tag:blogger.com,1999:blog-25419958433638311642024-03-12T17:48:50.505-07:00BLACKHAT.ORGGood Guys Still Wear Black ...JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.comBlogger36125tag:blogger.com,1999:blog-2541995843363831164.post-8367171825090877162019-10-15T12:31:00.000-07:002019-10-15T12:31:06.399-07:00Nessus Compliance to Baseline Fix it List<br />
Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTableFix.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTableFix.java</a><br />
<br />
<br />
This script is a riff on XMLCompTable - Called XMLCompTableFix. This script produces a list of fix items for the machine to bring it into compliance.<br />
<br />
This script gives an X Y chart with tests down one axis and machines across the top axis, resulting in a chart with compliance failures and how to fix them ** See Example Below **<br />
<br />
--------<br />
<br />
WN10-00-000175 - The Secondary Logon service must be disabled on Windows 10.<br />
<br />
Check Failed - Solution: Configure the 'Secondary Logon' service 'Startup Type' to 'Disabled'. Refernces: 800-171|3.4.6,800-171|3.4.7,800-53|CM-7,CAT|II,CCI|CCI-000381,CIP|007-6-R1,CN-L3|7.1.3.5(c),CN-L3|7.1.3.7(d),CSCv6|9.1,CSF|PR.IP-1,CSF|PR.PT-3,ITSG-33|CM-7,NIAv2|SS13b,NIAv2|SS14a,NIAv2|SS14c,NIAv2|SS15a,PCI-DSSv3.1|2.2.2,PCI-DSSv3.1|2.2.3,PCI-DSSv3.2|2.2.2,PCI-DSSv3.2|2.2.3,Rule-ID|SV-89393r1_rule,STIG-ID|WN10-00-000175,SWIFT-CSCv1|2.3,Vuln-ID|V-74719JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-38949267005576474592015-06-29T17:38:00.003-07:002015-06-29T17:42:46.891-07:00XMLCompTable2 - Now with details!Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTable2.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTable2.java</a><br />
<br />
It has been a while between creating code to work with Nessus but I recently had a need to run CIS benchmarks that had not been edited to match a local security policy.<br />
<br />
Due to this I had a need to see not only the default pass and fail but what the scanner found when scanning when the scanner identified a Pass and Fail.<br />
<br />
The output looks something like the following; Machines on the top axis and tests on the side axis.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSXMxyJst2Jx9ivcWoBBX34Lr24kPQGhkg66sjNNbpKsFXPNYp7fjDioA1jEZrIPNDASBwe0SAwecfopCRscoBuVgNiAC-_uOWZqJ0fdaCnchcckmWz8_IHyTkNd9uRy83t1CCTkNO28_M/s1600/example.tiff" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSXMxyJst2Jx9ivcWoBBX34Lr24kPQGhkg66sjNNbpKsFXPNYp7fjDioA1jEZrIPNDASBwe0SAwecfopCRscoBuVgNiAC-_uOWZqJ0fdaCnchcckmWz8_IHyTkNd9uRy83t1CCTkNO28_M/s400/example.tiff" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
To run the command as always;<br />
<br />
java -Xmx1g XMLCompTable2 *.nessus > output.[html/xls]<br />
<br />
To get the best value out of this scan and parse one baseline at a time (i.e. All Windows 2008, All Windows 7, All Redhat, etc.)<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-28837693979608326252012-10-10T16:57:00.000-07:002012-10-10T16:59:47.294-07:00SAPpy - Annual 800-53 CM Control Testing Selection AutomatedCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/SAPpy.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/SAPpy.java</a><br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/SAPpy.zip">https://github.com/JasonMOliver/Java_Parsers/blob/master/SAPpy.zip</a> <-- With Include Files<br />
<br />
-----<br />
<span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;"><br /></span></span>
I have been working for some time with the NIST / FISMA process and always wanted to automate what controls needed to be tested given your working on a 3 year cycle but actually using the concepts of Continuous Monitoring (CM).<br />
<br />
Way to much time is spent on the process of a Security Assessment Plan (SAP) in picking what controls need to be tested.<br />
Additionally, people never seem to be sure what to select and if everything over the 3 year cycle has been addressed.<br />
<br />
Its worth a note to say that the 3 year cycle is a dated concept but most Federal agencies are accrediting networks for 3 years still at this point, even if now due to CM, it is suppose to be a continuous process.<br />
<br />
The end result of this is everything needs to be accounted for in the baseline at some time in the 3yr accreditation time frame and if your accreditation is shorter simply account for that by leaving the prior year files blank for the associated year not counted in the process.<br />
(i.e. if you have a 2 year accreditation do not fill out the 2 + year ago data in Yr1.txt)<br />
<br />
SAPpy simplifies that, though rather crudely, making sure every control is accounted for in the cycle and the additional requirements are also accounted for like major changes, POA&Ms, FIPS 200 updates, etc.<br />
<br />
<pre><span style="font-family: Times,"Times New Roman",serif;"><span style="font-size: small;">Simply fill in the associated text files with the following data;</span></span></pre>
<pre> <span style="font-family: inherit;"><span style="font-size: small;">
</span></span></pre>
<ul>
<li><span style="font-family: inherit;"><span style="font-size: small;"> Baseline.txt - All Controls from NIST in the Low, Moderate or High Baseline. * Do not adjust for FIPS 200 at this point *</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> req.txt - All of the control with annual testing requirements for the system.</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> FIPS200.txt - List all of the controls tailored out of the Baseline in the FIPS 200</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> POAM.txt - List all the controls with closed POA&Ms in the last 12 mo. *This may not be necessary if you audit during POA&M closure.</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> MajorChange.txt - List any controls that have had a major change. (i.e. moved buildings add in PE controls, etc)</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> Yr1.txt - List all of the controls tested in the SCA from 2 Years Ago</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;"> Yr2.txt - List all of the controls tested in the SCA from 1 Year Ago </span></span></li>
</ul>
<span style="font-family: inherit;"><span style="font-size: small;"><span class="cm">Then run the following command;</span></span></span><br />
<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span class="cm"><span style="font-family: "Courier New",Courier,monospace;">java SAPpy</span></span></span></span><br />
<br />
At this point SAPpy will take over sort everything out and STDOUT your set of controls that need to be tested for the year based on your baseline for the system.<br />
<br />
Simple as that! <br />
<br />
As always if you see issues with this code, or are seeing this process implemented with different interpretations you may need to adjust the code. <br />
<br />
cheers and happy testing<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span class="cm"><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;">JSN </span></span></span></span></span><br />
<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span class="cm"><span style="font-family: "Courier New",Courier,monospace;"><span style="font-family: inherit;"> </span> </span> </span></span></span>JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com2tag:blogger.com,1999:blog-2541995843363831164.post-32722942631055579782012-07-08T10:24:00.000-07:002012-07-10T06:18:21.946-07:00Reports with Plugin Family AnalysisCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV4.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV4.java</a><br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTableStatsV2.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTableStatsV2.java</a><br />
<br />
----- <br />
<br />
I have been working on building out better charts with metrics divisions that assist in pin pointing problem areas in large networks. This started out with wanting to publish charts with vulns by OS and while I am still working on it, OS is a complicated puzzle.<br />
<br />
Its complicated for a number of reasons;<br />
<br />
One being OS detection is questionable and when it works some times the data has more detail that needed for simplification of OS based metrics.<br />
<br />
Also plugins that fire based on a middle-ware are ponderous as to if you want them bunched in with the underling OS (i.e. Apache on Redhat vs Windows, etc).<br />
<br />
So in the mean time I adjusted the Table code I had and Stats code to include the Nessus Plugin Family. This also allows me to push to gnuPlot for a nice management looking chart for vuln by OS. For the most part you can see what jumps out for places to focus on, be that Windows patches, middle-ware / application patching, web code, etc.<br />
<br />
The one glitch type thing is Nessus uses the categories Misc and General that can be confusing and in need of some clarification.<br />
<br />
cheer<br />
<br />
JSN <br />
<br />JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-81061572756782652782012-06-25T20:25:00.000-07:002012-06-25T20:29:34.026-07:00GUI Risk StatsCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsTab.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsTab.java</a><br />
<br />
----- <br />
<br />
I have been playing with gnuplot for about a day and I have to say its a lot of fun and can be complex. So far I have been able to generate some decent pictures of data for reports and such but I hope in the future this idea will get far more complex.<br />
<br />
As of now I have attached a beta stats file for outputting .nessus files into tab delimited summery data for parsing with gnuplot.<br />
<br />
I started out with the following two graphs I thought I would share they are both vuln data for the top 20 hosts based on over all CVSS score.<br />
<br />
To get the data from the tool output to a parsable format that is sorted I use the following commands<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">java XMLVulnStatsTab TestTab.out *.nessus</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;"><br /></span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">head -n 1 TestTab.out | awk -F '\t' '{print $1"\t"$3"\t"$4"\t"$5"\t"$6}' > TestDataWithTabs20Vuln.dat; awk -F '\t' '{print $2"\t"$1"\t"$3"\t"$4"\t"$5"\t"$6}' TestTab.out | sort -g -r | head -n 20 | awk -F '\t' '{print $2"\t"$3"\t"$4"\t"$5"\t"$6}' >> TestDataWithTabs20Vuln.dat</span></div>
<br />
At this point you should have the Top 20 data to play with;<br />
<br />
A side not at this point you can get gnuplot for Mac in Macports <br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
port install gnuplot </div>
<br />
After you have gnuplot all setup and running use the following command set for the reports<br />
<br />
#Top 20 Cluster Chart<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set style data histogram</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set style histogram cluster gap 1</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set xtics rotate</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set style fill solid border rgb "black"</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set auto x </span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">set yrange [0:*]</span></div>
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: x-small;">plot "TestDataWithTabs20Vuln.dat" using 3:xticlabels(1) title col lc rgb "purple", "TestDataWithTabs20Vuln.dat" using 4:xticlabels(1) title col lc rgb "red", "TestDataWithTabs20Vuln.dat" using 5:xticlabels(1) title col lc rgb "yellow", "TestDataWithTabs20Vuln.dat" using 6:xticlabels(1) title col lc rgb "green"</span></div>
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcoAAAEECAYAAACofnQYAAAX/GlDQ1BJQ0MgUHJvZmlsZQAAWIWVeQdUFM/Sb89sBJYl55yT5JxzBslZSUvOLDmogIAEBQFFBBQFFREVRImSREER/ggoqIhKEAmiYkBQQN6A4d53v++ed16f0z2/ramurq7qULUDAPstr4iIEJgWgNCwaLKtsR6vs4srL24SYAABMAIRIOZFiorQtba2AP+1fBsH0M7zseSOrP/O978WOh/fKBIAkDWCvX2iSKEIvgUAqoUUQY4GALMjTzAuOmIHH0cwIxlREMEXdrD/L9yyg71/4cFdHntbfQRPAYAneHmR/QGgXkbovLEkf0QOkQAAlj7MJzAMYeVFsBYpwMsHAHZPhGdPaGj4Dj6KYFHvf5Pj/3/J9P4r08vL/y/+NZfdgjcIjIoI8Ur4/zTH/7uEhsT8GYMbqYSoYDtz5MmM2C2e5GVoh2BWBOcF+Jpa/KZfiojWs/1Nbw+MNrXfsRGCnwTEmDj8xgsxwQ66COZE8GZwuPkOP2InmDXMe68VgukRLEiK0nf9JRNWSgywd/rNY+Hja2CIYGQVwc7kcNs//AFRsXZ/6ImJAfp7//AHeZnt+JuI4Bwv8u5cEB3gEt8Q451x+RF8NSLa2v73WENhIXt/zwV+40c2sv2Nf/hG7c53d6zoAHuTX/JRtNHIAvglE8XpF2hk+ksHlEwA2eQPXSciZHdNI31R9uQY2x07CCLYzzfM4bdMVI6Pl4H5L5ugyoER8AJk4Au8QRjYArzAAugDg98tL0IPQ1oSCAchSCXz0vx5g3mLGcHMYMYwU5jnf7n1//CBQOCDPP/QSf9GtwOJ4D0i1RdE/RkNzY7WQqujLZBWB6lyaBW06p93Q8vNy3+1+qWrP9JX8jdF77f2sf+uvUdgGvk/+nj/7fE/dTICb3al/uaQqZVZlNn80/9fM8YaYg2wJlgjrBgqC3UTdR91B9WPakc1A15UF6oFNYjq2MH/MYrXb6uQd+drjozoC2J2f4X9rxrF/OX4TSWKExWB7S5/MPIu8O8IjrtaB/4PKTFI9UYkBSHvzP/O8Y+lhRHrKqL10JqInREbo5nR7EASrYBYXBetjfhAEaHq/2ev360k8Nu1ZezuXILBWwSHRvvGR+8sdP3wiARyoH9ANK8uclr67uE1DSNJ7eGVk5GVAztn76+t/cV290yFmB/9ixYuC4Dqzll5+F80zw8ANAchxw39v2jCzQDQyAHQf4oUQ479RUPvNBhACWiQ1c+GnBwCQBTRUw4oAXWgAwyBGbAC9sAFuCPWDQChiMZxIBmkgkyQC46Dk6AUVIAqcBlcAw2gGbSDO6APDIBhMAZegCkwB96BFfANbEAQhIOoIQaIDeKBhCAJSA5SgbQgQ8gCsoVcIE/IHwqDYqBk6DCUCxVCpdB5qAa6AbVCd6B+aAR6Dk1Di9Bn6AeMggkwI8wFC8PSsAqsC5vD9vB+2B+OhBPhdDgPLoEr4atwE3wHHoDH4Cn4HbyKAigqFDOKDyWJUkHpo6xQrig/FBl1EJWDKkZVoq6j2pC1+Bg1hVpGfUdj0QxoXrQk4kkTtAOahI5EH0QfRZeiL6Ob0PfQj9HT6BX0Tww1hhMjgVHDmGKcMf6YOEwmphhzCdOI6UX28xzmGxaLZcaKYJWR1e6CDcImYY9iz2DrsN3YEewsdhWHw7HhJHCaOCucFy4al4k7jbuK68KN4uZw63gqPA9eDm+Ed8WH4dPwxfgr+E78KH4ev0FBSyFEoUZhReFDkUCRT3GBoo3iEcUcxQYlHaUIpSalPWUQZSplCeV1yl7KScovVFRU/FSqVDZUgVQpVCVU9VQPqKapvhPoCeIEfcI+Qgwhj1BN6CY8J3yhpqYWptahdqWOps6jrqG+S/2Kep3IQJQimhJ9iIeIZcQm4ijxAw0FjRCNLo07TSJNMc1Nmkc0y7QUtMK0+rRetAdpy2hbaZ/SrtIx0MnSWdGF0h2lu0LXT7dAj6MXpjek96FPp6+iv0s/y4BiEGDQZyAxHGa4wNDLMMeIZRRhNGUMYsxlvMY4xLjCRM+kwOTIFM9UxtTBNMWMYhZmNmUOYc5nbmAeZ/7BwsWiy+LLks1ynWWUZY2Vg1WH1Zc1h7WOdYz1BxsvmyFbMFsBWzPbS3Y0uzi7DXsc+1n2XvZlDkYOdQ4SRw5HA8cEJ8wpzmnLmcRZxTnIucrFzWXMFcF1musu1zI3M7cOdxD3Ce5O7kUeBh4tnkCeEzxdPEu8TLy6vCG8Jbz3eFf4OPlM+GL4zvMN8W3wi/A78Kfx1/G/FKAUUBHwEzgh0COwIsgjaCmYLFgrOCFEIaQiFCB0Sui+0JqwiLCT8BHhZuEFEVYRU5FEkVqRSVFqUW3RSNFK0SdiWDEVsWCxM2LD4rC4oniAeJn4IwlYQkkiUOKMxMgezB7VPWF7Kvc8lSRI6krGStZKTksxS1lIpUk1S32QFpR2lS6Qvi/9U0ZRJkTmgswLWXpZM9k02TbZz3LiciS5Mrkn8tTyRvKH5FvkPylIKPgqnFV4psigaKl4RLFHcUtJWYmsdF1pUVlQ2VO5XPmpCqOKtcpRlQeqGFU91UOq7arf1ZTUotUa1D6qS6oHq19RX9AQ0fDVuKAxq8mv6aV5XnNKi1fLU+uc1pQ2n7aXdqX2jI6Ajo/OJZ15XTHdIN2ruh/0ZPTIeo16a/pq+gf0uw1QBsYGOQZDhvSGDoalhq+M+I38jWqNVowVjZOMu00wJuYmBSZPTblMSaY1pitmymYHzO6ZE8ztzEvNZyzELcgWbZawpZllkeXkXqG9YXubrYCVqVWR1UtrEetI69s2WBtrmzKbt7aytsm29+0Y7Dzsrth9s9ezz7d/4SDqEOPQ40jjuM+xxnHNycCp0GnKWdr5gPOAC7tLoEuLK87V0fWS66qbodtJt7l9ivsy943vF9kfv7/fnd09xL3Dg8bDy+OmJ8bTyfOK56aXlVel16q3qXe59wpJn3SK9M5Hx+eEz6Kvpm+h77yfpl+h34K/pn+R/2KAdkBxwHKgfmBp4Kcgk6CKoLVgq+Dq4O0Qp5C6UHyoZ2hrGH1YcNi9cO7w+PCRCImIzIipSLXIk5ErZHPypSgoan9USzQjEuQOxojGZMRMx2rFlsWuxznG3Yyniw+LH0wQT8hOmE80SryYhE4iJfUk8yWnJk8f0D1w/iB00PtgzyGBQ+mH5lKMUy6nUqYGp/6TJpNWmPb1sNPhtnSu9JT02QzjjNpMYiY58+kR9SMVWeiswKyhbPns09k/c3xyHubK5Bbnbh4lHX14TPZYybHtPL+8oXyl/LPHscfDjo8XaBdcLqQrTCycLbIsajrBeyLnxNeTHif7ixWKK05Rnoo5NVViUdJyWvD08dObpQGlY2V6ZXXlnOXZ5WtnfM6MntU5e72CqyK34se5wHPPzhufb6oUriyuwlbFVr294Hjh/kWVizWX2C/lXtqqDqueumx7+V6Nck3NFc4r+bVwbUzt4tV9V4evGVxruS55/Xwdc11uPaiPqV+64XljvMG8oeemys3rt4RulTcyNOY0QU0JTSvNAc1TLS4tI61mrT1t6m2Nt6VuV7fztZd1MHXkd1J2pndudyV2rXZHdC/f8b8z2+PR8+Ku890n92zuDfWa9z7oM+q7e1/3ftcDzQft/Wr9rQ9VHjYPKA00DSoONv6j+E/jkNJQ0yPlRy3DqsNtIxojnaPao3ceGzzue2L6ZGBs79jIuMP4s6f7nk4983m28Dzk+aeJ2ImNFymTmMmcl7Qvi19xvqp8Lfa6bkppqmPaYHpwxm7mxSxp9t2bqDebc+lvqd8Wz/PM1yzILbQvGi0OL7ktzb2LeLexnPme7n35B9EPtz7qfBxccV6Z+0T+tP356Be2L9VfFb72rFqvvvoW+m1jLWedbf3yd5Xv9384/ZjfiNvEbZZsiW21/TT/Obkdur0d4UX22g0FUEiF/fwA+FyN5C0uADAMA0BJ/JUb/S4oJPiAkScOiRTMkAhgFhJH7u1umA2OhidQpqi7aGP0E0wolg7bg0vGa1HgKF5StlKVE/Kpq4mTtLR05vTZDP1MdMz7WK6yodm9ODq4eLmP8qzz+fBPCO4V6heRFs0TeydhuqdC8pu0vswx2WF5agU9xSilcuVulSnVLXUWDQlNVS1DbVsdkm6UXrr+KYNawy6jx8aLJttmTOZ7LPQt3fYGWsVaZ9gU2lbY1do3I7t+wGnU+bnLa9dZt4V97/cvuE96DHl2edV5nyUd80n09fOz8VcPEAwkBn4Leh3cF1ITeiwsItwuQjmSPXKT/CqqO7oqJiPWL840XiKBMmEpcTCpPrnkQPrBuEORKeTUxLScw+fTOzJeH6HI0siOyKnKHT9GmaeRH3r8bMFQ4daJPSfdinNONZVMlVKVKZZ7nMk+21Dx4jy6UrLK8cKhi5cvjVSv1/BesahNvtpw7VOdWn3+jY833W49arJqftKq0RZ9u6Z9spOqS77b8U5kT8bdgnvFvcV9BfezHhzuP/Lw2MCxwYx/ooecHkk92hjuHkkaVRr99vjpk9ax0vEDTz2e6T0XmqCYeP9iZLLxZemrA689pwymxWZoZ77Pvn0zPtf/9s787YXWxdali+/ylmPfu38w/CixQruy+mnic+eX818zVgO+ma9JrzOsr32f/NG9UbmZvuX702Cbf3sb8T8WsCPRYTzoRSI6C+g49BqWR2KvLygP1DgSNb3ERGCJ2GacL54dP0FRTulPpUfQpLYnBtCk0J6ju0O/yMjEZMCcwFLH+pFdioPM2c5NxePIe4VvW0BXMFWoS3hTVFksSPyMxMCez1JM0vIyJrJucv7ykQoJigeUEpWDVNxULdQ01WU0+DWZtPBaP7Tf60zrjuk91O80uGlYbVRinGUSZxpg5mJuYqFiKbKXyQpt9dV6xmbEttuu3v6sQ5ZjlJO7s6mLvCuXG9btA3LSd7hXeeR4hnvZeyuQCKQZn1bffD8/f40AuoC3gbeDCoJ9Q9RCaUJnw5rDsyJcIiWQdTEUdS6aHKMfyxQ7H9cafzTBPVEmCU56mlx3IPdg6CGHFINUtTTVw5rpJhnOmWFHjmRdzL6bM5378xhnnmq+4/GoguOFV4v6T7wthk9xliidtikNLcstv3pm+Oy3c/znrSsPV7Ve+HRJqjry8q2atVrVq8nXOutAve6Nww29tzCNxk1ZzfdbcW2Gt9PaOzq+dgl3291J6jl79/a9sd7FvrUH6H6Gh3wD0oOa/1gMuT4KGI4byRw9+bjySd1Y+3j/0/Fnc8+/vkBNMr4UeqXy2mLKf7pqZvGNyJzr28z5Kwv3F6eX1peJ74U+aH90W0n5NPxF/mvR6pc12/VbP1g3MjbXf8bt+h8N6IA42AtSQDcS16tB0VAzDMOW8Dl4A+WOeojWQDdhVDA9WGvsLC4Jz4G/T3GMkkSlQeAg/KSeIQ7QNNJepCuhz2PIYsxgymTOZSlirWCrZW/h6ODs4Ork7uLp5L3N18hfK3BGMFcoRnifiI4ovxgQeyHeLJG7x1GSV3JJqlE6RcZclll2Wq5WPkZBW5FC8bHSGeUAFQWVddVOtQx1cw16jQnNSq0gbTntTZ0+3QK9/fri+msGdw3zjdyMRYw/m3Sa5pg5mvOZv7NoskzZa2HFbDVtXWsTZatuB9s9tC90cHXkdZx3uu4c46LuCrv2u+Xvs9vPvP+5e5nHfk8uz5deZ7z3kzhJEz4lvo5+DH6P/HMDDAMBsl5ig2WDl0OqQ73DOMOehhdF7I3ER94hJ0bJRy1HX4xxj2WJfRR3JF47fj2hPjEwiTfpefKJA/YH2Q7OHWpJOZGakOZ3eF+6S4Zbpu+RmKyM7OKcS7lNR/uOjeXN5X8tQBUyFPGfkDmpVqx/yqzE5rRLqXdZePmhM0Vnr1YMnPtYKVSVcGH4kkj1wcvjVyRr06++uC5bl1X/qkHpZu6t103yzUdaJtvkb+e0z3RqdJV0f+uxv9vYK9J34YFkf+9A8D+CQ8vD90dvPKkZr392Z+LlS/BaZrr6TeZ8zlLzB5pPWaus642bTjv+//Uf2U7BKgFwcRYAx/MA2LgBUC0BgFAZAERGAKypAbBXBbBePoCenwaQ8fW/9wc1EAFGSDZ8BMkc+8E7iAjJQg5QInQGaodeQJtIfqcNe8OZ8BX4EfwVxYHSRQWgjqNaUTNoKiTD9kQyshb0Gww9RhsThjmPGcNSYnWx8dgG7DJOFOePq8Yt4qXwMfguCioKV4qrlBClM2UDFZEqjGqUoEI4R42nJlO/IpoRW2lEaUppqWlTadfowpF8hUT/msGbYZ4xlPEbUyozkfkMizTLXVY31lW2AnZZ9scccZxcnMNcR7j1eADPHd4MPkt+Nv4FgduCBUJBwkYiQqIE0VWxGfFRiXt72iRvStVL18k0yLbIdcsPKLxS/KSMVmFSFVCTVJfVkNEU1+LVpteBdT7qvtDr0q80yDIMN3I21jORNuU2ozFHma9brFgu7Z2zmrGetnlj+87ui/2WI4UTi7OIi6qrpRtpX9L+k+71yD323ptIkvdx8T3kV+XfGzAbuBVMH8IXKh4mFS4ZIRbJT2aOooj6Eb0Yyx5nGZ+e0JX4M9nwQNHBdymWqbcPK6S3Zpoemc0+kst39HqeTv5UQUGR80nNU6an48p6z3KcI1bCVd8vfq7+ULNcu3ztY93qja1b+CaOFuk2g3aXzsDu2J6D91L6DjyIfRgy6DmUO9wyujTG93T/84oXb1/JTqXOjM1JzGctzi8bf7jyifZL0ur7db8f81sRu+cHDZACNiAGlIIu8AaiguQgNygdyfgHoI9Idq8Ge8JZcD38HIVCcnYXVAbqBuo1mho5VYLRZeh/kPxbFuODKUf8ToO1wGZjH+AocZa4QtwEXghPxvdQMFOEUPRRClCmUc5RmVG1ESQIFdRM1EeJWGIaDaBJpUXRZtER6U7R89PXMegwjDGGMmGZKpl1mWdYMlklWcfZUtll2Kc4ijhNuNBcPdyHeYx4CbzjfJX8UQJGgtyC60Ljws0i50RPiRWI50nk7SmULJW6JN0o80D2ldyaApOimhJJOU+lQ/WjupCGh2aZ1gsdbl0fvTr9DUNDo1zjAVOMmbK5t0Wm5aW9d6wmrFds0XbM9uIOOo4uTlHO+S7XXYfcPu1ndtf08PMs8Or0/uAj4Ovsl+/fF7AVpBAcGHI2dCQcjpCL9CTnRd2OXoiliVOO90zITWxJmj/ActD00IGUhtSlwwLp+zNKM59lsWS75JzNfXNMMi8+v6+AtTC8aPCkTHFZCfF0dhmh/ORZkYr75wOrCBcaLrleRtfU13pco71+tz6+QfrmQmN1c2CrZNvn9rbOtG6LHpa7s73195P7zQbYBoeHHB7NjiQ+5n4yNJ77zG5CeBJ6OfO6b7p2Nn+OPG+3yLFUsSzy/sZHrZWhzx5fPq6mrNGsn/7BvVGxxf4zf9f/LEAXRIAK8AhsI773g05DvdAXmB+2hdPhZngZxYdyRvZ7PxqF1kInopvRqxhFTCymA4vBWmHLsEs4ddxx3ALeAH+BAk8RQTFJaUHZTaWMeFqPMEjtQr1EPEjDRFNPa0X7ia6YXot+keEMox0TNdND5mwWC1Z61gm2i+xkDl1OBs53XH3cF3gyeYP57Pl1BeQERYR4hDlE2EV5xSTEVSXM93hJJkuVSnfIvJEjymsokBWvK31UUVRNVRvVENVM13qrY6HbrC9hcMGIz7jKVMys0cLA8plVhA3Btt7eDdmvHS6xbgr71t27PY95u/so+RH8nweWBpuGLIYlhG9GRpPnoq1jbsbRxZMTniSpJZ8/SHUoPmU+zfnwYIZeZluWQnZTrubR/jyX/HcFB4voTlQWS59qPa1V2lWucaapAnPO4vzJytcXxC/GXeq9zFTjd6XtKvGaz/X2eqYbEQ0Dt0SRzOd9i01r823u9syOD11O3Xd6JO6evLfdF3T/Sb/Ow9pB5n+ihh4Oc4wEjF59vDQmMO70NO3Z5ecPJ+ZebL6kfcXzWmJKcVptRmtW543OnNZbtXnlBdlF8SX+d8R3i8ut7+M+KH5Y/nhxxeUT5af2z35faL+0fN23ClYrv+l9m1k7tM653vrd4fvKj6MbIhs9m+6b61tFP6V/9m/77Pg/yk9ebvf6gAh6AGBebW9/EUaSikIAtgq2tzcqt7e3qpBkYxKA7pBf31127xpaAMqr/tv3j/8DmKPCLvOZAzAAAAAJcEhZcwAACxMAAAsdAZ4ZsZYAACAASURBVHic7N15fFzlffj7z3POmU2j0W6tlmR5X+QFG2PHxGwxAYMJJoEEslOaNrnJq23u7e1yu/y6JL1tfr+0SfOjaW+WFvLrDQklkAC5IUBMYjA2XjHed1vWvkszI83MOee5f4w0lryMbenYku3v+/USeEZH3/me7fnO2Z5Haa17EEIIIcR5Ka21vtAvtdYcP36cF154gfLycj72sY8Ri8X44Q9/iGVZPPLII+Tl5V3NfIUQQoirysj2S9u2icVifOITn2DPnj2cOnWKDRs24Pf7Wbt2LZFI5GrlKYQQQkyIrIXS5/OxYMECSktLqa2tJRKJUFRUxJ49e3jmmWdIpVJXK08hhBBiQmQ99Trs2LFjDA4OMm/ePFzXJZlM8s1vfpNHH32UadOmZabr6Ojg2Wefpa+vD6UUhmEQDocxjKz1OCvTNHEcZ8x/fzalFEopXNf1LKZpmriuyyUsyktyo+ZoGAZa6xsqR/B+G79WcgQ838avhbZCchw/L9qzgYEBkskkkN4e77jjDm6++ebzTmtdLNjBgwc5ePAgM2fOpKGhAcMwKCgoYN68eeecet27dy8HDx7kkUceybynlBrzjAA888wzfOhDHyInJ2dccYadOHGCI0eOsGbNGk/iATz77LOsWbOGwsJCT+K1traydetW1q1b50k8gFdeeYWFCxdSWVnpSbzW1lZ27NjB2rVrPYkH8NprrzF79mxqamo8idfV1cWmTZs8XY6//vWvqa6uZvr06Z7ESyQSPPvss3zyk5/0JB7Apk2byMvLY+HChZ7ESyQS/PSnP+UjH/kIpml6EnPXrl24rsvSpUs9iZdIJHj55Ze57777CAaDnsTct28f/f39rFixwpN4ruvy05/+lLvvvpvc3FxPYh44cIDOzk5uvfVWT+JBus194IEHCIfDnsQ7ffo0e/fu5Z577vEkHsDLL7/MypUrKS4uHnOMkUX20KFDPPfcc2MrlK7rcvr0aTo7O+nt7WXVqlUcOHCAsrIyVq5cSVFR0TnTz5o1i5UrV445+bO98847rFy5klAo5Em84uJi/H6/Zxs/wI4dO7jlllvOWR5j1dTURG9vr6c5njhxgptvvpnq6mpP4jU2NhKLxTzNsaGhgWXLllFXV+dJvK6uLjo7Oz3Nsb29ndmzZzN79mxP4jmOw/bt2z3Nsaenh+Li4gvu9JfLcRz27NnDqlWrPIkH6bbCdV3P5ttxHI4cOcLKlSsJBAKexPT5fPT09Hi6bvbv38/KlSs9K0KBQIDW1lZPcxxuc706OCkrK8O2bU9zPHz4MCtWrBhXoRwpNzeXY8eOXfD3WQulYRjcfvvtmUNmy7Kora0F0oe+5zta1Fp79q0T0juA67qexXQcB9u2J3WOw42Ilznatu3putFa4ziO58vRy5her5fhmF5uP8lkklQq5fm69nI5JpPJzKk4L9eNl9tjMpkkmUx6GtPrdT182epGa8+GY3oZz3Vdz2Nmc9FTr5Y1epLxXG8ci7q6unNyGI/c3FwqKio8iwdQU1OD3+/3LF4oFKKqqsqzeABTp0717JQUXJkcKyoqPPumDelv217nWFpa6und3qZpMnPmTM/iAZSXl3t2ag/SOdbW1o77MspIRUVFnl4HM02TadOmedpwFhQUeNr2AJ7nmJ+f7+m1aEi3uT6fz7N4wWCQqVOnehYPoKqqyrMzB8BFl+El3cxzqTZs2MDevXv50pe+5FVIksmkp0Vo+GjNyx0gmUzi8/k8a0hc18W2bU/ne/ioxasvOlciR9u2MQzDsxy11qRSqUmdI6Svr3m509u2jVLK0wbZ6/3Q6yNUuDI5aq09bytutByvRFvhdZu7a9cunnvuOf72b//2vL+/uoeHY+DlwoX0EbHX3xL9fr+n37YNw/B8vn0+n6eN+5XI0bIsT3NUSk36HAFPiySkc/T6lJTXy9E0zWsixyvRVnhpOMdYLEZTUxN9fX2j7i61bZuentGdr/X29mY9mrcsi+7u7gs+/mfbNk1NTVmnGelKtBVet7kX4+1WIIQQ4qp6++23aWxsZP78+fz0pz9l1apVLF68GIDBwUHee+89Vq9ezeDgIMFgkAMHDrBgwYKsp+e///3v89BDD51zd/dwpzM33XQThw4dwufz8eCDD15WvsN5jBSPxnn63/+TWHQA0/DuC5RCkbATfPaJT1BaXjrmOFIohRDiGtXQ0MDTTz/NV77yFQoLCwkGgziOw4kTJ4hGoxQUFFBTU8OxY8d4+umn+dKXvkRpaSl+v594PM6xY8coKCigtLSUI0eOEAwGmT59Oo7jkEgkRn1WMpnkW9/6Fo8++ij19fVUV1dz4sQJkskkhw4dIhAIMH36dPbs2UNdXR0nT56ktraWjo4OUqkUrutSUVHB17/+dR5//PFRRbijq4PWPXHuXvEA2sMDRb/p55W3XqSprVEKpRBC3IiOHj2K3+/PPCZRV1dHNBrlT//0T1m7di39/f288cYbPPLIIxiGQTAY5Nvf/jaf+cxn2LNnD4sWLWLXrl1MmzaNWCzG22+/TV5e3nlv5olGo+zfv5/Zs2djGAaFhYVEIhFeeOEFlixZwjvvvENLSwsbN27ks5/9LL/+9a+5++67eeqpp7jzzjvZunUrH//4x4nFYuc81qFdTTAYYkphOV7emuTzWeTn5cM4+zqY9NcohRBCnF84HKavry/zWilFJBKhuLiY97///dTX15NMJrEsi7y8PHJzc4lEIjQ3N3P06FGqqqq49957KSwsxLZturu7icfjmd50RvL5fJimyeDgYOY927bZvn07lZWV1NfXs2PHjsyjJUopAoEA+fn5zJs3j7y8PBKJBJFI5Lx3jitUuiIZ2rMfQylAwTiPUuWIUgghrlH19fVMnz6dl19+mXnz5mHbNvn5+fT29hKLxbAsi97eXkzTpLOzk/b2dnp7ewmFQjQ3N/P888+zYMECDh06REdHB67r0tHRQV9fH7FYbNRnRSIRHn30UX784x9z7733Zm6Wq6urY/fu3QwODrJkyRJ27drFzp076ejoIBqNZmL19PTgui6JRIKTJ0+et2MRpYcKm0c04MU9P+Zf/dVf/dX4w6SdOHGC9vZ2brnlFq9CCiGEuACfz8fNN99MLBYjlUqRl5dHYWEhU6ZMoaysDMuyqKyspLa2lqKiosxz5DU1NSxbtoxoNMrMmTOprq7GNE2WLFlCOBxm6tSpFBcX09/fT09PDz09PaRSKZYuXUpOTg7RaBS/3091dTVz585lYGCAkpISFi1aRF1dHYlEgqVLl1JcXMzUqVMpLS2lvLyc6upq6urqCAQCFBQUZOajp6uXnRsPMKNmLiknhe3Rj9Yuew+/R93SUirKL9x9Z0tLC/v37+euu+467+/liFIIIa5h4XCYZcuWAelHMZRSLF++PPPvZcuWYRgGy5YtQylFWVlZ5rRqaWlp5hGYm2++OfP+tGnTSCaTHDx4MNOrl+M4TJkyhfr6erTWmYEvIpEI8+fPz5yuLSsrY8qUKZnXpaWlKKUy7+Xn559zWregMJ9AscPPtzyDYXh4N48y6HHbmVI0vr69pVAKIcQ17uxnUke+Hn7ud/j/I4vUyOdEz44RDAapr6/PvB7+u/M9RzzyvbM7uxj+u7P/P1JBYQGf/6PHSSWTKA+fU9ZaY5kWkfzx9VQlhVIIIcR5Xa2+VAEied51u+g1uetVCCGEyEIKpRBCCJGFnHoVQojrVFNTE6dPn2bWrFlorTl8+DDTpk1jYGCA/Pz8UYPNu67LoUOHqKysJC8v74IxT506RUtLC4FAgMrKSqZMmTL+RLUmnkiQdFxPHufIhAVMIDcYHNe1z0lfKF3XZmAg/YCrRuP3+fD7vRsuSgghrleO4/Cd73yHb3zjG9i2zZNPPsk//uM/orUe1Xk6pG/IefXVV7nnnnsuWCh/+ctf0tTUxLp163jrrbc4fvw469evx3XdSx4s4OjRo9TV1Y2avqe1hSc/8xnye7sxPLwuagAnY3E+99zzTJ8xY8xxJn2h/Ld/+zq93bsIhfy4jkN8IMSXfu+r5OePvd8+IYS4EYRCIVzXJZVKYds2rusSCoU4evQolmVhWRb79++nubmZZcuWEQqF2LVrF3v27OHee+8lJycnE6u3t5ennnqKf/qnf6K4uJh77rmHnp4empqaaGhoyHQ4sGHDBm677TY2bdrE8uXL2bp1K/n5+cRiMRYsWMDf/d3f8dd//dejxqjsjcWpObyPjxYVgOPdIaVSipc6W+gZ0ZvQWEz6a5QD0RZ+57fK+d3fqeELX5hGZXk7vT1dE52WEEJMekop+vv72b17N7t37yYajeLz+XjvvfdobGxk48aNaK0zw2a5rkt1dTUNDQ0cPHhwVKze3l4GBwczz0EGg0EKCwv50Y9+xJw5c2htbeX1119n9+7daK05ePAg0WiUDRs2UFRUxI4dOxgcHKSqquqcAdUVoAyDgOntj980MM/THd/lmvSFEgNM0yBgGQR8JoahcL3sXl4IIa5jhYWFrFixgltuuYW8vDxM0yQSieC6LjNnzqSxsZFbb72VuXPnorWmvLycoqIiBgYGRsUpKirC5/PR3NyceS8ej3P69GlycnKora2lra0tcxrWcRx8Ph+RSITy8nJycnKwbTvTD+y1ZNKfej233z/l6cVeIYS4XrW2tmLbNn19fZmhrk6ePEk8Hqevr49wOMyWLVtoa2sjEokwMDBAV1cXsViMaDQ6KlZubi5f/vKXef7555k/fz6RSISZM2fygQ98gNdffx2A++67jzfeeIOXX34ZpRQ9PT3Ytk1nZyfRaDRTJPfv38+8efNGxVfD//GyfVdgehDwGiiUQgghxqK2tpb/9t/+G/n5+biuy1e/+lVKSkp44IEHsCyLV199lY997GM4jkNHRwePPfYY4XCY6upqkskk27Ztw3EctNaUlpaydOlSpk2bhuu6BINB8vPzueuuu+jv788cPa5fvz7TF2wwGOSLX/wi+fn5PPHEExQVFfG7v/u7o659DuuND3CyxwAPu7AzlOJ0NEqVHt/gXVIohRDiOhUOh8nJycmc6qypqUEplSlUFRUVHDt2jKlTp1JfX08kEkEpRTgcJplMZuJorcnNzcXn81FaWprp63X4WmUgEMh8xvBwXsN3tYbDYZRShEKhTN+vZystL6fmi7/P9tZWlOnhFUGtKfT7qT3PZ14OKZRCCHEdG3k98Oz+VpcvX45t21iWRSAQGDXd8HOSkC6UI/uKPfsa49mvz+779Xz/HymYk8Oa3/t9HMdOj0vpJaUInWf8y8shhVIIIW5QgUBgVIE826U+GzluShEcZzG7kib/Xa9CCCHEBJJCKYQQ1xA9zhtTvOA4zkSncFXJqVchhLiGtLW18eqrr7Ju3ToKCgoAeP311zEMg9tuu+2cobEcx+FXv/oVy5cv58CBAyxevJhQKDSmz47H42zfvh2fz0dPTw91dXXMmTNn3PPkuin27N1HLBr3/BlLy1IsrF9EIDi2eQYplEIIcU0Jh8P8/Oc/x3VdPv3pT9PX18f3v/99HnroIUzTpL+/H8MwCIfDAPT09LBjxw7mzp3L1KlTUUplHt9IJBLk5ubiui7JZBLDMFBKkUqlMn8/zHVdvve97zF//nxuueUWdu7cSWNjI3PmzKGrq4twOEwgEKC/v59AIEAikSAcDmPbNslkEp/Ph+u6vP7669x5552j4nd0tPOLl/6SJYuLUMq7E52WZbBl8wlyQt9i/oK5Y4/jWUZCCCGuOMdxuP/++3njjTd46KGHOHHiBNXV1QSDQdrb2zly5Ai7du3igx/8IJ2dnUQiEXp7e3Fdlw0bNrBmzRp+9atfce+99/LSSy9x99138+qrrzJ9+nQOHTrEokWLeO+993jooYcoKSnJfG5TUxObN2/mM5/5DIFAgKVLlzI4OMg777xDIBDg8OHDLF++nNdee40HH3yQF198kbvuuovnn3+e+vp6GhoauO2223jllVe49dZbRxXKgYEEpVM0q1dXeruwlEl7exuDydS4wsg1SiGEuIZorZkzZw4LFy7kxz/+MclkkhkzZuC6Llu2bCGRSDBjxgw6OjrYuHEjM2fOpKSkhEAgQFNTU6anHK013d3dOI5Dd3c3dXV1OI5DYWEhhmFw+vTpUZ+bSCSwbTtz2tbv92NZFr/4xS+YN28efr+fjRs30tbWhmEYdHV1obWmpaWFBQsW0NHRQSqVoqysjPz8/FGxlQalTIJ+n7c/QQvLNBhvdz9SKIUQ4hriOA7xeJz777+fn/3sZ1RWVuK6Lo7jEIvF6O/v56abbiIUCnHq1CkSiQSJRCIzjeM42Lad6aZuuOcdv9+PUgrLsjAMg0QiMepzKyoqKC4uZteuXdi2TTwep7e3l3g8TjweJxQKEQwGSSaTxGIx+vr6gPQp20AgkPl827axbXv0TClIjx6pQXv4MxR1vOTUqxBCXEP6+/tpbW3lpptu4g/+4A8oKSkhHA5jGAarV6/m2WefxXVd7rzzTu655x5eeeUVysvLicfjVFZW4jgOK1eu5N1332XmzJnYtk1JSQkDAwPk5eVlRgjRWo/qnScQCPCHf/iHbN68me7uboqKipg7dy4PP/wwO3fuJCcnh+XLlxOJRNi2bRvz5s0jkUgwffp0+vv7KS4uJi8vj5qaGhoaGpgxYnxIjUahwVTeVLYMhaHUuO8UlkIphBDXkKlTpzJlyhRycnJ4//vfj8/n46GHHsIwDAKBAI8//jimaZKTk8Ndd92VeZQjEAhQUVFBIBBg2rRppFIplFL4/X6mTp1KIBCgvLwcn89HXV0d0WiUt956C601juNQU1PDrFmzKCsrQymFaZr4/X4WL16M4ziZ3nxuv/32zGufz0dVVRXBYJBHH32UUCjExz72Mfx+/6h5Cvj9tHcm+eUrBz3tmcewFPv2tzOn3jeuOFIohRDiGjI84DKAz5cuACNvjMnLy8v8OxgMnvO3w0YWq+H3R8YNBoOsWLFi1DQj76Yd5vP5Mnmc7zOHf5ebm3tOrsNKS8u5594/Iz7Yj+Hx4yH33m8yfXr1uGJIoRRCCHEOwzDOO8rHFfks02Lu/BW4rut57PSRrf/iE2YhhVIIIcSEs6zxnR69kuSuVyGEECILOaIUQojr2PDjIZZleXIqNZlM0t3dTTgcJhQKndNl3vVICqUQQlzHUqkU3/jGN3j44YeZP3/+uGIdO3aM7du3M2/ePDZs2EBVVRWrV6++rBiJROKcob36BqN897kf0BfvR3lceLXt8IWHHqdsypQxx5BCKYQQ17FwOExzc/M5HaE3NDTQ39/PnDlzaGhowDAMBgcHycnJIRwOE4/Hqaqqykw/MDDAk08+yRNPPMGsWbMyXeMlk0mOHj1KJBKhtLSUo0ePMnXqVE6fPs20adNobW3FcZzMEe13v/tdfvu3f5spIwpXR3snf9P5Iu7ddd7OvM+EVw7wseb7pFAKIYQ4v+HROEYOwrx161YSiQQ+n4/nn3+eyspKmpubKSgooL+/nwULFpwzaHNjYyMtLS3U1dXh8/morq6mtLSUl156iZtuuonXXnuNxYsX8/rrr/P444/z6quvct999/Hd736X+++/ny1btrB+/Xp6enrOeUREuy69IQNqw952OGBYUOiDcY4Kdkk38/T19Y26bTcajY7vU4UQQlw1I68juq7Lxo0bycvLY968eWzbto3p06dz/Phx4vE4O3bsoKWlhYqKilExQqEQAwMDmdeGYWDbNlu2bKGmpoaqqiq2bt1KKpXCNE2SySSBQADLspg/f37mvby8vPNfK1UKMEF5+GOqobjjk/WI0nVd9uzZw9tvv00ikeBzn/sc27ZtIxKJ0N3dzerVq0c9wCqEEGJySSQSdHd309raimmaHDp0iPLycg4ePEhOTk6m0/ThwlhTU4PjOOcUs/Lycm677TZ+9rOfsWrVKlzXxbIsSktLOXToEMlkkrlz5/LWW29x6NAhuru7icfjxGIxkskkvb29QPpAq6Ojg+Li4nPHnlTa4y7suPKF0nEccnNzeeyxx3jyySd555132LFjB5///Of5wQ9+QFlZ2bgvDgshhLhykskkn/70p/H5fLS1tRGJRFi+fDnHjh0DYP369ViWxZo1awgEAjiOk7leOTzKCKR71nniiSfYu3cvLS0tFBQUUFVVxWOPPUZnZyezZ8+mtraW0tJSenp6+MhHPkIkEmH9+vWYpsmaNWsoLy9n3bp1me7zhrnaBTsFSTvTmbknNDCYvLJ9vfp8Pmpra3Ech+rqavx+f2aYFZ/Px6lTp84plK7rjjpNe/Z5biGEEFdPbm4ud9xxx6jC5Pf7mT9/fqbPVoDS0tJRf9ff309bWxuu66K1prS0lJqaGpYuXQqk23bLsqioqGDKlCkYhoFpmsyaNQvbtjFNE8MwKCkpwbIsCgoK8Pl83HLLLefUhYL8AlYmK9nzbAMB5d1dr46hKW0KkXNn3jm/G1mnLtYj0EXPm5qmydGjR7nzzjszQ7UMO/uCrFKKrVu38pOf/ATbtgmHw6xZs+acu62EEEJcHcOdlZ9tZP+sw9ONFIlEWLBgAZAeA3P4MtvZHZoPd34+zDTNUddEh6cf/v/ZnwtQXFDIMx//CtHEIMrLYysNPtNiasm5A0Jv3bqVY8eO4fP5OHjwIKnUhQd3vmihfPPNNzl27BiVlZWUl5eTn5/PsWPHUEqNGiYF0gts5syZLF++HK01Pp/vnIUqhBBi8hseWeRqMJRBTUmF99cnh5xzLRSYMWNGZiSUnJwc3nzzzQv+/UULZW5uLuXl5Witqays5MEHHyQajXLHHXdQXl4+alrXdSkuLqa6+kxP7XLqVQghxMUoFB6OsHVRxcXFFBUVAdDZ2Zm1h6GLFsoFCxYwd+5cgMzh+/DF3gsVQSmOQgghJjOlVOZI82Ld8F20UJ491hggj4QIIYS4blzsrlg59BNCCCGykEIphBBCZCGFUgghhMhCCqUQQgiRhRRKIYQQIgsplEIIIUQWUiiFEEKILKRQCiGEEFlIoRRCCCGykEIphBBCZCGFUgghhMhCCqUQQgiRhRRKIYQQIgsplEIIIUQWMl6WB6LRHjo6mlGkh2sJBkOUldeilHwPEUKIa50USg+89NMf4brbyc/PBQX7D/TxyU/9OeXl0yY6NSGEEOMkhdIDLe0nufcDUFTiAxSnTrTS19dDeflEZyaEEGK8pFB6QCkoKshhSnEOGJCT4wPXnei0hBBCeEAuonnE1RrQAGgNqAlNRwghhEekUAohhBBZSKEUQgghspBCKYQQQmQhhVIIIYTIQgqlEEIIkYUUSiGEECILKZRCCCFEFlIohRBCiCykUAohhBBZSKEUQgghspBCKYQQQmQhhVIIIYTIQgqlEEIIkYUUSiGEECILKZRCCCFEFlIohRBCiCykUAohhBBZSKEUQgghspBCKYQQQmQhhVIIIYTIQgqlEEIIkcUlFUqtNX19fWitARgYGOD48eO0tLRc0eSEEEKIiXZJhbK1tZUf/OAHALiuy7vvvsu2bdtobW29oskJIYQQE+2SCqVpmpw6dQqAZDLJli1b6OjoID8//4omJ4QQQky0SyqU4XA482+lFJWVlbiuS0NDw6jplFLYts3g4CADAwMkEonM6VohhBBiskilUgwMDDA4OEgymcw6rXWpQZVSaK0JBAI88MAD7Nixg23btrF69epR0x05coStW7fiui7BYJCbbroJv98/tjkRQgghroBjx47R3NyMaZrs378f27YvOO0lFcpEIkEqlSKVShGLxejs7GTq1Kn09fWdM63P5yMYDOK6LoFAAKXU2OdECCGEuAIsyyIYDGKa5kVr1SUfUa5YsQLHcUilUnR2dlJWVsYtt9wyahqtNTNmzGD58uWZU65SKIUQQkw2M2bMYPr06SilsCyLI0eOXHDaSyqUubm5rF27Fr/fT1FREZZlEQ6HCQaD50w7XBilQAohhJjMhuuUYWS/XeeSCqXP58Pn82VeFxcXX3BauXlHCCHEteRidUt65hFCCCGykEIphBBCZCGFUgghhMhCCqUQQgiRxSU/HiKEuDL6+roZHIyjAI0mJydCbq50DynEZCGFUogJ5DguP3/pPykuHkQpg2Qyhdal3HvfpzBN2T2FmAzk1KsQEyhla3bvfp2SksOUFB+hpPAg+/f9ilQqMdGpCSGGyFdWISaQdjWF+T6WLKoAFIlEgh07T+O6zkSnJoQYIkeUQkyw9LPOLmiNY+uh19KzlRCThRRKIYQQIgsplEIIIUQWUiiFEEKILKRQCiGEEFlIoRRCCCGykEIphBBCZCGFUgghhMhCCqUQQgiRhRRKIYQQIgsplEIIIUQWUiiFEEKILKRQCiGEEFlIoRRCCCGykEIphBBCZCGFUgghhMjihhu4eWAgzvZtmzAtjVKKVNJmWt1sqqunT3RqwmO2nWLXzrdJpgYxDAM75VBSMoW585ZOdGpCiGvIDVco29s72Lb1aRYtKgM0bS19dHcvl0J5HYpGo2x5+2nmzMnDMAyi0UEOHchj1pzFmIY50ekJIa4RN1yhjMUGKMzvYuWKGtAux485bNt5eqLTEldAIpHENJpZtbIElEF/b4pn/uskjqMx5aKDEOIS3XCFEiAUChAK+QGXnFAAw5BW83rl9wcIhQJgKOykjc+6ITd5IcQ43JAVQuvhf4z4t7h+aQ2ynoUQY3RDFkohhBDiUkmhFEIIIbKQQimEEEJkIYVSCCGEyEIKpRBCCJGFFEohhBAiCymUQgghRBZSKIUQQogspFAKIYQQWUihFEIIIbKQQimEEEJkcUmFUmvNwMBA5nUikSAej+O67hVLTAghhJgMLqlQxmIxNm/eDEA8HufgwYOcPHmSpqamK5qcEEIIMdEuqVD29fXxwgsvALBz5072799PTk4OL7/8Mo7jjJpWKeV9Q5gJhAAAIABJREFUlkIIIcQVcrG6dUmD8xUUFBAKhQDYvn079fX11NbWcujQIaLRKPn5+ZlpU6lU5jStYRgEAoGx5i6EGAOtXRKJFHpoDDmlFIGAf1xfYlOpFLZ95kuxZZn4fL5x5yrERElv0zaQvpyos4y5eNmj2BqGgdYarTU+n2/UzmcYBs3NzRw4cAAAn8/HnDlzZIcS4ipqa23l+PFdBALp/S6RSDFz1hJKSirGFE9rzZ73tqJ1DJQCNNoNsnTZKpQyPcxciKunsbGR7u5uAI4ePZr1nptLKpTDVddxHBYuXEhfXx+dnZ1MmzaN3NzczHRaa+LxOJ2dnQAEg0G54UeIq2zHzm0cPfBN5syvAmDf3maSyf+N225fP6Z4qdQgP33h26xa6Q4VRpffvJVg/oIlhEIRDzMX4uqJRqOZWtXf3z/+I8pUKsXs2bOJx+PcfPPN7Ny5k6amJtasWYNhnLnMqbVmwYIFrFmzZpyzIIQYK9tOsXLlVJYtnwlAbo4iOhAfRzyHwiIfa+6uQmEBmoMHD5NKJRm6IiPENae+vp76+noA9u7dy+nTpy847SUVyry8PB577DEsy8Ln87Fy5UoSiQThcPicaYePPoUQE0MpSKUcIH1NMZVyUGrsj0wrBdrVOEkXy3TR2sXRcuOeuH6kUqnxH1H6fL5R1xkty8KyLvvyphBCCHHNkZ55hBBCiCykUAohhBBZSKEUQgghspBCKYQQQmQhd+QIIa4L0Wgvg4OxobtxNX5fkEhe0Zjjua5Db2/HqGfBI5FC/P6gB9mKa4kUSiHENU9rh01vvUxy8DiBQBBXuyRT+dx3/xOY5th6D+rubuOtjT8gGFAopYjGEtTN+ABLlqz0OHsx2cmpVyHENS+RSPDO5heoKDtCTfVRptUcY9NbzzEwkBpzzKOH99LdtYHa2uPU1hzDb2xh06aNHmYtrhVyRCmEuOZprSmdEmb+vHKC4SCgKS5sI8sz5BePCVSU5TN7dgXgYiqHlk7p2/ZGJEeUQojrgutqbNsFN10ds/W0cjkxwQU9FFvckKRQCiGEEFlIoRRCCCGykEIphBBCZCGFUgghhMhCCqUQQgiRhTweMgm5rkNj42kU7tBrTTg3j+LikjHH7Ovrobu7C9NQoMB1NBWV1aOGTxNCXFldnW1EY1EMpdCAaZqUl1dhGGN77CSZTNDa2ogiPTao42qKigqJRAo9zFpIoZyE4rE+nvnhv5If0aAM4vEU1TU38ZGHPz7mmO++u4ktm39FXsSPUtDZOcDjT/wRZWUVHmYuhMjmzd+8yPETBwmFLGzbxTB8fOozf0g4nD+meO3tjTz7zP8kNzcAStEfTbJy5e3c+v4HPM78xiaFchLq7OrAb+3k0Y8tRLsp2tp6+MmL24GxF8qjh7fwgdvbmTGzFMMweOaZfbR39EmhFOIqcV3N8RMb+dD9QYqLw2hX858/3EFPT/+YC2VjYyvlZXtZt24RaDh6pI3d+96RQukxKZSTVCQ3TCQvF7QmkXDw+/3jimdZFvl5uemYKPIiYZTyJlchxKUJ+AMUDO+HWhMK5QBj3xENpYhEhtoKNHl5YUxTmnWvyc08k1SmUxE98sU4Y3ImjkchhRCXSZ/zj3HGG9lWiCtCCqUQQgiRhRRKIYQQIgsplEIIIUQWUiiFEEKILOT2KDEOGtfVmbtnlZLvXUKIc2mt0drbtkJrd+j/oJRCXcHb+KVQijHR2qWtrQHbHkShcLVLJFJCfv7Yew8SQlx/XNelve0kjpPKvC4sqiQczhtzzHi8j+7OJpSRLrimZTGlpAbjCj0aI4VSjEl3dzv/9i//F9NqwTQNYrFBUnoxX/zin090akKISaSjo4vvfOdPqKtN9x7U1tJD7Yx1fPjDnxtzzF/84ic0n36RgvwcUHDkyCCf+/w/UFk53cPMz5BCKcakv7+Xioo+Hns03SNILBrnX7/fONFpCSEmmb7+OFXlcR756FzA5fjRIG9tOj6umJ0dTaxbW0rl1GK0MnjqP3bS09MphVJMNgq/z4/ls0CD5bOkg3UhxHkofH4fPssEFAG/D2ucbYXlM/H7fFiWBUrh9/kwjCt3j4TcfSHGR6d/pKcfIcRF6fSNPR6FumqkUAohhBBZSKEUQgghspBCKYQQQmQhhVIIIYTIQu56FUJMCNu2MzeBKQWmaV7R3lWEGCsplEKIqy7a38vBQ3vx+UwA7FSKurq5FBZJz05i8pFCKYS46vbs2covf/6XLFteg9aaA/sbWLDwj1h7//qJTk2Ic0ihFEJcdYlkjNtvn8ltd8wCoLIsSENLcoKzEuL8pFAKIa46hYHtuEB6BIj0v+X6pJic5K5XIYQQIgsplEIIIUQWl33qVWtNPB4HICcnR27nFkIIcV277ELZ09PDyy+/jN/vZ+3atUQikSuRlxBCCDEpXPap1zfffJNkMsmyZcsIh8NXIichhBDiqrnYmdHLLpTFxcWcOHGCn/3sZyQSiXN+77oug4ODDA4Onvf3QlyI6zoMDsZG/MQ9G5LHK+fkOBBDa3ei0xJCXKZUKpWpVclkMmtbc9mnXleuXMmKFSv42te+RnNzM9OnnxlRWinF/v372bx5M7ZtEwqFWL58OX6/f2xzIm4oDQ2H2bfnN/j8Flq7pJKKW9//IPkFk6e3ltOnT7F3z2tYloFSEB9wuXXV/RSXVE50akKIy3D48GEaGxvx+Xzs27cPx3EuOO1lFUrHcWhpaSEcDrN06VLy8/PPmSYnJ4dIJILWWgqkuCxvvfkzfMZG6qaXoYE3frWPkpLZ3LJy9USnlrFly0ZS8WeZPbcGlGLPuwfJzYlw15pHJzo1IcRlCAaDFBQUYBgG+fn5NDQ0XHDayyqUqVSKt99+m7q6OhYuXEhxcfGo32utmTVrFsuWLRtb5uKGpgzFTUuqmDGrCoDO9r6rOor5pfBZJguX1DBnQTVgEOuLk3InW5ZCiIuZPn165oxoIBDgwIEDF5z2sgplMBjk4YcfxnVdDOP8lzdt276ckEKMYqc0md5a7AufCplIKdsFrUG5pFIumBOdkRBiPC5Wt8bU4cCFiqQQQghxvZGKJ4QQQmQhhVIIIYTIQgqlEEIIkYUUSiGEECILKZRCCCFEFlIohRBCiCykUAohhBBZSKEUQgghspBCKYQQQmQhhVIIIYTIQgqlEEIIkYUUSiGEECILKZRCCCGuLjXRCVyeyxpm65oyPETgZF4hN2KOI4duvFhMBYZS6BFJXJVFdTk5iklt5PZzlbae68SV3QmUHrlfj3/daNJHfVeqrbjuCqXjOPR09uJql+GFVVhcgGlNnkEDXdeluyOdoyK9kosmYY49nb04rgtolFIUFOZj+ca+yQwOJOjvjaKURmtNIBgkryBy4T8wDBr6OpjS1YzWGsNQVOWVYZlXbjklBpP09fShVHrISZ/fT35hBKWkkb22KJKmw/Gu04QTIbR2CfkDlOeVSMG8iEQiRjTam26btMbn8xPJK/FoH1AopehMxjjR2Uy6tGlKcgvJC4THHNVVmhO97fi7mtGuxmeZVOSVYno0JOR1Vyi3bNrKC0+/QklBKShobD3BI59dz/vvfN9Ep5axd/8+vv/1/5fKKdUAtHQ0sv4Ta1l9160TnNkZRw8d51+//u+UF1WhNbR3tfLBh2/j7nvvGlM8rTU/fOrHHNt9mkhuARpoj57ir//7nxMOn38HaehL8Tcb/id5RyvR2sXX2Mu/fORPuf2mVeOYs+ye/cELHNp1nNxwHo7r0N7TxJ989cuUlk25Yp8prgRNU18X9z/zJwQiAVKuw6w2P//x5f9BZYGsy2z+49+/zWBsM8GcMK52aG/VfPH3vkZxcZUn8ZPK5O92b+Rf7CZQCqc3zv359fzzF/5mjBEVJwcT/MVL/0xuZTEOLuET/Xzvd77CzTMWeZLzdVcoOzo6WFK9mpsXvQ8FbN71G5pOt050WqN0dXYwd8py1qxai4tm+3tbaD7dPtFpjdLe1s6skiXcvXIdjtbsO7iLlpbjY47nOi6drX2sXf5xigqK8ZsWT/7kHxhMDF6wUHYMOrTcP4WWVRWgFLwWo7H9yq7L5tNtfGDxhykvrQKt+a9fPk1/f58UymuNhrgPTn2qEnL9YMGJ7+6jq69HCuVF9Pae5rc+VUVhYQQU/K//3E1XV6c3hVKBk3Jpnxeh/dNV6bO63VF2/qhhXGGjCprWl8G8KemYL+6hub0VZow/ZbgOC6VhGFiWiWkaKBSWZWGYk+tUizIUls/CtEyU1vh8JpiT674qZRiZHHFdTJ+FaYzvlKdlWJiGgWWYmKaJ3+fLehpMAZgmmEObqc/CVFd2OVmmhWWZWEb6ioff75fTrtcopdTQ9mOCqcDnw5BVeVGWz8I0XQzDBCPdhnq+DygjvV4ATBOfNb5SpBRgDK1rpcDyjbu9Gmlytc5CCCHEJCOFUgghhMhCCqUQQgiRhRRKIYQQIgsplFeAGvFfb2Nef+RGGZFxTWwK10SSnrsx5/qMa/CuV42pzKEH4dMr0LjIQ6WGMnGHpj/ftAZk4oHGUMa4GnBNukeQy8lRKQPXdUAr1NAdlyN+m37eKEuOWqcf4h+diB66Hew8BUmnl8uZmIz/4VxljMpRKQPjYsvRSHdugE5PP17addPLQan0XXuMXiaGVpjmiHWjwBjH5yrSdwh7thwVGBijt59x5jjcw9HIHA3DuOqNnzvUeQVanWd7VChGb+Ne3rXoFaXOaisMY1wdGCjS28vltBWXEnPUulbnWd4jaK3RrstwLxtKnTVHWqOMy2vPrjfXVqFUij5H89aBnVT1dqI1GH6LpTPqCfkC5/0TQzs0HdjDvrcLUcDhYydHfD1SYBoc6Gxl096t6Q3M0UytqmTGlJoxpxk3NZsPvUdLIoHWGtOyWDK7nhwreN7pTVwah3IEaG1vwHXObOjKMjje38amPVvTO6rjMLW8ihnltZlpGk6cprOjCzX0mEkgOYDrpDJloqOlGTWy4QlZbD60g067c6ieKpbOXUSO7/w5XowyDJoHunhrz1YMBY6rKS0qYl717Av+TcC22fvWJgryC9I5nm5A1Y99B3Qdh6M7tjOYTKGAjq7uoR6aMllyeqCfX+/agt9n4mpNfl4Bi6fNHfNnplDsO34Y/95t6QZHwfy6OZTkFowpntKK04P9/Pq9rYRDObhakxPJY2ndPMZa2hzDZMeJI/j3bgVAu5o502dRGikeU7yxiHV0cPzgAYZ3vlMH91NZe2Z+zKDF7qajFA3l6Dguc6fNpqzg6uWYnQLD5HDX6TP7oesys3o6VUVlY47a57q8uW875R1T0BpMv4+bZy3Eb/rGlKNWikMdLaNyrK6oYnrphduzpsOH6WprQal0+9Db1oIyyjIx447m7f27aYrF0z1k+U2Wzlh4wTb3enRtFUpgY7SfZ4/+G3SH0/vc3lb2feop5s2cc860ylAMdjdy6rt/xcmnC3BdONk/SNk/30X6KE2TcAy+0rGVr+w7nf6jWIyPbFnMf