Phishing by data URI

Transcription

1 Phishing by data URI Henning Klevjer October 22, Abstract Historically, phishing web pages have been hosted by web servers that are either compromised or owned by the attacker. This paper introduces a new approach to creating working phishing web pages without the direct need of a host. The contents of the phishing web page is simply contained its own URI (link). We present the appropriate steps to do this, and show a working example of such a phishing page. 2 Introduction Using the data URI scheme it is possible to present media content in a web browser without hosting the actual data on the internet. Data URIs follow this scheme: data:[<mediatype>][;base64],<data> Here, <mediatype> are one of the MIME media types described in RFC 2046[1]. The MIME media types were originally intended for use with ing, but are also used to describe all content on the Internet as well. This means that you can represent any content type (e.g. image/jpeg, text/html, etc.) from the specification that is supported by the web browser. Base64 encoding is optional. Using it ensures that any representation of data can be correctly transferred over the internet, by using a manageable alphabet to represent the data rather than raw bytes. Base64 splits the data into pieces of six bits (yielding 2 6 = 64) different characters to choose from. To exemplify, data:text/plain;,hello 1

2 shows the text hello without the use of Base64 encoding, and data:text/plain;base64,agvsbg8= shows the same hello, and the data field now encoded. Data URI technology has been available as RFC 2397[2] since 1998 described as a way to easily embed text, pictures and other data in HTML pages, and for such it may be more efficient and hassle-free than hosting a possibly large number of small files. However, with the ability to host arbitrary data within a URI, the possibility of doing the same with malicious web content springs to mind. Phishing web pages are minimally modified copies of original web pages, usually hosted at a compromised or malicious web server. Creating a phishing site from PayPal, Inc., for example, usually implies hosting at least a copy of PayPal s login site, credit card information site, or other web page dealing with sensitive data. All content on the web page can be linked from PayPal s own content servers. However, using the data URI scheme to contain the entire web page s contents is also possible. Pictures, JavaScript, style sheets etc. can either be translated into their own data URI embedded in the file, or be linked from their respective sources. In the last case, all content, such as a JavaScript in the head tag, must be referenced in an absolute manner to work, i.e.: <script type= text/javascript src=./javascript.js /> is changed to <script type= text/javascript src= /> or <script type= text/javascript src= data:text/javascript;,contents of javascript.js /> 3 Creating a phishing site An easy recipe of creating a phishing site is shown below: 1. Download the login web page to be copied. 2. Change all file paths relative to the domain to absolute ones, or convert them to data URIs. 3. Make the desired modifications to the site s code. One can, for example, transfer user credentials or private data to another location. 4. (Optional) Encode the text contents of the web page with Base64 encoding to obfuscate the data to the victim. Base64 encoding will extend the overall data size by about 33 %. 2

3 5. Append the encoded material or the text contents of the web page into a data URI: Everything from <!DOCTYPE> (or <HTML>) to </HTML> must be moved into the <data> field above. After this, you will end up with something along these lines. Note that we have used text/html as the MIME type as this is the appropriate way to present HTML pages. data : text / html ; base64, DQo8IURPQ1RZUEUgaHRtbCBQ VUJMSUMgIi0vL1czQy8vRFREIEhUTUwgNC4wMSBUcmFuc2 l0aw9uywwvl0voig0kimh0dha6ly93d3cudzmub3jnl1rs L2h0bWw0L2xvb3NlLmR0ZCI + DQo8aHRtbD4NCiAgICA8aG (...) bnr3zwiylndvys9db250zw50cy9xzwjtzxj2zxjszxnvdx JjZXMvc3dfYmFzZS5jc3MnIHJlbD0ic3R5bGVzaGVldCIg dhlwzt0idgv4dc9jc3mipg0kicagicagica8c3r5bgugdh lwzt0idgv4dc9jc3mipg0kcqkjdgq The length of the final URI is a consequence of the data hidden within. If the original web page is very