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQUYgQUYgQUYgOTEKRDYgOUYgQUEgODggODQgQjAgNzUgQjQgNTcgMUEgODQgMTAgNDIgMDggNjEgNDMKRjggNUEgNzYgN0QgREIgQjYgNDUgMUYgMTUgNjMgMjYgRUIgMkUgQkIgNjcgNTgKNjMgRjYgRDcgMEUgRTEgMTEgOEMgMEEgMDMgNTMgRTcgNjcgRDMgRUYgRDYgM0MKRTggNDEgMDggMjEgODQgMTAgNDIgNTggREIgNUEgRUIgRkUgMTEgRDYgOTAgOTgKREYgMzcgNkUgODcgNzAgQzEgQTggNDkgRDcgRDUgQkYgNTYgODUgMTIgMTAgNDIKMDggRTEgMDUgNTggNzYgNzAgRUUgRkUgMEUgMjEgODQgMTAgNDIgMDggMjEgODQKRDUgRTIgRUIgQUEgQTcgQUIgMUYgMTggQTUgNDUgRDIgNjggRDkgNUUgRUUgMzkKMDMgMjEgNkMgMDkgRUQgOEYgMDYgMjEgODQgMTAgNDIgRDggMUEgOTYgOUQgRDgKNkQgMzEgREQgOTYgQTEgNjUgRDcgNUQgRUUgMkYgQzYgQjQgMDkgNjYgRkQgOTgKMzggNDYgQzkgQTMgOTkgM0UgRUUgRkQgMTggOTYgQjAgRTcgQzQgNkIgMjIgRjUKMEEgMDggNDIgMDggMjEgODQgMTAgQzIgOUQgRDggRkQgM0MgQzMgMjYgRUUgMTkKNkYgOUYgOTcgRUEgNUIgMDIgRTEgM0IgMUMgRkEgMzAgODcgMjMgQ0QgNjAgQkYKOTggNDYgQjMgQTggQjkgMUYgMDQgNDIgMDggRTEgMUYgN0IgRjcgOTIgRTMgMjAKMEMgNDQgMDEgRjAgMkEgN0QgODQgRDggMjQgMzMgRTQgRkUgMTcgOUIgRDkgQzQKN0MgQzIgMDIgMTQgMDggMDYgNkEgRDMgRDIgQUIgNUQgQTQgMjAgNjMgRDMgQjYKMjEgQUMgNkQgQUMgQjcgRjMgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggRUIgNDUKRjcgNDIgOUUgMzQgOTYgMUIgREMgQjQgQkEgNDEgMDggMjEgODQgMTAgNDIgMDgKRTEgMTEgQjEgQUEgQUUgQ0IgOEIgQzcgOEYgMkUgQjUgODQgNzMgMzAgRTUgRTgKNTUgQ0IgNTMgMTYgNzMgMjAgODQgMTAgNDIgMDggMjEgRkMgMUMgNTMgREIgNDQKQUYgQ0UgNzkgMDkgREYgMkUgRUEgQTMgODYgRjAgMUYgRDMgRjMgMTkgQkQgM0EKRTcgRDkgRDkgMkUgOEUgMUEgMkEgNzIgNkUgQTIgQUIgNzYgMzIgNDIgMDggMjEKODQgOEIgQjEgQUEgODEgREUgRUIgMzcgODQgMTAgNDIgMDggMjEgODQgMTAgMUUKMEIgREQgRUEgNzggRDAgNTggNTYgREEgOUQgRUQgMDkgMjEgODQgMTAgNDIgMDgKMjEgODQgQTcgQzEgQUEgMUEgMkYgNDUgRjEgQjIgRDEgQTYgNDIgMDggMjEgODQKMTAgNDIgMDggRDcgQzcgQ0EgNEUgREMgNEQgM0YgNTEgOEEgREIgRkMgRTEgRjkKQjEgNDkgMzEgQTggRTMgQTMgOUMgRTYgM0MgMzUgREIgQzUgOTQgNkYgRDEgQUIKOEIgN0YgMUQgODQgMTAgNDIgMDggNDcgMzggNzEgMDcgRjEgQ0UgOUYgOUMgNkMKMzYgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgODMgNjEgNjUgOUYgNzUgMkUgMUUKREIgNUIgQkMgQ0EgRjQgNDQgN0IgNzIgMjkgNjAgRjIgMDMgQzEgRTIgN0YgMDIKODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNkEgRDEgRTQgNUQgMTQgQkYgMTUgQ0IKRjkgNEUgMzYgMUUgNDIgMDggMjEgODQgMTAgNDIgQjggM0IgQTYgRTYgMTEgQkQKM0EgRTcgOTUgN0UgQkIgNzggQkYgNDUgMjkgNTMgQjMgNzUgMkQgRDMgRjAgMDgKMzggNkMgMkEgQTggN0MgODkgQzkgOTQgMUMgNDIgMDggMjEgREMgMDIgODcgRUQKODggM0IgNUYgNEUgNjEgQjggODcgMTAgNDIgMDggMjEgODQgMTAgQzIgMTMgRTAKRTQgREQgRkEgRjkgMUUgQTUgQ0MgOTkgMjEgOEEgRkEgRDkgMjAgODQgMTAgNDIKMDggMjEgODQgMTAgN0UgMEQgQ0QgRTUgNDUgNzEgQzUgRjggN0UgNEUgNTQgNEUKOEYgRTggRUEgRTIgMjcgMTQgNDIgMDggMjEgODQgMTAgNDIgQjggM0EgQTYgQjYKODkgQUUgRUUgN0MgODcgOEIgNkUgNkEgNzggNzQgRkMgQ0QgRjEgMkEgNzUgNkQKNDUgMkMgQ0QgMTUgMEUgNjcgODYgMTAgNDIgMDggQjcgQzMgN0QgNzcgMjYgMUEKRUUgMjEgODQgMTAgNDIgMDggRTEgMUYgN0IgNzcgOTAgREIgMjAgMEMgNDQgMDEKRjQgMkEgNzMgODQgMUEgMTQgMjggRjcgQkYgNTggMTcgNjkgQzEgMjAgMTYgMjYKNTUgQjAgMDkgNkYgMzMgRDIgQkMgNEQgODggQzIgMjIgMzYgN0MgMEYgODQgRjAKMkUgRDggNEYgOTEgRDUgREQgMzkgN0QgQkIgMEIgNTUgRDggMjAgN0EgOUIgMEUKNDIgMDggMjEgODQgMTAgNDIgMDggRTEgNzkgRjggREYgMkQgODUgQUYgQzggRUEKMkYgMEUgMzEgOTcgOTIgRTcgREEgNUEgRUQgQjUgNUEgQTcgNUEgNDEgMDggMjEKODQgMTAgNDIgRjggMzkgQjggOUUgQTIgRDggREEgNDAgQkEgNkMgRUMgQTMgODMKNTkgNjAgM0QgNUMgRUYgMUQgMzUgMUUgOTYgOUMgREIgREQgM0QgQUUgQzMgREYKMUQgNDIgMDggMjEgODQgQzUgNTggMzcgNDEgQjkgNzkgNUMgNzUgRjQgRTIgMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgQzIgNTcgNzAgN0QgQzAgRUYgRDEgRjMgODUgOEUgQTAgMTQgQTcgQjYgOTUKRDYgREMgNDkgMDggMjEgODQgMTAgNDIgMDggRUYgODkgNjkgNEEgOTEgRDUgQ0QKRTkgMkIgMjUgQUIgODkgRjcgQjUgNjIgOTggRjAgN0QgOTggQzYgNDcgRTQgNzUKN0IgQ0IgMTUgREQgQTIgQjUgNUEgOTMgQUEgMjAgODQgMTAgQzIgNUEgNTggM0IKNkIgQjkgRkEgRjQgQTMgMTcgMEYgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNUUgMEYgQ0YgNEEgN0EgNEUgNDMKRkMgMTUgQTEgQ0UgM0IgQjYgNTkgQjggNzIgN0YgMTAgODYgMzcgOTkgMjEgODQKMTAgNDIgMDggMjEgODQgODUgNTggRjcgOUQgRjMgQTMgODEgQ0QgMzQgNEQgQjEKNTQgODMgRkIgRUYgOEQgQUIgQTkgQUYgRDcgREUgMzAgRDkgMDQgMzAgRDMgMzAKQzYgNTIgNjUgMzEgMjAgODQgMTAgQzIgQjMgQjEgRUUgM0YgNjQgQTkgNEMgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgRjAgNTQgRUMgRkEgQzggRUEgMTMgRDMgMjMgQzUgNTIgNUYgMDggOEEgMUEKRjQgNzkgNkEgREIgNzcgMzEgOTcgQTcgQTQgRDQgNDUgNTYgNzcgN0YgMkMgQzEKNEMgMDggMjEgODQgMTAgNDIgMDggNjEgNDUgNEMgREYgN0QgNjQgQjUgNjQgRUQKRDMgNDggRkIgMTggNjIgMkUgNTIgOUYgMUYgODggN0IgMkIgRTIgQjEgOEIgQjkKOTQgREMgMjQgOEQgQjQgNjIgOUIgMTAgNDIgMDggNjEgRkIgMjggQ0IgMDkgMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgMEYgN0IgRjcgOTIgODMgMjAKMEMgNDUgMDEgNzQgMkIgNUQgMDIgMTIgMTAgREQgRkYgQzYgOUMgOTUgNEYgMUEKNkQgMTMgNjkgNjggMzkgOTMgOTcgQkMgMzMgQzEgMzQgMkEgOUYgNzAgRkIgMjAKODQgMTAgNDIgMDggMjEgODQgMTAgRkUgMUYgNkIgMEQgMTIgODUgMTUgNzAgMUMKOTYgQjAgNTYgMkYgNzggNDAgMDggMjEgODQgMTAgNDIgMDggNUIgQzYgQzMgQzgKQzUgRTMgOUUgMzkgMkQgNjUgRjcgN0UgQzcgNEUgOTMgRjcgN0QgRjMgM0IgNkMKQUEgRkIgQkUgMDIgREMgNkYgOTAgOTUgNUMgQ0YgRTQgQ0EgMzcgMUQgMTEgRkQKOUEgMTggM0QgQUUgNDkgRjEgOTIgNDIgMDggMjEgODQgQjAgMTYgOEEgOTEgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgQkMgMkQgQTYgQTcgN0MKNEUgMjEgOTYgOUMgNzcgRTMgM0IgNjggNzMgODMgQTggREQgRTEgRjQgMEEgQjEKRTQgMkMgNTQgN0YgQUQgRjkgQTEgMTAgNDIgMDggNjEgRDMgMjggMjIgMEEgMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQ0EgOEQgNkEgQUYgRDkKQzYgRjkgOUUgQzkgRjEgQTYgQTUgREYgNkQgMDggMjEgODQgMTAgNUUgMTAgQzUKM0MgMjEgODQgMTAgNDIgOTggODUgQzMgMTIgMzYgMzUgRjkgQTAgQTAgNzQgRUYKQUMgMDIgREMgMUYgMjggRjUgOTEgNUMgNDggNDAgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKM0MgMTcgNjUgM0YgQjUgMzUgREIgOTggRUUgMzQgQUYgMTMgNDIgMDggMjEgQkMKMTUgOEEgN0MgNDIgRDggMjcgRTYgMjcgQjMgNTIgMzggM0UgRTYgQjAgRDYgRjIKQTMgNDMgNzggMTEgQ0MgRkYgMjEgRTQgMDcgMEYgRUYgODEgQ0IgMTggNjIgQzkKMzkgQTEgOUYgRDcgQ0UgQ0YgMTAgOEIgM0YgMjggMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgQzIgMEYgN0IgNzcgOTMgQTMgMjAgMTAgNDQgMDEgRjggMkEgNzUKMDQgQUIgQzEgQkYgRkIgNUYgNkMgMTYgNjYgQTAgNjUgNDggQTQgMUQgRDAgMTAKQkUgQ0QgNEIgREUgQjcgNzIgRDEgMTggNEMgQkEgMkMgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgOUIgQTIgODkgNEUgRjUgOUYgNzUgM0EKQTQgRDkgNzcgNTEgRTUgMDMgNEIgOTcgNTEgNjUgRUIgMjkgODUgMTAgNDIgMDgKRTEgQUUgMzEgQkIgNzMgNTQgQjkgRTQgMDUgNjMgQzUgNkEgOUMgMTMgQzIgMzYKRUMgRUUgNTEgRTUgMTYgNTMgNTcgNUQgODkgMjEgNUEgRTcgQkYgMjAgNUMgMEQKQjMgNDQgOUQgRDMgQzMgQjkgQzIgNTEgNTcgREYgQUUgNzkgODkgMjEgQUMgRDEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgQjggMjkgOUEgQUYgNTQgNUYgRDYgQkYgMzcKMUIgRjMgOUUgMzEgQTYgNzkgNDkgMDggMjEgODQgMTAgQ0UgNjMgREUgQkEgQTgKNzIgQzkgOEIgQzcgOEEgNzUgQjIgQUQgQUMgRjUgQzMgNDMgNzggMzQgQkMgRjQKRjEgMUIgN0UgMDYgQUEgRUEgRUUgNkIgN0YgOEEgMjEgMUUgNTIgRkEgNkIgOEMKNjkgNDQgMTEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgN0EgRjggQkMgRTAgNjMgNzYKOEIgOUYgQjkgQzUgODMgRDQgREIgMjkgODYgNzggNDggQzkgNzMgOEMgRDkgN0UKQkEgMjAgODQgMTAgNDIgNzggNjQgN0MgMUUgODUgRjggQzAgNzYgQUQgNjEgMzMKQjUgMjUgRDQgMTAgQkUgRjEgNEYgMzUgNEQgOEYgOUIgQUEgQUEgM0IgQUEgNjYKRjYgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgN0UgMUYgMTcgOEYgMzEgNjYgMzkgQzUKOTggMzMgM0IgRjggOTYgREMgOUQgNTMgMzcgQUEgOTMgNEIgRkIgNTkgQUUgNTEKQTUgOTkgNDQgMDggMjEgODQgMTAgN0UgMTcgQjcgRDggRUUgM0QgN0QgRkYgQjkKNUMgNjMgNEMgMEIgQTQgMjAgN0MgODEgNzkgQ0UgQTggNzIgQzkgNDMgQTcgQUEKRUEgN0UgNkIgNjYgODkgMkEgNUIgQkYgMzEgMjAgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgODcgQkQgN0IgNEIgNkQKMTggMDYgQTIgMDAgQkEgOTUgNTkgNDIgMjUgQjkgN0UgRUMgN0YgNjMgRkQgMzAKNzUgMDYgRDcgQTQgNTIgNUIgNjggOTMgOUUgOUYgMEIgRjcgMjAgNjIgMDggNTgKMjEgRTAgQjEgMjAgODQgMTAgNDIgMDggMjEgRkMgN0QgNkMgMjUgNTIgNUUgOEUKRDEgNUQgQTIgRTkgQzggRkUgOUEgQ0YgNDkgMUMgRkYgODYgOEQgMzQgNDIgMDgKMjEgODQgRjAgODkgNzAgRTAgMkQgMUMgNEIgQTQgQkMgNUMgRTkgREMgNDYgMDgKN0YgMEEgQ0IgREEgMjIgNjUgQ0YgREYgMUMgNTUgNTUgMUYgQjcgOUUgN0UgNEYKNDcgNzcgMEMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgMzkgRjEgQkIgQjMgOTYKQjAgRTMgRjkgN0YgQTMgOTEgMTAgNDIgMDggMjEgODQgMTAgQzIgNDcgQzQgNjkKODkgOTQgM0IgQjYgMUEgNDcgRjQgNEMgNzUgQTkgQUEgRkEgOTcgRUIgRTkgMTAKRTcgNUEgNUIgREMgRDIgMTggMjYgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgOEUgNjEgRDkgQjYgNDggQjkgNjMgOUQgRTIKODggOUUgQzkgMkYgNTUgNTUgN0IgRUEgNjkgNDYgQjIgQkMgNEMgOTEgNzMgQzcKMzkgOEUgRTggRjkgQ0MgNEYgMkUgMzEgMkYgOTEgNzIgNzQgN0YgODAgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRDggOEIKNkQgOEIgOTQgM0IgOTYgQTkgNDUgQ0EgMUQgQjcgMzkgREUgRTMgMkIgNzMgNjQKRUEgQkYgQUEgMUYgQ0YgNjMgMkQgQTUgNDYgQ0UgMUQgRUIgMTIgMjkgRTEgMDAKNUUgREQgQTQgQjUgOTUgNDggNzkgNzkgRTMgNUYgQUUgQkMgNzMgQTEgNzUgOEQKMjMgRUUgMkMgQUIgRTUgMzUgNkUgMzkgQkUgMTEgNDEgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKRTEgMUIgN0IgRjcgNkEgMDMgMDAgMDggMDQgNTEgQjAgOTUgMkIgODEgNEYgMDgKRkQgNzcgODYgNDAgNzAgMTYgMDUgNjIgQ0MgMTMgRDMgQzMgNjYgMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggRTEgNDMgNkMgM0QgNTIgMzcgRDYgNTEgMjMKRjUgN0EgMDcgMDcgRTEgMUYgRDggQ0EgOEMgNTMgRTcgOTggMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgNUMgRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEKOUEgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgODkgMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUKMjMgNDQgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUKQkYgNzYgODQgNjggQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgMjcgNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAKQzggRkYgRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAKMDAgMDAgRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgRDggOTEgNDMgMDIgMDAKMDAgMDAgMDAgMjAgRkYgNUYgM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgMTMgM0IgNzIgNDgKMDAgMDAgMDAgMDAgMDAgRTQgRkYgNkIgNDcgODggRTYgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNjIgNDcKMEUgMDkgMDAgMDAgMDAgMDAgODAgRkMgN0YgRUQgMDggRDEgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNEUKRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgODkgQkQgM0IgNDggNjEgMTAgMDYgQTIgMDAgN0EgOTUgMzkgODIgQTYgREEKRDAgRkIgNUYgQUMgMDEgRDMgOTggNDIgOTEgREEgOTYgMjIgRjIgMTYgRkUgMzgKQ0YgODUgOUIgOTAgREQgMjcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIKNDMgRTIgNTggNUUgNUEgNTYgMUMgRTcgNUIgNzQgQjkgODEgNjkgQzggRDEgRTUKRUUgQkYgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgMUUgMTAgOUYgMUIgOTQgNUIgMDUgQ0MgNTQgQkUgQUUKMDkgQkYgQzQgOUMgQTIgQzUgMjIgNDMgRDQgRTcgODMgNzEgQkUgNDYgOEIgNTcKRDUgREEgRkQgMUIgMDMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggRTEgQzkgNTAgQTMgMTAgRkUgMUYgQzcgMTQgNUQgMkUKNzggMjkgNkIgOEQgMUYgNTQgMkMgOEQgRUYgOEYgNTMgNTkgMUYgNTEgOEYgODUKMjkgQzcgOUEgQUUgNkEgODUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgREUgRDkgQkIgOTcgMUIgMDYgNjEgMjAgODAgODIgQUQKNkMgMEIgMDYgQzIgQTcgRkYgQzYgNzIgNDAgNzEgOUMgODggODMgQUQgNDggMDEKOEIgMzkgNzggQTUgMzcgMDUgRUMgNkQgNjUgRDggODggQzMgMTggQzUgQkMgQzQKRjEgQTYgQ0IgM0UgMjkgNEYgQ0EgQjQgM0MgRTIgM0QgREIgRjcgMDkgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNzYgODQKQkYgRkQgOEYgMzkgQUQgOTEgNDcgQ0QgMDEgOTcgOTQgQjIgREYgRkMgNUMgMDIKRkUgQ0QgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNzYgODggRTMgMTYgQzUgREMgNzEgMTkgRTIgMzUgN0MgMTMgMjkgQTUKM0MgQzggQzMgMTMgRUMgRTYgRkQgMDMgMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgNjcgRTMgM0MgNDUgMUUgMzUgNzcgNTUKNTIgQ0EgN0IgRTYgMUEgRjkgRUQgMzcgREEgMjkgOEEgRDkgQkEgNzkgMjAgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgOUYKOTggQjYgMkQgOEEgNTkgNzMgNTQgMjUgQTUgQkMgNjcgN0UgMUQgNTQgQTYgNzkKODkgNjIgQjYgMkUgMUYgMDggRTEgOTMgQkQgN0IgNDkgNzUgMTAgMDggQTIgMDAKQkEgOTUgNUEgODIgRUQgMjcgOUEgRkQgNkYgRUMgMEQgODQgQjYgNUYgRTggNDEKNEIgMjIgNkEgNzIgMDYgQjkgNzAgMEYgMDQgNzEgQTAgRjYgQTQgMjggRDggOEEKREQgMUMgNDUgRDYgRDcgRTYgQUUgRDggQ0YgNTEgNjQgMEQgRUIgN0YgQUYgNUQKQzggNkIgMEQgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgRkMKMDkgNEMgRTMgMTAgNDUgQjYgNEMgNUEgQTkgQUEgRkEgQUQgNzUgODkgRkMgQUIKOEMgMjYgRDkgNTYgMDkgMjEgM0MgMEEgODcgNjcgMTQgQjkgRTIgREMgNDcgOEUKOTYgMzcgRDggM0IgNzUgN0EgNDQgOEUgNTUgRkEgMzQgQzUgOTYgRkIgRUYgMDgKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgOTcgQzEgMzQKNEMgNTEgNjQgQ0IgQUMgODEgQUEgREUgQUIgMEUgN0QgRTQgNTggMjUgQTUgM0UKOEEgREMgQkQgRTMgMEMgN0UgMTQgMEQgMkIgNDEgMDggNEYgQzQgQzcgMTggMzkKNUEgQkUgMjkgQzcgRDUgRjQgODggMUMgRDUgOTUgRTIgN0IgNkYgMEQgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgQTcgNjAgNUEgODYgRDgKRjIgNDcgRDcgNUYgMUEgRUIgODMgNTcgQzAgQkUgOUIgQTMgQzggQkQgQ0YgMzIKODQgMTAgQzIgRUYgQzYgOTcgMjkgQ0UgOTYgMTMgQ0UgNDUgNkEgRTUgQTAgMzUKM0QgNjMgNEIgMTMgQTkgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggRTEgQTkgMzggQ0UgRjEgMkYgNUYgQzcgMDEgNUEgQzYgMDcgM0UgNTggOTcKMkUgNzIgRUMgMUQgRDMgM0IgMDIgOEQgRkUgNDEgMDggMjEgODQgRjAgQTYgOTgKQTYgMTQgNDUgQjYgOUMgQzQgNkUgNTEgQzcgMkUgNzIgRDggMzQgMEQgMjEgRkMKNjMgRUYgQ0UgNzEgMTggODQgODEgMjggODAgNUUgNjUgOEUgODAgRDkgMDIgRjcKQkYgNTggMEEgNEIgNjAgMjUgMkUgMjAgMUIgQTAgQkMgODIgMkYgQ0QgMTMgQTIKNzAgRUQgQ0YgNDAgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMEYgQzQKRUEgNUUgQUQgQjYgOEYgMjUgQjYgMzQgMDUgMUUgQzYgMjkgOTYgQTcgRDIgRkQKNTQgMjUgODAgMTAgNDIgMDggMjEgRkMgMDEgRkUgQzkgQ0EgRkIgMzQgQzYgMUEKNTkgRTYgMTQgNDUgRUUgM0QgMzcgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgQkUgODggREQgMUMgNDUgNjYgNEMgN0QgMTcgNDUgRDYgOUIKQTcgRjUgMzcgRjMgMzcgNTMgQUMgQTkgMjYgMDAgMjEgODQgMTAgNDIgNzggMUMKOUUgNkMgODcgRkUgNTEgRTMgMzAgQzYgMTIgRkUgQTAgMDIgMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggMjYKN0UgNjMgQzkgRkUgMTUgQzcgRTcgRjUgQUMgNkQgNzMgOEIgMjIgRjcgMUUgMkMKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNzggNjEgQUMgNUQKQUEgNEYgQzMgMUMgNDUgNTYgRDEgOUQgN0MgMDggMjEgODQgMTAgNDIgRjggQjEKQjUgRkIgNkQgMTMgNDUgNjYgOUMgMjIgRjIgQjMgQTUgM0QgN0EgQ0UgNTEgQTcKMTUgNDIgMDggMjEgQkMgQjMgNzcgRjcgMzggMEMgQzIgMzAgMTggNDAgQUYgRTIKMjMgMzQgOTQgOUYgNzIgRkYgOEIgNzUgNDAgNDAgQUEgMjIgMUEgNTQgMjEgQTAKN0QgMDMgOUYgRTQgMzcgOTEgMkQgODMgMUQgNDMgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgRjAgQTcgNzAgNjkgN0MgQTAgQUIgNjIgOEEgOTIgNjYgRkIgRjUgQjIgNjkKNjMgOEEgNDEgQUEgRDQgQzQgOUMgREIgRkYgMTkgNDIgMDggMjEgODQgMTAgRkUKMTkgQTYgQzcgM0QgQjIgN0MgMUYgRjkgMkMgQjkgOTcgOUUgQjMgMzQgQjggMEEKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgQTIgRDggRDYgMzEKNDUgNDkgMEIgRkQgMzcgNjUgN0QgOEIgMjkgMDYgQTkgRUEgMkUgRTYgRDQgN0UKMEYgMjEgODQgMTAgNDIgMDggM0YgRTEgM0QgNDUgOTYgMkIgQ0IgNTggRkIgMzYKQzYgQjggRDIgMDQgNkIgN0UgNjcgRjYgQzAgMEIgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgQzIgQzMgMzEgRjUgN0QgNjQgNTkgRDIgMUIgQkYgNUYKOTkgQkEgMjYgRTYgREMgN0MgMTYgMDggMjEgODQgMTAgNDIgMDggMzcgRTEgRTIKMEUgRDYgNDcgQzQgRjAgOTUgREMgNjAgOEYgMkEgQkQgRjEgMDIgMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgMjggNEMgNEQgOEEgMkMgNEIgREEKRTAgRjcgMkIgNUYgOTcgNUIgNjkgQTcgODcgMTAgNDIgMDggMjEgODQgMDcgRTAKRTIgQkMgNkEgNkEgNjMgOEMgNTMgNkYgNUMgRjUgRDggMEIgODQgMTAgNDIgMDgKMjEgODQgNEYgRjYgRUUgRTUgODYgNDEgMjAgODYgMDIgNjAgMkIgMkUgODEgNkYKNDggRkEgNkYgMkMgMDcgMDQgNkMgMDggOEEgMTYgMDUgMTAgQTAgQjkgM0MgQzkKNzMgRTEgNkEgNzYgNkQgODAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgMUUgODMgQjMgRjEgRkIKOUMgQTEgRjcgRkQgNEEgMEIgQUEgMTAgNDIgMDggMjEgODQgRjAgQTQgNTggOTcKOTEgRTQgRDAgQkUgMTYgOTEgRTQgQTkgN0UgQkQgQUEgQjUgODYgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNUUgMDYgQ0IKMzYgOTIgRUMgQjEgNkMgNUYgOTEgRTQgRTIgNEQgRTggOEUgQjggRjQgRjQgQUEKRTggNjIgNEEgRjcgQjAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMDkKMzYgNUQgMjQgRDkgNjMgNUQgQzUgMTggMzkgNjMgRjAgMUIgOTYgMjYgRUEgMjEKODQgMTAgNDIgMDggRTEgRDUgNzEgNzYgNjUgOTkgRDMgMDYgRUYgNTcgMzYgNDUKOEMgQjEgRjQgMEEgQTAgRTUgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgQUUgQzcgQUEgOEUgMjQgRDcgRUUgOTYgNzYKNTUgMEMgNzEgRjQgOEMgRTIgRUYgQjIgN0QgQzQgMTggNTYgNTYgMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggN0IgRkMgM0UgRTQgQzkgMzkgNjkgRDkgQjAKQjQgNzYgMEEgMjEgODQgMTAgNDIgMDggMkYgOEYgMjcgRkIgQjQgQ0IgQUMgMkMKMUYgNUQgNEMgQTkgRTUgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgRjAgNDYgRjggREYgMzYgRTggMjIgMzYgQ0YgMTggMjMKRTcgNDYgRjIgN0UgQTUgNUQgNTQgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKREUgMTUgMkQgOTMgNDIgMDggMjEgODQgMTAgNDIgQjggMzkgN0UgQUUgNzAgMUUKREQgNjYgRUIgQkEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgMzcgN0IgNzcKOTMgQzIgMjAgMEMgODQgMDEgRjQgMkEgNzMgMDQgRDMgRkEgODMgRjcgQkYgNTgKNTcgQjUgNDEgQjIgMzAgMTAgQTMgOTYgQjcgMTkgOTggQjcgNzIgMTEgNjIgQzAKN0MgMEUgODQgMTAgNDIgMDggMjEgODQgMTAgNUUgOEMgNjkgOEEgQUMgOEEgNzkKM0UgQkEgMkQgQzQgNEIgRDcgMzUgQjIgNUEgQkQgM0MgMjAgODQgRjAgMTEgNTgKNEEgQ0QgQTcgMzUgNDUgNTYgRTUgRUIgMjEgODQgMTAgNDIgMDggMjEgQkMgMUMKRTUgNDMgMjEgODQgMTAgNDIgMDggMjEgNkMgOEYgMzcgOUIgNDAgRUEgRTAgMEQKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNjEKMUIgMkMgMDUgM0YgOTcgNTcgN0MgNEIgRUYgNEYgODEgREEgM0UgNkQgMUUgMTEKMkQgQUQgODQgRkEgODUgMDQgMjEgODQgQ0QgRjEgQkQgNDYgNTYgOUIgQkMgQTEKRUMgN0UgMTAgNDIgMDggMjEgODQgMTAgNzYgNDAgMDEgNEYgMDggMjEgODQgMTAKNDIgMDggRkIgQTAgQjMgMzcgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgQjcgQzAgNjEgODkgQUMgOTYgQTYgNzMgQjYgQzkKQzUgNjggRkYgQUMgMUQgODcgRDggOEEgQTAgMTMgODQgQjAgMkIgRUUgQzMgOUIKRkIgRjQgRTUgOTEgNEQgQUMgQUEgQ0QgNzcgQkMgRDIgREYgQ0UgRUYgNzEgRjMKQzQgODggNTIgMDggMjEgODQgMTAgNDIgRjggMUMgNzQgOTMgMUMgNDIgMDggMjEKODQgMTAgQzIgM0UgRTggRUMgMEQgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggRTEgODkgNzggQzIgNzggMzIgQUQgNzYgNkIgRDMKMUMgNUIgOTEgMDkgODIgMTAgOUUgODQgRjMgMTggNUIgMzkgQjIgMzUgMzUgNkMKRDMgMzIgQzUgQUYgNTYgM0YgNzkgMDUgOUUgRjAgQkUgMzYgNEUgMTQgNDIgMDgKMjEgODQgMTAgNzYgNDMgMTcgQzIgMjEgODQgMTAgNDIgMDggMjEgRUMgODMgQ0UKREUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgODcKQkQgM0IgQ0EgNTEgMTAgODYgQTIgMDAgQkEgOTUgQjcgODQgMjkgODggQzIgRkUKMzcgMzYgOTkgNEMgQzQgNkEgODggNjkgMUQgNDAgOTkgOUUgMEYgNkYgRjIgQ0UKOTcgNDQgNTMgNDggREEgMUIgMjAgODQgNzAgM0IgN0MgNjMgODEgQzUgRDggRDQKQTggOTUgMDkgMjEgN0MgMTkgRDMgMzQgNDUgOTYgMjUgNkIgQ0UgNzYgRTMgNkUKMjcgNDkgMzYgQkQgNDEgMUYgRTMgRDUgOUYgMTAgNDIgMDggMjEgODQgRjAgNjgKRTggRDQgMzcgODQgMTAgNDIgMDggMjEgODQgRkIgQTAgNjcgNkYgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNTcgQzEgMzQKQTUgQzggQjIgNjQgQkYgQ0MgRjggRjIgMzggQzYgRkMgRjkgMTkgNTMgRUEgMjIKQ0IgNjcgREIgOTEgQTcgQjggQzYgRkEgMTUgOUIgQ0YgMUMgOTUgMzEgMjEgODQKMjUgQjggNjkgMDMgQjEgNkEgREMgRTIgMzAgQzkgN0IgNUIgQTUgRTkgMzQgNDYKOTYgQjUgNUYgMUUgNDIgMDggMjEgODQgMTAgNDIgNDcgQkUgMjEgODQgMTAgNDIKMDggMjEgREMgMEQgM0QgN0IgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgNTggOEQgNUQgMUYgNTkgRkUgNjIgREYgQzUgMUMKMjUgOUIgNjUgOEQgOEYgRTMgNTcgQ0MgQjEgQjggN0IgNTggOEIgNUQgMUEgRTIKOTYgRjUgQkYgNjkgM0YgNDUgOTYgRDcgODIgNEMgMUYgNTkgQjYgRDYgRTIgRjQKODIgMzYgMDggNUIgQzYgNzQgMTkgMjIgQ0IgOTIgNDUgNjMgQjcgMzEgMEQgNTMKNjQgNTkgN0IgNjkgMEYgQjggQjggRTAgOTcgN0MgOEQgMTUgQzcgRUUgMkIgQUUKNjEgQkQgODUgMTAgNDIgMDggMjEgODQgQUYgQTAgMDMgRTEgMTAgNDIgMDggMjEKODQgMTAgRUUgODMgOUUgQkQgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgN0MgODYgN0QgOEEgMkMgOUIgRUQgNUQgRkUgQTkKM0IgNzkgREYgNzAgNTkgQTcgM0IgNzkgMTQgNkMgQjIgRTMgOTkgQ0UgOTcgQjgKQTUgOEQgNjAgMDggRkYgMEIgMkUgRDUgMDMgNEYgNjMgQ0MgNTEgQjIgM0UgNkMKMzcgQ0UgRUYgNDQgNUUgQkMgN0QgNTcgNUYgRUMgMTIgQTYgN0UgODggNUIgQkUKQjkgQTAgN0EgREYgOTYgQUQgQkUgMTYgMDggMjEgODQgMTAgNDIgRDggMUEgM0EKMzEgMEUgMjEgODQgMTAgNDIgMDggRTEgM0UgRTggRDkgMUIgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgMjcgQzUgQkEgRTEKMUMgNzMgOTQgNkMgODEgN0QgQzggRjggNTAgNUEgNDkgQTkgOEIgMkMgMzUgMkIKOEYgOEQgQzUgMEQgRDAgOEYgMkQgN0IgRTYgRjUgMkUgRkYgQjEgNkYgRjYgRUUKMjUgQzcgNDEgMTggMDYgMDAgRTggNTUgN0MgMDQgNTIgNUEgMDYgRUUgN0YgQjEKNTkgOEMgQ0EgNEYgQTggODIgNjkgMjEgODEgQkUgNDUgMkQgRjkgRUQgMjIgRDEKMTAgMjUgMzEgODYgRjAgMUEgRDggMzUgRjEgMEMgOTkgNUYgOTcgRkQgMUIgRjAKRTAgRkEgRjEgRDQgRDYgMzEgQzQgQTMgOUIgNkYgQkEgOTAgMDMgMjEgODQgMTAKNDIgMDggREYgNDEgRjcgQzkgMjEgODQgMTAgNDIgMDggMjEgM0MgMDYgRjMgQUUKQkQgRUYgNTUgRjQgNjEgRTkgM0IgOEQgNTYgRTMgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNzAgMDcgM0MgNzMgQ0QgRTYgOUEKMjIgNEQgNjUgNzEgRjAgQzUgRDMgQkUgRDQgM0MgNkUgRkMgNjggNjUgRUUgOUQKRTcgMTAgMTkgQzIgQjMgRTAgQjQgRjMgNjMgRTYgMzYgOTQgNjUgRjUgRkYgNUQKOUEgQjUgNTIgMTMgQ0YgNzAgRjQgMzIgQzMgQkMgMEEgMjEgODQgMTAgNDIgMDgKRDcgNjMgREUgOEIgRTUgOEEgM0EgMjEgODQgMTAgNDIgMDggRTEgRjcgRTAgRjQKQjQgMkUgRjMgMUUgN0IgRTYgNEQgNzUgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgNzggMzEgM0MgNzMgRjEgQTYgNkEgNEQgNzgKM0MgRTYgQkQgQkEgRjkgMkEgOUQgOTcgOEYgNkQgMUUgMUEgODQgRjAgMDMgNTgKQTcgMTggQzUgM0YgQUMgNkYgRDEgODcgMzUgRkYgRTUgRkQgRDIgQjYgOEEgM0UKNkMgMUUgREEgNTEgOTggQUEgNDcgMEMgMzEgRjcgMkQgOUQgNDcgMTcgQTMgQjgKNzUgMkMgMTAgNDIgMDggMjEgODQgRjAgQzIgOTggNzcgN0YgNDAgNjkgMjcgODQKMTAgNDIgMDggMjEgRkMgMUUgNEMgNkQgMUQgQTMgQjggNjYgQzEgQkMgNUYgNkEKMjkgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggM0YgODggQ0QgM0QgRkEgQjAgRTYgQjggMkEgNTcgQUEgQjYgMDIgMTYgODIKNDUgMUQgMUYgQ0YgRDIgNzQgQUIgNjIgODggRTUgRDYgNkQgNDEgNzggNjEgMkMKRjYgQUQgN0EgOTYgRDcgNjggNTEgNzMgQUMgMjYgOUUgMTAgNDIgMDggMjEgODQKNTAgNTEgMjcgODQgMTAgNDIgMDggMjEgODQgMzkgNzEgQkEgMjUgOUIgRkQgNkIKOEEgNTYgRTMgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgRjAgN0YgOTggQkEgMkUgNDYgNzEgQ0QgRTEgNTQgQUUgMzQgRDUgOEYKMTggRTIgRTYgOTEgNDIgQjggMkYgMTYgNzYgODggM0MgNEIgNkYgRjcgRTggODMKNDIgMjQgMDggNzcgQzUgNjkgOUYgREMgQ0MgQ0QgMjUgNjcgNjkgMUIgRkQgNkYKQTEgOTcgRTggRDYgOTEgMUUgODcgNjUgNEYgQjAgQTkgRjkgODkgMjEgOUEgNEUKMjEgRkMgNjUgRUYgMEUgQjIgMTMgMDYgODEgMDAgODAgNUUgODUgMjMgODggMzEKNkQgQkQgRkYgQzUgREEgNkUgMTAgQUQgMzUgRTAgRDMgNDAgQzIgREYgQ0MgN0IKRjMgNzcgMkMgOTIgRjAgQzIgQ0MgMDAgMjEgODQgMTAgMEUgOEEgQUQgRkIgM0EKQ0QgNzQgODIgMTAgNDIgMDggMjEgODQgNDMgNjMgRUIgMEQgQjkgRDYgNEUgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggMEMKNzYgN0IgOEYgRDggNTYgREIgNEYgMjAgRUMgRTMgMTAgRjkgNzEgMUEgNEYgNTMKQzggNjIgRUQgRDIgMjAgODQgQkYgNzggOUMgNDIgMTYgN0IgRUIgMzcgNEMgOUYKRDEgQkQgQjYgMUYgNUUgQUYgQTggRjEgM0IgNTYgREQgMEUgODQgMTAgNDIgMDgKMjEgRkMgMzMgOTQgNkMgRUQgMzEgMkYgNjYgM0EgNDEgMDggMjEgODQgMTAgQzIKOTEgQjEgRUQgQTkgOUMgNUYgQzQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgNzAgMTEgN0IgQkUgQTAgNzMgRjcgMUQgMjggNzAKNEMgNkMgN0IgOEUgQUMgRTYgMTMgQzIgOTcgRTEgRjUgNzggODEgQ0UgQkIgMzgKOEYgNzEgMEUgOTcgNTggQkYgRDggQUQgNjAgNjcgNTcgNzkgMkEgREQgODEgMTAKNDIgMDggMjEgODQgM0YgMTggQ0YgMzEgNjQgQjEgNjQgMjcgRjkgQkUgMzQgN0UKQ0UgRTEgMTIgQUIgRDcgMDIgMjEgODQgMTAgNDIgMDggRTEgODYgQjAgRUQgOTEKOUMgRkYgQzMgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgNzAgMTEgNkYgRUUgRTkgMkIgMzkgODcgN0EgNUYgQUEgOTcgMTMgOEUKODMgNkQgNEYgOTMgQUIgNTIgNjUgOUYgMTAgRkUgODcgRjMgNDcgNDggQTEgRTQKNjkgNUEgMkQgOEQgRjMgMzkgNjQgQjEgNzYgNUQgRkIgQzMgQjYgQUYgNUMgMDUKM0MgMTAgNDIgMDggMjEgODQgRjAgREUgMUMgOTIgREIgMDkgNEIgMjUgN0IgQ0IKMTcgQTYgQjYgQTkgMTAgNDIgMDggMjEgODQgNzAgMUMgNkMgRkIgOEIgRjggNzQKMDggMjkgMTggQUMgMEEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggN0IgM0IgQ0YgNEEgRTkgREQgNkUgRDMgREEgQjUgNDAgQjgKMzkgRUMgRUEgMDEgNTQgRjkgMDkgRTEgMjIgQzYgNjkgMEUgNTkgMkMgNzkgNzYKNTYgNEIgQkYgMEUgMjEgODUgREEgNzUgMEQgODIgNkQgNUYgQjkgNkEgNzggMjAKODQgMTAgNDIgMDggRTEgMzcgN0IgRjcgOTIgRTMgMjAgMEMgMDMgMDAgRjQgMkEKM0UgNDIgRjkgQjQgOUQgREUgRkYgNjIgQTMgMkUgODYgQTYgQTggNTMgMTEgMDkKNDggMjAgNkYgNjMgQzkgNkYgMDUgMEIgODMgMDMgRjkgRkMgRDMgQTYgNUUgRTIKMTUgMTcgRjUgOTYgMkIgQTYgMDYgRkIgMTAgNDIgMDggMjEgODQgQjAgMUQgQUMKRUEgMEIgQkYgOEQgOEUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggNjEgM0QgRUIgMUQgNjYgQTcgNzYgRjYgNDMgMTcgNDkgQ0MKQkQgMTcgMDggMEYgODcgNjUgMEIgMzAgMkIgMzUgRUQgMTMgMzYgODcgREQgMzUKOTIgMzggN0IgNkQgMkQgQTkgOUEgRUQgRDIgRTkgMzIgM0UgNUQgNkEgRkUgOUQKQjYgODEgNTUgM0QgNkYgMUQgOEUgMEMgMjEgODQgQjAgNUUgQkMgREMgMjMgODkKNUYgQ0UgMDcgOUYgQkQgNUIgQUIgQzAgRjcgRUIgRkMgNzQgNDcgMDYgMzIgQjAKMkUgMkMgREIgQTMgMUEgRTYgNDMgMDggMjEgODQgMTAgQzIgNzYgQjAgRkIgMTkKMjIgODkgNEIgMUEgRTYgRUQgNTIgQUQgMzggODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgQUMgNjkgMjIgNTkgN0EgNDggODEgMTMKQzcgNjAgQTMgNTggQjYgMEMgQjMgNTIgN0YgOUMgRTEgOTkgQjEgMUYgRTIgMkQKM0UgNzEgRTggNjMgMEEgNEIgNkEgNjQgQjcgNzQgQjYgNzggMjEgRkIgNjYgMUIKQzYgQkEgMzYgNjkgRjcgNTAgODUgMTAgNDIgQjggMzMgMEUgOEYgNzggOEIgNEYKQkMgRjcgRjEgMTcgRUEgNkEgNzggQkUgQTcgRDcgNUIgNEMgQzEgOTYgMTcgQjAKMTQgOTYgMUQgQ0UgNkIgMjYgMjEgODQgMTAgNDIgMDggNjEgNDMgMzggREUgMjMKODkgQzUgM0YgRTAgRkIgQzcgMEQgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggQ0QgMjUgODMgQjAgMkEgMkMgNUIgODYgNTkgQTkKOUEgODUgMjcgNDEgOEIgMzEgMUIgQzYgQ0EgMzYgNUEgMzcgOEQgMDcgNDIgMDgKRTEgQUUgNzggMUIgNjMgMEEgNEIgNUUgNTUgODcgNDggQzcgNEIgMjQgRTEgMjkKREQgRTMgMTEgQUYgQTggN0QgODIgMkIgNjMgRDkgMjEgQkMgNTEgMzkgODQgMTAKNDIgMDggMjEgNkMgMUMgQ0IgNkUgQzEgRDcgOEYgMzEgODUgNEYgNEIgNDcgQjUKRTggMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMEQgQTEgQjkgNjQgMTAgMTYgQzcgQjIgNjUgOTggOTUgQUEgNTkgNzggM0MgM0MKRDYgMDIgNEMgMjUgQjYgMDMgNTYgQjYgQkYgQkEgNjkgM0MgMTAgNDIgMDggMzcKQzIgRDkgQ0EgQzQgMjUgNkYgQTUgRjMgQTUgQ0UgRDYgODQgQUIgNjAgRDkgMzEKQkIgMzEgMDIgODQgMTAgNDIgRjggQ0IgREUgQkQgRTQgMzYgMDggMDMgMDEgMDAKQkQgQ0EgMUMgQTEgMEUgRjkgNzEgRkYgOEIgNTUgNTEgREIgNjAgNTAgMTQgNjEKMzUgODkgNkQgNzggOEIgOEUgMzQgNkYgNTMgNjggMTMgQzAgQzYgRTMgODEgMTAKRUUgMUMgRDMgOTggMjIgOEIgNkIgOUUgQTIgREYgOTcgQTYgRTMgMTAgNTkgMkMKM0QgMTcgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgRDggMkYgRDYgNUQgNDggOTYgMzcgQjAgNTAgNzcgMDAgRjcgODkgNzUgQkYKODMgNDUgQTkgOTUgOUYgQjAgNjkgRUMgQUEgRDYgRjIgNzggOEQgN0IgNzAgRkIKQUIgOEIgRTkgNzIgOEEgMjkgN0UgN0EgMUYgRjUgN0IgRkEgRTggNjAgOEEgQ0YKMDUgNDIgMDggNkIgRTIgRDcgMjUgQjIgRjggQTQgQjkgRjMgRTIgOTEgRjIgMzUKQjggRjggNDUgMEYgMEUgNjkgNUYgRjcgRDYgNEQgQjYgQkYgRkMgNEYgOUEgQ0YKM0MgQTggQzQgODQgNkIgQjAgRUUgMzggREQgRDAgMUIgNDIgMDggMjEgODQgMTAKRUUgMUQgMTcgQjMgRTUgQ0IgQkQgRUMgM0UgM0QgRDQgQjUgOEQgMUUgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgM0UgMzEgMEQKQTcgOTggNjIgRUQgNUEgODMgRjkgNUEgRDkgRDIgNzMgODEgQjAgM0IgQUMgQkIKOTIgQjMgMjggQjUgRUMgMTMgQjYgODIgNUQgMTUgNTcgNUUgRTMgRjcgNDcgRjUKNDcgOEIgRDggRDggRDIgMUQgOTcgNTkgMDggNjEgNzMgMzggOEMgMzEgOEIgMzcKQkMgMUMgRTIgMkYgNTQgQkUgRTcgNkUgQUMgQTEgNjEgNTMgNUQgM0MgQkEgNDgKRUQgRTAgMDQgOUIgMUQgNjggN0IgQTggODMgMTAgNDIgMDggMjEgODQgMzAgQzcKODcgRkQgMjIgRDcgM0MgNUEgQkYgMkYgQjUgRjcgMUQgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgMUUgMzAgNUQgODcgOTggNjIKRTUgNTcgNTQgMTYgM0QgQzIgNUQgNjEgREQgNjUgOUMgNDUgQTkgMzUgOUYgQjAKMDIgQ0UgQUIgMEIgMUIgMkYgOEQgQjQgMDMgQzAgMzYgMzAgMUQgQkUgNjIgOEEKQUIgRkUgRDcgMkYgNEMgNUQgNjkgMjEgODQgMzUgNzEgNTkgMUQgQjkgQUMgNDkKNUMgNzMgMUQgQUIgOTUgRjYgRDEgODIgNzAgNDggOTEgQzUgQkUgMUUgNkMgREEKNEMgRDMgRjkgMTIgNTMgNzQgREYgREMgMzUgRDYgMUQgNTkgOUIgQzggODIgMTAKNDIgMDggMjEgODQgQjAgRjEgQUQgRUEgOEUgRDcgQzggQzIgNEQgRDIgMzggQzYKMTQgNEQgRTAgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgRjYgOEYgQjMgNTcgNTQgQ0QgOTUgOUYgNkMgQUMgNEIgMDggODQgOEQKMkMgRTAgMkMgNEEgMTUgRUMgQzAgOTcgRTEgQkMgMkUgQTAgQjUgQkUgNTQgNDUKQTkgRkEgQzcgMkQgNjEgREQgMEIgRjIgQTIgMjQgQjMgRjQgRTAgMjEgODQgNzAKMkQgRjYgNUMgRkYgRjggM0MgNEQgRTcgQjggODcgNEYgNzcgNzAgREUgRUUgNUYKQjUgOTEgNTQgREQgMTkgRkMgQzEgMzQgOUMgMjIgOEIgNkIgM0UgM0MgRUYgNEIKNTUgRTYgNDIgMDggMjEgODQgMTAgNDIgRDggREEgMTQgQUIgNzcgQ0QgMTAgNDIKRjggQ0QgREUgMUQgRTUgMjggMDggMDMgMDEgMDAgQkQgNEEgOEYgMjAgRUEgRUUKRTIgRkQgMkYgQjYgM0YgQUIgMTYgRDYgOTggMzYgNDggM0IgQzAgRkIgQjAgQzkKQkMgMEYgMTMgMDggRDEgOTYgQ0UgNzQgMjAgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgRjAgMzggMzggQ0QgRTAgOEEgQjUgMzMgMjUgRTkgMTEgRUUKMDAgMjMgNkYgRkUgMkEgNzggODQgMUYgQzAgMUQgRjUgM0MgNTIgREIgQjggN0IKRUMgOUIgNDIgOUYgMUYgODQgNkUgNTYgMDMgRTEgOUUgRjEgNTUgMDkgREUgNzAKMUIgNTIgMzYgQUUgNTcgQUMgRjcgN0QgNEQgRjcgQTEgNzUgQ0YgODUgNjYgNjEKOUIgQjIgQzcgQjAgNzcgNzIgNEMgN0YgOUYgMzcgMTMgRjggMjkgRjYgRUYgQzcKNTEgMTUgOUEgOEYgMUQgMTMgODcgRjEgOTIgQjIgQjEgRTQgNTEgNTkgMkYgQjQKMkUgODYgMTAgNDIgMDggMjEgODQgMzAgQzcgOTcgNkYgMzYgNEEgQTYgRDYgQkQKNDIgOUIgQ0IgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgNUIgQzUgRDggQUQgMUUgOUQgQTggMEYgQjcgOEUgMkEgMUMgRTEgQkUKMzEgNkMgRkUgQkYgRTQgNzkgMTggM0MgMEYgNjcgRjggRjkgNEEgQ0YgQjEgRkEKNUEgMjAgODQgNEQgNzEgREEgQ0UgRUYgMjMgQUQgOEEgMEIgQkIgMEMgMEMgQjcKNUIgQ0EgQzYgOTIgNkYgREUgNUYgQjggQTQgQTQgMzEgRjIgMEQgN0MgRDQgMkEKN0UgNjYgQTkgM0IgN0QgNEEgREYgOTQgRjYgNjcgRjcgQjMgNzMgMjcgNEEgNDkKQTcgNDcgQzQgNjAgMkYgQTAgMkMgODEgMjEgODQgMTAgNDIgMDggMjEgMkMgOUMKQjcgNkYgRTUgRDggOUMgRjkgRkIgOTYgRjkgOUIgMDEgN0IgMDEgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNDEgMzEgNzIgMDMKQzcgMjUgODkgQUMgMTAgQjYgQzcgMkQgNTUgMzIgNUUgMkYgMjkgMUIgNkIgQUYKMTQgRUUgMUUgQTcgODUgNTcgQUQgRkIgREMgMkQgMDkgRDUgMkQgQzIgQjAgNzkKMzggQzMgRjkgOTQgQjIgQjEgRkEgNzIgMjAgODQgMEQgNzEgRDUgRTIgRkQgQkMKQTQgMkIgNDIgN0IgRDkgOTggNjEgRTEgNEEgNzAgM0EgQTcgRUQgREMgRjQgMkQKRDQgQzkgM0MgQjMgRUMgQ0QgRUUgN0YgODIgMjYgNkMgQjAgRkIgN0EgNTkgMjUKMjMgODQgMTAgNDIgMDggMjEgODQgODUgMTggNzkgQUQgNUQgMTUgMTYgMUUgMkQKNTUgN0UgNjcgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggRTEgMjIgMEMgNzYgM0MgN0UgNkQgQkEgQUYgMEUgMEUgQjAgMDMgQkUKREEgRTIgQkMgOEUgRTkgMzEgOTQgM0MgQ0MgQ0QgQzIgNTkgRTcgOTcgRjMgRjkKOTIgOUUgQTMgRDIgQzUgNjMgRTMgRjQgNjEgMDggRkUgRkIgMkYgRUYgMUQgMkUKQzcgQkUgNjkgRjMgNzkgRDkgODggMzkgMEMgODQgNDEgQjAgNkYgRjMgQkUgMzgKRDUgNjQgMzEgQzMgRkYgMzUgOEMgRTMgMjkgREQgODcgQTIgNkYgNTggMkYgOUMKRDYgOUMgNTYgM0YgNzggQ0QgMzAgRDQgNjkgNDUgRDYgRjIgMDcgQzQgQkUgNTMKMkYgMTUgOEIgMTAgNDIgMDggMjEgODQgMTAgOTYgRTIgQTYgNzYgOEEgQUIgQzIKQzIgRjMgOTEgMkEgRUUgMTUgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggN0YKRDkgQkIgOTcgRTQgMDYgNjEgMTggMDAgQTAgNTcgRjEgMTEgRUEgQTQgRjkgNzAKRkYgOEIgQjUgOEIgOTIgNjAgOUEgNjkgRjEgMDQgODggRUMgQkMgOEQgNjYgRkMKNzYgNjEgNkMgMDIgNTggQjIgMjAgODQgMTAgNDIgMDggMjEgN0MgMDIgRjMgOTAKRDMgMjQgOTYgNDUgNEYgQjEgNEEgQjEgNTQgQUMgQzAgNEQgNzEgOTYgOEEgMUMKNzkgMkQgMzQgOUEgNDQgMEQgNTcgQzYgNDcgNzkgMDUgRDcgNkIgMUEgNDMgRTgKNDkgRUIgRjYgMEUgMzcgQzIgRDkgNTMgQ0QgOTIgRTkgQjcgREQgQjAgNkMgNjYKNUEgRkQgNUIgMjAgODQgQ0YgNjMgMzcgNUQgMDMgQUEgODYgQjcgQzcgNTcgOTUKOTIgNEIgODYgRjMgQ0IgNzUgQ0MgNjkgMTIgNkIgQTcgREMgN0UgMTggM0IgQkYKRDQgM0YgNjAgRjcgQTggMzggMTEgNDIgMDggMjEgODQgMTAgQzIgODYgQjEgRTUKQjMgMEQgMUQgOUUgMDMgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgRDggMTAgOTYgNzUgMjIgN0IgQjcgMUEgNzEgMTggMjYgNUMgMTkKMUYgRTUgMTggOUYgQ0UgRTkgMTYgOTYgNEMgQkMgMjAgNDMgREQgMTIgRTEgMzcKMEUgRTcgMzQgODYgRDAgQjMgRjcgMzYgNUQgNTUgMjAgQzIgM0QgQjAgQ0MgMzMKNzkgNzkgNDkgNEUgM0UgN0MgQTQgNDkgQUMgRkUgMzkgMTAgQzIgQTcgNzEgNzYKN0EgQzMgOTIgOTUgREIgQzEgRjAgRjEgOTkgMTUgQzcgMjEgNEQgNjIgRUIgRTcKNzIgNkMgMzcgRUMgRUYgRDYgMUQgNkEgMTUgMjggMjggRUIgMUUgNTUgMkMgNDIKMDggMjEgODQgMTAgNDIgRDggMUIgOTYgREYgMTMgRkUgRjggQ0UgM0YgRDkgQkEKMEQgQkQgNjcgRjEgNkIgQzcgRjkgOTIgRUUgRDEgN0IgMDQgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgQkUgMTggQkIgNEQgQzMKQkYgQzUgOEMgNjUgNUIgQTUgQzAgRUQgMzAgRTAgMTIgMkMgQUIgRjMgRkUgRDgKMUIgMkQgOTMgMTUgQTMgQ0YgREIgQUEgQTEgRkQgRDMgRkUgRjEgNTEgMEUgQzAKRTUgOTAgQzYgMTAgN0EgRjYgRkUgMkUgMDQgM0UgRTQgNTMgQkEgQzcgRkEgQUIKMDEgRTEgNEEgRjggREEgMTQgRkEgNjkgRTEgQTQgNzMgQkMgMjEgREMgMUYgRjMKRjUgOTggRUUgQjEgREIgQTYgOEEgRUIgOUUgNkIgMzEgQkIgNjggRUYgNTkgQ0YKRDggNUYgMDEgNTQgQTggQjUgQTAgQzkgNDUgREYgRjggREEgNDcgQUYgRkUgMTYKMkYgODQgMTAgNDIgMDggMjEgODQgMEQgRTEgNkMgNjcgQjYgQTEgNEYgMEEgNUUKMjUgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKQTMgNjEgMUUgODYgMzQgODkgMkYgRUYgNkEgNTQgMzUgNTQgNUYgMTMgMDcgRjMKRTUgOTQgRUUgRjEgMDcgM0YgQUYgNjkgMEMgQTEgRjcgMzEgNTcgMUMgRTYgN0MKNDggOTMgNTggN0IgMTkgNjEgQTMgNzggRkUgNEMgNjMgMDggN0QgQ0YgQkMgRTUKMTUgQjggNjEgQzIgRjggMzggQ0IgOEQgNTkgMzIgQzMgQjcgMUIgOTYgRkYgNzEKRDUgQkYgMDUgNDIgNTggODcgNEQgMUQgQkEgRjIgQ0MgQjAgRUMgQTAgNTcgN0YKQTEgMTYgRTMgN0IgMTYgMzAgNzYgRDggMUUgM0EgRjYgRDIgNzAgMzYgNEIgNEYKQTggNjIgMTEgNDIgMDggMjEgODQgMTAgNDIgRjggRUYgODcgODUgQjAgOUQgMTkKQkQgNTMgNDAgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgQjYgODEgNjUgQkYgQjAgNjggNTkgOTEgNUYgRUMgREQgNEQgNkUgODMgMzAKMTAgMDYgRDAgQUIgRjggMDggMjEgNjkgRkUgRUUgN0YgQjEgNkUgMUEgODggQUQKQTggQzUgMjUgODQgQjEgNzkgOUIgOTEgRTYgQUQgNEEgMDQgMDggOEEgM0YgNEYKRUQgREMgODcgRDcgQ0IgNTYgMEYgRDcgMzQgRDUgOUQgN0QgQkEgQ0EgRjMgNEEKQjUgNzMgMEYgNzcgMTggNDggRjQgMTkgNzQgRTcgNTggNDQgQkMgRTcgOUMgMTUKNDEgREEgMEUgMTcgRUQgQzMgRUUgMzEgQ0YgNjUgNkMgQkUgQTMgQzIgNzAgM0MKQTQgQTcgNUEgN0QgMzggMTAgQzIgQzUgOTggRTcgQTEgM0UgOUQgQTAgNzkgNjMKRkIgREUgNzEgOEEgMEIgQjEgRDcgMzAgNjMgRjkgMjMgOUYgODYgMzQgRDUgNkUKNjcgRjcgODcgQkEgNDYgQkMgMTkgRjUgODQgMDIgOEMgMTAgNDIgMDggMjEgODQKMTAgQzIgM0YgRkYgNzMgMUIgNzYgNUYgNDcgRUYgMTQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRUQgNjIgMzEgMDUgQTkgOUIKNjUgQUUgRDkgMDAgQzcgNTcgNUYgQjUgREEgQzIgRUIgMzEgM0QgNEEgRTggOUMKNjkgMTMgQUQgRUYgOUIgNUQgNjEgOTEgQ0IgMkUgMkYgRkYgNTggOUIgMDMgQ0IKMjEgQzIgRkQgRTAgQjYgNkIgRTMgQ0IgNjggNjQgQjkgMEUgQzcgOUQgMUYgQzIKOTUgMzEgQkYgRTIgREEgN0QgQkYgRjggRDggMTQgQzUgODUgOTggM0YgNTEgQjQKQjQgMjcgODMgNzQgNzkgRDggMDkgOEMgREUgOTggN0EgQzIgNkQgOUYgQ0EgOUMKNEIgMTAgNDIgMDggMjEgODQgMTAgNDYgQzMgRkIgMjUgM0QgOEEgMEYgMjggMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgNzMKRDggRUIgOUMgMEUgNkQgNjcgQUQgNzUgOEYgM0QgNjEgRDggQ0QgN0IgQzcgNUIKOUYgRUYgRTMgNzAgOUYgNTggRUMgNjkgMzAgRTcgQUEgNTkgQUYgQ0QgMjcgNEYKQjkgRUQgNDMgQjggMDEgREUgNkUgRTkgNTEgNDIgQkYgMTQgODQgOUEgODEgNTgKODEgQzEgMDIgNkIgNEIgNUEgOEYgNEMgRjIgNjIgNzAgMjUgNzQgMkUgNDEgMDgKMjEgODQgMTAgNDIgQjggNUIgMUMgQUUgRTcgRjQgNTQgRTcgM0MgQzMgNkYgRDUKOTYgRkYgOTkgMzkgMEQgRTkgQTkgRDYgMUUgMzggODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgNkMgMDIgQTUgMTEgQjUgMzEgNUIKNEIgMUYgMUIgQzUgRTEgN0UgNEYgNTMgOEQgMzUgRDAgNjcgQjggQTQgQjEgRkMKMUMgQzIgRTEgOUEgQTYgRUEgMzQgODMgN0IgQzUgMjIgMTEgNTMgNEUgMjQgRkMKNzQgNkEgRjggRUIgOTAgQzYgMTIgNjIgMTggNjIgM0UgQjYgRjUgOTcgRTQgNjYKOTEgQzcgQTkgMUQgOUQgMEMgRkYgOEYgRjkgMkYgRUYgMEUgQkYgMTAgQjcgMEQKQkYgNTQgQjUgRkQgNEQgREYgQ0IgODMgRDggQTEgN0YgRkMgQTIgM0QgMEUgRTcKMzQgRDUgRUEgMDMgRUYgMEYgQjcgQkQgOEUgQkMgNDkgRjUgODQgQ0UgMjUgMDgKMjEgODQgMTAgNDIgMDggNzcgOEIgNUYgQjcgRjQgMjggQjEgM0UgRDcgOEUgMUYKOTEgNkQgMkIgMDcgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMDUgMTUgQjUgNjEgNUIgNkIgMjAgMUIgQzUgMzggMzMgMTAgQjMKMUIgNTcgMTkgMjMgQjIgMzcgNkYgRTMgOTggRUYgQjQgMkMgMjkgQjYgMDYgNUUKNEUgNjkgMkMgNzMgQUUgQjggRjUgREEgREIgMjkgOEQgQTUgRjYgMjggODYgRTEKOTggQjIgRkEgRUEgMzYgOTUgQzcgOTYgRTcgRkMgNDkgREEgRjkgRUQgRjkgOTIKQzYgMjIgQkUgMTQgMzAgNzIgRjIgQ0QgREUgQkQgMjQgMjkgMDggNDMgNTEgMDAKREQgNEEgOTYgMjAgQTAgQUQgQkQgRkYgOEQgRjUgQTQgRDEgNDAgNTEgOTYgOTEKNEYgMTIgNzIgMjYgQUYgRUEgOUUgNTkgQ0IgQTcgQTMgRTQgRjEgOTIgRTIgMDkKRDcgNjYgNTUgNEQgMkEgN0MgNUMgQzIgNTggQ0UgRDAgODMgQjkgMDcgRTYgQkQKOUEgOEEgNkIgQUIgODcgREYgNjIgREUgMTMgRTkgODQgNzcgNUEgMDggMjEgODQKMTAgNDIgMDggOEIgQzQgQTIgNUYgQjEgNzggQjkgODYgQTggMUEgM0UgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRDcgRTAKQUMgNEYgRDAgRkUgRjkgNDYgNjIgQjQgRjEgNzggOTQgNDcgMTggQ0IgRDEgRkQKQTEgRjYgNDYgOTYgOEYgNDUgM0YgNDMgQkYgMEUgMjEgQUEgQTkgN0YgREEgNjEKMzggRkIgMEMgOUIgNkEgNkEgQkIgRjcgRTEgNTUgRTYgOUQgNDQgRkUgQ0IgODgKRTIgNjYgNTEgRDMgNEEgMzkgN0QgMUYgNDkgQjEgOTEgODUgNTAgQzkgQTMgRkEKMUEgMzkgMDQgMkIgQjEgMUIgNkUgMjEgQUEgOUYgN0MgQjAgRkIgNDUgQjMgMTIKMkEgQzUgQkMgNzcgNjYgNTcgM0EgODQgMTAgNDIgMDggMjEgODQgREIgRTMgQjQKOTcgQUQgQjQgMTcgRjIgM0MgNUYgMkQgQTggRjMgMEUgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgMUUgODMgOEIgNkQgMjMgRkQKMzUgOEMgMjUgRjMgNzAgMkUgRjEgN0QgNjMgREQgNzIgOEYgQ0MgQjQgNjUgMjkKNzUgOTIgOEUgOUQgOTMgQjAgRDIgRTEgN0QgQ0IgNEYgRDggMkYgRjcgMTAgRDUKRkQgM0EgRTMgRTIgMzYgMzQgNDMgNTEgNDUgNTEgRkMgMkUgNzYgRjcgNUIgNzgKRDUgRTQgRkIgNzMgRDUgOTggNzcgRjkgOTEgMTQgNUIgNTkgQUIgOTQgM0QgRjYKQUUgOTUgQTMgQjAgMEUgQTcgMkYgNjMgQzkgM0MgQTcgRDUgMjEgQUIgMTQgRjMKREUgOUMgOUQgMzYgMTAgNDIgMDggMjEgODQgMTAgNkUgOEUgRDEgRUYgRDggOTkKQkYgREEgM0YgN0YgM0YgRjcgMzIgMTYgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgNTggMUEgNkEgQjUgQ0IgMUIgRTcgREQgNzMKRjMgQ0UgQTAgQTMgOUYgMjcgREEgNEIgMDkgQUIgMTggODEgMTcgOEYgN0MgMkEKNkQgRjMgQkYgMjggOEEgQTIgN0YgNzAgRTUgMkMgMkQgOTIgNjIgMkQgRjMgNTUKRjcgQzAgQTIgMEUgNTMgQ0IgMDcgMjIgMDEgMEIgRUIgODUgNkMgRjkgMkUgNTcKMzUgRTYgQkQgRjYgOUQgMzYgMTAgNDIgMDggMjEgODQgMTAgQUUgQzIgQzkgQjMKQTQgQTMgRDcgRjMgQkUgREEgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgQzIgMTMgRTIgRjAgMUIgMjYgNzUgRTEgRTEgRDcgREIKQTEgNEUgOTcgMTAgRDUgN0YgRkMgMDkgQ0YgRjIgQzkgQjMgQjYgMTMgQzQgRjkKNUIgMzcgQkIgM0UgNDQgNzUgOTMgMTkgNzMgNzkgRDEgREUgNEIgNTggRTAgMzAKM0IgNTEgMTQgQzUgNEEgRTMgNkMgQTQgNjYgRUEgN0QgQjggNkEgQ0MgQkIgQTIKNDggNUEgQ0UgRjUgRkQgMTAgNUUgQjUgQUQgQ0QgNjAgREQgNzAgMEIgNTEgRkQKRTQgRDMgREIgMkYgNUEgMDcgN0UgOEQgNzkgMkYgMzcgMDcgQUUgNTIgNzQgREEKNDAgMDggMjEgODQgMTAgNDIgNTggMkYgRkUgQjEgNzcgNDcgNDkgMEQgQzIgNDAKMTggODAgQUYgQjIgNDcgNjggOTAgMTYgN0EgRkYgOEIgRTkgODMgQjQgMDEgMTkKODcgRTAgRDggODQgRjIgQkQgRUMgQ0MgRkYgM0QgNTkgODMgOTggQjYgQkIgNjQKRkUgMjUgNTQgRTUgMzMgQ0QgN0QgQ0MgMDIgMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgM0EgN0UgQTQgQzggRUEgNkEgRkIKMUMgREMgOEUgNDcgOTkgQ0IgRkIgMjMgNkEgRUYgM0MgMjcgQjYgN0MgNzYgOUUKMjggOEEgRTIgNTEgNjIgRDYgQzUgQjQgQjIgMTMgMkIgQkQgMzMgMUYgMUEgRUIKNkUgMjcgN0UgOEQgQ0IgNDcgNTUgOTQgQkUgQjQgRjcgQzMgQTYgNUEgMDEgNkQKMDUgNzcgNjMgREQgM0YgM0EgMEIgNzcgNTAgNzQgRDkgNDAgRjggOUUgQjggRkEKNTAgQUYgN0IgOEEgQUMgQjYgOEIgRjMgNjcgNjIgOTQgN0UgNzAgMDcgRTEgMUUKOUMgNUYgNzUgNkIgMDcgNTQgRjkgMjcgMDUgMjEgNkMgMTQgRkIgMzEgMUUgNjUKQ0IgMEUgRkMgRkYgNjIgQkEgMEQgRjEgQUMgNkUgOUIgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggNTcgRDQgRTEKNzkgNEUgNkMgQUEgQjEgNUYgMTQgNDUgRjEgMjggRjEgMzEgQ0QgQTcgOTcgQTkKQzEgNEQgODUgMkQgNDcgMTEgMzYgQjUgNTggNTYgNjcgMzcgRDYgNUQgNDcgMEIKNzcgNTAgQUMgN0IgRDkgRjQgOTcgOTggQ0EgQjcgNzQgRkQgMTAgQ0YgRUEgNDIKQUEgOEMgOEIgODcgQzAgMTggQkYgREEgOEUgRjkgMDkgRjggREIgQTUgRUIgNjMKMkEgQ0UgQ0QgMTcgNUIgODkgRDcgNUIgM0MgQ0EgQTkgOUUgN0UgMDYgMjEgQUMKOEYgQjMgMzEgREIgNTcgNkYgNTMgNjcgNzEgNzkgREUgN0QgRjkgNkIgODEgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKQjggMDEgRUIgMzYgMzQgRUEgODMgQUQgODUgOEIgMkYgRTUgQjcgMkMgOTYgMjgKOEEgNkYgMTMgRDMgMkQgQjIgQjIgREUgNUUgOUIgNTIgMTcgNTkgMkQgRUQgRTkKODUgRkIgNzEgM0UgNzEgRUMgMjAgQkMgRUQgNTggNzcgNEIgNjMgQzMgNTMgODQKNEQgMkQgOTYgRDUgRDkgOEQgNzUgRDcgRDEgQzIgMUQgMTQgOUIgN0EgMUIgNzIKRUEgQzkgRjQgRjkgN0MgQ0EgRkYgNEQgQUUgMEQgNUQgNjQgMjUgN0YgM0UgNDAKRTUgMzMgNTYgNDQgNTEgREMgMTEgNEQgMjUgNDMgMDggNUYgODAgNEQgM0QgODcKQ0QgNDggMkYgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgQkUgMDAgRjUgQTMgOUUgMTMgRDMgRjggMTEgQ0YgNUEgQjkKNDMgNDAgNkMgMzAgMkUgREEgRDUgRDYgRTcgOUUgQkEgNEIgNjQgQjUgQjQgQzcKMTUgMkUgRjAgN0UgOEQgQTkgNTQgRUUgRjEgMUUgODcgOTggNEEgRjEgRjggNTUKQkEgQTcgQzggRUEgMzQgOTMgNzUgOEYgQUMgOTYgREUgQUYgMjAgM0MgMUMgRDYKREQgNUMgRDkgN0EgMTUgNjEgNTMgOEIgNjUgNzUgNzYgNjMgREQgNzUgQjQgNzAKMDcgQzUgQTYgREUgMTAgQkQgRTEgNTUgQjQgM0MgNjkgNjUgMzkgRTMgQjYgRTUKRDcgMjIgOEEgQTIgRjggMTUgRDMgNzAgOEQgNjcgMkQgQkYgMUQgNDEgMDggRTEKMEYgRUMgQzcgOTggQ0EgQUIgMDcgRUQgQzcgNEIgM0MgNEEgRTkgOEYgMEQgMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggM0YgRDkgQkIgOTcgREMgODQgNjEKMjggMEEgQTAgNUIgRjEgMTIgRUEgRDIgMEYgRUMgN0YgNjMgOUQgOTQgNjAgNDcKNDggODkgRjMgRTEgMzkgRTEgMEMgNkEgRTkgOUUgNTEgRDEgNzMgMTIgMDcgRkMKODEgMTAgNDIgMDggMjEgODQgMTAgQzIgQzUgNjggQTIgRTkgOUIgRTIgQjMgNUQKQkIgMkYgOUYgRTkgREUgOTggQ0EgMzggMUQgQ0IgNTkgMTYgQTcgM0QgNDIgQUIKM0UgQjMgRTMgRTkgREEgMjggM0IgMjQgMUYgMDYgRUIgQUIgRkUgOEUgNjkgNjgKRTYgNzQgRkIgMEQgQTMgRkIgM0YgODQgRUIgMzEgNzYgMTQgRTcgMUEgNkYgQzIKQUUgOEEgQTUgM0EgOEIgMzEgQjYgOEUgMEEgNzcgNTQgRUMgRUMgQ0QgRUIgMzAKMUQgQTkgREUgN0IgQzEgRTIgM0IgNTEgMTQgNzcgOEEgODcgQjkgMkIgNDIgMDgKRkIgQzQgNkEgQkIgODAgNTcgQkYgMjAgNTQgNzEgN0MgQkMgQUYgQUQgQUIgMjAKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKRjAgNzUgNjggN0UgMjkgMUMgMzAgREYgNkUgQTkgNjggQzMgNTcgRUUgQUMgODkKRTUgNjQgRDcgMUQgRDcgQ0QgRDUgOUIgQUIgM0IgQzAgMEIgOUUgMUUgRUIgQTMKMEMgNjcgNUQgOEMgMUIgQzYgRjIgQjAgQzUgNjcgNzMgREQgM0QgNDQgMjAgOUMKQkMgODQgMjMgNDcgN0QgRTYgMTAgMzYgNjEgNTcgQzUgMzIgNjIgNUYgOEMgQjEKNzUgNTQgQjggMzMgQTEgQkUgMzQgMDcgOEIgNjMgQjggOEYgRjQgRUEgMkEgOEEKRTIgODEgQTIgMjEgMkIgODQgNzAgMEQgRTYgQUYgNEIgN0EgQjQgQzEgQTcgMkEKREIgNjYgMEQgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggQTMgRDAgODQgNDAgQjggRTAgNjggODMgRDEgQUMgODMgRTYKRTUgNkYgRkQgNjEgQkQgMUYgQjIgQUUgMDggRTEgQkUgMzggM0EgQkQgNzEgQ0UKRjMgNjIgQkYgOTggN0YgN0UgRDMgQTMgNzUgRjkgNDMgOTggN0EgMUUgM0EgOUEKODggRDggODQgNUQgMTUgQ0IgQjAgN0YgMzEgQzYgRDYgNTEgRTEgQ0UgODQgRkEKRDIgOUMgN0QgNkMgOUEgM0UgOTQgMjggOEEgRTIgNjQgQkMgQTYgRkYgQkYgRkIKOTcgNkMgMzkgMTUgNkQgRUIgOEQgMEIgNDIgRjggRTYgMTggM0IgOUMgQkIgN0UKQTQgQTEgNjkgRkQgQ0YgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNkUgOEIgQjEgQkYgMjAgNzcgMzggMjEgMTAKNDIgMDggRTEgREUgOTggQUYgOTcgRjQgNjggODMgQjcgMzEgRjcgMjQgODIgQjAKMDkgNjMgODcgOEUgRTYgMjIgQjYgNjIgNTcgRjUgNzIgQkYgNUQgOEMgQjEgNzUKNTQgQjggMzMgQTEgQkUgMzQgQzIgRkMgOUQgNTMgRDEgQ0UgRjkgMTQgQTIgMjgKOEEgOTMgNzEgNTggMDAgNjggRkYgMTkgMDggRTEgNEUgNjggNTAgMDcgMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRDAKOEYgQzggMTAgRkUgQjEgNzcgMzcgQjkgMEQgQzIgNDAgMTggNDAgQUYgMzIgNDcKQTggRjkgMDkgRTEgRkUgMTcgRUIgMjIgMkQgNTggMkQgQUEgODAgMjYgQjEgRTMKQkMgNDUgM0UgQzkgNkYgOTUgNjggOEMgM0MgOTEgMzEgNDAgMDggOEIgRTEgMzAKNDUgOTYgMzcgRUMgQkIgNTggNjIgQ0YgMEEgNzIgQzcgQTEgQzUgMDggQzIgNDMKNTggQjYgN0IgNzQgRkQgOUUgNDAgMjUgNkIgMDMgQ0IgRDYgNTEgRTEgNUEgNDIKNzMgQTkgRTYgNjcgNTYgMTggM0UgNjcgRjggRkIgQUYgQzcgNjUgODggMkMgQjYKNjUgRUEgNjIgODkgQ0QgRjkgMEMgNjEgRkIgMzggRjQgOTEgQTUgNTcgMUYgNDIKMDggOUYgODkgOUEgNTggMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMzYgOTEgMjEgODQgMTAgNTYgODUgNjUgRDcKQTMgRTEgMjMgOTYgRDggM0EgQjMgNjkgODUgODIgQjAgOTYgQUIgNTUgMzMgNzkKMDIgOTUgQUMgMEQgMkMgNUIgNDcgODUgNkIgMDkgQ0QgQTUgQ0EgOUYgRDQgRjEKOUYgRTEgNzAgOEQgMjUgNkUgOTIgNTIgMTcgNkIgQkUgRDkgMjEgQkUgN0UgOEMKMkMgQkYgNzAgNEUgOTEgRTUgNTEgRUMgRkEgMzkgQjIgM0MgM0MgRDkgMjAgODQKMTAgNDIgRjggQ0EgQTggOTEgODYgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNjggMTMgMTkgNDIgMDggNjEgNTUgRjgKRTMgOTYgRTkgM0QgOEIgQzggRTMgODYgNjkgOUMgNjMgNEQgRjcgNUEgNDMgNTgKNEIgRUIgQTggOTMgM0MgODEgNEEgRDYgMDYgOTYgQUQgQTMgQzIgQjUgODQgRTYKRDIgMUUgNEMgRjMgMUMgNTkgN0UgOUYgREMgOEMgMjUgRjYgRkMgRDggQkYgODcKRDcgQjggN0QgRUUgNzQgNzAgNzIgMUEgMjMgNEIgODcgMDcgMjEgODQgMTAgNDIKMDggNEIgQTEgN0UgMUIgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggQTEgNEQgNjQgMDggMjEgODQgNTUgNjEgQkEgRjYKOTEgRTUgOUUgNDUgRTQgNzEgNDMgMkYgRDYgODQgQjAgQzIgQkUgNTEgMUIgNzkKMDIgOTUgQUMgMEQgMkMgNUIgNDcgODUgNkIgMDkgQ0QgQTUgRjMgQjggNzUgMDQKMzIgMEQgN0QgNjQgNzkgRjggQUMgRTUgMTYgNzYgNjkgOEMgMzUgOEYgN0YgNEYKMDggMjEgODQgMTAgNDIgNTggMzEgNkEgQzggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgREEgNDQgODYgMTAgNDIKNTggMTcgNkUgOUQgOUEgRUMgQkIgNTggNjIgQ0YgQjIgRjIgQjggNjEgQkEgNEMKQjEgQTYgMDUgMEIgQkUgMjkgOTYgRUQgMUIgQjUgOTEgOUYgRUMgREQgNEIgMEUKODIgMzAgMTAgMDAgRDAgQUIgRjQgMDggMjAgMjIgREUgRkYgNjQgRUUgMDAgMEQKMEIgMjAgRTAgRjQgRjMgMzYgOTMgRjQgQUQgMkMgNTMgREEgMjEgNEQgRUQgMDkKOTQgQjIgM0EgMzAgMzYgOEYgRkUgRTggQTAgMUEgOEMgMUQgNDggNjYgMDAgMDgKMjEgODQgMTAgNDIgRDggMzggMkEgQzggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgREEgNDQgODYgMTAgNDIgOTgKM0YgN0UgOUYgQTMgRkMgRjcgMjIgNjUgQ0QgODIgMzAgQjcgRDIgNzEgNkUgNkUKREUgOEYgNzYgQjQgMkYgOEQgNjAgNUUgMjkgMzMgOTEgOUUgQzUgQkMgRjIgMzgKOEQgNjkgODkgODcgRkIgMDIgQTMgMzAgNzYgMTQgNzkgRkQgMjEgODQgMTAgNDIKMDggNjEgRTMgQTggMjAgODcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgNjggMTMgMTkgNDIgMDggNjEgMDEgOTggRDkKQzUgOUQgOTYgMkQgMDggQzMgQUIgQzcgOUYgRTYgQTMgMUYgRDMgMTIgMEYgRjcKQTUgMTEgQ0MgMkEgNjUgMjYgRDIgRDMgRDggMEYgNjMgNUEgQzUgM0QgNEYgRkIKQkUgQTYgM0MgMTYgOEEgQjEgQjMgODEgNjEgMDMgMjEgODQgMTAgNDIgMDggMUIKNDcgMDUgMzkgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgOUIgQzggMTAgNDIgMDggMEIgQzUgRDggOTUgRUIgRDkKQTUgMzkgNkMgOUQgM0MgQjUgOTYgQzEgRkEgMzEgQkIgNzcgNzAgRjcgMkYgNkYKMTkgNjMgQjMgRTYgMTMgRTAgMkEgRUMgREYgNDMgNUEgQzUgM0QgNEYgRkIgQkUKQTYgM0MgMTYgOEEgQjEgQjMgODEgNjEgMDMgMjEgODQgMTAgNDIgMDggMUIgNDcKMDUgMzkgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgOUIgQzggMTAgNDIgMDggMEIgQzUgQkMgNkUgMkIgN0IgNEQKNjkgODkgMTYgMzIgNTggM0YgNDYgOTcgOEUgNUQgNUEgQTIgNzMgOUQgMDcgMzAKMzYgNzEgM0UgMDEgMkUgNDMgNzcgNTggQzMgMkIgMzAgNzYgNDIgMzAgNkMgRTAKODcgQkQgM0IgQzQgMDEgMTAgMDYgODIgMjggN0EgMTUgOEUgODAgRTAgRkUgNjcKQzMgQTEgNTAgMjQgQ0IgNjQgREEgNjcgMTAgQ0YgRkUgOTIgNkUgQjIgQTIgMTAKNDIgMDggMjEgODQgOUIgQTMgODEgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQTEgMjUgMzIgODQgMTAgQzIgNTIKRjQgNjAgMTkgODQgNDEgMzQgM0EgOTYgNjIgMzYgOUMgOEUgQTMgOTggOEQgQUIKNjYgMjkgM0EgMzYgMTAgNDIgMDggMjEgODQgMTAgMDYgRDEgNDAgMEUgMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRDAKMTIgMTkgNDIgMDggNjEgMkIgN0EgQjYgMEMgQzIgMjggOUEgMUUgNEIgMzEgMUIKNEUgQzcgNTEgQ0MgQzYgNTUgQjMgMTQgMUQgMUIgMDggMjEgODQgMTAgNDIgMDgKODMgNjggMjAgODcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgNjggODkgMEMgMjEgODQgNzAgMjUgNzQgOUQgNDEgRjgKMjcgRkEgRTMgNEEgMzEgMUIgNEUgQzcgNTEgQ0MgQzYgNTUgQjMgMTQgMUQgMUIKMDggMjEgODQgMTAgNDIgMDggODMgNjggMjAgODcgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNjggODkgMEMgMjEgODQKNzAgMjUgQ0MgNUUgNjcgRDcgNzkgM0MgOUYgQjcgOTcgNDYgNUQgNzAgNzAgMjkKQ0MgRkUgNkUgQTYgQzcgQ0YgOTggMEQgQTcgRTMgMjggNjYgRTMgQUEgNTkgOEEKOEUgMEQgODQgMTAgNDIgMDggRTEgQ0QgQ0UgREQgQTQgMzAgMDggMDMgNjEgMDAKQkQgQ0EgMUMgQzEgQkYgRDYgREUgRkYgNjQgQTUgMTQgNTQgNEEgMTcgMEEgODYKMzEgRjEgNkQgMDYgRjIgNTYgMkQgNUYgOTIgMTkgMDggMDggNjEgMjIgMUEgQzgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgN0EgNDQgODYgMTAgNDIgRDggMTIgRjYgRTMgNjcgQjkgRDQgM0QgM0QKQTggREMgQjIgN0YgQ0UgQjEgNTYgREQgMEQgMzYgODUgNDYgQzcgNEEgMzEgMzcKMzggMzkgMTYgQzUgREMgNzAgQTUgNTkgMjkgREEgMzYgMTAgNDIgMDggMjEgODQKMTAgMjYgQTIgODEgMUMgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggQTEgNDcgNjQgMDggMjEgODQgMkQgNjEgRkYgMUEKNjMgNTMgRjcgRjQgQTAgNzIgNEIgREQgMEQgMzYgOEMgRDkgQTMgNjMgMTcgOUIKN0EgRjQgQzcgREYgMTkgNzMgODMgNzMgNDkgMTYgQzUgREMgNzAgQTUgNTkgMjkKREEgMzYgMTAgNDIgMDggMjEgODQgMTAgMjYgQTIgODEgMUMgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQTEgNDcgNjQKMDggMjEgODQgNEQgRTEgMzQgQzcgQTYgN0UgNzEgMUMgNjIgMjkgN0IgQkEgRDIKODkgNEIgMEQgMEUgMzYgOEMgQjkgRDMgRTMgMzAgQzUgNTIgRkUgMUQgN0YgQzcKRUQgOEEgQTkgQjkgMjEgOEIgNjIgNkUgQjggRDIgQUMgMTQgNkQgMUIgMDggMjEKODQgMTAgNDIgMDggMTMgRDEgNDAgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRDAgMjMgMzIgODQgMTAgQzIgRTYKNTEgOEYgODMgQjAgMTAgRTYgMUUgQUUgREYgQjMgMzYgM0YgNjIgQUQgODcgRkYKQ0IgNEQgRjAgNUEgOTEgQjkgMUUgNEYgQzUgREMgNzAgQTUgNTkgMjkgREEgMzYKMTAgNDIgMDggMjEgODQgMTAgMjYgNjIgRUUgNDAgM0UgNzUgQjEgMTQgMUYgQ0UKODIgMTAgQkUgRDkgQkIgOUIgNUMgMDcgNDEgMjggMEMgQTAgNUIgQjkgNEIgMTAKQjUgQ0YgRTcgRkUgMzcgRjYgNDYgQUYgRDIgQTQgMDMgNkQgNDQgOTAgOUUgQzkKOTcgNzAgNDYgOUEgMUIgMEIgODQgOUYgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgQzIgQkEgNTggNzcgMDUgRDkgOTYgNEUgMDgKMjEgODQgRTUgNTAgMUYgMDcgNjEgMjEgQUMgRkIgNzEgRjkgRDYgM0UgNDAgMjUKRUIgMTggRUIgMTYgRDcgOTYgRTAgM0IgNjIgMUEgRTYgQzggNzIgNEYgQTEgNEYKNkMgRkEgMDUgODAgMTAgNDIgMDggMjEgODQgNUYgOEUgNjkgN0EgNDQgOTYgN0IKNDYgRDEgRTUgOUEgRTkgNjcgODkgMkQgOEQgQ0YgMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgRjAgM0EgNUMgQzYgNzgKQzYgOUUgMTUgREUgMTMgOUIgMzYgNzMgNDIgMDggMjEgMkMgODcgMEUgQjkgNDAKNTggMDIgRUIgN0UgNTkgMDYgOTMgMUYgQTAgOTIgNzUgOEMgNkQgMTUgRDcgM0YKRTcgMzYgOEYgMzUgRTcgRkUgOEYgMzUgQjIgM0MgRkEgRTQgMTAgNDIgMDggMjEKODQgMTAgREUgMUQgRDMgRUYgMTQgNTkgRUUgMTkgNDUgOTcgNkIgOUEgOUIgNDMKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKRTEgMTUgMzggMkMgQjEgNjUgRUQgOEQgQkUgNTYgOEEgMjEgODQgMTAgMTYgNDMKQjcgREMgNDMgNzggM0EgQjYgNzUgNjQgQ0MgNDggNzIgMDcgMkEgNTkgQzcgRDgKNTYgMzcgQTcgQjggQ0QgRTMgMzQgQzYgN0YgNUMgN0UgODQgNzMgNUQgNjMgNEIKNDcgMzggMjEgODQgMTAgNDIgMDggRTEgRjcgRTEgQkMgNDQgOTYgRjUgODcgRTgKNjYgNzAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgNTggMUUgRDMgM0MgQzUgOTYgQjUgRUYgRkIgN0QgN0QgOTggQTMKRUYgMDIgMjEgODQgMTAgQkEgRTIgMUUgQzIgMkIgRDEgOTEgQzAgREIgQTEgOTIKNzUgOEMgQkEgMzkgNzggNjggOEIgRjggQTEgODIgOUUgRDggMUMgQTcgMTQgNTkKMUUgN0UgMTcgMDggMjEgODQgMTAgNDIgMDggN0IgQzQgQkEgQjMgRjUgNzkgODgKNjcgQkMgOUIgNDQgOTggRDMgNDEgMDggMjEgODQgMTAgNDIgRjggQzcgREUgREQKQUUgMzYgMDggNDMgNjEgMDAgQkUgOTUgNzMgMDkgOEIgRDYgRDYgREUgRkYgOEQKNkQgNkMgNTQgREQgMjYgOUQgQTkgMUYgNzEgRkEgRkMgRTggMEIgNzkgQTAgMTAKOTEgNjggMjQgNDcgMDMgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNzkgMzgKQjYgRkYgNjAgNkEgRUUgMzEgQzggNTEgMUMgRkIgQkIgRDUgMkIgRjggNUYgQjEKRUMgQkEgNzAgMUIgREQgRUYgQjMgODcgNTUgMUQgN0QgN0EgODUgMTMgNDIgMDgKRTEgQTIgRTggMTMgRjcgMTAgQUUgODAgNjUgMjcgOTMgODYgRDUgMEIgRTggOTQKMUQgMTkgREQgRTkgRTAgMTMgNEMgNEQgRjQgQjkgRjUgNTYgQUQgRTkgMUEgNUQKNjQgRjcgMUMgNDIgMDggMjEgODQgMTAgQzIgRDMgNjAgQUEgOUIgRTggNzMgRUIKNzkgRkIgQUYgNjkgRkMgMkQgRkEgRjQgNEMgMDcgMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQzcgQjAgQkUgQzcgMjAgQkYgRjAKNTYgQzUgMjMgMTYgMjggNUMgNkMgQUUgRDEgQzcgNDggMzkgNUMgN0UgOUYgMjEKNUMgMTMgQ0IgOTYgNkEgQTcgRUEgMkQgMDYgOTkgREIgNzkgMDggMjEgODQgNzAKMTEgMkMgN0QgMzcgRjQgMjYgMEIgM0MgMDIgOTYgMUQgNDcgODYgRDUgMEIgRTgKOTQgOUQgMEQgQ0IgOUUgNzEgQkIgQjcgRUMgMDcgRDMgQUQgODkgM0UgQjcgQUUKRkQgQkUgQjQgRDEgNDUgNkUgQ0YgMjEgODQgMTAgNDIgMDggMjEgM0MgMEYgQTYKQjYgOEUgNDEgNEUgOTkgNkMgQUYgRDcgRjQgQ0MgMEUgMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRkYgQzQgRUIgMjUgQkEgOTgKQjIgMDggMzUgQTcgQTkgMjIgMTEgRUUgMTYgQ0IgMTYgRUIgNUEgREIgODUgMTAKNDIgQjggMDcgNzQgMzcgODQgNzAgM0UgOTYgMUQgNDcgODYgRDUgMEIgRTggOTQKOUQgMEQgRUQgQ0MgMDIgM0YgMzAgNUQgRUEgRTggNzMgRUIgNjIgRUYgQjYgOEQKNDcgNzggNDkgMTMgNDIgMDggMjEgODQgMTAgQzIgMTEgN0MgQjIgODggNUMgNTcKRjEgODggMDUgM0UgM0IgOUMgRDUgMUMgMkUgQTkgNjcgMUYgMEIgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgMTYgQTYgRkIKM0QgMDYgMzkgNjUgQkQgNjkgQkQgRTYgRjcgNkQgMEIgQjIgOEYgMDUgQzIgQTUKQjAgNkMgNTUgQjYgMzIgNkMgMDggMjEgODQgN0IgQzAgQjIgNzcgNDMgREYgRjEKODAgMDcgQzAgN0QgQkQgRjYgNjUgQTMgRjYgMDkgNTggRjYgQkEgRTcgQTEgNjAKN0IgQjQgMDMgMEIgMkMgM0UgRjAgNUQgOUMgMjEgODQgMTAgNDIgMDggMjEgOUMKODMgREYgQkYgNzIgQjMgRjUgN0MgRkUgNDcgQjMgQUEgNTMgMEMgMzIgRjcgNTgKMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgN0MgNjcgRUYgOEUgNzIKMTMgODYgNjEgMDAgODAgNUUgQzUgNDcgMjAgQUMgOEMgNzIgRkYgOEIgRUQgNjcKRDAgNEUgOUEgQTYgMzIgRDIgREEgQTUgRUYgMDMgNEIgNzkgN0YgMzQgNDQgMzQKNEEgNkMgNDMgMDggMjEgODQgNzAgQkYgRDggMkUgMkQgNjYgNzEgQzkgRTkgRDIKN0EgNDMgRDcgMTEgNjEgMTEgQ0MgQkUgOUYgNjkgMjEgNDAgMDggMjEgQ0MgQzcKREMgN0YgNDMgNDUgM0MgRTAgREUgQjEgNTQgREEgRDcgNzkgODggNDcgOTAgRUYKQkMgODcgNUMgNUEgREIgODEgRjUgQjEgNTggRDcgMTUgOTMgOUUgODUgQjkgNkYKM0IgRTYgMUQgNDIgMDggMjEgODQgMTAgQzIgOTcgRjAgQjcgOUQgREQgMTggREYKOUYgMjUgRUYgRTQgMUQgODcgRUQgNzIgOEIgNTkgN0MgRkEgQkIgNDAgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgREQgNjIgQTkKM0IgQzMgQUUgQTUgQzEgMjIgMzggOEMgNzEgMEYgOUIgOUYgREUgNUEgMDUgMTAKNDIgMDggMEIgQTAgMzQgMjUgMDggNUYgQzIgNjIgNjkgNUYgOTIgOUQgRkYgQzYKNzYgNkIgMzEgNDUgMDUgOEIgMEUgOEEgRDkgMzkgN0EgRkEgMjcgRTYgNjAgRjYKQkMgNUIgRUYgMTAgNDIgMDggMjEgODQgMTAgNzYgQzYgNzEgOEMgN0IgRDggRkUKODAgQ0YgQ0UgMEUgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgRjAgQTggNTggRUMgRTYgRjAgNzAgOEEgNDcgRDAgRDUgMDUgNkUgODEKQTcgNkIgNEMgNzEgRUIgREIgOTggMkEgRUIgNDIgMDggMjEgMkMgODggQ0EgNzcKNDAgRDggMUQgNzMgMzMgODAgMkMgQUIgN0YgNkMgOEEgRTcgRkQgNDYgOTcgM0MKRDUgOEUgNDMgMTMgOTQgODUgQjkgQTUgMDkgQjQgQjggNEQgQzEgNzYgMUEgNjIKOEEgMTYgM0IgODQgMTAgNDIgMDggMjEgODQgQkIgNDcgM0IgM0IgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNTggMDQgNkIgNUQKMUUgRDYgREIgMDUgQUUgODkgNkQgRjggODggMjkgMjYgNjcgQTAgOUMgREIgMjUKQTYgRjggRjQgNzcgODEgMTAgNDIgMDggRkIgNjAgQjEgRjIgMUQgOTIgMTcgRTAKN0IgNjAgQUQgNEQgOTYgNjUgQjUgMDAgN0YgQjYgQkQgNTggRjQgNjAgM0IgMEUKQ0QgNTEgMTYgRDYgRUEgQTYgRkEgNzkgOEQgMjkgRkEgMTkgQUMgODIgRDcgNzMKREMgQzMgRTYgNkYgMzggMEEgMzQgNDEgMDggMjEgODQgMTAgNDIgRDggMUIgNkIKRUQgRTkgOUMgNzEgNDMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgMUUgMTUgQkYgRDggQkIgQTMgMUMgODUgNDEgMjAgMDAgQTAgNTcKOTkgMjMgODggNzUgQjUgREUgRkYgNjIgRkIgRTMgNEEgNkIgQ0MgQTYgQUQgQ0EKQTAgQkUgOEYgOUQgODQgRjcgNDUgNDMgRDkgNTAgOTkgODEgREMgNjMgNDUgQTUKQTQgQzIgOTYgOTggOTggODcgMzkgRUUgRTIgMUEgRDYgNzYgMUIgNDIgMDggMjEKNkMgOEMgQjkgNjUgNjUgMTYgODQgRjAgMzMgMzAgNzcgMUUgOTkgNTYgMUIgMzAKNzcgQzggOEMgNTEgMUEgNzYgNzYgOUIgRUEgNjEgMTcgRDcgRTAgRUUgOTUgNTcKNjAgRTYgMDEgMTQgRTcgNzMgRDQgQTggM0MgMTMgNDIgMDggMjEgODQgMTAgQzIKNjcgNjAgNjcgREYgNzQgRjMgQTMgOUYgNkMgMDggNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgN0UgMTEgOTYgNzEgODggMUEgOTMKRUYgMTMgOUMgRTQgMjIgQkEgNjEgMTAgM0UgODAgQkIgNTMgRDQgRDggM0EgQjkKNUEgQUUgMzUgODQgMTAgQzIgQjcgNDYgMzUgNEEgMTAgM0UgOEUgQjkgRjMgQzgKQjQgREEgODAgQjkgNDMgNjYgOEMgQkEgQzIgREMgQUIgNTQgNUQgQkYgRjIgMzQKOUMgRTUgNjkgQjcgOUUgRDQgMzcgQ0QgRkQgNTAgNjIgMTIgNTcgM0YgMEIgODQKMTAgNDIgMDggMjEgODQgNzAgMTkgRTYgN0UgREQgNEYgMkIgNDMgMUQgQjkgMDMKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggNDUKMzggREYgMTUgNEEgQkYgNEQgRTAgQTYgNTkgOEUgNTEgQzMgOUQgQjIgM0IgREIKNTggRjAgMTYgQ0IgNjEgODggMUEgOTMgQ0IgOEQgNkYgM0EgQjMgRjYgNTkgMjAKODQgMTAgQzIgQzYgOTggOUIgQkYgRTQgQ0EgMzAgRjggMDEgOTggM0IgODkgNTQKRkMgNkQgQzAgREMgMjEgMzMgNDYgNUQgNjEgMTkgN0UgNjIgMTIgOTcgOEMgRTAKRUIgOUEgREUgOEQgRUQgMzggM0IgRTMgQUIgRjUgMzggNEUgN0YgQzUgNUEgREQKNzMgMDggMjEgODQgMTAgNDIgMDggRTEgMDMgNTggQ0UgMjUgMjYgNzEgQzkgMDIKRkUgNzUgNEQgMjcgRUQgNDAgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgN0UgMkQgOTYgRTMgMjkgNkEgNkMgOUQgOTggRkEgN0YgNzMKNUEgMzEgMkEgNUQgMUYgNzYgOTUgNTMgM0QgQzYgRTUgRUYgRDIgQzMgRkQgMTAKMzUgMkEgQzkgODQgMTAgNDIgRDggM0IgRjYgNTUgOEQgMzIgNUIgOEUgNUEgRTAKQzEgMzcgQzAgQkUgNjYgOTAgN0EgQUUgMDUgOTggRkIgRUQgNjAgOEMgQkEgQzIKMzIgMEUgNTEgNjMgRjYgRDkgM0UgREUgOEQgQUQgMzggNEYgN0IgNkUgRkQgN0YKRjggMzAgQzYgMzUgQUMgRUQgMzkgODQgMTAgNDIgMDggMjEgODQgRjAgMjEgQkMKQkIgNTMgN0MgODggNkIgNTggQjIgQTQgN0YgNjIgRDMgNjcgMUQgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgRjcgNjIgREYgQjcKNjcgRDYgRTYgOUQgRTQgRTcgRjUgMEYgMEIgM0YgMDggNEYgRkIgRjggMEIgQUQKREYgRDIgQjIgREYgQzUgMjQgQUUgRUQgMzkgODQgMTAgQzIgNUYgRjYgRUUgMjUKMzkgNjEgMTggMDYgMDAgRTggNTUgNzQgMDQgNUMgMTIgNEEgRUUgN0YgQjEgMkUKMEEgRDggRDAgNEMgOEIgRjkgQzQgNEUgRkEgMTYgRDUgOEMgREYgMkEgNjEgMUMKODggNkIgNEIgODIgM0QgQTAgOUMgMTQgMDggOUYgQzEgQUUgMkEgREIgRTggM0MKRkIgMjcgNEEgQzkgODQgREQgRkUgMEYgQzQgRjQgNzggMTggRDMgQjAgOEYgMUMKOTcgN0UgOTMgMzkgMUUgRTMgMUMgNjQgNjUgNDIgMDggMjEgODQgMTAgNDIgRDgKMUUgQUYgNzcgRUUgRUUgN0EgQUIgN0YgRTEgRDAgQ0EgMEUgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNzYgN0IgQ0MgRjggRjcKRTEgNzggODggNEIgMzggREQgNTEgMUEgMjMgQzcgRUEgN0IgODcgN0QgRTEgRUUKMzMgNzIgNkMgM0MgMTUgRUQgQUIgNDIgMDggMjEgREMgMDIgNEEgNDggODEgRjAKNDkgQkMgNkEgOTIgQkUgNzQgMkEgOTAgQ0UgQjMgNTUgRDggQjYgQUIgQTkgRUYKQjcgRkUgRDEgMEMgNTkgMjkgQTYgREQgMTAgMzkgMkUgREYgMEEgNDcgQTUgMjYKMDggMjEgODQgMTAgNDIgMDggRkIgQzIgRDYgRTUgOTggQUMgMTEgMjAgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNjEgQkYgQzcgRjUKQUIgODYgRTkgMTAgMzkgQ0MgNjQgRjYgMzkgRUIgQjggMUEgNkMgREIgRkMgMjIKMEYgRTcgMkUgQTYgRjYgNUUgMjAgODQgMTAgQzIgNkUgQjEgRjUgQjEgMjUgMzkKMjkgNzAgMEIgRDggQ0YgNUEgQzkgMzMgRDUgNTUgNkIgRTAgMzQgNEUgNTEgQzQKREEgOEIgODcgMEIgQTAgMTkgQjIgNTIgMkMgMkIgNzQgREQgRjMgNTEgQkYgNzAKMjggRkYgMUQgNDIgMDggMjEgODQgMTAgQzIgREUgQjAgNkQgQzkgOUQgOEYgMjEKNzIgOTggRDkgNjcgQjcgNkEgODAgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgRkMgRUYgOTggQTYgMjkgQ0EgNzggQkIgQ0QgQjQgNzQKNkYgODIgQUEgNjEgNzkgNDYgREEgNzYgRDggNUEgQjAgNkQgODYgQzggMzEgNEUKN0YgNzMgMUQgOTEgQTQgNjQgNDIgMDggMjEgREMgMEUgQjYgRkQgQzEgOTUgM0UKMDYgQjcgODEgRDMgMjEgQ0UgNjEgRTkgRTQgMjAgQ0YgNTQgNkYgRTUgODYgNkUKRDcgMTEgRkIgMTQgNDUgQUMgQkUgN0UgQjggMDAgOUEgMjQgQUIgQzUgQTIgMjQKRDcgRDIgREYgQkQgNkEgN0YgNDEgMDggMjEgODQgMTAgNDIgRDggMUIgQTYgMjkKNDUgMTEgRUYgNzkgQjEgN0YgREYgMzAgOEQgMjkgNzIgQjQgRDAgODMgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgNzMgQjggOUYKQTIgODggREYgOTggNzYgNDMgRTQgRDggNzUgQjYgRTYgQ0YgREUgMEEgMUYgNjkKOEMgMUMgRUIgM0YgMTAgRjggNTIgNkMgOUQgMjcgQjIgOEIgMjIgRDYgNUUgM0MKODQgMTAgNDIgQjggMkUgNkMgRkQgQjMgMkIgOTUgMEMgNkUgMDEgREIgM0UgNDcKMUUgQUIgMDcgRjAgMUQgRDUgODcgMkUgMzkgNzcgREEgRUEgN0QgQjEgNzcgMDcKQjkgMEQgQzIgNDAgMTQgNDAgQUYgMzIgNDcgMDggMDEgMTIgNzIgRkYgOEIgNzUKMTEgNTEgNEMgODQgNTQgNjggMDAgMUIgNzggOUIgMkYgRjkgQTkgOEIgMDQgNDEKMEIgRjUgMEMgNzMgM0UgNzQgQzIgMTQgOEQgQTMgRkUgRDYgQ0MgMzUgRDggNUUKMDUgMDYgMjEgODQgMTAgNDIgMDggNjEgNzEgMzggQkUgNEIgNUYgRTUgODEgRUUKOUIgNjUgNzcgOEIgM0UgNkMgNDEgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgQzIgRDkgNTggRDggQjYgRDcgQTIgNjUgM0EgOEIKQzEgODggODQgQkMgRjggQkMgNDcgMUYgRUIgOEYgMkYgNTEgRTIgMEUgMjEgODQKMTAgMTYgRDIgNjggRTYgQ0YgMkUgM0MgMDcgNTYgNzUgMUIgNDkgQ0UgMzkgRjkKQjcgNUIgQkEgQUMgRkUgOEYgOTMgMkYgMjYgNkEgRUEgNDggNzIgRjIgMjAgNEYKRkUgQTQgNTEgODkgOTcgNDYgRTcgNTIgRjEgNTggNzUgNzUgMjQgMzkgRTcgQjcKRUIgOEEgQ0IgRTYgMTYgN0QgQTggRDAgODYgMTAgNDIgMDggMjEgODQgRjAgNDgKMzggN0UgNUUgREIgRkIgNTEgMjIgREQgQzggNUUgRkEgQzkgMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgNEMgQjEgN0EgNTUKOTEgRTQgQzcgMjggOEEgMzkgQkIgNTcgQjkgOTYgNjkgMDEgREUgRTQgNTQgOEUKQTUgODcgMDIgMEUgMzkgRDEgNEUgQkIgNzcgODMgODkgQzIgNzggMDggMjEgODQKNTcgNDYgNkQgOUUgMTAgN0UgOEYgNzkgREIgODUgNUMgNTYgMTAgNDIgQjggMTQKRjMgRDYgNjYgMUIgQzQgMDMgMjEgODQgMTAgNDIgMDggRTEgNTEgRjEgNUUgQzcKOTAgN0IgM0YgNEEgRkMgMkUgQkQgQUMgMTggNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQUUgOEUgOTMgRTUgRDAgRTkgOUIgNDgKRTcgRUMgNjEgMTUgQjIgNkMgMUYgMzEgQzQgRkIgMkIgNTcgNkQgMEMgQjkgRjgKRTAgNUMgMDQgMUYgNEQgRjQgOTEgNzkgRDIgRUIgNDcgOTEgRTcgRDIgMkYgMDIKMjEgODQgMTAgMUUgMEIgNzUgNzcgNDIgQjggMDIgMzYgQ0YgNDggRjIgOEQgRjUKM0QgRkEgMzAgOTUgMUUgNDIgMDggOEIgQzMgREMgQjcgNDAgQjcgMTggNTIgOEYKMjcgODQgMTAgNDIgMDggMjEgODQgODcgQzcgOUMgRkYgMDggQjIgQjMgMDkgMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggQjcgQzYKQkEgOEEgMjQgREYgRDggNzUgRDEgNDcgRDEgNzMgM0YgRkYgMUMgMDMgM0EgMkUKMDUgQkYgNTYgRTkgRjUgQzcgMDggRDQgMzkgMDcgNzAgQkIgRTUgMzAgNDYgNzYKRTIgRUQgQkIgNzYgNDIgMjEgODQgMTAgOUUgMUMgNzMgMzcgMzggRTggNDQgODMKQTcgQzUgRUEgRjEgOEMgMjEgNzcgQkYgQjggREEgNTcgMjQgQjkgRjQgQzMgNDMKMDggRTEgMTUgRDAgNUQgMTAgODQgRjAgODcgQkQgN0IgQ0IgNTUgMTAgMDYgMDIKMDAgQkEgOTUgNTkgODIgODggMkYgRjYgQkYgQjEgRkIgODUgNTAgRDIgNkIgQ0EKRTUgRDUgOEIgRTcgQzMgNDkgRTYgNDQgOTMgQzYgMDggMjkgQjUgOUQgODEgMTAKNDIgMDggMjEgNUMgMTEgQkIgNDcgRjQgNjEgRUYgRjIgQzUgOUUgMkYgMjAgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgMzEgNTgKNTkgQTMgOUMgMjUgRTkgRDcgRjYgRkQgOUMgMTQgOTUgMkQgRjkgQUUgQjYgNEIKNzUgRDAgODAgMTAgNDIgMDggMUQgNzMgODAgNzAgMkIgREMgRkQgRTEgRTUgMTUKRkQgMkIgNTcgMzkgNjcgRjYgRjggMjEgODQgRjAgMEIgRjAgQzAgN0EgNjIgNEQKN0IgOEYgMjEgQ0UgMUUgMzkgODQgMTAgNDIgMDggMjEgODQgQjAgMzYgQjQgRDAKMEEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgQjggMDIgNUUgOUUgMzEgOEEKRDkgOUEgRTcgNTkgQ0MgN0QgREMgMjIgMDkgODQgMTAgNDIgMDggRTEgNzEgOTgKQjYgNjIgREMgNjEgMUYgRjUgNzYgNjkgRjMgODggNzcgMzggQzMgQjQgQjMgRUQKNjIgMUMgQTcgMDcgNUQgRjcgMkUgNkMgQUIgRTEgMTEgODQgMTAgNDIgNjggMEYKMTIgODQgMDcgNjIgQjYgQzEgRkQgRjUgMTYgRUYgNTAgNzIgRTEgN0MgM0UgRTMKOTkgNzYgMTQgNzUgNTkgNDEgMDggNjEgMjkgREUgMkUgRDEgODcgQTIgREIgRUYKOEEgNjkgRjMgNkEgNjMgMTQgRTcgOEUgMUMgNDIgMDggMjEgODQgMTAgNDIgNTgKMUIgNUEgNzQgODUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgOUMgQjUgQjcKRkMgNzkgOEQgM0UgQUMgQjAgRUQgN0YgQkMgNTMgM0QgQjcgNjAgRjIgRjEgMEMKNjkgRDcgQzQgMTAgMTUgNTcgODcgMTAgNDIgMDggMjEgNUMgODAgRTkgQzQgRUYKNjQgRTcgM0QgNkIgOUMgMzcgQTYgN0QgNDggNkIgM0IgQzUgQTkgQUIgMTEgODQKMTAgNDIgNjggN0YgMTEgODQgRDUgNjEgRkEgQ0MgOTIgNkQgN0MgOUYgQkQgNjQKQjIgRUYgMzQgRDEgODUgMTAgQzIgNDUgOTggREUgOTMgNEIgRTYgMzMgREIgQTUKRTkgNjAgOTQgQTIgODIgMTAgNDIgMDggMjEgODQgRjAgREYgQTMgQzUgNTggMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgREYgRjAgNzEgOEIgM0UgRkMgQTUKMjggRkEgNkUgRTkgNzggOUMgRDkgNTUgMTcgQzcgNDggMjEgODQgMTAgNDIgMDgKNzcgRTggODkgNTMgNDkgNUEgNUEgNEUgNjQgMTkgQUUgNUIgMDIgNjUgQkIgQjQKNjkgRUYgMzEgQzQgRDkgQkYgMTMgMDggMjEgODQgRjAgQUMgNjggQkYgMTAgODQKMTAgNDIgMDggNjEgOEYgRDMgRkYgQzUgNEEgRTYgMzMgMkIgQTYgRTMgNkEgNjMKNzMgNDcgMEUgMjEgODQgMTAgNDIgMDggRTEgMEYgN0IgNzcgOTcgREIgMjAgMEMKMDMgMDAgRjggMkEgM0UgMDIgN0YgNkIgRTkgRkQgMkYgQjYgQTkgNUEgMDkgMzAKMzYgMjUgMkEgNTAgQ0EgQkUgMTcgNEIgRkUgOUUgNTAgNTUgODkgMjQgRDggMzEKN0MgMEIgNzQgMUUgMEIgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggQTMKODAgRkYgQzUgRDcgRUEgMUUgMjQgQ0QgNkQgMEIgRDUgMDEgMEEgMjEgODQgMTAKQzIgRTMgRTMgNzQgNkMgQzEgNzIgNjcgREYgN0MgRDIgRTUgOEIgRTcgNDUgRkUKRjMgNzQgM0UgMkUgQjMgNjkgNjMgMTQgOEIgRkYgMDAgMTAgNDIgMDggRTEgNDkKNTEgRDkgMEYgODQgMTAgNDIgMDggRTEgMDMgRTcgODMgODkgNzMgRDYgMzMgMkIKQTYgN0QgMTUgNDMgMjggN0QgNzIgMDggMjEgODQgMTAgNDIgMDggRTEgNUIgQTAKRjMgNTggMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgN0IgMkYgNjEgMUQKMjkgRUUgN0QgNDEgRUUgRTkgRDMgREMgOEUgQ0UgQzUgRTYgQ0QgRUUgMUEgMjkKM0EgNDEgODIgMTAgNDIgMDggRTEgQjMgMzggNUYgNzIgNEMgOUIgRkUgNzIgRDYKMzYgRDIgQjUgRDIgNjkgNzkgQTQgRTYgNEEgMDggMjEgODQgNzAgMTkgMTcgNkYKOTAgQzggNzkgRDUgQUUgOTggQUEgRjAgODEgMTAgNDIgMDggRTEgQTEgNTAgRjEKMzMgODQgMTAgNDIgMDggMjEgODQgNzAgNkIgQjQgRUYgODAgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgRkMgQzIgQkEgNkYgMjMgQzUgQkQgQUYgQzMgOTUgRkUKOTEgNzYgNTUgM0MgQzIgQjcgRjQgN0QgQTQgQjAgNTQgQUUgNkYgRkUgMjYgODQKMTAgNDIgMDggRjMgOTcgN0MgODYgNUQgNkUgOTcgQ0UgRTcgNTcgQjYgNzUgQTQKNjggNzkgMDYgMjEgODQgMTAgMTYgQUYgNUIgOEEgNUUgQzQgQ0YgQTQgRjUgQzcKMkQgNDYgQjEgRjQgRTEgMjEgODQgMTAgNDIgMDggRDcgNDUgQTUgQ0UgMTAgNDIKMDggMjEgODQgMTAgQzIgQUQgRDEgQkUgMDMgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgRjAgQjcgRTEgODkgNkQgMTMgNDMgQzggMzkgRUIgOTAgMUUgM0YgRUQKRkEgNDggRTEgMkUgQjcgNEIgMEMgNDEgQzMgMjYgODQgMTAgNDIgNzggNUEgNUMKNkEgRUUgQUIgOUIgMkEgNDYgRDEgODAgQ0IgRDIgNzQgRjYgNUIgRDUgOTcgNkIKQTQgRTggQzMgMUYgODQgMTAgNDIgNTggOEUgQkIgMUYgNEYgQjkgMEYgMDEgNDIKMDggMjEgODQgNDcgNDYgMTUgQ0UgMTAgNDIgMDggMjEgODQgMTAgQzIgQUQgRDEKQkUgMDMgNDIgMDggMjEgRkMgNjQgRUYgRUUgNTIgMUMgODQgQTEgMzAgODAgNkUKRTUgMkUgQTEgNTYgNkQgQzcgRkQgNkYgNkMgNDAgQTggNDYgMjcgQzMgRTggRDAKNTggN0YgQ0UgQ0IgODUgN0IgRTggNTMgNDEgNjIgMkUgRjkgMEMgODQgMTAgNDIKMDggMjEgODQgQkYgNjEgRDUgNzUgOTEgRDQgRDcgMjEgQjcgMTggQ0EgOTIgMDEKODggRjYgREMgRUQgQTIgQTggRTYgNzQgMDggMDYgNTcgNjAgRjYgQjIgOEMgREIKMzMgQzYgNkEgQTggMDggMjEgODQgRjAgOUYgMzggQkIgMTAgNEEgQUMgRjIgQ0YKQTggODUgRTAgMjQgODQgMTAgNDIgQjggMTkgOTYgMTggNDkgNTkgRDkgMjEgODQKMTAgNDIgNzggMzggNzQgQzIgMTkgNDIgMDggMjEgODQgMTAgNDIgNTggMUEgRUQKM0IgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRDcgNjEgREQgNDUgNUEKN0IgQUMgRUEgMzYgMjYgQjUgQzcgNDcgMEMgNjUgQzkgQTggNDQgQUIgM0QgNzEKREIgM0UgRTIgNTUgNzYgMUMgMzggMTUgRTQgODQgMTAgQzIgN0QgRTMgMkMgMEIKNzkgOUQgMzcgQUUgMzEgMDcgOTEgNUIgQzUgREMgMzAgMDUgMjEgODQgMTAgRUUKMTcgQjMgNDMgQTQgQTYgOEUgQTQgNjYgRDcgRjcgRUMgMkYgMkQgRkEgMTAgNDIKMDggMjEgM0MgMzQgM0EgQUUgMEMgMjEgODQgMTAgNDIgMDggMjEgMkMgOEQgRjYKMUQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgQTUgNzAgN0EgNkUgNkQKNzUgNjIgMkIgOEYgQjcgMTggRUIgQ0YgMDAgREEgNjkgRDMgMDEgNUEgRUQgRjYKNkQgRkEgNjQgQzkgNTEgNDIgMDggRTEgMjcgNzEgRkEgNEUgOTUgN0QgMjkgM0EKNTYgNjQgNzIgMUUgN0IgQUMgRUUgOTEgRDYgMUUgRUYgNTUgMUIgNjMgNUQgRkYKQTcgNDEgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgRUUgMDMgMUQgNTQgODYKMTAgNDIgMDggMjEgODQgMTAgOTYgNDYgRkIgMEUgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgQzIgNzMgNjIgRjMgOEMgQTQgNjYgNkYgNUYgMTIgQ0YgRDQgNkEKQjcgNkMgRDMgODcgNDUgRjggMDUgNDIgMDggMzcgQzIgMjIgMUYgQUMgRDggMUQKNUEgNTAgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgNzggMzUgNkMgQkUgNjIKMjggNEIgNDYgRjQgNkYgNkMgMUQgN0UgODYgMTAgNDIgMDggMjEgODQgRjAgMEEKMjggNzQgMDkgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgNkYgRjYgRUUgMjUKQzUgNDEgMjAgOEEgMDIgRTggNTYgREUgMTIgNTIgN0UgQTIgRUUgN0YgNjMgMEQKMEQgMjkgNEQgNTMgMTAgQUIgQ0QgNDcgRTMgMTkgRTQgQzIgM0QgQTMgMDggRTUKQzAgQjIgMUUgNDIgRjggN0MgREMgM0EgRjIgNjkgQkEgNTMgM0QgN0IgRUQgMkUKOTEgQTMgNzQgNUIgRDkgNEQgODUgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgNzggNkUgQkMgMEMgMzEgRTcgQkIgOEYgNDAgRkYgQTkgQTkgOUYKNjIgOTEgRDUgRDcgMDIgMjEgODQgMTAgNDIgMDggMjEgM0MgMDIgOUEgQzQgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMDcgQzYgNkQgMjMgOUYgRDcKMkUgRTYgRjggOTUgNzQgOEQgNUIgOTggRjcgNTQgOEYgNTEgRDMgRDAgQzcgOUMKRjUgMzcgMTEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKRjggNDUgOTggQkEgMzYgMTYgQjkgNjYgQTcgRkQgNzUgQjUgNDkgN0QgQ0MgNTkKN0QgMkQgMTAgNDIgMDggMjEgODQgMTAgQzIgNDMgQTAgMDkgNEQgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMUYgNjMgRDMgQzYgMjIgNkIgNDcgNDEKODcgMjYgNzIgREMgNjYgNEIgMjMgQzcgOUEgOUQgMzQgNTUgRkQgNUYgQjUgMDcKMEIgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgRUUgRTQKRTAgRjQgNzggODkgMUMgQjUgRkYgMUMgNDIgMDggMjEgODQgMTAgNDIgNzggNUMKRkMgRUMgOTMgODggRTMgNDMgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgREUgNjEgOUIgNjIgOTEgNjYgNDUgRDUgOTcgRDYgRDQgNEYgQjEgQzggRUEKRTUgMEEgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgN0UKMTEgM0EgNTYgMEQgMUYgNjAgRTkgQUIgQTkgNjkgNEEgQjEgQzggNUQgRTAgRkQKMEIgQTAgRTIgMDIgODMgMTAgRUUgMDUgOEIgMzcgRUMgMzQgQzUgOUMgNUUgRTMKNDIgMDggRTEgMjkgQjAgMUIgMjMgQzcgOUEgQzcgODcgMjcgNTYgNEYgMjIgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgN0UgMDYgQjcgNEQgOTIgQzIKOUMgMDYgNjkgOEIgNzUgOEMgRkMgMkIgQUMgQjcgRUEgRTUgMEEgN0YgRDggQkIKQTMgMUMgMDUgNjEgMjggMEEgQTAgNUIgNzkgNEIgQTAgODIgMjAgRkIgREYgRDgKMjQgMjQgNDIgNTEgNjYgNDIgNDcgODcgMDEgM0MgM0YgMzcgQjkgRTcgQzMgODQKMEYgMUIgNjMgNzkgMkQgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgQzIgMTMgRTEgQjEgMjcgNDkgQUIgMkUgQjIgRkMgQjAgODkgQzIgMkEgRjIKMUMgQjAgNkQgNjIgOEMgNjUgOTkgRjYgNEQgQjYgN0UgNTcgNUYgNTUgNEYgNUMKOUYgRjcgNjcgNTMgRDUgNDQgOTYgRTUgNUYgRjAgM0YgQzAgRjkgREEgQjggQjQKOEEgOTYgMkYgQzIgMTAgNDIgNzggNUMgNkMgQkEgQzggNzMgQzAgREIgMkQgRUUKRjEgQ0YgQkYgOTQgOUMgOTEgMEUgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgM0MgMDMgRDYgN0QgRTQgMzkgNjAgNkEgRUEgOTggRjIgNzAgNDMgQTMKMEIgREIgRjQgQTkgOEQgMzEgRDYgRkMgMDMgNUMgNTQgMUYgRjYgRjcgNTMgREIKQzUgOTQgNzYgRjcgMjAgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgQzIgN0QgMEQgNEIgM0UgOEYgRjIgQTUgNzQgODkgM0MgMDcgQUMgMkYgMzEKQzYgOUEgOEYgNTUgNTUgNTUgM0QgNEEgQkQgQjYgMzEgQzYgRDIgNUQgQjcgQzUKQUIgM0EgODQgMTAgRUUgMEQgRkIgMzYgRUUgRjEgRkUgQjcgNDQgNUUgQTkgRDYKNUIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgMEMgRDYKMjkgQjIgMkMgMUYgNzIgNUMgOEQgRjMgNTkgNEUgNTcgMzcgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgQkYgQzYgN0MgNzIgNzAgQ0QKMEIgREUgQUEgQUEgQUEgRUEgMUIgNkIgNTMgQzUgMTggNEIgRjcgOEUgMzkgOUEKMTUgNDIgQjggNTMgOUMgOUYgMjMgQkQgRjUgRDkgMTcgM0YgRDcgNUIgMTUgNjMKOTQgM0UgMTcgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgQzIgRUYKMzAgRjUgN0QgNjQgQjkgRTYgMDUgNkYgNTUgNTUgNTUgNzUgQjMgOUEgQkEgNkIKNEMgNTkgQkMgQzggNDMgMDggRTEgNEIgQjggNzQgQ0YgNjAgNzcgODkgN0IgRUMKRkEgN0EgRUIgODcgOTMgQUUgOEIgOUYgMUQgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRjggQzUKREUgMUQgREMgMzggMDggNDMgNDEgMDAgNkQgRTUgOTcgODAgMzEgODkgNDMgRkYKOEQgQUQgODQgMTQgQjAgMDggMDcgNTggQjEgNTkgMjcgQkMgNDMgNDYgOUEgNzcKOEQgRjAgQzkgMjMgNDMgMDggMjEgODQgMTAgNDIgRjggODIgOUIgMTcgQjYgRjcKREMgRjEgNTYgNTUgNTUgNTUgREYgNTYgNTMgNUYgNjIgNDkgNkYgMjYgNDIgNzgKMUUgNzYgMjUgRUEgOUMgMzAgREQgQzYgQTggNzIgRjMgMzMgRkMgNTYgRkMgOTQKQjEgRTEgQUEgM0UgNjIgRkUgNEQgN0YgNkIgOUYgNjMgNDkgNTMgNDQgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgM0MgMEQgNTMgQkUgNDUgOTUgN0IKQUUgN0MgQUIgQUEgQUEgQUEgNkYgQUIgQUIgNjEgRDQgRDEgNDMgMUUgQzIgQ0IKNjEgMUUgQTMgQ0EgOEYgMUUgRDkgN0QgNUYgNEQgRjcgMTIgNEIgREEgNTYgNDMKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggRTEgREYgNjIgN0EgRTQgNTgKRDIgM0IgODYgQUEgQUEgQUEgRkYgNUMgRDcgNkYgNzIgRTUgMTQgNTUgMUUgM0QKRTQgMjEgQkMgMUEgREUgODcgOTggNjMgQ0YgMTcgQTcgOUUgNTUgRTcgQjMgQ0IKRjAgMTkgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggNUIgQzEgQTEKNDQgOUQgMTMgRTYgM0UgOUUgRTEgODEgOUUgNzYgNkIgM0YgQzQgMUMgNUIgOEIKODkgNkQgNDkgN0QgODkgMkEgMjEgODQgRDcgQzMgMkUgRUEgOUMgNzAgRTggRTIKMTkgQkIgQ0UgOUYgNDYgRUEgM0MgNTYgRjIgQTggMTkgODQgQkYgQzAgMzQgOEUKNTEgRTUgOUUgOEYgNEUgM0QgQUIgQUUgNzcgRTIgNUQgODkgMjUgMUQgNUYgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgRDggMzQgNkUgNUQgQzggQUYKRTcgN0UgNEQgM0YgODcgRjQgQkEgMUUgNEQgQTkgOEYgMkEgOEYgOEYgOTUgREEKQzMgMUYgRjYgRUUgMjUgODUgNDEgMjAgMDggMDIgRTggNTUgRkEgMEEgRTMgMjgKODkgRjcgQkYgNTggNTYgRDEgQzYgNDggMTggNDEgRjAgRjcgMzYgMDUgRkQgQjYKQzIgRTAgQTYgQTggM0EgQzQgOUMgRDMgNTcgMkIgOTEgRjIgMEYgNzYgNzUgOEMKMzkgMEQgMkEgNDEgMDggNEYgODAgNjUgODggOTQgQUIgNkYgREQgRTYgQTcgRjIKNTggRUMgNkIgQTQgQjQgQzUgMDkgRTEgNUUgNTggODYgMTIgMjkgNUIgN0UgMEUKOUQgN0IgOUQgNDYgMzkgMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKRjAgOUUgQjggQTggMUMgQUUgQjUgNjMgMzYgOTcgNkIgMEUgNDUgNEIgNDkgMTAKNDIgMDggMjEgODQgNEYgQzMgRjIgQUUgOTEgQjIgQTUgMzUgRTkgNkMgM0YgQTcKNjUgNTIgODUgNTMgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNUUgMEMgRkIgNTcgQTQgRkMgMUQgQzEgNkYgRTkKNUEgM0UgRkMgNUMgNTYgNEQgNEIgMTcgMjkgRDcgQzYgQTkgQjcgN0YgMjYgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgQzIgRjMgNjEgMTkgQzcgNDggRjkgQUQgQUYgQzYgMTQgMkQgNTUgQ0QgRkIKOUQgQ0EgQTcgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgQzIgMEYgRkIgNzYgNjggMDMgMDAgMDggMDMgNDAgNzAgOTUgQUUgMDAKMjUgMjEgRUMgQkYgMTggMDIgNDQgMjUgNDEgOUYgNzkgNzEgM0IgM0MgODQgMTAKQzIgMUYgQ0MgMTUgQTUgMDcgREIgQzggMjggQkQgRDggNjcgOTQgQzIgNzcgNzQKQjkgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQKMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAKNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIKMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDgKMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEgODQgMTAgNDIgMDggMjEKREMgRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgODkgMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUgMjMgNDQKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUgQkYgNzYKODQgNjggQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgMjcgNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAgQzggRkYKRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAgMDAgMDAKRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgRDggOTEgNDMgMDIgMDAgMDAgMDAKMDAgMjAgRkYgNUYgM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgMTMgM0IgNzIgNDggMDAgMDAKMDAgMDAgMDAgRTQgRkYgNkIgNDcgODggRTYgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNjIgNDcgMEUgMDkKMDAgMDAgMDAgMDAgODAgRkMgN0YgRUQgMDggRDEgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNEUgRUMgQzgKMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgODkKMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUgMjMgNDQgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUgQkYgNzYgODQgNjggQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgMjcgNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAgQzggRkYgRDcgOEUgMTAKQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAgMDAgMDAgRjkgRkYgREEKMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgRDggOTEgNDMgMDIgMDAgMDAgMDAgMDAgMjAgRkYKNUYgM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgMTMgM0IgNzIgNDggMDAgMDAgMDAgMDAgMDAKRTQgRkYgNkIgNDcgODggRTYgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNjIgNDcgMEUgMDkgMDAgMDAgMDAKMDAgODAgRkMgN0YgRUQgMDggRDEgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNEUgRUMgQzggMjEgMDEgMDAKMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgODkgMUQgMzkgMjQKMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUgMjMgNDQgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgQjEgMjMKODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUgQkYgNzYgODQgNjggQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgMjcKNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAgQzggRkYgRDcgOEUgMTAgQ0QgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAgMDAgMDAgRjkgRkYgREEgMTEgQTIgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgRDggOTEgNDMgMDIgMDAgMDAgMDAgMDAgMjAgRkYgNUYgM0IgNDIKMzQgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgMTMgM0IgNzIgNDggMDAgMDAgMDAgMDAgMDAgRTQgRkYgNkIKNDcgODggRTYgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgNjIgNDcgMEUgMDkgMDAgMDAgMDAgMDAgODAgRkMKN0YgRUQgMDggRDEgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgNEUgRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAKOTAgRkYgQUYgMUQgMjEgOUEgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgODkgMUQgMzkgMjQgMDAgMDAgMDAKMDAgMDAgRjIgRkYgQjUgMjMgNDQgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgQjEgMjMgODcgMDQgMDAKMDAgMDAgMDAgNDAgRkUgQkYgNzYgODQgNjggQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgMjcgNzYgRTQgOTAKMDAgMDAgMDAgMDAgMDAgQzggRkYgRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUKMUMgMTIgMDAgMDAgMDAgMDAgMDAgRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKRDggOTEgNDMgMDIgMDAgMDAgMDAgMDAgMjAgRkYgNUYgM0IgNDIgMzQgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgMTMgM0IgNzIgNDggMDAgMDAgMDAgMDAgMDAgRTQgRkYgNkIgNDcgODggRTYKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgNjIgNDcgMEUgMDkgMDAgMDAgMDAgMDAgODAgRkMgN0YgRUQgMDgKRDEgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgNEUgRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYKMUQgMjEgOUEgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgODkgMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIKRkYgQjUgMjMgNDQgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAKNDAgRkUgQkYgNzYgODQgNjggQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgMjcgNzYgRTQgOTAgMDAgMDAgMDAKMDAgMDAgQzggRkYgRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAKMDAgMDAgMDAgMDAgRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgRDggOTEgNDMKMDIgMDAgMDAgMDAgMDAgMjAgRkYgNUYgM0IgNDIgMzQgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgMTMgM0IKNzIgNDggMDAgMDAgMDAgMDAgMDAgRTQgRkYgNkIgNDcgODggRTYgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKNjIgNDcgMEUgMDkgMDAgMDAgMDAgMDAgODAgRkMgN0YgRUQgMDggRDEgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgNEUgRUMgQzggMjEgMDEgMDAgMDAgMDAgMDAgOTAgRkYgQUYgMUQgMjEgOUEKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgODkgMUQgMzkgMjQgMDAgMDAgMDAgMDAgMDAgRjIgRkYgQjUgMjMKNDQgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgQjEgMjMgODcgMDQgMDAgMDAgMDAgMDAgNDAgRkUgQkYKNzYgODQgNjggQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgMjcgNzYgRTQgOTAgMDAgMDAgMDAgMDAgMDAgQzgKRkYgRDcgOEUgMTAgQ0QgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgQzQgOEUgMUMgMTIgMDAgMDAgMDAgMDAKMDAgRjkgRkYgREEgMTEgQTIgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMKQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UKMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkKRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcKOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMKNzMgQ0UgMzkgRTcgOUMgNzMgQ0UgMzkgRTcgOUMgREEgOTEgNDMgMDIgMDAgMDAKMDAgMDAgNDEgRkYgNUYgM0IgQzMgMDIgMTEgMjkgQTUgOTQgNTIgNEEgMjkgQTUKOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQKNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNTIKNEEgMjkgQTUgOTQgNTIgNEEgMjkgQTUgOTQgNzIgQ0IgMDAgNTAgNEIgMDEgMDIKM0YgMDAgMTQgMDAgMDAgMDAgMDggMDAgNEIgNDYgNTIgNTUgMTggQTEgNEUgQjYKQzYgREQgMDAgMDAgMTUgNjggQTMgMDAgMDggMDAgMjQgMDAgMDAgMDAgMDAgMDAKMDAgMDAgMjAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgNjYgNkMgNjEgNjcgMkUgNzQKNzggNzQgMEEgMDAgMjAgMDAgMDAgMDAgMDAgMDAgMDEgMDAgMTggMDAgQ0UgREMKQzcgOTkgOEIgRTIgRDggMDEgNUYgMkIgNkUgNjggOEMgRTIgRDggMDEgOEEgQ0UKMTkgNDcgOEEgRTIgRDggMDEgNTAgNEIgMDUgMDYgMDAgMDAgMDAgMDAgMDEgMDAKMDEgMDAgNUEgMDAgMDAgMDAgRUMgREQgMDAgMDAgMDAgMDAK