/3uP44xQ8XRwUH+8eRTEMsBNBzu5I0Pf4Pb599ynskVDPYT/9bfcvypCNqF1pDC/vzCdI5ofPj457Zt/PPBdnA19MW4NzmHn/3uN/FZPlzX5dvf/A7F7gyCQT+YPg785L9zR99h/H4/aGhfkofx4fsyOWLAbx16EhIF6Y95t4WfP/w11i65fQyzrLAdxQvt7/H1fV9Nv5cY5I7GSl7+o389/xcEA4jGOPXZj9MVCoGtaV+ci1p337nTXqKOtlb+7aMf4Q4niasUXckUzp8uTz+zBcRtzVPHDvPVfV8FywSd4n3v5bHpK88wtgfsFEf6Evwf+38ChdvS6+ZEC88t+TM+/MEPjWkeNIrv9TTylUNfB58BrkvuQZuWP3yOcO5YuvhS9Ngu/2fTL2D/O+m3Gjv4+1Of4Y8f+J0x5TgWG370I5r/4o8pi+SiXDhdYlLxtQ+Q2caVn784+V8w5e30cmzs5C9rP8pff/j3rlqOF9M3CH9/4nX+/tDRdI4tXfx50Yf5209+eUzxXA1vt3TxTPKfoDMXlIa3Wzn8vz/DzKl1lx9QQeeg5m8OvMnfTG1Kf0B/lN+Pvp9vfPn8vd44iQTf+5M/ZtabGwiHgmBr+meHwPfxoZiat9t7+ff2f4V4YfoEzb4W9jz2HyyYM29M830turYKpYY4CtbMhtr00Re2jRNPXmhynESc24oKuL+8DDTsD/bz7ohpHNuFmkJ4aGH6jY5e+n4yMK40XQ2sng5zh3oAeWkP8WjsgtOnXIcFuSHuqywDFw6pJK+PnMB2oboAHqxPv+6J0fyjHlw3fbzoupqglcN9K9YT8AfAMolv+iFrg12EQzmg4aTfwRl5FjJmp5fjgtL0a6XojvaOeZ6dlEOqOBc+vJD0ikoQ+14HKce+4FaWAB4sLyacEwEHOgMOzpgzgEQyxYyAn3UFhYCiczDFT0b8PmW7tFfmwUP1YBmgNPbhk2efnb0sMUfDnTPgnqEj520hnPbUmOO5jktXbgDWzYMcP2iX6Ld246bsMcfUtobFlfDBmek3dp2k70j/mOONRSzaz62F+cyfUgIuqOAAzsgFP2DDsir4UD2g4WAzbbt6rmqOWSkYTNjpnl+GczzZTmxjfMwhXVcT81nwwHyozEt/SMs2EoOJMcccTDqwuALWD+XY2Yv7gwtvO45jU5RK8UhVOVYgAA4cCwyQOQ+jIRqw0tv3zJL0e7aNM3j+Nvd6dc2daFYAjobhU2o6+w0hSqlR7eA5DXG6519wXHBdcPTFr6tdSpLucI4ahjr0zjZ51hxHcl1wXKyzcjSGrnM42mGofmKPiHr25ct0ju6ZT3bHeR1sOKZ204Xd1ZhnX+s4z+Qj53Uc9SodL33BMPPaOSuiAkxIbz+OBtcd981EanhdA6DB1eOOmc7RzaxrPNkez1xXw9VX/RqTYRij1rV79gRq+E3NcI5edWjtlTOrYWjfdsa/HFX6guKIfVGNa32P+tOh/VBd5GzJ2evm3Jgqvb+Mew+9dk2uLVEIIYSYZKRQCiGEEFlIoRRCCCGykEIphBBCZCGFUoiLGHlzzrXRkdA1kaSYLGRzuahJ93iI6ziZXnRA1uGkoUBpjZ1KZd7QN8BdcEopcN3MfOuhGxMnE601jn3mEQA1hiRt2yFzV6MGwzRuuN5XbhSO4w71xJPu4AI9yTboSWhyFUqteXfjRtqOHcUyTRQGzSeOYphj7zlFeMNnmhz4zRtsNJNoB1p7mnGD43nq8RqgwYn1sPG5Z5laWYGBwd7dm5g9Yyy9plw5LceOses3b+A3TAzTYOfOd7j7w5fe/VsymeSNV39DKumgFCRTKebOn8PcBbOuYNZiIriuZvvmHbS0tGFZFqmBOF2trUPdZooLmVSFMjUwwEv/8H+z+r3thPwBtKPxzw6izfqJTu3GphSuaRD8yf8i542XQLv4/dDzpUVD/UNOdIJXhtaagaaD5L74LOFwCLQiFEjBb310olMb5a1nf8TA//gHZudHADCSMfjow5f8953dHTz95H+x/vZP4LoOrZ3dHN77/zFn/kzptP46E4vFeOb/eZElde8jGAgwEBugv7UPo2SiM5vcJlWhdF2XKT4fd5SWQsAPtmazb/CGOMU32Tlo5uXnsqIs3bNKmWHzi8l2DtJjGo1Pu6yaUkh5JAIutLn92Of03jCxjJTNqimFzChM9y/b3GeO7oXpIrTWTK+ezfuWrMR2oLW9hc2nX0Hr8XeeICYXrV2KCop535LV+AN++nu7OR7JR+tJ1AvSJDSpCiWkO+dIahe/TvdoM7mapBubM9x5iNbY7jl9q1yXNJAcGt0ErS6rAF01SpFydebI3nEvP0nHdUjZ6S7NUk7qPF05ieuF1pqknUKZJradGtGzlLgQOTEthBBCZCGFUgghhMhiTIUyGo16ncc1beTYkUJcb7TW6UHFJzGtNY7rePqgq6vdcwdDHyfnSlyyuAHPnDrO1d0eL+sapeu6bNiwgdzcXBzHYdWqVVcqr2uIZiAel5sexDhM7pYukUgwEI9N6m3cth2i0f6xDSt6AYODg+ni6xGtNYnEIIp8z2K6Wp81OPmNQBOLXt3t8bKOKPfv38/+/ftZvnw5v/71r2lpablSeQkhhBCTwmUVysOHD1NSUoJhGCilzimU7jjH9zNNE8Xow1yFxjQNMI30KPQKsNSZcQdVuheRYYZhYCgTyzAwzaHXI06fmFqTfrZWAQrTVOm4pgGGAebljgenUIp0jkY6pjJIDyqoDIbHlxv5QK+hFIZSmAbpHJUx1JvKUI4Md5uWzs2yRuRjpJeFq8C0zDPLTSksw8Q0LUyDc5ejAstUmfk2DDL5DiU1qieW9HI0MA2wDIWhzLNyVOlx7lQ6R3MoJ5SRHhR5aDmapjUqR3M4RxMUCnPE0ZQBWKaRyVEZQ+tmaDmnc7zwujFMEzXi27U5vC6G8jQtha1Uevuxhta3Ip1rZjml59U003mml+PIHHV6m1Ej1vXIHE11WT3amJY5FGpoXZsKW3Fme7TSsSzrwid/DKUwRhyUquEcuUCOhho1RqFpGOl1YYBpWul1rc7MR2bdDS03ZQ1v85feqYGhFKYeva5N40yOpsmI7VGlJ7iM/dAaWo5Wpp1I54g5tK4zn3MZORvGUAoj9pnh12p4G7/kcJhmOp5pGaCG9uuR65r068sZh9NQw/vE0PwZI3IasR+eycFMr2tlYhkmhmGiNFgjZiSz/ZjpPDNt7vA0Q/vxpc+3ObT5DS3HkW2uObSNj6HNtUbth2p0m2twefuhaWY9nav0ZZyEf+2112htbeUTn/gEX//611m3bh1z5szJ/H7btm184QtfYNq0aZkPLykpueSNU9s2e15+mRltzViWAQ68l+8y+95Z+IcatZePtHO6PBfC/vRyP9HNJ8vuori4BJTm5PEGoo0uJQUlaEPR0XgY49BGZob8aKA76dC1qpQZM4vRWtPVn+DZjn6oLUzHG0xS25HL+jm3X9Lzm0rB9u2/oa42Tk4ogFKKN4+0s6ckBHnB9EStUR4qWklNQTlaQXNzM20H+6konYoGetsa8O99lcqQH1zotTQNcyMsWFQJWpMYdPiPI21QX5o+SzeQpKwlyCP1d2KQfuB/66adVOTWpZe1adK081XmxJrwDxXTfQWKipXVFBQEUcChY138qsAHhaF0jse7ub98JTOLq9FAe2snpw+0UVVaC0B3fzdsf4G6oA9c6LM0x2dHWLS4AoBE0uGHB1pJLCxL52g7lJ5QPLz4A1gqncPurfuIGFPICYRQlsHh/VtY3LEfv2WBC8enmBS9byp5YT8oxY5jHWwN+aA8nM6xqY+14ZuYXTH9vOtmIBbl8I9+yFzlAooBR9O4rJAZc6YAEE86/Of+FtwFpUMNk0vJAYePL1ubaQP27zxMUBeSEwiChhMHNjGj8wh5/nRTcgyHvLXTKMoPoYB3G7p5O2VDXRGgoT3KWr2I2XUzLun6luNodu38OfXzQ4AiZbv8+9F29PSidAOiNepInM/PX4vP7z/P9qc4uW0r5tYtlAZ8aOCEYxP8YA1lU3JRwNHWfl51HKjITa+bnhi32NN5X+0iNJr4QIxdbx5g5tR5aNclGosxYHZTv2weoLHtBLt2vsb8eUEMZaC15tDhQeoXrcE0z83pPElyaucOgps3URBIbz+NQRdneQU11flooKM9xnPROEwrTP9NR5Sb7Fpum7H0Epdjil07XmHWrAABvwVK8fq7zRyZUwg+K71+D/fz6blrKAhGLp4z0N7eQKxvBxUVeQC0dsd5obUf5k5JPz7TP8BN/RWsnr38kh6n0RoO7P8VVZUOAb+F1vCL/a2cqs6D3KH27GAvn5q1hsLcSzk9q2hvb6G3+22qqwtAa1p7B3mhsRvmlw49a5dk0alC7rrpVlztkkrZ7HnnIKV5U7EMEzuV5OT2X7BE96W/ZLjwXq7LrPtmERhqc3+xv5WTpWEoHmorTnTzibK7KCkuuaQ2sq8/RuPJ15g+Ix+0prs/wY/b+8+s65RNZWOAR+rvuuQ2973dm6ms6CGcc+E2d33hCmoLK84bUSlFV1cXAwMDKKVoampi7dq1/Nmf/dn5P/NyCmVrayvPP/88DzzwAC+++CKf/vSnycnJyfzecRz27t2budnHMAxCodClH2UqBakUyUQi85blM7A1DF/HUZZBwnEzl3Usn0XQ9GdeK6VIJJLpvgw1KMPEcFOZ/mOVoTAslXnWTCmFY4Jtn1kMOcEQxmX0f6hU+trD8M6iLIOk42b2HdMyybGCmR1eoUimbBzbTn/HMgwM18ncMKEA02+eeVZRKbSlSKXSrzUQDoQwMc5sWDp9LSmz3JSBayczG4lpKlxDZXLQloHtavTQcjAsk/DIHJUimbRxbXvoC5ri/2/v3GKjqto+/tt7ZjrTI9MTpa0zLdKXWtJKOFlDDRg08aomBPOqiYmJ4UZNjDFGbxT0RkkFL0lAq1IwFA2gXAhEw0FKCVDaoRQ6pe1MS6dzaDs9zXnP7L3fi9ppyyvfR/cQw5ev/6QXbdL/fvaz1nNY63nW2qKqJGs2wl/vqSSfIKAaROLxuazMaDSShn7B5I9FJUBFVcEgCiiJ+JyMooCsExbqcb6MOpF0gwnhATNWABRJIv7XvayCAKJeRJ6nd0U/E4zmy2hAt4AlFo0mf9MJIqocT+rlfj2KOoEYoP51wFIQRTKMJoRFlY3keXN+ZsUrzZcxLQ2DqH9gKVMApHBobr7pBFRRQJl9b51IXFVRZue8KJCZlj5nMwjIsoIkSckVlNFkJGlzgoCqJhbYpSEtDUEw8LD11RkZw3N6EwCDmJQJUUAWZhKH2X/INGY8cKz/9gmqjCTNjZ1q0BFPyPN8hYF0XdpDN+gIgkg8HkH5a6UhiAIJUUCeHRthxg6FRd2VqiLFInMy6wUkWU3Oeb3BgElneOhLVVE+AAALt0lEQVSytSAIJBKx5F2/giCQ0IE8z5+lm9LRzZdRVWfs8K+x1gsssMP/8rk6kZjyYJ/7v8s4k8gkknYpoOggPl9GYzq6RSzPBQFiscgDfcX9PvfvEIvFSMzT25o1a8jJyfn75y0mUAK4XC7Gx8cpLi6msLBwMf+6hCUsYQlLWML/OSw6UC5hCUtYwhKW8P8Jj90VdjNntpRkXTMUCpGZmflIeSORCJFIhLy8PE1cs9u4s8XiRyVjPB6nv7+fWCxGcXExy5cvT5lzFhMTE5hMJtLT0x8JnyzLRCIRsrKyNHMoysw5tdmxDofDmEymlD7vJMtykk+WZSRJeiTvnEgkkg01k5OT6PX6lN5dVVWcTidTU1MUFhZSWlqacrv79PQ0TqcTg8GAxWIhO/vhanEPy/2gbanFIBQK4XA4EAQBq9WaEqcsywQCAcxmc8pyzUc4HMbhcKCqKqWlpZr9xHwMDw8zMjLCsmXLsFqt/2Nz1sMgEongcDiQZZnS0lLy8/M1c833jRMTE/T09LBy5UqKioo0c863Q0mSAEj7mxr7w+LvfG5GRsY/dkRE99lnn332jzzpIREIBDh58iRlZWU0NDRw5coV4vE4VqtVswMdHh5m165d2Gw28vPzycnJ4fDhw9TU1GAwLP6TSYlEgiNHjlBZWcnevXtpaWkhFApRXl6+qK66+QgGgzQ1NdHW1sbg4CA2m41oNEp5ebmmyaAoCmfPnqW1tRW73U5zczMdHR2UlZVpdizj4+N89913hMNhDh48yO3bt8nLy6OgoECTjLIsc/z4cSwWC01NTZw8eZJIJILFYtFsVHa7nTt37gDw+eef43Q6ycjIoLCwULNRXbp0iYaGBjweD1arlZGRES5dukR1tbav2kiSxIkTJ7hw4QKDg4N0dnbi8/moqKjQPH/6+vo4fPgwd+/epb+/n46ODgoKCjQ7UEmSaGpqYmxsjJ9//pk///wTo9HIE088oVmPw8PDfP/993R3d+NwOGhvbyczM5MVK1Zo4pucnGTPnj2MjIwwNTUFkHLQ9Pl8/PDDD3R1deF0Ouno6MBkMlFSUqKJT5Zlzp8/z6lTpxgYGKC7u5ve3l5WrVqF0WjUxDkyMkJTUxM3b95kYGCA9vZ2DAYDxcXFmsYmGo0yODiI2Wxm7969uFwu3G43y5cv15zIXLlyhcnJSYaGhpK2YzabNScdsixz+PBhKisr2bdvHxcvXiQSiaTkcxeDx25FOXvs5OjRo6SlpfHxxx/j9Xrp7u6mpqZGE+fly5d56aWX2Lp1K3a7nZ6eHqLR6IIPRC8Goijicrlobm4mkUjwySefMDY2Rl9fH1VVVZo4PR4P27Zt41//mvsG4PXr15mentZk/KIoUlRUhNPppKKigvHxcfLz81NaZXR2dmKxWDAYDFRXV/PGG2/Q1taGJEmajF4URfx+P6dPn6arq4uGhgZisRjd3d1s3LhRk4zxeByHw8GpU6fYvn07zz//PJ2dnUxOTmoyUlVVaWlp4cMPP8RsNtPf3084HCYUCmmSD2YcXWVlJf/+99znuux2O263O9kxvli4XC7ef//9ZIKhKApXrlzhySef1ORIhoaGGB8fp66ujlu3bvHRRx/hcDjw+XyaApuqqng8Hnbu3LlgPl++fJl4PK4pYZUkCavVyo4dO7h9+zY2m40//viD+vp6TbsxqqoyODjIW2+9xbJlc12n58+fXzTXLCYnJ8nJyeHTTz9N/m1gYAC32605CPX39/Pmm28ukPHChQskEglNCabBYKCvrw+73c4LL7xAXV0dXq+X4eFhSktLNckYiUQYHBzk/PnzfPDBB1RVVWGz2TTvTMz63GPHjhGLxdi9e3fKPncxeOwCZVZWFvX19fz666/s2LEDmHECfr9fc6DcsGEDQ0NDmEwm1q9fj9PpxGQyac6MdTodr776KmfOnGH79u2IoojH48Hn82ketPz8fI4ePcrvv/9Oeno609PTrF69mvXr12viA1i3bh2VlZXJ9924cWNK20g1NTX4fD7WrFmTDGQ9PT2sXr1ac6Csr6/n7Nmz7NixA5PJhM/no6enR3OgXL16NZFIhJGREerq6lBVlZ6eHs0rK0EQ2Lp1K5FIhFWrVpGfn09ra6vm1QBAXl4eFy5c4OLFi+Tm5iJJEpmZmdTX16fEuX//fnJzcxEEgYmJCbZt26Y52y4uLmbLli1UVFTwzjvvIIoiPT09VFRUaAqUgiCQl5dHY2MjWVlZ6PV6AoEAzz33nKYgCTNbebFYDL1ez4YNG9iwYQPhcFjztqYgCKxYsYLGxkYyMjIwGo1MTU1pnosAOTk5+Hw+vv76a8xmM7FYDEEQFiRJi4XFYuHQoUPo9fqkr1i7dq3m99br9WzevJkDBw7Q2dnJuXPnKCws5PXXX9cs4zPPPMPVq1eprq6mqqqKRCLBnTt3KCsr08QniiKvvfbaAp/r9XrxeDz/SKB8bJt5ZjMxURTp7u6mqKgoJScfCAQwmUwYDAYURaGjo4OampqU9s2npqbIzMxEr9dz9+5dcnNzU+oE9nq9tLa2otPpknUrrRNrFoFAAKPRSG9vLzqdjtLS0pRWlfNrdaqqcuPGDZ5++umU9Dj/SMpsLWfdunWa+WCuRqIoCteuXaO6ujqlmqLL5WL58uWkpaXh9/sJh8NYLBZNXIqiEAwGuXnzJufOnSMajfL2229jtVo1ywfQ0tJCc3MzJpOJV155hWeffTYlvvshSRJ6vT6lGnJ3dze3bt0iMzOToqIiLBZLSrWwqakpMjIyNAfb+xGLxRgbG6Orqwu32011dTWbNm1KiVNRFDo7O7l37x5ms5l169alZIOSJCVldLlcVFVVUVtbm9K4zMLj8dDV1UVtbe0jqUkrioIoikiSxLVr16itrU1prO73uWaz+ZH2cjwIj12NUpZlvvnmG06cOMH4+DhlZWV0dXUxOjrKypUrNfMajcZkdh2PxxkcHMRisWieXN9++y0//fQTfr+f8vJyent7cbvdrFq1ShPf8PAwX3zxBYlEgrVr17Jp0yYaGxupqanRvHppamriyJEjjI6OUltbi8vlorOzM6UMbL6+VFWlv7+fkpKSlJoTBEFIru4DgQChUIji4mLNfPfL6Xa7KSws1KzHM2fOcODAATweDyUlJUxMTNDa2sratWs18Y2MjCBJEmazmatXr7JmzRq8Xi8Wi0WzjLdv3+by5cuUlZVRVFTEwMAA2dnZmhM3WZbxer1MT08TCAQIBAJMTk4iy7LmxrW2tjb2799PdnY2dXV1rFixgkOHDmm+M3q2mWf2JxgM4nK5MBqNmvX422+/YTabGR0d5erVq5hMJsxm84JtzsXK6Pf7yc7Oxmq1UlBQgN/vT0mPZ86cISsri1AoRGtrK2lpaeTm5mquz8qyzLFjx2hpaWFgYIDTp08zODhISUlJyjXfWbtWFAW3201JSYnmXY7Gxkaam5sZHx/HYrHgcDgYGhqioqIiJRkfBo/d1uvU1BQej4c9e/YQDAax2WwLDtI/CsTjcTZv3qw5SEajUfr6+mhoaCAUCnHz5k1CoVBKRWWbzcaLL77Iyy+/jN1up729HZ1Op/nrBeFwGKfTyZdffoksy9y6dYtgMJg8YPsoIIoiW7ZseWR8AKWlpZrrIvMxW0csKCigtrZWM4+qqnR0dLBr1y5yc3Pp6OhAUZSU9Jidnc3x48dZuXIlO3fupLy8HK/Xy9jYmOYsPhgM8u677y5IWNra2hbsACwG0WiU3bt3EwwGk1fYTU5OsnfvXs3B9/r167z33ntUVFRgs9nw+/0pdS0qisKuXbuSXcg6nY579+5x8OBBzXqMRCLY7XZ++eUX9u3bh9ls5saNG5p3DwRB4KuvvmJgYACjceYWmdHRUXbv3q1Zj5FIhKGhIX788Uf27NlDUVER7e3tlJSUaFqt6XQ6nnrqKWw2G1u3bmV6epra2tpHck4+EAgQj8fJy8ujrq5OM08sFqO3t5eGhgYikciCi23+CfwHmK6lhZVYCt0AAAAASUVORK5CYII=" /><br />
<br />
<br />
or<br />
<br />
#Top 20 Row Chart with CVSS Total Score
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set style data histogram </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set style histogram rows gap 1 </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set xtics rotate </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set style fill solid border rgb "black" </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set auto x </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set yrange [0:*] </span></span><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">plot "TestDataWithTabs20Vuln.dat" using 2:xticlabels(1) title col with linespoints pointtype 5, "TestDataWithTabs20Vuln.dat" using 6:xticlabels(1) title col lc rgb "green", "TestDataWithTabs20Vuln.dat" using 5:xticlabels(1) title col lc rgb "yellow", "TestDataWithTabs20Vuln.dat" using 4:xticlabels(1) title col lc rgb "red", "TestDataWithTabs20Vuln.dat" using 3:xticlabels(1) title col lc rgb "purple"</span></span><br />
<br />
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcoAAAEHCAYAAAAu6ga2AAAX/GlDQ1BJQ0MgUHJvZmlsZQAAWIWVeQdUFM/Sb89sBJYl55yT5JxzBslZSUvOLDmogIAEBQFFBBQFFREVRImSREER/ggoqIhKEAmiYkBQQN6A4d53v++ed16f0z2/ramurq7qULUDAPstr4iIEJgWgNCwaLKtsR6vs4srL24SYAABMAIRIOZFiorQtba2AP+1fBsH0M7zseSOrP/O978WOh/fKBIAkDWCvX2iSKEIvgUAqoUUQY4GALMjTzAuOmIHH0cwIxlREMEXdrD/L9yyg71/4cFdHntbfQRPAYAneHmR/QGgXkbovLEkf0QOkQAAlj7MJzAMYeVFsBYpwMsHAHZPhGdPaGj4Dj6KYFHvf5Pj/3/J9P4r08vL/y/+NZfdgjcIjIoI8Ur4/zTH/7uEhsT8GYMbqYSoYDtz5MmM2C2e5GVoh2BWBOcF+Jpa/KZfiojWs/1Nbw+MNrXfsRGCnwTEmDj8xgsxwQ66COZE8GZwuPkOP2InmDXMe68VgukRLEiK0nf9JRNWSgywd/rNY+Hja2CIYGQVwc7kcNs//AFRsXZ/6ImJAfp7//AHeZnt+JuI4Bwv8u5cEB3gEt8Q451x+RF8NSLa2v73WENhIXt/zwV+40c2sv2Nf/hG7c53d6zoAHuTX/JRtNHIAvglE8XpF2hk+ksHlEwA2eQPXSciZHdNI31R9uQY2x07CCLYzzfM4bdMVI6Pl4H5L5ugyoER8AJk4Au8QRjYArzAAugDg98tL0IPQ1oSCAchSCXz0vx5g3mLGcHMYMYwU5jnf7n1//CBQOCDPP/QSf9GtwOJ4D0i1RdE/RkNzY7WQqujLZBWB6lyaBW06p93Q8vNy3+1+qWrP9JX8jdF77f2sf+uvUdgGvk/+nj/7fE/dTICb3al/uaQqZVZlNn80/9fM8YaYg2wJlgjrBgqC3UTdR91B9WPakc1A15UF6oFNYjq2MH/MYrXb6uQd+drjozoC2J2f4X9rxrF/OX4TSWKExWB7S5/MPIu8O8IjrtaB/4PKTFI9UYkBSHvzP/O8Y+lhRHrKqL10JqInREbo5nR7EASrYBYXBetjfhAEaHq/2ev360k8Nu1ZezuXILBWwSHRvvGR+8sdP3wiARyoH9ANK8uclr67uE1DSNJ7eGVk5GVAztn76+t/cV290yFmB/9ixYuC4Dqzll5+F80zw8ANAchxw39v2jCzQDQyAHQf4oUQ479RUPvNBhACWiQ1c+GnBwCQBTRUw4oAXWgAwyBGbAC9sAFuCPWDQChiMZxIBmkgkyQC46Dk6AUVIAqcBlcAw2gGbSDO6APDIBhMAZegCkwB96BFfANbEAQhIOoIQaIDeKBhCAJSA5SgbQgQ8gCsoVcIE/IHwqDYqBk6DCUCxVCpdB5qAa6AbVCd6B+aAR6Dk1Di9Bn6AeMggkwI8wFC8PSsAqsC5vD9vB+2B+OhBPhdDgPLoEr4atwE3wHHoDH4Cn4HbyKAigqFDOKDyWJUkHpo6xQrig/FBl1EJWDKkZVoq6j2pC1+Bg1hVpGfUdj0QxoXrQk4kkTtAOahI5EH0QfRZeiL6Ob0PfQj9HT6BX0Tww1hhMjgVHDmGKcMf6YOEwmphhzCdOI6UX28xzmGxaLZcaKYJWR1e6CDcImYY9iz2DrsN3YEewsdhWHw7HhJHCaOCucFy4al4k7jbuK68KN4uZw63gqPA9eDm+Ed8WH4dPwxfgr+E78KH4ev0FBSyFEoUZhReFDkUCRT3GBoo3iEcUcxQYlHaUIpSalPWUQZSplCeV1yl7KScovVFRU/FSqVDZUgVQpVCVU9VQPqKapvhPoCeIEfcI+Qgwhj1BN6CY8J3yhpqYWptahdqWOps6jrqG+S/2Kep3IQJQimhJ9iIeIZcQm4ijxAw0FjRCNLo07TSJNMc1Nmkc0y7QUtMK0+rRetAdpy2hbaZ/SrtIx0MnSWdGF0h2lu0LXT7dAj6MXpjek96FPp6+iv0s/y4BiEGDQZyAxHGa4wNDLMMeIZRRhNGUMYsxlvMY4xLjCRM+kwOTIFM9UxtTBNMWMYhZmNmUOYc5nbmAeZ/7BwsWiy+LLks1ynWWUZY2Vg1WH1Zc1h7WOdYz1BxsvmyFbMFsBWzPbS3Y0uzi7DXsc+1n2XvZlDkYOdQ4SRw5HA8cEJ8wpzmnLmcRZxTnIucrFzWXMFcF1musu1zI3M7cOdxD3Ce5O7kUeBh4tnkCeEzxdPEu8TLy6vCG8Jbz3eFf4OPlM+GL4zvMN8W3wi/A78Kfx1/G/FKAUUBHwEzgh0COwIsgjaCmYLFgrOCFEIaQiFCB0Sui+0JqwiLCT8BHhZuEFEVYRU5FEkVqRSVFqUW3RSNFK0SdiWDEVsWCxM2LD4rC4oniAeJn4IwlYQkkiUOKMxMgezB7VPWF7Kvc8lSRI6krGStZKTksxS1lIpUk1S32QFpR2lS6Qvi/9U0ZRJkTmgswLWXpZM9k02TbZz3LiciS5Mrkn8tTyRvKH5FvkPylIKPgqnFV4psigaKl4RLFHcUtJWYmsdF1pUVlQ2VO5XPmpCqOKtcpRlQeqGFU91UOq7arf1ZTUotUa1D6qS6oHq19RX9AQ0fDVuKAxq8mv6aV5XnNKi1fLU+uc1pQ2n7aXdqX2jI6Ajo/OJZ15XTHdIN2ruh/0ZPTIeo16a/pq+gf0uw1QBsYGOQZDhvSGDoalhq+M+I38jWqNVowVjZOMu00wJuYmBSZPTblMSaY1pitmymYHzO6ZE8ztzEvNZyzELcgWbZawpZllkeXkXqG9YXubrYCVqVWR1UtrEetI69s2WBtrmzKbt7aytsm29+0Y7Dzsrth9s9ezz7d/4SDqEOPQ40jjuM+xxnHNycCp0GnKWdr5gPOAC7tLoEuLK87V0fWS66qbodtJt7l9ivsy943vF9kfv7/fnd09xL3Dg8bDy+OmJ8bTyfOK56aXlVel16q3qXe59wpJn3SK9M5Hx+eEz6Kvpm+h77yfpl+h34K/pn+R/2KAdkBxwHKgfmBp4Kcgk6CKoLVgq+Dq4O0Qp5C6UHyoZ2hrGH1YcNi9cO7w+PCRCImIzIipSLXIk5ErZHPypSgoan9USzQjEuQOxojGZMRMx2rFlsWuxznG3Yyniw+LH0wQT8hOmE80SryYhE4iJfUk8yWnJk8f0D1w/iB00PtgzyGBQ+mH5lKMUy6nUqYGp/6TJpNWmPb1sNPhtnSu9JT02QzjjNpMYiY58+kR9SMVWeiswKyhbPns09k/c3xyHubK5Bbnbh4lHX14TPZYybHtPL+8oXyl/LPHscfDjo8XaBdcLqQrTCycLbIsajrBeyLnxNeTHif7ixWKK05Rnoo5NVViUdJyWvD08dObpQGlY2V6ZXXlnOXZ5WtnfM6MntU5e72CqyK34se5wHPPzhufb6oUriyuwlbFVr294Hjh/kWVizWX2C/lXtqqDqueumx7+V6Nck3NFc4r+bVwbUzt4tV9V4evGVxruS55/Xwdc11uPaiPqV+64XljvMG8oeemys3rt4RulTcyNOY0QU0JTSvNAc1TLS4tI61mrT1t6m2Nt6VuV7fztZd1MHXkd1J2pndudyV2rXZHdC/f8b8z2+PR8+Ku890n92zuDfWa9z7oM+q7e1/3ftcDzQft/Wr9rQ9VHjYPKA00DSoONv6j+E/jkNJQ0yPlRy3DqsNtIxojnaPao3ceGzzue2L6ZGBs79jIuMP4s6f7nk4983m28Dzk+aeJ2ImNFymTmMmcl7Qvi19xvqp8Lfa6bkppqmPaYHpwxm7mxSxp9t2bqDebc+lvqd8Wz/PM1yzILbQvGi0OL7ktzb2LeLexnPme7n35B9EPtz7qfBxccV6Z+0T+tP356Be2L9VfFb72rFqvvvoW+m1jLWedbf3yd5Xv9384/ZjfiNvEbZZsiW21/TT/Obkdur0d4UX22g0FUEiF/fwA+FyN5C0uADAMA0BJ/JUb/S4oJPiAkScOiRTMkAhgFhJH7u1umA2OhidQpqi7aGP0E0wolg7bg0vGa1HgKF5StlKVE/Kpq4mTtLR05vTZDP1MdMz7WK6yodm9ODq4eLmP8qzz+fBPCO4V6heRFs0TeydhuqdC8pu0vswx2WF5agU9xSilcuVulSnVLXUWDQlNVS1DbVsdkm6UXrr+KYNawy6jx8aLJttmTOZ7LPQt3fYGWsVaZ9gU2lbY1do3I7t+wGnU+bnLa9dZt4V97/cvuE96DHl2edV5nyUd80n09fOz8VcPEAwkBn4Leh3cF1ITeiwsItwuQjmSPXKT/CqqO7oqJiPWL840XiKBMmEpcTCpPrnkQPrBuEORKeTUxLScw+fTOzJeH6HI0siOyKnKHT9GmaeRH3r8bMFQ4daJPSfdinNONZVMlVKVKZZ7nMk+21Dx4jy6UrLK8cKhi5cvjVSv1/BesahNvtpw7VOdWn3+jY833W49arJqftKq0RZ9u6Z9spOqS77b8U5kT8bdgnvFvcV9BfezHhzuP/Lw2MCxwYx/ooecHkk92hjuHkkaVRr99vjpk9ax0vEDTz2e6T0XmqCYeP9iZLLxZemrA689pwymxWZoZ77Pvn0zPtf/9s787YXWxdali+/ylmPfu38w/CixQruy+mnic+eX818zVgO+ma9JrzOsr32f/NG9UbmZvuX702Cbf3sb8T8WsCPRYTzoRSI6C+g49BqWR2KvLygP1DgSNb3ERGCJ2GacL54dP0FRTulPpUfQpLYnBtCk0J6ju0O/yMjEZMCcwFLH+pFdioPM2c5NxePIe4VvW0BXMFWoS3hTVFksSPyMxMCez1JM0vIyJrJucv7ykQoJigeUEpWDVNxULdQ01WU0+DWZtPBaP7Tf60zrjuk91O80uGlYbVRinGUSZxpg5mJuYqFiKbKXyQpt9dV6xmbEttuu3v6sQ5ZjlJO7s6mLvCuXG9btA3LSd7hXeeR4hnvZeyuQCKQZn1bffD8/f40AuoC3gbeDCoJ9Q9RCaUJnw5rDsyJcIiWQdTEUdS6aHKMfyxQ7H9cafzTBPVEmCU56mlx3IPdg6CGHFINUtTTVw5rpJhnOmWFHjmRdzL6bM5378xhnnmq+4/GoguOFV4v6T7wthk9xliidtikNLcstv3pm+Oy3c/znrSsPV7Ve+HRJqjry8q2atVrVq8nXOutAve6Nww29tzCNxk1ZzfdbcW2Gt9PaOzq+dgl3291J6jl79/a9sd7FvrUH6H6Gh3wD0oOa/1gMuT4KGI4byRw9+bjySd1Y+3j/0/Fnc8+/vkBNMr4UeqXy2mLKf7pqZvGNyJzr28z5Kwv3F6eX1peJ74U+aH90W0n5NPxF/mvR6pc12/VbP1g3MjbXf8bt+h8N6IA42AtSQDcS16tB0VAzDMOW8Dl4A+WOeojWQDdhVDA9WGvsLC4Jz4G/T3GMkkSlQeAg/KSeIQ7QNNJepCuhz2PIYsxgymTOZSlirWCrZW/h6ODs4Ork7uLp5L3N18hfK3BGMFcoRnifiI4ovxgQeyHeLJG7x1GSV3JJqlE6RcZclll2Wq5WPkZBW5FC8bHSGeUAFQWVddVOtQx1cw16jQnNSq0gbTntTZ0+3QK9/fri+msGdw3zjdyMRYw/m3Sa5pg5mvOZv7NoskzZa2HFbDVtXWsTZatuB9s9tC90cHXkdZx3uu4c46LuCrv2u+Xvs9vPvP+5e5nHfk8uz5deZ7z3kzhJEz4lvo5+DH6P/HMDDAMBsl5ig2WDl0OqQ73DOMOehhdF7I3ER94hJ0bJRy1HX4xxj2WJfRR3JF47fj2hPjEwiTfpefKJA/YH2Q7OHWpJOZGakOZ3eF+6S4Zbpu+RmKyM7OKcS7lNR/uOjeXN5X8tQBUyFPGfkDmpVqx/yqzE5rRLqXdZePmhM0Vnr1YMnPtYKVSVcGH4kkj1wcvjVyRr06++uC5bl1X/qkHpZu6t103yzUdaJtvkb+e0z3RqdJV0f+uxv9vYK9J34YFkf+9A8D+CQ8vD90dvPKkZr392Z+LlS/BaZrr6TeZ8zlLzB5pPWaus642bTjv+//Uf2U7BKgFwcRYAx/MA2LgBUC0BgFAZAERGAKypAbBXBbBePoCenwaQ8fW/9wc1EAFGSDZ8BMkc+8E7iAjJQg5QInQGaodeQJtIfqcNe8OZ8BX4EfwVxYHSRQWgjqNaUTNoKiTD9kQyshb0Gww9RhsThjmPGcNSYnWx8dgG7DJOFOePq8Yt4qXwMfguCioKV4qrlBClM2UDFZEqjGqUoEI4R42nJlO/IpoRW2lEaUppqWlTadfowpF8hUT/msGbYZ4xlPEbUyozkfkMizTLXVY31lW2AnZZ9scccZxcnMNcR7j1eADPHd4MPkt+Nv4FgduCBUJBwkYiQqIE0VWxGfFRiXt72iRvStVL18k0yLbIdcsPKLxS/KSMVmFSFVCTVJfVkNEU1+LVpteBdT7qvtDr0q80yDIMN3I21jORNuU2ozFHma9brFgu7Z2zmrGetnlj+87ui/2WI4UTi7OIi6qrpRtpX9L+k+71yD323ptIkvdx8T3kV+XfGzAbuBVMH8IXKh4mFS4ZIRbJT2aOooj6Eb0Yyx5nGZ+e0JX4M9nwQNHBdymWqbcPK6S3Zpoemc0+kst39HqeTv5UQUGR80nNU6an48p6z3KcI1bCVd8vfq7+ULNcu3ztY93qja1b+CaOFuk2g3aXzsDu2J6D91L6DjyIfRgy6DmUO9wyujTG93T/84oXb1/JTqXOjM1JzGctzi8bf7jyifZL0ur7db8f81sRu+cHDZACNiAGlIIu8AaiguQgNygdyfgHoI9Idq8Ge8JZcD38HIVCcnYXVAbqBuo1mho5VYLRZeh/kPxbFuODKUf8ToO1wGZjH+AocZa4QtwEXghPxvdQMFOEUPRRClCmUc5RmVG1ESQIFdRM1EeJWGIaDaBJpUXRZtER6U7R89PXMegwjDGGMmGZKpl1mWdYMlklWcfZUtll2Kc4ijhNuNBcPdyHeYx4CbzjfJX8UQJGgtyC60Ljws0i50RPiRWI50nk7SmULJW6JN0o80D2ldyaApOimhJJOU+lQ/WjupCGh2aZ1gsdbl0fvTr9DUNDo1zjAVOMmbK5t0Wm5aW9d6wmrFds0XbM9uIOOo4uTlHO+S7XXYfcPu1ndtf08PMs8Or0/uAj4Ovsl+/fF7AVpBAcGHI2dCQcjpCL9CTnRd2OXoiliVOO90zITWxJmj/ActD00IGUhtSlwwLp+zNKM59lsWS75JzNfXNMMi8+v6+AtTC8aPCkTHFZCfF0dhmh/ORZkYr75wOrCBcaLrleRtfU13pco71+tz6+QfrmQmN1c2CrZNvn9rbOtG6LHpa7s73195P7zQbYBoeHHB7NjiQ+5n4yNJ77zG5CeBJ6OfO6b7p2Nn+OPG+3yLFUsSzy/sZHrZWhzx5fPq6mrNGsn/7BvVGxxf4zf9f/LEAXRIAK8AhsI773g05DvdAXmB+2hdPhZngZxYdyRvZ7PxqF1kInopvRqxhFTCymA4vBWmHLsEs4ddxx3ALeAH+BAk8RQTFJaUHZTaWMeFqPMEjtQr1EPEjDRFNPa0X7ia6YXot+keEMox0TNdND5mwWC1Z61gm2i+xkDl1OBs53XH3cF3gyeYP57Pl1BeQERYR4hDlE2EV5xSTEVSXM93hJJkuVSnfIvJEjymsokBWvK31UUVRNVRvVENVM13qrY6HbrC9hcMGIz7jKVMys0cLA8plVhA3Btt7eDdmvHS6xbgr71t27PY95u/so+RH8nweWBpuGLIYlhG9GRpPnoq1jbsbRxZMTniSpJZ8/SHUoPmU+zfnwYIZeZluWQnZTrubR/jyX/HcFB4voTlQWS59qPa1V2lWucaapAnPO4vzJytcXxC/GXeq9zFTjd6XtKvGaz/X2eqYbEQ0Dt0SRzOd9i01r823u9syOD11O3Xd6JO6evLfdF3T/Sb/Ow9pB5n+ihh4Oc4wEjF59vDQmMO70NO3Z5ecPJ+ZebL6kfcXzWmJKcVptRmtW543OnNZbtXnlBdlF8SX+d8R3i8ut7+M+KH5Y/nhxxeUT5af2z35faL+0fN23ClYrv+l9m1k7tM653vrd4fvKj6MbIhs9m+6b61tFP6V/9m/77Pg/yk9ebvf6gAh6AGBebW9/EUaSikIAtgq2tzcqt7e3qpBkYxKA7pBf31127xpaAMqr/tv3j/8DmKPCLvOZAzAAAAAJcEhZcwAACxMAAAsWAX3taF0AACAASURBVHic7N15dBzXfej5b1X1hq3R2ImNK0is3DeJlkQtFCWakilbm23Zie3YGr8k9jiTycl5fn6e5Ck5yfhl4hMnkeVRJrZjP8exJIcyJUriJooSSXGnuIIkCIAAiH0HGr1W1fxR7BbABaTQRWL7fc4pAmhU374NNPuHe+t3f1cxTdNECCGEENeljvWOpmlydYzVdT1+m67rifVMCCGEmAAcY71je3s7qqqSk5ODaZp0d3cTjUbJzMykv7+fYDCI0+kkJycHRVHs7LMQQghxx4x5RLl3714OHToEwOXLl9m+fTvt7e1EIhG2b99OR0cHu3btoq+vz7bOCiGEEHfamEeUHo+HSCQCwBtvvIFpmkSjUaqrq6mpqeHzn/88+/bt48KFC6xcuTJ+P8MwRkzLquqYYzUAiqJcMwU8ldsTiZvov+Pp1p5I3ET/HU/E9gzDiH+uadqosWjMgVLTNKLRKKZpcvbsWb75zW9y+PBh6uvrSUlJAaxgOjQ0FL+PrutUV1fj9/vj07EulyuhqdloNIrDMeancQ1d19E0zbb27O6fYRgoimLbdLbd7cWuXSf6B9Dw9gzDsPV3MtF/x9OtfxP9NR17Q7XzNW3n/xGw/3cyHV6DoVAIsH4fmqaxcOFCXC7Xdc8dc8+HjwwLCgrIzs6mpKSEpqameIA0TZP8/Pz4ffr7+/nnf/5n5syZE3+SLpdrzE/YMAxOnDjBokWLbHnRGYZBdXU1c+bMISkpKeH2AE6cOEFJSQnJycm2tHfx4kXS09PJzs62pb1Lly7hcrlG/J4S0d7eTiAQYNasWba019fXR2trK6Wlpba019/fT3NzM2VlZba0F4lEOHXqFEuXLrWlvdiszIIFC274n/aTOn78OOXl5bjdblvaq66upqCgAK/Xa0t7Fy9exOv1kpOTY0t7dXV1eDyeCfua7urqoqenh5KSElva8/v91NXVUVVVZUt7oVCI8+fPU1lZadv76qlTp6ioqLAtWJ48eZL58+fj8XjGdH9d1wmHw4AVKE+ePMlf/dVfUVRUdN3zx9Rr0zRxOp3xv7QeeeQRGhsbURSFZ555hvr6epqamigqKqK4uDh+v/7+fgKBAN/5znfiwTGR4bNhGPzwhz/k61//ui2/AMMw+OlPf8pnP/tZMjMzE24P4Ec/+hHPPvsseXl5trT3n//5n8yfP9+2/xRbt24lIyODu+++25b2Dh8+TEdHBxs2bLClvdraWvbv389zzz1nS3uNjY3s3r2bL3/5y7a0FwwG+cd//Eeef/5529r7+c9/zpe//GXb/rj64Q9/yFe/+lVSU1Ntae8Xv/gFa9euZebMmba099prr7FgwQIWLlxoS3tbtmwhJyeHu+66y5b2jh49SktLCxs3brSlverqak6ePMnTTz9tS3ttbW1s3rzZttdgf38/v/zlL3n++edtCZTRaJQXX3yRr33ta2MObFf78Y9/zBe+8AV8Pt+Y2xg+4/Dd736XgYGBG5475kC5aNGi+DzxkiVL6OjowOFwkJGRwaxZs+jo6GDt2rUjfjCKouBwOFBV1ZZfgKIoaJoWP+wQm6ueqO3Ffn52tRdry87n63A4bGtv+O/YDqqq2to/u9uLPdeJ/JqZ6P9H7H5PUBRlQv+fux3t2fmaiU1t2tlHu1/TDodj1Kn6MQVKVVXJzc0dcdvwaROHw2HbtMfNZGVl2br8xOfz2To3n5GRYevcfGpqqm1TaLH27PorDyApKcm2kRBYU/Pp6em2tedwOGybMgTr/4Jdsw+x9jIyMmx9TWdkZNh6Pczr9eJ0Om1rLy0tzbZpZrBe03ZdOgHrNW3XaBzA7Xbb2l5sgGIXVVVt/T+nKIrtr0G736dvRvuLv/iLv7hTD9bX18eePXt47LHHbPuhZWdn4/V6bXljif1C7fwlZGdnk5mZaVt7aWlpZGZm2vbGkpqaSnZ2tm3B0uPxkJWVZVuwdLlcZGVl2fbG4nQ6bW1PURRyc3Nte2NRFIXMzEzS09Nt/T/i8/lsa8/n89n6B6DX6yUrK8vW13RWVtaEfk1nZ2fHkx4T5XA4yMrKsu0PwNj6eLveV4F4e3a9Bu1+n961axeLFi26Ye6HfUOdcaAoyohroHa0Z/dIuLCw0Nb27Ep4iLErKSjGztEaWH/N2zk68Hg8zJgxw7b2NE2z9TWoqioFBQW2tQfcMEFhrOz8+YH9r2m727P7NZ2SkhIPkoFAgHA4PCIL9lYezzAM+vr68Pl8uFyuEe8zpmni9/vjOSSx5EqXy0VycjKRSIRAIEBaWhpDQ0PxjNSUlBRCoRDBYJC0tDRM07xuoBwaGoovDfR4PDed4VJV1fb3Qbvbu5lJHSiFEGIyu3jxIn6/n8bGRvLz89F1nU996lOoqhoPUsFgELCCUix4hUIh3nnnHT772c+OCFSmaVJfX09nZycul4uuri5mz55NdXU1WVlZrF69mvb2di5dusTChQs5fPgwXq+XSCTCihUrOHbsGE6nE7/fz7Jly66ZeWlra6OhoQGXy0VfXx+5ubmUlZXdMKhezTAM/H4/aWlpif3gDANsnMq9mTv3SEIIIUaIRCLk5+fz4Ycf4nK58Hg8BINBenp66OjoIBQK8dFHH3Hu3DmCwSBdXV10d3fjdDo5cuRIfC1gjN/v5xe/+AWmaVJaWoqu64RCIQKBAPv378cwDHp7e3E6nXR2drJjxw5yc3MJhUIMDg7y29/+dsRod7hoNMqvf/1rurq6KC0tJTk5Ob50pru7m66uLiKRCC0tLYRCofjH1tZWOjs76e7upq+vj507d17T70+kpwfqLsKV5R13gowohRBinCxZsgRFUXC5XKSlpVFWVsaxY8eIRqP09fWRmZnJ+++/T3l5OV6vl+bmZlpbW9m4ceN1L0nU19fT2NjIqlWrALj//vvRdZ28vDy+//3v09LSwsDAQHxdcigUYvfu3dx33314PB5mzpzJW2+9xdq1a6+ZAu7r6+ODDz6IL/NYtmwZfr+fI0eO4PV6qa+vp7S0lN27d/PUU0+xdetW1q9fz+bNm1m0aBFtbW2UlZWxa9cuHnzwwWunbINBa6Q4msFB2P8BXL4Md90NJfPBcZPEMqfTOhIgI0ohhBgnsenK4bsxvfXWW2RnZ1NQUMDOnTvJy8tj9uzZRKNRUlJSOH36NIODg9dNjIldb4wtpnc4HLhcLjIzM6msrOSVV16JJy26XC7+5E/+hLa2Nn72s58RDod57rnnyMvL4+WXX6a9vX1E25FIBE3T4tcnY8v8tm3bRnl5OdFolCNHjtDe3o6mabS2tmKaJpcuXWLBggWcP38ep9NJcXHxtddhDQPq6+BcNVy4wXGuGt54HWprYe5c2PxbOHgALpwf/T7d3Qn/niRQCiHEONJ1HV3X4wHI5/PR2dkZX2YXu2Z46dIlOjo6cLvd+P3+eH3t4ebMmUNaWhpnz56NT9PGplAfe+wxjhw5Ek8Wu3jxIsFgkK9+9asMDAzQ0NBAbW0tGzZsYN68eTQ2No5oOysri6qqKk6cOBFv2+/3k5KSQldXVzwb2uPx0NHRgaqqGIZBSkoKDocDp9OJoigYhnH9qVdDt46ocf0jNtp0u6C/H9JSIRIZ/T56FMybjFJvgUy9CiHEOAoGg5SUlMRHl5/5zGc4d+4cTqeTdevW0draSnd3N16vl87OTioqKhgYGGD+/Pnx64NgjUqTk5P5xje+walTp/D7/Xi9XubOnQtYmaLPP/98PNM9OTk5XhLziSeeoKCggAMHDmCaJlVVVZSXl9PT0xMf7Xo8Hr7+9a+zb98+zpw5E29748aN1NbW4vV6KSsrIykpidraWiorKzEMg9LSUsLhMDNnziQjI4Pi4uJ4IlCcqkLFLVQbW7gIdr8L/b2wcRNUVNr7y7gBxbyD2wA0NDTwwgsv8NJLL93RxaJCCDFRDZ92jU2nXl2IPVYEPPYxVvi9s7OTCxcuxO8za9YsiouL47W4b7YrhmEYGIYRXxMb+1rTNAKBACdOnIjflpeXx/z58+Mj2eGVcXRdH5Gpe3U/Y1mxsc8TKgofClojypzcm597i773ve/xpS996YY1oCf/iDISSfhCrRBCjJfr7XRydRCJBaTYx9j3MzMzWbZsWfy8WMC71TKhV583/GuPx8OSJUuu6YOiKNdUZrp64HN1P4c/v4R3dnF7IMe+amK3YnIHyt4eaL4MMwrAxjJiQggxGdhZP/VqqqraWt5yMpu8yTzBIBw+BAc/hMMHIBi4+X2EEEKIT2hyBkrThAP7YXAA1twDg354f491uxBCCGGjyRsoU1LA4YADH0JnB6R5JVAKIYSw3eQMlKoKK1ZB0Uy4VGetr7nr7jta+08IIcT0MLmTeZYshcIiePtNGBoCG/dBFEIIIWCyjiiHy8mxsl4vnB/vngghhJiCJn+gBKiogPPn5BqlEEII202NQDkj36rW0NU53j0RQggxxUyNQKlpUFoOZ8+Od0+EEEJMMVMjUAIsKIWG+ju6macQQoipb+oEyvR0cLmg8dJ490QIIcQUMuZAGQgERuwpZhgGfr8fgHA4zODg4PX3HLudFi+FEyckqUcIIYRtxhwo33vvPQ4ePBj/ur29nV//+teEw2E+/PBDTp8+zfvvvx/fjPSOmD0H/AMwMHDnHlMIIcSUNuZAGYlE6OjoAKwR5NmzZ2lubqalpYX33nuPZcuWcfr0aWpqamzr7E25XFa1nvPn7txjCiHEBBeJRNB13Za2DMMgEokQjUaxdTtj8zYdNhhzZR6Xy4VhGJimyYULF8jLy8Pn83H58mVcLhdOp5O0tDRaW1spLy+P30/Xdfx+f3xrmKSkpLFv4Hk9FVWwczssWy4l7YQQ0144HObEiRP4fD7mzp2b0PttMBikpaWFoaEhALKzs8nLy/tEbcQ2dR7Rx2iEls52TMXmy2aGSbLbQ25mzoibTdMkEAjEA304HB51j8wxB8rYjtWBQIDDhw+TmprKyZMnKSgowOl0ous6hmHg9Xrj99E0jY6ODrZu3Rrf/fqhhx4iOzt7rN24Vk4OaAq0tkBBoX3tCiHEJORwONi8eTP33Xcf8+bNi98eG2U6HA5M00TXdVRVxTTN+Hv48A2aTdNk69atBINB1q9fz/79+2lqamLdunVEo1EAnE4noVAIt9s94qOiKKiqimEYnDt3jqqqqhHB8mR9Nc/89M8ZLEq1bRQIoOgRHu4v5hf/7Ucjbh8YGGDXrl2Ew2FUVeXChQuj/gEx5kAZDAbjP4iHHnqInp4eTp48yYoVKxgcHKS5uRmXyzXiF2MYBj6fj3vuuSf+C0lLSxtrF65PUaCkFM6clUAphJj2VFUlKSmJ5OTk+KhpcHCQ6upqwuEwKSkpOBwOLl++TGZmJn19fSxatIi2tjaqqqri7fT29vLKK6/w4osvkpGRwSOPPEJ/fz91dXX09fXR399PRUUFH3zwAffffz+7d+/mU5/6FHv27ImPOjMyMviXf/kXXnjhBXw+X7ztnu5uapdr8Ng80A37nrwZoen/6bKC77ABY1JSEqtXr8YwrMd6//33R52aHtMY3DAMysvLWbhwIYqiUFRURFVVFV/5yleYNWsWmzZtwu/3s2HDhhE/DNM0SUpKoqioiIKCAgoLC3G73WPpwugWlEJzo6ypFEKIK2LTjKZpcuDAAZqamqiqquLXv/41DoeDM2fOYBgGBw8epL29nczMzBH37+3tBcDj8QDW5beUlBReeeUVKioquHTpEvv27eP06dNomsbZs2cZGhri/fffp7CwkA8++ACHw8Hs2bNHxAUARVXB1AAFTBsPQ0HTrg1zTqeT/Px8CgsLKSwsJD09fdSf3ZgCpaqqlJaWUlFRER+uKorC7NmzAfD5fJSVlZGTk3PNfWND/NsqNRWysqH2wu19HCGEmARM08QwDILBIN3d3TQ1NaHrOm63m9TUVPLy8sjIyODcuXMoikJNTQ25ubkj2sjLy8Pr9VJXVxdfHjg4OEh/fz8AxcXFBINBXC4XwWAQsIJpZmYmOTk5OJ3OeF7L9WPAlSGfoth33OI0bmxkeSOTe5ut0ZRXwkfHobTC+oEJIcQ0FAqFcDgcNDU14XQ6qa2tZcWKFXz00UecOnWKNWvW4PP5WLlyJf39/SxfvpyBgQE0TRuxFt7lcvHtb3+bPXv20NLSQlpaGvPmzWPdunUcOHAA0zRZt24d27dvZ9++fWRlZdHf309SUhI9PT2oqkpqaiqGYdDZ2XmdJCAdIgaYNk69GgamDe1N3UBZXAR791hrKoclFAkhxHTidDr54z/+4/horqqqCq/XS0lJCZFIhJSUFADKy8vj1zBN08Tv93P27Fl0XUfXdfLz86msrGT27Nnx/JSUlBQeeughBgYGcLlcuN1unnrqKYaGhkhKSgLgW9/6Fk6nk29+85skJyfzh3/4h7hcrhF9dDgdpHdHMc73oNh4jdI0oiRFnTc/8SambqB0uqwCBNVnYNVd490bIYQYF7GR3NXcbveIHJHhyyMURcHlcsUvp5mmGb82mZKSEg+uMcOTMl0u14hAGHuM2G3X68vCeeX898YnGawLoqr2zQDq0ShLHykbkcgzFlM3UAKUV8CObbB8pbXDiBBCiFvicrmum2dyO2Sm+vjTx/7gjjzWWEztFflZWWCY0Hx5vHsihBBikpragVJRYeFCOHF8vHsihBBikpraU68AJfPh2FEIDEFS8nj3RgghEmIYBoFAAKfTGb/uF4lECAaDpKSkXLfCTDAYxOFwYBgGmqZdU0LuVpmmSSgUIhqNoqoqTqdzRPWesYq1eztomorT6br5iaOY+oEyKRlmzICLF6Fq4Xj3RgghEhKJRHj11VcpLCxk3bp1ABw7doz9+/fz9a9/neTkZEzTjAdMwzDYtWsXpaWlBAIBcnJyyMnJiZeUi50XK0igKMqI24draWnh5MmT+Hw+WltbKS4uZtmyZRiGgaIoI+4b+2iaZrw/sSA/vEoQgH+wh337dl9Z/mhfDTvdMPGmZXH3mgcSamfqB0qAyoWw932orJI1lUKISc3tdhMIBPjZz37G6tWrSU5OZtu2bbS1tZGcnEx/fz+9vb3k5uaiaRq9vb1cuHCB3NxcCgsLcblctLW1kZ6eTnd3N5mZmYTDYaLRKKFQCK/XS29vL/n5+TgcH4eISCTCSy+9xPr161m9ejVnzpyhr6+PYDBIV1cXbrcbr9dLW1sbOTk5dHR0kJeXR1dXVzyLNhwO8/bbb/Pss8/Gl48A1Fw8x+lTf8+au+fau4xSD7Pld0igvCX5BRCJQFcnZN+ZLC4hhLhdysvLaWpq4sMPP6S8vJyZM2cSiUTo7e3l0KFDtLa2kp+fT3JyMhkZGfGC53v27GHBggWcPn2aFStW8MEHH7BixQoOHDhAUVERdXV1VFRUcP78eR544AFKS0vjj9ne3k51dTXf/e53AaioqCAUCrFjxw7mzJnDoUOHWLp0Kdu2beMrX/kKr776Kp/5zGf46U9/yr333ktDQwOrVq3i1KlTPPPMMyOeTyQSoaykgFWrSuwtOGDq7N3fjGkmNkaa2sk8MaoKc0ug+ux490QIIRJmmiZPP/00r7/+OjU1NSxYsACAmpoa2traWL58OTk5OWzfvp05c+aQn58fv54Z215K13VM0yQajaIoCnPnziU7O5vMzExmz55Nc3PziMdUVTVerSc2nRoMBvnggw8oKysjIyODY8eOEYlE0DQtXs5O13VWrVpFV1cXmqZRWFhIcvLIfBFFUdANAzBBt+/Qo7otm5FMj0AJUF4OdXVwu+vMCiHEbWQYBr29vcydOxePx4Ou6yQlJREKhUhOTqa9vZ2UlBSysrJQVZW6ujqGhoYIhULx64Qej4euri6CweCI7bVi348F0FhANE2TvLw8Fi9ezL59++jt7aWzs5OhoSHS09NpbW3F7XZTXFyMqqq0t7cTDofje09Go9H4NctgMBivBXtdio0H9uzaNT2mXgF8GVax9IZ6mDPvpqcLIcREFA6Hcblc+P1+vv3tb5OTk8OFCxdYsmQJs2fPpry8nL1797JhwwZ+//d/n0OHDlFQUEBaWhozZszA6/Uye/Zsjh07RlVVFT6fj1mzZuFyucjLy8PtdpOdnY1pmvT29sYDpcfj4dvf/jbvvvsuhw8fJisri8rKSr74xS9SV1dHfn4+FRUVeL1eamtruf/++zFNk1WrVhEKhaiqqiI3N5eKigp6e3uZMWPGx0/KNIlGDfz+sK37UZpGBNNIvEHFjKU63QENDQ288MILvPTSS2NOT07ImdNQVwsbH7/zjy2EEJPI0NAQhw8fxjAMDMOgoKCAsrKy2/JYFy+e4e2tf0nBjBRM08YSdkaYltZCvv2dvx31vO9973t86UtfuuHzmz4jSoB58+DQAfD74apahUIIIT6WnJzMfffdd0cea+7cMjZ99m8IhcIjlo0kyjRNsrKyEm5negVKtweKiuHCeViydLx7I4QQAlAUlaKiuePdjRuaPsk8MeWVcL4abrJRpxBCCAHTMVDOyLPWVHZ0jHdPhBDithq+DCT2eSyr9XrpKbHv3azNaDQab3c6mF5TrwCqBqWlcOIYPPzoePdGCCFum0AgQH19PXl5eaSmplJXV0dmZiYulwvDMMjMzBxxfnNzM2lpaaSnp1+3vVhRg/7+fjRNw+fz4fP5PlGfrlceT49GGeztRbEz5RXABNXlIvUGz+dWTb9ACbCgHDa/CuEQuNw3P18IISYhXdf58Y9/zLe+9S3S0tJ4+eWXee6558jKyiIajZKZmUkkEsEwDBwOBzt37qSiooJFixbhcrmuSaw5ePAgNTU13HfffRw9ehSPx8OGDRuIRCIoioLD4YgvX4l9jEQiAPFasE1NTcycOXNEsGy5cIFf/bf/SpZV7NW25x81ohjlC/kvf/3XCbUzPQOl1wtZOdBwCUoWjHdvhBDitkhNTcW4ko+h6zqRSITU1FSAeGWd6upquru7KSkpwePxUF9fT19fH6tWrcLr9cbbGhoa4uWXX+Yv//IvmTVrFnl5eXR0dNDa2kpbWxu6rjNv3jwOHTrEypUrOXr0KEuWLOHEiROkpqaiqippaWm8+OKLfP/73ycjIyPedmtLC6V732PjjFzszB4xI2H+ZziCSbz+wJhMv2uUMRWVcOIETJM5diHE9BSNRjl9+jSnTp2iq6sLp9PJuXPnOHr0KGfOnOHixYu0tLRw4cIFVFUlOTmZpqYmTpw4MaKdvr4+/H5/fLlFcnIyBQUFvPrqqxQXF3Pq1Cn27dvH3r17MU2TAwcO0NPTw2uvvYbT6WTr1q3ouk5GRsY1U7uKquJyu3EkeXDZeLjdbtw2zBqOOVBGIhGi0Shg/aXi9/sJBALxr2PV6CesoiIY8sNA33j3RAghbhun08miRYtYvHgxOTk5mKaJz+fDMAyys7Pp6upizpw5LFq0CMMwKCoqori4mIGBgRHteL1ekpOTaW1tJRwOE4lEGBwcpLm5mdTUVObNm0dzczMOhyP+3p+UlERWVhYzZ86M70Rix/6Vd9qYAqVpmpw8eZLz588DcPnyZd544w3efPNNIpEIFy9e5OTJk5w7dw59otZWdbqsNZXnLox3T4QQ4rbo7+9HUZR43VaHw0Fvby9DQ0PxYNbT00NLS0u8Hmxs0BObqo1EIoTDYTweD1/72tfYsWMHp06dorq6mlAoxIoVKzh27Bh+v5/777+fGTNmcPToURwOB4ODgyiKwsDAAIZhxIukd3V1XdtZ08Sw+zBMWyYNx3yNsqamBofDQUVFBX19faxcuZKf/OQnzJkzh3fffZdvfOMb/PznP8fr9VJcXJx4T2+HyirYvg2WL7d2GBFCiCnE5XLxZ3/2Z/h8PhRF4Tvf+Q4pKSmYpkllZSXHjh1j+fLluFwu6urq2LBhA06nk2g0SjAY5Pz58/Egm5GRwdq1ayktLWVoaIiUlBTy8vLYtGkTbW1tlJWV4fP5yM3Npbu7m5UrV+JwOPj617+O1+vl937v98jJyeGrX/0qHo9nRD9VVaVfVWmJ6rZeDTN0g4gNyUFjCpSKopCRkcHQ0BAAlZWVGIbBihUr6O7uRtd10tPTSUpKora2dkSgNE2TcPjjMkUul+u6O2nfETm54NCgpRkKi8anD0IIcZskJSUxc+bM+NdFRSPf59LT07l8+TL5+fmUl5ePWOoRDocJh8PxZCC327rWN6KYOeBwOCgsLIx/7fV6RyQBxT5PS0sDGHFuzOySEi488xzvB4ZQFPvigR4Js2LVXdck8pimSSgUGvH1aKXzxjyiHL7Y1DRN6urqKCsrw+FwcOzYMUzTRNO0+B5oYP3V0NXVxZ49e9A0DV3XWb169Sdeh2Or0jI4e1oCpRBi2lm9enV8P8qrN6pwuVzMnXtnysplFBTwzP/8OwwSy069nuu1NzQ0xKFDh4hEIvGtyG5LoIzNWwNcunSJCxcuUFpaSjQaJTk5mb6+PgzDYNasWSMf0OHA6/WO2P9sXM2bDx8dh3AYhgV1IYSYDmJJNhPBnYoGqqqSmpoa/yPB7XaPWmVozD+hWAYUWNcr6+rqaGho4NOf/jQbN26kurqaNWvWUFBQEL+PYRhkZGRw9913j/Vh7ZeaClnZcPGCVQdWCCHElJaUlMSKFSviX2/duvX2BMq1a9fGP1+/fj3r168f8f05c+Zc936xeoPjsh/ljVRUwrFjUFZha1UIIYS4E2LVdWKXvIYvwQiFQvHri7FzNU0bdTYvGAzidDqv+z492mMlIpY0ZDdVVW8ab262OmPijLnHU/FMeP896O+D9HG8XiqEEJ/Q4OAgZ86cwTAMAoEAWVlZLFq0CLBm8T766CNWrFhBJBLB6XRy/vx5cnNz42sqr742ZxgGe/bsobS09JpLZzd6rJslw8TEkmjcbveI84f8Ac6cPoOCgp1XKQ1TJy01lbLKxDaclkAJ4HDAxOURlQAAIABJREFUvBKoPgurJ9C0sBBCjMI0TX7zm9+QkpLCpk2bqKmp4dKlS8ybN49oNIqqqvh8PkKhEO+++y6rVq0iLS0tvgTE7/ejaRoej4ehoSFM08Tr9dLY2Eh6evqIQDn8sZ544on4Jbfy8vJ4O8nJyfT29pKenk5fXx/p6ekEAgEMw4gnDO3evZsHH3yQpKSkeNs11TX8rx9uoWLuEkwbi9hFIwY1A4f5+x//bULtSKCMKauA7e/A0mVSKF0IMSkEAgF+97vf8a//+q94PB6qqqqYN28er7zyCoZhUFpayqlTp3j00Ud58803KS8v58iRIyxcuJCmpiYURaGmpoaFCxfGa7zed9998XqwwwWDQbZs2cLLL7+M2+2msrKSuXPncuTIEVwuFxcvXmTJkiVs27aNp59+ms2bN/PII4/w6quvUlFRQXNzM2vXrmXz5s2sWbNmRKAMhAJUzlvCw5/aiKHbN/0ajRq07TkPCVZ7lVX2MVmZEA3D+3usKVghhJjgdF1HVdUR19g8Hg/BYJA5c+awbNkyamtrcTgczJw5k4KCAnp7e2lpaWHfvn3MmzePu+66C4/Hg9frpbm5mba2NjRNu+Z6YSxDdPjtqqqybds2SktLycrKYs+ePfT09ADWNK2qqnR2dlJZWUlTUxOqqlJcXDyiIDpYa/N1XScaNYhEI7Yd0WjElp+zBMqYUBiCYfjNv8OO7dDbM949EkKIUaWkpLBixQoOHjzI0NAQg4OD9Pf34/F4SEpKwuVy4XA44pstB4NBHA4HqqrS0dFBTU0NmqbR3NxMTU0NLpeLYDBINBqNFxoY/lgrV66MP5bf76e/vx+Hw0FPTw/JycnxvS57enoIBoOAFbhjiUGxfgxf7D+cAlZCpU2HXVc7JVDGHDkEHjeUlUNDPbz6CgwOQjAI0ajsMiKEmHBUVeWP/uiPGBwcZM+ePZw+fRpd1/F6vfGEmzlz5qCqKqWlpdTW1pKVlUVaWhqPP/44O3bsoKmpiezsbEKhEDNnzoyXp9M0LR4Q/X4/4XB4xGOdPHkSp9PJM888w9mzZwFYt24d9957LydOnKCiooJAIMDs2bMZGhqisLCQlJQU5s+fz+XLl0c8D5Mrm2lEQkQjEduOSDRiSyatYt6OfNwbaGho4IUXXuCll16aWMtDAGovwuGDkF8Au7ZDejoUFkN2DuTNgIxM8KaB5gCn06oNK0tJhBAThGEYthZwCQQCHDlyhFAohGma5OTksHjx4tvyWGdOnuG1n+xgdkEJpmlfMo8eMWgInuL/+tvvjnre9773Pb70pS9RVnb97FhJ5omZOw90HfZ+AE9/wRpZDg3B5SZovgw15yEYgpwca9eRjAxITgFNs7JmJ1rgF0JMK3ZXOfN4PKxevfq67dv9WPPLFrDpDwyCwdAtLTO5VYZh8FD+soTbkUA53PwFMHMWxBbnpqZatWBLyyAagYEBaGyE6jMQiVrnZWXBjAJrBOpxWyNOh8MacRq6dR+XG4ZleAkhxESnKMod2zvS6XSwaGnVHXmssZBAeTX3DZaGOJzW9GtGJixabNWG7emG5mY4edy6lpnmhcwsmJEPvnRobYU970FxEdz3gARLIYSYhCRQjpXLZV27zJthrb0MBqG9DVpb4PhRqK+DS3XwwDqIGrBzO6xbD1ftwyaEEGJik0BpF4/HmradeaWSxdEjEByCjjYre9brleQfIYSYhCRQ3i7LlluB8Vw1NDbA3JLx7pEQQogxkHWUt9PSZbDmU/B//LmV3LPvAwhff6GtEEKIiUkC5e02c5aVPfvIBqs03sEDEAmPd6+EEELcIgmUd4qqwqcfg5YWOHbcqvYjhBBiwpNAeSc5XfD4Jqg9D2dOSbAUQohJQALlnebxwGNPwEfHrUSfm+ysLYQQYnxJoBwPqanw+BNWIfaLNWDYV9tQCCGEvSRQjhefDzZshP17reUjEiyFEGJCkkA5nnJyrWo9u3dZFX1kKy8hhJhwJFCOt8IiuPd+2L4NOjslWAohxAQz5kBpGEZ8B2zTNIlEIuhXElNM0yQcDl+zQ7a4gblz4a67Ydtb0NM13r0RQggxzJgDZVNTE01NTQB0d3dz9uxZ6uvriUajtLW1UV1dzeXLl23ZXXpaKC2DhYvhrbegr2e8eyOEEOKKMQVKwzDYvXs3x44dwzAMXnvtNXw+H0ePHuXMmTNs2bKFzMxM3n77bbq6ZIR0yxYthrIy2L7DKqQuhBBi3I0pUKqqSn5+Ppqm0dfXR21tLTNnzsTn8/Hv//7v9PX1UVRUhK7rnDt37pr7G4ZBJBIhEonIiPNqy1dCQb61LdfQ0Hj3RgghpqRoNDoiDimj7O405t1DDMNAURSi0SiaplmNORwEg0EcDqtZl8s14jqloij09/dz6tQpNE3DNE1KSkpISUkZazempjX3wLs7rWzYB9fJHpZCCGGjYDBITU1NPD61tbWNen5CyTyRSIT09HTS09MJBAIMDQ3x0EMPoSgKwWAQXdcpLi6O30dRFMLhcPz6ZkNDA8FgcKxdmNrufxA0DfbugZD8jIQQwi6RSITm5mYaGxtpamqiv7/f/hGlaZrxKVOXy8WGDRs4cuQIqamprF69mry8PI4ePUp5eTlFRUXx+xmGQU5ODo8//vhYHnZ6URRrjeXWN2DvB3DPfeByjXevhBBi0ktLS2P9+vXxrz/88MNRV2mMKVAqisLDDz8c/3rhwoWEQiGcTieqqrJy5UpCoRBut/ua+5qmia7r8elaMQpNg0c3wJbfwfGj1mbQKNZOJKosgRVCCDvcbCnjmK9ROp3OEV9fHRSvFyTFGDhdsPFx2PwaaA4rQGZkWPtcSrAUQojbbsyBUtxBbjc89hn4u78B1QkzZ1rXMGfOsqZohRBC3DYyJJks2togKw/y8yElxariEwyMd6+EEGLKk0A5WWRlQ24uzCuBs2dgcAiCQakNK4QQt5kEyskiPR02fBq6uuCRDbByJbzzNrQ0QzQ63r0TQogpS65RTiZpXvjcUx8n8Zyrtir4LF8Jc+dJYQIhhLgNJFBONsMzXUvLrOnYnduhrQVW3mVdv5QEHyGEsI1MvU52GZmw6XOAAm9vtQKmTMUKIYRtJFBOBU4nPPAQVFZZG0CfPWMl+gghhEiYTL1OJeUVMCMfdm6DjnZYJVOxQgiRKBlRTjUZGVbCj2nAtq3Q2ipTsUIIkQAJlFORqsFD66GsCna8Y2XHylSsEEKMiUy9TmUVFTAjD3btgPY2WLlapmKFEOITkhHlVJeZZWXFmia8s9UqhSdTsUIIccskUE4HTic8uO5KVuxWOH8OQiHre6YpZfCEEGIUMvU6nZRVQHYO7NgGPT2weAn091n7XubkyrZdQghxHRIop5vsHHjqWXh3J/zy59b1yuQUuPc+KJ5pBU0hhBBxMoSYjhwOqKqCjjZrFKkCP30Zai9CXx/4/RAIQDhkXc80DJmeFUJMWzKinK4cTmsqtngmnD5hXcf86Jh17VJzWOsxfT5I91nF2L1p4PaAqoCiWiPR2DFcNGIFVafLnn4ahnU4bHypmqZk/gohbpkEyukqJxcefhS2bIbkNPjT34ekJCso9fdDdxd0dkJjg7VB9NAQ6Dp40yE7G7KyIDXNmrZNTgIUMHR46y0YHIBNn4XU1JGP+UmDk2HAqZPQ1ADr1oPLnfjzDgSgp9uqYCTXZIUQt0AC5XTm88FzXwaUj4OGqlq3+3zW1l0xkTAEQ1aQ6eqES/UwFLBuD4XB6YCGemuD6exc+Nn/B595ApKSQYEr/1jBUo19fuWf4SPU2O0mcP6sNcrNzIH/fA0+/Ti4XB+3MzzwKtd8cq1IBN7cYvV93XpYtFhGlkKIm5JAOd2pt5i843RZR1oazJz18e2hIASC1gbSx45Cdh60tsCJ4+D1WlO610x1xqZtY58zLEheCdqhMLy3CxYuhv5eOHrYql87c7ZVni8eKK/6GHuY2Pc1zZpKVrCCbiQCd98Dx49Y08vDn4sQQlyHbYHSNE2UK2925pXED0X+Wp/63B7r8Pngf/tD2PMuuN3wp38OZeU3v79hWB9NAwwTMK2PhgGlpXDyhLWV2N33wCMbrNGnaYBuWOfquhWIjSv3N68kHsXOMfSPP15IufKxGg4ehEVLoahYpmCFEKNKOFCapklPTw8DAwNkZWWRkpJCV1cX0WiUnJwcNFluMH3Mmg3rN1h1ZWfNvrX7xIOUCle/VJavtEakjY3w5DPW54lYUGbt2dneZl1DPXPKmhouKbE3WUgIMaUk/O7Q1dXFrl27WLBgAR9++CHLly/nzJkzZGVlce7cOdauXWtHP8VkkTfD3vYWLbEOO2gaPPKoNa2bkgJdXfDOW1ay0Jp7rGQmmQURQlwl4TknXdc5deoU3d3dpKWlsXPnTgoLC6msrOTdd98lep26ojIlK8aNw2kFSbAydz//RWuq+LX/sK6zGvr49k8IMeEkHChzcnKYN28e//RP/8SMGTPo6ekhOTkZh8PB4OAguj7yjScSidDd3U1PTw89PT3XfF+IO0pV4d61sOZea3R5/CMr4UcIMWXpuk5vb288DgVvsg1hwlOvjY2NOJ1OfvCDH/DLX/6S3NxcgsEg4XCYgoICHMOu/WiaRmtrK7/61a9wOBzous6TTz5JQUFBot0QIjHzSqCg0Nphpf4iPPCQVWxBEn2EmHL6+/t55ZVXiEQiKIrCiRMnRsSqqyUcKGOjR9M0Wbp0KVVVVZw9e5ZoNMqaNWtGJPPouk5xcTF//Md/jCpvQGKiSUqCJ56E48esdZv33AtzJdFHiKkmIyOD559/Pv51S0vLdS8TxiT8DpCTk8MjjzxCX18fjz76KG63m8zMTAKBgIwUxeS05MqykW1vQ0MDfOpe8Hgk0UeIKcq8SS1rW4Z16enpzJw5E7fbKjGWkZExapC8WaeEGHfZ2Vaij9MJr/0GLl+WRB8hpimZ/xTiRlQV1j4Ad30Ktr8Fx49Loo8Q05BcfBHiZkpKoKjIyoqtq4UH10F6uiT6CDFNyP90IW6Fx2NV85k3Dza/BjXnPt6rMxyW/TqFmMJkRCnEJ7FkmbWH5ztvW6X1snKsYusPPwr5+ZLwI8QUJCNKIT6prGx49gvQ3AL/9q8wIw9++xtrWjYSvnJErBGnrlujTvNKwfebiY1QY8XihRDjTkaUQoyFolh7cK59EDo6rULrP/sXqKiy4mFKirUlWVqatcF1Sqo1fet0WofDYV3jHL69GMDFGnh3B9z7AJSVyXVQISYACZRCjIWqwqMb4c3fgdcHVYvg0U9bI8dQCAYHwT8I/QPQWQcD/dYoU9OserOaau2TqWlWoYO0NOucwwfhrnvg4H5rg+tb2apMCHFbSaAUYqx8Ptj4GWu7rhUbwOX6+Hu5ede/j65bgTQcgmDoysbXAejvh8OHIRiGixes886ekUApxAQggVKIRPh81hZdt0rTIDnZOq62dCls3QJ9fdaazXWPWEH1SiEPIcT4kAsgQkwUThd8+nEoq4C//gEkp8CWzdYU7q0kAgkhbgsJlEJMJE4XrLrLSv55cB3MngOvvWIlDMlaTSHGhQRKISayFauswLnlP611m7JsRIg7TgKlEBNdWTlseAy2vw3VZ61EHyHEHSOBUojJIL8Anv48HD0MBz60ihkIIe4ICZRCTBZeLzz1LLQ0w64dVgUfIcRtJ4FSiMnE44HPPWVV8nnjdfD7kYxYIW4vCZRCTDaKAg8/AjNnwav/IRmxQtxmEiiFmKxWrIK77rYyYpskI1aI20Uq8wgxmZWWW0XX33nLCpql5Vb1HyGEbWREKcRkV1gETz4DR49YRdUlI1YIW0mgFGIqSE+3MmKbGmHHNsmIFcJGEiiFmCo8Hvjc0+B2webfwpDfSvLRo5LsI0QCbAmUpmkSDoeJRCLxz8PhMKb85xTizlIUeGAdzJplBcvGBtjzHrS1SrAUYowSTuYxTZOamhrq6+tZuHAh4XCY6upqACorKyksLEy4k0KIT2j13VZSz//47/DgeqivhQcftq5nKop1jqKM/PxWGToo6ie7jxCTWMIjys7OTl588UXy8vLIzMzk9ddfZ/bs2RQXF7NlyxY7+iiEGIvubvj0Y4AJTU3wo7+HndvhwH746DicPwcNl6Cz09rKKxyGSMRKBopGrZqyhmGNRGOj0WgUjn8ErS32jVD1qCxtERNawiPKI0eO4PP5aG5u5r333qOlpYX09HSi0SiXL1/GNE2Uq/7yjEajRK9k5rlcrmu+L4Swweq74M03rDqx/f3w+CZr+66BAev6ZXeXtTF0OATBEETD1nXOlFRryUlyCqSkgMcNnmRrhPrhPhgcgJPHrBHqjHxQ4Mo/w0ao17ktZvjX0Si8vweys6ByIagJ/u1umlbgdzisTbXlvUVch2ma8UuFtyLhQDkwMMCyZct4+OGH2bZtG5qmYRgG4XCY7OzsEUFQ0zQaGxv5yU9+gqZp6LrOU089RUFBQaLdEEJcLd0HGx+HQwfgiSdhxozrn2cY1hGNQmAIBgbBP2B9bG2GQMiabj17Gupq4b77oaER/u5v4YGHrD00Xc5hH93gcF75/MrtbgeoGmgOa9pWuxIQP9hjleG7VAeRMFQuun6wVK755KrvKVaQbGuFLa+DQ4NNT0JOTsI/RjH19Pb28sorrxAOh1EUhQMHDvCVr3zlhucnHChXrFjB3r17aW9vZ+nSpeTm5lJfX4/D4WDx4sUjzjUMg/z8fJ577jk0TcM0TdLS0hLtghDiRtLTYd360c9RVetwOKwRZUbm9c+7e42VIFRYBENDcM+9UFoGoSCEwlagC4etUarfb32MXPk6HLYCmaqCqlgBs6UZTp+Cu++GQAD+3x9bo9SkZKz6tVePUhXrvopqjW41zQq4igMcqjUy3rUDqhZZo+D/+BV84YuQnvHxcxQC8Hq9PPvssxhXpvxra2vRR9m+LuFAOWfOHNxuNx0dHWzatInU1FTOnTuHqqosX758xLmmaeJwOMjIyECVF60Qk0tWNjzzBdj8GixcBCtXj60d07RGsIEheOdta9RpAs/9vjX9igmGCeaVka7Jx5/HDx10w7q+qV+5jtrTY7WFCZca4OIF2LYN8vKsKeL8fGtKWVEkcE5zmqaRnp4e/zo5OXnUaVhbStgVFBSMmD4tLy8f9XxZNiLEJJWWBl/+SmJtKIo1GkxNgyc+Z+2CUl4Jq8YYeIebPx/eehOyc+CLXwIUK/Go+TIcP2qNmrNzICcXCgqsrcuUK0FzeBawmFZuFpOk1qsQYvxoGmz6nH3t5c2wgq/LDcnJ1m1ZWVBZZX3e02NlALe3wplT1mh0Rj7MyLOCZ7rv49FmLGj290I4CtnZEkinKQmUQoipxZdx4+9lZFgHC63p2sEBqyhDczOcPWtdb83KhuKZkJsDkShsexvCQVi/EYqLZcp2GpJAKYSYnhQF0rxQUWUdhmElIbW2wOUm+Ogj2L0D5i+AkgXw619aJQKLiq0p3OHJRTLSnNIkUAohBFgjxbQ065i/wFpv2tttTc12d0FHO+x937qu6XJba0wzMiEz05qy9XiuLHtRPk4Yul4A1XXrcLnu+FMUYyOBUgghrictDb74Zdiy2bqW+n/+V2stan8f9A9YH7t7rKnbvl5r3WhKGqQkW8E0I9OaBk5J/Xj0aZiwfy/UXrRGp17veD9LcQskUAohxI2kp1vJRnr042uf3nTroGjkuYOD0NsDPb3Q1wdt1dDbay1l8aZbo862ZmhsgqqF8NtX4DNPWAFVpm4nNAmUQggxmlstipKaah1FxSNvDwWturutrfC7/VBSatXYfX83JLnhwUfAl25VLrrRdK0YVxIohRDidnJ7rHq7+QXWMpQd2wAFnvq8NZrcvdPKrp09G0rmWyNXTYLmRCKBUggh7pT8QqtWblsbrLrLuk3XrWShc2etIOpyW9WE5pVYa0A1x5VSfbIsZbxIoBRCiDtp1hzriNE0q9hBTq71dWcnNF6yMmyjuhU0Z822auw6HNeW34ttgybrO28bCZRCCDGRZGdbx9LlVjZtQ4NVRWj/XitoFs+GwkJI8lijzK4ua+1nRaUVSBNlmtYo1462pgj5SQghxESV7oOFPqsIfTAAtbVQXwuHD1r7bebmwaEPITMbmhqsnWJU7eP7f9L9QU3TmhY+dgTuue/WE5mmOAmUQggxGXiSrFFjRSVEInD+HPzLS1bVIFWB116F+norKSi2D6jryqE5wX1lf1CHC1yOj7cqU7SPt1nr7oK3t1pFFja/Zu1jmpQ0cqsz5QYB90YMw9pqze22Z3rYNCEYvPK8tJufbwMJlEIIMdk4nVah9y98GWrOWxm1S5ZYG2knJVmBJLYXaCgMkcGP9wwNBSEcsdqJFUJQr1QUOrDP2l0lPR1On7SmdJcut9pMSrKqDyUlgSfZCnyaBs7YptzayOCpXNlMu/YivLsT7lsLC8oSC5amCY2N8M5WWL4Cliy7I8FSAqUQQkxWq1Zbge7QQXj689ZI8JOK7Q8ajcLixbBzh5VYVFgEGx4HpwYDg9Zm3R0d4B+CoUErGKvqlVGqZo1UNc3K0nW7rIA6MACHP4QVd8GbW6C9HeaWYG0y+kkpVhnBnW/DPWvhwnkr2Wn1XWNo65ORQCmEEJPZilXWMVax/UE1DeaXgtMN7+2E3/uqdY10NKZ5ZdQaO4LWx9iI9vRJ0E3o6rR2atn7nlXBaCx7EisK1F6Aji4IhmDuPDhXDStX3faMXwmUQgghPjZ7Nsz+g1s7V1Gs6ViP5/rfX7gY3tpiBbaly2HDRmud6FgZhrXWtLnZCo6fe/qOLIuRQCmEEOL2cDjg0ceg+gyUVVjTtIlQVVj/qJWVW1oGySn29PMmJFAKIYS4fZxOa2Rpp6XL7W3vJqSUgxBCCDEKCZRCCCHEKCRQCiGEEKOwLVBGo1EATNNE13V0XberaSGEEGLc2BIoTdPk9ddfZ2hoiMuXL3Pw4EEOHDhAJBKxo3khhBBi3NgSKBsbG3njjTcIBAL89re/pbCwkI6ODvbv329H80IIIcS4SThQdnV1EQwGKSsrw+/3U1dXR35+Pvn5+Rw7duya803TxDRNotEo0WgUcywVGoQQQogExGJQ7LLhaBJeR7lr1y7y8vKoq6vjwoULqFeqJBiGQWpq6ohzVVWlq6uLt956C4fDgWEYrFmzhoyMjES7IYQQQtySgYEB9u/fj67rKIpCTU0N2ijF1RMOlGVlZfT29hKJRHC73ZSXl9PU1ERXVxcLFy4cca5pmrjdbmbMmBEPlA7ZHFQIIcQd5HA4yMvLiwfKlJSUUWc3E45SsWDo8XhYunQp5eXl1NfXU1xcTEVFxYhzTdPE6/WycuXKRB9WCCGEGJOkpCQWL/64WlBRURGGYdzwfNuGc7Hgl5WVRVZW1g3Piy0fGW2YK4QQQtwpN1vOKAUHhBBCiFFIoBRCCCFGIYFSCCGEGIUESiGEEGIUEiiFEEKIUUigFEIIIUYhgVIIIYQYhQRKIYQQYhQSKIUQQohRSKAUQgghRiGBUgghhBiFBEohhBBiFBIohRBCiFFIoBRCCCFGIYFSCCGEGIUESiGEEGIUtm3cbDfDMDBM07b2VEVBVeXvAiGEEJ/MhA2URw8foa+vF+wIlopCli+TJSuWgaIk3p4QQohpY0IGykgwyC+++30qTp1AdbgSbi+q6zTML2HB5ldJzsy0oYdCCCGmiwkZKFFMNK+BscCN5nQm3JwZiRJOC4Jq2NA5IYQQ08mEDJS6CQV3z+C555egqIl30dB1fvFvDURl1lUIIcQnNCEDJYCmKqS6HLYESl1XcKgK9qUGCSGEmC5sCZS6rmOaJg6H1ZxhWFOciWaZmoBiQ3QzbcyeFUIIMb0kHCgjkQjHjx+nq6uLe+65B6fTSUNDA4qiMHv27HjwFEIIISajhKNYc3Mzfr+fI0eO0N3dTV5eHg6Hg0AgQEtLC/fee68d/RRCCCHGRcIr8HNzc7n//vvZsGEDwWCQAwcOUF5ezoIFC9izZ8815yuKgqZpiT6sEEIIYYubXSZMeESZlJREOBymo6ODxx57jH/4h39A0zQ0TcMwDEzTRLmyyF9RFAYGBjh16lQ8WM6aNYvk5OREu3HHNdQ2cPpoNQ5H4kHfNMGT5uHeh+5GUaR6kBBC3E6hUIj6+vp4Pk1bW1s8Tl1PwoEyGo1y7tw5lixZQmpqKtnZ2fT29hIIBJg1a9aIB1cUBb/fz+nTp9E0DV3XycnJuSOBUlFM7IxBb73171QffZOMDK8txYMu1HdRUvZvFBTNT7wxIYQQNxQKhaiuriYcDqMoCu3t7aOOKhMOlLW1tfz85z/H5/NRWlrKk08+ydmzZ9E0jUcffXTEuYZhMGPGDJ599tlEH/YTUVWV5jonP3rh3/AkuRNfJmJCU1M9f/P395CU6rahhwq/+tVJAqGgDW0JIYQYjdfrZdOmTfGvT548ia7rNzw/4UBZUlLCD37wAwzDQNM0FEWhqKgIuP68r2ma6Lp+R69TGoaBEchiTeVjpKYmYxiJhUpNVXmzLcjA4GWSUlxWhYREOFT0qDnq0F8IIcTtMVqQBBsCZSwYDg+KE3GXDk1TyUjPwJvuxTQSKWWnoCgqHo8LpISBEEJMedNmkaOiKCiqgqqoGAkN3BRURUFBRn9CCDEdTJtAGQgFqW29RHJ/MoaZ2IhSVVXa+7ts65tInBHVOX3iLL2Dflsyh03DYP7cWcwonmFD7wBMqo+eprW9F1VN/I8swzCZkeujdEkFygScwRFiKpkWgVJRVNSm49Qd+wvcTtWGCVOFoWAXmnq3Db270qJiotmw1GS6am1p4Z+/9Dx5etSWa70DgwFmfm4j//uP/saG3kE0qvPTf/q/0dV2nDbsiKNHdQim8pcv/ZyklMm3vEqIyWRaBEpDUcgfvMx/CXXgsOMpG/DLvi6i5l2Jt3VFaDCVn/0nI7fVAAAgAElEQVTodTIyry3S8EnF1q5+4Q+eJCcv24beTXzBcIiH/HU8nZ9jS3tDDj//q7PWlrYAIlGDwkURvvVHq0Cx47+dzo9/fJJQNEqSDa0JIW5sWgRKBQjocL4vhNcZvXLL2JmmSVcomnhZoziDoQEn5Zn3U5iXh2GOnoF1M5rmZM+hHXywbw/LVy4n0ecLJpqikpebj8M5MV8ymqrQHojS2D1kw/Vjk86hIFHT3uvQpgnRkIHDaSSWB6ZANGpgGgo2zOIKIW5iYr7r2Uw1YaAqg+2PePEmuxLbTUQB3TCpPtBo6w9PURWyvFkU5BVhGNGE2nJoDtxJjv+/vTOPjqu68/znvtpLKklVWmxJtizZso0QBowtvAbjGBhCADsxnABpQofQ3dMzxzPpnJ7kzGSmG5qQDjQnfRI6ZIGhO4NNMgMJEFYbDMh4t2RjeZe1W2tJKlWVVMurqvfu/FFWxYYErPceHQP6HtscyeLr36v7e7/t3t/vsm3LXrp2Rsno5hyvXbFxqvMYf/43t7P8c1eb4vq4YFdstN84kzcWV4DJ9h8hBGPjcUjlWSTdxwObYkNmpOnnBZDI7N7utOOdxjQ+gM+Eo9R1SUltMX/5jaW48z2Yb+uQ/PjHO8lIaWGHSLbtRAiwYoSQrktuWnUbV1+2mJQ5v4vTAe827+a5LS/QcvCEyfYazmZEadKZNB53HmZHGwlFYWgwyKXLL+Xrf3kZ5hdFEAmFefZ5k8/5cULCYOs4/+s/fhuP227av2V0jbJZ5Xzr/u9gd7stEXEa0/i04DPhKCE7dEBNabh1zVwELrJOSDM7ZOB9pJqWpme0D92ho5vNAG12RqKj2AbayS8sJp1Jm+Jz2B10DnUxO6+OS/NWkjGd8To4cHQXvUNBNl53E6lMyhSfTbGR5zlDd98R0PXsb1OEglRKs2Q04ccCIdBSktDBY1xz6gAFTvOHg9A1XvbmM/5f/gJ/RYV5vo8B0VCY1hPtaFJg9ryWlOCwK1xaX4vbl2+NgNP41OIz4ygvbgiIDtK+7RFGfU7zbEIQnhgnrQjkvufQzWZsArpjcVbf/t+ZXV5F5iOmWHwU7DYbZ4LlZPQUs8tnkUqb3ZO1kdEkfX0209npuVBs1tUhXS6ntZOXbOCYU0Df7CLCeU4LiiQ6jmEbrsKLN5ts3rOXf/3xgwRm+lFMPq8uIDwS5a+++W1WXH+zNQJO41OLaUd5UUChQA1ze2yISqcFR/2F4NnhYeZ7PVxpy7fAeUjeTts4IwRSYm6Pl6xNl1IikdbwSWl59ielncP7engs9ASKWasMJFWNSFRHcnYf0CSllBCoK+HeTavIz3ebJ0Two0dP89gjmynw5YEwx6dpOi63i7u+fjt5PmvaV2LE+eaDtSy+ah5WPO+u7e08+qOfMu8l8yfNAdRUivv+6h4WLV5sCd80Lh5MO8qLBFKXDMRSuBQLlkQIxhIZhmSaEZGyxFGGNBfhZIzBiQiaZq70arPbGUvGiagJhiYipNLm+BSbwkg8ajpzzkFALAZ6tJzLiz6PxFzGKxAkU2m2dR5ATYLDfNEAyOqMnj5bajZ7oMcuGA9rVIjLKVC9poMXRSjsb9lB85UtLKxfgDS5VSHsdiKRcSoCABIyJsvrdoXRcZXPNQiWLQ8jTfIJu6CjNUhL017KyirQNbP72xK7oiAUQTqjYcUpKwEU+H14LSw1x8JRxqMTSEtOgUlcDhuptG7R0Q9JntdNQUnANNO0o7xIkCn18vzGckqL8zA1OAgQNmg5JDnm93KiugiT3SYIm6C3LQGP/zUi34k0qcYCQU9Kozc2zs43f2xFcsBIPIlvQw1QbZIsCyklgaISZldUIaXJ01AIEmoah+Ning8ssDnH6Jc/IGp3mY6thCLo6Wnjtbt+yCGfeccrhODIaJi5//YFc4KdA4nGwqvyWb5uNmD+4FZJlZeH//GXBKOvIs06SkUwNpKkszvMVUtmWnKyWU2mkMpS/sf/tGaIRjqV5LEffgub+ww2uwWuRBEc2DfEVVeWYHNY0XwnCQ/a+W/ffRJfcZkppmlHeVFAopR5+eu7r6ByVjFWeI5nnz1I7bwSFl9VZQGfwp5Xj7L/hWNUO/Ot8GugplhR6OLLZeZPvSJgNCr4dXoCpEQK05XD31MLTEfLgmy/48V+OYwvoPH1r11FXkEeVujgU2cGuHFYpdJvxRoL3kqqJBOqSbnOR7Y4Yk2GOjGe4NYNVdxy6+WYd7wKbacHaGzs5Bv3LbeAD9T4BI8/YTJqPgcZLUOgQuUv7m0AxYoyicI///Pb/M2mBrDC8SLZvLmFcGICH9OO8tMBKVETGZAZS67tSqU0UmoG0CwwAjZUu42SR9cwf0U1mDzMg81G7O12Or+3n75IArOFFoGkM5ogqVnX9yiEYDQ6StdQL9JsSk52/2oiGUMIayYHfRyQOiQSGnn5Jk+GA9gEExmd49E4UhEWhGqCjliCeRdxo6cQgnRKB3TImNQZu0RVdTIZiSXvsIB0CpIxjY62Tkv6ZeOxGGoC1KSOy6WZj63skkxGkkhm8HiEBcUXiZbJ6o5ZTDvKaVwQNAFVtcUsrJuBFdFyZHiCbdVOXpjvNn0/KAKGRyXVl5SATSBMt+4I7BmVidZ9vNfXj2Izn56mUhrO4iCKXgnCisM3FzmEQC9x8+YCJ6cqPEizQyAUQVuvlyUzpls5jEKxK3QeDfLa/z5geqgJCFKZNMMxP1L/9A/ln3aU07hgaJnJaNlshgqqlFz71w3cfXcD5jdRFTraRti9p9scz3mUEnukjbyRLkvaRGyqhu4rtOTmkE8EpMRd6uXPf3QTl1w6Ays23l95+Rj6tMUyDCklY+EhwqODpsdkCiFIJFVi8QhQaI2AFzGm1W4afzJkbae0oNQskVKaz0wnISW6w87ML87l6o2LzNt4AYlkhuTebmxuhyUHMz4JyLb+6Fi2xrr1bUCfJejCxsKR09wSHERa0PKUyOi87U4gZQUIl6U9zBcbph3lNKbxB6BLSWmVnytW1WBFmTSdzLDnyMBZY/IZySqncVFBA0plksudXiy50UFo7M0kLGoNubgx7SinMY0/Al3Xs2mv2WxIZO+jnMY0/pRwCOhOpPhNfxDd5NW3AlAzOrEaD8rFfpzbAkw7ymlMYxrT+AxApiX+L9Yw7/bLTQd/QhFEwwm6dnSiKHyqy64w7Sin8SeClBKHQwEUC7RQweWcVuXPAlwuO2ADu9ksRsHhsJnef/4kQdN18mb6uGLpHMyfXBeMR+LsOzqE020HxWSKCoCCw67gdtnBZgWfxG5aT7K4aK2LEGd3cqx4TjHJeZbUDOc5FDn5TMsozuGypls+O4B78sFNs2V/id9/aRYul53tb7eTTOump5gIRSE4NE5Fuc+az09kb6fIDTE3+7ziHAor9EX8fj3Eecp48cGyz/As16+fbWHuwX7TN8RIAZ3tIVavrOb8BTIjH7/nscIm5N45C+Sb1Gd5ti/TgslBQkJ72wg//fk+3C67+REVNoXde3vweB04HTbTfLquc/h4hOtuMr8h+7E4yr6+Pnw+HwUFBYb+fyGyhx8S4QSKYv4KoUxGR0/pJCMqLjDV0yWEQJeSTCJNIpJEddlN94gpdhtaMkN6IoUaTpiei6nYFTKJNMmoSiqSRDfZzmGz20hNpMBpIxVOmp5jKWwKBULwXk0RTy0osuSlxQP/FtUs+fyETaCOq6QmUqjhpPkeQCFIJNJIVUONJNHsNlMj3YQQqMkMqXiaRDiJU5rTaciuiZbWLHW4GU0nHklaojM2h43MhMqPKvOILSgyf5WaonBFNEFDJEk6kkAzuYes2BTUqIqWSJOOJrOfpUm+1HiKZM4mmHznhCARTZKJp0lHVdPyCSFIx1N4y/L4z/OLwG3FCDsFd5WP5+b7wWnBaSMpyQul+a+azkyTVJY7yq1bt1JcXMyePXtYvXo1M2dOXUSpCHYPxXjm3/Zjs5t3lEKCfirI5measHkdpuvpCjB6uI/NmQyOAvPHohVFQZwa5vFgFFexN3uIxCTfeMsgsmCAgpMDpvkQCraBKKqmY28Nmu6JUxQF2Rni6LLZsGwOmBw6DgJmRfjxD3bw2ETcJBfZSC2qMnCwn+d+ud+S/RehSfTTw2z5PwfM92UKgaLp9B8e4PktzTjzzOu0BGZ1jPENm0XN40Lgcdq58/++h7/Gj2ZSB22KwtjRIWJ/sQSWWjGbVeHwSIxv/uY4/xiMmJZPURQywQlkJMmjoxMWvHMCQnGGTo6wxY55PgBVI3likN/86z5L5NOjKslECj5XDQ4bVozKTO7ugWWzwOOwgA9ibeOm27TBYkepqipvvfUWDzzwAOFwmLfffps777zzvJ8RQmD7qPqzVDhTU8R7/2khYE2tmsf2wjeWgNeFJVNRlN3w1SshYMVcTAV+2QRr50KV3xq+/3cY5gVgiRVGxQbvtGW1ZfU8C/gU2NMJ7SFAWjIHFDXDwRVV2TWxYhptXxgK3fRvWmEBH5DW4Gf7YNMKLKmjZTKQ0ujbtNwinVZw/HQvDimzGboFmWVpkYfTf7kULrFimpMNXj9xthZphc5I0CXddyyi+z8stEA+BY4NQFsI1tdbw9c6BDt76L23wQI+IJaCJw7AppUW8AkYT8ATTWeze8WaNYGzPBascZYU2wUEf4ry4T9jqaNMp9PEYjGcTif5+fmcPHnyAz8TiUTo7OzMOUtFUT5woW1cTRAPhqDbDsICETM6jIxD1yj43OYWQJBtGA+OQ3cIYqr5BbUrEIzCmTGwWdGcrcBgBJwCyvMsmfXKQBhsAvpDlgyQpj8Mw+PZ/5ptnbAJ6I9AMAJ9IfOfn01ATwSGItAbMj8gQAAJLfu8HaPgUMz5NSEgmcnqdGcILKhqYFeIB6Oc6QuTl0x/eGn4AlpBhSIYHh6HMzYocFijg31hyKSh3wqdVrLrgYU63TsGAxEL+cIwGLaGTwBR9ew7ZwGfIiCcyPKdCYPLZsGsVyWr071h8NgtmfXKcJS+vj7cf2Ckk3bOzOpgMPihOi+k2ftvzoGqqjz00EN897vfZdeuXYyPj7N+/frc38fjcf7+7/+e/fv343K5kFJSXl6Ox+M5X0ghOD3aQ1BMID7C0yPlhV3LkNGzNVMr+ASQ1LLlho8KVi6UL22xfKmzL4LTpFGe5MucjfAuxMhfiIyaDmnAY5F82lnOC3neC9WZpAbuC6hoXAifrqNkQL+QvZcLXeOElg2GLNAZXYA/qVHltFu2T6nqkg4gY0lzO6CefUc+SgcnbcmHPfPkO5eR4LHAyE/y6YDLIh3UdVC1s2VIC/ikRFF19At53gvVwVg6+45YZLeUhIZukU5LXaNQc3NpaQ02qeSuBxRCkEql6O/vR0pJOp2msrKSf/mXf6GoqOgPi2alowR45513gGzmuHz5cmbMmHHe3+u6TiqVymWRQgiEEOc5ysmvdSvPbudOfFnIh7RutvXHwod1z3zR8539w+o1vtj5LNQZIQRCmr1t9CwXIIXIGqeLVqfP/nGx6vQk58X6vPDx2C0L5VOE8kf9y+T3sq1qjg/dErTcUQKEw2GcTider9dq6mlMYxrTmMY0/l3xsTjKaUxjGtOYxjQ+LbDdf//99/+phZgKkskko6Oj5Ofn09XVxfHjx/H5fLjdbsOc4XCYI0eO4PF48Hg8HDx4EIfDYSgj1nWd/v5+CgoKGB4e5tChQ9hsNsM9pQCpVIqdO3fy8ssvc+zYMTKZDDNmzPjIk1p/DIlEgmQySSqVorW1lYGBAfx+P3aDt4pLKRkeHsbhcHD48GEGBgYoLS01LF8oFCKdTuNwODh48CDDw8MEAoGPPi39IXypVAq3201LSwu9vb0EAgHDzwvQ39/PyZMnKSoqwmaz0dTUhN/vx+Ew1s4UCoV45ZVXePPNN+nq6iIvLw+/329YvvHxcbZu3crWrVvp7OzE6XRSXFxsmC+RSBCNRpFSsnv3boA/up9zIZjU6VdeeYVjx46RTqdN6fSJEyfo7e3F6/WasgWTkFLS0tLCiy++SHNzM+Pj45SVleF0Og1ztra28uKLL7Jnzx5GR0cpKyvD5XIZ5uvq6uLFF19k586dBINB/H4/eXnGLi+Px+O5kuTzzz/P66+/jtfrZcaMGR84bHkhSKVSDA8PW2anz+Xr6+ujpaUFj8dj+Hmnik+coxweHuZ3v/sdDoeDhx9+mDlz5hCLxSguLjZkpFRV5fvf/z6RSIShoSF8Ph+nT58mEolQXV09ZT5N03jqqacoKyvjgQceoLS0FFVVKSgowOPxTJlPSsl7773H4OAgtbW1FBcXMzQ0hJSSsrKyKfMB7Nq1i5///Of09PSwdetW9uzZQ2lpKVVVVYb4Ghsbeemllzhy5Ajbt29nzpw5SCkNG+adO3cyNDTEjh072LVrF2VlZSQSCUpLSw29tC0tLTQ1NdHT08Nzzz1HZWUl8XicsrIyQ4Z5eHiYBx54ACFELihobGyktLSUQCAwZb54PM6OHTvweDzMnTsXt9tNR0cHM2bMMBSsaZrG9u3bcTgczJ07F6/XS19fHx6Ph8LCqd8dmMlk+NnPfkZXVxfPPvssyWQSr9eLz+czpNMA+/fvZ3R0lHnz5lFcXMzIyAipVMpQ3zXAyy+/zODgIL29vRw+fBhN0/B6vYYdUXt7O0eOHKGmpoby8nJisRgjIyNUVlYa0pmenh4OHTpEZWUls2bNIp1Oc+bMGaqrqw3xhUIhGhsbqayspKqqCiklvb29VFZWGrKDIyMj9Pf3E4vFaG5u5pprrmF0dBS/329ojWOxGL/4xS8oLS3lwQcfpKamhkgkQllZmSH5JiYm+NWvfkVRUREPPvggFRUVxONx/H6/qWDjQnHRjrD7Y/B6vdhsNn75y19y7733snr1ak6fPk1bWxuXX375lPlUVaW8vJxNmzahaRqdnZ10dHRw1VVXGZJPURRKS0t5+umnWbFiBV/5yleIRqM0NTXx+c9/fsp8mqaRyWRYvXo1paWlSCnp6+sjGAwakg9g5cqV5Ofn4/V6qaurQ1EUli9fbphPVVVuu+02NE3jxhtvpLa2ltdee4358+cb4isrK2PPnj0cOHCAxx57DK/Xy44dOwiHw4Yckd/v59ChQ2zbto2HHnqImTNn8tprrxGPx/H5fFPmC4fDrFq1ij/7sz8jkUhw6tQpRkZGDDlxyFZJAoEAS5Yswel0IqWkqamJRCJhiE/XdZxOJ6tXr8btdiOlpLW1lWg0aohv0oHdfPPNHDp0iGXLlhGNRjl9+jTLli0zxKmqKqtWraK4uDhXkejo6EDXdUOOQ1EUVq9eTXV1NaOjozQ1NREOh7n22msNyZdIJFi8eDG1tbUIIRgfH885YCOViGg0Sn19PQsWLMhOVlJV3n33XcON/4lEgpqaGhoaGrJTctJpmpqackHMVDFz5kx27NhBT08PK1eupLKyklAoZEg2AKfTSV5eHr/4xS+49957WbNmDcePH6e9vZ3LLrtsynwulwufz8fTTz/NF7/4RTZu3EhPTw+tra0sXbrUsJwXik+coywsLOTuu++mqakp58yCwSAVFRWG+AoKCli7di1nzpxh9uzZ1NbWcvXVVxvO1hRF4a677uLw4cPMmjULgIGBAUMGGcBut1NTU8OWLVsYHh5G0zQqKyu55557DPFBVomXLl3K2NgYBw8epK6uzlQZctWqVUQiESorK4GsYTXDt2jRIkpKSqivr8fr9ZJKpYhEIoazl/nz5+P3+6mrq8utayKRMFzKnTt3LvF4nPHxcXw+H5dffjnhcJj8/HxDfIFAACEE999/f678tXLlSsMGwG63U15eziOPPMLExAROp5OrrrqKW2+91RCf1+tlzZo1pNNpVq9eDWQjfDMlzksuuYTNmzcTDAbJZDLMmjWLu+++23DpdcGCBUxMTGCz2SgrK+Omm24yLBtAbW0tW7Zs4YknnsDtdlNYWMiGDRsMZy8LFy7k2Wef5cknn0QIgdfrZePGjYZL9eXl5TQ1NfGd73wHl8uF2+3m+uuvNxRIQvYk6O23384LL7zAK6+8gsvlYsOGDYbL/263m/vuu4+mpqZcAjM4OGi4auV2u/nqV79Kc3Mzl156KQCjo6OGbcJU8YlzlABnzpwhGo0SCoWoqKhA0zRTe4CXXXbZeZHdZFRvFOFwmGAwSH5+PmVlZSSTSVP7Tfn5+dTW1lJfX8/VV19NMBjkzJkzhspokC31NTY2UlxczO23305PTw/79+/n6quvNizfuU4imUyaGpGlKAqVlZU5xyulRFEUw45NCEFpaSlr1qwBshmXw+EwbJRtNhsul4vt27ezcuVKiouLEUIYdhwTExMsW7aMK664gscff5yuri7y8/PRNM2QjEIIysvLKSsro7+/n6qqKqqrqw0bZeADJdE5c+YwZ84cw3w+n4+5c+dSV1fH8uXLGR4epqenx/B7smLFig98z2h2CtlS5J133kkoFOL111/nkksuMbQVMwmHw8Fdd93Fl770JVKpVO7dNWpnQqEQK1as4Nprr+Xll1/G5/OxaNEiw/KlUinGxsZYs2YNDQ0NNDU1UVxcjK7rht87r9fLNddcc973zOhgMBgkHA4TCoUoKCggmUwaTmimik/cHmUoFOKRRx6hvLycoaEhHA4Hp06dQlEUw1klcF7ZzOPxEAgEDC2qrus8+uijKIpCIpFAVVXi8TgdHR3U1dVNmU9KyVNPPcXo6ChFRUWoqordbmf//v0sXrx4ynwATz/9NN3d3Xi9XsLhMHl5eezevduyEobL5aKwsNCyjXa73U4gECAvL89wefNcCCEoKSkhPz/fEF9/fz//9E//xLx58+jr66OgoIC9e/dSVlZmKKJPJBIcOnQIj8fD4OAgX/va14jFYrjdbkNZaiaTobGxkbq6Oq677joWLFhAKBRC0zRD8kkpaWxs5J133uH48eMcOXKEnTt3IqXMBTNTxeOPP040GsXv95NMJpFScvDgQa688kpDfMeOHePVV1/l+PHjtLS00NzcTFdXl6F3DuD1118nkUjw29/+lsLCQqqqqohEIrmgaKoYHBzk+eef5/Tp07S3t9PS0sKePXu48sorDTnz48ePc+DAAU6ePMnp06dpaGhgZGTE8L57LBbjJz/5Cc3NzXR3d7N161aSySR1dXWW7QEWFxdTUFBgyK7G43EefvhhioqKGBsbQ0rJ4OAg4XCYmpoaS+T7MHziMspMJkNDQwO33XYbAG1tbXR3d7NgwQLDnG1tbezevZsVK1Ywf/58jhw5kovCpwpd16moqOCOO+7A6/XS39+fOxFpFAUFBaxbt44ZM2YwPDxMY2OjqYzX6XRyxx13MHv2bMbGxmhsbCSTyRjmU1WV1tZWKioqePPNN8nPz+eGG24wzJfJZDh16hQzZ85k165dpFIpbrrpJsPZga7rHDhwgNdee41kMklFRQXr1683fNhIVVXWrFnDhg0b0HWdU6dO0d/fb1i+wsJCUqkUjz76KEuWLCESiTAwMEBtba0hPillLouezEwnTxIbwaRjKC8vz+1/BQIBw9sJkM02brvtNgKBAKFQiK1bt5rSabvdTmFhISUlJUBWh4yuB2RLuTt27GBsbIy/+7u/Q0rJSy+9RHV1taE9QKfTidPppLKyMtfsbnTPGLJrceDAAZqamvjhD39IYWEhb7zxBsPDw5SXl0+Zr6CggG9+85u0trZSVFREYWEhGzduNNUL39nZyW9/+1uCwSCBQIB169YZDsYzmQx1dXVs3LgRp9NJd3c3p0+fNpVFTwWfyD7K9vZ28vPzc1N/jh49it/vNxTdxmIx7r//ftatWwdkS0qtra0UFhYaPggwNDREPB7PRTqTpeL6+npDfKFQiFAoxNy5c1EUhYGBAYaHhw0dXoLswYK+vj4WLlyIoiiMjY3R1tbG0qVLDUXLv/vd7+jp6UHTNOLxOOvXr0dKafh5GxsbOXDgAH6/n66uLr7yla8gpWThwoWGjuf39PTQ0dHBvHnzcLlcxONxTp48ydq1aw1Fy1JK2traCAQCOWd78OBBqqqqcobaCA4dOsTu3buRUrJu3TrD2RBAb28vL774IgMDAzgcDlasWMH1119vSUZuBaLRKOFwOLdnFQwGCQaD1NfXWyajpmmGy4aQ3QMLh8PMmzePRCJBU1MTq1atMuWArUQ8Hqenp4cFCxagKArvvvsuS5cuNbVvp+s6J06c4OjRo3zpS18y3A6TSqV44403WLhwYS4Q7OzsZPbs2YZL9t3d3djt9pydb21txW63M3fuXEN8U8EnLqMEmDdv3nlfj46OmopuL730Um688UYge5dma2vrH9zzuFC8f2zfxMQEyWTSMF8gECAQCOQiblVVGR8fN8xXUFBAQUFBji+ZTBKJRAwbqOLiYpYsWYLb7c71eP7mN78x7Ci9Xi8bNmygpKSEZDLJzJkzefPNN6msrDRUOhRCkMlkSKfT2O12VFU9b4yiEb758+eflwENDw8ze/ZsQ3yTWLx48XnldDOGPpFI4PV6ueWWW2hoaGDHjh20t7cbzlI7Ojp4++23qa+vZ/ny5ezbtw+Px2M4WEulUmzfvp2qqirWrl1LKBRiYmLCMic5ODjIoUOH+MIXvmCYo7i4OBcIeTweVq1aZZgrk8nw6quvEo/HueGGG3C5XGzbto1bb73V1B7gJZdckvv6c5/7nKnKEGTPB9TX11NXV4eU0pQO6rpOOp3O/U4kEqaCjPc72EgkYvgA3VTxicwo349EIoHdbje8Udzf34+maTlDd+rUKfLz8w3vv7wfqVQKKaVltX5d11FV1bITX1LKnGE1Ak3TCIfDOaOSSqVoaWkxXGbRdZ1wOIzf7885uaNHj3LZZZcZOk2r6zrNzc1s27aNiYkJSktLWb9+/QcCLiPIZDLY7XYSiQROp9OQUUmn0zzzzDOEw2EURUFRFAYHB8w7g5AAAAI+SURBVLn33nsN7b+kUin+9m//li9/+csAlJSU0Nrait/vZ+3atYbk+4d/+AeWL19Ofn4+eXl5qKrK0NBQ7t+YKn7wgx9QU1OTe+e8Xi+HDx82dZr7XJjV6dbWVl566aVcRpVOpykoKOCee+4xZGfeeecd3nrrLW655RbGxsaor69n8+bNbNq0yZCMo6OjbN68OTcrW9d1NE3j61//uqFtnlgsxpYtW3LOTFEUQqEQ9913n6FSLmSDqxdeeIFgMIjP5+OGG24wXLU6F5PvXCqVAjA1BOJC8YnMKN+PyV4xo3j/IaATJ05QUVFhmaN0Op3nXekyVUxmkC6XiyeffJLFixcbLgtD9qUPh8P4fD6eeuopqqqquPnmmw3z2Wy28/b7wuEwe/fuNewoFUU5L3NMp9M0NjayYMECQ45y8iq3RYsW5Z7zV7/6FbNmzTIcvJw8eZLvfe979Pb2Mm/ePL797W+zcOFCQ1wOh4NZs2axdOnSXMQdDAYNH4bKZDLU19fndGRoaIjnnnuO6667zhCflJLa2lrWrVuH2+1mdHSUX//617n2JyMoLi7mlltuwev1Eo/HeeaZZ0wZvHQ6zdjYGIWFhTzxxBNUV1eb0mmfz8eSJUty1SFd14nFYmiaZshROp1OrrvuOhoaGtA0jX379jEyMmI4w3I4HCxatCjnxKSUTExMGLaDHo+H6upqZs2alXNko6OjpoL7uXPn8q1vfeu87006OSMIhUI89NBDNDc3EwgE2LRpk6HAzwj+PwSG3TSCiR0ZAAAAAElFTkSuQmCC" /><br />
<br />
Any way, I expect this to get more complex as I start to get use to the tool but for one day of playing (and its been a lot of fun) this seems like it will be a handy way to put a nice spin on my report data and add some color.<br />
<br />
If you have any reports you find interesting with this data - plz add them to the thread<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-76281206463029694672012-06-25T20:19:00.002-07:002012-06-25T20:19:27.013-07:00Geektools - MacLink:<br />
<a href="http://www.macosxtips.co.uk/geeklets/system/scurity-log-parse-aka-attack-tripwire/">http://www.macosxtips.co.uk/geeklets/system/scurity-log-parse-aka-attack-tripwire/</a><br />
<br />
----- <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDNqa1MpmC3Gm65Scwzx3p5-JHq1mbBmMym8dN3YhgDBQDIU0HE4pN9soc36bEDu341hFG7_UnRusdJqkFB2dIDBsF2gj6IK5Kr-T0PtISxpB41xEMWVa8zVAto-GOdRZarb68Wp0DImEc/s1600/7.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDNqa1MpmC3Gm65Scwzx3p5-JHq1mbBmMym8dN3YhgDBQDIU0HE4pN9soc36bEDu341hFG7_UnRusdJqkFB2dIDBsF2gj6IK5Kr-T0PtISxpB41xEMWVa8zVAto-GOdRZarb68Wp0DImEc/s400/7.jpg" width="400" /></a></div>
This is something I have been playing with on my Mac hosts to just keep an eye on the event logs that no one reads. You will need to install Geektool from the App Store (its free) <br />
<br />
<a href="http://itunes.apple.com/us/app/geektool/id456877552?mt=12">http://itunes.apple.com/us/app/geektool/id456877552?mt=12</a><br />
<br />
----<br />
<br />
Security Log Parse (aka Attack Tripwire)<br />
<br />
Just add the following command in as an shell Geeklet<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">echo "Who is online:" ; who ; echo ''; echo 'Active Screen Sessions:'; screen -wls | awk -F 'in' '{print $1}'; echo ''; echo 'Failed Authentication:' ; grep 'Failed to authenticate user' /var/log/secure.log| awk -F ':' '{print $1":"$2""$4}' | awk -F '(' '{print $1}' | sort | uniq -c; grep 'authentication error' /var/log/secure.log| awk -F ':' '{print $1":"$2$6}' | sed 's/authentication error for //g' | sort | uniq -c</span></span><br />
<br />