large, embedding linked material within may not be viable. An example is provided below (Appendix A), which because of its size has been appended at the end. 4 Spreading the phishing web page Remembering that the web page is contained within the URI, only 1 the URI must be passed on to a potential victim. Historically, phishing URIs are transferred by , but in recent years, social media phishing has exploded. The use of URL shortening services has provided an additional layer of uncertainty in abstracting the original URL from the user 2. (At least) One URL shortening services, TinyURL.com 3, also provides the possibility of shortening data URIs into short URLs. Whether or not TinyURL does this unwittingly is not known. 5 Applicability and limitations Being a rather old RFC specification, data URIs are supported by all major contemporary web browsers. A possible problem of this approach is rather 1 The URI could easily reach hundreds of kilobytes 2 However, as the user reaches the target URL, it will be shown in the address bar

4 the web browsers memory management. The address field is simply not created for containing the enormous amount of bytes contained in the data URI. In Google Chrome in particular, a control for unsafe redirection is implemented, disabling the user direct access to a data URI if that URI is the target of a redirection, such as from a URL shortening service. The user is presented with an alert that This webpage is not available, together with the entire URI. Appended below is the error code Error 311 (net::err UNSAFE REDIRECT): Unknown error. indicating that the request was denied due to an unsafe state. However, the target URI is still present in the address field, and a push of the enter button successfully renders the web page. Note that Google Chrome does not produce an error when the user clicks directly on the data URI, without the redirection. As of , these limitations apply to the current web browsers: Opera x > Chrome < x < Internet Explorer unsupported Firefox x > Safari x > All values x > are probably unlimited. 6 Legal issues In addition to the obvious issues with phishing, a discussion is appropriate as to whether a web host that keeps malicious data URIs is liable for hosting the malicious content they represent. In the above scenario, it can be argued that the URL shortening service is the host, as it provides and keeps the actual content. 7 Future Work We may see more of so called spear phishing, attempts focused on individuals, as phishing pages now can be created more easily. A personalised phishing web page can be created automatically, based on gathered information, and transmitted to one victim only. There is reason to believe that the 4

5 data URI scheme can provide other unknown attack vectors, so research on this topic and further scrutiny of the scheme is a prudent choice. 8 Conclusion In this paper we have introduced a new way of presenting phishing web pages using a rather old, seldom used way to present web content. Using this procedure, there is no clear source of the phishing page and its content, which makes it difficult to trace, monitor the movement or establish the origin of the web page. Also, we conclude that phishing no longer requires web hosting of the page 4, so phishing web pages may be more elusive passed around the Internet. They have no established anchor point in the Internet. There is no way to shut down or remove a data URI web page, besides removing all instances of its link. The example presented in this document contains no harmful code. The example, and anything learned from this document should NEVER be used to perform any malicious activity. We do not with this example try to point out any vulnerability or weakness specific to Wikipedia, which was selected because of its international reputation and simple login page. References [1] N. Freed and N. Borenstein. Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types. RFC 2046 (Draft Standard). Updated by RFCs 2646, 3798, Internet Engineering Task Force, Nov url: [2] L. Masinter. The data URL scheme. RFC 2397 (Proposed Standard). Internet Engineering Task Force, Aug url: org/rfc/rfc2397.txt. 4 While transmission of sensitive data can be handled within the phishing page, receiving and storing the data is not taken into consideration here. 5