蓝帽杯

这蓝帽杯太卷了,差点被干到复赛都进不了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
int sub_7FF6308E5890()
{
const char *v0; // rax
_QWORD *input; // rax
__int64 v2; // rdx
_QWORD *v3; // rsi
__int64 v4; // rdi
__int64 v5; // rbx
_QWORD *v6; // rax
_QWORD *v7; // rdi
__int64 v8; // rdx
_QWORD *v9; // rax
unsigned __int64 *v11; // rsi
__int64 v12; // rbx
__int64 v13; // rcx
_QWORD *v14; // rbp
__int64 v15; // rdx
unsigned __int64 v16; // rdi
__int64 v17; // rbx
unsigned __int64 *v18; // rbp
__int64 v19; // rdx
_QWORD *v20; // rax
__int64 v21; // rcx
__int64 v22; // rdx
unsigned __int64 v23; // rsi
__int64 v24; // rdi
__int64 v25; // rdx
unsigned __int64 v26; // rcx
__m128i v27; // xmm4
__int64 v28; // rdi
__int64 v29; // rdx
unsigned __int64 v30; // rcx
__m128i v31; // [rsp+20h] [rbp-78h] BYREF
__m128i v32; // [rsp+30h] [rbp-68h] BYREF
__int64 v33; // [rsp+40h] [rbp-58h] BYREF
__int64 v34; // [rsp+48h] [rbp-50h]
__m128i v35; // [rsp+50h] [rbp-48h] BYREF
__int64 v36; // [rsp+60h] [rbp-38h] BYREF
__int64 v37; // [rsp+68h] [rbp-30h]

sub_7FF6308E0500(&unk_7FF6308E57E0);
sub_7FF6308E0500(&unk_7FF6308E57D0);
sub_7FF6308E0500(&unk_7FF6308E57C0);
sub_7FF6308E0500(&unk_7FF6308E57B0);
sub_7FF6308E0500(&unk_7FF6308E57A0);
sub_7FF6308E0500(&unk_7FF6308E5790);
sub_7FF6308E0500(&unk_7FF6308E5780);
sub_7FF6308E0500(&unk_7FF6308E5770);
sub_7FF6308E0500(&unk_7FF6308E5760);
printf(Format, 1i64);
v0 = (const char *)off_7FF6308E8100(0i64);
LODWORD(input) = scanf(v0);
v3 = input;
if ( input )
*(input - 2) += 8i64;
if ( qword_7FF6308FF200 )
{
v4 = *(_QWORD *)(qword_7FF6308FF200 - 16);
v2 = qword_7FF6308FF200 - 16;
*(_QWORD *)(qword_7FF6308FF200 - 16) = v4 - 8;
if ( (unsigned __int64)(v4 - 8) <= 7 )
sub_7FF6308D9580(off_7FF6308EA350 + 3, v2);
}
qword_7FF6308FF200 = (__int64)v3;
v5 = 0i64;
v6 = (_QWORD *)sub_7FF6308DC000(5i64, v2);
v7 = v6;
if ( !v6 )
{
if ( v3 )
sub_7FF6308DF460(0i64, -1i64);
sub_7FF6308DF460(0i64, -1i64);
}
if ( !v3 )
{
if ( !*v6 )
sub_7FF6308DF460(0i64, -1i64);
sub_7FF6308DF460(0i64, -1i64);
}
do
{
if ( *v6 <= (unsigned __int64)v5 )
sub_7FF6308DF460(v5, *v6 - 1i64);
v8 = *v3;
if ( *v3 <= (unsigned __int64)v5 )
sub_7FF6308DF460(v5, v8 - 1);
*((_BYTE *)v6 + v5 + 16) = *((_BYTE *)v3 + v5 + 16);
++v5;
}
while ( v5 <= 4 );
if ( *v6 != 5i64 )
goto LABEL_15;
v9 = v6 + 2;
if ( *((_DWORD *)v7 + 4) != dword_7FF6308E9E00 )// 判断前五个是不是flag{
goto LABEL_15;
if ( *((_BYTE *)v9 + 4) != byte_7FF6308E9E04 )
goto LABEL_15;
v11 = (unsigned __int64 *)qword_7FF6308FF200;
if ( !qword_7FF6308FF200 || *(_QWORD *)qword_7FF6308FF200 != '*' || *(_BYTE *)(qword_7FF6308FF200 + 57) != '}' )// 判断位数是否是42,并且最后一位是否是}
goto LABEL_15;
v12 = 0i64;
v14 = (_QWORD *)sub_7FF6308DC000(18i64, v8);
if ( !v14 )
sub_7FF6308DF460(0i64, -1i64);
do
{
v15 = *v14;
if ( *v14 <= (unsigned __int64)v12 )
sub_7FF6308DF460(v12, v15 - 1);
v16 = v12 + 5;
if ( v12 + 5 < 0 || v16 < v12 )
sub_7FF6308DAFB0(v13, v15);
if ( *v11 <= v16 )
sub_7FF6308DF460(v12 + 5, *v11 - 1);
*((_BYTE *)v14 + v12++ + 16) = *((_BYTE *)v11 + v16 + 16);// 提取前18位
}
while ( v12 <= 17 );
v17 = 0i64;
sub_7FF6308E4380((__int64)v14, 10i64, &xmmword_7FF6308FF1B0);// 能看到取了前18位并且检验是否有-
v18 = (unsigned __int64 *)qword_7FF6308FF200;
v20 = (_QWORD *)sub_7FF6308DC000(18i64, v19);
if ( !v20 )
{
if ( v18 )
sub_7FF6308DF460(0i64, -1i64);
sub_7FF6308DF460(0i64, -1i64);
}
if ( !v18 )
{
if ( !*v20 )
sub_7FF6308DF460(0i64, -1i64);
sub_7FF6308DF460(23i64, -1i64);
}
do
{
v22 = *v20;
if ( *v20 <= (unsigned __int64)v17 )
sub_7FF6308DF460(v17, v22 - 1);
v23 = v17 + 23;
if ( v17 + 23 < 0 || v23 < v17 )
sub_7FF6308DAFB0(v21, v22);
if ( *v18 <= v23 )
sub_7FF6308DF460(v17 + 23, *v18 - 1);
*((_BYTE *)v20 + v17++ + 16) = *((_BYTE *)v18 + v23 + 16);// 后18位
}
while ( v17 <= 17 );
sub_7FF6308E4380((__int64)v20, 10i64, &xmmword_7FF6308FF170);
sub_7FF6308E4380((__int64)&unk_7FF6308E9DC0, 10i64, &xmmword_7FF6308FF190);
sub_7FF6308E4380((__int64)&unk_7FF6308E9D80, 10i64, &xmmword_7FF6308FF1A0);
v32 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF190);
v31 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1B0);
if ( !(unsigned __int8)sub_7FF6308E50C0(&v32, &v31) )//判断范围
goto LABEL_15;
v32 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1B0);
v31 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1A0);
if ( !(unsigned __int8)sub_7FF6308E50C0(&v32, &v31) )
goto LABEL_15;
v33 = 0i64;
v34 = 0i64;
v32 = (__m128i)xmmword_7FF6308FF1B0;
v31 = (__m128i)xmmword_7FF6308FF1B0;
math(&v32, &v31, (__int64)&v33); // 前两个参数存着前18位
v24 = v33;
if ( v33 )
*(_QWORD *)(v33 - 16) += 8i64;
if ( (_QWORD)xmmword_7FF6308FF1D0 )
{
v25 = xmmword_7FF6308FF1D0 - 16;
v26 = *(_QWORD *)(xmmword_7FF6308FF1D0 - 16) - 8i64;
*(_QWORD *)(xmmword_7FF6308FF1D0 - 16) = v26;
if ( v26 <= 7 )
sub_7FF6308D9580(off_7FF6308EA350 + 3, v25);
}
*(_QWORD *)&xmmword_7FF6308FF1D0 = v24;
v35 = 0ui64;
BYTE8(xmmword_7FF6308FF1D0) = v34;
v32 = (__m128i)xmmword_7FF6308FF170;
v31 = (__m128i)xmmword_7FF6308FF170;
math(&v32, &v31, (__int64)&v35); // 相乘得到
v27 = _mm_load_si128(&v35);
v36 = 0i64;
v37 = 0i64;
v32 = v27;
multiply(&v32, 11i64, &v36); // 也就是后18位相乘之后在乘11
v28 = v36;
if ( v36 )
*(_QWORD *)(v36 - 16) += 8i64;
if ( (_QWORD)xmmword_7FF6308FF160 )
{
v29 = xmmword_7FF6308FF160 - 16;
v30 = *(_QWORD *)(xmmword_7FF6308FF160 - 16) - 8i64;
*(_QWORD *)(xmmword_7FF6308FF160 - 16) = v30;
if ( v30 <= 7 )
sub_7FF6308D9580(off_7FF6308EA350 + 3, v29);
}
*(_QWORD *)&xmmword_7FF6308FF160 = v28;
v32 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1D0);
BYTE8(xmmword_7FF6308FF160) = v37;
v31 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF160);
jian(v32.m128i_i64, v31.m128i_i64, (__int64)&xmmword_7FF6308FF1E0);// 进行减法
sub_7FF6308E4380((__int64)&unk_7FF6308E9D50, 10i64, &xmmword_7FF6308FF1C0);
v32 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1E0);
v31 = _mm_loadu_si128((const __m128i *)&xmmword_7FF6308FF1C0);
if ( (unsigned __int8)cmp(&v32, &v31) ) // 对比数据
{
qword_7FF6308ED6A0 = 1i64;
}
else
{
LABEL_15:
if ( qword_7FF6308ED6A0 != 1 )
return printf(&byte_7FF6308E9D00, 1i64);
}
return printf(a0, 1i64);
}

这题dump出来是不对的,直接调试程序找到主要逻辑,但这个逻辑很难看懂啊。最后发现是个简单的运算,算的就是x^2 - 11 *y^2 = 9,当x的范围在

100000000000000000<x<999999999999999999时的情况,解一下方程得到flag,注意要加一个-才对

re2

国赛分赛区re

puzzle

是个upx壳,自动脱壳没脱掉,原来是upx的特征被改了,下面UPX全部被改成了vmp,全部恢复成UPX再脱壳就行,但不能调试,应该是文件到内存的偏移存在问题。

image-20220705231608958

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 *(_QWORD *)v20 = fmt_Fprintf((__int64)&off_505F00, qword_588528, "Input: ", 7LL, v2, 0LL, 0LL, v16, v17, v18);
v38[0] = "\b";
v38[1] = v35;
v11 = &off_505EE0;
v12 = (__int64 *)qword_588520;
*(_QWORD *)v13 = "%s";
*(_QWORD *)&v13[8] = 2LL;
*(_QWORD *)&v13[16] = v38;
v14 = 1LL;
v15 = 1LL;
fmt_Fscanf((__int64)v1, v0, (const char *)&off_505EE0);
if ( !v17 )
{
v3 = v35;
v4 = 0LL;
v5 = 0LL;
while ( v4 < 9 )//主要加密
{
for ( i = 0LL; i < 9; ++i )
{
v1 = (__int64 *)v40[3 * v4 - 1];
if ( v40[3 * v4] <= (unsigned __int64)i )
sub_466740((__int64)v11, (__int64)v12);
v0 = *((unsigned __int8 *)v1 + i);
if ( !(_BYTE)v0 )
{
v7 = v3[1];
if ( v7 <= v5 )
goto LABEL_13;
if ( v7 <= (unsigned __int64)v5 )
sub_466740((__int64)v11, (__int64)v12);
v8 = *(unsigned __int8 *)(v5 + *v3);
if ( (unsigned __int8)v8 < '0' || (unsigned __int8)v8 > '9' )
goto LABEL_13;
v0 = (unsigned int)(v8 - 48);
*((_BYTE *)v1 + i) = v0;
++v5;
}
}
++v4;
}
if ( v3[1] == v5 && (v15 = sub_4B8720((__int64)&v39, 9LL, 9, v13[8]), v13[8]) )
{
v17 = runtime_stringtoslicebyte((__int64)v34, *v35, v35[1], *(__int64 *)&v13[8], *(__int64 *)&v13[16], v14);
v16 = sub_4938A0(*(__int64 *)&v13[8], *(__int64 *)&v13[16], v14, *(__int128 *)&v13[8]);
v32 = *(_OWORD *)&v13[8];
v33 = *(_OWORD *)&v13[8];
runtime_convT2Enoptr((__int64)&unk_4C6160, (__int64)&v33, *(__int64 *)v13, *(__int64 *)&v13[8]);
v37 = *(_OWORD *)v13;
v11 = &off_505F00;
v12 = (__int64 *)qword_588528;
*(_QWORD *)v13 = "Your flag is flag{%x}async stack too l";
*(_QWORD *)&v13[8] = 21LL;
*(_QWORD *)&v13[16] = &v37;
v14 = 1LL;
v15 = 1LL;
fmt_Fprintf((__int64)v1, v0, v9);
}
else
{
LABEL_13:
v36[0] = &unk_4C5940;
v36[1] = &off_504828; // Wrong!
*(_QWORD *)&v19 = fmt_Fprintln((__int64)&off_505F00, qword_588528, (__int64)v36, 1LL, 1LL, v14, v15, v16);
}
}
}

这是个go程序,直接找到main_main发现符号表并没有损坏,直接看,发现应该是个数独,毕竟这一周做了两道数独了。

但是从静态是看不到数独的图的,所以只能动态,用程序脱壳后的程序并不能动调,所以得手动跟,比较不好跟。

直接找到rsp的地址后,步入sub_5AB660

image-20220803151134283

sub_5AB700

image-20220803151228497

sub_5AF500

image-20220803151237196

sub_5ADBA0

image-20220803151245375

sub_5D4300

image-20220803151255502

到sub_628C40

image-20220803151322255

发现call rax ; sub_628C40进去就是main_main,发现了加载地图的地方

image-20220803151527692

查看v48

image-20220803151556289

就是地图

image-20220803151843891

得到flag

havetea

动调可以发现就是一个tea加密和xtea加密

image-20220706163158211

发现输入16字节,8字节传入,进行两次tea加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include <stdio.h>
#include <stdint.h>

//加密函数
void encrypt(uint32_t* v, uint32_t* k) {
uint32_t v0 = v[0], v1 = v[1], sum = 0, i; /* set up */
uint32_t delta = 0x9e3779b9; /* a key schedule constant */
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3]; /* cache key */
for (i = 0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
} /* end cycle */
v[0] = v0; v[1] = v1;
}
//解密函数
void decrypt(uint32_t* v, uint32_t* k) {
uint32_t v0 = v[0], v1 = v[1], sum = 0x9E3779B9 * 32, i; /* set up */
uint32_t delta = 0x9E3779B9; /* a key schedule constant */
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3]; /* cache key */
for (i = 0; i < 32; i++) { /* basic cycle start */
v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
sum -= delta;
} /* end cycle */
v[0] = v0; v[1] = v1;
}

int main()
{
uint32_t v[] = { 0xE66F0E9E, 0x42A17CD6 }, k[4] = { 0x9e,0x37,0x79,0xb9 }, v1[] = { 0x5BDDE878, 0xD236F4AD };
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
decrypt(v, k);
printf("decode:%x %x\n", v[0], v[1]);
decrypt(v1, k);
printf("decode:%x %x\n", v1[0], v1[1]);
return 0;
}
倒序就是密码:please_drink_tea

然后就是一个xtea加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#include <stdio.h>
#include <stdint.h>

/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */

void encipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0 = v[0], v1 = v[1], sum = 0, delta = 0x9E3779B9;
for (i = 0; i < num_rounds; i++) {
v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
sum += delta;
v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
}
v[0] = v0; v[1] = v1;
}

void decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0 = v[0], v1 = v[1], delta = 0x9E3779B9, sum = delta * num_rounds;
for (i = 0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
v[0] = v0; v[1] = v1;
}

int main()
{
uint32_t v[] = { 0x7D758E0A, 0xEDAFF6AD }, v1[] = { 0x9DDE7E86, 0xE3D36CD5 }, v2[] = { 0xABD3C82E, 0x6B7B2CFE }, v3[] = { 0x2C6608C2, 0x0686A1DA };
uint32_t const k[4] = { 0x61656C70, 0x645F6573, 0x6B6E6972, 0x6165745F };
unsigned int r = 32;//num_rounds建议取值为32
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
decipher(r, v, k);
decipher(r, v1, k);
decipher(r, v2, k);
decipher(r, v3, k);
printf("decode:%x %x\n", v[0], v[1]);
printf("decode:%x %x\n", v1[0], v1[1]);
printf("decode:%x %x\n", v2[0], v2[1]);
printf("decode:%x %x\n", v3[0], v3[1]);
return 0;
}

倒序转换成字符就行了

_rdtsc

creak3

用jadx打开发现很简单加密,就是把flag{xxxxxxxxx}中间的密文传进check函数,直接去so文件找jni发现关键check函数

image-20220707202353900

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
__int64 __fastcall sub_4700(__int64 *a1, __int64 a2, __int64 a3)
{
__int64 v3; // rbx
_DWORD *v4; // r14
__int64 v5; // rax
const char *v6; // rsi
int v8; // [rsp+4h] [rbp-34h] BYREF
int v9; // [rsp+8h] [rbp-30h] BYREF
int v10; // [rsp+Ch] [rbp-2Ch] BYREF
int v11; // [rsp+10h] [rbp-28h] BYREF
int v12; // [rsp+14h] [rbp-24h]
unsigned __int64 v13; // [rsp+18h] [rbp-20h]

v13 = __readfsqword(0x28u);
v3 = (*(__int64 (__fastcall **)(__int64 *, __int64, _QWORD))(*a1 + 1352))(a1, a3, 0LL);
if ( (unsigned int)sub_3D70(v3) == 32 )
{
v10 = 16;
v4 = malloc(0x80uLL);
if ( (unsigned int)sub_4330(v3, v4, &v10) )
{
v5 = *a1;
v6 = "Bad format";
}
else
{
v9 = *v4 ^ 0x39DEB332;
v11 = v4[1] ^ v9;
v12 = v4[2] ^ v11;
v8 = v4[3] ^ v12;
if ( sub_43F0((__int64)&v9) && (unsigned __int8)sub_44E0(&v11) && (unsigned __int8)sub_4630(&v8) )
{
v5 = *a1;
v6 = "right flag!!!";
}
else
{
v5 = *a1;
v6 = "sorry,wrong flag.";
}
}
}
else
{
v5 = *a1;
v6 = "length of input is not enough!!!";
}
return (*(__int64 (__fastcall **)(__int64 *, const char *))(v5 + 1336))(a1, v6);
}

程序的意思就是要输入一个32位的flag,然后每两个一组变成16进制,变成16位,4个4个一组,先进行异或,然后进入三个函数验证

第一个函数是sha1加密,4字节还知道一个字节

1
2
3
4
5
6
7
8
import hashlib
for i1 in range(0xff):
for i2 in range(0xff):
for i4 in range(0xff):
arr = [i1, i2, 0xe9,i4]
if(hashlib.sha1(bytes(arr)).hexdigest().lower() == "2e60865e94119223c4657eac98d744ee909e66b8"):
print(hex(i1),hex(i2),0xe9,hex(i4))
break

第二个函数刚开始没看出来,后面发现是sm4加密

image-20220707105839618

不难发现是sm4的cbc模式,那么需要找到key和iv,发现是0-0xf,直接写脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
#include <string.h>
#include <stdio.h>
#include <time.h>
/*--------------------------------------------------------------------------------------------------------------*/
#define SM4_ENCRYPT 1
#define SM4_DECRYPT 0
/*--------------------------------------------------------------------------------------------------------------*/
/**
* \brief SM4 context structure
*/
typedef struct
{
int mode; /*!< encrypt/decrypt */
unsigned long sk[32]; /*!< SM4 subkeys */
}
sm4_context;
/*--------------------------------------------------------------------------------------------------------------*/
/**
* \brief SM4 key schedule (128-bit, encryption)
*
* \param ctx SM4 context to be initialized
* \param key 16-byte secret key
*/
void sm4_setkey_enc(sm4_context *ctx, unsigned char key[16]);
/*--------------------------------------------------------------------------------------------------------------*/
/**
* \brief SM4 key schedule (128-bit, decryption)
*
* \param ctx SM4 context to be initialized
* \param key 16-byte secret key
*/
void sm4_setkey_dec(sm4_context *ctx, unsigned char key[16]);
/*--------------------------------------------------------------------------------------------------------------*/
/**
* \brief SM4-ECB block encryption/decryption
* \param ctx SM4 context
* \param mode SM4_ENCRYPT or SM4_DECRYPT
* \param length length of the input data
* \param input input block
* \param output output block
*/
void sm4_crypt_ecb(sm4_context *ctx,
int mode,
int length,
unsigned char *input,
unsigned char *output);
/*--------------------------------------------------------------------------------------------------------------*/
/**
* \brief SM4-CBC buffer encryption/decryption
* \param ctx SM4 context
* \param mode SM4_ENCRYPT or SM4_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*/
void sm4_crypt_cbc(sm4_context *ctx,
int mode,
int length,
unsigned char iv[16],
unsigned char *input,
unsigned char *output);
/*--------------------------------------------------------------------------------------------------------------*/
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_ULONG_BE
#define GET_ULONG_BE(n,b,i) \
{ \
(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
| ( (unsigned long) (b)[(i) + 1] << 16 ) \
| ( (unsigned long) (b)[(i) + 2] << 8 ) \
| ( (unsigned long) (b)[(i) + 3] ); \
}
#endif
/*--------------------------------------------------------------------------------------------------------------*/
#ifndef PUT_ULONG_BE
#define PUT_ULONG_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
/*--------------------------------------------------------------------------------------------------------------*/
/*
*rotate shift left marco definition
*
*/
#define SHL(x,n) (((x) & 0xFFFFFFFF) << n)
#define ROTL(x,n) (SHL((x),n) | ((x) >> (32 - n)))
#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
/*--------------------------------------------------------------------------------------------------------------*/
/*
* Expanded SM4 S-boxes
/* Sbox table: 8bits input convert to 8 bits output*/
static const unsigned char SboxTable[16][16] =
{
{ 0xd6,0x90,0xe9,0xfe,0xcc,0xe1,0x3d,0xb7,0x16,0xb6,0x14,0xc2,0x28,0xfb,0x2c,0x05 },
{ 0x2b,0x67,0x9a,0x76,0x2a,0xbe,0x04,0xc3,0xaa,0x44,0x13,0x26,0x49,0x86,0x06,0x99 },
{ 0x9c,0x42,0x50,0xf4,0x91,0xef,0x98,0x7a,0x33,0x54,0x0b,0x43,0xed,0xcf,0xac,0x62 },
{ 0xe4,0xb3,0x1c,0xa9,0xc9,0x08,0xe8,0x95,0x80,0xdf,0x94,0xfa,0x75,0x8f,0x3f,0xa6 },
{ 0x47,0x07,0xa7,0xfc,0xf3,0x73,0x17,0xba,0x83,0x59,0x3c,0x19,0xe6,0x85,0x4f,0xa8 },
{ 0x68,0x6b,0x81,0xb2,0x71,0x64,0xda,0x8b,0xf8,0xeb,0x0f,0x4b,0x70,0x56,0x9d,0x35 },
{ 0x1e,0x24,0x0e,0x5e,0x63,0x58,0xd1,0xa2,0x25,0x22,0x7c,0x3b,0x01,0x21,0x78,0x87 },
{ 0xd4,0x00,0x46,0x57,0x9f,0xd3,0x27,0x52,0x4c,0x36,0x02,0xe7,0xa0,0xc4,0xc8,0x9e },
{ 0xea,0xbf,0x8a,0xd2,0x40,0xc7,0x38,0xb5,0xa3,0xf7,0xf2,0xce,0xf9,0x61,0x15,0xa1 },
{ 0xe0,0xae,0x5d,0xa4,0x9b,0x34,0x1a,0x55,0xad,0x93,0x32,0x30,0xf5,0x8c,0xb1,0xe3 },
{ 0x1d,0xf6,0xe2,0x2e,0x82,0x66,0xca,0x60,0xc0,0x29,0x23,0xab,0x0d,0x53,0x4e,0x6f },
{ 0xd5,0xdb,0x37,0x45,0xde,0xfd,0x8e,0x2f,0x03,0xff,0x6a,0x72,0x6d,0x6c,0x5b,0x51 },
{ 0x8d,0x1b,0xaf,0x92,0xbb,0xdd,0xbc,0x7f,0x11,0xd9,0x5c,0x41,0x1f,0x10,0x5a,0xd8 },
{ 0x0a,0xc1,0x31,0x88,0xa5,0xcd,0x7b,0xbd,0x2d,0x74,0xd0,0x12,0xb8,0xe5,0xb4,0xb0 },
{ 0x89,0x69,0x97,0x4a,0x0c,0x96,0x77,0x7e,0x65,0xb9,0xf1,0x09,0xc5,0x6e,0xc6,0x84 },
{ 0x18,0xf0,0x7d,0xec,0x3a,0xdc,0x4d,0x20,0x79,0xee,0x5f,0x3e,0xd7,0xcb,0x39,0x48 }
};
/*--------------------------------------------------------------------------------------------------------------*/
/* System parameter */
static const unsigned long FK[4] =
{ 0xa3b1bac6,0x56aa3350,0x677d9197,0xb27022dc };
/*--------------------------------------------------------------------------------------------------------------*/
/* fixed parameter */
static const unsigned long CK[32] =
{
0x00070e15,0x1c232a31,0x383f464d,0x545b6269,
0x70777e85,0x8c939aa1,0xa8afb6bd,0xc4cbd2d9,
0xe0e7eef5,0xfc030a11,0x181f262d,0x343b4249,
0x50575e65,0x6c737a81,0x888f969d,0xa4abb2b9,
0xc0c7ced5,0xdce3eaf1,0xf8ff060d,0x141b2229,
0x30373e45,0x4c535a61,0x686f767d,0x848b9299,
0xa0a7aeb5,0xbcc3cad1,0xd8dfe6ed,0xf4fb0209,
0x10171e25,0x2c333a41,0x484f565d,0x646b7279
};
/*--------------------------------------------------------------------------------------------------------------*/
/*
* private function:
* look up in SboxTable and get the related value.
* args: [in] inch: 0x00~0xFF (8 bits unsigned value).
*/
static unsigned char sm4Sbox(unsigned char inch)
{
unsigned char *pTable = (unsigned char *)SboxTable;
unsigned char retVal = (unsigned char)(pTable[inch]);
return retVal;
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* private F(Lt) function:
* "T algorithm" == "L algorithm" + "t algorithm".
* args: [in] a: a is a 32 bits unsigned value;
* return: c: c is calculated with line algorithm "L" and nonline algorithm "t"
*/
static unsigned long sm4Lt(unsigned long ka)
{
unsigned long bb = 0;
unsigned long c = 0;
unsigned char a[4];
unsigned char b[4];
PUT_ULONG_BE(ka, a, 0)
b[0] = sm4Sbox(a[0]);
b[1] = sm4Sbox(a[1]);
b[2] = sm4Sbox(a[2]);
b[3] = sm4Sbox(a[3]);
GET_ULONG_BE(bb, b, 0)
c = bb ^ (ROTL(bb, 2)) ^ (ROTL(bb, 10)) ^ (ROTL(bb, 18)) ^ (ROTL(bb, 24));
return c;
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* private F function:
* Calculating and getting encryption/decryption contents.
* args: [in] x0: original contents;
* args: [in] x1: original contents;
* args: [in] x2: original contents;
* args: [in] x3: original contents;
* args: [in] rk: encryption/decryption key;
* return the contents of encryption/decryption contents.
*/
static unsigned long sm4F(unsigned long x0, unsigned long x1, unsigned long x2, unsigned long x3, unsigned long rk)
{
return (x0^sm4Lt(x1^x2^x3^rk));
}
/*--------------------------------------------------------------------------------------------------------------*/
/* private function:
* Calculating round encryption key.
* args: [in] a: a is a 32 bits unsigned value;
* return: sk[i]: i{0,1,2,3,...31}.
*/
static unsigned long sm4CalciRK(unsigned long ka)
{
unsigned long bb = 0;
unsigned long rk = 0;
unsigned char a[4];
unsigned char b[4];
PUT_ULONG_BE(ka, a, 0)
b[0] = sm4Sbox(a[0]);
b[1] = sm4Sbox(a[1]);
b[2] = sm4Sbox(a[2]);
b[3] = sm4Sbox(a[3]);
GET_ULONG_BE(bb, b, 0)
rk = bb ^ (ROTL(bb, 13)) ^ (ROTL(bb, 23));
return rk;
}
/*--------------------------------------------------------------------------------------------------------------*/
static void sm4_setkey(unsigned long SK[32], unsigned char key[16])
{
unsigned long MK[4];
unsigned long k[36];
unsigned long i = 0;

GET_ULONG_BE(MK[0], key, 0);
GET_ULONG_BE(MK[1], key, 4);
GET_ULONG_BE(MK[2], key, 8);
GET_ULONG_BE(MK[3], key, 12);
k[0] = MK[0] ^ FK[0];
k[1] = MK[1] ^ FK[1];
k[2] = MK[2] ^ FK[2];
k[3] = MK[3] ^ FK[3];
for (; i<32; i++)
{
k[i + 4] = k[i] ^ (sm4CalciRK(k[i + 1] ^ k[i + 2] ^ k[i + 3] ^ CK[i]));
SK[i] = k[i + 4];
}

}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* SM4 standard one round processing
*
*/
static void sm4_one_round(unsigned long sk[32],
unsigned char input[16],
unsigned char output[16])
{
unsigned long i = 0;
unsigned long ulbuf[36];

memset(ulbuf, 0, sizeof(ulbuf));
GET_ULONG_BE(ulbuf[0], input, 0)
GET_ULONG_BE(ulbuf[1], input, 4)
GET_ULONG_BE(ulbuf[2], input, 8)
GET_ULONG_BE(ulbuf[3], input, 12)
while (i<32)
{
ulbuf[i + 4] = sm4F(ulbuf[i], ulbuf[i + 1], ulbuf[i + 2], ulbuf[i + 3], sk[i]);
i++;
}
PUT_ULONG_BE(ulbuf[35], output, 0);
PUT_ULONG_BE(ulbuf[34], output, 4);
PUT_ULONG_BE(ulbuf[33], output, 8);
PUT_ULONG_BE(ulbuf[32], output, 12);
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* SM4 key schedule (128-bit, encryption)
*/
void sm4_setkey_enc(sm4_context *ctx, unsigned char key[16])
{
ctx->mode = SM4_ENCRYPT;
sm4_setkey(ctx->sk, key);
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* SM4 key schedule (128-bit, decryption)
*/
void sm4_setkey_dec(sm4_context *ctx, unsigned char key[16])
{
int i;
ctx->mode = SM4_ENCRYPT;
sm4_setkey(ctx->sk, key);
for (i = 0; i < 16; i++)
{
SWAP(ctx->sk[i], ctx->sk[31 - i]);
}
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* SM4-ECB block encryption/decryption
*/
void sm4_crypt_ecb(sm4_context *ctx,
int mode,
int length,
unsigned char *input,
unsigned char *output)
{
while (length > 0)
{
sm4_one_round(ctx->sk, input, output);
input += 16;
output += 16;
length -= 16;
}
}
/*--------------------------------------------------------------------------------------------------------------*/
/*
* SM4-CBC buffer encryption/decryption
*/
void sm4_crypt_cbc(sm4_context *ctx,
int mode,
int length,
unsigned char iv[16],
unsigned char *input,
unsigned char *output)
{
int i;
unsigned char temp[16];

if (mode == SM4_ENCRYPT)
{
while (length > 0)
{
for (i = 0; i < 16; i++)
output[i] = (unsigned char)(input[i] ^ iv[i]);

sm4_one_round(ctx->sk, output, output);
memcpy(iv, output, 16);

input += 16;
output += 16;
length -= 16;
}
}
else /* SM4_DECRYPT */
{
while (length > 0)
{
memcpy(temp, input, 16);
sm4_one_round(ctx->sk, input, output);

for (i = 0; i < 16; i++)
output[i] = (unsigned char)(output[i] ^ iv[i]);

memcpy(iv, temp, 16);

input += 16;
output += 16;
length -= 16;
}
}
}
/*--------------------------------------------------------------------------------------------------------------*/
int main()
{
unsigned char key[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
unsigned char input[16] = { 0xD4, 0xD9, 0x76, 0xED, 0x8C, 0xFD, 0x9E, 0x36, 0x75, 0xCF, 0x39, 0x20, 0x56, 0x3A, 0xE6, 0xBF };
unsigned char output[16];
unsigned char iv[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
sm4_context ctx;
unsigned long i;

/*
//encrypt testing
sm4_setkey_enc(&ctx,key);
sm4_crypt_ecb(&ctx,1,16,input,output);
for(i=0;i<16;i++)
printf("%02x ", output[i]);
printf("\n");
*/

//decrypt testing
sm4_setkey_dec(&ctx, key);
sm4_crypt_cbc(&ctx, 0, 16, iv, input, output);
for (i = 0; i<16; i++)
printf("%02x\n", output[i]);
printf("\n");
return 0;
}

第三个函数就是个base64直接搞

1
2
3
4
5
6
7
8
9
10
11
12
#输出数组
import base64
base = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
diy_base = 'abcdefghijklmnpoqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/'
s = 'cpVVnW'
ss = ''
for i in range(len(s)-2):
ss += base[diy_base.find(s[i])]
ss += '=='
a = base64.b64decode(ss)
print(list(map(hex,a)))