or if your getting a lot you can trim it to only alerts from the current month<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">echo "Who is online:" ; who ; echo ''; echo 'Active Screen Sessions:'; screen -wls | awk -F 'in' '{print $1}'; echo ''; echo 'Failed Authentication:'; i=$(date +"%b"); grep 'Failed to authenticate user' /var/log/secure.log| awk -F ':' '{print $1":"$2""$4}' | awk -F '(' '{print $1}' | sort | uniq -c | grep $i; grep 'authentication error' /var/log/secure.log| awk -F ':' '{print $1":"$2$6}' | sed 's/authentication error for //g' | sort | uniq -c | grep $i</span></span><br />
<br />
This little script is good for in cafes or offices etc to see if someone it trying to log into your computer and what address they source from. Also it lists the active sessions on your machine.<br />
<br />
*Note: The formatting of the awk may need adjusted if your not using Lion<br />
<br />
Anyway just a fun little idea I had when I was sitting around today - enjoy and cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-35904470991116838602012-06-25T20:17:00.001-07:002012-06-25T20:29:11.211-07:00Risk Stats V3Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV3.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV3.java</a><br />
<br />
-----<br />
<br />
Ok - I had an interesting idea to put in some summery data into this report so it ended in a rev 3<br />
<br />
Now when you run XMLVulnStatsV3 you will get two extra tables at the bottom with the risk chart. One has summery data on how many unique hosts were scanned and how many failed authentication. Also the items that failed auth are now highlighted pink in the report.<br />
<br />
Additionally you get a list of the hosts with OS that failed authentication. Note that this process supports rescans in the set so if you scan a machine 4 times and one authenticated it will not show up in the final list of hosts with failed auth.<br />
<br />
Additional data on the core source is below.<br />
<br />
---<br />
<br />
<br />
The first version of the script XMLVulnStats.java will work from a .nessus file or multiple .nessus files and give you the following summery data - this script requires Excel to do some of the front end math. Due to the use of Excel the impact levels can be modified after the fact to gain more accurate results.<br />
<br />
The command-line works as follows: <br />
<span style="font-family: "Courier New",Courier,monospace;">java XMLVulnStatsV3 Output.xls *.nessus</span><br />
<br />
The output will be a table with the following columns<br />
<br />
<ul>
<li> IP Address</li>
<li> Total CVSS Count - This totals the CVSS score for all Vulns on the Host</li>
<li> Critical Count</li>
<li> High Count</li>
<li> Medium Count</li>
<li> Low Count</li>
<li> None Count</li>
<li> Host Criticality - Adjustable figure between 100-1000 ranking hosts</li>
<li> Risk Score - Total CVSS * Host Criticality</li>
<li> Total Vuln - Total of Critical, High, Med, Low Vulns</li>
<li> Average CVSS</li>
<li>Scan Depth</li>
</ul>
<br />
Additionally you will get an Average System Risk Level calculation based on the averages for all hosts.<br />
<br />
Note that you will need to set the Host Criticality for your system after the script is run based on system knowledge. In the Federal / NIST space I have been using a spread based on the FIPS 199 level (i.e. if its a moderate system hosts are ranked between 400-600 based on impact, workstations 400, domain controllers 600, etc)<br />
<br />
Hope you all are having fun with the data - any ideas send them my way.<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-24111179998185530632012-06-25T20:16:00.003-07:002012-06-25T20:16:16.781-07:00Download All Nessus Reports at Command-lineSo I have a lot of Nessus scan files and have been looking for a quick way to download all of the reports in Nessus V2 format for processing; I found this to be the simple way - if you put all 3 lines into a shell script even simpler.<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">token="$(/opt/local/bin/wget --no-check-certificate --post-data 'login=userIDn&password=password' https://127.0.0.1:8834/login -O - | grep '<token>' | sed 's/<contents><token>//g' | sed 's/<\/token><user>//g')"</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">/opt/local/bin/wget --post-data "token=$token" --no-check-certificate https://127.0.0.1:8834/report/list -O - | grep 'name' | sed 's/<name>//g' | sed 's/<\/name>//g' > reports</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">for i in $(cat reports); do /opt/local/bin/wget --post-data "token=$token&report=$i" --no-check-certificate https://127.0.0.1:8834/file/report/download -O - > $i.nessus; done;</span></span><br /><br />You will need to swap out the userID and password for your local Nessus User ID and Password - but there you go a few lines and you have all of your reports.<br /><br />You also my need to adjust the path for wget - I was using it from MacPorts on my machine.<br /><br />cheers<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-56388014442247047232012-06-25T20:15:00.004-07:002012-06-25T20:15:45.295-07:00Rescan Validation UpdateCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLValidate.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLValidate.java</a><br />
<br />
----- <br />
<br />
This is a quick update for the associated code to make it work with the changes in the .nessus V2 format in Nessus 5.0 +<br /><br />If you update your scanner you will need to use this code on the output.<br /><br />** On the up side this is the only code set that broke with the changes and all of the other scripts still work in Nessus 5.0 **<br /><br />cheers<br /><br />JSN<br /><br />----<br /><br />I received a task a while back to validate that a .nessus artifact (some scan output) could support validation that a item found in the past was fixed.<br /><br />I broke this task down into a few items: <br />
<ol>
<li>Was the pluginID scanned for in the file?</li>
<li>Was it found on any hosts in the scan output?</li>
<li>What was scanned?</li>
</ol>
I created this little java command to validate these items from the command-line.<br /><br />Its used thus: <br />
<span style="font-family: "Courier New",Courier,monospace;">java XMLValidate <fileName> <pluginID></span><br /><br />You can check for more than one pluginID at a time just simply keep adding them as args to the command.<br /><br />The output looks like this: <br />--------<br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLValidate ScanInput.nessus 30218</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">PluginID: 30218 was located as item 11903 scanned for in the plugin_set.</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 30218 was identified on host 10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 30218 was identified on host 10.10.10.2</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Scanned Hosts:</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.2</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.3</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.4</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.5</span></span><br /><br />--------<br />Or in the case the file is clean:<br /><br />--------<br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLValidate ScanInput.nessus 30218</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">PluginID: 30218 was located as item 11903 scanned for in the plugin_set.</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 30218 was NOT identified on any scanned host.</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Scanned Hosts:</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.2</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.3</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.4</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.5</span></span><br /><br />---------<br /><br />As always drop me a note with improvements as this just represents my hack and slash attempt to save time validating a files while on a airline flight.<br /><br />cheers<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-79819312828221020872012-06-25T20:13:00.003-07:002012-06-25T20:13:44.775-07:00Risk Stats V2Code: <br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV2.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStatsV2.java</a><br />
<br />
-----<br />
<br />
Ok - I spent some time with techs in the field this week and found they really need more data about the hosts when working with risk & scans.<br /><br />So I created XMLVulnStatsV2 this adds in the following columns to the table that may be helpful data about the hosts in addition to the IP address.<br /><br />The output table now includes <br />
<ul>
<li>FQDN</li>
<li>OS</li>
<li>Mac Address</li>
<li>Scan Start Time</li>
</ul>
For all the techs looking for a quick view of the set of scans they have conducted this is it.<br /><br />Additional data on the core source is below.<br /><br />---<br /><br /><br />The first version of the script XMLVulnStats.java will work from a .nessus file or multiple .nessus files and give you the following summery data - this script requires Excel to do some of the front end math. Due to the use of Excel the impact levels can be modified after the fact to gain more accurate results.<br /><br />The command-line works as follows: <br /><span style="font-family: "Courier New",Courier,monospace;">java XMLVulnStats Output.xls *.nessus</span><br /><br />The output will be a table with the following columns<br />
<ul>
<li> IP Address</li>
<li> Total CVSS Count - This totals the CVSS score for all Vulns on the Host</li>
<li> Critical Count</li>
<li> High Count</li>
<li> Medium Count</li>
<li> Low Count</li>
<li> None Count</li>
<li> Host Criticality - Adjustable figure between 100-1000 ranking hosts</li>
<li> Risk Score - Total CVSS * Host Criticality</li>
<li> Total Vuln - Total of Critical, High, Med, Low Vulns</li>
<li> Average CVSS</li>
</ul>
Additionally you will get an Average System Risk Level calculation based on the averages for all hosts.<br /><br />Note that you will need to set the Host Criticality for your system after the script is run based on system knowledge. In the Federal / NIST space I have been using a spread based on the FIPS 199 level (i.e. if its a moderate system hosts are ranked between 400-600 based on impact, workstations 400, domain controllers 600, etc)<br /><br />cheers<br /><br />JSN<br />JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-23255175552886946522012-06-25T20:12:00.001-07:002012-06-25T20:12:08.345-07:00Measurements & Risk StatsSlides:<br />
<a href="https://github.com/JasonMOliver/Misc/blob/master/ShmooCon%20EP%20Talk.pdf">https://github.com/JasonMOliver/Misc/blob/master/ShmooCon%20EP%20Talk.pdf </a><br />
<br />
Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStats.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnStats.java</a><br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTableStats.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTableStats.java</a><br />
<br />
I have been working on a talk this week for ShmooCon Epilogue <br />
<br />
<a href="http://novahackers.blogspot.com/2012/01/shmoocon-epilogue-speakers-and-location.html">http://novahackers.blogspot.com/2012/01/shmoocon-epilogue-speakers-and-location.html</a><br />
<br />
For the people who missed the talk I will have the slides and video if possible posted on the media blog soon.<br />
<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="300" mozallowfullscreen="" src="http://player.vimeo.com/video/36105556?title=0&byline=0&portrait=0" webkitallowfullscreen="" width="400"></iframe><br />
<a href="http://vimeo.com/36105556">Epilogue: Jason Oliver-Risk Reporting Metrics</a> from <a href="http://vimeo.com/user4997632">Georgia Weidman</a> on <a href="http://vimeo.com/">Vimeo</a>.<br />
<br />
---<br />
<br />
In the talk I go over some ideas I have been playing with to answer a few key questions all of us techs get on Risk Assessments; <br />
<ul>
<li>What is the X worst machine(s)?</li>
<li>What is the over all risk level of my network?</li>
<li>What fix would have the most risk reduction effect?</li>
</ul>
In an effort to give a quantifiable answer to these questions I created a few scripts that work with .nessus V2 files. Please not the the theory in the talk can be applied to any vulnerability data but I wanted to some some actual implementation of theory with the scripts.<br />
<br />
The first script XMLVulnStats.java will work from a .nessus file or multiple .nessus files and give you the following summery data - this script requires Excel to do some of the front end math. Due to the use of Excel the impact levels can be modified after the fact to gain more accurate results.<br />
<br />
The command-line works as follows: <br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLVulnStats Output.xls *.nessus</span></span><br />
<br />
The output will be a table with the following columns<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> IP Address</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Total CVSS Count - This totals the CVSS score for all Vulns on the Host</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Critical Count</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> High Count</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Medium Count</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Low Count</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> None Count</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Host Criticality - Adjustable figure between 100-1000 ranking hosts</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Risk Score - Total CVSS * Host Criticality</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Total Vuln - Total of Critical, High, Med, Low Vulns</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Average CVSS</span></span><br />
<br />
Additionally you will get an Average System Risk Level calculation based on the averages for all hosts.<br />
<br />
Note that you will need to set the Host Criticality for your system after the script is run based on system knowledge. In the Federal / NIST space I have been using a spread based on the FIPS 199 level (i.e. if its a moderate system hosts are ranked between 400-600 based on impact, workstations 400, domain controllers 600, etc)<br />
<br />
The second script XMLTableStats.java is a simple edit of one of my older scripts that adds a column for Host Count.<br />
<br />
The over all value of this is it will allow you to rank fix / repair order by vulnerability.<br />
<br />
Simple run the script;<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java -Xms32m -Xmx1024m XMLTableStats *.nessus > Output.xls</span></span><br />
<br />
Then in Excel sort by Risk Factor, CVSS Score, Host Count<br />
<br />
This will give you a fix list based on highest level of vulnerability then by quantity of hosts effected thus giving you the biggest bang for your buck if you fix by patch / issue.<br />
<br />
Hope this helps - I hope to extend the research a bit and perfect the theory, I have only been playing with the numbers for a month or two so any feed back would be appreciated.<br />
<br />
Keep in mind what a measurement really is - for the most part it is anything that helps you understand a figure more than before. This is not designed to be a perfect number that is definitive, its designed to give you a quantifiable baseline to work from that is for sure better than what you had before. <br />
<br />
cheers<br />
<br />
JSN<br />
<br />
<br />
Update: The talk has been posted on the media blog if you are interested.JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-31500022037348517722012-06-25T20:08:00.006-07:002012-06-25T20:08:53.285-07:00Nessus Compliance - TransposedCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTableTranspose.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLCompTableTranspose.java</a><br />
<br />
----- <br />
<br />
I got an email a few days ago posing an interesting question - <br /><br />How difficult would it be to switch columns with rows? (in the XMLComplianceTable.java)<br /><br />As a guy that always enjoys fun challenges such as this, I wanted to put a bit of time and thought into the solution. The rationale for this was sound (i.e Excel supports far more rows than columns) so, why not? <br /><br />With that being said, here is the modified code - <br /><br />This bit of java will read .nessus files for the pluginIDs associated with Windows and UNIX compliance scans and restructure the data. <br /><br />With this code you get an x (tests scanned) , y (hosts conducted) view of the data contained in the file. When scanning many hosts this allows you to identify trends in baselines much quicker in addition to a simple way of spotting misconfigured hosts.<br /><br />It will build the data sets dynamically from the .nessus file and supports output of html and xls.<br /><br />You can run this code with the following command-line:<br />
<br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLCompTableTranspose input-file.nessus > output-file.[xls/html]</span></span><br /><br />One side note - if you scan the same machine more than one time this current version will put the results in the right row, but due to having two sets of results it kills the links to the headers for that row. <br /><br />cheers<br /><br />JSN<br /><br />P.S. A big thanks to Roger Grimes at InfoWorld for the question / challenge, it was fun.JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-49757850667254270062012-06-25T20:07:00.004-07:002013-03-06T11:10:55.147-08:00Patchlink XML to XLSCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLPatchlinkReader.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLPatchlinkReader.java</a><br />
<br />
----- <br />
<br />
I had a task this week to create a vulnerability assessment report using Lumension Scan results -<br />
<br />
<a href="http://www.lumension.com/vulnerability-management/vulnerability-assessment-software.aspx">http://www.lumension.com/vulnerability-management/vulnerability-assessment-software.aspx</a><br />
<br />
I received the output from the tool in a few formats PDF and XML and as XML was the only parsable format I set out to turn it into some usable results. This resulted in a few interesting security findings related to this tool that I will talk about later. <br />