6 Appendix A: An example phishing web page Below we present a phishing edition of the login and registration page of the English Wikipedia, It is a minimal example, in which some relative links have been corrected. Additionally, the functionality of the Log in button has been altered, showing the password entered in the password field to the user. The login screen of the English Wikipedia can be found here: 6

7 The rendered web page 7

8 Base64 encoded data URI This data URI consists of characters and can with ease be shrunk to 26 characters with a supported URL shortening service, such as the one mentioned. 8

9 data:text/html;base64,pcfet0nuwvbfigh0bwwgufvcteldicitly9xm0mvl0rurcbysfrntcaxljagvhjhbnnpdglv bmfsly9ftiigimh0dha6ly93d3cudzmub3jnl1rsl3hodg1sms9eveqvegh0bwwxlxryyw5zaxrpb25hbc5kdgqipg0kpg h0bwwgbgfuzz0izw4iigrpcj0ibhryiibjbgfzcz0iy2xpzw50lw5vanmiihhtbg5zpsjodhrwoi8vd3d3lnczlm9yzy8x OTk5L3hodG1sIj4NCjxoZWFkPg0KPHRpdGxlPkxvZyBpbiAvIGNyZWF0ZSBhY2NvdW50IC0gV2lraXBlZGlhLCB0aGUgZn JlZSBlbmN5Y2xvcGVkaWE8L3RpdGxlPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0 L2h0bWw7IGNoYXJzZXQ9VVRGLTgiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5cGUiIGNvbnRlbn Q9InRleHQvY3NzIiAvPg0KPG1ldGEgbmFtZT0iZ2VuZXJhdG9yIiBjb250ZW50PSJNZWRpYVdpa2kgMS4yMHdtZjkiIC8+ DQo8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsbm9mb2xsb3ciIC8+DQo8bGluayByZWw9ImFwcGxlLX RvdWNoLWljb24iIGhyZWY9Ii8vZW4ud2lraXBlZGlhLm9yZy9hcHBsZS10b3VjaC1pY29uLnBuZyIgLz4NCjxsaW5rIHJl bd0ic2hvcnrjdxqgawnvbiigahjlzj0il2zhdmljb24uawnviiavpg0kpgxpbmsgcmvspsjzzwfyy2giihr5cgu9imfwcg xpy2f0aw9ul29wzw5zzwfyy2hkzxnjcmlwdglvbit4bwwiighyzwy9imh0dha6ly9odhrwoi8vzw4ud2lraxblzglhlm9y Zy93L29wZW5zZWFyY2hfZGVzYy5waHAiIHRpdGxlPSJXaWtpcGVkaWEgKGVuKSIgLz4NCjxsaW5rIHJlbD0iRWRpdFVSSS IgdHlwZT0iYXBwbGljYXRpb24vcnNkK3htbCIgaHJlZj0iLy9lbi53aWtpcGVkaWEub3JnL3cvYXBpLnBocD9hY3Rpb249 cnnkiiavpg0kpgxpbmsgcmvspsjjb3b5cmlnahqiighyzwy9ii8vy3jlyxrpdmvjb21tb25zlm9yzy9sawnlbnnlcy9ies 1zYS8zLjAvIiAvPg0KPGxpbmsgcmVsPSJhbHRlcm5hdGUiIHR5cGU9ImFwcGxpY2F0aW9uL2F0b20reG1sIiB0aXRsZT0i V2lraXBlZGlhIEF0b20gZmVlZCIgaHJlZj0iaHR0cDovL2VuLndpa2lwZWRpYS5vcmcvdy9pbmRleC5waHA/dGl0bGU9U3 BlY2lhbDpSZWNlbnRDaGFuZ2VzJmFtcDtmZWVkPWF0b20iIC8+DQo8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0 dha6ly9iaxrzlndpa2ltzwrpys5vcmcvzw4ud2lraxblzglhlm9yzy9sb2fklnbocd9kzwj1zz1mywxzzszhbxa7bgfuzz 1lbiZhbXA7bW9kdWxlcz1leHQuZ2FkZ2V0LlJlZmVyZW5jZVRvb2x0aXBzJTJDdGVhaG91c2UlN0NleHQud2lraWhpZXJv JTdDbWVkaWF3aWtpLmxlZ2FjeS5jb21tb25QcmludCUyQ3NoYXJlZCU3Q3NraW5zLnZlY3RvciZhbXA7b25seT1zdHlsZX MmYW1wO3NraW49dmVjdG9yJmFtcDsqIiB0eXBlPSJ0ZXh0L2NzcyIgbWVkaWE9ImFsbCIgLz4NCjxtZXRhIG5hbWU9IlJl c291cmnltg9hzgvyrhluyw1py1n0ewxlcyigy29udgvudd0iiiavpg0kpgxpbmsgcmvspsjzdhlszxnozwv0iibocmvmps JodHRwOi8vYml0cy53aWtpbWVkaWEub3JnL2VuLndpa2lwZWRpYS5vcmcvbG9hZC5waHA/ZGVidWc9ZmFsc2UmYW1wO2xh bmc9zw4myw1wo21vzhvszxm9c2l0zszhbxa7b25set1zdhlszxmmyw1wo3nraw49dmvjdg9yjmftcdsqiib0exblpsj0zx h0l2nzcyigbwvkawe9imfsbciglz4ncjxzdhlszsb0exblpsj0zxh0l2nzcyigbwvkawe9imfsbci+ytpsyw5nkgfyksxh OmxhbmcoY2tiKSxhOmxhbmcoZmEpLGE6bGFuZyhray1hcmFiKSxhOmxhbmcobXpuKSxhOmxhbmcocHMpLGE6bGFuZyh1ci l7dgv4dc1kzwnvcmf0aw9uom5vbmv9dqonci8qignhy2hligtletogzw53awtponjlc291cmnlbg9hzgvyomzpbhrlcjpt aw5pznkty3nzojc6ngvkzjq2n2q1ogzlztq0yzgzzgzlnzi0y2ewn2mxnzkgki88l3n0ewxlpg0kdqo8c2nyaxb0ihnyyz 0iaHR0cDovL2JpdHMud2lraW1lZGlhLm9yZy9lbi53aWtpcGVkaWEub3JnL2xvYWQucGhwP2RlYnVnPWZhbHNlJmFtcDts YW5nPWVuJmFtcDttb2R1bGVzPXN0YXJ0dXAmYW1wO29ubHk9c2NyaXB0cyZhbXA7c2tpbj12ZWN0b3ImYW1wOyoiIHR5cG U9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+aWYod2luZG93 Lm13KXsNCm13LmNvbmZpZy5zZXQoeyJ3Z0Nhbm9uaWNhbE5hbWVzcGFjZSI6IlNwZWNpYWwiLCJ3Z0Nhbm9uaWNhbFNwZW NpYWxQYWdlTmFtZSI6IlVzZXJsb2dpbiIsIndnTmFtZXNwYWNlTnVtYmVyIjotMSwid2dQYWdlTmFtZSI6IlNwZWNpYWw6 VXNlckxvZ2luIiwid2dUaXRsZSI6IlVzZXJMb2dpbiIsIndnQ3VyUmV2aXNpb25JZCI6MCwid2dBcnRpY2xlSWQiOjAsIn dnsxnbcnrpy2xlijpmywxzzswid2dby3rpb24ioij2awv3iiwid2dvc2vytmftzsi6bnvsbcwid2dvc2vyr3jvdxbzijpb IioiXSwid2dDYXRlZ29yaWVzIjpbXSwid2dCcmVha0ZyYW1lcyI6dHJ1ZSwid2dQYWdlQ29udGVudExhbmd1YWdlIjoiZW 4iLCJ3Z1NlcGFyYXRvclRyYW5zZm9ybVRhYmxlIjpbIiIsIiJdLCJ3Z0RpZ2l0VHJhbnNmb3JtVGFibGUiOlsiIiwiIl0s IndnRGVmYXVsdERhdGVGb3JtYXQiOiJkbXkiLCJ3Z01vbnRoTmFtZXMiOlsiIiwiSmFudWFyeSIsIkZlYnJ1YXJ5IiwiTW FyY2giLCJBcHJpbCIsIk1heSIsIkp1bmUiLCJKdWx5IiwiQXVndXN0IiwiU2VwdGVtYmVyIiwiT2N0b2JlciIsIk5vdmVt