然后再进行异或,转换两次小端序就行

1
2
3
4
5
6
7
8
9
10
11
12
13
v8 =  0x37efeb08
v11 = 0x8275e5d1
v12 = 0xff540b2d
v9 = 0x09e948b0
flag =[0] * 4
flag[0] = v9 ^ 0x39DEB332
flag[1] = v9 ^ v11
flag[2] = v11 ^v12
flag[3] = v12 ^ v8
print(hex(flag[0]))
print(hex(flag[1]))
print(hex(flag[2]))
print(hex(flag[3]))

creakme4

image-20220707204945097

还是直接看so文件

image-20220708200200022

findcript直接找到是blowfish加密,之前做过这个加密:

image-20220708200238598

然后下面发现还有个加密

image-20220708200306368

findcrypt并没有检测出,

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
__int64 __fastcall sub_142B8(__int64 a1, __int64 a2, __int64 a3)
{
int v5; // w23
int v6; // w0
int v7; // w3
int v8; // w4
int v9; // w5
int v10; // w6
void *v11; // x7
__int64 v12; // x21
__int64 v13; // x0
__int64 v14; // x19
__int64 v16; // [xsp+0h] [xbp-E0h] BYREF
__int64 v17[2]; // [xsp+8h] [xbp-D8h] BYREF
void *ptr; // [xsp+18h] [xbp-C8h]
char v19[8]; // [xsp+20h] [xbp-C0h] BYREF
char v20[96]; // [xsp+28h] [xbp-B8h] BYREF
char v21[8]; // [xsp+88h] [xbp-58h] BYREF
_QWORD v22[2]; // [xsp+90h] [xbp-50h] BYREF

v5 = 1945572552;
v22[1] = *(_QWORD *)(_ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2)) + 40);
v17[1] = 0LL;
ptr = 0LL;
v17[0] = 0LL;
v6 = strlen(a5);
sub_14FE0((int)v17, (int)a5, v6, v7, v8, v9, v10, v11);
v12 = (*(__int64 (__fastcall **)(__int64, __int64, _QWORD))(*(_QWORD *)a1 + 1352LL))(a1, a3, 0LL);
sub_13FC8(v12, v21);
v16 = 0xE7CDAB8967452301LL;
sub_1054C(&v16, v20, 0LL);
sub_10C84(v22, v19, v20);
if ( (unsigned __int8)v19[0] == 228
&& (unsigned __int8)v19[1] == 234
&& (unsigned __int8)v19[2] == 196
&& (unsigned __int8)v19[3] == 129
&& (unsigned __int8)v19[4] == 185
&& (unsigned __int8)v19[5] == 254
&& v19[6] == 38
&& (unsigned __int8)v19[7] == 188 )
{
v13 = (*(__int64 (__fastcall **)(__int64, void *))(*(_QWORD *)a1 + 1336LL))(a1, &unk_3C090);
}
else
{
(*(void (__fastcall **)(__int64, __int64, __int64))(*(_QWORD *)a1 + 1360LL))(a1, a3, v12);
v13 = (*(__int64 (__fastcall **)(__int64, void *))(*(_QWORD *)a1 + 1336LL))(a1, &unk_3C050);
}
v14 = v13;
while ( v5 != 847613141 )
{
if ( (v17[0] & 1) != 0 )
v5 = 847613141;
else
v5 = -519487832;
if ( v5 == -519487832 )
return v14;
}
operator delete(ptr);
return v14;
}

image-20220708200509986

学了des加密后,发现这有8个s盒,应该是个des,并没有魔改。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from Crypto.Cipher import Blowfish
key = b'\x12\x34\x56\x78\x9a\xbc\xde\xff'
enc_data = bytes([0x92, 0xB1, 0xC0, 0x8D, 0x7D, 0x4D, 0x02, 0XB6])
cipher = Blowfish.new(key, Blowfish.MODE_ECB)
dec = cipher.decrypt(enc_data)
for i in dec:
print("{:02x}".format(i), end='')
from Crypto.Cipher import DES
key = bytes([0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xe7])
enc_data = bytes([0xE4, 0XEA, 0XC4, 0X81, 0xB9, 0xFE, 0x26, 0xBC])
cipher = DES.new(key, DES.MODE_ECB)
dec = cipher.decrypt(enc_data)
for i in dec:
print("{:02x}".format(i), end='')

得到flag

analgo

又是go语言,发现有一段brainfuck

直接在对比处下断点来查看输入后经过加密会怎么变化。

image-20220708092459410

image-20220708165947660

在比较处patch一下

1
2
3
4
5
6
输入:111111111111111111111111111111111111111111
输出:0F 5291D4135695D8175A99DC1B5E9DE01F62A1E42366A5E8276AA9EC2B6EADB0EF3271B4F33675B8F70F
输入:211111111111111111111111111111111111111111
输出:C2 5291D4135695D8175A99DC1B5E9DE01F62A1E42366A5E8276AA9EC2B6EADB0EF3271B4F33675B8F70F
输入:112111111111111111111111111111111111111111
输出:0F 7F 40D4135695D8175A99DC1B5E9DE01F62A1E42366A5E8276AA9EC2B6EADB0EF3271B4F33675B8F70F

很明显字节与字节之间并无明显关联,对程序进行单字节爆破处理,这是我第二次见这样的脚本,上次还是在hgame。。。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import subprocess
import string

data = list('fl1111111111111111111111111111111111111111\n')#确定前两个字符从而递归推出下面字符
for i in range(2,0x2a):
bin = bytearray(open("analgo.exe","rb").read())
bin[0xb3045] = i
open("analgo.exe","wb").write(bin)#将之后的值写入文件
for j in string.printable:#爆破
data[i] = j
pipe = subprocess.Popen("./analgo.exe",bufsize=2,stdout=subprocess.PIPE,stdin=subprocess.PIPE)#创建管道
pipe.stdin.write(bytes("".join(data).encode("utf-8"))) #将该字符写入文件进行验证
if b'right!\n' == pipe.stdout.read():#如果子进程输出right
break
print("".join(data))#输出结果

flag{568a3cdd-77e1-4c42-9fee-127e27a5744e}

1
2
3
4
5
6
7
8
subprocess.run(args, *, stdin=None, input=None, stdout=None, stderr=None, capture_output=False, shell=False, cwd=None, timeout=None, check=False, encoding=None, errors=None, text=None, env=None, universal_newlines=None)

args:表示要执行的命令。必须是一个字符串,字符串参数列表。
stdin、stdout 和 stderr:子进程的标准输入、输出和错误。其值可以是 subprocess.PIPE、subprocess.DEVNULL、一个已经存在的文件描述符、已经打开的文件对象或者 None。subprocess.PIPE 表示为子进程创建新的管道。subprocess.DEVNULL 表示使用 os.devnull。默认使用的是 None,表示什么都不做。另外,stderr 可以合并到 stdout 里一起输出。
timeout:设置命令超时时间。如果命令执行时间超时,子进程将被杀死,并弹出 TimeoutExpired 异常。
check:如果该参数设置为 True,并且进程退出状态码不是 0,则弹 出 CalledProcessError 异常。
encoding: 如果指定了该参数,则 stdin、stdout 和 stderr 可以接收字符串数据,并以该编码方式编码。否则只接收 bytes 类型的数据。
shell:如果该参数为 True,将通过操作系统的 shell 执行指定的命令

rota

这题还是比较简单的

image-20220711181535411

显然base64换表加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
if ( v13 )
{
for ( i = 0i64; i < 64; ++i )
*((_BYTE *)&unk_7FF75F6B6040 + i) = (*((_BYTE *)&unk_7FF75F6B6040 + i) + 1) & 0x3F;
}
else
{
si128 = _mm_load_si128((const __m128i *)&xmmword_7FF75F6B4340);
v15 = _mm_load_si128((const __m128i *)&xmmword_7FF75F6B4350);
v16 = 0i64;
v17 = _mm_cvtsi32_si128(6u);
do
{
v18 = _mm_add_epi32(_mm_cvtepu8_epi32(*(_DWORD *)((char *)&unk_7FF75F6B6040 + v16)), si128);
v19 = _mm_and_si128(
_mm_shuffle_epi32(
_mm_shufflehi_epi16(
_mm_shufflelo_epi16(
_mm_sub_epi32(
v18,
_mm_sll_epi32(
_mm_sra_epi32(_mm_add_epi32(_mm_and_si128(_mm_cmpgt_epi32((__m128i)0i64, v18), v15), v18), v17),
v17)),
216),
216),
216),
(__m128i)xmmword_7FF75F6B4360);
*(_DWORD *)((char *)&unk_7FF75F6B6040 + v16) = _mm_cvtsi128_si32(_mm_packus_epi16(v19, v19));
v20 = _mm_add_epi32(_mm_cvtepu8_epi32(*(_DWORD *)((char *)&unk_7FF75F6B6044 + v16)), si128);
v21 = _mm_and_si128(
_mm_shuffle_epi32(
_mm_shufflehi_epi16(
_mm_shufflelo_epi16(
_mm_sub_epi32(
v20,
_mm_sll_epi32(
_mm_sra_epi32(_mm_add_epi32(_mm_and_si128(_mm_cmpgt_epi32((__m128i)0i64, v20), v15), v20), v17),
v17)),
216),
216),
216),
(__m128i)xmmword_7FF75F6B4360);
*(_DWORD *)((char *)&unk_7FF75F6B6044 + v16) = _mm_cvtsi128_si32(_mm_packus_epi16(v21, v21));
v16 += 8i64;
}
while ( v16 < 64 );
}
sub_7FF75F6B10E0((__int64)v24);
sub_7FF75F6B1E10(v24, (__int64)v32, (__int64)encode2);

下面这其实都没啥,最主要的是sub_7FF75F6B1E10函数v32是传进来的base64加密函数。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
char __fastcall sub_7FF75F6B1E10(_BYTE *a1, __int64 a2, __int64 a3)
{
char v3; // bl
_BYTE *v4; // rdi
char v5; // r9
char result; // al
__int64 v7; // rbp
__int64 v9; // rsi
int v10; // edx
char v11; // r8
__int64 v12; // rdx
char v13; // bl
__int64 v14; // rcx
int v15; // edx
char v16; // r8
__int64 v17; // rdx
char v18; // bl
__int64 v19; // rcx
int v20; // edx
char v21; // r8
__int64 v22; // rdx
char v23; // bl
__int64 v24; // rcx
int v25; // edx
char v26; // r8
__int64 v27; // rdx
char v28; // bl
__int64 v29; // rcx
int v30; // edx
char v31; // r8
__int64 v32; // rdx
__int64 v33; // rcx

v3 = a1[192];
v4 = (_BYTE *)(a3 + 1);
v5 = a1[193];
result = a1[194];
v7 = a2 - a3;
v9 = 9i64;
do
{
v10 = 0;
while ( (unsigned __int8)v4[v7 - 1] != aXiizduaoglak6j[v10] )
{
if ( ++v10 >= 64 )
{
LOBYTE(v10) = 0;
break;
}
}
v11 = v5;
v12 = (v5 + a1[(v3 + (_BYTE)v10) & 0x3F]) & 0x3F;
v13 = (v3 + 1) & 0x3F;
v14 = (unsigned __int8)a1[((result + a1[v12 + 64]) & 0x3F) + 128];
a1[192] = v13;
*(v4 - 1) = aXiizduaoglak6j[v14];
if ( !v13 )
{
v5 = (v5 + 1) & 0x3F;
a1[193] = v5;
if ( ((v11 + 1) & 0x3F) == 0 )
{
result = (result + 1) & 0x3F;
a1[194] = result;
}
}
v15 = 0;
while ( (unsigned __int8)v4[v7] != aXiizduaoglak6j[v15] )
{
if ( ++v15 >= 64 )
{
LOBYTE(v15) = 0;
break;
}
}
v16 = v5;
v17 = (v5 + a1[(v13 + (_BYTE)v15) & 0x3F]) & 0x3F;
v18 = (v13 + 1) & 0x3F;
v19 = (unsigned __int8)a1[((result + a1[v17 + 64]) & 0x3F) + 128];
a1[192] = v18;
*v4 = aXiizduaoglak6j[v19];
if ( !v18 )
{
v5 = (v5 + 1) & 0x3F;
a1[193] = v5;
if ( ((v16 + 1) & 0x3F) == 0 )
{
result = (result + 1) & 0x3F;
a1[194] = result;
}
}
v20 = 0;
while ( (unsigned __int8)v4[v7 + 1] != aXiizduaoglak6j[v20] )
{
if ( ++v20 >= 64 )
{
LOBYTE(v20) = 0;
break;
}
}
v21 = v5;
v22 = (v5 + a1[(v18 + (_BYTE)v20) & 0x3F]) & 0x3F;
v23 = (v18 + 1) & 0x3F;
v24 = (unsigned __int8)a1[((result + a1[v22 + 64]) & 0x3F) + 128];
a1[192] = v23;
v4[1] = aXiizduaoglak6j[v24];
if ( !v23 )
{
v5 = (v5 + 1) & 0x3F;
a1[193] = v5;
if ( ((v21 + 1) & 0x3F) == 0 )
{
result = (result + 1) & 0x3F;
a1[194] = result;
}
}
v25 = 0;
while ( (unsigned __int8)v4[v7 + 2] != aXiizduaoglak6j[v25] )
{
if ( ++v25 >= 64 )
{
LOBYTE(v25) = 0;
break;
}
}
v26 = v5;
v27 = (v5 + a1[(v23 + (_BYTE)v25) & 0x3F]) & 0x3F;
v28 = (v23 + 1) & 0x3F;
v29 = (unsigned __int8)a1[((result + a1[v27 + 64]) & 0x3F) + 128];
a1[192] = v28;
v4[2] = aXiizduaoglak6j[v29];
if ( !v28 )
{
v5 = (v5 + 1) & 0x3F;
a1[193] = v5;
if ( ((v26 + 1) & 0x3F) == 0 )
{
result = (result + 1) & 0x3F;
a1[194] = result;
}
}
v30 = 0;
while ( (unsigned __int8)v4[v7 + 3] != aXiizduaoglak6j[v30] )
{
if ( ++v30 >= 64 )
{
LOBYTE(v30) = 0;
break;
}
}
v31 = v5;
v32 = (v5 + a1[(v28 + (_BYTE)v30) & 0x3F]) & 0x3F;
v3 = (v28 + 1) & 0x3F;
v33 = (unsigned __int8)a1[((result + a1[v32 + 64]) & 0x3F) + 128];
a1[192] = v3;
v4[3] = aXiizduaoglak6j[v33];
if ( !v3 )
{
v5 = (v5 + 1) & 0x3F;
a1[193] = v5;
if ( ((v31 + 1) & 0x3F) == 0 )
{
result = (result + 1) & 0x3F;
a1[194] = result;
}
}
v4 += 5;
--v9;
}
while ( v9 );
return result;
}

5个地方结构相似,发现其实只用看懂一个就行,原数据在v4,我们可以直接爆破,然后直接对比就行,其实不难。每个结构其实是对一个字符进行的加密,那么每一次do while就是加密5个,但我们可以直接单个爆破。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import base64
cmp = "ksPhS/34MXifj+Ibtjud2Tikj5HkA7iTpbaNELBebOaIm"
base_change = "XiIzDuAoGlaK6JcjM3g/9YQmHBOsxn1hLZ4w7Tt0PV5pNqUFC+rE2dSfyvWe8kRb"
base = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
a1 = [0x33, 0x34, 0x2C, 0x36, 0x1D, 0x12, 0x1E, 0x0C, 0x1A, 0x3C, 0x29, 0x10, 0x20, 0x14, 0x3D, 0x3B, 0x19, 0x08, 0x0E, 0x1F, 0x30, 0x05, 0x38, 0x03, 0x11, 0x1B, 0x17, 0x21, 0x2E, 0x04, 0x18, 0x23, 0x2B, 0x02, 0x27, 0x37, 0x1C, 0x24, 0x39, 0x3F, 0x35, 0x2D, 0x26, 0x13, 0x2A, 0x0A, 0x00, 0x07, 0x3E, 0x01, 0x28, 0x2F, 0x32, 0x22, 0x0D, 0x06, 0x25, 0x3A, 0x09, 0x0F, 0x16, 0x0B, 0x15, 0x31, 0x0C, 0x2C, 0x0D, 0x21, 0x22, 0x09, 0x02, 0x39, 0x31, 0x17, 0x1A, 0x33, 0x06, 0x24, 0x10, 0x04, 0x1B, 0x0B, 0x34, 0x12, 0x38, 0x27, 0x0E, 0x20, 0x2B, 0x2E, 0x00, 0x13, 0x3E, 0x3A, 0x05, 0x1E, 0x36, 0x08, 0x32, 0x29, 0x19, 0x23, 0x3D, 0x3B, 0x3C, 0x3F, 0x37, 0x30, 0x18, 0x16, 0x35, 0x25, 0x0A, 0x2D, 0x28, 0x26, 0x15, 0x11, 0x07, 0x1D, 0x2A, 0x0F, 0x1F, 0x14, 0x01, 0x1C, 0x03, 0x2F, 0x13, 0x0D, 0x35, 0x31, 0x07, 0x11, 0x1B, 0x23, 0x0B, 0x0C, 0x10, 0x25, 0x2B, 0x21, 0x33, 0x18, 0x27, 0x29, 0x02, 0x2F, 0x28, 0x30, 0x0E, 0x19, 0x3C, 0x08, 0x34, 0x20, 0x3D, 0x2E, 0x05, 0x15, 0x2C, 0x1C, 0x36, 0x22, 0x1E, 0x24, 0x38, 0x0A, 0x3F, 0x1A, 0x04, 0x26, 0x16, 0x2A, 0x3A, 0x1F, 0x2D, 0x32, 0x06, 0x37, 0x03, 0x3B, 0x00, 0x17, 0x1D, 0x12, 0x09, 0x01, 0x3E, 0x39, 0x0F, 0x14]
flag1 = ''
flag = ""
for i in range(45):
for j in base_change:
x = base_change.find(j)
v17 = a1[(i + x) & 0x3f] & 0x3f
v14 = a1[(a1[v17 + 64] ) + 128]
if base_change[v14] == cmp[i]:
flag1 += j

print(flag1)
for i in range(len(flag1)-1):
flag += base[base_change.find(flag1[i])]
print(base64.b64decode(flag))

gocode

这个题字节码逆向,还是go的,不过这个go比之前做的友善多了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
void __cdecl main_main()
{
unsigned __int64 v0; // rdi
__int64 count; // rax
unsigned __int64 v2; // rcx
__int64 v3; // rdx
unsigned __int64 v4; // rbx
unsigned __int64 opcode; // rsi
unsigned __int64 v6; // rsi
unsigned __int64 v7; // r8
unsigned __int64 v8; // rsi
unsigned __int64 i; // rsi
_QWORD *v10; // rax
__int64 v11; // rbx
__int64 v12; // rsi
unsigned __int64 v13; // rdi
__int64 v14; // rcx
unsigned __int64 v15; // rsi
unsigned __int64 v16; // r8
const char *v17; // rdx
unsigned __int64 v18; // rsi
unsigned __int64 v19; // r8
unsigned __int64 v20; // rsi
unsigned __int64 v21; // r8
unsigned __int64 v22; // rsi
unsigned __int64 v23; // r8
unsigned __int64 v24; // r8
unsigned __int64 v25; // rsi
__int64 v26; // rsi
unsigned __int64 v27; // rdi
unsigned __int64 v28; // rsi
__int64 v29; // rsi
void **v30; // [rsp+0h] [rbp-CD0h]
__int64 v31; // [rsp+8h] [rbp-CC8h]
_QWORD *v32; // [rsp+20h] [rbp-CB0h]
__int128 v33; // [rsp+28h] [rbp-CA8h]
__int64 v34; // [rsp+38h] [rbp-C98h]
__int64 v35; // [rsp+40h] [rbp-C90h]
_QWORD *v36; // [rsp+50h] [rbp-C80h]
unsigned __int64 v37; // [rsp+58h] [rbp-C78h]
__int64 v38; // [rsp+68h] [rbp-C68h]
__int64 v39; // [rsp+70h] [rbp-C60h]
unsigned __int64 v40; // [rsp+78h] [rbp-C58h]
unsigned __int64 v41; // [rsp+80h] [rbp-C50h] BYREF
__int128 v42[2]; // [rsp+88h] [rbp-C48h] BYREF
__int64 v43[374]; // [rsp+A8h] [rbp-C28h] BYREF
__int64 v44; // [rsp+C58h] [rbp-78h] BYREF
__int64 v45; // [rsp+C60h] [rbp-70h]
_QWORD v46[2]; // [rsp+C68h] [rbp-68h] BYREF
_QWORD v47[2]; // [rsp+C78h] [rbp-58h] BYREF
_QWORD v48[2]; // [rsp+C88h] [rbp-48h] BYREF
_QWORD v49[2]; // [rsp+C98h] [rbp-38h] BYREF
_QWORD v50[2]; // [rsp+CA8h] [rbp-28h] BYREF
_QWORD v51[2]; // [rsp+CB8h] [rbp-18h] BYREF

while ( (unsigned __int64)&v41 <= *(_QWORD *)(*(_QWORD *)NtCurrentTeb()->NtTib.ArbitraryUserPointer + 16LL) )
runtime_morestack_noctxt();
qmemcpy(v43, "\n", sizeof(v43));
v0 = (unsigned __int64)&v44;
memset(v42, 0, sizeof(v42));
count = 0LL;
v2 = 0LL;
v3 = 0LL;
v4 = 0LL;
while ( 1 )
{
if ( (unsigned __int64)count >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v37 = v2;
v44 = v3;
v38 = count;
opcode = v43[count];
if ( opcode <= 0xC )
break;
if ( opcode > 0xE )
{
switch ( opcode )
{
case 0xFuLL:
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v22 = v43[count + 1];
if ( v22 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v23 = v43[count + 2];
if ( v23 >= 4 )
goto LABEL_97;
v24 = *((_QWORD *)v42 + v23);
if ( !v24 )
{
v31 = runtime_panicdivide(v30);
LABEL_97:
runtime_panicIndexU((__int64)v30, v31);
}
v0 = v3;
*((_QWORD *)v42 + v22) /= v24;
count += 3LL;
break;
case 0xAAuLL:
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v25 = v43[count + 1];
if ( v25 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v26 = *((_QWORD *)v42 + v25);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v27 = v43[count + 2];
if ( v27 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v27);
if ( v0 != v26 )
{
v47[0] = &unk_D62740;
v47[1] = &off_DA0B58;
fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v47, 1LL, 1LL, v33, *((__int64 *)&v33 + 1), v34);
v31 = os_Exit(0LL);
count = v38;
v2 = v37;
v3 = v44;
}
count += 3LL;
break;
case 0xBBuLL:
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v28 = v43[count + 2];
if ( v28 >= v2 )
runtime_panicIndexU((__int64)v30, v31);
v29 = *(_QWORD *)(v3 + 8 * v28);
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v0 = v43[count + 1];
if ( v0 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
*((_QWORD *)v42 + v0) = v29;
count += 3LL;
break;
}
}
else if ( opcode == 13 )
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v18 = v43[count + 1];
if ( v18 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v19 = v43[count + 2];
if ( v19 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v18) - *((_QWORD *)v42 + v19);
*((_QWORD *)v42 + v18) = v0;
count += 3LL;
}
else
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v20 = v43[count + 1];
if ( v20 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v21 = v43[count + 2];
if ( v21 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v21) * *((_QWORD *)v42 + v20);
*((_QWORD *)v42 + v20) = v0;
count += 3LL;
}
LABEL_12:
if ( count >= 374 )
{
v46[0] = &unk_D62740;
v46[1] = &off_DA0B78;
fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v46, 1LL, 1LL, v33, *((__int64 *)&v33 + 1), v34);
return;
}
}
if ( opcode <= 2 )
{
if ( opcode == 1 )
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v6 = v43[count + 1];
if ( v6 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v7 = v43[count + 2];
if ( v7 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v7) ^ *((_QWORD *)v42 + v6);
*((_QWORD *)v42 + v6) = v0;
count += 3LL;
}
else if ( opcode == 2 )
{
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v0 = v43[count + 2];
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v8 = v43[count + 1];
if ( v8 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
*((_QWORD *)v42 + v8) = v0;
count += 3LL;
}
goto LABEL_12;
}
if ( opcode != 10 )
{
if ( opcode == 11 )
{
for ( i = 0LL; ; i = v41 )
{
v0 = qword_E23C38;
if ( (__int64)i >= qword_E23C38 )
break;
if ( i + 2 > qword_E23C38 )
runtime_panicSliceAlen((__int64)v30, v31);
if ( i > i + 2 )
runtime_panicSliceB((__int64)v30, v31);
v41 = i + 2;
v45 = v3;
v40 = v4;
v39 = v2;
v34 = strconv_ParseUint(qword_E23C30 + i, 2LL, 16LL, 32LL, (__int64)v32, v33);
v10 = v32;
if ( (_QWORD)v33 )
{
v48[0] = &unk_D62740;
v48[1] = &off_DA0B68;
fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v48, 1LL, 1LL, v33, *((__int64 *)&v33 + 1), v34);
return;
}
v11 = v39;
v12 = v39 + 1;
v13 = v40;
if ( v40 < v39 + 1 )
{
v36 = v32;
runtime_growslice((__int64)"\b", v45, v39, v40, v39 + 1, 0LL, *((__int64 *)&v33 + 1), v34);
v14 = v33;
v13 = v34;
v12 = *((_QWORD *)&v33 + 1) + 1LL;
v10 = v36;
v11 = v39;
}
else
{
v14 = v45;
}
*(_QWORD *)(v14 + 8 * v11) = v10;
count = v38;
v4 = v13;
v3 = v14;
v2 = v12;
}
++count;
}
else if ( opcode == 12 )
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v15 = v43[count + 1];
if ( v15 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v16 = v43[count + 2];
if ( v16 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v16) + *((_QWORD *)v42 + v15);
*((_QWORD *)v42 + v15) = v0;
count += 3LL;
}
goto LABEL_12;
}
v51[0] = &unk_D62740;
v51[1] = &off_DA0B48;
v35 = fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v51, 1LL, 1LL, v33, *((__int64 *)&v33 + 1), v34);
v50[0] = "\b";
v50[1] = &qword_E23C30;
v30 = &off_DA21F8;
v31 = qword_E23420;
v32 = v50;
*(_QWORD *)&v33 = 1LL;
*((_QWORD *)&v33 + 1) = 1LL;
fmt_Fscanf(v0, (__int64)v50, "%37s", &qword_E23C30);
if ( v35 )
return;
if ( qword_E23C38 == 37 && *(_DWORD *)qword_E23C30 == '{LCP' && *(_BYTE *)(qword_E23C30 + 36) == 125 )// 检测长度和PCL{}
{
qword_E23C38 = 32LL;
if ( dword_E66C60 )
{
v0 = (unsigned __int64)&qword_E23C30;
runtime_gcWriteBarrierBX(&qword_E23C30, v50, v17);
}
else
{
qword_E23C30 += 4LL;
}
count = v38 + 1;
v2 = v37;
v3 = v44;
goto LABEL_12;
}
v49[0] = &unk_D62740;
v49[1] = &off_DA0B58;
fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v49, 1LL, 1LL, 1LL, 1LL, v34);
}

指令集都在v43里,我们可以dump出来的,发现也就是几种指令,三个一组。前两个0xa和0xb是为了验证输入格式是否正确

1
[0x0A, 0x0B, 0xBB, 0x00, 0x00, 0xBB, 0x01, 0x01, 0xBB, 0x02, 0x02, 0xBB, 0x03, 0x03, 0x0C, 0x01, 0x02, 0x02, 0x02, 0x11B, 0xAA, 0x01, 0x02, 0xBB, 0x01, 0x01, 0xBB, 0x02, 0x02, 0x0C, 0x00, 0x01, 0x0E, 0x00, 0x02, 0x0D, 0x00, 0x03, 0x02, 0x02, 0x7901, 0xAA, 0x00, 0x02, 0xBB, 0x02, 0x02, 0x02, 0x00, 0x63, 0x01, 0x02, 0x00, 0xBB, 0x00, 0x00, 0x0E, 0x00, 0x02, 0x0D, 0x00, 0x01, 0x0C, 0x00, 0x03, 0x02, 0x01, 0x1FF6, 0xAA, 0x00, 0x01, 0xBB, 0x01, 0x01, 0xBB, 0x00, 0x00, 0xBB, 0x02, 0x02, 0x0C, 0x01, 0x00, 0x0C, 0x01, 0x02, 0x0C, 0x01, 0x03, 0x02, 0x00, 0x21E, 0xAA, 0x01, 0x00, 0xBB, 0x01, 0x01, 0xBB, 0x00, 0x00, 0x0E, 0x00, 0x03, 0x0D, 0x00, 0x01, 0x0C, 0x00, 0x02, 0x02, 0x03, 0x3331, 0xAA, 0x00, 0x03, 0xBB, 0x00, 0x04, 0xBB, 0x01, 0x05, 0xBB, 0x02, 0x06, 0x02, 0x03, 0x63, 0x0C, 0x00, 0x03, 0x02, 0x03, 0x68, 0x01, 0x00, 0x03, 0x02, 0x03, 0x152, 0xAA, 0x00, 0x03, 0x02, 0x03, 0x33, 0x0D, 0x01, 0x03, 0x02, 0x03, 0x63, 0x0E, 0x01, 0x03, 0x02, 0x00, 0x441, 0xAA, 0x00, 0x01, 0x02, 0x03, 0x63, 0x01, 0x02, 0x03, 0x02, 0x03, 0x6B, 0x0C, 0x02, 0x03, 0x02, 0x01, 0x10E, 0xAA, 0x02, 0x01, 0x02, 0x01, 0x9E, 0xBB, 0x00, 0x07, 0xAA, 0x00, 0x01, 0xBB, 0x00, 0x08, 0xBB, 0x01, 0x09, 0xBB, 0x02, 0x0A, 0xBB, 0x03, 0x0B, 0x0E, 0x00, 0x03, 0x02, 0x03, 0x36CE, 0xAA, 0x00, 0x03, 0xBB, 0x00, 0x08, 0xBB, 0x03, 0x0B, 0x0C, 0x00, 0x01, 0x0E, 0x00, 0x02, 0x0D, 0x00, 0x03, 0x02, 0x02, 0x682D, 0xAA, 0x00, 0x02, 0xBB, 0x02, 0x0A, 0x02, 0x00, 0x63, 0x01, 0x02, 0x00, 0xBB, 0x00, 0x08, 0x0E, 0x00, 0x02, 0x0D, 0x00, 0x01, 0x0C, 0x00, 0x03, 0x02, 0x01, 0x15, 0xAA, 0x00, 0x01, 0xBB, 0x01, 0x09, 0xBB, 0x00, 0x08, 0xBB, 0x02, 0x0A, 0x0C, 0x01, 0x00, 0x0C, 0x01, 0x02, 0x0C, 0x01, 0x03, 0x02, 0x00, 0x1AE, 0xAA, 0x01, 0x00, 0xBB, 0x01, 0x09, 0xBB, 0x00, 0x08, 0x0E, 0x00, 0x03, 0x0D, 0x00, 0x01, 0x0C, 0x00, 0x02, 0x02, 0x03, 0x3709, 0xAA, 0x00, 0x03, 0xBB, 0x00, 0x0C, 0xBB, 0x01, 0x0D, 0xBB, 0x02, 0x0E, 0x02, 0x03, 0x63, 0x0C, 0x00, 0x03, 0x02, 0x03, 0x68, 0x01, 0x00, 0x03, 0x02, 0x03, 0xFA, 0xAA, 0x00, 0x03, 0x02, 0x03, 0x1E, 0x0D, 0x01, 0x03, 0x02, 0x03, 0x63, 0x0E, 0x01, 0x03, 0x02, 0x00, 0x18C, 0xAA, 0x00, 0x01, 0x02, 0x03, 0x63, 0x01, 0x02, 0x03, 0x02, 0x03, 0x6B, 0x0C, 0x02, 0x03, 0x02, 0x01, 0x83, 0xAA, 0x02, 0x01, 0x02, 0x01, 0x47, 0xBB, 0x00, 0x0F, 0xAA]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
case 0xFuLL:
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v22 = v43[count + 1];
if ( v22 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v23 = v43[count + 2];
if ( v23 >= 4 )
goto LABEL_97;
v24 = *((_QWORD *)v42 + v23);
if ( !v24 )
{
v31 = runtime_panicdivide(v30);
LABEL_97:
runtime_panicIndexU((__int64)v30, v31);
}
v0 = v3;
*((_QWORD *)v42 + v22) /= v24;
count += 3LL;
break;

如果opcode == 0xf,那么后两位操作数进行一个相除

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
case 0xAAuLL:
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v25 = v43[count + 1];
if ( v25 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v26 = *((_QWORD *)v42 + v25);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v27 = v43[count + 2];
if ( v27 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v27);
if ( v0 != v26 )
{
v47[0] = &unk_D62740;
v47[1] = &off_DA0B58;
fmt_Fprintln((__int64)&off_DA2218, qword_E23428, (__int64)v47, 1LL, 1LL, v33, *((__int64 *)&v33 + 1), v34);
v31 = os_Exit(0LL);
count = v38;
v2 = v37;
v3 = v44;
}
count += 3LL;
break;

如果opcode == 0xAA,就退出程序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
case 0xBBuLL:
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v28 = v43[count + 2];
if ( v28 >= v2 )
runtime_panicIndexU((__int64)v30, v31);
v29 = *(_QWORD *)(v3 + 8 * v28);
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v0 = v43[count + 1];
if ( v0 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
*((_QWORD *)v42 + v0) = v29;
count += 3LL;
break;

如果opcode == 0xbb,是一个赋值reg[0] = input[0]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
else if ( opcode == 13 )
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v18 = v43[count + 1];
if ( v18 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v19 = v43[count + 2];
if ( v19 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v18) - *((_QWORD *)v42 + v19);
*((_QWORD *)v42 + v18) = v0;
count += 3LL;
}

opcode == 13,是一个减法,第一个操作数减去第二个操作数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
if ( opcode <= 2 )
{
if ( opcode == 1 )
{
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v6 = v43[count + 1];
if ( v6 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v7 = v43[count + 2];
if ( v7 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
v0 = *((_QWORD *)v42 + v7) ^ *((_QWORD *)v42 + v6);
*((_QWORD *)v42 + v6) = v0;
count += 3LL;
}

如果opcode == 1,那么是个异或

1
2
3
4
5
6
7
8
9
10
11
12
13
else if ( opcode == 2 )
{
if ( (unsigned __int64)(count + 2) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v0 = v43[count + 2];
if ( (unsigned __int64)(count + 1) >= 0x176 )
runtime_panicIndex((__int64)v30, v31);
v8 = v43[count + 1];
if ( v8 >= 4 )
runtime_panicIndexU((__int64)v30, v31);
*((_QWORD *)v42 + v8) = v0;
count += 3LL;
}

如果opcode == 2,是个赋值等于第二个操作数

用脚本恢复一下,发现可以用z3解决

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
opcode = [187, 0, 0, 187, 1, 1, 187, 2, 2, 187, 3, 3, 12, 1, 2, 2, 2, 283, 170, 1, 2, 187, 1, 1, 187, 2, 2, 12, 0, 1, 14, 0, 2, 13, 0, 3, 2, 2, 30977, 170, 0, 2, 187, 2, 2, 2, 0, 99, 1, 2, 0, 187, 0, 0, 14, 0, 2, 13, 0, 1, 12, 0, 3, 2, 1, 8182, 170, 0, 1, 187, 1, 1, 187, 0, 0, 187, 2, 2, 12, 1, 0, 12, 1, 2, 12, 1, 3, 2, 0, 542, 170, 1, 0, 187, 1, 1, 187, 0, 0, 14, 0, 3, 13, 0, 1, 12, 0, 2, 2, 3, 13105, 170, 0, 3, 187, 0, 4, 187, 1, 5, 187, 2, 6, 2, 3, 99, 12, 0, 3, 2, 3, 104, 1, 0, 3, 2, 3, 338, 170, 0, 3, 2, 3, 51, 13, 1, 3, 2, 3, 99, 14, 1, 3, 2, 0, 1089, 170, 0, 1, 2, 3, 99, 1, 2, 3, 2, 3, 107, 12, 2, 3, 2, 1, 270, 170, 2, 1, 2, 1, 158, 187, 0, 7, 170, 0, 1, 187, 0, 8, 187, 1, 9, 187, 2, 10, 187, 3, 11, 14, 0, 3, 2, 3, 14030, 170, 0, 3, 187, 0, 8, 187, 3, 11, 12, 0, 1, 14, 0, 2, 13, 0, 3, 2, 2, 26669, 170, 0, 2, 187, 2, 10, 2, 0, 99, 1, 2, 0, 187, 0, 8, 14, 0, 2, 13, 0, 1, 12, 0, 3, 2, 1, 21, 170, 0, 1, 187, 1, 9, 187, 0, 8, 187, 2, 10, 12, 1, 0, 12, 1, 2, 12, 1, 3, 2, 0, 430, 170, 1, 0, 187, 1, 9, 187, 0, 8, 14, 0, 3, 13, 0, 1, 12, 0, 2, 2, 3, 14089, 170, 0, 3, 187, 0, 12, 187, 1, 13, 187, 2, 14, 2, 3, 99, 12, 0, 3, 2, 3, 104, 1, 0, 3, 2, 3, 250, 170, 0, 3, 2, 3, 30, 13, 1, 3, 2, 3, 99, 14, 1, 3, 2, 0, 396, 170, 0, 1, 2, 3, 99, 1, 2, 3, 2, 3, 107, 12, 2, 3, 2, 1, 131, 170, 2, 1, 2, 1, 71, 187, 0, 15, 170, 0, 1]
for i in range(0, len(opcode), 3):
op = opcode[i]
num1 = opcode[i + 1]
num2 = opcode[i + 2]
if op == 0xbb:
print(f"buf[{num1}] = input[{num2}]")
elif op == 0xaa:
print(f"if buf[{num1}] != buf[{num2}] goto exit")
elif op == 0xf:
print(f"buf[{num1}] /= buf[{num2}]")
elif op == 0xd:
print(f"buf[{num1}] -= buf[{num2}]")
elif op == 0xe:
print(f"buf[{num1}] *= buf[{num2}]")
elif op == 0x1:
print(f"buf[{num1}] ^= buf[{num2}]")
elif op == 0x2:
print(f"buf[{num1}] = {num2}")
elif op == 0xc:
print(f"buf[{num1}] += buf[{num2}]")
else:
print("gg")
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
buf[0] = input[0]
buf[1] = input[1]
buf[2] = input[2]
buf[3] = input[3]
buf[1] += buf[2]
buf[2] = 283
if buf[1] != buf[2] goto exit
buf[1] = input[1]
buf[2] = input[2]
buf[0] += buf[1]
buf[0] *= buf[2]
buf[0] -= buf[3]
buf[2] = 30977
if buf[0] != buf[2] goto exit
buf[2] = input[2]
buf[0] = 99
buf[2] ^= buf[0]
buf[0] = input[0]
buf[0] *= buf[2]
buf[0] -= buf[1]
buf[0] += buf[3]
buf[1] = 8182
if buf[0] != buf[1] goto exit
buf[1] = input[1]
buf[0] = input[0]
buf[2] = input[2]
buf[1] += buf[0]
buf[1] += buf[2]
buf[1] += buf[3]
buf[0] = 542
if buf[1] != buf[0] goto exit
buf[1] = input[1]
buf[0] = input[0]
buf[0] *= buf[3]
buf[0] -= buf[1]
buf[0] += buf[2]
buf[3] = 13105
if buf[0] != buf[3] goto exit
buf[0] = input[4]
buf[1] = input[5]
buf[2] = input[6]
buf[3] = 99
buf[0] += buf[3]
buf[3] = 104
buf[0] ^= buf[3]
buf[3] = 338
if buf[0] != buf[3] goto exit
buf[3] = 51
buf[1] -= buf[3]
buf[3] = 99
buf[1] *= buf[3]
buf[0] = 1089
if buf[0] != buf[1] goto exit
buf[3] = 99
buf[2] ^= buf[3]
buf[3] = 107
buf[2] += buf[3]
buf[1] = 270
if buf[2] != buf[1] goto exit
buf[1] = 158
buf[0] = input[7]
if buf[0] != buf[1] goto exit
buf[0] = input[8]
buf[1] = input[9]
buf[2] = input[10]
buf[3] = input[11]
buf[0] *= buf[3]
buf[3] = 14030
if buf[0] != buf[3] goto exit
buf[0] = input[8]
buf[3] = input[11]
buf[0] += buf[1]
buf[0] *= buf[2]
buf[0] -= buf[3]
buf[2] = 26669
if buf[0] != buf[2] goto exit
buf[2] = input[10]
buf[0] = 99
buf[2] ^= buf[0]
buf[0] = input[8]
buf[0] *= buf[2]
buf[0] -= buf[1]
buf[0] += buf[3]
buf[1] = 21
if buf[0] != buf[1] goto exit
buf[1] = input[9]
buf[0] = input[8]
buf[2] = input[10]
buf[1] += buf[0]
buf[1] += buf[2]
buf[1] += buf[3]
buf[0] = 430
if buf[1] != buf[0] goto exit
buf[1] = input[9]
buf[0] = input[8]
buf[0] *= buf[3]
buf[0] -= buf[1]
buf[0] += buf[2]
buf[3] = 14089
if buf[0] != buf[3] goto exit
buf[0] = input[12]
buf[1] = input[13]
buf[2] = input[14]
buf[3] = 99
buf[0] += buf[3]
buf[3] = 104
buf[0] ^= buf[3]
buf[3] = 250
if buf[0] != buf[3] goto exit
buf[3] = 30
buf[1] -= buf[3]
buf[3] = 99
buf[1] *= buf[3]
buf[0] = 396
if buf[0] != buf[1] goto exit
buf[3] = 99
buf[2] ^= buf[3]
buf[3] = 107
buf[2] += buf[3]
buf[1] = 131
if buf[2] != buf[1] goto exit
buf[1] = 71
buf[0] = input[15]
if buf[0] != buf[1] goto exit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from z3 import*
flag = [BitVec("x%d" % i ,16) for i in range(16)]
s = Solver()

s.add(flag[1] + flag[2] == 283)
s.add((((flag[0] + flag[1]) * flag[2]) - flag[3]) == 30977)
s.add((flag[0] * (flag[2] ^ 99)) - flag[1] + flag[3] == 8182)
s.add((flag[0] + flag[1] + flag[2] + flag[3]) == 542)
s.add(((flag[0] * flag[3]) - flag[1] + flag[2]) == 13105)

s.add((flag[4] + 99) ^ 104 == 338)
s.add((flag[5] - 51) * 99 == 1089)
s.add((flag[6] ^ 99) + 107 == 270)
s.add(flag[7] == 158)
s.add(flag[8] * flag[11] == 14030)
s.add((flag[8] + flag[9]) * flag[10] - flag[11] == 26669)
s.add(flag[8] * (flag[10] ^ 99) - flag[9] + flag[11] == 21)
s.add((flag[8] + flag[9] + flag[10] + flag[11]) == 430)
s.add(flag[8] * flag[11] - flag[9] + flag[10] == 14089)
s.add((flag[12] + 99) ^ 104 == 250)
s.add((flag[13] - 30) * 99 == 396)
s.add((flag[14] ^ 99) + 107 == 131)
s.add(flag[15] == 71)

if s.check() == sat:
model = s.model()
print(model)
else:
print("unsat")

得到的结果取0xff然后拼接就对了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[x12 = 47,
x9 = 40,
x4 = 215,
x6 = 192,
x8 = 230,
x2 = 32847,
x1 = 32972,
x10 = 99,
x11 = 61,
x0 = 189,
x3 = 70,
x15 = 71,
x13 = 34,
x7 = 158,
x5 = 62]

PCL{bdcc4f46d73ec09ee628633d2f227b47}

dsctf

catchme

这题太折磨了,其实逻辑巨简单,就是一个aes和base64,,但其中的密文和密钥全部要先进行异或。当时看密文感觉不对,就想着动调,但里面反调试太多了,现在看着其实交叉引用就能定位到,只是简单的xor。

jadx看到关键函数是check函数,直接在so文件搜索不到,应该是JNI OnLoad里使用RegisterNatives注册check sub B2A4

jni里,本来以为 sub_AEC8是关键函数,但后面那个aes数据解密出来是:Congratulations,but tryagain?