<br />
Now up front I need to give credit to @dhongyt (David Trang) who put most of the work into the engine of this code and while I had the vision and did some tweaking I would not have finished this fast with out his work. <br />
<br />
This bit of code is very similar to my XMLTable.java that works with Nessus, it turns multiple Lumention files (you may know this product under its old name Harris Patchlink) into a XLS or HTML report.<br />
<br />
The command-line looks like this;<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLPatchlinkReader input.xml > output.[xls/html]</span></span><br />
<br />
and the end result is a table with the following headers<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">Vuln ID, Severity, Name, Description, Solution, CVE, Host(s</span></span>)<br />
<br />
Now the interesting part of this tool - <br />
It would seem Lumention uses the following categories for vulnerabilities in the tool<br />
<br />
High, Moderate, Low, Warning<br />
<br />
in most tools ‘Warning’ would be in this order like a note or informational and for the most part they are BUT they also mix in item with not current fix and compliance / configuration issues that would normally fall into other risk levels. <br />
<br />
I personally combined this category of result with the CVSS score from the CVSS database. If you need a quick way to look up this data for a lot of CVE numbers you can build a lookup table by downloading all the .xml files from the site<br />
<br />
<a href="https://cve.mitre.org/cve/cve.html">https://cve.mitre.org/cve/cve.html</a><br />
<br />
and running the following command<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"> grep -h -f query *.xml | sed 's/<entry id="//g' | sed 's/">//g' | sed</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">'s/ <cvss:score>//g' | sed 's/<\/cvss:score>//g' | sed</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">'/[0-9]\.[0-9]/G' tmp | sed '/CVE/{x;p;x;}' | sed '/./,/$/!d' | sed -e</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">'N;s/\n/ /'</span></span><br />
<br />
This will give you a CSV of CVE-Number, CVSS Score that you can loop through for info.<br />
<br />
Now I would have to caution you that CVE number pre 2000 are a little out of whack with risk views of today so make sure to use common since when adjusting the risk values manually for your scan and environment but the data is valuable and can be very important if you have a High risk configuration issue showing up as a Warning.<br />
<br />
As always I hope it helps you all out, if you have questions post away or email.<br />
<br />
- Also remember as security professionals its good to know all of the tools and how to use them not just one. The world has a lot of vulnerability scanners and its good to be able to use them all and know the quarks associated with them. Also this chart may be helpful if you are mapping between scanners as it gives you a matchable field in the CVE number. <br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-19286618274913920802012-06-25T20:06:00.000-07:002012-06-25T20:06:08.465-07:00mutt /w IMAP & GPG on OS XThis is just a short little blog on getting ‘mutt’ going with GPG support on a Mac OS X machine. Started off with me having issues getting to my mail at customer sites and the over all lack of a good PGP option on my iPhone. <br /><br />This seemed like a simple option. (Mostly this post is so I can recall how I set things up for the next time I need to do it in the .muttrc file)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD5Qpy22LerDjgkyUQ4sAmKJnUEFs1s-OO2E-llmYhrCofzy1-CN4ShdG2XoMRhRefdTvzk92NL9d4HAX6wOwIPG-RmX-JgxI9ze0wLOuJaqEEZe7ShYaHYsiOM4IbRaVjEFxpJO_sn6Ud/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgD5Qpy22LerDjgkyUQ4sAmKJnUEFs1s-OO2E-llmYhrCofzy1-CN4ShdG2XoMRhRefdTvzk92NL9d4HAX6wOwIPG-RmX-JgxI9ze0wLOuJaqEEZe7ShYaHYsiOM4IbRaVjEFxpJO_sn6Ud/s400/6.jpg" width="400" /></a></div>
<br /><br />The first thing your going to want / need is Xcode on your Mac so you have GCC -<br />*this is free in the App Store*<br /><br />After that d/l and install Mac ports:<br /><a href="http://www.macports.org/">http://www.macports.org/</a><br /><br />then run the following command<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">sudo port install mutt-devel +imap +ssl +headercache +gnupg +smtp +sasl +trash</span></span><br /><br />Now you will need to build a .muttrc file for your home dir; mine looks like this, you will need to edit username, hostname, and the PGP key 0x00000000.<br /><br />----<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">set imap_user = 'username'</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set spoolfile = imaps://username@hostname:993/INBOX</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set folder = imaps://hostname:993</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set record="imaps://hostname/Sent"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set postponed="imaps://hostname/Drafts"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set certificate_file=~/.mutt/certificates</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set header_cache=~/.mutt/cache</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set smtp_url = "smtp://username@hostname:587/"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set from = "emailaddress@yourhost.com"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set realname = "Full Name"</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># activate TLS if available on the server</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set ssl_starttls=yes</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># always use SSL when connecting to a server</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set ssl_force_tls=yes</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set sort=threads</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># HTML emails</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">auto_view text/html</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">bind index G imap-fetch-mail</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">bind pager G imap-fetch-mail</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set mail_check=30</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set timeout=60</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set editor='pico -r 72'</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># COLORS</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color attachment brightmagenta black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color error brightwhite red # errors yell at you in red</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color hdrdefault red black # headers</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color indicator brightyellow magenta # currently selected message</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color markers brightcyan black # the + for wrapped pager lines</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color message brightcyan black # informational messages, not mail</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color normal white black # plain text</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted green black # quoted text</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color search brightgreen black # hilite search patterns in the pager</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color signature red black # signature (after "-- ") is red</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color status brightyellow blue # status bar is yellow *on blue*</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color tilde blue black # ~'s after message body</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color tree red black # thread tree in index menu is magenta</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color signature brightred black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color underline yellow black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color header cyan black ^(From|Subject): # Important headers</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color body magenta black "(ftp|http)://[^ ]+" # picks up URLs</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color body magenta black [-a-z_0-9.]+@[-a-z_0-9.]+</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># Coloring quoted text - coloring the first 7 levels:</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted cyan black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted1 yellow black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted2 red black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted3 green black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted4 cyan black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted5 yellow black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted6 red black</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color quoted7 green black</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># Colorize smileys: :-) ;-) :-/ :-(</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color body yellow black "[;:]-[)/(|]"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color body yellow black "[;:][)/(|]"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color body green black "[[:alpha:]]\+://[^ ]*"</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color index brightyellow black ~N # New</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color index yellow black ~O # Old</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color index magenta black ~F</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color index blue black ~T</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">color index red black ~D</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#GPG</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_decode_command="gpg %?p?--passphrase-fd 0? --no-verbose --batch --output - %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_verify_command="gpg --no-verbose --batch --output - --verify %s %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_decrypt_command="gpg --passphrase-fd 0 --no-verbose --batch --output - %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_sign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_clearsign_command="gpg --no-verbose --batch --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_encrypt_only_command="pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0x00000000 -- -r %r -- %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_encrypt_sign_command="pgpewrap gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0x00000000 -- -r %r -- %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_import_command="gpg --no-verbose --import -v %f"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_export_command="gpg --no-verbose --export --armor %r"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_verify_key_command="gpg --no-verbose --batch --fingerprint --check-sigs %r"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_list_pubring_command="gpg --no-verbose --batch --with-colons --list-keys %r" </span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_list_secring_command="gpg --no-verbose --batch --with-colons --list-secret-keys %r" </span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># specify the uid to use when encrypting/signing</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_sign_as=0x00000000</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># this set the number of seconds to keep in memory the passpharse used to encrypt/sign</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># the more the less secure it will be</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_timeout=60</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># it's a regexp used against the GPG output: if it matches some line of the output</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># then mutt considers the message a good signed one (ignoring the GPG exit code)</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">set pgp_good_sign="^gpg: Good signature from"</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># mutt uses by default PGP/GPG to sign/encrypt messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># if you want to use S-mime instead set the smime_is_default variable to yes</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># automatically sign all outcoming messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_autosign</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># sign only replies to signed messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_replysign</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># automatically encrypt outcoming messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_autoencrypt=yes</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># encrypt only replies to signed messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_replyencrypt=yes</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># encrypt and sign replies to encrypted messages</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_replysignencrypted=yes</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"># automatically verify the sign of a message when opened</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">#set crypt_verify_sig=yes</span></span><br /><br />---<br />Note that you will also need to setup gpg to work with your keys or make keys.<br /><br />At this point you are good to go, just run ‘mutt’ from the command-line and your rockin. <br /><br />cheers<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com1tag:blogger.com,1999:blog-2541995843363831164.post-78870975796231190702012-06-25T20:04:00.000-07:002012-06-25T20:04:07.496-07:00NBE to Delimited TextCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/VulnTable3.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/VulnTable3.java</a> <br />
<br />
-----<br />
<br />
I have been working this week with a lot of data files from Security Center and found that it will only support .nessus V1 files at this point. In an effort to parse this data I fell back to using .nbe files as they are just a bit simpler to juice data out of at the command-line in a rush.<br /><br />At the end of the day I needed some clean data to use in the block of results and this set of commands was the result of that.<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">grep 'results|' *.nbe | awk -F '|' '{print $3"|"$5"|"$6"|"$7}' | sed 's/\\n/ /g' > ParseInput.nbe</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">java VulnTable3 > input.csv</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">sed 's/Description :/|Description :/g' input.csv | sed 's/Solution :/|Solution :/g' | sed 's/Risk factor :/|Risk factor :/g' | sed 's/Plugin output :/|Plugin output :/g' | sed 's/|, /||Host(s) :/g' | sed 's/Public Exploit Available :/|Public Exploit Available :/g' | sed 's/CVE :/|CVE :/g' | sed 's/Other references :/|Other references :/g' | sed 's/|Plugin output :.*|/|/g' | sed 's/\/ CVSS Base Score :/|CVSS Base Score :/g' | sed 's/Risk factor : Critical/Risk factor : Critical|/g' | sed 's/Risk factor : High/Risk factor : High|/g' | sed 's/Risk factor : Medium/Risk factor : Medium|/g' | sed 's/Risk factor : Low/Risk factor : Low|/g' | sed 's/Risk factor : None/Risk factor : None|/g' | sed 's/|CVSS Base Score :/CVSS Base Score :/g' | sed 's/|Public Exploit Available :/Public Exploit Available :/g' | sed 's/|CVE :/CVE :/g' | sed 's/|Other references :/Other references :/g' | sed 's/||Host(s) :/|Host(s) :/g' > output.csv</span></span><br /><br />After this you can import the file to Excel with | as the delimiter.<br /><br />I am sure I will return to this and fix it, as I will be working with Security Center a lot more in the future but I felt this was worth a post if anything so I will not forget how I did this next time.<br /><br />cheers<br /><br />JSN JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com1tag:blogger.com,1999:blog-2541995843363831164.post-18537177380139865142012-06-25T20:03:00.000-07:002012-06-25T20:03:01.103-07:00Host Identification in Dynamic EnvironmentsCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTable_DYNDHCP.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTable_DYNDHCP.java</a><br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_WithIP2MAC.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_WithIP2MAC.java </a><br />
<br />
-----<br />
<br />
I have been working a task in a environment that uses dynamic DHCP pools with a short lease, so at any given time scanning an IP could yield a different host. This can become problematic with scanning many hosts over time not just when trying to get good coverage of the environment but when it comes time to do reporting. <br /><br />Many of us struggle with translating these dynamic results into a coherent report table.<br /><br />This script will unique the vulnerabilities for a Risk Assessment report but with a few nice features. It will work with multiple .nessus files at the same time and in addition when rolling up the results will unique the host list and give you the best detail it can offer from the scan report as the host to link to the vulnerability in the following order;<br />
<ul>
<li>FQDN </li>
<li>MAC Address</li>
<li>IP Address</li>
</ul>
While these networks can be a challenge to analyze my hope is this sciprt will make reporting a little less stressful.<br /><br />This works with the following command-line <br /><br /><span style="font-family: "Courier New",Courier,monospace;">java -Xms32m -Xmx1024m XMLTable *.nessus > output.[html/xls]</span><br /><br />You may not need the extra memory -Xms32m -Xmx1024m if only running this vs. a few files. I often merge over 100 .nessus files in a run.<br /><br />** Keep in mind some hosts have multiple MAC Addresses and Nessus will tell you all of them in a lot of cases, so if the best data available was the MAC Address then you may get more than one. You can recognize these as they are not delimited by commas thus telling you this is one host **<br /><br />cheers<br /><br />JSN JSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-68948050153984636382012-06-25T20:01:00.003-07:002012-06-25T20:01:32.517-07:00Scanning Auth OvertimeCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOTAuthOnly.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOTAuthOnly.java</a> <br />