YmVyIiwiRGVjZW1iZXIiXSwid2dNb250aE5hbWVzU2hvcnQiOlsiIiwiSmFuIiwiRmViIiwiTWFyIiwiQXByIiwiTWF5Ii wisnvuiiwisnvsiiwiqxvniiwiu2vwiiwit2n0iiwitm92iiwirgvjil0sindnumvszxzhbnrqywdltmftzsi6ilnwzwnp YWw6VXNlckxvZ2luIiwid2dTZWFyY2hOYW1lc3BhY2VzIjpbMF0sIndnVmVjdG9yRW5hYmxlZE1vZHVsZXMiOnsiY29sbG Fwc2libGVuYXYiOnRydWUsImNvbGxhcHNpYmxldGFicyI6dHJ1ZSwiZWRpdHdhcm5pbmciOnRydWUsImV4cGFuZGFibGVz ZWFyY2giOmZhbHNlLCJmb290ZXJjbGVhbnVwIjpmYWxzZSwic2VjdGlvbmVkaXRsaW5rcyI6ZmFsc2UsInNpbXBsZXNlYX JjaCI6dHJ1ZSwiZXhwZXJpbWVudHMiOnRydWV9LCJ3Z1dpa2lFZGl0b3JFbmFibGVkTW9kdWxlcyI6eyJ0b29sYmFyIjp0 cnvllcjkawfsb2dzijp0cnvllcjoawrlc2lnijp0cnvllcj0zw1wbgf0zuvkaxrvcii6zmfsc2usinrlbxbsyxrlcyi6zm Fsc2UsInByZXZpZXciOmZhbHNlLCJwcmV2aWV3RGlhbG9nIjpmYWxzZSwicHVibGlzaCI6ZmFsc2UsInRvYyI6ZmFsc2V9 LCJ3Z1RyYWNraW5nVG9rZW4iOiJmMDhiMTgxOTYxMGNhZGZhMjY4Y2UwMmI3YjRhNGZlNyIsIndnQXJ0aWNsZUZlZWRiYW NrdjVQZXJtaXNzaW9ucyI6eyJvdmVyc2lnaHRlciI6ZmFsc2UsIm1vZGVyYXRvciI6ZmFsc2UsImVkaXRvciI6ZmFsc2V9 LCJ3aWtpbG92ZS1yZWNpcGllbnQiOiIiLCJ3aWtpbG92ZS1hbm9uIjowLCJtYkVtYWlsRW5hYmxlZCI6dHJ1ZSwibWJVc2 VyRW1haWwiOmZhbHNlLCJtYklzRW1haWxDb25maXJtYXRpb25QZW5kaW5nIjpmYWxzZSwid2dGbGFnZ2VkUmV2c1BhcmFt cyi6eyj0ywdzijp7inn0yxr1cyi6eyjszxzlbhmiojesinf1ywxpdhkiojisinbyaxn0aw5lijozfx19lcj3z1n0ywjszv JldmlzaW9uSWQiOm51bGwsIndnQ2F0ZWdvcnlUcmVlUGFnZUNhdGVnb3J5T3B0aW9ucyI6IntcIm1vZGVcIjowLFwiaGlk ZXByZWZpeFwiOjIwLFwic2hvd2NvdW50XCI6dHJ1ZSxcIm5hbWVzcGFjZXNcIjpmYWxzZX0iLCJHZW8iOnsiY2l0eSI6Ii IsImNvdW50cnkiOiIifSwid2dOb3RpY2VQcm9qZWN0Ijoid2lraXBlZGlhIn0pOw0KfTwvc2NyaXB0PjxzY3JpcHQgdHlw ZT0idGV4dC9qYXZhc2NyaXB0Ij5pZih3aW5kb3cubXcpew0KbXcubG9hZGVyLmltcGxlbWVudCgidXNlci5vcHRpb25zIi xmdw5jdglvbigpe213lnvzzxiub3b0aw9ucy5zzxqoeyjjy21lb25lbwfpbhmiojasimnvbhmiojgwlcjkyxrlijoizgvm YXVsdCIsImRpZmZvbmx5IjowLCJkaXNhYmxlbWFpbCI6MCwiZGlzYWJsZXN1Z2dlc3QiOjAsImVkaXRmb250IjoiZGVmYX VsdCIsImVkaXRvbmRibGNsaWNrIjowLCJlZGl0c2VjdGlvbiI6MSwiZWRpdHNlY3Rpb25vbnJpZ2h0Y2xpY2siOjAsImVu b3rpzm1pbm9yzwrpdhmiojasimvub3rpznjldmvhbgfkzhiiojasimvub3rpznvzzxj0ywxrcgfnzxmiojesimvub3rpzn dhdgnobglzdhbhz2vzijowlcjlehrlbmr3yxrjagxpc3qiojasimv4dgvybmfszglmzii6mcwizxh0zxjuywxlzgl0b3ii OjAsImZhbmN5c2lnIjowLCJmb3JjZWVkaXRzdW1tYXJ5IjowLCJnZW5kZXIiOiJ1bmtub3duIiwiaGlkZW1pbm9yIjowLC JoaWRlcGF0cm9sbGVkIjowLCJpbWFnZXNpemUiOjIsImp1c3RpZnkiOjAsIm1hdGgiOjAsIm1pbm9yZGVmYXVsdCI6MCwi bmv3cgfnzxnoawrlcgf0cm9sbgvkijowlcjub2nhy2hlijowlcjub2nvbnzlcnrsaw5rijowlcjub3jvbgxiywnrzglmzi I6MCwibnVtYmVyaGVhZGluZ3MiOjAsInByZXZpZXdvbmZpcnN0IjowLCJwcmV2aWV3b250b3AiOjEsInF1aWNrYmFyIjo1 LCJyY2RheXMiOjcsInJjbGltaXQiOjUwLCJyZW1lbWJlcnBhc3N3b3JkIjowLCJyb3dzIjoyNSwic2VhcmNobGltaXQiOj IwLCJzaG93aGlkZGVuY2F0cyI6ZmFsc2UsInNob3dqdW1wbGlua3MiOjEsInNob3dudW1iZXJzd2F0Y2hpbmciOjEsInNo

10 b3d0b2miojesinnob3d0b29symfyijoxlcjza2luijoidmvjdg9yiiwic3r1ynrocmvzag9szci6mcwidgh1bwjzaxplij o0lcj1bmrlcmxpbmuiojisinvzzwxpdmvwcmv2awv3ijowlcj1c2vuzxdyyyi6mcwid2f0y2hjcmvhdglvbnmiojesindh dgnozgvmyxvsdci6mcwid2f0y2hkzwxldglvbii6mcwid2f0y2hsaxn0zgf5cyi6mw0klcj3yxrjagxpc3roawrlyw5vbn MiOjAsIndhdGNobGlzdGhpZGVib3RzIjowLCJ3YXRjaGxpc3RoaWRlbGl1IjowLCJ3YXRjaGxpc3RoaWRlbWlub3IiOjAs IndhdGNobGlzdGhpZGVvd24iOjAsIndhdGNobGlzdGhpZGVwYXRyb2xsZWQiOjAsIndhdGNobW92ZXMiOjAsIndsbGltaX QiOjI1MCwiZmxhZ2dlZHJldnNzaW1wbGV1aSI6MSwiZmxhZ2dlZHJldnNzdGFibGUiOjAsImZsYWdnZWRyZXZzZWRpdGRp ZmZzIjp0cnVlLCJmbGFnZ2VkcmV2c3ZpZXdkaWZmcyI6ZmFsc2UsInZlY3Rvci1zaW1wbGVzZWFyY2giOjEsInVzZWVkaX R3YXJuaW5nIjoxLCJ2ZWN0b3ItY29sbGFwc2libGVuYXYiOjEsInVzZWJldGF0b29sYmFyIjoxLCJ1c2ViZXRhdG9vbGJh ci1jz2qiojesindpa2lsb3zllwvuywjszwqiojesinzhcmlhbnqioijlbiisimxhbmd1ywdlijoizw4ilcjzzwfyy2hocz AiOnRydWUsInNlYXJjaE5zMSI6ZmFsc2UsInNlYXJjaE5zMiI6ZmFsc2UsInNlYXJjaE5zMyI6ZmFsc2UsInNlYXJjaE5z NCI6ZmFsc2UsInNlYXJjaE5zNSI6ZmFsc2UsInNlYXJjaE5zNiI6ZmFsc2UsInNlYXJjaE5zNyI6ZmFsc2UsInNlYXJjaE 5zOCI6ZmFsc2UsInNlYXJjaE5zOSI6ZmFsc2UsInNlYXJjaE5zMTAiOmZhbHNlLCJzZWFyY2hOczExIjpmYWxzZSwic2Vh cmnotnmxmii6zmfsc2usinnlyxjjae5zmtmiomzhbhnllcjzzwfyy2hocze0ijpmywxzzswic2vhcmnotnmxnsi6zmfsc2 UsInNlYXJjaE5zMTAwIjpmYWxzZSwic2VhcmNoTnMxMDEiOmZhbHNlLCJzZWFyY2hOczEwOCI6ZmFsc2UsInNlYXJjaE5z MTA5IjpmYWxzZSwiZ2FkZ2V0LXRlYWhvdXNlIjoxLCJnYWRnZXQtUmVmZXJlbmNlVG9vbHRpcHMiOjEsImdhZGdldC1EUk 4td2l6YXJkIjoxLCJnYWRnZXQtbXlTYW5kYm94IjoxfSk7O30se30se30pO213LmxvYWRlci5pbXBsZW1lbnQoInVzZXIu dg9rzw5ziixmdw5jdglvbigpe213lnvzzxiudg9rzw5zlnnldch7imvkaxrub2tlbii6iitcxcisdqoid2f0y2hub2tlbi