image-20220718114127868

通过交叉引用发现,key和对比数据都进行了异或

image-20220718114211385

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import base64
key = "\x24<=76!5&?72*rrrrS"
flag = ""
for i in range(len(key)):
flag += chr(ord(key[i]) ^ 0x53)
print(flag)
data = ""
data_encode = [0x4F, 0x1C, 0x36, 0x49, 0x09, 0x3A, 0x3F, 0x07, 0x4D, 0x3D, 0x22, 0x39, 0x00, 0x0A, 0x22, 0x25, 0x06, 0x09, 0x01, 0x20, 0x4A, 0x1B, 0x51, 0x51, 0x6C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
for i in range(len(data_encode)):
data += chr(data_encode[i] ^ 0x6c)
print(data)
base = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
diy_base = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$%^&*()+/"
s = """#pZ%eVSk!QNUlfNIjemL&w=="""
ss = ''
for i in range(len(s) - 2):
ss += base[diy_base.find(s[i])]
ss += "=="
a = base64.b64decode(ss)
print(a)
print(list(map(hex, a)))
x = [0] * len(flag)
for i in range(len(flag)):
x[i] = hex(ord(flag[i]))
print(x)

之后aes解密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
#include <stdio.h>
#include <stdint.h>
#include <memory.h>
/****************************************************************************************************************/
typedef enum {
AES_CYPHER_128,
AES_CYPHER_192,
AES_CYPHER_256,
} AES_CYPHER_T;
/****************************************************************************************************************/
/*
* Encryption Rounds
*/
int g_aes_key_bits[] = {
/* AES_CYPHER_128 */ 128,
/* AES_CYPHER_192 */ 192,
/* AES_CYPHER_256 */ 256,
};
int g_aes_rounds[] = {
/* AES_CYPHER_128 */ 10,
/* AES_CYPHER_192 */ 12,
/* AES_CYPHER_256 */ 14,
};
int g_aes_nk[] = {
/* AES_CYPHER_128 */ 4,
/* AES_CYPHER_192 */ 6,
/* AES_CYPHER_256 */ 8,
};
int g_aes_nb[] = {
/* AES_CYPHER_128 */ 4,
/* AES_CYPHER_192 */ 4,
/* AES_CYPHER_256 */ 4,
};
/****************************************************************************************************************/
/*
* aes Rcon:
*
* WARNING: Rcon is designed starting from 1 to 15, not 0 to 14.
* FIPS-197 Page 9: "note that i starts at 1, not 0"
*
* i | 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
* -----+------------------------------------------------------------------------------------------
* | [01] [02] [04] [08] [10] [20] [40] [80] [1b] [36] [6c] [d8] [ab] [4d] [9a]
* RCON | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
* | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
* | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
*/
static const uint32_t g_aes_rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1b000000, 0x36000000, 0x6c000000, 0xd8000000, 0xab000000, 0xed000000, 0x9a000000
};
/****************************************************************************************************************/
/*
* aes sbox and invert-sbox
*/
static const uint8_t g_aes_sbox[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};
static const uint8_t g_inv_sbox[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
};
/****************************************************************************************************************/
uint8_t aes_sub_sbox(uint8_t val)
{
return g_aes_sbox[val];
}
/****************************************************************************************************************/
uint32_t aes_sub_dword(uint32_t val)
{
uint32_t tmp = 0;

tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 0) & 0xFF))) << 0;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 8) & 0xFF))) << 8;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 16) & 0xFF))) << 16;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 24) & 0xFF))) << 24;

return tmp;
}
/****************************************************************************************************************/
uint32_t aes_rot_dword(uint32_t val)
{
uint32_t tmp = val;

return (val >> 8) | ((tmp & 0xFF) << 24);
}
/****************************************************************************************************************/
uint32_t aes_swap_dword(uint32_t val)
{
return (((val & 0x000000FF) << 24) |
((val & 0x0000FF00) << 8) |
((val & 0x00FF0000) >> 8) |
((val & 0xFF000000) >> 24));
}
/****************************************************************************************************************/
/*
* nr: number of rounds
* nb: number of columns comprising the state, nb = 4 dwords (16 bytes)
* nk: number of 32-bit words comprising cipher key, nk = 4, 6, 8 (KeyLength/(4*8))
*/
void aes_key_expansion(AES_CYPHER_T mode, uint8_t *key, uint8_t *round)
{
uint32_t *w = (uint32_t *)round;
uint32_t t;
int i = 0;

do {
w[i] = *((uint32_t *)&key[i * 4 + 0]);
} while (++i < g_aes_nk[mode]);

do {
if ((i % g_aes_nk[mode]) == 0) {
t = aes_rot_dword(w[i - 1]);
t = aes_sub_dword(t);
t = t ^ aes_swap_dword(g_aes_rcon[i / g_aes_nk[mode] - 1]);
}
else if (g_aes_nk[mode] > 6 && (i % g_aes_nk[mode]) == 4) {
t = aes_sub_dword(w[i - 1]);
}
else {
t = w[i - 1];
}
w[i] = w[i - g_aes_nk[mode]] ^ t;
} while (++i < g_aes_nb[mode] * (g_aes_rounds[mode] + 1));
}
/****************************************************************************************************************/
void aes_add_round_key(AES_CYPHER_T mode, uint8_t *state,
uint8_t *round, int nr)
{
uint32_t *w = (uint32_t *)round;
uint32_t *s = (uint32_t *)state;
int i;

for (i = 0; i < g_aes_nb[mode]; i++) {
s[i] ^= w[nr * g_aes_nb[mode] + i];
}
}
/****************************************************************************************************************/
void aes_sub_bytes(AES_CYPHER_T mode, uint8_t *state)
{
int i, j;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (j = 0; j < 4; j++) {
state[i * 4 + j] = aes_sub_sbox(state[i * 4 + j]);
}
}
}
/****************************************************************************************************************/
void aes_shift_rows(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t *s = (uint8_t *)state;
int i, j, r;

for (i = 1; i < g_aes_nb[mode]; i++) {
for (j = 0; j < i; j++) {
uint8_t tmp = s[i];
for (r = 0; r < g_aes_nb[mode]; r++) {
s[i + r * 4] = s[i + (r + 1) * 4];
}
s[i + (g_aes_nb[mode] - 1) * 4] = tmp;
}
}
}
/****************************************************************************************************************/
uint8_t aes_xtime(uint8_t x)
{
return ((x << 1) ^ (((x >> 7) & 1) * 0x1b));
}
/****************************************************************************************************************/
uint8_t aes_xtimes(uint8_t x, int ts)
{
while (ts-- > 0) {
x = aes_xtime(x);
}

return x;
}
/****************************************************************************************************************/
uint8_t aes_mul(uint8_t x, uint8_t y)
{
/*
* encrypt: y has only 2 bits: can be 1, 2 or 3
* decrypt: y could be any value of 9, b, d, or e
*/

return ((((y >> 0) & 1) * aes_xtimes(x, 0)) ^
(((y >> 1) & 1) * aes_xtimes(x, 1)) ^
(((y >> 2) & 1) * aes_xtimes(x, 2)) ^
(((y >> 3) & 1) * aes_xtimes(x, 3)) ^
(((y >> 4) & 1) * aes_xtimes(x, 4)) ^
(((y >> 5) & 1) * aes_xtimes(x, 5)) ^
(((y >> 6) & 1) * aes_xtimes(x, 6)) ^
(((y >> 7) & 1) * aes_xtimes(x, 7)));
}
/****************************************************************************************************************/
void aes_mix_columns(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t y[16] = { 2, 3, 1, 1, 1, 2, 3, 1, 1, 1, 2, 3, 3, 1, 1, 2 };
uint8_t s[4];
int i, j, r;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (r = 0; r < 4; r++) {
s[r] = 0;
for (j = 0; j < 4; j++) {
s[r] = s[r] ^ aes_mul(state[i * 4 + j], y[r * 4 + j]);
}
}
for (r = 0; r < 4; r++) {
state[i * 4 + r] = s[r];
}
}
}
/****************************************************************************************************************/
int aes_encrypt(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */

int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (plaintext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = 0; nr <= g_aes_rounds[mode]; nr++) {

if (nr > 0) {

/* do SubBytes */
aes_sub_bytes(mode, s);

/* do ShiftRows */
aes_shift_rows(mode, s);

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
aes_mix_columns(mode, s);
}
}

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
int aes_encrypt_ecb(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
return aes_encrypt(mode, data, len, key);
}
/****************************************************************************************************************/
int aes_encrypt_cbc(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key, uint8_t *iv)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */
uint8_t v[4 * 4] = { 0 }; /* iv */

int nr, i, j;


/* key expansion */
aes_key_expansion(mode, key, w);

memcpy(v, iv, sizeof(v));

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (plaintext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j] ^ v[j];

/* start AES cypher loop over all AES rounds */
for (nr = 0; nr <= g_aes_rounds[mode]; nr++) {

if (nr > 0) {

/* do SubBytes */
aes_sub_bytes(mode, s);

/* do ShiftRows */
aes_shift_rows(mode, s);

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
aes_mix_columns(mode, s);
}
}

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = v[j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
void inv_shift_rows(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t *s = (uint8_t *)state;
int i, j, r;

for (i = 1; i < g_aes_nb[mode]; i++) {
for (j = 0; j < g_aes_nb[mode] - i; j++) {
uint8_t tmp = s[i];
for (r = 0; r < g_aes_nb[mode]; r++) {
s[i + r * 4] = s[i + (r + 1) * 4];
}
s[i + (g_aes_nb[mode] - 1) * 4] = tmp;
}
}
}
/****************************************************************************************************************/
uint8_t inv_sub_sbox(uint8_t val)
{
return g_inv_sbox[val];
}
/****************************************************************************************************************/
void inv_sub_bytes(AES_CYPHER_T mode, uint8_t *state)
{
int i, j;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (j = 0; j < 4; j++) {
state[i * 4 + j] = inv_sub_sbox(state[i * 4 + j]);
}
}
}
/****************************************************************************************************************/
void inv_mix_columns(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t y[16] = { 0x0e, 0x0b, 0x0d, 0x09, 0x09, 0x0e, 0x0b, 0x0d,
0x0d, 0x09, 0x0e, 0x0b, 0x0b, 0x0d, 0x09, 0x0e };
uint8_t s[4];
int i, j, r;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (r = 0; r < 4; r++) {
s[r] = 0;
for (j = 0; j < 4; j++) {
s[r] = s[r] ^ aes_mul(state[i * 4 + j], y[r * 4 + j]);
}
}
for (r = 0; r < 4; r++) {
state[i * 4 + r] = s[r];
}
}
}
/****************************************************************************************************************/
int aes_decrypt(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */

int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (cyphertext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = g_aes_rounds[mode]; nr >= 0; nr--) {

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);

if (nr > 0) {

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
inv_mix_columns(mode, s);
}

/* do ShiftRows */
inv_shift_rows(mode, s);

/* do SubBytes */
inv_sub_bytes(mode, s);
}
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
int aes_decrypt_ecb(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
return aes_decrypt(mode, data, len, key);
}
/****************************************************************************************************************/
int aes_decrypt_cbc(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key, uint8_t *iv)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */
uint8_t v[4 * 4] = { 0 }; /* iv */


int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

memcpy(v, iv, sizeof(v));

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {


/* init state from user buffer (cyphertext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = g_aes_rounds[mode]; nr >= 0; nr--) {

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);

if (nr > 0) {

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
inv_mix_columns(mode, s);
}

/* do ShiftRows */
inv_shift_rows(mode, s);

/* do SubBytes */
inv_sub_bytes(mode, s);
}
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++) {
uint8_t p = s[j] ^ v[j];
v[j] = data[i + j];
data[i + j] = p;
}
}

return 0;
}
/****************************************************************************************************************/
void aes_cypher_128_test()
{
#if 1
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
#else
uint8_t buf[] = { 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34 };
uint8_t key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
#endif

aes_encrypt(AES_CYPHER_128, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_128, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void aes_cypher_192_test()
{
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };

aes_encrypt(AES_CYPHER_192, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_192, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void aes_cypher_256_test()
{
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f };

aes_encrypt(AES_CYPHER_256, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_256, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void main()
{
//数据
uint8_t buf[] = { 0xda, 0x96, 0x78, 0x79, 0x54, 0xa4, 0xd1, 0x3, 0x54, 0x95, 0xf3, 0x48, 0x8d, 0xe9, 0x8b, 0xeb};

//密钥
uint8_t key[] = { 0x77, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x66, 0x75, 0x6c,0x64, 0x61,0x79, 0x21, 0x21, 0x21, 0x21};
//向量
uint8_t iv[] = {0x3c, 0x3d, 0x37, 0x36, 0x21, 0x35, 0x26, 0x3f, 0x37,0x32, 0x2a, 0x72, 0x72, 0x72, 0x72, 0x53};
switch (sizeof(key))
{
//ECB

case 16:aes_decrypt(AES_CYPHER_128, buf, sizeof(buf), key); break;
case 24:aes_decrypt(AES_CYPHER_192, buf, sizeof(buf), key); break;
case 32:aes_decrypt(AES_CYPHER_256, buf, sizeof(buf), key); break;
//CBC
/*
case 16:aes_decrypt_cbc(AES_CYPHER_128, buf, sizeof(buf), key, iv); break;
case 24:aes_decrypt_cbc(AES_CYPHER_192, buf, sizeof(buf), key, iv); break;
case 32:aes_decrypt_cbc(AES_CYPHER_256, buf, sizeof(buf), key, iv); break;
*/
}
for (int i = 0; i < sizeof(buf); i++)
{
printf("%c", buf[i] & 0xFF);
}
printf("\n");
return;
}

得到:flag{weu/.,iopl}

FFunction

这题搞得其实有点晕,好多信息要猜测,给了很多文件,我们找到关键my_plugin这个dll文件,在f函数中调试断点。

image-20220719184430550

发现tea加密,提取数据,又发现传进来的数据进行了疑似base64的加密,据说只能猜。而且flag长度也要猜。。。。。。我们提取密文,解密一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#include <stdio.h>
#include <stdint.h>

//加密函数
void encrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}
//解密函数
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0x79B99E37 << 5, i; /* set up */
uint32_t delta=0x79B99E37; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}

int main()
{
uint32_t k[]={0x0BABEC0FE,0x0DEADBEEF,0x0FACEB00C,0xDEADC0DE},v[]={0x5C15754C, 0xD1D781E7, 0x501BF173, 0xCB4DB222, 0x215D61F5, 0x3FCA9EE7, 0x7C76B5C7, 0xC7DD8CB9, 0x990D23FA, 0x0BAB1AD3, 0x8E12C932, 0xD307BAF2, 0xE52DD123, 0xFBB68F2C, 0xBDD853E3, 0x892E1E4E, 0x39DD66FA, 0x87FEEC65, 0x307C5E60, 0x340C6C00};
decrypt(v, k);
decrypt(v+2, k);
decrypt(v+4, k);
decrypt(v+6, k);
decrypt(v+8, k);
decrypt(v+10, k);
decrypt(v+12, k);
decrypt(v+14, k);
decrypt(v+16, k);
decrypt(v+18, k);
decrypt(v+20, k);
printf("decode:%x %x\n",v[0],v[1]);
printf("decode:%x %x\n",v[2],v[3]);
printf("decode:%x %x\n",v[4],v[5]);
printf("decode:%x %x\n",v[6],v[7]);
printf("decode:%x %x\n",v[8],v[9]);
printf("decode:%x %x\n",v[10],v[11]);
printf("decode:%x %x\n",v[12],v[13]);
printf("decode:%x %x\n",v[14],v[15]);
printf("decode:%x %x\n",v[16],v[17]);
printf("decode:%x %x\n",v[18],v[19]);
printf("decode:%x %x\n",v[20]);
return 0;
}

decode小端序拼接一下,两两相加进行一个base64解密,然后再手动搞一下flag就对了,

1
2
3
4
5
6
7
8
9
10
11
12
13
import base64

a="30014006400460044007500230035008600c400a600e6003600c300930016004300340025004400d7007500250086002600f5006300050083007400e3000500a600840055007400970033001600e500a"
import re
ccc=re.findall(".{2}",a)
ccc=[int(i,16) for i in ccc]
fl=""
for index in range(0,len(ccc),2):
fl+=(chr(ccc[index]+ccc[index+1]))
print(fl[::-1])
print(base64.b64decode(fl[::-1]).decode())
#Zn1sIWEhZ0N7X0VobXRwMTB3d19lcnJlX3RGdDF1
#f}l!a!gC{_Ehmtp10ww_erre_tFt1u

手动一下:flag{Emp0wer_F1utter_w1th_C!!}

re1

好久没整博客了,因为博客的文件被我不小心手欠删了,但一直有写,后面有时间就传上去!中间打了很多比赛,也被虐的很惨,稍微复现几道题。

Destdog3的几道题

1、go

这个题目就看出来是一个go语言的逆向,go语言的逆向首先看字符串是否恢复,如果没恢复就要用到某些插件了,其次找main_main这个函数,这个函数的入口如果直接能搜到,那就很好,没搜到也没关系,我们自己写个程序从start跟到main_main来看一看。

如果没有任何修改的话,我们进入程序直接f5是这个场面,一直跟进函数

跟到下图:

我们进入runtime_mainPC函数

在.rdata段,通过交叉引用找到.text段的,找到main_main入口

这个题也是这样,不过这个程序被处理了,代码并没有变成汇编,我们找到对应地方后,点c点p给他整成函数就行

image-20220629234427308

我们用findcrypt很轻松的查出来有两个加密,第一个是tea,第二个是aes加密

看着看着发现这玩意不能动态调试,应该是有反调试,但静态也能猜出来,我们先看看tea加密

很显然v17为key,v16位data,直接写脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include <stdio.h>
#include <stdint.h>

//加密函数
void encrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i < 32; i++) { /* basic cycle start */
sum += delta;
v0 += ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
v1 += ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
} /* end cycle */
v[0]=v0; v[1]=v1;
}
//解密函数
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1], sum=0xC6EF3720, i; /* set up */
uint32_t delta=0x9e3779b9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<32; i++) { /* basic cycle start */
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;
}

int main()
{
uint32_t v[2]={1,2},k[4]={2,2,3,4};
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为432位无符号整数,即密钥长度为128
printf("加密前原始数据:%x %x\n",v[0],v[1]);
encrypt(v, k);
printf("加密后的数据:%x %x\n",v[0],v[1]);
decrypt(v, k);
printf("解密后的数据:%x %x\n",v[0],v[1]);
return 0;
}

发现hint是see_sbox。。。。。。那不就是aes吗。

找了个js脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
const data = [
0x34, 0xC9, 0x05, 0xB3, 0x67, 0x81, 0xC8, 0xAD, 0x20, 0xC2, 0x2F, 0x07,
0x93, 0x03, 0xD6, 0x65, 0x7A, 0x2E, 0xBA, 0xF4, 0x7C, 0x71, 0x0B, 0xEC,
0xC4, 0x81, 0x34, 0xDA, 0xDC, 0xE9, 0x7E, 0xEE, 0x05, 0xCF, 0x21, 0xC7,
0xD9, 0x76, 0xE1, 0x76, 0x84, 0x82, 0xDE, 0xD9, 0xCB, 0x77, 0x5E, 0xA0
];

console.log(data)
const crypto = require('crypto')
let keyiv = Buffer.from('12fe32ba87654321')
console.log(keyiv)

const deci = crypto.createDecipheriv('aes-128-cbc', keyiv, keyiv)
let dec = deci.update(Buffer.from(data))
dec += deci.final()
console.log(dec)

还有c的脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
#include <stdio.h>
#include <stdint.h>
#include <memory.h>
/****************************************************************************************************************/
typedef enum {
AES_CYPHER_128,
AES_CYPHER_192,
AES_CYPHER_256,
} AES_CYPHER_T;
/****************************************************************************************************************/
/*
* Encryption Rounds
*/
int g_aes_key_bits[] = {
/* AES_CYPHER_128 */ 128,
/* AES_CYPHER_192 */ 192,
/* AES_CYPHER_256 */ 256,
};
int g_aes_rounds[] = {
/* AES_CYPHER_128 */ 10,
/* AES_CYPHER_192 */ 12,
/* AES_CYPHER_256 */ 14,
};
int g_aes_nk[] = {
/* AES_CYPHER_128 */ 4,
/* AES_CYPHER_192 */ 6,
/* AES_CYPHER_256 */ 8,
};
int g_aes_nb[] = {
/* AES_CYPHER_128 */ 4,
/* AES_CYPHER_192 */ 4,
/* AES_CYPHER_256 */ 4,
};
/****************************************************************************************************************/
/*
* aes Rcon:
*
* WARNING: Rcon is designed starting from 1 to 15, not 0 to 14.
* FIPS-197 Page 9: "note that i starts at 1, not 0"
*
* i | 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
* -----+------------------------------------------------------------------------------------------
* | [01] [02] [04] [08] [10] [20] [40] [80] [1b] [36] [6c] [d8] [ab] [4d] [9a]
* RCON | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
* | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
* | [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00] [00]
*/
static const uint32_t g_aes_rcon[] = {
0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000,
0x1b000000, 0x36000000, 0x6c000000, 0xd8000000, 0xab000000, 0xed000000, 0x9a000000
};
/****************************************************************************************************************/
/*
* aes sbox and invert-sbox
*/
static const uint8_t g_aes_sbox[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};
static const uint8_t g_inv_sbox[256] = {
/* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
};
/****************************************************************************************************************/
uint8_t aes_sub_sbox(uint8_t val)
{
return g_aes_sbox[val];
}
/****************************************************************************************************************/
uint32_t aes_sub_dword(uint32_t val)
{
uint32_t tmp = 0;

tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 0) & 0xFF))) << 0;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 8) & 0xFF))) << 8;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 16) & 0xFF))) << 16;
tmp |= ((uint32_t)aes_sub_sbox((uint8_t)((val >> 24) & 0xFF))) << 24;

return tmp;
}
/****************************************************************************************************************/
uint32_t aes_rot_dword(uint32_t val)
{
uint32_t tmp = val;

return (val >> 8) | ((tmp & 0xFF) << 24);
}
/****************************************************************************************************************/
uint32_t aes_swap_dword(uint32_t val)
{
return (((val & 0x000000FF) << 24) |
((val & 0x0000FF00) << 8) |
((val & 0x00FF0000) >> 8) |
((val & 0xFF000000) >> 24));
}
/****************************************************************************************************************/
/*
* nr: number of rounds
* nb: number of columns comprising the state, nb = 4 dwords (16 bytes)
* nk: number of 32-bit words comprising cipher key, nk = 4, 6, 8 (KeyLength/(4*8))
*/
void aes_key_expansion(AES_CYPHER_T mode, uint8_t *key, uint8_t *round)
{
uint32_t *w = (uint32_t *)round;
uint32_t t;
int i = 0;

do {
w[i] = *((uint32_t *)&key[i * 4 + 0]);
} while (++i < g_aes_nk[mode]);

do {
if ((i % g_aes_nk[mode]) == 0) {
t = aes_rot_dword(w[i - 1]);
t = aes_sub_dword(t);
t = t ^ aes_swap_dword(g_aes_rcon[i / g_aes_nk[mode] - 1]);
}
else if (g_aes_nk[mode] > 6 && (i % g_aes_nk[mode]) == 4) {
t = aes_sub_dword(w[i - 1]);
}
else {
t = w[i - 1];
}
w[i] = w[i - g_aes_nk[mode]] ^ t;
} while (++i < g_aes_nb[mode] * (g_aes_rounds[mode] + 1));
}
/****************************************************************************************************************/
void aes_add_round_key(AES_CYPHER_T mode, uint8_t *state,
uint8_t *round, int nr)
{
uint32_t *w = (uint32_t *)round;
uint32_t *s = (uint32_t *)state;
int i;

for (i = 0; i < g_aes_nb[mode]; i++) {
s[i] ^= w[nr * g_aes_nb[mode] + i];
}
}
/****************************************************************************************************************/
void aes_sub_bytes(AES_CYPHER_T mode, uint8_t *state)
{
int i, j;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (j = 0; j < 4; j++) {
state[i * 4 + j] = aes_sub_sbox(state[i * 4 + j]);
}
}
}
/****************************************************************************************************************/
void aes_shift_rows(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t *s = (uint8_t *)state;
int i, j, r;

for (i = 1; i < g_aes_nb[mode]; i++) {
for (j = 0; j < i; j++) {
uint8_t tmp = s[i];
for (r = 0; r < g_aes_nb[mode]; r++) {
s[i + r * 4] = s[i + (r + 1) * 4];
}
s[i + (g_aes_nb[mode] - 1) * 4] = tmp;
}
}
}
/****************************************************************************************************************/
uint8_t aes_xtime(uint8_t x)
{
return ((x << 1) ^ (((x >> 7) & 1) * 0x1b));
}
/****************************************************************************************************************/
uint8_t aes_xtimes(uint8_t x, int ts)
{
while (ts-- > 0) {
x = aes_xtime(x);
}

return x;
}
/****************************************************************************************************************/
uint8_t aes_mul(uint8_t x, uint8_t y)
{
/*
* encrypt: y has only 2 bits: can be 1, 2 or 3
* decrypt: y could be any value of 9, b, d, or e
*/

return ((((y >> 0) & 1) * aes_xtimes(x, 0)) ^
(((y >> 1) & 1) * aes_xtimes(x, 1)) ^
(((y >> 2) & 1) * aes_xtimes(x, 2)) ^
(((y >> 3) & 1) * aes_xtimes(x, 3)) ^
(((y >> 4) & 1) * aes_xtimes(x, 4)) ^
(((y >> 5) & 1) * aes_xtimes(x, 5)) ^
(((y >> 6) & 1) * aes_xtimes(x, 6)) ^
(((y >> 7) & 1) * aes_xtimes(x, 7)));
}
/****************************************************************************************************************/
void aes_mix_columns(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t y[16] = { 2, 3, 1, 1, 1, 2, 3, 1, 1, 1, 2, 3, 3, 1, 1, 2 };
uint8_t s[4];
int i, j, r;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (r = 0; r < 4; r++) {
s[r] = 0;
for (j = 0; j < 4; j++) {
s[r] = s[r] ^ aes_mul(state[i * 4 + j], y[r * 4 + j]);
}
}
for (r = 0; r < 4; r++) {
state[i * 4 + r] = s[r];
}
}
}
/****************************************************************************************************************/
int aes_encrypt(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */

int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (plaintext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = 0; nr <= g_aes_rounds[mode]; nr++) {

if (nr > 0) {

/* do SubBytes */
aes_sub_bytes(mode, s);

/* do ShiftRows */
aes_shift_rows(mode, s);

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
aes_mix_columns(mode, s);
}
}

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
int aes_encrypt_ecb(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
return aes_encrypt(mode, data, len, key);
}
/****************************************************************************************************************/
int aes_encrypt_cbc(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key, uint8_t *iv)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */
uint8_t v[4 * 4] = { 0 }; /* iv */

int nr, i, j;


/* key expansion */
aes_key_expansion(mode, key, w);

memcpy(v, iv, sizeof(v));

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (plaintext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j] ^ v[j];

/* start AES cypher loop over all AES rounds */
for (nr = 0; nr <= g_aes_rounds[mode]; nr++) {

if (nr > 0) {

/* do SubBytes */
aes_sub_bytes(mode, s);

/* do ShiftRows */
aes_shift_rows(mode, s);

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
aes_mix_columns(mode, s);
}
}

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = v[j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
void inv_shift_rows(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t *s = (uint8_t *)state;
int i, j, r;

for (i = 1; i < g_aes_nb[mode]; i++) {
for (j = 0; j < g_aes_nb[mode] - i; j++) {
uint8_t tmp = s[i];
for (r = 0; r < g_aes_nb[mode]; r++) {
s[i + r * 4] = s[i + (r + 1) * 4];
}
s[i + (g_aes_nb[mode] - 1) * 4] = tmp;
}
}
}
/****************************************************************************************************************/
uint8_t inv_sub_sbox(uint8_t val)
{
return g_inv_sbox[val];
}
/****************************************************************************************************************/
void inv_sub_bytes(AES_CYPHER_T mode, uint8_t *state)
{
int i, j;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (j = 0; j < 4; j++) {
state[i * 4 + j] = inv_sub_sbox(state[i * 4 + j]);
}
}
}
/****************************************************************************************************************/
void inv_mix_columns(AES_CYPHER_T mode, uint8_t *state)
{
uint8_t y[16] = { 0x0e, 0x0b, 0x0d, 0x09, 0x09, 0x0e, 0x0b, 0x0d,
0x0d, 0x09, 0x0e, 0x0b, 0x0b, 0x0d, 0x09, 0x0e };
uint8_t s[4];
int i, j, r;

for (i = 0; i < g_aes_nb[mode]; i++) {
for (r = 0; r < 4; r++) {
s[r] = 0;
for (j = 0; j < 4; j++) {
s[r] = s[r] ^ aes_mul(state[i * 4 + j], y[r * 4 + j]);
}
}
for (r = 0; r < 4; r++) {
state[i * 4 + r] = s[r];
}
}
}
/****************************************************************************************************************/
int aes_decrypt(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */

int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {

/* init state from user buffer (cyphertext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = g_aes_rounds[mode]; nr >= 0; nr--) {

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);

if (nr > 0) {

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
inv_mix_columns(mode, s);
}

/* do ShiftRows */
inv_shift_rows(mode, s);

/* do SubBytes */
inv_sub_bytes(mode, s);
}
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
data[i + j] = s[j];
}

return 0;
}
/****************************************************************************************************************/
int aes_decrypt_ecb(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key)
{
return aes_decrypt(mode, data, len, key);
}
/****************************************************************************************************************/
int aes_decrypt_cbc(AES_CYPHER_T mode, uint8_t *data, int len, uint8_t *key, uint8_t *iv)
{
uint8_t w[4 * 4 * 15] = { 0 }; /* round key */
uint8_t s[4 * 4] = { 0 }; /* state */
uint8_t v[4 * 4] = { 0 }; /* iv */


int nr, i, j;

/* key expansion */
aes_key_expansion(mode, key, w);

memcpy(v, iv, sizeof(v));

/* start data cypher loop over input buffer */
for (i = 0; i < len; i += 4 * g_aes_nb[mode]) {


/* init state from user buffer (cyphertext) */
for (j = 0; j < 4 * g_aes_nb[mode]; j++)
s[j] = data[i + j];

/* start AES cypher loop over all AES rounds */
for (nr = g_aes_rounds[mode]; nr >= 0; nr--) {

/* do AddRoundKey */
aes_add_round_key(mode, s, w, nr);

if (nr > 0) {

if (nr < g_aes_rounds[mode]) {
/* do MixColumns */
inv_mix_columns(mode, s);
}

/* do ShiftRows */
inv_shift_rows(mode, s);

/* do SubBytes */
inv_sub_bytes(mode, s);
}
}

/* save state (cypher) to user buffer */
for (j = 0; j < 4 * g_aes_nb[mode]; j++) {
uint8_t p = s[j] ^ v[j];
v[j] = data[i + j];
data[i + j] = p;
}
}

return 0;
}
/****************************************************************************************************************/
void aes_cypher_128_test()
{
#if 1
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
#else
uint8_t buf[] = { 0x32, 0x43, 0xf6, 0xa8, 0x88, 0x5a, 0x30, 0x8d,
0x31, 0x31, 0x98, 0xa2, 0xe0, 0x37, 0x07, 0x34 };
uint8_t key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
#endif

aes_encrypt(AES_CYPHER_128, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_128, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void aes_cypher_192_test()
{
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };

aes_encrypt(AES_CYPHER_192, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_192, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void aes_cypher_256_test()
{
uint8_t buf[] = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff };
uint8_t key[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f };

aes_encrypt(AES_CYPHER_256, buf, sizeof(buf), key);

aes_decrypt(AES_CYPHER_256, buf, sizeof(buf), key);
}
/****************************************************************************************************************/
void main()
{
//数据
uint8_t buf[] = { 0x34, 0xC9, 0x05, 0xB3, 0x67, 0x81, 0xC8, 0xAD, 0x20, 0xC2, 0x2F, 0x07,
0x93, 0x03, 0xD6, 0x65, 0x7A, 0x2E, 0xBA, 0xF4, 0x7C, 0x71, 0x0B, 0xEC,
0xC4, 0x81, 0x34, 0xDA, 0xDC, 0xE9, 0x7E, 0xEE, 0x05, 0xCF, 0x21, 0xC7,
0xD9, 0x76, 0xE1, 0x76, 0x84, 0x82, 0xDE, 0xD9, 0xCB, 0x77, 0x5E, 0xA0};
//密钥
uint8_t key[] = { 49, 50, 102, 101, 51, 50, 98, 97, 56, 55, 54, 53, 52, 51, 50, 49 };
//向量
uint8_t iv[] = {49, 50, 102, 101, 51, 50, 98, 97, 56, 55, 54, 53, 52, 51, 50, 49};
switch (sizeof(key))
{
//ECB
/*
case 16:aes_decrypt(AES_CYPHER_128, buf, sizeof(buf), key); break;
case 24:aes_decrypt(AES_CYPHER_192, buf, sizeof(buf), key); break;
case 32:aes_decrypt(AES_CYPHER_256, buf, sizeof(buf), key); break;
//CBC
*/
case 16:aes_decrypt_cbc(AES_CYPHER_128, buf, sizeof(buf), key, iv); break;
case 24:aes_decrypt_cbc(AES_CYPHER_192, buf, sizeof(buf), key, iv); break;
case 32:aes_decrypt_cbc(AES_CYPHER_256, buf, sizeof(buf), key, iv); break;

}
for (int i = 0; i < sizeof(buf); i++)
{
printf("%c", buf[i] & 0xFF);
}
printf("\n");
return;
}

跑出来是一样的:Dest0g3{4a9ff880-ea23-5016-b1aa-2ee3bf985533}

一点都没魔改的aes。

2、ttttea

这题就是个魔改的xxtea,本来以为很简单,但跑出来的脚本总是不对,才发现有TLS回调函数,里面改了delta

发现key是delta,这个还魔改了一个右移6

我们直接到exports里看tls回调函数:

先改了delta,然后又异或了一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#include <stdio.h>
#include <stdint.h>
#define DELTA 0x74746561
#define MX (((z>>6^y<<2) + (y>>3^z<<4)) ^ ((sum^y) + (key[(p&3)^e] ^ z)))

void btea(uint32_t *v, int n, uint32_t const key[4])
{
uint32_t y, z, sum;
unsigned p, rounds, e;
if (n > 1) /* Coding Part */
{
rounds = 6 + 52/n;
sum = 0;
z = v[n-1];
do
{
sum += DELTA;
e = (sum >> 2) & 3;
for (p=0; p<n-1; p++)
{
y = v[p+1];
z = v[p] += MX;
}
y = v[0];
z = v[n-1] += MX;
}
while (--rounds);
}
else if (n < -1) /* Decoding Part */
{
n = -n;
rounds = 6 + 52/n;
sum = rounds*DELTA;
y = v[0];
do
{
e = (sum >> 2) & 3;
for (p=n-1; p>0; p--)
{
z = v[p-1];
y = v[p] -= MX;
}
z = v[n-1];
y = v[0] -= MX;
sum -= DELTA;
}
while (--rounds);
}
}


int main()
{
uint32_t v[]= {0x2F222303, 0x43FD8836, 0x655BE821, 0xA63B1E31, 0x88DCB84B, 0x6F841980, 0x26217297, 0xBBEE64AD, 0x064D0488, 0x6BE5262F, 0x73F54B81};
uint32_t const k[4]= {0x61,0x65,0x74,0x74};
int n= 11; //n的绝对值表示v的长度,取正表示加密,取负表示解密
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
printf("beforecode:%x %x\n",v[0],v[1]);
//btea(v, n, k);
//printf("encode:%x %x\n",v[0],v[1]);
btea(v, -n, k);
printf("decode:%x %x\n",v[0],v[1]);
printf("decode:%x %x\n",v[2],v[3]);
printf("decode:%x %x\n",v[4],v[5]);
printf("decode:%x %x\n",v[6],v[7]);
printf("decode:%x %x\n",v[8],v[9]);
printf("decode:%x",v[10]);
return 0;
}

结果小端序就对了。

鹏城杯的re

分最少的re反而是最难的,属实难崩

maze

其实这个题逻辑和迷宫都很清晰,就是一棵树,有链表连成的树,脚本比较难写,其他还好。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
__int64 sub_40500A()
{
__int64 end; // rbp
char input; // [rsp+Fh] [rbp-29h] BYREF
__int64 start; // [rsp+10h] [rbp-28h] BYREF
unsigned __int64 v4; // [rsp+18h] [rbp-20h]

v4 = __readfsqword(0x28u);
initmap(); // 生成地图
end = *(_QWORD *)(*(_QWORD *)(*(_QWORD *)(qword_5D3680 + 8) + 8LL) + 8LL);// 终点节点
start = *(_QWORD *)(*(_QWORD *)(*(_QWORD *)(*(_QWORD *)(qword_5D36A0 + 8) + 8LL) + 8LL) + 8LL);// 最初节点
*(_BYTE *)(start + 27) = 1;
printf(&unk_5D45C0, "Welcome to Hexagonal maze\nplz enter the foot print\n");
input = 0;
do
{
sub_46D9D0(&unk_5D45C0, "> ", 2LL);
sub_452070(&unk_5D46E0, &input);
main_func(&start, (unsigned int)input);//对输入进行验证
}
while ( start != end );
sub_46D9D0(&unk_5D45C0, "flag is md5 your input", 22LL);
sub_46D7E0(&unk_5D45C0);
if ( __readfsqword(0x28u) != v4 )
sub_52CB40();
return 0LL;
}

查看main_func函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
_QWORD *__fastcall sub_404BF5(_QWORD **a1, char a2)
{
_QWORD *v2; // rax
_QWORD *v3; // rax
_QWORD *result; // rax
_QWORD *v5; // rax

switch ( a2 )
{
case 'l':
if ( *((_BYTE *)*a1 + 24) || (v3 = (_QWORD *)**a1) == 0LL )
exit(0LL);
*a1 = v3;
break;
case 'r':
if ( *((_BYTE *)*a1 + 25) || (v5 = (_QWORD *)(*a1)[1]) == 0LL )
exit(0LL);
*a1 = v5;
break;
case 't':
if ( *((_BYTE *)*a1 + 26) || (v2 = (_QWORD *)(*a1)[2]) == 0LL )
exit(0LL);
*a1 = v2;
break;
default:
exit(0LL);
}
result = *a1;
if ( *((_BYTE *)*a1 + 27) )
exit(0LL);
*((_BYTE *)result + 27) = 1;
return result;
}

输入就是从“l“,”r”,“t”中选的,如果输入是l,那么对这棵树进行判断,判断其标志位是否是0,是0可通过,是1不可通过

image-20220705152407696

查看这个链表组成的结构体,偏移为0x0处是代表l,偏移为0x8代表r,偏移为0x10是代表t,偏移为0x18的数代表是否通行,偏移为0x28的是代表这个节点结束。每个节点的大小是相同的,那么只需要找到地图边界的起点和终点就行。然后idapython写个脚本提取一下

1
2
3
4
5
6
x = [0x00000000019df8f0,0x00000000019E0310] 
maze = []
for i in range(x[0],x[1],8*6):
for k in range(6):
maze.append(get_qword(i+k*8))
print(maze)