<br />
-----<br />
<br />
I have a job I am currently working that requires authenticated scans and I am sure a number of you might start running into this now that NIST 800-53 requires Authenticated scans for High systems. <br /><br />
Now its one thing to put credentials into a scanner and say you authenticated, but did the scanner authenticate and what happens when your scanning a large system and you have hundreds of scan files?<br /><br />
This script will check each host scanned for the Nessus 21745 plugin ID (Local Checks Not Run) and if this fired in any scan report for a given host give you a line for the data (all hosts with just a single grey line authenticated and are good).<br /><br />
As you can see below in the image if a host Failed Auth then you can check the chart to see if you had at least one authenticated scan out of your batch thus meeting the requirement.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqE7xsFyoDToTqNyqCxDqGmIC4uZizomgKmGolHzeS9n2YYCqDn68-KnfAAN0W9vNplbHFoKWz2rbMBuzv9btAohT6JQPurhnTDO_sGLB0pIJsrzh0Nq8-zytDOGf3P7e1Xbzfg4PAYL_0/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqE7xsFyoDToTqNyqCxDqGmIC4uZizomgKmGolHzeS9n2YYCqDn68-KnfAAN0W9vNplbHFoKWz2rbMBuzv9btAohT6JQPurhnTDO_sGLB0pIJsrzh0Nq8-zytDOGf3P7e1Xbzfg4PAYL_0/s400/5.jpg" width="400" /></a></div>
<br /><br />
As always I hope this is helpful.<br /><br />
Oh and I find when I get over say 50 .nessus files you need to allocate more memory to java on the command line so you can use a line something like this;<br /><br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java -Xms32m -Xmx1024m XMLVulnOTAuthOnly *.nessus > AuthFailed.[xls/html]</span></span><br /><br />
cheers<br /><br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-60062900474658610632012-06-25T19:59:00.002-07:002012-06-25T19:59:27.565-07:00MacTrackLinks: <br />
<a href="http://sourceforge.net/projects/macbuntu/">http://sourceforge.net/projects/macbuntu/</a><br /><a href="http://www.backtrack-linux.org/downloads/">http://www.backtrack-linux.org/downloads/</a> <br />
<br />
----<br />
<br />
A tweet passed by me today and I discovered Macbuntu, and as a Mac Fan boy I thought .... my New Backtrack 5 install NEEDS this. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyULNhutqPCIcKkYI1d0nK6Aa6qGJoBIbVzMInIJgWC_jovIFlJQ5AmF-EtaCBvykZ9CxLwmdfHvUKXs5i8qtXmEBdwDwMYc3MP85KxdV1kw_bWQdK0ZQxAAlSUnK6yINV-7kZ2SL_1Xm7/s1600/4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyULNhutqPCIcKkYI1d0nK6Aa6qGJoBIbVzMInIJgWC_jovIFlJQ5AmF-EtaCBvykZ9CxLwmdfHvUKXs5i8qtXmEBdwDwMYc3MP85KxdV1kw_bWQdK0ZQxAAlSUnK6yINV-7kZ2SL_1Xm7/s320/4.jpg" width="320" /></a></div>
<br />Well maybe yours does to, this post will tell you how:<br /><br />Download up a Backtrack - Gnome install from <br />http://www.backtrack-linux.org/downloads/<br /><br />Install your Backtrack install just as normal, then use the following commands<br /><br />Open a terminal and type the following commands: <br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">$ wget https://downloads.sourceforge.net/project/macbuntu/macbuntu-10.04/v2.2/Macbuntu-10.04.tar.gz -O /tmp/Macbuntu-10.04.tar.gz </span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">$ tar xzvf /tmp/Macbuntu-10.04.tar.gz -C /tmp </span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">$ cd /tmp/Macbuntu-10.04/ </span></span><br /><br />At this point you will need to edit the install.sh so that it will not bomb on the whoami check. You can comment out this check or just change the user name from ‘root’ to something else. * <br /><br />Note that this is the quick way, if you make other user IDs on your Backtrack install then you can skip editing the install.sh <br /><br />Then simply run<br /><br /><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">$ ./install.sh</span></span><br /><br />After this point you should boot up into your new ‘Mactrack’ install ^^<br /><br />cheers<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-20302363503655856572012-06-25T19:56:00.004-07:002012-06-25T19:56:33.479-07:00Coverage Scanning 0.2Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate.java</a><br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_NoLiveHostPlug.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_NoLiveHostPlug.java</a> <br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_WithIP2MAC.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate_WithIP2MAC.java</a><br />
<br />
----- <br />
<br />
So I have found a few scenarios that call for modifications to my Coverage Validation process. <br /><br />
The first is for scan results that did not have ‘Log Live Hosts’ turned on in the scanner. This damages the results in a way if your scanning while networks as things like a firewall or router may respond for the device and cause a false love host with out using the plugin as a verification, but none the less it happens and you need a way to check for coverage. So I have built a modified version that just pulls hosts from the header section of the scan results and makes the assumption everything in the results was alive. <br /><br />
The second was a client that runs a dynamic DHCP network. I needed a way to track the MAC addresses for hosts I scanned vs. an inventory so I added in another block that works as a translation list for the scan results of MAC to IP address. Luckily if Nessus finds this information via any plugin it adds it to the header tags for the scanned hosts in the results. This way you end up with a CSV block of MAC, IP Address (note that some machines will have more than one MAC address, the results will have all of them). <br /><br />
These turned out helpful for me in special scenarios so have at them.<br /><br />
Cheers All<br /><br />
JSN<br /><br />----<br />I had a set of scans that had the following logic flow today.<br /><br />
Scan with 95% or better coverage and all scans should be authenticated.<br /><br />
You run into some interesting things as you think this through: <br /><br />
To gather coverage you need to have a target inventory and the script must be aware of what 100% consists of.<br /><br />
To validate authentication its not enough to look for failed items - what if you rescan them, why did it fail, and what if you rescan them how will the script logic work.<br /><br />
What to do when you find extra hosts not in the inventory.<br /><br />This is the set of issues at this point I have set out to code and enough have been finished I found the script useful as another team needed to use the logic.<br /><br />
So this pre beta code is available as a work in progress. It is able with a command line<br /><span style="font-family: "Courier New",Courier,monospace;">java CoverageValidate inventory *.nessus</span><br /><br />To import multiple scan files and an inventory and output lists of missing, extra, and hosts that auth failed.<br /><br />
As you can even see in the code, it is a work in progress but its available so if you run with it share the wealth and send me a copy as I am looking for more ideas.<br />cheers<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-87014176143213077302012-06-25T19:54:00.001-07:002012-06-25T19:54:19.542-07:00NMAP - XML Flat FileCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLNMAPReader.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLNMAPReader.java </a><br />
<br />
-----<br />
<br />
I got started on a tangent today to parse some XML output from NMAP into a flat file for Excel and thought it would not be to bad. <br /><br />Well after 4 or 5 hours of goofing around I got the file working and thought I would toss it up online. It would seem if people are kicking around the idea nothing easly accessible was available for the task.<br /><br />So this code takes output from the following: <br />nmap xxx.xxx.xxx.xxx/xx -PN -O -oX outputFile.xml<br /><br />It will convert it into a Excel or HTML table of the following: <br />IP Address, Port Number, Service Name, Status, Host OS<br /><br />you can run it with the following command<br /><br />java XMLNMAPReader *.xml > OutputFile.[html/xls]<br /><br />cheers - maybe it will help you if not it might help the guy that started me down the road (thx @grecs, its been a fun day)<br /><br />JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-79343493991436280232012-06-25T19:52:00.006-07:002012-06-25T19:53:28.804-07:00The Details - Plugin OutputCode: <br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLValidate_wPlugOut.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLValidate_wPlugOut.java</a> <br />
<br />
-----<br />
<br />
I have been working a lot of fix validation and logic validation this week and was able to develop a few tricks. Both use the XMLValidate source, but one is an enhanced version.<br />
<br />
The code I have for XMLValidate is used thus:<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLValidate <fileName> <pluginID></span></span><br />
<br />
You can check for more than one pluginID at a time just simply keep adding them as args to the command.<br />
<br />
The output looks like this: <br />
--------<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">java XMLValidate ScanInput.nessus 30218</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">PluginID: 30218 was located as item 11903 scanned for in the plugin_set.</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 30218 was identified on host 10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 30218 was identified on host 10.10.10.2</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Scanned Hosts:</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.2</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.3</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.4</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">10.10.10.5</span></span><br />
<br />
Now I needed in the first task to feed in a list of pluginIDs that was gathered from a set of old scans and see if they were found in the new scan files. The logic worked like this:<br />
<br />
Build a list of pluginIDs found in the old files and save them to a txt file (this can be done by using XMLTable and grabbing the PluginID column). <br />
<br />
Then you would want to use the XMLValidate in the following way: <br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">for i in $(cat nessusIDs.txt); do java XMLValidate New-ScanOutput.nessus $i >> NewScan_Validation.txt; done;</span></span><br />
<br />
The result being a txt file with the validation results of all the pluginIDs.<br />
<br />
Fairly simple.<br />
<br />
---<br />
<br />
The next task was a kick back on a specific PluginID that a person had found as a false positive. In this case I needed to know out of the scan files what machines was the pluginID on and what was the specifics as to what was found and what was searched for on the machine. In Nessus this is in the plugin_output of the XML structure.<br />
<br />
So above I modified the XMLValidate to include the plugin_output to the screen for each host that the vulnerability was found on in the file.<br />
<br />
The output looks as follows:<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">----> PluginID 11936 was identified on host 10.10.10.1</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">---------> </span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Remote operating system : CISCO IOS 12.4(19)</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Confidence Level : 100</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Method : SNMP</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">The remote host is running CISCO IOS 12.4(19)</span></span><br />
<br />
This can come in handy when a vulnerability was found on many hosts and you need standard out for the details. For example you could then grep out the OS and conduct counts.<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">for i in *.xml; do java XMLValidate_wPlugOut $i 11936 >> Scan_Validation.txt; done;</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">grep ‘Remote operating system :’ Scan_Validation.txt | sort | uniq -c</span></span><br />
<br />
Would results in a list of each OS found and a count of each unique item.<br />
<br />
In the end this was just one more way to work with the Nessus XML data from the command-line for speed of analysis. I hope it helps<br />
<br />
cheersJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-15049379798815615772012-06-25T19:50:00.000-07:002012-06-25T19:50:14.209-07:00Coverage ScanningCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/CoverageValidate.java</a><br />
<br />
----- <br />
<br />
I had a set of scans that had the following logic flow today.<br />
<br />
- Scan with 95% or better coverage and all scans should be authenticated.<br />
<br />
You run into some interesting things as you think this through: <br />
<br />
To gather coverage you need to have a target inventory and the script must be aware of what 100% consists of.<br />
<br />
To validate authentication its not enough to look for failed items - what if you rescan them, why did it fail, and what if you rescan them how will the script logic work.<br />
<br />
What to do when you find extra hosts not in the inventory.<br />
<br />
This is the set of issues at this point I have set out to code and enough have been finished I found the script useful as another team needed to use the logic.<br />
<br />
So this pre beta code is available as a work in progress. It is able with a command line<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">java CoverageValidate inventory *.nessus</span><br />
<br />
To import multiple scan files and an inventory and output lists of missing, extra, and hosts that auth failed.<br />
<br />
As you can even see in the code, it is a work in progress but its available so if you run with it share the wealth and send me a copy as I am looking for more ideas.<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-86490172727088084542012-06-25T19:48:00.001-07:002012-06-25T19:48:35.352-07:00Vulns Overtime 0.2Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOT.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOT.java</a><br />
<br />
----- <br />
<br />
I was able to play with this code a bit more tonight and added in some more robust information about the PluginID. <br />
<br />
The field now has: <br />
<br />
PluginID: 111111 -- Risk: [Crit/High/Med/Low/None]<br />
Synopsis: Data about the Plugin Issue<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_NBo4-sB8sqdXdB3e5PO8Zk98CERdjTAkdEO6OjEI66v4mWwiYosgwyaEszLGrVE6_muOh7lN2lpZjlYKVNLa57DRm4PBoNYrXkhUd9YC_M6KCtY7haDBi94yb_PcRAbjtXfwNb0wjlBL/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_NBo4-sB8sqdXdB3e5PO8Zk98CERdjTAkdEO6OjEI66v4mWwiYosgwyaEszLGrVE6_muOh7lN2lpZjlYKVNLa57DRm4PBoNYrXkhUd9YC_M6KCtY7haDBi94yb_PcRAbjtXfwNb0wjlBL/s640/3.jpg" width="640" /></a></div>
<br />
<br />
I find this format a little more useful.<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-64382948786174190262012-06-25T19:45:00.000-07:002012-06-25T19:48:20.682-07:00Vulns OvertimeCode:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOT.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLVulnOT.java</a><br />
<br />
----- <br />
I have been thinking of making some code that would track vulnerabilities overtime for a while now and due to a few people looking for it on Twitter I made up some BETA code over the past few hours.<br />
<br />
This script should pull in multiple scans with the following command-line<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">java XMLVulnOT *.nessus > output.[html/xls] </span><br />
<br />
and output a html or xls report with one table per host showing all pluginIDs found in each scan and what reports based on date the pluginID was found in.<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEIZUDRUhuKKFqZ5KnkAgPdoS5GqaFaoxUf_xRn29-iK8G5J4xp-TGXN5w-jKI0y9CmH-A_Xtrc8r66T9A9gGGhGThWUO6VAdLJivkMotUwsVCHkfbGPUIoV0SHf0pqzDtxB-cZejfK9VS/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="449" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEIZUDRUhuKKFqZ5KnkAgPdoS5GqaFaoxUf_xRn29-iK8G5J4xp-TGXN5w-jKI0y9CmH-A_Xtrc8r66T9A9gGGhGThWUO6VAdLJivkMotUwsVCHkfbGPUIoV0SHf0pqzDtxB-cZejfK9VS/s640/2.jpg" width="640" /></a></div>
<br />
<br />
With this report you should be able to see when a vuln was identified, resolved, and if it cropped back up again.<br />
<br />
I hope to have some time to enhance the idea and add in more detail like the PluginID Synopsis into the report as well as an over all system chart.<br />
<br />
If you have ideas for this script please shoot them my way and I will see what i can do to enhance it. <br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0tag:blogger.com,1999:blog-2541995843363831164.post-35616001626518671512012-06-25T19:42:00.001-07:002012-07-12T10:28:19.835-07:00Random Samples 1.1Code:<br />
<a href="https://github.com/JasonMOliver/Java_Parsers/blob/master/sampler.java">https://github.com/JasonMOliver/Java_Parsers/blob/master/sampler.java</a> <br />
<br />
-----<br />
<br />
Below talks a bit about this code. An issue in my variables has caused a math issue with some sample sets so I revisited this code a bit for a fix.<br />
<br />
I have changed the code to use the command-line for an input file so it works thus:<br />
<br />
java sampler inputfile.csv<br />
<br />
Also the math variables are double and round properly so you get an accurate number for large sets. <br />
** If you are using the old source know you may be rounding the wrong way with the sample sets so please use the new code. **<br />
<br />
cheers<br />
<br />
JSNJSNhttp://www.blogger.com/profile/05084238070281602974noreply@blogger.com0