I6ZmFsc2V9KTs7fSx7fSx7fSk7DQoNCi8qIGNhY2hlIGtleTogZW53aWtpOnJlc291cmNlbG9hZGVyOmZpbHRlcjptaW5p ZnktanM6Nzo4MWY3YzA1MDJlMzQ3ODIyZjE0YmU4MWY5NmZmMDNhYiAqLw0KfTwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPS J0ZXh0L2phdmFzY3JpcHQiPmlmKHdpbmRvdy5tdyl7DQptdy5sb2FkZXIubG9hZChbIm1lZGlhd2lraS5wYWdlLnN0YXJ0 dxailcjtzwrpyxdpa2kubgvnywn5lndpa2liaxrziiwibwvkawf3awtplmxlz2fjes5hamf4iiwizxh0lndpa2ltzwrpyv Nob3BMaW5rLmNvcmUiXSk7DQp9PC9zY3JpcHQ+DQo8IS0tW2lmIGx0IElFIDddPjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+ Ym9keXtiZWhhdmlvcjp1cmwoIi93L3NraW5zLTEuMjB3bWY5L3ZlY3Rvci9jc3Nob3Zlci5taW4uaHRjIil9PC9zdHlsZT 48IVtlbmRpZl0tLT48L2hlYWQ+DQo8Ym9keSBjbGFzcz0ibWVkaWF3aWtpIGx0ciBzaXRlZGlyLWx0ciBucy0tMSBucy1z cgvjawfsig13lxnwzwnpywwtvxnlcmxvz2luihbhz2utu3bly2lhbf9vc2vytg9naw4gc2tpbi12zwn0b3igywn0aw9ulx ZpZXcgdmVjdG9yLWFuaW1hdGVMYXlvdXQiPg0KCQk8ZGl2IGlkPSJtdy1wYWdlLWJhc2UiIGNsYXNzPSJub3ByaW50Ij48 L2Rpdj4NCgkJPGRpdiBpZD0ibXctaGVhZC1iYXNlIiBjbGFzcz0ibm9wcmludCI+PC9kaXY+DQoJCTwhLS0gY29udGVudC AtLT4NCgkJPGRpdiBpZD0iY29udGVudCIgY2xhc3M9Im13LWJvZHkiPg0KCQkJPGEgaWQ9InRvcCI+PC9hPg0KCQkJPGRp dibpzd0ibxctanmtbwvzc2fnzsigc3r5bgu9imrpc3bsyxk6bm9uztsipjwvzgl2pg0kcqkjcqkjpcetlsbzaxrlbm90aw NlIC0tPg0KCQkJPGRpdiBpZD0ic2l0ZU5vdGljZSI+PCEtLSBjZW50cmFsTm90aWNlIGxvYWRzIGhlcmUgLS0+PC9kaXY+ DQoJCQk8IS0tIC9zaXRlbm90aWNlIC0tPg0KCQkJCQkJPCEtLSBmaXJzdEhlYWRpbmcgLS0+DQoJCQk8aDEgaWQ9ImZpcn N0SGVhZGluZyIgY2xhc3M9ImZpcnN0SGVhZGluZyI+PHNwYW4gZGlyPSJhdXRvIj5Mb2cgaW4gLyBjcmVhdGUgYWNjb3Vu ddwvc3bhbj48l2gxpg0kcqkjpcetlsavzmlyc3rizwfkaw5nic0tpg0kcqkjpcetlsbib2r5q29udgvudcatlt4ncgkjct xkaxygawq9imjvzhldb250zw50ij4ncgkjcqkjcqkjpcetlsbzdwj0axrszsatlt4ncgkjcqk8zgl2iglkpsjjb250zw50 U3ViIj48L2Rpdj4NCgkJCQk8IS0tIC9zdWJ0aXRsZSAtLT4NCgkJCQkJCQkJCQkJCQkJCQk8IS0tIGp1bXB0byAtLT4NCg kjcqk8zgl2iglkpsjqdw1wlxrvlw5hdiigy2xhc3m9im13lwp1bxaipg0kcqkjcqlkdw1wihrvogkjcqkjpgegahjlzj0i I213LWhlYWQiPm5hdmlnYXRpb248L2E+LCAJCQkJCTxhIGhyZWY9IiNwLXNlYXJjaCI+c2VhcmNoPC9hPg0KCQkJCTwvZG l2pg0kcqkjctwhls0gl2p1bxb0byatlt4ncgkjcqkjcqkjpcetlsbib2r5y29udgvudcatlt4ncgkjcqk8zgl2iglkpsjt dy1jb250zw50lxrlehqipjxkaxygc3r5bgu9imrpc3bsyxk6bm9uztsiignsyxnzpsjwzwytbm90awzpy2f0aw9ulwnvbn RhaW5lciI+DQoJPGRpdiBjbGFzcz0icGVmLW5vdGlmaWNhdGlvbiI+DQoJCTxkaXYgY2xhc3M9InBlZi1ub3RpZmljYXRp b24ty2hly2ttyxjrij4mbmjzcds8l2rpdj4ncgkjphnwyw4+pc9zcgfupg0kctwvzgl2pg0kpc9kaxy+dqo8zgl2iglkps Jsb2dpbnN0YXJ0Ij48L2Rpdj4NCjxkaXYgaWQ9InVzZXJsb2dpbkZvcm0iPg0KPGZvcm0gbmFtZT0idXNlcmxvZ2luIiBt ZXRob2Q9InBvc3QiIGFjdGlvbj0iaHR0cDovL2h0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3cvaW5kZXgucGhwP3RpdGxlPV NwZWNpYWw6VXNlckxvZ2luJmFtcDthY3Rpb249c3VibWl0bG9naW4mYW1wO3R5cGU9bG9naW4mYW1wO3JldHVybnRvPVdp a2lwzwrpysi+dqojpggypkxvzybpbjwvadi+dqojphagawq9invzzxjsb2dpbmxpbmsipkrvbid0ighhdmugyw4gywnjb3 VudD8gPGEgaHJlZj0iaHR0cDovL2h0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3cvaW5kZXgucGhwP3RpdGxlPVNwZWNpYWw6 VXNlckxvZ2luJmFtcDt0eXBlPXNpZ251cCZhbXA7cmV0dXJudG89V2lraXBlZGlhIj5DcmVhdGUgb25lPC9hPi48L3A+DQ ojctxkaxygawq9invzzxjsb2dpbnbyb21wdci+pc9kaxy+dqojctx0ywjszt4ncgkjphrypg0kcqkjphrkignsyxnzpsjt dy1sywjlbci+pgxhymvsigzvcj0nd3boyw1lmsc+vxnlcm5hbwu6pc9sywjlbd48l3rkpg0kcqkjphrkignsyxnzpsjtdy 1pbnB1dCI+DQoJCQkJPGlucHV0IGNsYXNzPSJsb2dpblRleHQiIGlkPSJ3cE5hbWUxIiB0YWJpbmRleD0iMSIgc2l6ZT0i MjAiIHR5cGU9InRleHQiIG5hbWU9IndwTmFtZSIgLz4NCgkJCTwvdGQ+DQoJCTwvdHI+DQoJCTx0cj4NCgkJCTx0ZCBjbG Fzcz0ibXctbGFiZWwiPjxsYWJlbCBmb3I9J3dwUGFzc3dvcmQxJz5QYXNzd29yZDo8L2xhYmVsPjwvdGQ+DQoJCQk8dGQg Y2xhc3M9Im13LWlucHV0Ij4NCgkJCQk8aW5wdXQgY2xhc3M9ImxvZ2luUGFzc3dvcmQiIGlkPSJ3cFBhc3N3b3JkMSIgdG FiaW5kZXg9IjIiIHNpemU9IjIwIiB0eXBlPSJwYXNzd29yZCIgbmFtZT0id3BQYXNzd29yZCIgLz4NCgkJCTwvdGQ+DQoJ CTwvdHI+DQoJCQk8dHI+DQoJCQk8dGQ+PC90ZD4NCgkJCTx0ZCBjbGFzcz0ibXctaW5wdXQiPg0KCQkJCTxpbnB1dCBuYW 1lPSJ3cFJlbWVtYmVyIiB0eXBlPSJjaGVja2JveCIgdmFsdWU9IjEiIGlkPSJ3cFJlbWVtYmVyIiB0YWJpbmRleD0iOCIg Lz4mIzE2MDs8bGFiZWwgZm9yPSJ3cFJlbWVtYmVyIj5SZW1lbWJlciBtZSAodXAgdG8gMTgwIGRheXMpPC9sYWJlbD4JCQ k8l3rkpg0kcqk8l3rypg0kcqk8dhi+dqojcqk8dgq+pc90zd4ncgkjctx0zcbjbgfzcz0ibxctc3vibwl0ij4ncgkjcqk8 aw5wdxqgawq9indwtg9naw5bdhrlbxb0iib0ywjpbmrled0iosigdhlwzt0iynv0dg9uiib2ywx1zt0itg9nigluiibuyw 1lPSJ3cExvZ2luQXR0ZW1wdCIgb25DbGljaz0iYWxlcnQoJ1lvdXIgcGFzc3dvcmQgaXMgJyArIGRvY3VtZW50LnVzZXJs b2dpbi53cfbhc3n3b3jklnzhbhvlktsiic8+jimxnja7pgegahjlzj0il3dpa2kvu3bly2lhbdpqyxnzd29yzfjlc2v0ii B0aXRsZT0iU3BlY2lhbDpQYXNzd29yZFJlc2V0Ij5Gb3Jnb3R0ZW4geW91ciBsb2dpbiBkZXRhaWxzPzwvYT4NCgkJCTwv dgq+dqojctwvdhi+dqojpc90ywjszt4ncjxpbnb1dcb0exblpsjoawrkzw4iig5hbwu9indwtg9naw5ub2tlbiigdmfsdw U9IjZiODIyODZiZWQwMjc0YzcyMzlmYTgxNWNlM2VhM2Q2IiAvPjwvZm9ybT4NCjwvZGl2Pg0KPGRpdiBpZD0ibG9naW5l bmqipjxkaxygc3r5bgu9imnszwfyoibib3rooyi+pc9kaxy+dqo8zgl2ignsyxnzpsjwbgfpbmxpbmtzij48adm+idxzcg FuIGNsYXNzPSJtdy1oZWFkbGluZSIgaWQ9IlNlY3VyZV95b3VyX2FjY291bnQ6Ij5TZWN1cmUgeW91ciBhY2NvdW50Ojwv c3bhbj48l2gzpg0kphvspjxsat4gq29uc2lkzxigbg9nz2luzybpbibvbib0agugpgegy2xhc3m9imv4dgvybmfsihrleh