整理成二维数组:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

map_o = [0, 0, 0, 0, 0, 49, 0, 27130192, 27130528, 1, 0, 49, 27130144, 27130240, 0, 65536, 0, 49, 27130192, 27130288, 27130624, 65536, 0, 49, 27130240, 27130336, 0, 256, 0, 49, 27130288, 27130384, 27130720, 65537, 0, 49, 27130336, 27130432, 0, 65536, 0, 49, 27130384, 0, 27130816, 256, 0, 49, 0, 27130528, 27130960, 1, 0, 49, 27130480, 27130576, 27130144, 256, 0, 49, 27130528, 27130624, 27131056, 1, 0, 49, 27130576, 27130672, 27130240, 65536, 0, 49, 27130624, 27130720, 27131152, 65536, 0, 49, 27130672, 27130768, 27130336, 65536, 0, 49, 27130720, 27130816, 27131248, 256, 0, 49, 27130768, 27130864, 27130432, 1, 0, 49, 27130816, 0, 27131344, 256, 0, 49, 0, 27130960, 27131440, 257, 0, 49, 27130912, 27131008, 27130480, 1, 0, 49, 27130960, 27131056, 27131536, 65536, 0, 49, 27131008, 27131104, 27130576, 256, 0, 49, 27131056, 27131152, 27131632, 1, 0, 49, 27131104, 27131200, 27130672, 65536, 0, 49, 27131152, 27131248, 27131728, 256, 0, 49, 27131200, 27131296, 27130768, 1, 0, 49, 27131248, 27131344, 27131824, 256, 0, 49, 27131296, 27131392, 27130864, 1, 0, 49, 27131344, 0, 27131920, 256, 0, 49, 0, 27131488, 27130912, 1, 0, 49, 27131440, 27131536, 27131968, 0, 0, 49, 27131488, 27131584, 27131008, 65536, 0, 49, 27131536, 27131632, 27132064, 65792, 0, 49, 27131584, 27131680, 27131104, 1, 0, 49, 27131632, 27131728, 27132160, 0, 0, 49, 27131680, 27131776, 27131200, 256, 0, 49, 27131728, 27131824, 27132256, 257, 0, 49, 27131776, 27131872, 27131296, 1, 0, 49, 27131824, 27131920, 27132352, 0, 0, 49, 27131872, 0, 27131392, 256, 0, 49, 0, 27132016, 27131488, 1, 0, 49, 27131968, 27132064, 27132400, 256, 0, 49, 27132016, 27132112, 27131584, 65537, 0, 49, 27132064, 27132160, 27132496, 65536, 0, 49, 27132112, 27132208, 27131680, 16777216, 0, 49, 27132160, 27132256, 27132592, 0, 0, 49, 27132208, 27132304, 27131776, 0, 0, 49, 27132256, 27132352, 27132688, 65536, 0, 49, 27132304, 0, 27131872, 256, 0, 49, 0, 27132448, 27132016, 1, 0, 49, 27132400, 27132496, 0, 65536, 0, 49, 27132448, 27132544, 27132112, 65536, 0, 49, 27132496, 27132592, 0, 65536, 0, 49, 27132544, 27132640, 27132208, 0, 0, 49, 27132592, 27132688, 0, 65536, 0, 49]
map = [[0 for i in range(7)] for k in range(54)]
cout = 0
for i in range(0,len(map_o),6):
for k in range(1,7):
map[cout][k] = map_o[i+k-1]
cout += 1
#print(map)
cout = 0
ea = [0x00000000019df8f0,0x00000000019E0310]
for i in range(ea[0],ea[1],6*8):
map[cout][0] = i
cout += 1
print(map)


for i in range(0,54):
for k in range(7):
print(hex(map[i][k]),end=", ")
print(" ")
{0x19df8f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31},
{0x19df920, 0x0, 0x19df950, 0x19dfaa0, 0x1, 0x0, 0x31},
{0x19df950, 0x19df920, 0x19df980, 0x0, 0x10000, 0x0, 0x31},
{0x19df980, 0x19df950, 0x19df9b0, 0x19dfb00, 0x10000, 0x0, 0x31},
{0x19df9b0, 0x19df980, 0x19df9e0, 0x0, 0x100, 0x0, 0x31},
{0x19df9e0, 0x19df9b0, 0x19dfa10, 0x19dfb60, 0x10001, 0x0, 0x31},
{0x19dfa10, 0x19df9e0, 0x19dfa40, 0x0, 0x10000, 0x0, 0x31},
{0x19dfa40, 0x19dfa10, 0x0, 0x19dfbc0, 0x100, 0x0, 0x31},
{0x19dfa70, 0x0, 0x19dfaa0, 0x19dfc50, 0x1, 0x0, 0x31},
{0x19dfaa0, 0x19dfa70, 0x19dfad0, 0x19df920, 0x100, 0x0, 0x31},
{0x19dfad0, 0x19dfaa0, 0x19dfb00, 0x19dfcb0, 0x1, 0x0, 0x31},
{0x19dfb00, 0x19dfad0, 0x19dfb30, 0x19df980, 0x10000, 0x0, 0x31},
{0x19dfb30, 0x19dfb00, 0x19dfb60, 0x19dfd10, 0x10000, 0x0, 0x31},
{0x19dfb60, 0x19dfb30, 0x19dfb90, 0x19df9e0, 0x10000, 0x0, 0x31},
{0x19dfb90, 0x19dfb60, 0x19dfbc0, 0x19dfd70, 0x100, 0x0, 0x31},
{0x19dfbc0, 0x19dfb90, 0x19dfbf0, 0x19dfa40, 0x1, 0x0, 0x31},
{0x19dfbf0, 0x19dfbc0, 0x0, 0x19dfdd0, 0x100, 0x0, 0x31},
{0x19dfc20, 0x0, 0x19dfc50, 0x19dfe30, 0x101, 0x0, 0x31},
{0x19dfc50, 0x19dfc20, 0x19dfc80, 0x19dfa70, 0x1, 0x0, 0x31},
{0x19dfc80, 0x19dfc50, 0x19dfcb0, 0x19dfe90, 0x10000, 0x0, 0x31},
{0x19dfcb0, 0x19dfc80, 0x19dfce0, 0x19dfad0, 0x100, 0x0, 0x31},
{0x19dfce0, 0x19dfcb0, 0x19dfd10, 0x19dfef0, 0x1, 0x0, 0x31},
{0x19dfd10, 0x19dfce0, 0x19dfd40, 0x19dfb30, 0x10000, 0x0, 0x31},
{0x19dfd40, 0x19dfd10, 0x19dfd70, 0x19dff50, 0x100, 0x0, 0x31},
{0x19dfd70, 0x19dfd40, 0x19dfda0, 0x19dfb90, 0x1, 0x0, 0x31},
{0x19dfda0, 0x19dfd70, 0x19dfdd0, 0x19dffb0, 0x100, 0x0, 0x31},
{0x19dfdd0, 0x19dfda0, 0x19dfe00, 0x19dfbf0, 0x1, 0x0, 0x31},
{0x19dfe00, 0x19dfdd0, 0x0, 0x19e0010, 0x100, 0x0, 0x31},
{0x19dfe30, 0x0, 0x19dfe60, 0x19dfc20, 0x1, 0x0, 0x31},
{0x19dfe60, 0x19dfe30, 0x19dfe90, 0x19e0040, 0x0, 0x0, 0x31},
{0x19dfe90, 0x19dfe60, 0x19dfec0, 0x19dfc80, 0x10000, 0x0, 0x31},
{0x19dfec0, 0x19dfe90, 0x19dfef0, 0x19e00a0, 0x10100, 0x0, 0x31},
{0x19dfef0, 0x19dfec0, 0x19dff20, 0x19dfce0, 0x1, 0x0, 0x31},
{0x19dff20, 0x19dfef0, 0x19dff50, 0x19e0100, 0x0, 0x0, 0x31},
{0x19dff50, 0x19dff20, 0x19dff80, 0x19dfd40, 0x100, 0x0, 0x31},
{0x19dff80, 0x19dff50, 0x19dffb0, 0x19e0160, 0x101, 0x0, 0x31},
{0x19dffb0, 0x19dff80, 0x19dffe0, 0x19dfda0, 0x1, 0x0, 0x31},
{0x19dffe0, 0x19dffb0, 0x19e0010, 0x19e01c0, 0x0, 0x0, 0x31},
{0x19e0010, 0x19dffe0, 0x0, 0x19dfe00, 0x100, 0x0, 0x31},
{0x19e0040, 0x0, 0x19e0070, 0x19dfe60, 0x1, 0x0, 0x31},
{0x19e0070, 0x19e0040, 0x19e00a0, 0x19e01f0, 0x100, 0x0, 0x31},
{0x19e00a0, 0x19e0070, 0x19e00d0, 0x19dfec0, 0x10001, 0x0, 0x31},
{0x19e00d0, 0x19e00a0, 0x19e0100, 0x19e0250, 0x10000, 0x0, 0x31},
{0x19e0100, 0x19e00d0, 0x19e0130, 0x19dff20, 0x1000000, 0x0, 0x31},
{0x19e0130, 0x19e0100, 0x19e0160, 0x19e02b0, 0x0, 0x0, 0x31},
{0x19e0160, 0x19e0130, 0x19e0190, 0x19dff80, 0x0, 0x0, 0x31},
{0x19e0190, 0x19e0160, 0x19e01c0, 0x19e0310, 0x10000, 0x0, 0x31},
{0x19e01c0, 0x19e0190, 0x0, 0x19dffe0, 0x100, 0x0, 0x31},
{0x19e01f0, 0x0, 0x19e0220, 0x19e0070, 0x1, 0x0, 0x31},
{0x19e0220, 0x19e01f0, 0x19e0250, 0x0, 0x10000, 0x0, 0x31},
{0x19e0250, 0x19e0220, 0x19e0280, 0x19e00d0, 0x10000, 0x0, 0x31},
{0x19e0280, 0x19e0250, 0x19e02b0, 0x0, 0x10000, 0x0, 0x31},
{0x19e02b0, 0x19e0280, 0x19e02e0, 0x19e0130, 0x0, 0x0, 0x31},
{0x19e02e0, 0x19e02b0, 0x19e0310, 0x0, 0x10000, 0x0, 0x31},

这个二维数组被解释为第一位是节点,第二三四位是l,r,t。第5位是判断位,先给出c++写的脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
#include<iostream>
#include<cstdio>
#include<map>
#include<queue>
#include<String>
using namespace std;
const int N=100005;
long long a[1000][10]={
{0x19df8f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31},
{0x19df920, 0x0, 0x19df950, 0x19dfaa0, 0x1, 0x0, 0x31},
{0x19df950, 0x19df920, 0x19df980, 0x0, 0x10000, 0x0, 0x31},
{0x19df980, 0x19df950, 0x19df9b0, 0x19dfb00, 0x10000, 0x0, 0x31},
{0x19df9b0, 0x19df980, 0x19df9e0, 0x0, 0x100, 0x0, 0x31},
{0x19df9e0, 0x19df9b0, 0x19dfa10, 0x19dfb60, 0x10001, 0x0, 0x31},
{0x19dfa10, 0x19df9e0, 0x19dfa40, 0x0, 0x10000, 0x0, 0x31},
{0x19dfa40, 0x19dfa10, 0x0, 0x19dfbc0, 0x100, 0x0, 0x31},
{0x19dfa70, 0x0, 0x19dfaa0, 0x19dfc50, 0x1, 0x0, 0x31},
{0x19dfaa0, 0x19dfa70, 0x19dfad0, 0x19df920, 0x100, 0x0, 0x31},
{0x19dfad0, 0x19dfaa0, 0x19dfb00, 0x19dfcb0, 0x1, 0x0, 0x31},
{0x19dfb00, 0x19dfad0, 0x19dfb30, 0x19df980, 0x10000, 0x0, 0x31},
{0x19dfb30, 0x19dfb00, 0x19dfb60, 0x19dfd10, 0x10000, 0x0, 0x31},
{0x19dfb60, 0x19dfb30, 0x19dfb90, 0x19df9e0, 0x10000, 0x0, 0x31},
{0x19dfb90, 0x19dfb60, 0x19dfbc0, 0x19dfd70, 0x100, 0x0, 0x31},
{0x19dfbc0, 0x19dfb90, 0x19dfbf0, 0x19dfa40, 0x1, 0x0, 0x31},
{0x19dfbf0, 0x19dfbc0, 0x0, 0x19dfdd0, 0x100, 0x0, 0x31},
{0x19dfc20, 0x0, 0x19dfc50, 0x19dfe30, 0x101, 0x0, 0x31},
{0x19dfc50, 0x19dfc20, 0x19dfc80, 0x19dfa70, 0x1, 0x0, 0x31},
{0x19dfc80, 0x19dfc50, 0x19dfcb0, 0x19dfe90, 0x10000, 0x0, 0x31},
{0x19dfcb0, 0x19dfc80, 0x19dfce0, 0x19dfad0, 0x100, 0x0, 0x31},
{0x19dfce0, 0x19dfcb0, 0x19dfd10, 0x19dfef0, 0x1, 0x0, 0x31},
{0x19dfd10, 0x19dfce0, 0x19dfd40, 0x19dfb30, 0x10000, 0x0, 0x31},
{0x19dfd40, 0x19dfd10, 0x19dfd70, 0x19dff50, 0x100, 0x0, 0x31},
{0x19dfd70, 0x19dfd40, 0x19dfda0, 0x19dfb90, 0x1, 0x0, 0x31},
{0x19dfda0, 0x19dfd70, 0x19dfdd0, 0x19dffb0, 0x100, 0x0, 0x31},
{0x19dfdd0, 0x19dfda0, 0x19dfe00, 0x19dfbf0, 0x1, 0x0, 0x31},
{0x19dfe00, 0x19dfdd0, 0x0, 0x19e0010, 0x100, 0x0, 0x31},
{0x19dfe30, 0x0, 0x19dfe60, 0x19dfc20, 0x1, 0x0, 0x31},
{0x19dfe60, 0x19dfe30, 0x19dfe90, 0x19e0040, 0x0, 0x0, 0x31},
{0x19dfe90, 0x19dfe60, 0x19dfec0, 0x19dfc80, 0x10000, 0x0, 0x31},
{0x19dfec0, 0x19dfe90, 0x19dfef0, 0x19e00a0, 0x10100, 0x0, 0x31},
{0x19dfef0, 0x19dfec0, 0x19dff20, 0x19dfce0, 0x1, 0x0, 0x31},
{0x19dff20, 0x19dfef0, 0x19dff50, 0x19e0100, 0x0, 0x0, 0x31},
{0x19dff50, 0x19dff20, 0x19dff80, 0x19dfd40, 0x100, 0x0, 0x31},
{0x19dff80, 0x19dff50, 0x19dffb0, 0x19e0160, 0x101, 0x0, 0x31},
{0x19dffb0, 0x19dff80, 0x19dffe0, 0x19dfda0, 0x1, 0x0, 0x31},
{0x19dffe0, 0x19dffb0, 0x19e0010, 0x19e01c0, 0x0, 0x0, 0x31},
{0x19e0010, 0x19dffe0, 0x0, 0x19dfe00, 0x100, 0x0, 0x31},
{0x19e0040, 0x0, 0x19e0070, 0x19dfe60, 0x1, 0x0, 0x31},
{0x19e0070, 0x19e0040, 0x19e00a0, 0x19e01f0, 0x100, 0x0, 0x31},
{0x19e00a0, 0x19e0070, 0x19e00d0, 0x19dfec0, 0x10001, 0x0, 0x31},
{0x19e00d0, 0x19e00a0, 0x19e0100, 0x19e0250, 0x10000, 0x0, 0x31},
{0x19e0100, 0x19e00d0, 0x19e0130, 0x19dff20, 0x1000000, 0x0, 0x31},
{0x19e0130, 0x19e0100, 0x19e0160, 0x19e02b0, 0x0, 0x0, 0x31},
{0x19e0160, 0x19e0130, 0x19e0190, 0x19dff80, 0x0, 0x0, 0x31},
{0x19e0190, 0x19e0160, 0x19e01c0, 0x19e0310, 0x10000, 0x0, 0x31},
{0x19e01c0, 0x19e0190, 0x0, 0x19dffe0, 0x100, 0x0, 0x31},
{0x19e01f0, 0x0, 0x19e0220, 0x19e0070, 0x1, 0x0, 0x31},
{0x19e0220, 0x19e01f0, 0x19e0250, 0x0, 0x10000, 0x0, 0x31},
{0x19e0250, 0x19e0220, 0x19e0280, 0x19e00d0, 0x10000, 0x0, 0x31},
{0x19e0280, 0x19e0250, 0x19e02b0, 0x0, 0x10000, 0x0, 0x31},
{0x19e02b0, 0x19e0280, 0x19e02e0, 0x19e0130, 0x0, 0x0, 0x31},
{0x19e02e0, 0x19e02b0, 0x19e0310, 0x0, 0x10000, 0x0, 0x31}};


int n=54,h[N],cnt,tot,st,ed,pr[N];
bool v[N];
map<long long,int>mp;
struct qwe
{
int ne,to;
string va;
}e[N<<2];
void add(int u,int v,string w)
{//cout<<u<<" "<<v<<" "<<w<<endl;
cnt++;
e[cnt].ne=h[u];
e[cnt].to=v;
e[cnt].va=w;
h[u]=cnt;
}

int main()
{
for(int i=0;i<n;i++)
if(!mp[a[i][0]])
mp[a[i][0]]=++tot;

st=mp[0x19e0100];
ed=mp[0x19df9b0];
// cout<<st<<" "<<ed<<endl;

//lrt
for(int i=0;i<n;i++)
{
if(!(a[i][4]&0x1))//l
add(mp[a[i][0]],mp[a[i][1]],"l");

if(!(a[i][4]&0x100))//r
add(mp[a[i][0]],mp[a[i][2]],"r");

if(!(a[i][4]&0x10000))//t
add(mp[a[i][0]],mp[a[i][3]],"t");
}

queue<pair<int,string> >q;
v[st]=1;
q.push(make_pair(st,""));
while(!q.empty())
{
pair<int,string>u=q.front();
q.pop();
// cout<<u.first<<endl;
if(u.first==ed)
{
cout<<u.second<<endl;
//return 0;
}

for(int i=h[u.first];i;i=e[i].ne)
if(!v[e[i].to])
{
v[e[i].to]=1;
q.push(make_pair(e[i].to,u.second+e[i].va));
}
}
return 0;
}

看别人的wp发现还能用pwntools来搞,学习一下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
from pwn import *
cmds = ['r','l','t']

def f(cmd_list):
n=0
try:
p = process('./maze')
p.recvuntil('> ')
for i in cmd_list:
p.sendline(i)
rev = p.recvuntil(' ')
n += 1
print(rev)
p.close()
return n
except:
return n
def ff(cmd_list,f1):
cmds = ['r','l','t','x']
for i in cmds:
c = [k for k in cmd_list]
c.append(i)
#print(c)
#print(cmd_list)
if f(c) == len(c):
c = ff(c,f1)
f1.write(str(c))
f1.write('\n')
print(c)
return c
if __name__ == "__main__":
f1= open('1.txt','w')
cmd_list=[]
ff(cmd_list,f1)
f1.close()



respect,很牛的方法,这个方法不需要idapython导出数据,直接程序里进行dfs跑。

HWS的一道逆向

re1

是一道魔改的tea,不过魔改的力度属实有点大。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
int __cdecl main(int argc, const char **argv, const char **envp)
{
__int64 v3; // rcx
__int64 v4; // rdx
__int128 v6[2]; // [rsp+20h] [rbp-38h] BYREF
char v7; // [rsp+40h] [rbp-18h]

memset(v6, 0, sizeof(v6));
v7 = 0;
sub_140001020("I prefer TeaProPlus! can you give me this?\n");
sub_140001020("TeaProPlus code:");
sub_140001080("%32s");
sub_1400010E0(v3, v6);
v4 = 0i64;
while ( *((_BYTE *)v6 + v4) == byte_1400032F0[v4] )
{
if ( (unsigned __int64)++v4 >= 0x20 )
{
sub_140001020("Oh yeah! Good code! flag{(your input)}\n");
return 0;
}
}
puts("oh NO!I want to drink TeaProPlus");
return -1;
}

直接看sub_1400010E0函数:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
__int64 __fastcall sub_1400010E0(__int64 a1, unsigned int *a2)
{
unsigned int v2; // er9
unsigned int v3; // edi
unsigned int v4; // ebp
unsigned int v5; // esi
unsigned int v6; // er14
unsigned int v7; // er15
unsigned int v8; // er12
unsigned int v9; // er13
_DWORD *v10; // r11
_DWORD *v11; // r10
__int64 v12; // rbx
_DWORD *v13; // r9
__int64 result; // rax
bool v15; // zf
unsigned int v16; // [rsp+40h] [rbp+8h]
int v17; // [rsp+48h] [rbp+10h]
unsigned int v18; // [rsp+50h] [rbp+18h]

v2 = a2[7];
v3 = 0;
v4 = a2[1];
v5 = *a2;
v6 = a2[2];
v7 = a2[3];
v8 = a2[4];
v9 = a2[5];
v16 = a2[6];
v18 = v2;
v17 = 12;
do
{
v3 -= 1640531527;
v10 = &dword_140004038[(v3 >> 2) & 3];
v5 += ((v3 ^ v4) + (*v10 ^ v2)) ^ (((16 * v2) ^ (v4 >> 3)) + ((v2 >> 5) ^ (4 * v4)));
*a2 = v5;
v11 = &dword_140004038[(v3 >> 2) & 3 ^ 1i64];
v4 += ((*v11 ^ v5) + (v3 ^ v6)) ^ (((16 * v5) ^ (v6 >> 3)) + ((v5 >> 5) ^ (4 * v6)));
a2[1] = v4;
v12 = (v3 >> 2) & 3 ^ 3i64;
v13 = &dword_140004038[(v3 >> 2) & 3 ^ 2i64];
v6 += ((v3 ^ v7) + (*v13 ^ v4)) ^ (((16 * v4) ^ (v7 >> 3)) + ((v4 >> 5) ^ (4 * v7)));
a2[2] = v6;
v7 += ((v3 ^ v8) + (dword_140004038[v12] ^ v6)) ^ (((16 * v6) ^ (v8 >> 3)) + ((v6 >> 5) ^ (4 * v8)));
a2[3] = v7;
v8 += ((v3 ^ v9) + (*v10 ^ v7)) ^ (((16 * v7) ^ (v9 >> 3)) + ((v7 >> 5) ^ (4 * v9)));
a2[4] = v8;
v9 += ((*v11 ^ v8) + (v3 ^ v16)) ^ (((16 * v8) ^ (v16 >> 3)) + ((v8 >> 5) ^ (4 * v16)));
a2[5] = v9;
LODWORD(v10) = (((v3 ^ v18) + (*v13 ^ v9)) ^ (((16 * v9) ^ (v18 >> 3)) + ((v9 >> 5) ^ (4 * v18)))) + v16;
a2[6] = (unsigned int)v10;
v16 = (unsigned int)v10;
result = v3 ^ v5;
v18 += (result + (dword_140004038[v12] ^ (unsigned int)v10)) ^ (((16 * (_DWORD)v10) ^ (v5 >> 3))
+ (((unsigned int)v10 >> 5) ^ (4 * v5)));
v15 = v17-- == 1;
v2 = v18;
a2[7] = v18;
}
while ( !v15 );
return result;
}

发现比较恶心,魔改的有点魔鬼,所以先进行恢复加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#include <stdio.h>
#include <stdint.h>


//解密函数
void decrypt (uint32_t* v, uint32_t* k) {
uint32_t v0=v[0], v1=v[1],v2=v[2],v3=v[3],v4=v[4],v5=v[5],v6=v[6],v7=v[7], sum=0x9E3779B9*12, i; /* set up */
uint32_t delta=0x9E3779B9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<12; i++) {
v7-=((sum^v0)+(k[(sum>>2)&3^3]^v6))^(((v6<<4)^(v0>>3))+((v6>>5)^(v0<<2)));
v6-=((sum^v7)+(k[(sum>>2)&3^2]^v5))^(((v5<<4)^(v7>>3))+((v5>>5)^(v7<<2)));
v5-=((sum^v6)+(k[(sum>>2)&3^1]^v4))^(((v4<<4)^(v6>>3))+((v4>>5)^(v6<<2)));
v4-=((sum^v5)+(k[(sum>>2)&3]^v3))^(((v3<<4)^(v5>>3))+((v3>>5)^(v5<<2)));
v3-=((sum^v4)+(k[(sum>>2)&3^3]^v2))^(((v2<<4)^(v4>>3))+((v2>>5)^(v4<<2)));
v2-=((sum^v3)+(k[(sum>>2)&3^2]^v1))^(((v1<<4)^(v3>>3))+((v1>>5)^(v3<<2))); /* basic cycle start */
v1-=((k[(sum>>2)&3^1]^v0)+(sum^v2))^(((v0<<4)^(v2>>3))+((v0>>5)^(v2<<2)));
v0-=((sum^v1)+(k[(sum>>2)&3]^v7))^(((v7<<4)^(v1>>3))+((v7>>5)^(v1<<2)));
sum -= delta;
} /* end cycle */
v[0]=v0; v[1]=v1;v[2]=v2;v[3]=v3;v[4]=v4;v[5]=v5;v[6]=v6;v[7]=v7;
}

void encrypt(uint32_t* v, uint32_t* k){
uint32_t v0=v[0], v1=v[1],v2=v[2],v3=v[3],v4=v[4],v5=v[5],v6=v[6],v7=v[7], sum=0, i; /* set up */
uint32_t delta=0x9E3779B9; /* a key schedule constant */
uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
for (i=0; i<12; i++) {
sum += delta;
v0+=((sum^v1)+(k[(sum>>2)&3]^v7))^(((v7<<4)^(v1>>3))+((v7>>5)^(v1<<2)));
v1+=((k[(sum>>2)&3^1]^v0)+(sum^v2))^(((v0<<4)^(v2>>3))+((v0>>5)^(v2<<2)));
v2+=((sum^v3)+(k[(sum>>2)&3^2]^v1))^(((v1<<4)^(v3>>3))+((v1>>5)^(v3<<2)));
v3+=((sum^v4)+(k[(sum>>2)&3^3]^v2))^(((v2<<4)^(v4>>3))+((v2>>5)^(v4<<2)));
v4+=((sum^v5)+(k[(sum>>2)&3]^v3))^(((v3<<4)^(v5>>3))+((v3>>5)^(v5<<2)));
v5+=((sum^v6)+(k[(sum>>2)&3^1]^v4))^(((v4<<4)^(v6>>3))+((v4>>5)^(v6<<2)));
v6+=((sum^v7)+(k[(sum>>2)&3^2]^v5))^(((v5<<4)^(v7>>3))+((v5>>5)^(v7<<2)));
v7+=((sum^v0)+(k[(sum>>2)&3^3]^v6))^(((v6<<4)^(v0>>3))+((v6>>5)^(v0<<2)));
} /* end cycle */
v[0]=v0; v[1]=v1;v[2]=v2;v[3]=v3;v[4]=v4;v[5]=v5;v[6]=v6;v[7]=v7;
}

int main()
{
//测试
//uint32_t v[8]={0x31313131,0x31313131,0x31313131,0x31313131,0x31313131,0x31313131,0x31313131,0x31313131},k[4]={0x1234,0x2345,0x4567,0x6789};
uint32_t v[8]={0x10BD3B47, 0x6155E0F9, 0x6AF7EBC5, 0x8D23435F, 0x1A091605, 0xD43D40EF, 0xB4B16A67, 0x6B3578A9},k[4]={0x1234,0x2345,0x4567,0x6789};
//encrypt(v, k);
//printf("encode:%x %x %x %x %x %x %x %x\n",v[0],v[1],v[2],v[3],v[4],v[5],v[6],v[7]);
decrypt(v, k);
printf("decode:%x %x %x %x %x %x %x %x\n",v[0],v[1],v[2],v[3],v[4],v[5],v[6],v[7]);

return 0;

}

进行恢复加密过后,逆序写解密就行

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1
$ hexo new "My New Post"

More info: Writing

Run server

1
$ hexo server

More info: Server

Generate static files

1
$ hexo generate

More info: Generating

Deploy to remote sites

1
$ hexo deploy

More info: Deployment

ciscnctf2022

好久没有写博客了,由于期末原因,国赛的逆向还没复现,今天复现一下,总的来说,国赛的三道题,其中两道都是语文题,蚌埠住了。

baby_tree

记得找了很多工具发现并不能转换,所以只能硬看swift的ast代码

image-20220617094847961

首先我们能发现对比字符串和key的位置

image-20220617100004163

image-20220617095951534

继续往下看在625行大概是调用了check函数,其中传入了两个参数,分别是data和key

image-20220617103522582

Original init:这个应该是初始化一下,Processed init:这个是运行函数。接下来我们直接查check函数,发现是在最初。

image-20220617104011665

这个地方可以研究一下,其实是传入两个参数,string类型的,这个函数应该是bool类型,这么长的一段并无什么运算符,但可能是将两个string类型转换成数组,一个是b数组,一个是k数组,其中b数组应该是encode的位置,k数组应该就是key。接下来在70行又声明了4个变量r0,r1,r2,r3。继续看在第99行进入循环。

image-20220617104939675

这个循环长度不难猜出是0-cout(b)-4,但如果没看到的话,估计后面几位会错。接下来是个赋值条件,形成第一个元组(r0,r1,r2,r3)

image-20220617105646948

assign_expr和load_expr都是赋值的意思下面通过value的值变换可以猜测,r0,r1,r2,r3 = b[0],b[1],b[2],b[3]

image-20220617110005652

我们分析一个加密:

image-20220617114011203

可以看出,缩进代表运算顺序,缩进越多优先级越高,argument后是参数,extension.后是运算符,那么上述图片可以表示为:

1
b[i+0] = r2 ^ ((k[0] + (r0 >> 4)) & 0xff)

那么接下来的跟上述是一样的可分析出大概逻辑:

1
2
3
4
5
6
7
for i in range(0,len(b)-3):
r0,r1,r2,r3=b[i],b[i+1],b[i+2],b[i+3]
b[i+0] = r2 ^ ((k[0] + (r0 >> 4)) & 0xff)
b[i+1] = r3 ^ ((k[1] + (r1 >> 2)) & 0xff)
b[i+2] = r0 ^ k[2]
b[i+3] = r1 ^ k[3]
k[0], k[1], k[2], k[3] = k[1], k[2], k[3], k[0]

我们直接写出解密脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
flag = ""
key = b"345y"
k=list(key)
cmp = [88, 35, 88, 225, 7, 201, 57, 94, 77, 56, 75, 168, 72, 218, 64, 91, 16, 101, 32, 207, 73, 130, 74, 128, 76, 201, 16, 248, 41, 205, 103, 84, 91, 99, 79, 202, 22, 131, 63, 255, 20, 16]
b = [0]*len(cmp)
k[0], k[1], k[2], k[3] = k[2], k[3], k[0], k[1]
for i in range(38, -1, -1):
r1 = cmp[i+3] ^ k[3]
r0 = cmp[i+2] ^ k[2]
r3 = cmp[i+1] ^ (0xff & (k[1] + (r1 >> 2)))
r2 = cmp[i] ^ (0xff & (k[0] + (r0 >> 4)))
k[0], k[1], k[2], k[3] = k[3], k[0], k[1], k[2]
cmp[i], cmp[i+1], cmp[i+2], cmp[i+3] = r0, r1, r2, r3
print(cmp)
for i in range(len(cmp)):
flag += chr(cmp[i])
print(flag)
#flag{30831242-56db-45b4-96fd-1f47e60da99d}

本以为这个题就是阅读题的极限了,没想到下一题也是阅读题。

babycode

这个题给了一个.mrb文件后缀是将 ruby 代码编译为 mruby 字节码作为字符串并评估字符串化字节码,通过010前面字符RITE0300,可以判断出mruby的版本是3.1.0,我们下载https://github.com/mruby/mruby/releases/tag/3.1.0源码,首先要安装sudo apt-get install rake,接下来make,然后进入bin里就可以使用mruby了./mruby -v -b babycode.mrb.

image-20220617144108971

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
mruby 3.1.0 (2022-05-12)
irep 0x56306d9014d0 nregs=5 nlocals=2 pools=1 syms=5 reps=2 ilen=55
local variable names:
R1:p
000 LOADNIL R2
002 LOADNIL R3
004 CLASS R2 :Crypt
007 EXEC R2 I(0:0x56306d901580)
010 TCLASS R2
012 METHOD R3 I(1:0x56306d901d80)
015 DEF R2 :check
018 SSEND R2 :gets n=0 (0x00)
022 SEND R2 :chomp n=0 (0x00)
026 MOVE R1 R2 ; R1:p
029 MOVE R3 R1 ; R1:p
032 SSEND R2 :check n=1 (0x01)
036 JMPNOT R2 050
040 STRING R3 L(0) ; yes
043 SSEND R2 :puts n=1 (0x01)
047 JMP 052
050 LOADNIL R2
052 RETURN R2
054 STOP

irep 0x56306d901580 nregs=3 nlocals=1 pools=0 syms=1 reps=1 ilen=12
000 LOADNIL R1
002 LOADNIL R2
004 CLASS R1 :CIPHER
007 EXEC R1 I(0:0x56306d901650)
010 RETURN R1

irep 0x56306d901650 nregs=3 nlocals=1 pools=0 syms=6 reps=4 ilen=55
000 LOADI32 R1 305419896
006 SETCONST XX R1
009 LOADI R1 16
012 SETCONST YY R1
015 LOADSELF R1
017 SCLASS R1
019 METHOD R2 I(0:0x56306d901790)
022 DEF R1 :encrypt
025 TCLASS R1
027 METHOD R2 I(1:0x56306d901830)
030 DEF R1 :encrypt
033 SSEND R1 :private n=0 (0x00)
037 TCLASS R1
039 METHOD R2 I(2:0x56306d901b50)
042 DEF R1 :to_key
045 TCLASS R1
047 METHOD R2 I(3:0x56306d901c20)
050 DEF R1 :enc_one
053 RETURN R1

irep 0x56306d901790 nregs=9 nlocals=5 pools=0 syms=3 reps=0 ilen=29
local variable names:
R1:t
R2:p
R3:&
R4:cip
000 ENTER 2:0:0:0:0:0:0 (0x80000)
004 GETCONST R5 CIPHER
007 SEND R5 :new n=0 (0x00)
011 MOVE R4 R5 ; R4:cip
014 MOVE R5 R4 ; R4:cip
017 MOVE R6 R1 ; R1:t
020 MOVE R7 R2 ; R2:p
023 SEND R5 :encrypt n=2 (0x02)
027 RETURN R5

irep 0x56306d901830 nregs=16 nlocals=11 pools=1 syms=8 reps=1 ilen=346
local variable names:
R1:t
R2:p
R3:&
R4:key
R5:c
R6:n
R7:num1
R8:num2
R9:enum1
R10:enum2
000 ENTER 2:0:0:0:0:0:0 (0x80000)
004 MOVE R12 R2 ; R2:p
007 SSEND R11 :to_key n=1 (0x01)
011 MOVE R4 R11 ; R4:key
014 ARRAY R5 R5 0 ; R5:c
017 LOADI_0 R6 ; R6:n
019 MOVE R11 R6 ; R6:n
022 MOVE R12 R1 ; R1:t
025 SEND R12 :length n=0 (0x00)
029 LT R11 R12
031 JMPNOT R11 327
035 MOVE R11 R1 ; R1:t
038 MOVE R12 R6 ; R6:n
041 GETIDX R11 R12
043 SEND R11 :ord n=0 (0x00)
047 SEND R11 :to_i n=0 (0x00)
051 LOADI R12 24
054 SEND R11 :<< n=1 (0x01)
058 MOVE R7 R11 ; R7:num1
061 MOVE R11 R7 ; R7:num1
064 MOVE R12 R1 ; R1:t
067 MOVE R13 R6 ; R6:n
070 ADDI R13 1
073 GETIDX R12 R13
075 SEND R12 :ord n=0 (0x00)
079 SEND R12 :to_i n=0 (0x00)
083 LOADI R13 16
086 SEND R12 :<< n=1 (0x01)
090 ADD R11 R12
092 MOVE R7 R11 ; R7:num1
095 MOVE R11 R7 ; R7:num1
098 MOVE R12 R1 ; R1:t
101 MOVE R13 R6 ; R6:n
104 ADDI R13 2
107 GETIDX R12 R13
109 SEND R12 :ord n=0 (0x00)
113 SEND R12 :to_i n=0 (0x00)
117 LOADI R13 8
120 SEND R12 :<< n=1 (0x01)
124 ADD R11 R12
126 MOVE R7 R11 ; R7:num1
129 MOVE R11 R7 ; R7:num1
132 MOVE R12 R1 ; R1:t
135 MOVE R13 R6 ; R6:n
138 ADDI R13 3
141 GETIDX R12 R13
143 SEND R12 :ord n=0 (0x00)
147 SEND R12 :to_i n=0 (0x00)
151 ADD R11 R12
153 MOVE R7 R11 ; R7:num1
156 MOVE R11 R1 ; R1:t
159 MOVE R12 R6 ; R6:n
162 ADDI R12 4
165 GETIDX R11 R12
167 SEND R11 :ord n=0 (0x00)
171 SEND R11 :to_i n=0 (0x00)
175 LOADI R12 24
178 SEND R11 :<< n=1 (0x01)
182 MOVE R8 R11 ; R8:num2
185 MOVE R11 R8 ; R8:num2
188 MOVE R12 R1 ; R1:t
191 MOVE R13 R6 ; R6:n
194 ADDI R13 5
197 GETIDX R12 R13
199 SEND R12 :ord n=0 (0x00)
203 SEND R12 :to_i n=0 (0x00)
207 LOADI R13 16
210 SEND R12 :<< n=1 (0x01)
214 ADD R11 R12
216 MOVE R8 R11 ; R8:num2
219 MOVE R11 R8 ; R8:num2
222 MOVE R12 R1 ; R1:t
225 MOVE R13 R6 ; R6:n
228 ADDI R13 6
231 GETIDX R12 R13
233 SEND R12 :ord n=0 (0x00)
237 SEND R12 :to_i n=0 (0x00)
241 LOADI R13 8
244 SEND R12 :<< n=1 (0x01)
248 ADD R11 R12
250 MOVE R8 R11 ; R8:num2
253 MOVE R11 R8 ; R8:num2
256 MOVE R12 R1 ; R1:t
259 MOVE R13 R6 ; R6:n
262 ADDI R13 7
265 GETIDX R12 R13
267 SEND R12 :ord n=0 (0x00)
271 SEND R12 :to_i n=0 (0x00)
275 ADD R11 R12
277 MOVE R8 R11 ; R8:num2
280 MOVE R12 R7 ; R7:num1
283 MOVE R13 R8 ; R8:num2
286 MOVE R14 R4 ; R4:key
289 SSEND R11 :enc_one n=3 (0x03)
293 AREF R9 R11 0 ; R9:enum1
297 AREF R10 R11 1 ; R10:enum2
301 MOVE R11 R5 ; R5:c
304 MOVE R12 R9 ; R9:enum1
307 SEND R11 :<< n=1 (0x01)
311 MOVE R11 R5 ; R5:c
314 MOVE R12 R10 ; R10:enum2
317 SEND R11 :<< n=1 (0x01)
321 ADDI R6 8 ; R6:n
324 JMP 019
327 MOVE R11 R5 ; R5:c
330 BLOCK R12 I(0:0x56306d901a80)
333 SENDB R11 :collect n=0 (0x00)
337 STRING R12 L(0) ;
340 SEND R11 :join n=1 (0x01)
344 RETURN R11

irep 0x56306d901a80 nregs=7 nlocals=3 pools=1 syms=1 reps=0 ilen=16
local variable names:
R1:x
R2:&
000 ENTER 1:0:0:0:0:0:0 (0x40000)
004 STRING R4 L(0) ; %.8x
007 MOVE R5 R1 ; R1:x
010 SSEND R3 :sprintf n=2 (0x02)
014 RETURN R3

irep 0x56306d901b50 nregs=6 nlocals=3 pools=1 syms=1 reps=0 ilen=16
local variable names:
R1:p
R2:&
000 ENTER 1:0:0:0:0:0:0 (0x40000)
004 MOVE R3 R1 ; R1:p
007 STRING R4 L(0) ; L*
010 SEND R3 :unpack n=1 (0x01)
014 RETURN R3

irep 0x56306d901c20 nregs=11 nlocals=8 pools=0 syms=2 reps=1 ilen=42
local variable names:
R1:num1
R2:num2
R3:key
R4:&
R5:y
R6:z
R7:s
000 ENTER 3:0:0:0:0:0:0 (0xc0000)
004 MOVE R8 R1 ; R1:num1
007 MOVE R9 R2 ; R2:num2
010 LOADI_0 R10
012 MOVE R5 R8 ; R5:y
015 MOVE R6 R9 ; R6:z
018 MOVE R7 R10 ; R7:s
021 GETCONST R8 YY
024 BLOCK R9 I(0:0x56306d901cf0)
027 SENDB R8 :times n=0 (0x00)
031 MOVE R8 R5 ; R5:y
034 MOVE R9 R6 ; R6:z
037 ARRAY R8 R8 2
040 RETURN R8

irep 0x56306d901cf0 nregs=10 nlocals=3 pools=1 syms=5 reps=0 ilen=186
local variable names:
R1:i
R2:&
000 ENTER 1:0:0:0:0:0:0 (0x40000)
004 GETUPVAR R3 5 0
008 GETUPVAR R4 6 0
012 LOADI_3 R5
014 SEND R4 :<< n=1 (0x01)
018 GETUPVAR R5 6 0
022 LOADI_5 R6
024 SEND R5 :>> n=1 (0x01)
028 SEND R4 :^ n=1 (0x01)
032 GETUPVAR R5 6 0
036 ADD R4 R5
038 GETUPVAR R5 7 0
042 GETUPVAR R6 3 0
046 GETUPVAR R7 7 0
050 LOADI R8 11
053 SEND R7 :>> n=1 (0x01)
057 ADDI R7 1
060 LOADI_3 R8
062 SEND R7 :& n=1 (0x01)
066 GETIDX R6 R7
068 ADD R5 R6
070 SEND R4 :^ n=1 (0x01)
074 ADD R3 R4
076 SETUPVAR R3 5 0
080 LOADL R4 L(0) ; 4294967295
083 SEND R3 :& n=1 (0x01)
087 SETUPVAR R3 5 0
091 GETUPVAR R3 7 0
095 GETCONST R4 XX
098 ADD R3 R4
100 SETUPVAR R3 7 0
104 GETUPVAR R3 6 0
108 GETUPVAR R4 5 0
112 LOADI_3 R5
114 SEND R4 :<< n=1 (0x01)
118 GETUPVAR R5 5 0
122 LOADI_5 R6
124 SEND R5 :>> n=1 (0x01)
128 SEND R4 :^ n=1 (0x01)
132 GETUPVAR R5 5 0
136 ADD R4 R5
138 GETUPVAR R5 7 0
142 GETUPVAR R6 3 0
146 GETUPVAR R7 7 0
150 ADDI R7 1
153 LOADI_3 R8
155 SEND R7 :& n=1 (0x01)
159 GETIDX R6 R7
161 ADD R5 R6
163 SEND R4 :^ n=1 (0x01)
167 ADD R3 R4
169 SETUPVAR R3 6 0
173 LOADL R4 L(0) ; 4294967295
176 SEND R3 :& n=1 (0x01)
180 SETUPVAR R3 6 0
184 RETURN R3

irep 0x56306d901d80 nregs=13 nlocals=8 pools=2 syms=7 reps=0 ilen=128
local variable names:
R1:p
R2:&
R3:i
R4:lst_ch
R5:c
R6:k
R7:cipher_text
000 ENTER 1:0:0:0:0:0:0 (0x40000)
004 LOADI_0 R3 ; R3:i
006 LOADI_0 R4 ; R4:lst_ch
008 MOVE R8 R3 ; R3:i
011 MOVE R9 R1 ; R1:p
014 SEND R9 :length n=0 (0x00)
018 LT R8 R9
020 JMPNOT R8 086
024 MOVE R8 R1 ; R1:p
027 MOVE R9 R3 ; R3:i
030 GETIDX R8 R9
032 SEND R8 :ord n=0 (0x00)
036 MOVE R5 R8 ; R5:c
039 MOVE R8 R5 ; R5:c
042 MOVE R9 R4 ; R4:lst_ch
045 SEND R8 :^ n=1 (0x01)
049 MOVE R9 R3 ; R3:i
052 ADDI R9 1
055 SEND R8 :^ n=1 (0x01)
059 SEND R8 :chr n=0 (0x00)
063 MOVE R9 R1 ; R1:p
066 MOVE R10 R3 ; R3:i
069 MOVE R11 R8
072 SETIDX R9 R10 R11
074 MOVE R8 R5 ; R5:c
077 MOVE R4 R8 ; R4:lst_ch
080 ADDI R3 1 ; R3:i
083 JMP 008
086 STRING R6 L(0) ; aaaassssddddffff ; R6:k
089 GETCONST R8 Crypt
092 GETMCNST R8 R8::CIPHER
095 MOVE R9 R1 ; R1:p
098 MOVE R10 R6 ; R6:k
101 SEND R8 :encrypt n=2 (0x02)
105 MOVE R7 R8 ; R7:cipher_text
108 MOVE R8 R7 ; R7:cipher_text
111 STRING R9 L(1) ; f469358b7f165145116e127ad6105917bce5225d6d62a714c390c5ed93b22d8b6b102a8813488fdb
114 EQ R8 R9
116 JMPNOT R8 124
120 LOADT R8
122 RETURN R8
124 LOADF R8
126 RETURN R8

经典阅读文档,那天做题的时候大概就已经猜出来是xtea加密,但是应该是还是有别的加密。当然这次再对照着opcode看,在xtea加密前还有一个异或。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include <stdio.h>
#include <stdint.h>