11 QiIGhyZWY9Imh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1NwZWNpYWw6VXNlckxvZ2luIj5zZWN1cmUgc2VydmVy PC9hPi4NCjwvbGk+PGxpPiBJZiB5b3VyIHBhc3N3b3JkIG9ubHkgY29udGFpbnMgbGV0dGVycyBvciBvbmx5IG51bWJlcn MsIHBsZWFzZSByZWFkIG91ciBhcnRpY2xlIG9uIDxhIGhyZWY9Ii93aWtpL1Bhc3N3b3JkX3N0cmVuZ3RoIiB0aXRsZT0i UGFzc3dvcmQgc3RyZW5ndGgiPnBhc3N3b3JkIHN0cmVuZ3RoPC9hPiBhbmQgY29uc2lkZXIgY2hhbmdpbmcgaXQgKGluID xhighyzwy9ii93awtpl1nwzwnpyww6uhjlzmvyzw5jzxmiihrpdgxlpsjtcgvjawfsolbyzwzlcmvuy2vzij5tcgvjawfs OlByZWZlcmVuY2VzPC9hPiBhZnRlciB5b3UgbG9nIGluKS4NCjwvbGk+PGxpPiBUbyBhdm9pZCBiZWNvbWluZyBhIHZpY3 RpbSBvZiA8YSBocmVmPSIvd2lraS9QaGlzaGluZyIgdGl0bGU9IlBoaXNoaW5nIj5waGlzaGluZzwvYT4sIGFsd2F5cyB2 ZXJpZnkgdGhhdCB5b3UgYXJlIHZpZXdpbmcgPGEgY2xhc3M9ImV4dGVybmFsIHRleHQiIGhyZWY9Ii8vZW4ud2lraXBlZG lhlm9yzy93awtpl1nwzwnpyww6vxnlckxvz2luij5xawtpcgvkawencybsb2dpbibwywdlpc9hpib3agvuigxvz2dpbmcg aw4uifdpa2lwzwrpysb3awxsig5ldmvyigfzaybmb3igyw55igluzm9ybwf0aw9uig90agvyihroyw4gew91cib1c2vybm FtZSwgcGFzc3dvcmQgYW5kIGUtbWFpbCBhZGRyZXNzLg0KPC9saT48bGk+IERvIG5vdCBnaXZlIG91dCB5b3VyIHBhc3N3 b3jkihrvigfuew9uzs4ncjwvbgk+pgxppibjzib5b3vyigfjy291bnqgaxmgy29tchjvbwlzzwqsigl0ig1hesbizsbwzx JtYW5lbnRseSBibG9ja2VkIHVubGVzcyB5b3UgY2FuIHByb3ZlIHlvdSBhcmUgaXRzIHJpZ2h0ZnVsIG93bmVyLg0KPC9s at48bgk+iefzigegc2fmzwd1yxjkihlvdsbtyxkgimnvbw1pdcigdg8gew91cibpzgvudgl0esbiesbhzgrpbmcgysa8ys BocmVmPSIvd2lraS9DcnlwdG9ncmFwaGljX2hhc2hfZnVuY3Rpb24iIHRpdGxlPSJDcnlwdG9ncmFwaGljIGhhc2ggZnVu Y3Rpb24iPmNyeXB0b2dyYXBoaWMgaGFzaDwvYT4gdG8geW91ciA8YSBocmVmPSIvd2lraS9XaWtpcGVkaWE6VXNlcl9wYW dliib0axrszt0iv2lraxblzglholvzzxigcgfnzsigy2xhc3m9im13lxjlzglyzwn0ij51c2vyihbhz2u8l2e+igfzigv4 cgxhaw5lzca8ysbocmvmpsivd2lras9uzw1wbgf0ztpvc2vyx2nvbw1pdhrlzf9pzgvudgl0esigdgl0bgu9ilrlbxbsyx RlOlVzZXIgY29tbWl0dGVkIGlkZW50aXR5Ij5oZXJlPC9hPi4gVGhpcyBtYWtlcyBpdCBhbG1vc3QgaW1wb3NzaWJsZSBm b3igyw4gaw1wb3n0b3igdg8gy29udgludwugaw1wzxjzb25hdgluzyb5b3ugb25jzsb5b3ugcmvnywluignvbnryb2wgb2 YgeW91ciBhY2NvdW50Lg0KPC9saT48L3VsPg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2PgkJCQk8IS0tIC9ib2R5Y29udGVu dcatlt4ncgkjcqkjcqkjpcetlsbwcmludgzvb3rlciatlt4ncgkjcqk8zgl2ignsyxnzpsjwcmludgzvb3rlcii+dqojcq kjumv0cmlldmvkigzyb20gijxhighyzwy9imh0dha6ly9lbi53awtpcgvkaweub3jnl3dpa2kvu3bly2lhbdpvc2vytg9n aw4ipmh0dha6ly9lbi53awtpcgvkaweub3jnl3dpa2kvu3bly2lhbdpvc2vytg9naw48l2e+igkjcqk8l2rpdj4ncgkjcq k8is0tic9wcmludgzvb3rlciatlt4ncgkjcqkjcqkjcqkjctwhls0gy2f0bglua3mgls0+dqojcqkjpgrpdibpzd0ny2f0 bglua3mnignsyxnzpsdjyxrsaw5rcybjyxrsaw5rcy1hbgxoawrkzw4npjwvzgl2pgkjcqk8is0tic9jyxrsaw5rcyatlt 4NCgkJCQkJCQkJCQkJCTxkaXYgY2xhc3M9InZpc3VhbENsZWFyIj48L2Rpdj4NCgkJCQk8IS0tIGRlYnVnaHRtbCAtLT4N CgkJCQkJCQkJPCEtLSAvZGVidWdodG1sIC0tPg0KCQkJPC9kaXY+DQoJCQk8IS0tIC9ib2R5Q29udGVudCAtLT4NCgkJPC 9kaXY+DQoJCTwhLS0gL2NvbnRlbnQgLS0+DQoJCTwhLS0gaGVhZGVyIC0tPg0KCQk8ZGl2IGlkPSJtdy1oZWFkIiBjbGFz cz0ibm9wcmludci+dqoncjwhls0gmcatlt4ncjxkaxygawq9inatcgvyc29uywwiignsyxnzpsiipg0kctxont5qzxjzb2 5hbCB0b29sczwvaDU+DQoJPHVsPg0KCQk8bGkgaWQ9InB0LWNyZWF0ZWFjY291bnQiPjxhIGhyZWY9Imh0dHA6Ly9odHRw Oi8vZW4ud2lraXBlZGlhLm9yZy93L2luZGV4LnBocD90aXRsZT1TcGVjaWFsOlVzZXJMb2dpbiZhbXA7cmV0dXJudG89V2 lraxblzglhjmftcdt0exblpxnpz251cci+q3jlyxrligfjy291bnq8l2e+pc9sat4ncgkjpgxpiglkpsjwdc1sb2dpbiig Y2xhc3M9ImFjdGl2ZSI+PGEgaHJlZj0iaHR0cDovL2h0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3cvaW5kZXgucGhwP3RpdG xlpvnwzwnpyww6vxnlckxvz2lujmftcdtyzxr1cm50bz1xawtpcgvkaweiihrpdgxlpsjzb3ugyxjligvuy291cmfnzwqg dg8gbg9nigluoybob3dldmvylcbpdcbpcybub3qgbwfuzgf0b3j5libbb10iigfjy2vzc2tlet0ibyi+tg9niglupc9hpj wvbgk+dqojpc91bd4ncjwvzgl2pg0kdqo8is0tic8wic0tpg0kcqkjpgrpdibpzd0ibgvmdc1uyxzpz2f0aw9uij4ncg0k PCEtLSAwIC0tPg0KPGRpdiBpZD0icC1uYW1lc3BhY2VzIiBjbGFzcz0idmVjdG9yVGFicyI+DQoJPGg1Pk5hbWVzcGFjZX M8L2g1Pg0KCTx1bD4NCgkJCQkJPGxpICBpZD0iY2EtbnN0YWItc3BlY2lhbCIgY2xhc3M9InNlbGVjdGVkIj48c3Bhbj48 YSBocmVmPSJodHRwOi8vaHR0cDovL2VuLndpa2lwZWRpYS5vcmcvdy9pbmRleC5waHA/dGl0bGU9U3BlY2lhbDpVc2VyTG 9naW4mYW1wO3JldHVybnRvPVdpa2lwZWRpYSIgIHRpdGxlPSJUaGlzIGlzIGEgc3BlY2lhbCBwYWdlIHdoaWNoIHlvdSBj YW5ub3QgZWRpdCI+U3BlY2lhbCBwYWdlPC9hPjwvc3Bhbj48L2xpPg0KCQkJPC91bD4NCjwvZGl2Pg0KDQo8IS0tIC8wIC 0tPg0KDQo8IS0tIDEgLS0+DQo8ZGl2IGlkPSJwLXZhcmlhbnRzIiBjbGFzcz0idmVjdG9yTWVudSBlbXB0eVBvcnRsZXQi Pg0KCTxoND4NCgkJPC9oND4NCgk8aDU+PHNwYW4+VmFyaWFudHM8L3NwYW4+PGEgaHJlZj0iIyI+PC9hPjwvaDU+DQoJPG RpdiBjbGFzcz0ibWVudSI+DQoJCTx1bD4NCgkJCQkJPC91bD4NCgk8L2Rpdj4NCjwvZGl2Pg0KDQo8IS0tIC8xIC0tPg0K CQkJPC9kaXY+DQoJCQk8ZGl2IGlkPSJyaWdodC1uYXZpZ2F0aW9uIj4NCg0KPCEtLSAwIC0tPg0KPGRpdiBpZD0icC12aW V3cyIgY2xhc3M9InZlY3RvclRhYnMgZW1wdHlQb3J0bGV0Ij4NCgk8aDU+Vmlld3M8L2g1Pg0KCTx1bD4NCgkJCTwvdWw+ DQo8L2Rpdj4NCg0KPCEtLSAvMCAtLT4NCg0KPCEtLSAxIC0tPg0KPGRpdiBpZD0icC1jYWN0aW9ucyIgY2xhc3M9InZlY3 Rvck1lbnUgZW1wdHlQb3J0bGV0Ij4NCgk8aDU+PHNwYW4+QWN0aW9uczwvc3Bhbj48YSBocmVmPSIjIj48L2E+PC9oNT4N Cgk8ZGl2IGNsYXNzPSJtZW51Ij4NCgkJPHVsPg0KCQkJCQk8L3VsPg0KCTwvZGl2Pg0KPC9kaXY+DQoNCjwhLS0gLzEgLS 0+DQoNCjwhLS0gMiAtLT4NCjxkaXYgaWQ9InAtc2VhcmNoIj4NCgk8aDU+PGxhYmVsIGZvcj0ic2VhcmNoSW5wdXQiPlNl YXJjaDwvbGFiZWw+PC9oNT4NCgk8Zm9ybSBhY3Rpb249Imh0dHA6Ly9odHRwOi8vZW4ud2lraXBlZGlhLm9yZy93L2luZG V4LnBocCIgaWQ9InNlYXJjaGZvcm0iPg0KCQkJCTxkaXYgaWQ9InNpbXBsZVNlYXJjaCI+DQoJCQkJCQk8aW5wdXQgdHlw ZT0idGV4dCIgbmFtZT0ic2VhcmNoIiB2YWx1ZT0iIiB0aXRsZT0iU2VhcmNoIFdpa2lwZWRpYSBbZl0iIGFjY2Vzc2tleT 0iZiIgaWQ9InNlYXJjaElucHV0IiAvPgkJCQkJCTxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJidXR0b24iIHRpdGxl PSJTZWFyY2ggV2lraXBlZGlhIGZvciB0aGlzIHRleHQiIGlkPSJzZWFyY2hCdXR0b24iIHdpZHRoPSIxMiIgaGVpZ2h0PS IxMyI+PGltZyBzcmM9Imh0dHA6Ly9iaXRzLndpa2ltZWRpYS5vcmcvc3RhdGljLTEuMjB3bWY5L3NraW5zL3ZlY3Rvci9p bwfnzxmvc2vhcmnolwx0ci5wbmc/mzazltqiigfsdd0iu2vhcmnoiiavpjwvynv0dg9upgkjcqkjcqkjpgluchv0ihr5cg U9J2hpZGRlbicgbmFtZT0idGl0bGUiIHZhbHVlPSJTcGVjaWFsOlNlYXJjaCIvPg0KCQk8L2Rpdj4NCgk8L2Zvcm0+DQo8 L2Rpdj4NCg0KPCEtLSAvMiAtLT4NCgkJCTwvZGl2Pg0KCQk8L2Rpdj4NCgkJPCEtLSAvaGVhZGVyIC0tPg0KCQk8IS0tIH BhbmVsIC0tPg0KCQkJPGRpdiBpZD0ibXctcGFuZWwiIGNsYXNzPSJub3ByaW50Ij4NCgkJCQk8IS0tIGxvZ28gLS0+DQoJ CQkJCTxkaXYgaWQ9InAtbG9nbyI+PGEgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6IHVybChodHRwOi8vdXBsb2FkLndpa2 ltzwrpys5vcmcvd2lraxblzglhl2vul2ivymmvv2lras5wbmcpoyigahjlzj0il3dpa2kvtwfpbl9qywdliiagdgl0bgu9 IlZpc2l0IHRoZSBtYWluIHBhZ2UiPjwvYT48L2Rpdj4NCgkJCQk8IS0tIC9sb2dvIC0tPg0KDQo8IS0tIG5hdmlnYXRpb2 4gLS0+DQo8ZGl2IGNsYXNzPSJwb3J0YWwiIGlkPSdwLW5hdmlnYXRpb24nPg0KCTxoNT5OYXZpZ2F0aW9uPC9oNT4NCgk8 ZGl2IGNsYXNzPSJib2R5Ij4NCgkJPHVsPg0KCQkJPGxpIGlkPSJuLW1haW5wYWdlLWRlc2NyaXB0aW9uIj48YSBocmVmPS Ivd2lraS9NYWluX1BhZ2UiIHRpdGxlPSJWaXNpdCB0aGUgbWFpbiBwYWdlIFt6XSIgYWNjZXNza2V5PSJ6Ij5NYWluIHBh

12 Z2U8L2E+PC9saT4NCgkJCTxsaSBpZD0ibi1jb250ZW50cyI+PGEgaHJlZj0iL3dpa2kvUG9ydGFsOkNvbnRlbnRzIiB0aX RsZT0iR3VpZGVzIHRvIGJyb3dzaW5nIFdpa2lwZWRpYSI+Q29udGVudHM8L2E+PC9saT4NCgkJCTxsaSBpZD0ibi1mZWF0 dxjlzgnvbnrlbnqipjxhighyzwy9ii93awtpl1bvcnrhbdpgzwf0dxjlzf9jb250zw50iib0axrszt0irmvhdhvyzwqgy2 9udGVudCDigJMgdGhlIGJlc3Qgb2YgV2lraXBlZGlhIj5GZWF0dXJlZCBjb250ZW50PC9hPjwvbGk+DQoJCQk8bGkgaWQ9 Im4tY3VycmVudGV2ZW50cyI+PGEgaHJlZj0iL3dpa2kvUG9ydGFsOkN1cnJlbnRfZXZlbnRzIiB0aXRsZT0iRmluZCBiYW NrZ3JvdW5kIGluZm9ybWF0aW9uIG9uIGN1cnJlbnQgZXZlbnRzIj5DdXJyZW50IGV2ZW50czwvYT48L2xpPg0KCQkJPGxp IGlkPSJuLXJhbmRvbXBhZ2UiPjxhIGhyZWY9Ii93aWtpL1NwZWNpYWw6UmFuZG9tIiB0aXRsZT0iTG9hZCBhIHJhbmRvbS BhcnRpY2xlIFt4XSIgYWNjZXNza2V5PSJ4Ij5SYW5kb20gYXJ0aWNsZTwvYT48L2xpPg0KCQkJPGxpIGlkPSJuLXNpdGVz dxbwb3j0ij48ysbocmvmpsivl2rvbmf0zs53awtpbwvkaweub3jnl3dpa2kvu3bly2lhbdpgdw5kcmfpc2vyumvkaxjly3 Rvcj91dG1fc291cmNlPWRvbmF0ZSZhbXA7dXRtX21lZGl1bT1zaWRlYmFyJmFtcDt1dG1fY2FtcGFpZ249MjAxMjA3MTdT QjAwMSZhbXA7dXNlbGFuZz1lbiIgdGl0bGU9IlN1cHBvcnQgdXMiPkRvbmF0ZSB0byBXaWtpcGVkaWE8L2E+PC9saT4NCg kjpc91bd4ncgk8l2rpdj4ncjwvzgl2pg0kdqo8is0tic9uyxzpz2f0aw9uic0tpg0kdqo8is0tifnfqvjdscatlt4ncg0k PCEtLSAvU0VBUkNIIC0tPg0KDQo8IS0tIGludGVyYWN0aW9uIC0tPg0KPGRpdiBjbGFzcz0icG9ydGFsIiBpZD0ncC1pbn RlcmFjdGlvbic+DQoJPGg1PkludGVyYWN0aW9uPC9oNT4NCgk8ZGl2IGNsYXNzPSJib2R5Ij4NCgkJPHVsPg0KCQkJPGxp IGlkPSJuLWhlbHAiPjxhIGhyZWY9Ii93aWtpL0hlbHA6Q29udGVudHMiIHRpdGxlPSJHdWlkYW5jZSBvbiBob3cgdG8gdX NlIGFuZCBlZGl0IFdpa2lwZWRpYSI+SGVscDwvYT48L2xpPg0KCQkJPGxpIGlkPSJuLWFib3V0c2l0ZSI+PGEgaHJlZj0i L3dpa2kvV2lraXBlZGlhOkFib3V0IiB0aXRsZT0iRmluZCBvdXQgYWJvdXQgV2lraXBlZGlhIj5BYm91dCBXaWtpcGVkaW