/* take 64 bits of data in v[0] and v[1] and 128 bits of key[0] - key[3] */

void encipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], sum=0, delta=0x12345678;
for (i=0; i < num_rounds; i++) {
v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
sum += delta;
v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
}
v[0]=v0; v[1]=v1;
}

void decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], delta=0x12345678, sum=delta*num_rounds;
for (i=0; i < num_rounds; i++) {
v1 -= (((v0 << 3) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum+1) & 3]);
sum -= delta;
v0 -= (((v1 << 3) ^ (v1 >> 5)) + v1) ^ (sum + key[((sum>>11)+1) & 3]);
}
v[0]=v0; v[1]=v1;
}

int main()
{
uint32_t v[]={0xf469358b, 0x7f165145, 0x116e127a, 0xd6105917, 0xbce5225d, 0x6d62a714, 0xc390c5ed, 0x93b22d8b, 0x6b102a88, 0x13488fdb },k[4]={'aaaa','ssss','dddd','ffff'};
unsigned int r=32;//num_rounds建议取值为32
// v为要加密的数据是两个32位无符号整数
// k为加密解密密钥,为4个32位无符号整数,即密钥长度为128位
for(int i=0;i<5;++i){
decipher(16, &v[i*2], k);
printf("%08x%08x",v[i*2],v[i*2+1]);
}
return 0;
}
//67080e02194b500d5c585f0b5e40461511470a08154211560d47491e04031d262771217626242765
1
2
3
4
5
6
7
8
a = bytes.fromhex('67080e02194b500d5c585f0b5e40461511470a08154211560d47491e04031d262771217626242765')
a = list(a)
x=0
for i in range(len(a)):
a[i] ^= x ^ (i+1)
x = a[i]
print(bytes(a))
# flag{6ad1c70c-daa4-11ec-9d64-0242ac1200}

secreeeeet

这类题在外国的ctf见过一次,就是通过加密算法生成图片文件,我们要做的就是解密png文件。代码很多但多数无用,找到主要代码就行

我们通过自己构造flag.png尝试加密,发现每次加密都不一样,可能跟随机数有关

image-20220617155208038

发现在main函数开头调用了Xtime_get_ticks获取时间戳,动态调试发现sub_140004940函数将时间戳从数字变为字符串

image-20220617155639380

找到主要加密处;这个地方有点逆天,不知道是啥东西,经查阅应该是rabbit流加密

image-20220617155754520

借用REtard师傅的脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
import struct

# https://github.com/Robin-Pwner/Rabbit-Cipher


def ROTL8(v, n):
return (((v << n) & 0xff) | ((v >> (8-n)) & 0xff))


def ROTL16(v, n):
return (((v << n) & 0xffff) | ((v >> (16-n)) & 0xffff))


def ROTL32(v, n):
return (((v << n) & 0xffffffff) | ((v >> (32-n)) & 0xffffffff))


def ROTL64(v, n):
return (((v << n) & 0xffffffffffffffff) | ((v >> (64-n)) & 0xffffffffffffffff))


def ROTR8(v, n):
return ROTL(V, 8-n)


def ROTR16(v, n):
return ROTL(V, 16-n)


def ROTR32(v, n):
return ROTL(V, 32-n)


def ROTR64(v, n):
return ROTL(V, 64-n)


def SWAP32(v):
return ((ROTL32(v, 8) & 0x00ff00ff) | (ROTL32(v, 24) & 0xff00ff00))


class Rabbit_state(object):
def __init__(self):
self.x = [0]*8
self.c = [0]*8
self.carry = 0


class Rabbit_ctx(object):
def __init__(self):
self.m = Rabbit_state()
self.w = Rabbit_state()


class Rabbit(object):
def __init__(self, key, iv):
self.ctx = Rabbit_ctx()
self.set_key(key)
if(len(iv)):
self.set_iv(iv)

def g_func(self, x):
x = x & 0xffffffff
x = (x*x) & 0xffffffffffffffff
result = (x >> 32) ^ (x & 0xffffffff)
return result

def set_key(self, key: bytes):
# generate four subkeys
key0, key1, key2, key3 = struct.unpack('<4I', key)
s = self.ctx.m
# generate initial state variables
s.x[0] = key0
s.x[2] = key1
s.x[4] = key2
s.x[6] = key3
s.x[1] = ((key3 << 16) & 0xffffffff) | ((key2 >> 16) & 0xffff)
s.x[3] = ((key0 << 16) & 0xffffffff) | ((key3 >> 16) & 0xffff)
s.x[5] = ((key1 << 16) & 0xffffffff) | ((key0 >> 16) & 0xffff)
s.x[7] = ((key2 << 16) & 0xffffffff) | ((key1 >> 16) & 0xffff)
# generate initial counter values
s.c[0] = ROTL32(key2, 16)
s.c[2] = ROTL32(key3, 16)
s.c[4] = ROTL32(key0, 16)
s.c[6] = ROTL32(key1, 16)
s.c[1] = (key0 & 0xffff0000) | (key1 & 0xffff)
s.c[3] = (key1 & 0xffff0000) | (key2 & 0xffff)
s.c[5] = (key2 & 0xffff0000) | (key3 & 0xffff)
s.c[7] = (key3 & 0xffff0000) | (key0 & 0xffff)
s.carry = 0

# Iterate system four times
for i in range(4):
self.next_state(self.ctx.m)

for i in range(8):
# modify the counters
self.ctx.m.c[i] ^= self.ctx.m.x[(i+4) & 7]

# Copy master instance to work instance
self.ctx.w = self.copy_state(self.ctx.m)

def copy_state(self, state):
n = Rabbit_state()
n.carry = state.carry

for i, j in enumerate(state.x):
n.x[i] = j
for i, j in enumerate(state.c):
n.c[i] = j
return n

def set_iv(self, iv: bytes):
# generate four subvectors
v = [0]*4
v[0], v[2] = struct.unpack('<2I', iv)
v[1] = (v[0] >> 16) | (v[2] & 0xffff0000)
v[3] = ((v[2] << 16) | (v[0] & 0x0000ffff)) & 0xffffffff
# Modify work's counter values
for i in range(8):
self.ctx.w.c[i] = self.ctx.m.c[i] ^ v[i & 3]
# Copy state variables but not carry flag
tmp = []

for cc in self.ctx.m.x:
tmp += [cc]
self.ctx.w.x = tmp

# Iterate system four times
for i in range(4):
self.next_state(self.ctx.w)

def next_state(self, state):
g = [0]*8
x = [0x4D34D34D, 0xD34D34D3, 0x34D34D34]
# calculate new counter values
for i in range(8):
tmp = state.c[i]
state.c[i] = (state.c[i]+x[i % 3]+state.carry) & 0xffffffff
state.carry = (state.c[i] < tmp)
# calculate the g-values
for i in range(8):
g[i] = self.g_func(state.x[i]+state.c[i])
# calculate new state values

j = 7
i = 0
while(i < 8):
state.x[i] = (g[i] + ROTL32(g[j], 16) +
ROTL32(g[j-1], 16)) & 0xffffffff
i += 1
j += 1
state.x[i] = (g[i] + ROTL32(g[j & 7], 8) + g[j-1]) & 0xffffffff
i += 1
j += 1
j &= 7

def crypt(self, msg):
plain = b""
l = len(msg)
c = self.ctx
x = [0]*4
start = 0
while(True):
self.next_state(c.w)
for i in range(4):
x[i] = c.w.x[i << 1]
x[0] ^= (c.w.x[5] >> 16) ^ (c.w.x[3] << 16)
x[1] ^= (c.w.x[7] >> 16) ^ (c.w.x[5] << 16)
x[2] ^= (c.w.x[1] >> 16) ^ (c.w.x[7] << 16)
x[3] ^= (c.w.x[3] >> 16) ^ (c.w.x[1] << 16)
b = [0]*16
for i, j in enumerate(x):
for z in range(4):
b[z+4*i] = 0xff & (j >> (8*z))
for i in range(16):
plain += bytes([(msg[start]) ^ b[i]])
start += 1
if(start == l):
return plain


py3版本的rabbit

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from rabbit_cipher import Rabbit
from functools import lru_cache
from itertools import product
import string


def key_subs(key):
return key.translate(b''.maketrans(b'0123456789', b'qscfthnjik'))


def key_expand(key):
expand = bytearray(b'\x00'*0x10)
for i in range(0x10):
if i < len(key):
expand[i] = key[i]
else:
expand[i] = (expand[i - 1] + expand[i - 2]) & 0xFF
return bytes(expand)


def secret_crypt(msg, key):
return Rabbit(key_expand(key_subs(key)), b'\x01\x02\x03\x04\x05\x06\x07\x08').crypt(msg)


@lru_cache(100000)
def secret_crypt_lru(msg, key):
return secret_crypt(msg, key)


def xor(data, key):
data = bytearray(data)
for i in range(len(data)):
data[i] ^= key[i % 3]
return bytes(data)


def bruteforce_key(enc_msg):
png_fixed_header = b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR'
for k3 in product(string.digits, repeat=3):
key3 = ''.join(k3).encode()
for k5 in product(string.digits, repeat=5):
key5 = ''.join(k5).encode()
print('\rprocess', key3, key5, end='')
if xor(secret_crypt_lru(enc_msg, key5), key3) == png_fixed_header:
print('')
return (key3, key5)
raise Exception("not found")


flag_png_enc = open('flag.png.enc', 'rb').read()
key3, key5 = bruteforce_key(flag_png_enc[:0x10]) # (2, 80106)
flag_png = xor(secret_crypt_lru(flag_png_enc, key5), key3)
open('flag.png', 'wb').write(flag_png)

只需要爆破两个key然后逆向rabbit即可

*CTF

RE

Simple File System

给了一个file文件,一个png文件,一个elf文件

我们对elf文件进行分析

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
__int64 __fastcall sub_5615516A1488(int a1, const char **a2)
{
__int64 v2; // rbp
__int64 v4; // rsi
int *v5; // rax
char *v6; // rax
unsigned int v7; // eax
unsigned int v8; // eax
int i; // [rsp-38h] [rbp-1048h]
int j; // [rsp-34h] [rbp-1044h]
int v12; // [rsp-30h] [rbp-1040h]
int v13; // [rsp-2Ch] [rbp-103Ch]
unsigned int v14; // [rsp-28h] [rbp-1038h]
unsigned int v15; // [rsp-28h] [rbp-1038h]
unsigned int v16; // [rsp-28h] [rbp-1038h]
unsigned int v17; // [rsp-28h] [rbp-1038h]
unsigned int v18; // [rsp-28h] [rbp-1038h]
unsigned int v19; // [rsp-28h] [rbp-1038h]
unsigned int v20; // [rsp-28h] [rbp-1038h]
unsigned int v21; // [rsp-28h] [rbp-1038h]
int v22; // [rsp-24h] [rbp-1034h]
int v23; // [rsp-20h] [rbp-1030h]
time_t v24; // [rsp-18h] [rbp-1028h] BYREF
char v25[16]; // [rsp-10h] [rbp-1020h] BYREF
char v26[1024]; // [rsp+3F0h] [rbp-C20h] BYREF
char v27[1024]; // [rsp+7F0h] [rbp-820h] BYREF
char v28[1032]; // [rsp+BF0h] [rbp-420h] BYREF
unsigned __int64 v29; // [rsp+FF8h] [rbp-18h]
__int64 v30; // [rsp+1000h] [rbp-10h]

v30 = v2;
v29 = __readfsqword(0x28u);
if ( a1 != 3 )
{
printf("use: %s <diskfile> <nblocks>\n", *a2);
return 1LL;
}
v4 = (unsigned int)atoi(a2[2]);
if ( !(unsigned int)sub_5615516A3BEC(a2[1], v4) )
{
v5 = __errno_location();
v6 = strerror(*v5);
printf("couldn't initialize %s: %s\n", a2[1], v6);
return 1LL;
}
v7 = sub_5615516A3C9E();
printf("opened emulated disk image %s with %d blocks\n", a2[1], v7);
while ( 1 )
{
printf(" simplefs> ");
fflush(stdout);
if ( !fgets(v25, 1024, stdin) )
break;
if ( v25[0] != 10 )
{
v25[strlen(v25) - 1] = 0;
v12 = __isoc99_sscanf(v25, "%s %s %s", v26, v27, v28);
if ( v12 )
{
if ( !strcmp(v26, "format") )
{
if ( v12 == 1 )
{
if ( (unsigned int)sub_5615516A2357() )
puts("disk formatted.");
else
puts("format failed!");
}
else
{
puts("use: format");
}
}
else if ( !strcmp(v26, "mount") )
{
if ( v12 == 1 )
{
if ( (unsigned int)sub_5615516A27C2() )
puts("disk mounted.");
else
puts("mount failed!");
}
else
{
puts("use: mount");
}
}
else if ( !strcmp(v26, "debug") )
{
if ( v12 == 1 )
sub_5615516A24BB();
else
puts("use: debug");
}
else if ( !strcmp(v26, "getsize") )
{
if ( v12 == 2 )
{
v14 = atoi(v27);
v13 = sub_5615516A3014(v14);
if ( v13 < 0 )
puts("getsize failed!");
else
printf("inode %d has size %d\n", v14, (unsigned int)v13);
}
else
{
puts("use: getsize <inumber>");
}
}
else if ( !strcmp(v26, "create") )
{
if ( v12 == 1 )
sub_5615516A216A();
else
puts("use: create");
}
else if ( !strcmp(v26, "delete") )
{
if ( v12 == 2 )
{
v15 = atoi(v27);
if ( (unsigned int)sub_5615516A2DD1(v15) )
printf("inode %d deleted.\n", v15);
else
puts("delete failed!");
}
else
{
puts("use: delete <inumber>");
}
}
else if ( !strcmp(v26, "cat") )
{
if ( v12 == 2 )
{
v16 = atoi(v27);
if ( !(unsigned int)sub_5615516A2017(v16, "/dev/stdout") )
puts("cat failed!");
}
else
{
puts("use: cat <inumber>");
}
}
else if ( !strcmp(v26, "captureflag") )
{
puts("Are you kidding?");
}
else if ( !strcmp(v26, "plantflag") )
{
v8 = time(&v24);
srand(v8);
v22 = rand() % 100;
v23 = rand() % 100;
for ( i = 0; i < v22; ++i )
{
v17 = sub_5615516A216A();
if ( (unsigned int)sub_5615516A1E16("flag", v17, 2) )//在这
printf("copied file %s to inode %d\n", v27, v17);
else
puts("copy failed!");
}
v18 = sub_5615516A216A();
if ( (unsigned int)sub_5615516A1E16("flag", v18, 1) )
printf("plant flag to inode %d!\n", v18);
else
puts("copy failed!");
for ( j = 0; j < v23; ++j )
{
v19 = sub_5615516A216A();
if ( (unsigned int)sub_5615516A1E16("flag", v19, 2) )
printf("copied file %s to inode %d\n", v27, v19);
else
puts("copy failed!");
}
}
else if ( !strcmp(v26, "copyin") )
{
if ( v12 == 3 )
{
v20 = atoi(v28);
if ( !(unsigned int)sub_5615516A1E16(v27, v20, 0) )
goto LABEL_69;
printf("copied file %s to inode %d\n", v27, v20);
}
else
{
puts("use: copyin <filename> <inumber>");
}
}
else if ( !strcmp(v26, "copyout") )
{
if ( v12 == 3 )
{
v21 = atoi(v27);
if ( (unsigned int)sub_5615516A2017(v21, v28) )
printf("copied inode %d to file %s\n", v21, v28);
else
LABEL_69:
puts("copy failed!");
}
else
{
puts("use: copyout <inumber> <filename>");
}
}
else if ( !strcmp(v26, "help") )
{
puts("Commands are:");
puts(" format");
puts(" mount");
puts(" debug");
puts(" create");
puts(" delete <inode>");
puts(" cat <inode>");
puts(" captureflag");
puts(" plantflag");
puts(" copyin <file> <inode>");
puts(" copyout <inode> <file>");
puts(" help");
puts(" quit");
puts(" exit");
}
else
{
if ( !strcmp(v26, "quit") || !strcmp(v26, "exit") )
break;
printf("unknown command: %s\n", v26);
puts("type 'help' for a list of commands.");
}
}
}
}
puts("closing emulated disk.");
sub_5615516A3E6B();
return 0LL;
}

其实就是跟一个终端一样,我们发现还有一个记事本,记录了一些操作:

1
2
3
4
5
6
7
8
9
10
11
12
# instructions

I implemented a very simple file system and buried my flag in it.

The image file are initiated as follows:
./simplefs image.flag 500
simplefs> format
simplefs> mount
simplefs> plantflag
simplefs> exit

And you cold run "help" to explore other commands.

那么我们很自然的怀疑到plantflag里有东西,我们查看一下,定位到关键函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
// bad sp value at call has been detected, the output may be wrong!
__int64 __fastcall sub_5615516A1E16(const char *a1, unsigned int a2, int a3)
{
int *v3; // rax
char *v4; // rax
unsigned int v7; // [rsp+1Ch] [rbp-4024h]
unsigned int v8; // [rsp+20h] [rbp-4020h]
int v9; // [rsp+24h] [rbp-401Ch]
FILE *stream; // [rsp+28h] [rbp-4018h]
char ptr[16]; // [rsp+30h] [rbp-4010h] BYREF
char v12; // [rsp+40h] [rbp-4000h] BYREF
__int64 v13[512]; // [rsp+3040h] [rbp-1000h] BYREF

while ( v13 != (__int64 *)&v12 )
;
v13[511] = __readfsqword(0x28u);
v7 = 0;
stream = fopen(a1, "r");
if ( stream )
{
while ( 1 )
{
v8 = fread(ptr, 1uLL, 0x4000uLL, stream);
if ( (int)v8 <= 0 )
break;
if ( a3 == 1 )
{
sub_5615516A21B2(ptr, v8);
}
else if ( a3 == 2 )
{
sub_5615516A2305(ptr, v8);
}
v9 = sub_5615516A3585(a2, ptr, v8, v7);
if ( v9 < 0 )
{
printf("ERROR: fs_write return invalid result %d\n", (unsigned int)v9);
break;
}
v7 += v9;
if ( v9 != v8 )
{
printf("WARNING: fs_write only wrote %d bytes, not %d bytes\n", (unsigned int)v9, v8);
break;
}
}
printf("%d bytes copied\n", v7);
fclose(stream);
return 1LL;
}
else
{
v3 = __errno_location();
v4 = strerror(*v3);
printf("couldn't open %s: %s\n", a1, v4);
return 0LL;
}
}

一个函数一个函数看,发现a3 = 1时,里面的函数可逆,我们查看一下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
__int64 __fastcall sub_5615516A21B2(__int64 a1, int a2)
{
int i; // [rsp+10h] [rbp-10h]
int v4; // [rsp+14h] [rbp-Ch]
_BYTE *v5; // [rsp+18h] [rbp-8h]

v4 = sub_5615516A30A3();
for ( i = 0; i < a2; ++i )
{
v5 = (_BYTE *)(i + a1);
*v5 = (*v5 >> 1) | (*v5 << 7);
*v5 ^= v4;
*v5 = ((unsigned __int8)*v5 >> 2) | (*v5 << 6);
*v5 ^= BYTE1(v4);
*v5 = ((unsigned __int8)*v5 >> 3) | (32 * *v5);
*v5 ^= BYTE2(v4);
*v5 = ((unsigned __int8)*v5 >> 4) | (16 * *v5);
*v5 ^= HIBYTE(v4);
*v5 = (*v5 >> 5) | (8 * *v5);
}
return 0LL;
}

现在有几个问题是,没找到原来的数据或者对比的数据,(这个数据哦经过我的调试应该是从图片的文件中读取的)还不知道v4是啥,v4这个值的函数太恶心了,所以我们动调一下,把所有文件都扔到目录下:

image-20220418233932982

先输入:

1
./simplefs image.flag 500

然后进行attach一下,程序就动起来了,最好在sub_5615516A21B2函数进行断点。

然后按照指示的命令调下去,然后点F9,进入断点

image-20220418234244165

调试出v4的值,然后我们其中能动调出v5的每个值,前三个0x00和0xD2和0xFC,那么我们直接去flag图片里找就行了,当然我们可以直接动态调试出原来的flag,可以不用写脚本。

image-20220418235157590

当然还是写一下逆向的脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
a = [0x00,0xD2,0xFC,0xD8,0xA2,0xDA,0xBA,0x9E,0x9C,0x26,0xF8,0xF6,0xB4,0xCE,0x3C,0xCC,0x96,0x88,0x98,0x34,0x82,0xDE,0x80,0x36,0x8a,0xd8,0xc0,0xf0,0x38,0xae,0x40]
flag = ""
for i in range(len(a)):
v1 = a[i]
v1 = ((v1<< 5) | (v1 >> 3))&0xff
v1 ^= 0xde
v1 = ((v1 << 4) | (v1 >> 4))&0xff
v1 ^= 0xed
v1 = ((v1 << 3) | (v1 >> 5))&0xff
v1 ^= 0xbe
v1 = ((v1 << 2) | (v1 >> 6))&0xff
v1 ^= 0xef
v1 = ((v1 << 1) | (v1 >> 7))&0xff
flag += chr(v1)
print(flag)
#*CTF{Gwed9VQpM4Lanf0kEj1oFJR6}

NaCl

这个题看一早上,汇编没学好,出不来,近些天上课正在看汇编,等我汇编看的差不多了,就开始整一下这个题的汇编。

image-20220421184638338

函数逻辑很清晰,但这个函数里的内容就不敢苟同了,很杂很乱:

image-20220421184911788

我只能说不太好看懂,经过动态调试后,发现其到38行后进入下面的汇编:

image-20220419151306919

然后会进入一个巨大的循环,里面进行着加密,经过43次循环后,进入下一个汇编,这个汇编是xtea加密,这个xtea改了两处,第一是循环轮次,第二是delta。

参考了PZ师傅的解题思路,我们可以采用idapython去掉花指令的方法来生成可视的代码,从而避免看汇编。

不能反汇编的原因是因为,在这些汇编的后面是很奇怪的,他们有着统一的格式

1
2
3
4
5
6
7
nop
lea r15, [r15+8]
mov edi, [r15-8]
and edi, 0xffffffe0h
lea rdi, [r13+rdi+0]
jmp rdi
其实这样看来,很像是retn的做法,而这些指令的操作对象全部是堆栈,通过调试发现,r13一直为0r15的操作像是栈的储存,即这个是用r15表示rspr14代表rbp
1
2
3
4
5
6
7
还有地方似乎更像是call指令
nop
lea r15, [r15-8]
lea r12, loc_8080980
mov [r15], r12
jmp loc_8080720
其实这个就是要跳转到那个函数

那么我们要用idapython修改的地方已经出来了,我们只需要将像上面第一个的改成retn,第二个改成call指令就行了。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import idc
start = 0x807FEC0
end = 0x8080AD1

address = [0 for i in range(5)]
callTarget = ["lea", "lea", "mov", "jmp"]
retnTarget = ["lea", "mov", "and", "lea", "jmp"]


def nop(s, e):
while (s < e):
patch_byte(s, 0x90)
s += 1

def turnCall(s, e):
nop(s, e)
patch_byte(e, 0xE8)
huaStart = next_head(e)
huaEnd = next_head(huaStart)
nop(huaStart, huaEnd)

def turnRetn(s, e):
nop(s, e)
patch_byte(e, 0x90)
patch_byte(e + 1, 0xC3)

p = start
while p < end:
address[0] = p
address[1] = next_head(p)#下一个指令
address[2] = next_head(address[1])
address[3] = next_head(address[2])
address[4] = next_head(address[3])

for i in range(0, 4):
if print_insn_mnem(address[i]) != callTarget[i]:
break
else:
turnCall(address[0], address[3])
p = next_head(next_head(address[3]))
continue

for i in range(0, 5):
if print_insn_mnem(address[i]) != retnTarget[i]:
break
else:
turnRetn(address[0], address[4])
p = next_head(next_head(address[4]))
continue

p = next_head(p)

然后我们点edit–patch program–最后一项,重进ida刷新,就会发现进入一片有反汇编的世界!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
__int64 __fastcall sub_8080900(__int64 a1)
{
__int64 v1; // r13
int v2; // er15
struct_v3 *v3; // r15

v3 = (struct_v3 *)(v1 + (unsigned int)(v2 - 40));
v3->input = a1;
v3->count = 0;
for ( v3->count = 0; v3->count <= 3; ++v3->count )
{
v3->t = 8 * v3->count + v3->input;//取8位,flag长32位
v3->qword10 = sub_8080720(v3->t);//第一个加密
sub_8080100(1 << (LOBYTE(v3->count) + 1), (__int64)&v3->qword10);// 循环轮次2,4,8,16
sub_807FEC0((char *)&unk_80AFC80 + 8 * v3->count, &v3->qword10, 8LL);
}
sub_807FF20(&byte_80AFC60, &unk_80AFC80, 32LL);
return 4096LL;
}

我学习到了比如像*(v3+36),*(v3+18),这样的,我们其实可以将其定义成一个结构体右键–creat new struct即可。

先进入第一个函数:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
__int64 __fastcall sub_8080720(__int64 a1)
{
__int64 v1; // rbx
__int64 v2; // r13
__int64 v3; // r15
_QWORD *v4; // r15
struct_v5 *v5; // r15

v4 = (_QWORD *)(v3 - 8);
*v4 = v1;
v5 = (struct_v5 *)(v2 + (unsigned int)((_DWORD)v4 - 56));
v5->qword0 = a1;
v5->xorkey = sub_8080360();
v5->qword18 = *(_QWORD *)(v2 + (unsigned int)v5->qword0);
v5->HIGHER = little(HIDWORD(v5->qword18)); // 小端序
v5->LOWER = little(v5->qword18);
for ( v5->int2C = 0; v5->int2C <= 43; ++v5->int2C )
{
v5->dword14 = v5->LOWER;
ROL(v5->LOWER, 1);
ROL(v5->LOWER, 8);
v5->LOWER = v5->HIGHER ^ ROL(v5->LOWER, 2) ^ *(_DWORD *)(v2 + 4 * v5->int2C + (unsigned int)v5->xorkey);
v5->HIGHER = v5->dword14;
}
v5->qword18 = 0LL;
v5->qword18 = ((v5->qword18 | v5->LOWER) << 32) | v5->HIGHER;
return v5->qword18;
}

这个是先将8个字节又分为2组,每组4字节并将其倒置,然后对其低位左移,然后进行异或,这个异或很复杂,我们可以通过动调把xorkey调试出来。然后再看第二个加密

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
__int64 __fastcall sub_8080100(int a1, __int64 a2)
{
__int64 v2; // r13
mylist *v3; // r15
__int64 result; // rax

v3[-1].count = a1;
*(_QWORD *)&v3[-1].t0 = a2;
*(_QWORD *)&v3[-1].t6 = &dword_80AFB40; // key
v3[-1].t10 = *(_DWORD *)(v2 + (unsigned int)*(_QWORD *)&v3[-1].t0);
v3[-1].t9 = *(_DWORD *)(v2 + (unsigned int)*(_QWORD *)&v3[-1].t0 + 4);
v3[-1].t8 = 0;
v3[-1].t5 = 271733878; // delata
for ( v3[-1].t11 = 0; v3[-1].t11 < (unsigned int)v3[-1].count; ++v3[-1].t11 )
{
v3[-1].t10 += ((((unsigned int)v3[-1].t9 >> 5) ^ (16 * v3[-1].t9)) + v3[-1].t9) ^ (*(_DWORD *)(v2
+ 4 * (v3[-1].t8 & 3)
+ (unsigned int)*(_QWORD *)&v3[-1].t6)
+ v3[-1].t8);
v3[-1].t8 += v3[-1].t5;
v3[-1].t9 += ((((unsigned int)v3[-1].t10 >> 5) ^ (16 * v3[-1].t10)) + v3[-1].t10) ^ (*(_DWORD *)(v2 + 4 * (((unsigned int)v3[-1].t8 >> 11) & 3) + (unsigned int)*(_QWORD *)&v3[-1].t6)
+ v3[-1].t8);
}
*(_DWORD *)(v2 + (unsigned int)*(_QWORD *)&v3[-1].t0) = v3[-1].t10;
result = (unsigned int)v3[-1].t9;
*(_DWORD *)(v2 + (unsigned int)*(_QWORD *)&v3[-1].t0 + 4) = result;
return result;
}

其中我们还是可以通过右键–convert to struct把v3转换成内含12个int的结构体,不难发现这是个xtea加密,传入参数第一个是循环轮次,这个轮次是2,4,8,16,delta变化了,所以逻辑理清了,就把脚本搞出来:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#include <stdio.h>
#include <stdint.h>

#define SHL(x, n) ( ((x) & 0xFFFFFFFF) << n )
#define ROTL(x, n) ( SHL((x), n) | ((x) >> (32 - n)) )

unsigned int xorKey[44] = {
0x04050607, 0x00010203, 0x0C0D0E0F, 0x08090A0B, 0xCD3FE81B, 0xD7C45477, 0x9F3E9236, 0x0107F187,
0xF993CB81, 0xBF74166C, 0xDA198427, 0x1A05ABFF, 0x9307E5E4, 0xCB8B0E45, 0x306DF7F5, 0xAD300197,
0xAA86B056, 0x449263BA, 0x3FA4401B, 0x1E41F917, 0xC6CB1E7D, 0x18EB0D7A, 0xD4EC4800, 0xB486F92B,
0x8737F9F3, 0x765E3D25, 0xDB3D3537, 0xEE44552B, 0x11D0C94C, 0x9B605BCB, 0x903B98B3, 0x24C2EEA3,
0x896E10A2, 0x2247F0C0, 0xB84E5CAA, 0x8D2C04F0, 0x3BC7842C, 0x1A50D606, 0x49A1917C, 0x7E1CB50C,
0xFC27B826, 0x5FDDDFBC, 0xDE0FC404, 0xB2B30907
};

void decipher(unsigned int num_rounds, uint32_t v[2], uint32_t const key[4]) {
unsigned int i;
uint32_t v0=v[0], v1=v[1], delta = 0x10325476, sum=delta*num_rounds;
for (i=0; i < num_rounds; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum >> 11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[(sum & 3)]);
}
v[0]=v0; v[1]=v1;
}
void XorRol(uint32_t v[2])
{
uint32_t encLow = v[1];
uint32_t encHigh = v[0];
uint32_t orgLow, orgHigh, v6, v7, v8;
int i;

for ( i = 43; i >= 0; i-- )
{
orgLow = encHigh;
v6 = ROTL(orgLow, 1);
v7 = ROTL(orgLow, 8) & v6;
v8 = v7 ^ ROTL(orgLow, 2);
orgHigh = encLow ^ xorKey[i] ^ v8;

encHigh = orgHigh;
encLow = orgLow;
}
v[0] = orgLow; v[1] = orgHigh;
}

int main(){
uint32_t v[] = { 0xFDF5C266, 0x7A328286, 0xCE944004, 0x5DE08ADC, 0xA6E4BD0A, 0x16CAADDC, 0x13CD6F0C, 0x1A75D936 };
uint32_t k[4] = { 0x03020100, 0x07060504, 0x0B0A0908, 0x0F0E0D0C };
int i, j;
uint32_t teaData[8];
for ( i = 0; i <= 3; i++ )
{
decipher(1 << (i + 1), v + i * 2, k);
printf("0x%X, 0x%X, ", v[i * 2], v[i * 2 + 1]);
teaData[i * 2] = v[i * 2];
teaData[i * 2 + 1] = v[i * 2 + 1];
}
puts("\n");

for ( i = 0; i <= 3; i++ )
{
XorRol(teaData + i * 2);
}

puts("\n");

unsigned char * t = (unsigned char *)&teaData;
for ( i = 0; i < 32; i += 4 )
printf("%c%c%c%c", t[i + 3], t[i + 2], t[i + 1], t[i]);

return 0;
}


*CTF{mM7pJIobsCTQPO6R0g-L8kFExhYuivBN}

Jump

属实是把这题整明白了,看了一下午一直在想为什么这个会一直为0,原来是有setjump和longjump函数。

1
2
int setjmp(jmp_buf env);
void longjmp(jmp_buf env, int value);

众所周知,env一般代表的是上下文环境,在这也是如此,什么时候会用到这类函数捏。我们知道goto只能用于函数的局部跳转,跨函数是不行的,那么我们采用setjump和longjump就很好的解决了这个问题,这两个函数保存当前上下文,比如保存现有堆栈环境,在嵌套函数中进行随心所欲的跳转。

setjump返回值永远是0,这就说明了为什么在题中ifelse语句中,永远只进else语句。当先调用了setjump后,再调用longjump,那么返回回值由value参数确定,然后setjump也要返回非0值。这个和信号处理的一些函数很相似。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
__int64 __fastcall sub_40293E(__int64 a1, __int64 a2)
{
__int64 v2; // rdx
__int64 v3; // rcx
__int64 v4; // r8
__int64 v5; // r9
__int64 v7; // rsi
__int64 v8; // rdx
__int64 v9; // rcx
__int64 v10; // r8
__int64 v11; // r9
__int64 v12; // rdx
__int64 v13; // rcx
__int64 v14; // r8
__int64 v15; // r9
__int64 v16; // rdx
__int64 v17; // rcx
__int64 v18; // r8
__int64 v19; // r9
__int64 v20; // rdx
__int64 v21; // rcx
__int64 v22; // r8
__int64 v23; // r9
__int64 v24; // rdx
__int64 v25; // rcx
__int64 v26; // r8
__int64 v27; // r9
char v28; // [rsp+0h] [rbp-10h]
char v29; // [rsp+0h] [rbp-10h]
char v30; // [rsp+0h] [rbp-10h]
char v31; // [rsp+0h] [rbp-10h]
char v32; // [rsp+0h] [rbp-10h]
int v33; // [rsp+Ch] [rbp-4h]
int v34; // [rsp+Ch] [rbp-4h]
int v35; // [rsp+Ch] [rbp-4h]
int v36; // [rsp+Ch] [rbp-4h]

scanf(input);
v33 = setjump((__int64)&unk_4C9680, a2, v2, v3, v4, v5, v28);//v33=0
if ( v33 )
{
if ( v33 == 1 )
return 1LL;
}
else
{
de();//是一个添加函数
}
v7 = 1LL;
qword_4C9400 = longjump(dword_4C613C + 1, 1uLL);
if ( !(unsigned int)setjump((__int64)&unk_4C9680, 1LL, v8, v9, v10, v11, v29) )
{
v7 = 1LL;
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
qword_4C9408 = sub_427140(8LL * dword_4C613C);
v34 = setjump((__int64)&unk_4C9680, 1LL, v12, v13, v14, v15, v30);
if ( v34 )
{
if ( v34 <= dword_4C613C ) // 循环0x23次
{
v7 = (unsigned int)(v34 + 1);
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
}
else
{
v7 = 1LL;
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
sub_401F62((char *)qword_4C9408); // 对字符排序
v35 = setjump((__int64)&unk_4C9680, v7, v16, v17, v18, v19, v31);
if ( v35 )
{
if ( v35 <= dword_4C613C )
{
v7 = (unsigned int)v35;
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
}
else
{
sub_402826((__int64)&unk_4C9680, v7, v20, v21, v22, v23);// 对比处
}
sub_427730(qword_4C9408);
sub_427730(qword_4C9400);
v36 = setjump((__int64)&unk_4C9680, v7, v24, v25, v26, v27, v32);
if ( !v36 )
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
if ( v36 == 1 )
sub_411920((__int64)"*CTF{%s}\n", (const char *)input);
return 0LL;
}

我们先看de函数:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
void de()
{
__int64 v0; // rsi
__int64 v1; // rdx
__int64 v2; // rcx
__int64 v3; // r8
__int64 v4; // r9
int v5; // er9
__int64 v6; // rdx
__int64 v7; // rcx
__int64 v8; // r8
__int64 v9; // r9
char v10; // [rsp+0h] [rbp-10h]
char v11; // [rsp+0h] [rbp-10h]
int v12; // [rsp+Ch] [rbp-4h]

if ( sub_4011A0() || (v0 = 3LL, sub_4011A0()) )
{
v0 = 1LL;
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
if ( !(unsigned int)setjump((__int64)&unk_4C9460, v0, v1, v2, v3, v4, v10) )
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
sprintf(qword_4C9400, (unsigned int)"%c%s%c", 2, (unsigned int)input, 3, v5);// 在输入前添加2,输入后添加3
v12 = setjump((__int64)&unk_4C9460, (__int64)"%c%s%c", v6, v7, v8, v9, v11);
if ( !v12 )
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
if ( v12 > 0 )
{
qword_4C9660 = longjump(dword_4C613C + 1, 1uLL);
sub_401020(qword_4C9660, qword_4C9400 + v12 - 1LL);
if ( v12 > 1 )
sub_401100();
*(_QWORD *)(qword_4C9408 + 8LL * v12 - 8) = qword_4C9660;
}
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}

我们首先要盯着input里的变化,这个函数只在我们输入的字符串前增加2,字符串后加3

我是先看到了对比函数,所以先查看一下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
void __fastcall sub_402826(__int64 a1, __int64 a2, __int64 a3, __int64 a4, __int64 a5, __int64 a6)
{
char v6; // [rsp+0h] [rbp-10h]
int v7; // [rsp+Ch] [rbp-4h]

v7 = setjump((__int64)&unk_4C9540, a2, a3, a4, a5, a6, v6);
if ( v7 )
{
if ( v7 <= dword_4C613C )
{
byte_4C9420[v7 - 1] = *(_BYTE *)(dword_4C613C - 1LL + *(_QWORD *)(8LL * v7 - 8 + qword_4C9408));// 取每个字符串的最后一位
sub_427730(*(_QWORD *)(8LL * v7 - 8 + qword_4C9408));
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
}
else
{
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}
sub_401DC1(byte_4C9420, &unk_4C6100, (unsigned int)dword_4C613C);// 对比处
((void (__fastcall *)())((char *)&sub_401D44 + 1))();
}

对比处藏着我们需要逆向的字符串,然后我们在byte_4C9420发现我们输入的字符串变化了,但变化我们不清楚,返回主函数,继续找,找到sub_401F62,其参数是经过de函数后的字符串,我们进去查看:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
unsigned __int64 __fastcall sub_401F62(char *a1)
{
int i; // eax
char *v2; // rax
unsigned __int64 result; // rax
char v4; // [rsp+13h] [rbp-49Dh]
char *v5; // [rsp+18h] [rbp-498h]
char *v6; // [rsp+20h] [rbp-490h]
char **v7; // [rsp+28h] [rbp-488h]
char *v8; // [rsp+30h] [rbp-480h]
char *v9; // [rsp+38h] [rbp-478h]
char *v10; // [rsp+40h] [rbp-470h]
char *v11; // [rsp+48h] [rbp-468h]
char *k; // [rsp+48h] [rbp-468h]
char *v13; // [rsp+48h] [rbp-468h]
char *j; // [rsp+50h] [rbp-460h]
char *v15; // [rsp+50h] [rbp-460h]
char *v16; // [rsp+58h] [rbp-458h]
char *m; // [rsp+60h] [rbp-450h]
char *v18; // [rsp+68h] [rbp-448h]
char *v19; // [rsp+98h] [rbp-418h]
__int64 v20[2]; // [rsp+A0h] [rbp-410h] BYREF
__int64 v21; // [rsp+B0h] [rbp-400h] BYREF
unsigned __int64 v22; // [rsp+4A8h] [rbp-8h]

v22 = __readfsqword(0x28u);
v5 = a1;
v6 = a1 + 264;
v20[0] = 0LL;
v20[1] = 0LL;
v7 = (char **)&v21;
while ( v7 > (char **)v20 )
{
v10 = &v5[8 * (((v6 - v5) / 8) >> 1)];
if ( (int)sub_401EB7(v10, v5) < 0 )
sub_401EF6(v10, v5, 8);
if ( (int)sub_401EB7(v6, v10) < 0 )
{
sub_401EF6(v10, v6, 8); // 循环右移1位
if ( (int)sub_401EB7(v10, v5) < 0 )
sub_401EF6(v10, v5, 8);
}
v8 = v5 + 8;
v9 = v6 - 8;
for ( i = sub_401EB7((_QWORD *)v5 + 1, v10); ; i = sub_401EB7(v8, v10) )
{
if ( i < 0 )
{
v8 += 8;
continue;
}
while ( (int)sub_401EB7(v10, v9) < 0 )
v9 -= 8;
if ( v8 >= v9 )
break;
sub_401EF6(v8, v9, 8);
if ( v10 == v8 )
{
v10 = v9;
}
else if ( v10 == v9 )
{
v10 = v8;
}
v8 += 8;
v9 -= 8;
LABEL_22:
if ( v8 > v9 )
goto LABEL_23;
}
if ( v8 != v9 )
goto LABEL_22;
v8 += 8;
v9 -= 8;
LABEL_23:
if ( (unsigned __int64)(v9 - v5) > 0x20 )
{
if ( (unsigned __int64)(v6 - v8) > 0x20 )
{
if ( v9 - v5 <= v6 - v8 )
{
*v7 = v8;
v7[1] = v6;
v7 += 2;
v6 = v9;
}
else
{
*v7 = v5;
v7[1] = v9;
v7 += 2;
v5 = v8;
}
}
else
{
v6 = v9;
}
}
else if ( (unsigned __int64)(v6 - v8) > 0x20 )
{
v5 = v8;
}
else
{
v7 -= 2;
v5 = *v7;
v6 = v7[1];
}
}
v11 = a1;
v2 = a1 + 32;
if ( a1 + 264 <= a1 + 32 )
v2 = a1 + 264;
v19 = v2;
for ( j = a1 + 8; j <= v19; j += 8 )
{
if ( (int)sub_401EB7(j, v11) < 0 )
v11 = j;
}
if ( v11 != a1 )
sub_401EF6(v11, a1, 8);
v15 = a1 + 8;
while ( 1 )
{
v15 += 8;
if ( v15 > a1 + 264 )
break;
for ( k = v15 - 8; (int)sub_401EB7(v15, k) < 0; k -= 8 )
;
v13 = k + 8;
if ( v13 != v15 )
{
v16 = v15 + 8;
while ( --v16 >= v15 )
{
v4 = *v16;
v18 = v16;
for ( m = v16; ; m = v18 )
{
v18 -= 8;
if ( v18 < v13 )
break;
*m = *v18;
}
*m = v4;
}
}
}
result = __readfsqword(0x28u) ^ v22;
if ( result )
sub_459C10();
return result;
}

这个排序函数很长,很难搞,我们先动调搞一下,发现经过sub_401EF6(v10, v6, 8); 函数时会让字符串循环左移一位,然后我们直接略过这个循环函数,直接看循环后的结果,发现在藏字符串的地方存了许多长字符串,那么我们经过观察,能发现几个规律,这个字符串的第一个字符是经过从小到大排列的,而且第一个字符和最后一个字符是永远绑定在一起的,而我们要解密的字符串经过:

1
byte_4C9420[v7 - 1] = *(_BYTE *)(dword_4C613C - 1LL + *(_QWORD *)(8LL * v7 - 8 + qword_4C9408));

也就是取字符串最后一位连起来并且首位是2,末位是3,所以很简单了,直接手算就出了。

1
2
3
4
\x02\x03+1246=BCDEFGLNRSTVZ_acjkmnpquvwx   #第一位字符,按升序排列
\x03jmGn_=uaSZLvN4wFxE6R+p\x02D2qV1CBTck #对比时的字符串,也就是每个字符串最后一位

\x02cwNG1paBu=6Vn2kxSCqm+_4LETvFRZDj\x03