E8L2E+PC9saT4NCgkJCTxsaSBpZD0ibi1wb3J0YWwiPjxhIGhyZWY9Ii93aWtpL1dpa2lwZWRpYTpDb21tdW5pdHlfcG9y dgfsiib0axrszt0iqwjvdxqgdghlihbyb2ply3qsihdoyxqgew91ignhbibkbywgd2hlcmugdg8gzmluzcb0agluz3mipk NvbW11bml0eSBwb3J0YWw8L2E+PC9saT4NCgkJCTxsaSBpZD0ibi1yZWNlbnRjaGFuZ2VzIj48YSBocmVmPSIvd2lraS9T cgvjawfsoljly2vudenoyw5nzxmiihrpdgxlpsjbigxpc3qgb2ygcmvjzw50ignoyw5nzxmgaw4gdghlihdpa2kgw3jdii BhY2Nlc3NrZXk9InIiPlJlY2VudCBjaGFuZ2VzPC9hPjwvbGk+DQoJCQk8bGkgaWQ9Im4tY29udGFjdCI+PGEgaHJlZj0i L3dpa2kvV2lraXBlZGlhOkNvbnRhY3RfdXMiIHRpdGxlPSJIb3cgdG8gY29udGFjdCBXaWtpcGVkaWEiPkNvbnRhY3QgV2 lraxblzglhpc9hpjwvbgk+dqojctwvdww+dqojpc9kaxy+dqo8l2rpdj4ncg0kpcetlsavaw50zxjhy3rpb24gls0+dqon CjwhLS0gVE9PTEJPWCAtLT4NCjxkaXYgY2xhc3M9InBvcnRhbCIgaWQ9J3AtdGInPg0KCTxoNT5Ub29sYm94PC9oNT4NCg k8zgl2ignsyxnzpsjib2r5ij4ncgkjphvspg0kcqkjpgxpiglkpsj0lxvwbg9hzci+pgegahjlzj0il3dpa2kvv2lraxbl ZGlhOlVwbG9hZCIgdGl0bGU9IlVwbG9hZCBmaWxlcyBbdV0iIGFjY2Vzc2tleT0idSI+VXBsb2FkIGZpbGU8L2E+PC9saT 4NCgkJCTxsaSBpZD0idC1zcGVjaWFscGFnZXMiPjxhIGhyZWY9Ii93aWtpL1NwZWNpYWw6U3BlY2lhbFBhZ2VzIiB0aXRs ZT0iQSBsaXN0IG9mIGFsbCBzcGVjaWFsIHBhZ2VzIFtxXSIgYWNjZXNza2V5PSJxIj5TcGVjaWFsIHBhZ2VzPC9hPjwvbG k+dqojctwvdww+dqojpc9kaxy+dqo8l2rpdj4ncg0kpcetlsavve9ptejpwcatlt4ncg0kpcetlsbmqu5hvufhrvmgls0+ DQoNCjwhLS0gL0xBTkdVQUdFUyAtLT4NCgkJCTwvZGl2Pg0KCQk8IS0tIC9wYW5lbCAtLT4NCgkJPCEtLSBmb290ZXIgLS 0+DQoJCTxkaXYgaWQ9ImZvb3RlciI+DQoJCQkJCQkJPHVsIGlkPSJmb290ZXItcGxhY2VzIj4NCgkJCQkJCQkJCQkJPGxp IGlkPSJmb290ZXItcGxhY2VzLXByaXZhY3kiPjxhIGhyZWY9Ii8vd2lraW1lZGlhZm91bmRhdGlvbi5vcmcvd2lraS9Qcm l2ywn5x3bvbgljesigdgl0bgu9indpa2ltzwrpytpqcml2ywn5ihbvbgljesi+uhjpdmfjesbwb2xpy3k8l2e+pc9sat4n CgkJCQkJCQkJCQkJPGxpIGlkPSJmb290ZXItcGxhY2VzLWFib3V0Ij48YSBocmVmPSIvd2lraS9XaWtpcGVkaWE6QWJvdX QiIHRpdGxlPSJXaWtpcGVkaWE6QWJvdXQiPkFib3V0IFdpa2lwZWRpYTwvYT48L2xpPg0KCQkJCQkJCQkJCQk8bGkgaWQ9 ImZvb3Rlci1wbGFjZXMtZGlzY2xhaW1lciI+PGEgaHJlZj0iL3dpa2kvV2lraXBlZGlhOkdlbmVyYWxfZGlzY2xhaW1lci IgdGl0bGU9Ildpa2lwZWRpYTpHZW5lcmFsIGRpc2NsYWltZXIiPkRpc2NsYWltZXJzPC9hPjwvbGk+DQoJCQkJCQkJCQk8 L3VsPg0KCQkJCQkJCQkJCTx1bCBpZD0iZm9vdGVyLWljb25zIiBjbGFzcz0ibm9wcmludCI+DQoJCQkJCTxsaSBpZD0iZm 9vdGVyLWNvcHlyaWdodGljbyI+DQoJCQkJCQk8YSBocmVmPSIvL3dpa2ltZWRpYWZvdW5kYXRpb24ub3JnLyI+PGltZyBz cmm9imh0dha6ly9iaxrzlndpa2ltzwrpys5vcmcvaw1hz2vzl3dpa2ltzwrpys1idxr0b24ucg5niib3awr0ad0iodgiig hlawdodd0imzeiigfsdd0iv2lraw1lzglhiezvdw5kyxrpb24ilz48l2e+dqojcqkjctwvbgk+dqojcqkjctxsasbpzd0i Zm9vdGVyLXBvd2VyZWRieWljbyI+DQoJCQkJCQk8YSBocmVmPSIvL3d3dy5tZWRpYXdpa2kub3JnLyI+PGltZyBzcmM9Im h0dha6ly9iaxrzlndpa2ltzwrpys5vcmcvc3rhdgljlteumjb3bwy5l3nraw5zl2nvbw1vbi9pbwfnzxmvcg93zxjlzgj5 X21lZGlhd2lraV84OHgzMS5wbmciIGFsdD0iUG93ZXJlZCBieSBNZWRpYVdpa2kiIHdpZHRoPSI4OCIgaGVpZ2h0PSIzMS IgLz48L2E+DQoJCQkJCTwvbGk+DQoJCQkJPC91bD4NCgkJCQkJCTxkaXYgc3R5bGU9ImNsZWFyOmJvdGgiPjwvZGl2Pg0K CQk8L2Rpdj4NCgkJPCEtLSAvZm9vdGVyIC0tPg0KCQk8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+aWYod2luZG 93Lm13KXsNCm13LmxvYWRlci5zdGF0ZSh7InNpdGUiOiJsb2FkaW5nIiwidXNlciI6InJlYWR5IiwidXNlci5ncm91cHMi OiJyZWFkeSJ9KTsNCn08L3NjcmlwdD4NCjxzY3JpcHQgc3JjPSJodHRwOi8vYml0cy53aWtpbWVkaWEub3JnL2VuLndpa2 lwzwrpys5vcmcvbg9hzc5waha/zgvidwc9zmfsc2umyw1wo2xhbmc9zw4myw1wo21vzhvszxm9c2tpbnmudmvjdg9yjmft cdtvbmx5pxnjcmlwdhmmyw1wo3nraw49dmvjdg9yjmftcdsqiib0exblpsj0zxh0l2phdmfzy3jpchqipjwvc2nyaxb0pg 0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPmlmKHdpbmRvdy5tdyl7DQptdy5sb2FkZXIubG9hZChbIm1lZGlh d2lras51c2vyiiwibwvkawf3awtplnbhz2uucmvhzhkilcjtzwrpyxdpa2kubgvnywn5lm13c3vnz2vzdcisimv4dc52zw N0b3IuY29sbGFwc2libGVOYXYiLCJleHQudmVjdG9yLmNvbGxhcHNpYmxlVGFicyIsImV4dC52ZWN0b3IuZWRpdFdhcm5p bmcilcjlehqudmvjdg9ylnnpbxbszvnlyxjjacisimv4dc5vc2vyqnvja2v0cyisimv4dc5hcnrpy2xlrmvlzgjhy2suc3 RhcnR1cCIsImV4dC5tYXJrQXNIZWxwZnVsIiwiZXh0LkV4cGVyaW1lbnRzLmxpYiIsImV4dC5FeHBlcmltZW50cy5leHBl cmltzw50cyjdlcbudwxslcb0cnvlktsncn08l3njcmlwdd4ncjxzy3jpchqgdhlwzt0idgv4dc9qyxzhc2nyaxb0ij4ncn dpbmrvdy5fcmvnid0giii7dqo8l3njcmlwdd4ncjxzy3jpchqgc3jjpsjodhrwoi8vahr0cdovl2vulndpa2lwzwrpys5v cmcvdy9pbmrlec5waha/dgl0bgu9u3bly2lhbdpcyw5uzxjdb250cm9sbgvyjmftcdtjywnozt0vy24uanmmyw1wozmwmy 00IiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPjwvc2NyaXB0Pg0KPHNjcmlwdCBzcmM9Imh0dHA6Ly9iaXRzLndpa2ltZWRp YS5vcmcvZ2VvaXBsb29rdXAiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+PCEtLSBTZXJ2ZWQgYnkgbXcxMS BpbiAwLjExNyBzZWNzLiAtLT4NCgk8L2JvZHk+DQo8L2h0bWw+DQo=